From 9d3cc05f311fde3211b6bc0a9be221d6e889a70e Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Wed, 31 Mar 2021 13:36:22 -0500 Subject: meta-security: subtree update:9504d02694..775870980b Armin Kuster (13): libtpm: update to 0.8.2 ibmtpm2tss: update to 1.6.0 tpm2-abrmd: update to 2.4.0 tpm2-tools: update to 5.0 tpm2-tss: update to 3.0.3 tpm2-pkcs11: update to 1.5.0 tpm2-topt: update 0.3.0 trousers: update to 0.3.15 tpm-tools: update to 1.3.9.1 python3-fail2ban: fix building with ptest enabled layer.conf: Add hardknott to LAYERSERIES_COMPAT tpm2-tss-engine: update 1.1.0 swtpm: update to 0.5.2 Kai Kang (1): samhain: fix compile error on powerpc Ming Liu (1): ima-evm-keys: add file-checksums to IMA_EVM_X509 lukasz plachno (1): fscryptctl: Fix installation path Signed-off-by: Andrew Geissler Change-Id: Id7215a394e0c10c60e0e2e4a43d4ce4fb622fa97 --- meta-security/meta-tpm/conf/layer.conf | 2 +- .../meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb | 16 --- .../meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb | 16 +++ .../meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb | 52 ---------- .../meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb | 53 ++++++++++ .../files/05-openssl1.1_fix_data_mgmt.patch | 110 --------------------- .../recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb | 36 ------- .../recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb | 35 +++++++ .../meta-tpm/recipes-tpm/trousers/trousers_git.bb | 4 +- ...2-Makefile.am-expand-wildcards-in-prereqs.patch | 30 +++--- .../recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb | 27 ----- .../recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb | 27 +++++ .../recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb | 54 ---------- .../recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb | 54 ++++++++++ .../recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb | 44 --------- .../recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb | 44 +++++++++ .../recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb | 13 --- .../recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb | 13 +++ .../recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb | 17 ---- .../recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb | 17 ++++ .../tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb | 23 ----- .../tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb | 23 +++++ ...e.ac-fix-compatibility-with-autoconf-2.70.patch | 48 +++++++++ .../recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb | 76 -------------- .../recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb | 78 +++++++++++++++ 25 files changed, 424 insertions(+), 488 deletions(-) delete mode 100644 meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb create mode 100644 meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch delete mode 100644 meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb create mode 100644 meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb (limited to 'meta-security/meta-tpm') diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf index cd62fbac2..65788eb0e 100644 --- a/meta-security/meta-tpm/conf/layer.conf +++ b/meta-security/meta-tpm/conf/layer.conf @@ -8,7 +8,7 @@ BBFILE_COLLECTIONS += "tpm-layer" BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/" BBFILE_PRIORITY_tpm-layer = "10" -LAYERSERIES_COMPAT_tpm-layer = "gatesgarth" +LAYERSERIES_COMPAT_tpm-layer = "hardknott" LAYERDEPENDS_tpm-layer = " \ core \ diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb deleted file mode 100644 index 0ade01dd5..000000000 --- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.2.bb +++ /dev/null @@ -1,16 +0,0 @@ -SUMMARY = "LIBPM - Software TPM Library" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" - -SRCREV = "7325acb4777f70419fe10a1d9621c2666e977e73" -SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.7.0" - -PE = "1" - -S = "${WORKDIR}/git" -inherit autotools-brokensep pkgconfig perlnative - -PACKAGECONFIG ?= "openssl" -PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" - -BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb new file mode 100644 index 000000000..9784aa115 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.8.2.bb @@ -0,0 +1,16 @@ +SUMMARY = "LIBPM - Software TPM Library" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" + +SRCREV = "f66a719eda0b492ea3ec7852421a9d98db0a0621" +SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.8" + +PE = "1" + +S = "${WORKDIR}/git" +inherit autotools-brokensep pkgconfig perlnative + +PACKAGECONFIG ?= "openssl" +PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" + +BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb deleted file mode 100644 index 35c77c806..000000000 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb +++ /dev/null @@ -1,52 +0,0 @@ -SUMMARY = "SWTPM - Software TPM Emulator" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" -SECTION = "apps" - -DEPENDS = "libtasn1 expect socat glib-2.0 net-tools-native libtpm libtpm-native" - -# configure checks for the tools already during compilation and -# then swtpm_setup needs them at runtime -DEPENDS += "tpm-tools-native expect-native socat-native" - -SRCREV = "39673a0139b0ee14a0109aba50a0635592c672c4" -SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-${PV} \ - file://fix_fcntl_h.patch \ - file://ioctl_h.patch \ - " -PE = "1" - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig -PARALLEL_MAKE = "" - -TSS_USER="tss" -TSS_GROUP="tss" - -PACKAGECONFIG ?= "openssl" -PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" -PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}" -PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" -PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls" -PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" -PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse" -PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp" - -EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}" - -export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}" - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "--system ${TSS_USER}" -USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \ - --no-create-home --shell /bin/false ${BPN}" - -PACKAGE_BEFORE_PN = "${PN}-cuse" -FILES_${PN}-cuse = "${bindir}/swtpm_cuse" - -INSANE_SKIP_${PN} += "dev-so" - -RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb new file mode 100644 index 000000000..b7ff2ad59 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.5.2.bb @@ -0,0 +1,53 @@ +SUMMARY = "SWTPM - Software TPM Emulator" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" +SECTION = "apps" + +DEPENDS = "libtasn1 coreutils-native expect socat glib-2.0 net-tools-native libtpm libtpm-native" + +# configure checks for the tools already during compilation and +# then swtpm_setup needs them at runtime +DEPENDS += "tpm-tools-native expect-native socat-native" + +SRCREV = "e59c0c1a7b4c8d652dbb280fd6126895a7057464" +SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.5 \ + file://ioctl_h.patch \ + " +PE = "1" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig python3-dir +PARALLEL_MAKE = "" + +TSS_USER="tss" +TSS_GROUP="tss" + +PACKAGECONFIG ?= "openssl" +PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" +PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}" +PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" +PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls" +PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" +PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse" +PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp" + +EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}" + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "--system ${TSS_USER}" +USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \ + --no-create-home --shell /bin/false ${BPN}" + + +PACKAGES =+ "${PN}-python" +FILES_${PN}-python = "${nonarch_libdir}/${PYTHON_PN}/dist-packages/* " + +PACKAGE_BEFORE_PN = "${PN}-cuse" +FILES_${PN}-cuse = "${bindir}/swtpm_cuse" + +INSANE_SKIP_${PN} += "dev-so" + +RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools python3 python3-cryptography python3-twisted" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch deleted file mode 100644 index c2a264b62..000000000 --- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch +++ /dev/null @@ -1,110 +0,0 @@ -Author: Philipp Kern -Subject: Fix openssl1.1 support in data_mgmt -Date: Tue, 31 Jan 2017 22:40:10 +0100 - -Upstream-Status: Backport -tpm-tools_1.3.9.1-0.1.debian.tar - -Signed-off-by: Armin kuster - ---- - src/data_mgmt/data_import.c | 60 ++++++++++++++++++++++++++++---------------- - 1 file changed, 39 insertions(+), 21 deletions(-) - ---- a/src/data_mgmt/data_import.c -+++ b/src/data_mgmt/data_import.c -@@ -372,7 +372,7 @@ readX509Cert( const char *a_pszFile, - goto out; - } - -- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) { -+ if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) { - logError( TOKEN_RSA_KEY_ERROR ); - - X509_free( pX509 ); -@@ -691,8 +691,13 @@ createRsaPubKeyObject( RSA - - int rc = -1; - -- int nLen = BN_num_bytes( a_pRsa->n ); -- int eLen = BN_num_bytes( a_pRsa->e ); -+ const BIGNUM *bn; -+ const BIGNUM *be; -+ -+ RSA_get0_key( a_pRsa, &bn, &be, NULL ); -+ -+ int nLen = BN_num_bytes( bn ); -+ int eLen = BN_num_bytes( be ); - - CK_RV rv; - -@@ -732,8 +737,8 @@ createRsaPubKeyObject( RSA - } - - // Get binary representations of the RSA key information -- BN_bn2bin( a_pRsa->n, n ); -- BN_bn2bin( a_pRsa->e, e ); -+ BN_bn2bin( bn, n ); -+ BN_bn2bin( be, e ); - - // Create the RSA public key object - rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); -@@ -760,14 +765,27 @@ createRsaPrivKeyObject( RSA - - int rc = -1; - -- int nLen = BN_num_bytes( a_pRsa->n ); -- int eLen = BN_num_bytes( a_pRsa->e ); -- int dLen = BN_num_bytes( a_pRsa->d ); -- int pLen = BN_num_bytes( a_pRsa->p ); -- int qLen = BN_num_bytes( a_pRsa->q ); -- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 ); -- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 ); -- int iqmpLen = BN_num_bytes( a_pRsa->iqmp ); -+ const BIGNUM *bn; -+ const BIGNUM *be; -+ const BIGNUM *bd; -+ const BIGNUM *bp; -+ const BIGNUM *bq; -+ const BIGNUM *bdmp1; -+ const BIGNUM *bdmq1; -+ const BIGNUM *biqmp; -+ -+ RSA_get0_key( a_pRsa, &bn, &be, &bd); -+ RSA_get0_factors( a_pRsa, &bp, &bq); -+ RSA_get0_crt_params( a_pRsa, &bdmp1, &bdmq1, &biqmp ); -+ -+ int nLen = BN_num_bytes( bn ); -+ int eLen = BN_num_bytes( be ); -+ int dLen = BN_num_bytes( bd ); -+ int pLen = BN_num_bytes( bp ); -+ int qLen = BN_num_bytes( bq ); -+ int dmp1Len = BN_num_bytes( bdmp1 ); -+ int dmq1Len = BN_num_bytes( bdmq1 ); -+ int iqmpLen = BN_num_bytes( biqmp ); - - CK_RV rv; - -@@ -821,14 +839,14 @@ createRsaPrivKeyObject( RSA - } - - // Get binary representations of the RSA key information -- BN_bn2bin( a_pRsa->n, n ); -- BN_bn2bin( a_pRsa->e, e ); -- BN_bn2bin( a_pRsa->d, d ); -- BN_bn2bin( a_pRsa->p, p ); -- BN_bn2bin( a_pRsa->q, q ); -- BN_bn2bin( a_pRsa->dmp1, dmp1 ); -- BN_bn2bin( a_pRsa->dmq1, dmq1 ); -- BN_bn2bin( a_pRsa->iqmp, iqmp ); -+ BN_bn2bin( bn, n ); -+ BN_bn2bin( be, e ); -+ BN_bn2bin( bd, d ); -+ BN_bn2bin( bp, p ); -+ BN_bn2bin( bq, q ); -+ BN_bn2bin( bdmp1, dmp1 ); -+ BN_bn2bin( bdmq1, dmq1 ); -+ BN_bn2bin( biqmp, iqmp ); - - // Create the RSA private key object - rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb deleted file mode 100644 index 88ef19f73..000000000 --- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb +++ /dev/null @@ -1,36 +0,0 @@ -SUMMARY = "The tpm-tools package contains commands to allow the platform administrator the ability to manage and diagnose the platform's TPM." -DESCRIPTION = " \ - The tpm-tools package contains commands to allow the platform administrator \ - the ability to manage and diagnose the platform's TPM. Additionally, the \ - package contains commands to utilize some of the capabilities available \ - in the TPM PKCS#11 interface implemented in the openCryptoki project. \ - " -SECTION = "tpm" -LICENSE = "CPL-1.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9" - -DEPENDS = "libtspi openssl" -DEPENDS_class-native = "trousers-native" - -SRCREV = "bdf9f1bc8f63cd6fc370c2deb58d03ac55079e84" -SRC_URI = " \ - git://git.code.sf.net/p/trousers/tpm-tools \ - file://tpm-tools-extendpcr.patch \ - file://04-fix-FTBFS-clang.patch \ - file://05-openssl1.1_fix_data_mgmt.patch \ - file://openssl1.1_fix.patch \ - " - -inherit autotools-brokensep gettext - -S = "${WORKDIR}/git" - -do_configure_prepend () { - mkdir -p po - mkdir -p m4 - cp -R po_/* po/ - touch po/Makefile.in.in - touch m4/Makefile.am -} - -BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb new file mode 100644 index 000000000..8aeb8ac4b --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.2.bb @@ -0,0 +1,35 @@ +SUMMARY = "The tpm-tools package contains commands to allow the platform administrator the ability to manage and diagnose the platform's TPM." +DESCRIPTION = " \ + The tpm-tools package contains commands to allow the platform administrator \ + the ability to manage and diagnose the platform's TPM. Additionally, the \ + package contains commands to utilize some of the capabilities available \ + in the TPM PKCS#11 interface implemented in the openCryptoki project. \ + " +SECTION = "tpm" +LICENSE = "CPL-1.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9" + +DEPENDS = "libtspi openssl" +DEPENDS_class-native = "trousers-native" + +SRCREV = "bf43837575c5f7d31865562dce7778eae970052e" +SRC_URI = " \ + git://git.code.sf.net/p/trousers/tpm-tools \ + file://tpm-tools-extendpcr.patch \ + file://04-fix-FTBFS-clang.patch \ + file://openssl1.1_fix.patch \ + " + +inherit autotools-brokensep gettext + +S = "${WORKDIR}/git" + +do_configure_prepend () { + mkdir -p po + mkdir -p m4 + cp -R po_/* po/ + touch po/Makefile.in.in + touch m4/Makefile.am +} + +BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb index 27b4e2f51..32c9a4976 100644 --- a/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb +++ b/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb @@ -6,8 +6,8 @@ SECTION = "security/tpm" DEPENDS = "openssl" -SRCREV = "e74dd1d96753b0538192143adf58d04fcd3b242b" -PV = "0.3.14+git${SRCPV}" +SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9" +PV = "0.3.15+git${SRCPV}" SRC_URI = " \ git://git.code.sf.net/p/trousers/trousers \ diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch index 8b13fb66c..cfda80f41 100644 --- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch +++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch @@ -15,17 +15,15 @@ Signed-off-by: Jens Rehsack utils12/Makefile.am | 8 ++++- 2 files changed, 79 insertions(+), 4 deletions(-) -diff --git a/utils/Makefile.am b/utils/Makefile.am -index 1e51fe3..170a26e 100644 ---- a/utils/Makefile.am -+++ b/utils/Makefile.am -@@ -81,9 +81,78 @@ libibmtssutils_la_LIBADD = libibmtss.la $(LIBCRYPTO_LIBS) +Index: git/utils/Makefile.am +=================================================================== +--- git.orig/utils/Makefile.am ++++ git/utils/Makefile.am +@@ -85,9 +85,78 @@ libibmtssutils_la_LIBADD = libibmtss.la - noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h tssccattributes.h + noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h efilib.h tssccattributes.h # install every header in ibmtss -nobase_include_HEADERS = ibmtss/*.h -- --notrans_man_MANS = man/man1/*.1 +nobase_include_HEADERS = ibmtss/ActivateCredential_fp.h ibmtss/ActivateIdentity_fp.h ibmtss/BaseTypes.h \ + ibmtss/CertifyCreation_fp.h ibmtss/Certify_fp.h ibmtss/CertifyX509_fp.h ibmtss/ChangeEPS_fp.h \ + ibmtss/ChangePPS_fp.h ibmtss/ClearControl_fp.h ibmtss/Clear_fp.h ibmtss/ClockRateAdjust_fp.h \ @@ -65,7 +63,8 @@ index 1e51fe3..170a26e 100644 + ibmtss/tssmarshal.h ibmtss/tssprintcmd.h ibmtss/tssprint.h ibmtss/tssresponsecode.h ibmtss/tsstransmit.h \ + ibmtss/tssutils.h ibmtss/Unmarshal12_fp.h ibmtss/Unmarshal_fp.h ibmtss/Unseal_fp.h ibmtss/VerifySignature_fp.h \ + ibmtss/ZGen_2Phase_fp.h -+ + +-notrans_man_MANS = man/man1/*.1 +notrans_man_MANS = man/man1/tssactivatecredential.1 man/man1/tsscertify.1 man/man1/tsscertifycreation.1 \ + man/man1/tsscertifyx509.1 man/man1/tsschangeeps.1 man/man1/tsschangepps.1 man/man1/tssclear.1 \ + man/man1/tssclearcontrol.1 man/man1/tssclockrateadjust.1 man/man1/tssclockset.1 man/man1/tsscommit.1 \ @@ -101,11 +100,11 @@ index 1e51fe3..170a26e 100644 if CONFIG_TPM20 noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h -diff --git a/utils12/Makefile.am b/utils12/Makefile.am -index a01f47c..e9fe61e 100644 ---- a/utils12/Makefile.am -+++ b/utils12/Makefile.am -@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_srcdir)/utils +Index: git/utils12/Makefile.am +=================================================================== +--- git.orig/utils12/Makefile.am ++++ git/utils12/Makefile.am +@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_src # result: [current-age].age.revision libibmtssutils12_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ ../utils/libibmtss.la @@ -120,6 +119,3 @@ index a01f47c..e9fe61e 100644 noinst_HEADERS = ekutils12.h bin_PROGRAMS = activateidentity createendorsementkeypair createwrapkey extend flushspecific getcapability loadkey2 makeidentity nvdefinespace nvreadvalueauth nvreadvalue nvwritevalueauth nvwritevalue oiap osap ownerreadinternalpub ownersetdisable pcrread quote2 sign startup takeownership tpminit createekcert makeekblob eventextend imaextend --- -2.17.1 - diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb deleted file mode 100644 index 18ad7eb43..000000000 --- a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.5.0.bb +++ /dev/null @@ -1,27 +0,0 @@ -SUMMARY = "IBM's Software TPM 2.0 TSS" -DESCRIPTION = "This is a user space TSS for TPM 2.0. It implements the \ -functionality equivalent to (but not API compatible with) the TCG TSS \ -working group's ESAPI, SAPI, and TCTI API's (and perhaps more) but with a \ -hopefully simpler interface. \ -It comes with over 110 'TPM tools' samples that can be used for scripted \ -apps, rapid prototyping, education, and debugging. \ -It also comes with a web based TPM interface, suitable for a demo to an \ -audience that is unfamiliar with TCG technology. It is also useful for \ -basic TPM management." -HOMEPAGE = "http://ibmswtpm.sourceforge.net/ibmtss2.html" -LICENSE = "BSD" -SECTION = "securty/tpm" -LIC_FILES_CHKSUM = "file://LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f" - -DEPENDS = "openssl ibmswtpm2" - -inherit autotools pkgconfig - -SRCREV = "aa6c6ec83793ba21782033c03439977c26d3cc87" -SRC_URI = " git://git.code.sf.net/p/ibmtpm20tss/tss;nobranch=1 \ - file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \ - " - -EXTRA_OECONF = "--disable-tpm-1.2" - -S = "${WORKDIR}/git" diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb new file mode 100644 index 000000000..4d9b5540a --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_1.6.0.bb @@ -0,0 +1,27 @@ +SUMMARY = "IBM's Software TPM 2.0 TSS" +DESCRIPTION = "This is a user space TSS for TPM 2.0. It implements the \ +functionality equivalent to (but not API compatible with) the TCG TSS \ +working group's ESAPI, SAPI, and TCTI API's (and perhaps more) but with a \ +hopefully simpler interface. \ +It comes with over 110 'TPM tools' samples that can be used for scripted \ +apps, rapid prototyping, education, and debugging. \ +It also comes with a web based TPM interface, suitable for a demo to an \ +audience that is unfamiliar with TCG technology. It is also useful for \ +basic TPM management." +HOMEPAGE = "http://ibmswtpm.sourceforge.net/ibmtss2.html" +LICENSE = "BSD" +SECTION = "securty/tpm" +LIC_FILES_CHKSUM = "file://LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f" + +DEPENDS = "openssl ibmswtpm2" + +inherit autotools pkgconfig + +SRCREV = "3e736f712ba53c8f06e66751f60fae428fd2e20f" +SRC_URI = " git://git.code.sf.net/p/ibmtpm20tss/tss;nobranch=1 \ + file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \ + " + +EXTRA_OECONF = "--disable-tpm-1.2" + +S = "${WORKDIR}/git" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb deleted file mode 100644 index d2a1c47b5..000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.3.bb +++ /dev/null @@ -1,54 +0,0 @@ -SUMMARY = "TPM2 Access Broker & Resource Manager" -DESCRIPTION = "This is a system daemon implementing the TPM2 access \ -broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) \ -is implemented using Glib and the GObject system. In this documentation and \ -in the code we use `tpm2-abrmd` and `tabrmd` interchangeably. \ -" -SECTION = "security/tpm" - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" - -DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \ - libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim" - -SRC_URI = "\ - git://github.com/tpm2-software/tpm2-abrmd.git \ - file://tpm2-abrmd-init.sh \ - file://tpm2-abrmd.default \ -" - -SRCREV = "4cdda466010a3699ebe967d990ac715ae3de7d35" - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig systemd update-rc.d useradd - -SYSTEMD_PACKAGES += "${PN}" -SYSTEMD_SERVICE_${PN} = "tpm2-abrmd.service" -SYSTEMD_AUTO_ENABLE_${PN} = "disable" - -INITSCRIPT_NAME = "${PN}" -INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "tss" -USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" - -PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" -PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" - -do_install_append() { - install -d "${D}${sysconfdir}/init.d" - install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" - - install -d "${D}${sysconfdir}/default" - install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" -} - -FILES_${PN} += "${libdir}/systemd/system-preset \ - ${datadir}/dbus-1" - -RDEPENDS_${PN} += "tpm2-tss" - -BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb new file mode 100644 index 000000000..edfcce9d1 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.0.bb @@ -0,0 +1,54 @@ +SUMMARY = "TPM2 Access Broker & Resource Manager" +DESCRIPTION = "This is a system daemon implementing the TPM2 access \ +broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) \ +is implemented using Glib and the GObject system. In this documentation and \ +in the code we use `tpm2-abrmd` and `tabrmd` interchangeably. \ +" +SECTION = "security/tpm" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" + +DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \ + libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim" + +SRC_URI = "\ + git://github.com/tpm2-software/tpm2-abrmd.git \ + file://tpm2-abrmd-init.sh \ + file://tpm2-abrmd.default \ +" + +SRCREV = "4f332013a02c422e186c4aaf127ab6a40b996028" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig systemd update-rc.d useradd + +SYSTEMD_PACKAGES += "${PN}" +SYSTEMD_SERVICE_${PN} = "tpm2-abrmd.service" +SYSTEMD_AUTO_ENABLE_${PN} = "disable" + +INITSCRIPT_NAME = "${PN}" +INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "tss" +USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" + +PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" +PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" + +do_install_append() { + install -d "${D}${sysconfdir}/init.d" + install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" + + install -d "${D}${sysconfdir}/default" + install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" +} + +FILES_${PN} += "${libdir}/systemd/system-preset \ + ${datadir}/dbus-1" + +RDEPENDS_${PN} += "tpm2-tss" + +BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb deleted file mode 100644 index 6beb67a18..000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.4.0.bb +++ /dev/null @@ -1,44 +0,0 @@ -SUMMARY = "A PKCS#11 interface for TPM2 hardware" -DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token." -SECTION = "security/tpm" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab" - -DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml python3-setuptools-native" - -SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=1.X \ - file://bootstrap_fixup.patch \ - file://0001-remove-local-binary-checkes.patch" - -SRCREV = "78bbf6a0237351830d0c3923b25ba0b57ae0b7e9" - -S = "${WORKDIR}/git" - -inherit autotools-brokensep pkgconfig python3native - -do_configure_prepend () { - ${S}/bootstrap -} - -do_compile_append() { - cd ${S}/tools - python3 setup.py build -} - -do_install_append() { - cd ${S}/tools - export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}" - ${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build - - sed -i -e "s:${PYTHON}:${USRBINPATH}/env ${PYTHON_PN}:g" "${D}${bindir}"/tpm2_ptool -} - -RDEPNDS_${PN} = "tpm2-tools" - -PACKAGES =+ "${PN}-tools" -RDEPENDS_${PN}-tools += "${PYTHON_PN}-setuptools ${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules" - -FILES_${PN}-tools = "\ - ${bindir}/tpm2_ptool \ - ${libdir}/${PYTHON_DIR}/* \ -" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb new file mode 100644 index 000000000..d53d4fa86 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.5.0.bb @@ -0,0 +1,44 @@ +SUMMARY = "A PKCS#11 interface for TPM2 hardware" +DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token." +SECTION = "security/tpm" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab" + +DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools libyaml python3-setuptools-native" + +SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git;branch=1.X \ + file://bootstrap_fixup.patch \ + file://0001-remove-local-binary-checkes.patch" + +SRCREV = "5d583351028eebd470f50ec35db5dcf00533df31" + +S = "${WORKDIR}/git" + +inherit autotools-brokensep pkgconfig python3native + +do_configure_prepend () { + ${S}/bootstrap +} + +do_compile_append() { + cd ${S}/tools + python3 setup.py build +} + +do_install_append() { + cd ${S}/tools + export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}" + ${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build + + sed -i -e "s:${PYTHON}:${USRBINPATH}/env ${PYTHON_PN}:g" "${D}${bindir}"/tpm2_ptool +} + +RDEPNDS_${PN} = "tpm2-tools" + +PACKAGES =+ "${PN}-tools" +RDEPENDS_${PN}-tools += "${PYTHON_PN}-setuptools ${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules" + +FILES_${PN}-tools = "\ + ${bindir}/tpm2_ptool \ + ${libdir}/${PYTHON_DIR}/* \ +" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb deleted file mode 100644 index 5bd26ab98..000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.3.0.bb +++ /dev/null @@ -1,13 +0,0 @@ -SUMMARY = "Tools for TPM2." -DESCRIPTION = "tpm2-tools" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=a846608d090aa64494c45fc147cc12e3" -SECTION = "tpm" - -DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive" - -SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" - -SRC_URI[sha256sum] = "ae009b3495b44a16faa3d94d41ac9c9d99c71723482efad53c5eea17eeed80fc" - -inherit autotools pkgconfig bash-completion diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb new file mode 100644 index 000000000..dbd324aa2 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.0.bb @@ -0,0 +1,13 @@ +SUMMARY = "Tools for TPM2." +DESCRIPTION = "tpm2-tools" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=a846608d090aa64494c45fc147cc12e3" +SECTION = "tpm" + +DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" + +SRC_URI[sha256sum] = "e1b907fe29877628052e08ad84eebc6c3f7646d29505ed4862e96162a8c91ba1" + +inherit autotools pkgconfig bash-completion diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb deleted file mode 100644 index 264484f7a..000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.1.bb +++ /dev/null @@ -1,17 +0,0 @@ -SUMMARY = "Attest the trustworthiness of a device against a human using time-based one-time passwords" - -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=ed23833e93c95173c8d8913745e4b4e1" - -SECTION = "security/tpm" - -DEPENDS = "autoconf-archive libtss2-dev qrencode" - -PE = "1" - -SRCREV = "bfd581986353edc1058604e77cac804bd8b0d30a" -SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=v0.2.x" - -inherit autotools-brokensep pkgconfig - -S = "${WORKDIR}/git" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb new file mode 100644 index 000000000..dfebc072d --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb @@ -0,0 +1,17 @@ +SUMMARY = "Attest the trustworthiness of a device against a human using time-based one-time passwords" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=ed23833e93c95173c8d8913745e4b4e1" + +SECTION = "security/tpm" + +DEPENDS = "autoconf-archive libtss2-dev qrencode" + +PE = "1" + +SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b" +SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git" + +inherit autotools-brokensep pkgconfig + +S = "${WORKDIR}/git" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb deleted file mode 100644 index ebd6d539e..000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb +++ /dev/null @@ -1,23 +0,0 @@ -SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL." -DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures." - -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3fb0047fd29391478a71e8e6101c76eb" - -SECTION = "security/tpm" - -DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl" - -SRCREV = "24f1383cc6befde44d6f01a51ea653304d844ffd" -SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.0.x" - -inherit autotools-brokensep pkgconfig systemd - -S = "${WORKDIR}/git" - -PACKAGES += "${PN}-engines ${PN}-engines-staticdev ${PN}-bash-completion" - -FILES_${PN}-dev = "${libdir}/engines-1.1/tpm2tss.so ${includedir}/*" -FILES_${PN}-engines = "${libdir}/engines-1.1/lib*.so*" -FILES_${PN}-engines-staticdev = "${libdir}/engines-1.1/libtpm2tss.a" -FILES_${PN}-bash-completion += "${datadir}/bash-completion/completions" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb new file mode 100644 index 000000000..539569572 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb @@ -0,0 +1,23 @@ +SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL." +DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures." + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=7b3ab643b9ce041de515d1ed092a36d4" + +SECTION = "security/tpm" + +DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl" + +SRCREV = "6f387a4efe2049f1b4833e8f621c77231bc1eef4" +SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git;branch=v1.1.x" + +inherit autotools-brokensep pkgconfig systemd + +S = "${WORKDIR}/git" + +PACKAGES += "${PN}-engines ${PN}-engines-staticdev ${PN}-bash-completion" + +FILES_${PN}-dev = "${libdir}/engines-1.1/tpm2tss.so ${includedir}/*" +FILES_${PN}-engines = "${libdir}/engines-1.1/lib*.so*" +FILES_${PN}-engines-staticdev = "${libdir}/engines-1.1/libtpm2tss.a" +FILES_${PN}-bash-completion += "${datadir}/bash-completion/completions" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch new file mode 100644 index 000000000..cae2e76e1 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch @@ -0,0 +1,48 @@ +From 03cca78d24d716eec792f86f5b0bc69886fad981 Mon Sep 17 00:00:00 2001 +From: Patrick McCarty +Date: Fri, 18 Dec 2020 01:54:05 +0000 +Subject: [PATCH] configure.ac: fix compatibility with autoconf 2.70 + +With autoconf 2.70, not quoting the second argument to one of the AS_IF +macro expansions leads to generation of invalid shell code affecting the +first nested ERROR_IF_NO_PROG expansion. + +The invalid shell code leads to an error resembling: + + ./configure: line 18826: syntax error near unexpected token `newline' + ./configure: line 18826: ` ''' + +Fix the issue by quoting the second argument to the affected AS_IF, +similar to the quoting found elsewhere in configure.ac. + +Signed-off-by: Patrick McCarty + +Upstream-Status: Backport +Signed-off-by: Armin Kuster + +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: tpm2-tss-3.0.3/configure.ac +=================================================================== +--- tpm2-tss-3.0.3.orig/configure.ac ++++ tpm2-tss-3.0.3/configure.ac +@@ -279,7 +279,7 @@ AC_ARG_ENABLE([integration], + [build and execute integration tests])],, + [enable_integration=no]) + AS_IF([test "x$enable_integration" = "xyes"], +- AS_IF([test "$HOSTOS" = "Linux"], ++ [AS_IF([test "$HOSTOS" = "Linux"], + [ERROR_IF_NO_PROG([ss])], + [ERROR_IF_NO_PROG([sockstat])]) + ERROR_IF_NO_PROG([echo]) +@@ -328,7 +328,7 @@ AS_IF([test "x$enable_integration" = "xy + [AC_MSG_ERROR([No simulator executable found in PATH for testing TCTI.])]) + AC_SUBST([INTEGRATION_TCTI], [$integration_tcti]) + AC_SUBST([INTEGRATION_ARGS], [$integration_args]) +- AC_SUBST([ENABLE_INTEGRATION], [$enable_integration])) ++ AC_SUBST([ENABLE_INTEGRATION], [$enable_integration])]) + AM_CONDITIONAL([ENABLE_INTEGRATION],[test "x$enable_integration" = "xyes"]) + # + # sanitizer compiler flags diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb deleted file mode 100644 index 78be51359..000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.4.3.bb +++ /dev/null @@ -1,76 +0,0 @@ -SUMMARY = "Software stack for TPM2." -DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) " -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" -SECTION = "tpm" - -DEPENDS = "autoconf-archive-native libgcrypt openssl" - -SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" -SRC_URI[sha256sum] = "e294677f8993234d0adfa191a5cbf9c5b83cc60c724c233e3d631c26712abea0" - -inherit autotools pkgconfig systemd extrausers - -PACKAGECONFIG ??= "" -PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " -PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,json-c " - -EXTRA_OECONF += "--enable-static --with-udevrulesdir=${base_prefix}/lib/udev/rules.d/" -EXTRA_OECONF_remove = " --disable-static" - - -EXTRA_USERS_PARAMS = "\ - useradd -p '' tss; \ - groupadd tss; \ - " - -PROVIDES = "${PACKAGES}" -PACKAGES = " \ - ${PN} \ - ${PN}-dbg \ - ${PN}-doc \ - libtss2-mu \ - libtss2-mu-dev \ - libtss2-mu-staticdev \ - libtss2-tcti-device \ - libtss2-tcti-device-dev \ - libtss2-tcti-device-staticdev \ - libtss2-tcti-mssim \ - libtss2-tcti-mssim-dev \ - libtss2-tcti-mssim-staticdev \ - libtss2 \ - libtss2-dev \ - libtss2-staticdev \ -" - -FILES_libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" -FILES_libtss2-tcti-device-dev = " \ - ${includedir}/tss2/tss2_tcti_device.h \ - ${libdir}/pkgconfig/tss2-tcti-device.pc \ - ${libdir}/libtss2-tcti-device.so" -FILES_libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" - -FILES_libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" -FILES_libtss2-tcti-mssim-dev = " \ - ${includedir}/tss2/tss2_tcti_mssim.h \ - ${libdir}/pkgconfig/tss2-tcti-mssim.pc \ - ${libdir}/libtss2-tcti-mssim.so" -FILES_libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" - -FILES_libtss2-mu = "${libdir}/libtss2-mu.so.*" -FILES_libtss2-mu-dev = " \ - ${includedir}/tss2/tss2_mu.h \ - ${libdir}/pkgconfig/tss2-mu.pc \ - ${libdir}/libtss2-mu.so" -FILES_libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" - -FILES_libtss2 = "${libdir}/libtss2*so.*" -FILES_libtss2-dev = " \ - ${includedir} \ - ${libdir}/pkgconfig \ - ${libdir}/libtss2*so" -FILES_libtss2-staticdev = "${libdir}/libtss*a" - -FILES_${PN} = "${libdir}/udev ${base_prefix}/lib/udev" - -RDEPENDS_libtss2 = "libgcrypt" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb new file mode 100644 index 000000000..b2486e5be --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb @@ -0,0 +1,78 @@ +SUMMARY = "Software stack for TPM2." +DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) " +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" +SECTION = "tpm" + +DEPENDS = "autoconf-archive-native libgcrypt openssl" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \ + file://0001-configure.ac-fix-compatibility-with-autoconf-2.70.patch \ + " +SRC_URI[sha256sum] = "78392be7309baf47f51b122f566ac915fd4d1760ea78571cba2e1484f9b5be17" + +inherit autotools pkgconfig systemd extrausers + +PACKAGECONFIG ??= "" +PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " +PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,json-c " + +EXTRA_OECONF += "--enable-static --with-udevrulesdir=${base_prefix}/lib/udev/rules.d/" +EXTRA_OECONF_remove = " --disable-static" + + +EXTRA_USERS_PARAMS = "\ + useradd -p '' tss; \ + groupadd tss; \ + " + +PROVIDES = "${PACKAGES}" +PACKAGES = " \ + ${PN} \ + ${PN}-dbg \ + ${PN}-doc \ + libtss2-mu \ + libtss2-mu-dev \ + libtss2-mu-staticdev \ + libtss2-tcti-device \ + libtss2-tcti-device-dev \ + libtss2-tcti-device-staticdev \ + libtss2-tcti-mssim \ + libtss2-tcti-mssim-dev \ + libtss2-tcti-mssim-staticdev \ + libtss2 \ + libtss2-dev \ + libtss2-staticdev \ +" + +FILES_libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" +FILES_libtss2-tcti-device-dev = " \ + ${includedir}/tss2/tss2_tcti_device.h \ + ${libdir}/pkgconfig/tss2-tcti-device.pc \ + ${libdir}/libtss2-tcti-device.so" +FILES_libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" + +FILES_libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" +FILES_libtss2-tcti-mssim-dev = " \ + ${includedir}/tss2/tss2_tcti_mssim.h \ + ${libdir}/pkgconfig/tss2-tcti-mssim.pc \ + ${libdir}/libtss2-tcti-mssim.so" +FILES_libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" + +FILES_libtss2-mu = "${libdir}/libtss2-mu.so.*" +FILES_libtss2-mu-dev = " \ + ${includedir}/tss2/tss2_mu.h \ + ${libdir}/pkgconfig/tss2-mu.pc \ + ${libdir}/libtss2-mu.so" +FILES_libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" + +FILES_libtss2 = "${libdir}/libtss2*so.*" +FILES_libtss2-dev = " \ + ${includedir} \ + ${libdir}/pkgconfig \ + ${libdir}/libtss2*so" +FILES_libtss2-staticdev = "${libdir}/libtss*a" + +FILES_${PN} = "${libdir}/udev ${base_prefix}/lib/udev" + +RDEPENDS_libtss2 = "libgcrypt" -- cgit v1.2.3