diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-04-05 22:28:33 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-04-05 22:31:28 +0300 |
| commit | 193236933b0f4ab91b1625b64e2187e2db4e0e8f (patch) | |
| tree | e12769d7c76d8b0517d6de3d3c72189753d253ed /meta-security/meta-tpm | |
| parent | bd93df9478f2f56ffcbc8cb88f1709c735dcd85b (diff) | |
| download | openbmc-193236933b0f4ab91b1625b64e2187e2db4e0e8f.tar.xz | |
reset upstream subtrees to HEAD
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-security/meta-tpm')
24 files changed, 367 insertions, 60 deletions
diff --git a/meta-security/meta-tpm/conf/distro/include/maintainers.inc b/meta-security/meta-tpm/conf/distro/include/maintainers.inc new file mode 100644 index 0000000000..74c1a1812b --- /dev/null +++ b/meta-security/meta-tpm/conf/distro/include/maintainers.inc @@ -0,0 +1,39 @@ +# meta-tpm Maintainers File +# +# This file contains a list of recipe maintainers. +# +# Please submit any patches against recipes in meta to the +# Yocto mail list (yocto@yoctoproject.org) +# +# If you have problems with or questions about a particular recipe, feel +# free to contact the maintainer directly (cc:ing the appropriate mailing list +# puts it in the archive and helps other people who might have the same +# questions in the future), but please try to do the following first: +# +# - look in the Yocto Project Bugzilla +# (http://bugzilla.yoctoproject.org/) to see if a problem has +# already been reported +# +# The format is as a bitbake variable override for each recipe +# +# RECIPE_MAINTAINER_pn-<recipe name> = "Full Name <address@domain>" +# +# Please keep this list in alphabetical order. +RECIPE_MAINTAINER_pn-aircrack-ng = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-pcr-extend = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-tpm-quote-tools = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-libtpm = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-trousers = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-swtpm = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-openssl-tpm-engine = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-tpm-tools = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-tpm2-abrmd = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-tpm2-totp = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-tpm2-tcti-uefi = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-tpm2-tss-engine = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-tpm2-pkcs11 = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-tpm2-tss = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-cryptsetup-tpm-incubator = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-tpm2-tools = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER_pn-ibmswtpm2 = "Armin Kuster <akuster808@gmail.com>" + diff --git a/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py b/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py new file mode 100644 index 0000000000..240a9b3bab --- /dev/null +++ b/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py @@ -0,0 +1,43 @@ +# Copyright (C) 2019 Armin Kuster <akuster808@gmail.com> +# +from oeqa.runtime.case import OERuntimeTestCase +from oeqa.core.decorator.depends import OETestDepends +from oeqa.runtime.decorator.package import OEHasPackage + + +class Tpm2Test(OERuntimeTestCase): + def check_endlines(self, results, expected_endlines): + for line in results.splitlines(): + for el in expected_endlines: + if line == el: + expected_endlines.remove(el) + break + + if expected_endlines: + self.fail('Missing expected line endings:\n %s' % '\n '.join(expected_endlines)) + + @OEHasPackage(['tpm2.0-tss']) + @OEHasPackage(['tpm2-abrmd']) + @OEHasPackage(['tpm2.0-tools']) + @OEHasPackage(['ibmswtpm2']) + @OETestDepends(['ssh.SSHTest.test_ssh']) + def test_tpm2_sim(self): + cmds = [ + 'tpm_server &', + 'tpm2-abrmd --allow-root --tcti=mssim &' + ] + + for cmd in cmds: + status, output = self.target.run(cmd) + self.assertEqual(status, 0, msg='\n'.join([cmd, output])) + + @OETestDepends(['tpm2.Tpm2Test.test_tpm2_sim']) + def test_tpm2(self): + (status, output) = self.target.run('tpm2_pcrlist') + expected_endlines = [] + expected_endlines.append('sha1 :') + expected_endlines.append(' 0 : 0000000000000000000000000000000000000003') + expected_endlines.append(' 1 : 0000000000000000000000000000000000000000') + + self.check_endlines(output, expected_endlines) + diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb index c4c8fb22b4..5ded3a2cc2 100644 --- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb +++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb @@ -9,10 +9,15 @@ PACKAGES = "packagegroup-security-tpm2" SUMMARY_packagegroup-security-tpm2 = "Security TPM 2.0 support" RDEPENDS_packagegroup-security-tpm2 = " \ - tpm2.0-tools \ + tpm2-tools \ trousers \ libtss2 \ libtss2-tcti-device \ libtss2-tcti-mssim \ tpm2-abrmd \ + tpm2-pkcs11 \ + cryptsetup-tpm-incubator \ " + +RDEPENDS_packagegroup-security-tpm2_append_x86 = " tpm2-tcti-uefi" +RDEPENDS_packagegroup-security-tpm2_append_x86-64 = " tpm2-tcti-uefi" diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.6.0.bb index a930d7bc37..a882960464 100644 --- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb +++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.6.0.bb @@ -2,8 +2,10 @@ SUMMARY = "LIBPM - Software TPM Library" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" -SRCREV = "4111bd1bcf721e6e7b5f11ed9c2b93083677aa25" -SRC_URI = "git://github.com/stefanberger/libtpms.git" +SRCREV = "9dc915572b51db0714640ba1ddf8cca9c0f24f05" +SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-${PV}" + +PE = "1" S = "${WORKDIR}/git" inherit autotools-brokensep pkgconfig @@ -11,6 +13,4 @@ inherit autotools-brokensep pkgconfig PACKAGECONFIG ?= "openssl" PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" -PV = "1.0+git${SRCPV}" - BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.1.0.bb index 3fe1393af1..42de8b18e5 100644 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb +++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.1.0.bb @@ -9,11 +9,12 @@ DEPENDS = "libtasn1 expect socat glib-2.0 net-tools-native libtpm libtpm-native" # then swtpm_setup needs them at runtime DEPENDS += "tpm-tools-native expect-native socat-native" -SRCREV = "94bb9f2d716d09bcc6cd2a2e033018f8592008e7" -SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=tpm2-preview.v2 \ +SRCREV = "d803d84575ab3e5dac316bf863c7f569a27ea35f" +SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-${PV} \ file://fix_fcntl_h.patch \ file://ioctl_h.patch \ " +PE = "1" S = "${WORKDIR}/git" @@ -23,8 +24,9 @@ PARALLEL_MAKE = "" TSS_USER="tss" TSS_GROUP="tss" -PACKAGECONFIG ?= "openssl cuse" +PACKAGECONFIG ?= "openssl" PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" +PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}" PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls" PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" @@ -39,12 +41,11 @@ GROUPADD_PARAM_${PN} = "--system ${TSS_USER}" USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \ --no-create-home --shell /bin/false ${BPN}" +PACKAGE_BEFORE_PN = "${PN}-cuse" +FILES_${PN}-cuse = "${bindir}/swtpm_cuse" + +INSANE_SKIP_${PN} += "dev-so" + RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools" BBCLASSEXTEND = "native nativesdk" - -python() { - if 'cuse' in d.getVar('PACKAGECONFIG') and \ - 'filesystems-layer' not in d.getVar('BBFILE_COLLECTIONS').split(): - raise bb.parse.SkipRecipe('Cuse enabled which requires meta-filesystems to be present.') -} diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb deleted file mode 100644 index 3f40eb70e7..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb +++ /dev/null @@ -1,15 +0,0 @@ -SUMMARY = "Tools for TPM2." -DESCRIPTION = "tpm2.0-tools" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819" -SECTION = "tpm" - -DEPENDS = "pkgconfig tpm2.0-tss openssl curl autoconf-archive" - -SRCREV = "5e2f1aafc58e60c5050f85147a14914561f28ad9" - -SRC_URI = "git://github.com/01org/tpm2.0-tools.git;name=tpm2.0-tools;destsuffix=tpm2.0-tools;branch=3.X" - -S = "${WORKDIR}/tpm2.0-tools" - -inherit autotools pkgconfig diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb b/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb deleted file mode 100644 index 866791c291..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb +++ /dev/null @@ -1,22 +0,0 @@ -SUMMARY = "TPM 2.0 Simulator Extraction Script" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=1415f7be284540b81d9d28c67c1a6b8b" - -DEPENDS = "python" - -SRCREV = "e45324eba268723d39856111e7933c5c76238481" -SRC_URI = "git://github.com/stwagnr/tpm2simulator.git" - -S = "${WORKDIR}/git" -OECMAKE_SOURCEPATH = "${S}/cmake" - -inherit native lib_package cmake - -EXTRA_OECMAKE = " \ - -DCMAKE_BUILD_TYPE=Debug \ - -DSPEC_VERSION=138 \ -" - -do_configure_prepend () { - sed -i 's/^SET = False/SET = True/' ${S}/scripts/settings.py -} diff --git a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb new file mode 100644 index 0000000000..8b504453f6 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb @@ -0,0 +1,41 @@ +SUMMARY = "An extension to cryptsetup/LUKS that enables use of the TPM 2.0 via tpm2-tss" +DESCRIPTION = "Cryptsetup is utility used to conveniently setup disk encryption based on DMCrypt kernel module." + +SECTION = "security/tpm" +LICENSE = "LGPL-2.1 | GPL-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326 \ + file://COPYING.LGPL;md5=1960515788100ce5f9c98ea78a65dc52 \ + " + +DEPENDS = "autoconf-archive pkgconfig gettext libtss2-dev libdevmapper popt libgcrypt json-c" + +SRC_URI = "git://github.com/AndreasFuchsSIT/cryptsetup-tpm-incubator.git;branch=luks2tpm \ + file://configure_fix.patch " + +SRCREV = "15c283195f19f1d980e39ba45448683d5e383179" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig gettext + +PACKAGECONFIG ??= "openssl" +PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl" +PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt" + +EXTRA_OECONF = "--enable-static" + +RRECOMMENDS_${PN} = "kernel-module-aes-generic \ + kernel-module-dm-crypt \ + kernel-module-md5 \ + kernel-module-cbc \ + kernel-module-sha256-generic \ + kernel-module-xts \ + " + +RDEPENDS_${PN} += "lvm2" +RRECOMMENDS_${PN} += "lvm2-udevrules" + +RREPLACES_${PN} = "cryptsetup" +RCONFLICTS_${PN} ="cryptsetup" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/files/configure_fix.patch b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/files/configure_fix.patch new file mode 100644 index 0000000000..8c7b6da41b --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/files/configure_fix.patch @@ -0,0 +1,16 @@ +Upstream-Status: OE specific +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: git/configure.ac +=================================================================== +--- git.orig/configure.ac ++++ git/configure.ac +@@ -16,7 +16,7 @@ AC_CONFIG_HEADERS([config.h:config.h.in] + + # For old automake use this + #AM_INIT_AUTOMAKE(dist-xz subdir-objects) +-AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects]) ++AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects foreign]) + + if test "x$prefix" = "xNONE"; then + sysconfdir=/etc diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1332.bb b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1332.bb new file mode 100644 index 0000000000..a6068e65c3 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1332.bb @@ -0,0 +1,24 @@ +SUMMARY = "IBM's Software TPM 2.0" + +LICENSE = "BSD" +SECTION = "securty/tpm" +LIC_FILES_CHKSUM = "file://../LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f" + +SRC_URI = "https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm1332.tar.gz" +SRC_URI[md5sum] = "0ab34a655b4e09812d7ada19746af4f9" +SRC_URI[sha256sum] = "8e8193af3d11d9ff6a951dda8cd1f4693cb01934a8ad7876b84e92c6148ab0fd" + +DEPENDS = "openssl" + +S = "${WORKDIR}/src" + +LDFLAGS = "${LDFALGS}" + +do_compile () { + make CC='${CC}' +} + +do_install () { + install -d ${D}/${bindir} + install -m 0755 tpm_server ${D}/${bindir} +} diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd-init.sh b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd-init.sh index c8dfb7de34..c8dfb7de34 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd-init.sh +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd-init.sh diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd.default b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd.default index 987978a665..987978a665 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd.default +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd.default diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.1.1.bb index 63473790db..a4c66823f6 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.1.1.bb @@ -9,16 +9,17 @@ SECTION = "security/tpm" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" -DEPENDS = "autoconf-archive dbus glib-2.0 tpm2.0-tss glib-2.0-native \ +DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \ libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim" SRC_URI = "\ - git://github.com/01org/tpm2-abrmd.git \ + git://github.com/tpm2-software/tpm2-abrmd.git \ file://tpm2-abrmd-init.sh \ file://tpm2-abrmd.default \ " -SRCREV = "d0120ace58d97bc9520c0d558657eaca87ae73b1" + +SRCREV = "06d9d433ba27159687255406baa37940db15465b" S = "${WORKDIR}/git" @@ -49,6 +50,6 @@ do_install_append() { FILES_${PN} += "${libdir}/systemd/system-preset \ ${datadir}/dbus-1" -RDEPENDS_${PN} += "tpm2.0-tss" +RDEPENDS_${PN} += "tpm2-tss" BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch new file mode 100644 index 0000000000..d38e23777c --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch @@ -0,0 +1,12 @@ +Upstream-Status: OE specific +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: git/bootstrap +=================================================================== +--- git.orig/bootstrap ++++ git/bootstrap +@@ -27,4 +27,3 @@ echo "Generating file lists: ${VARS_FILE + ) > ${VARS_FILE} + + mkdir -p m4 +-${AUTORECONF} --install --sym $@ diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb new file mode 100644 index 0000000000..9031e63e41 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb @@ -0,0 +1,21 @@ +SUMMARY = "A PKCS#11 interface for TPM2 hardware" +DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token." +SECTION = "security/tpm" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=b748af41ef1300c98e105b3b7ec4ecc1" + +DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools" + +SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git \ + file://bootstrap_fixup.patch \ + " + +SRCREV = "3107d89b406ecd9c007884613733c9a344ef6d39" + +S = "${WORKDIR}/git" + +inherit autotools-brokensep pkgconfig + +do_configure_prepend () { + ${S}/bootstrap +} diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch new file mode 100644 index 0000000000..8a216cd45e --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch @@ -0,0 +1,27 @@ +Upstream-Status: OE specific +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: git/configure.ac +=================================================================== +--- git.orig/configure.ac ++++ git/configure.ac +@@ -84,9 +84,6 @@ AC_ARG_WITH([efi-lds], + AS_HELP_STRING([--with-efi-lds=LDS_PATH],[Path to gnu-efi lds file.]), + [], + [with_efi_lds="/usr/lib/elf_${ARCH}_efi.lds"]) +-AC_CHECK_FILE(["${with_efi_lds}"], +- [], +- [AC_MSG_ERROR([Missing file: ${with_efi_lds}.])]) + EXTRA_LDFLAGS="-L /usr/lib -L /usr/lib64 -Wl,--script=${with_efi_lds}" + + # path to object file from gnu-efi +@@ -94,9 +91,6 @@ AC_ARG_WITH([efi-crt0], + AS_HELP_STRING([--with-efi-crt0=OBJ_PATH],[Path to gnu-efi crt0 object file.]), + [], + [with_efi_crt0="/usr/lib/crt0-efi-${ARCH}.o"]) +-AC_CHECK_FILE(["${with_efi_crt0}"], +- [], +- [AC_MSG_ERROR([Missing ${with_efi_crt0} file.])]) + EXTRA_LDLIBS="${with_efi_crt0}" + + # check for efi and gnuefi libraries diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb new file mode 100644 index 0000000000..815691dfe1 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb @@ -0,0 +1,18 @@ +SUMMARY = "TCTI module for use with TSS2 libraries in UEFI environment" +SECTION = "security/tpm" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" +DEPENDS = "libtss2-dev gnu-efi-native gnu-efi pkgconfig" + +SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \ + file://configure_oe_fixup.patch \ + " +SRCREV = "131889d12d2c7d8974711d2ebd1032cd32577b7f" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig + +COMPATIBLE_HOST = "(i.86|x86_64).*-linux" +EXTRA_OECONF_append = " --with-efi-includedir=${STAGING_INCDIR}/efi --with-efi-lds=${STAGING_LIBDIR_NATIVE}/" +RDEPENDS_${PN} = "gnu-efi" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.1.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.1.3.bb new file mode 100644 index 0000000000..1f1f5c6065 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.1.3.bb @@ -0,0 +1,15 @@ +SUMMARY = "Tools for TPM2." +DESCRIPTION = "tpm2-tools" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819" +SECTION = "tpm" + +DEPENDS = "pkgconfig tpm2-tss openssl curl autoconf-archive" + +SRCREV = "74ba065e5914bc5d713ca3709d62a5751b097369" + +SRC_URI = "git://github.com/tpm2-software/tpm2-tools.git;branch=3.X" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch new file mode 100644 index 0000000000..c14705458c --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch @@ -0,0 +1,36 @@ +C99 fixes: + + src/libtpm2-totp.c:172:13: error: format '%li' expects argument of type 'long int', but argument 3 has type 'size_t' {aka 'unsigned int'} [-Werror=format=] +| dbg("Calling Esys_GetRandom for %li bytes", SECRETLEN - *secret_size); + +src/tpm2-totp.c:343:23: error: format '%ld' expects argument of type 'long int', but argument 3 has type 'uint64_t' {aka 'long long unsigned int'} [-Werror=format=] + +Upstream-Status: Pending +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: git/src/libtpm2-totp.c +=================================================================== +--- git.orig/src/libtpm2-totp.c ++++ git/src/libtpm2-totp.c +@@ -169,7 +169,7 @@ tpm2totp_generateKey(uint32_t pcrs, uint + if (rc != TPM2_RC_INITIALIZE) chkrc(rc, goto error); + + while (*secret_size < SECRETLEN) { +- dbg("Calling Esys_GetRandom for %li bytes", SECRETLEN - *secret_size); ++ dbg("Calling Esys_GetRandom for %li bytes", (long int) (SECRETLEN - *secret_size)); + rc = Esys_GetRandom(ctx, + ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, + SECRETLEN - *secret_size, &t); +Index: git/src/tpm2-totp.c +=================================================================== +--- git.orig/src/tpm2-totp.c ++++ git/src/tpm2-totp.c +@@ -340,7 +340,7 @@ main(int argc, char **argv) + localtime (&now)); + chkrc(rc, exit(1)); + } +- printf("%s%06ld", timestr, totp); ++ printf("%s%06ld", timestr, (long int)totp); + break; + case CMD_RESEAL: + rc = tpm2totp_loadKey_nv(opt.nvindex, &keyBlob, &keyBlob_size); diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.9.9.bb new file mode 100644 index 0000000000..bc94ab7117 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.9.9.bb @@ -0,0 +1,17 @@ +SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL." +DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures." + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=ed23833e93c95173c8d8913745e4b4e1" + +SECTION = "security/tpm" + +DEPENDS = "autoconf-archive libtss2-dev qrencode" + +SRCREV = "44fcb6819f79302d5a088b3def648616e3551d4a" +SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git \ + file://litpm2_totp_build_fix.patch " + +inherit autotools-brokensep pkgconfig + +S = "${WORKDIR}/git" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_0.9.9.bb new file mode 100644 index 0000000000..36530be2c2 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_0.9.9.bb @@ -0,0 +1,23 @@ +SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL." +DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures." + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3fb0047fd29391478a71e8e6101c76eb" + +SECTION = "security/tpm" + +DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl" + +SRCREV = "bef89ec79cbb4c99963b0e336d9184827c545782" +SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git" + +inherit autotools-brokensep pkgconfig systemd + +S = "${WORKDIR}/git" + +PACKAGES += "${PN}-engines ${PN}-engines-staticdev ${PN}-bash-completion" + +FILES_${PN}-dev = "${libdir}/engines-1.1/tpm2tss.so ${includedir}/*" +FILES_${PN}-engines = "${libdir}/engines-1.1/lib*.so*" +FILES_${PN}-engines-staticdev = "${libdir}/engines-1.1/libtpm2tss.a" +FILES_${PN}-bash-completion += "${datadir}/bash-completion/completions" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4 b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4 index d383ad5c6d..d383ad5c6d 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4 +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4 diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch index ecaca6ea57..ecaca6ea57 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.2.1.bb index 9d1ff72f39..78bdeebe0d 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.2.1.bb @@ -1,19 +1,22 @@ SUMMARY = "Software stack for TPM2." -DESCRIPTION = "tpm2.0-tss like woah." +DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) " LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=0b1d631c4218b72f6b05cb58613606f4" +LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" SECTION = "tpm" -DEPENDS = "autoconf-archive-native libgcrypt" +DEPENDS = "autoconf-archive-native libgcrypt openssl" -SRCREV = "dc31e8dca9dbc77d16e419dc514ce8c526cd3351" +SRCREV = "eb69e13559f20a0b49002a685c6f4a39be9503e2" -SRC_URI = "git://github.com/tpm2-software/tpm2-tss.git;branch=2.0.x" +SRC_URI = "git://github.com/tpm2-software/tpm2-tss.git;branch=2.2.x" inherit autotools-brokensep pkgconfig systemd S = "${WORKDIR}/git" +PACKAGECONFIG ??= "" +PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " + do_configure_prepend () { ./bootstrap } @@ -72,3 +75,5 @@ FILES_libtss2-dev = " \ FILES_libtss2-staticdev = "${libdir}/libtss*a" FILES_${PN} = "${libdir}/udev" + +RDEPENDS_libtss2 = "libgcrypt" |