diff options
Diffstat (limited to 'meta-security/meta-tpm')
4 files changed, 42 insertions, 15 deletions
diff --git a/meta-security/meta-tpm/classes/sanity-meta-tpm.bbclass b/meta-security/meta-tpm/classes/sanity-meta-tpm.bbclass index 2f8b52d1b4..1ab03c8a8f 100644 --- a/meta-security/meta-tpm/classes/sanity-meta-tpm.bbclass +++ b/meta-security/meta-tpm/classes/sanity-meta-tpm.bbclass @@ -2,7 +2,9 @@ addhandler tpm_machinecheck tpm_machinecheck[eventmask] = "bb.event.SanityCheck" python tpm_machinecheck() { skip_check = e.data.getVar('SKIP_META_TPM_SANITY_CHECK') == "1" - if 'tpm' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check: + if 'tpm' not in e.data.getVar('DISTRO_FEATURES').split() and \ + 'tpm2' not in e.data.getVar('DISTRO_FEATURES').split() and \ + not skip_check: bb.warn("You have included the meta-tpm layer, but \ 'tpm or tpm2' has not been enabled in your DISTRO_FEATURES. Some bbappend files \ and preferred version setting may not take effect. See the meta-tpm README \ diff --git a/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py b/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py index c6f9d92245..c2c95e7159 100644 --- a/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py +++ b/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py @@ -16,28 +16,45 @@ class Tpm2Test(OERuntimeTestCase): if expected_endlines: self.fail('Missing expected line endings:\n %s' % '\n '.join(expected_endlines)) - @OEHasPackage(['tpm2-tss']) - @OEHasPackage(['tpm2-abrmd']) @OEHasPackage(['tpm2-tools']) - @OEHasPackage(['ibmswtpm2']) + @OEHasPackage(['tpm2-abrmd']) + @OEHasPackage(['swtpm']) @OETestDepends(['ssh.SSHTest.test_ssh']) - def test_tpm2_sim(self): + def test_tpm2_swtpm_socket(self): cmds = [ - 'tpm_server &', - 'tpm2-abrmd --allow-root --tcti=mssim &' + 'mkdir /tmp/myvtpm', + 'swtpm socket --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init &', + 'export TPM2TOOLS_TCTI="swtpm:port=2321"', + 'tpm2_startup -c' ] for cmd in cmds: status, output = self.target.run(cmd) self.assertEqual(status, 0, msg='\n'.join([cmd, output])) - @OETestDepends(['tpm2.Tpm2Test.test_tpm2_sim']) - def test_tpm2(self): - (status, output) = self.target.run('tpm2_pcrlist') + @OETestDepends(['tpm2.Tpm2Test.test_tpm2_swtpm_socket']) + def test_tpm2_pcrread(self): + (status, output) = self.target.run('tpm2_pcrread') expected_endlines = [] - expected_endlines.append('sha1 :') - expected_endlines.append(' 0 : 0000000000000000000000000000000000000003') - expected_endlines.append(' 1 : 0000000000000000000000000000000000000000') + expected_endlines.append(' sha1:') + expected_endlines.append(' 0 : 0x0000000000000000000000000000000000000000') + expected_endlines.append(' 1 : 0x0000000000000000000000000000000000000000') + expected_endlines.append(' sha256:') + expected_endlines.append(' 0 : 0x0000000000000000000000000000000000000000000000000000000000000000') + expected_endlines.append(' 1 : 0x0000000000000000000000000000000000000000000000000000000000000000') + self.check_endlines(output, expected_endlines) + + @OEHasPackage(['p11-kit']) + @OEHasPackage(['tpm2-pkcs11']) + @OETestDepends(['tpm2.Tpm2Test.test_tpm2_swtpm_socket']) + def test_tpm2_pkcs11(self): + (status, output) = self.target.run('p11-kit list-modules -v') + self.assertEqual(status, 0, msg="Modules missing: %s" % output) + + @OETestDepends(['tpm2.Tpm2Test.test_tpm2_pkcs11']) + def test_tpm2_swtpm_reset(self): + (status, output) = self.target.run('swtpm_ioctl -i --tcp :2322') + self.assertEqual(status, 0, msg="swtpm reset failed: %s" % output) diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb index a9174e6717..e8812d06d0 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb @@ -27,8 +27,13 @@ do_compile:append() { do_install:append() { install -d ${D}${libdir}/pkcs11 install -d ${D}${datadir}/p11-kit + + # remove symlinks rm -f ${D}${libdir}/pkcs11/libtpm2_pkcs11.so + #install lib + install -m 755 ${B}/src/.libs/libtpm2_pkcs11.so ${D}${libdir}/pkcs11/libtpm2_pkcs11.so + cd ${S}/tools export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}" ${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build @@ -48,5 +53,5 @@ FILES:${PN} += "\ ${datadir}/p11-kit/* \ " -RDEPENDS:${PN} = "tpm2-tools" -RDEPENDS:${PN}-tools += "${PYTHON_PN}-setuptools ${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules" +RDEPENDS:${PN} = "p11-kit tpm2-tools " +RDEPENDS:${PN}-tools = "${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb index f924038bdb..c20af7ef0a 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb @@ -16,3 +16,6 @@ do_configure:prepend() { # do not extract the version number from git sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac } + +# need tss-esys +RDEPENDS:${PN} = "libtss2 tpm2-abrmd" |