From 1a4b7ee28bf7413af6513fb45ad0d0736048f866 Mon Sep 17 00:00:00 2001 From: Brad Bishop Date: Sun, 16 Dec 2018 17:11:34 -0800 Subject: reset upstream subtrees to yocto 2.6 Reset the following subtrees on thud HEAD: poky: 87e3a9739d meta-openembedded: 6094ae18c8 meta-security: 31dc4e7532 meta-raspberrypi: a48743dc36 meta-xilinx: c42016e2e6 Also re-apply backports that didn't make it into thud: poky: 17726d0 systemd-systemctl-native: handle Install wildcards meta-openembedded: 4321a5d libtinyxml2: update to 7.0.1 042f0a3 libcereal: Add native and nativesdk classes e23284f libcereal: Allow empty package 030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG 179a1b9 gtest: update to 1.8.1 Squashed OpenBMC subtree compatibility updates: meta-aspeed: Brad Bishop (1): aspeed: add yocto 2.6 compatibility meta-ibm: Brad Bishop (1): ibm: prepare for yocto 2.6 meta-ingrasys: Brad Bishop (1): ingrasys: set layer compatibility to yocto 2.6 meta-openpower: Brad Bishop (1): openpower: set layer compatibility to yocto 2.6 meta-phosphor: Brad Bishop (3): phosphor: set layer compatibility to thud phosphor: libgpg-error: drop patches phosphor: react to fitimage artifact rename Ed Tanous (4): Dropbear: upgrade options for latest upgrade yocto2.6: update openssl options busybox: remove upstream watchdog patch systemd: Rebase CONFIG_CGROUP_BPF patch Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7 Signed-off-by: Brad Bishop --- .../meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb | 8 +- ...ate-tpm-key-support-well-known-key-option.patch | 24 ++--- .../files/0002-libtpm-support-env-TPM_SRK_PW.patch | 14 +-- .../files/0003-Fix-not-building-libtpm.la.patch | 25 ----- ...-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch | 41 ++++---- ...-tpm-engine-change-variable-c-type-from-c.patch | 13 +-- .../files/openssl11_build_fix.patch | 34 +++++++ .../openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb | 78 --------------- .../openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb | 65 ++++++++++++ .../pcr-extend/files/fix_openssl11_build.patch | 45 +++++++++ .../recipes-tpm/pcr-extend/pcr-extend_git.bb | 3 +- .../meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb | 21 +--- .../tpm-tools/files/04-fix-FTBFS-clang.patch | 56 +++++++++++ .../files/05-openssl1.1_fix_data_mgmt.patch | 110 +++++++++++++++++++++ .../tpm-tools/files/openssl1.1_fix.patch | 18 ++++ .../tpm-tools/files/tpm-tools-extendpcr.patch | 32 +++--- .../recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb | 36 +++++++ .../recipes-tpm/tpm-tools/tpm-tools_git.bb | 35 ------- .../recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb | 54 ---------- .../recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb | 54 ++++++++++ .../recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb | 15 +++ .../recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb | 18 ---- .../recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb | 99 ------------------- .../recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb | 74 ++++++++++++++ .../tpm2simulator/tpm2simulator-native_138.bb | 22 ----- .../recipes-tpm/tpm2simulator/tpm2simulator_138.bb | 22 +++++ 26 files changed, 598 insertions(+), 418 deletions(-) delete mode 100644 meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch create mode 100644 meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch delete mode 100644 meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb create mode 100644 meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch create mode 100644 meta-security/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch create mode 100644 meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch create mode 100644 meta-security/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch create mode 100644 meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb create mode 100644 meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator-native_138.bb create mode 100644 meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb (limited to 'meta-security/meta-tpm/recipes-tpm') diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb index b29ec6bbed..a930d7bc37 100644 --- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb +++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb @@ -1,11 +1,9 @@ SUMMARY = "LIBPM - Software TPM Library" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=97e5eea8d700d76b3ddfd35c4c96485f" +LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" -SRCREV = "3388d45082bdc588c6fc0672f44d6d7d0aaa86ff" -SRC_URI = " \ - git://github.com/stefanberger/libtpms.git \ - " +SRCREV = "4111bd1bcf721e6e7b5f11ed9c2b93083677aa25" +SRC_URI = "git://github.com/stefanberger/libtpms.git" S = "${WORKDIR}/git" inherit autotools-brokensep pkgconfig diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch index 67071b6058..bed8b92a2a 100644 --- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch +++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch @@ -8,20 +8,20 @@ Add "-z" option to select well known password in create_tpm_key tool. Signed-off-by: Junxian.Xiao -diff --git a/create_tpm_key.c b/create_tpm_key.c -index fee917f..7b94d62 100644 ---- a/create_tpm_key.c -+++ b/create_tpm_key.c -@@ -46,6 +46,8 @@ - #include - #include +Index: git/src/create_tpm_key.c +=================================================================== +--- git.orig/src/create_tpm_key.c ++++ git/src/create_tpm_key.c +@@ -48,6 +48,8 @@ + + #include "ssl_compat.h" +#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/ + #define print_error(a,b) \ fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \ a, b, Trspi_Error_String(b)) -@@ -70,6 +72,7 @@ usage(char *argv0) +@@ -72,6 +74,7 @@ usage(char *argv0) "\t\t-e|--enc-scheme encryption scheme to use [PKCSV15] or OAEP\n" "\t\t-q|--sig-scheme signature scheme to use [DER] or SHA1\n" "\t\t-s|--key-size key size in bits [2048]\n" @@ -29,7 +29,7 @@ index fee917f..7b94d62 100644 "\t\t-a|--auth require a password for the key [NO]\n" "\t\t-p|--popup use TSS GUI popup dialogs to get the password " "for the\n\t\t\t\t key [NO] (implies --auth)\n" -@@ -147,6 +150,7 @@ int main(int argc, char **argv) +@@ -154,6 +157,7 @@ int main(int argc, char **argv) int asn1_len; char *filename, c, *openssl_key = NULL; int option_index, auth = 0, popup = 0, wrap = 0; @@ -37,7 +37,7 @@ index fee917f..7b94d62 100644 UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER; UINT32 key_size = 2048; -@@ -154,12 +158,15 @@ int main(int argc, char **argv) +@@ -161,12 +165,15 @@ int main(int argc, char **argv) while (1) { option_index = 0; @@ -54,7 +54,7 @@ index fee917f..7b94d62 100644 case 'a': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; -@@ -293,6 +300,8 @@ int main(int argc, char **argv) +@@ -300,6 +307,8 @@ int main(int argc, char **argv) if (srk_authusage) { char *authdata = calloc(1, 128); @@ -63,7 +63,7 @@ index fee917f..7b94d62 100644 if (!authdata) { fprintf(stderr, "malloc failed.\n"); -@@ -309,17 +318,26 @@ int main(int argc, char **argv) +@@ -316,17 +325,26 @@ int main(int argc, char **argv) exit(result); } diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch index f718f2e640..2caaaf0543 100644 --- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch +++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch @@ -9,20 +9,20 @@ use "env TPM_SRK_PW=#WELLKNOWN#" to set well known password. Signed-off-by: Junxian.Xiao -diff --git a/e_tpm.c b/e_tpm.c -index f3e8bcf..7dcb75a 100644 ---- a/e_tpm.c -+++ b/e_tpm.c +Index: git/src/e_tpm.c +=================================================================== +--- git.orig/src/e_tpm.c ++++ git/src/e_tpm.c @@ -38,6 +38,8 @@ - #include "e_tpm.h" + #include "ssl_compat.h" +#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/ + //#define DLOPEN_TSPI #ifndef OPENSSL_NO_HW -@@ -248,6 +250,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) +@@ -262,6 +264,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb TSS_RESULT result; UINT32 authusage; BYTE *auth; @@ -33,7 +33,7 @@ index f3e8bcf..7dcb75a 100644 if (hSRK != NULL_HKEY) { DBGFN("SRK is already loaded."); -@@ -299,18 +305,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) +@@ -313,18 +319,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb return 0; } diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch deleted file mode 100644 index d24a150e57..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 7848445a1f4c750ef73bf96f5e89d402f87a1756 Mon Sep 17 00:00:00 2001 -From: Lans Zhang -Date: Mon, 19 Jun 2017 14:54:28 +0800 -Subject: [PATCH] Fix not building libtpm.la - -Signed-off-by: Lans Zhang ---- - Makefile.am | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/Makefile.am b/Makefile.am -index 6695656..634a7e6 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -10,4 +10,6 @@ libtpm_la_LIBADD=-lcrypto -lc -ltspi - libtpm_la_SOURCES=e_tpm.c e_tpm.h e_tpm_err.c - - create_tpm_key_SOURCES=create_tpm_key.c --create_tpm_key_LDADD=-ltspi -+create_tpm_key_LDFLAGS=-ltspi -+ -+LDADD=libtpm.la --- -2.7.5 - diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch index a88148fe48..cc8772d20c 100644 --- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch +++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch @@ -22,11 +22,11 @@ Signed-off-by: Meng Li e_tpm_err.c | 4 ++ 3 files changed, 164 insertions(+), 1 deletion(-) -diff --git a/e_tpm.c b/e_tpm.c -index 7dcb75a..11bf74b 100644 ---- a/e_tpm.c -+++ b/e_tpm.c -@@ -245,6 +245,118 @@ void ENGINE_load_tpm(void) +Index: git/src/e_tpm.c +=================================================================== +--- git.orig/src/e_tpm.c ++++ git/src/e_tpm.c +@@ -259,6 +259,118 @@ void ENGINE_load_tpm(void) ERR_clear_error(); } @@ -145,7 +145,7 @@ index 7dcb75a..11bf74b 100644 int tpm_load_srk(UI_METHOD *ui, void *cb_data) { TSS_RESULT result; -@@ -305,8 +417,50 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) +@@ -319,8 +431,50 @@ int tpm_load_srk(UI_METHOD *ui, void *cb return 0; } @@ -197,7 +197,7 @@ index 7dcb75a..11bf74b 100644 if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) { memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN); secretMode = TSS_SECRET_MODE_SHA1; -@@ -319,6 +473,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) +@@ -333,6 +487,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb authlen = strlen(auth); } } @@ -205,11 +205,11 @@ index 7dcb75a..11bf74b 100644 else { if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ", cb_data)) { -diff --git a/e_tpm.h b/e_tpm.h -index 6316e0b..56ff202 100644 ---- a/e_tpm.h -+++ b/e_tpm.h -@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int reason, char *file, int line); +Index: git/src/e_tpm.h +=================================================================== +--- git.orig/src/e_tpm.h ++++ git/src/e_tpm.h +@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int rea #define TPM_F_TPM_FILL_RSA_OBJECT 116 #define TPM_F_TPM_ENGINE_GET_AUTH 117 #define TPM_F_TPM_CREATE_SRK_POLICY 118 @@ -218,7 +218,7 @@ index 6316e0b..56ff202 100644 /* Reason codes. */ #define TPM_R_ALREADY_LOADED 100 -@@ -96,6 +98,8 @@ void ERR_TSS_error(int function, int reason, char *file, int line); +@@ -96,6 +98,8 @@ void ERR_TSS_error(int function, int rea #define TPM_R_ID_INVALID 125 #define TPM_R_UI_METHOD_FAILED 126 #define TPM_R_UNKNOWN_SECRET_MODE 127 @@ -227,11 +227,11 @@ index 6316e0b..56ff202 100644 /* structure pointed to by the RSA object's app_data pointer */ struct rsa_app_data -diff --git a/e_tpm_err.c b/e_tpm_err.c -index 25a5d0f..439e267 100644 ---- a/e_tpm_err.c -+++ b/e_tpm_err.c -@@ -235,6 +235,8 @@ static ERR_STRING_DATA TPM_str_functs[] = { +Index: git/src/e_tpm_err.c +=================================================================== +--- git.orig/src/e_tpm_err.c ++++ git/src/e_tpm_err.c +@@ -234,6 +234,8 @@ static ERR_STRING_DATA TPM_str_functs[] {ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"}, {ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"}, {ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"}, @@ -240,7 +240,7 @@ index 25a5d0f..439e267 100644 {0, NULL} }; -@@ -265,6 +267,8 @@ static ERR_STRING_DATA TPM_str_reasons[] = { +@@ -264,6 +266,8 @@ static ERR_STRING_DATA TPM_str_reasons[] {TPM_R_FILE_READ_FAILED, "failed reading the key file"}, {TPM_R_ID_INVALID, "engine id doesn't match"}, {TPM_R_UI_METHOD_FAILED, "ui function failed"}, @@ -249,6 +249,3 @@ index 25a5d0f..439e267 100644 {0, NULL} }; --- -2.9.3 - diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch index 076704de8a..535472a20e 100644 --- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch +++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch @@ -15,11 +15,11 @@ Signed-off-by: Meng Li create_tpm_key.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -diff --git a/create_tpm_key.c b/create_tpm_key.c -index 7b94d62..f30af90 100644 ---- a/create_tpm_key.c -+++ b/create_tpm_key.c -@@ -148,7 +148,8 @@ int main(int argc, char **argv) +Index: git/src/create_tpm_key.c +=================================================================== +--- git.orig/src/create_tpm_key.c ++++ git/src/create_tpm_key.c +@@ -155,7 +155,8 @@ int main(int argc, char **argv) ASN1_OCTET_STRING *blob_str; unsigned char *blob_asn1 = NULL; int asn1_len; @@ -29,6 +29,3 @@ index 7b94d62..f30af90 100644 int option_index, auth = 0, popup = 0, wrap = 0; int wellknownkey = 0; UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; --- -1.7.9.5 - diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch new file mode 100644 index 0000000000..2f8eb81272 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch @@ -0,0 +1,34 @@ +Fix compiling for openssl 1.1 + +Upstream-Status: Pending +Signed-off-by: Armin Kuster + +Index: git/src/e_tpm.c +=================================================================== +--- git.orig/src/e_tpm.c ++++ git/src/e_tpm.c +@@ -265,19 +265,20 @@ static int tpm_decode_base64(unsigned ch + int *out_len) + { + int total_len, len, ret; +- EVP_ENCODE_CTX dctx; ++ EVP_ENCODE_CTX *dctx; + +- EVP_DecodeInit(&dctx); ++ dctx = EVP_ENCODE_CTX_new(); ++ EVP_DecodeInit(dctx); + + total_len = 0; +- ret = EVP_DecodeUpdate(&dctx, outdata, &len, indata, in_len); ++ ret = EVP_DecodeUpdate(dctx, outdata, &len, indata, in_len); + if (ret < 0) { + TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED); + return 1; + } + + total_len += len; +- ret = EVP_DecodeFinal(&dctx, outdata, &len); ++ ret = EVP_DecodeFinal(dctx, outdata, &len); + if (ret < 0) { + TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED); + return 1; diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb deleted file mode 100644 index 4854f70e33..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb +++ /dev/null @@ -1,78 +0,0 @@ -DESCRIPTION = "OpenSSL secure engine based on TPM hardware" -HOMEPAGE = "https://sourceforge.net/projects/trousers/" -SECTION = "security/tpm" - -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52" - -DEPENDS += "openssl trousers" - -SRC_URI = "\ - git://git.code.sf.net/p/trousers/openssl_tpm_engine \ - file://0001-create-tpm-key-support-well-known-key-option.patch \ - file://0002-libtpm-support-env-TPM_SRK_PW.patch \ - file://0003-Fix-not-building-libtpm.la.patch \ - file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \ - file://0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch \ -" -SRCREV = "bbc2b1af809f20686e0d3553a62f0175742c0d60" - -S = "${WORKDIR}/git" - -inherit autotools-brokensep - -# The definitions below are used to decrypt the srk password. -# It is allowed to define the values in 3 forms: string, hex number and -# the hybrid, e.g, -# srk_dec_pw = "incendia" -# srk_dec_pw = "\x69\x6e\x63\x65\x6e\x64\x69\x61" -# srk_dec_pw = "\x1""nc""\x3""nd""\x1""a" -# -# Due to the limit of escape character, the hybrid must be written in -# above style. The actual values defined below in C code style are: -# srk_dec_pw[] = { 0x01, 'n', 'c', 0x03, 'n', 'd', 0x01, 'a' }; -# srk_dec_salt[] = { 'r', 0x00, 0x00, 't' }; -srk_dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\"" -srk_dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\"" - -CFLAGS_append += "-DSRK_DEC_PW=${srk_dec_pw} -DSRK_DEC_SALT=${srk_dec_salt}" - -# Uncomment below line if using the plain srk password for development -#CFLAGS_append += "-DTPM_SRK_PLAIN_PW" - -do_configure_prepend() { - cd "${S}" - cp LICENSE COPYING - touch NEWS AUTHORS ChangeLog -} - -do_install_append() { - install -m 0755 -d "${D}${libdir}/engines" - install -m 0755 -d "${D}${prefix}/local/ssl/lib/engines" - install -m 0755 -d "${D}${libdir}/ssl/engines" - - cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/libtpm.so.0" - cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/engines/libtpm.so" - cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${prefix}/local/ssl/lib/engines/libtpm.so" - mv -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/ssl/engines/libtpm.so" - mv -f "${D}${libdir}/openssl/engines/libtpm.la" "${D}${libdir}/ssl/engines/libtpm.la" - rm -rf "${D}${libdir}/openssl" -} - -FILES_${PN}-staticdev += "${libdir}/ssl/engines/libtpm.la" -FILES_${PN}-dbg += "\ - ${libdir}/ssl/engines/.debug \ - ${libdir}/engines/.debug \ - ${prefix}/local/ssl/lib/engines/.debug \ -" -FILES_${PN} += "\ - ${libdir}/ssl/engines/libtpm.so* \ - ${libdir}/engines/libtpm.so* \ - ${libdir}/libtpm.so* \ - ${prefix}/local/ssl/lib/engines/libtpm.so* \ -" - -RDEPENDS_${PN} += "libcrypto libtspi" - -INSANE_SKIP_${PN} = "libdir" -INSANE_SKIP_${PN}-dbg = "libdir" diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb new file mode 100644 index 0000000000..0f98b79f2e --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb @@ -0,0 +1,65 @@ +DESCRIPTION = "OpenSSL secure engine based on TPM hardware" +HOMEPAGE = "https://github.com/mgerstner/openssl_tpm_engine" +SECTION = "security/tpm" + +LICENSE = "openssl" +LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52" + +DEPENDS += "openssl trousers" + +SRC_URI = "\ + git://github.com/mgerstner/openssl_tpm_engine.git \ + file://0001-create-tpm-key-support-well-known-key-option.patch \ + file://0002-libtpm-support-env-TPM_SRK_PW.patch \ + file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \ + file://0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch \ + file://openssl11_build_fix.patch \ +" +SRCREV = "b28de5065e6eb9aa5d5afe2276904f7624c2cbaf" + +S = "${WORKDIR}/git" + +inherit autotools-brokensep pkgconfig + +# The definitions below are used to decrypt the srk password. +# It is allowed to define the values in 3 forms: string, hex number and +# the hybrid, e.g, +# srk_dec_pw = "incendia" +# srk_dec_pw = "\x69\x6e\x63\x65\x6e\x64\x69\x61" +# srk_dec_pw = "\x1""nc""\x3""nd""\x1""a" +# +# Due to the limit of escape character, the hybrid must be written in +# above style. The actual values defined below in C code style are: +# srk_dec_pw[] = { 0x01, 'n', 'c', 0x03, 'n', 'd', 0x01, 'a' }; +# srk_dec_salt[] = { 'r', 0x00, 0x00, 't' }; +srk_dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\"" +srk_dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\"" + +CFLAGS_append += "-DSRK_DEC_PW=${srk_dec_pw} -DSRK_DEC_SALT=${srk_dec_salt}" + +# Uncomment below line if using the plain srk password for development +#CFLAGS_append += "-DTPM_SRK_PLAIN_PW" + +do_configure_prepend() { + cd ${B} + cp LICENSE COPYING + touch NEWS AUTHORS ChangeLog README +} + +FILES_${PN}-staticdev += "${libdir}/ssl/engines-1.1/tpm.la" +FILES_${PN}-dbg += "\ + ${libdir}/ssl/engines-1.1/.debug \ + ${libdir}/engines-1.1/.debug \ + ${prefix}/local/ssl/lib/engines-1.1/.debug \ +" +FILES_${PN} += "\ + ${libdir}/ssl/engines-1.1/tpm.so* \ + ${libdir}/engines-1.1/tpm.so* \ + ${libdir}/libtpm.so* \ + ${prefix}/local/ssl/lib/engines-1.1/tpm.so* \ +" + +RDEPENDS_${PN} += "libcrypto libtspi" + +INSANE_SKIP_${PN} = "libdir" +INSANE_SKIP_${PN}-dbg = "libdir" diff --git a/meta-security/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch b/meta-security/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch new file mode 100644 index 0000000000..cf2d437801 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch @@ -0,0 +1,45 @@ +Enable building with openssl 1.1 + +Upstream-Status: Pending +Signed-off-by: Armin Kuster + +Index: git/src/pcr-extend.c +=================================================================== +--- git.orig/src/pcr-extend.c ++++ git/src/pcr-extend.c +@@ -118,7 +118,7 @@ dump_buf (FILE *file, char *buf, size_t + static unsigned char* + sha1_file (FILE *file, unsigned int *hash_len) + { +- EVP_MD_CTX ctx = { 0 }; ++ EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + unsigned char *buf = NULL, *hash = NULL; + size_t num_read = 0; + +@@ -127,7 +127,7 @@ sha1_file (FILE *file, unsigned int *has + perror ("malloc:\n"); + goto sha1_fail; + } +- if (EVP_DigestInit (&ctx, EVP_sha1 ()) == 0) { ++ if (EVP_DigestInit (ctx, EVP_sha1 ()) == 0) { + ERR_print_errors_fp (stderr); + goto sha1_fail; + } +@@ -135,7 +135,7 @@ sha1_file (FILE *file, unsigned int *has + num_read = fread (buf, 1, BUF_SIZE, file); + if (num_read <= 0) + break; +- if (EVP_DigestUpdate (&ctx, buf, num_read) == 0) { ++ if (EVP_DigestUpdate (ctx, buf, num_read) == 0) { + ERR_print_errors_fp (stderr); + goto sha1_fail; + } +@@ -149,7 +149,7 @@ sha1_file (FILE *file, unsigned int *has + perror ("calloc of hash buffer:\n"); + goto sha1_fail; + } +- if (EVP_DigestFinal (&ctx, hash, hash_len) == 0) { ++ if (EVP_DigestFinal (ctx, hash, hash_len) == 0) { + ERR_print_errors_fp (stderr); + goto sha1_fail; + } diff --git a/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb index 0cc4f6370f..f8347b7f15 100644 --- a/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb +++ b/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb @@ -9,7 +9,8 @@ DEPENDS = "libtspi" PV = "0.1+git${SRCPV}" SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316" -SRC_URI = "git://github.com/flihp/pcr-extend.git " +SRC_URI = "git://github.com/flihp/pcr-extend.git \ + file://fix_openssl11_build.patch " inherit autotools diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb index 747602000d..3fe1393af1 100644 --- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb +++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb @@ -3,23 +3,21 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" SECTION = "apps" -DEPENDS = "libtasn1 expect socat glib-2.0 libtpm libtpm-native" +DEPENDS = "libtasn1 expect socat glib-2.0 net-tools-native libtpm libtpm-native" # configure checks for the tools already during compilation and # then swtpm_setup needs them at runtime DEPENDS += "tpm-tools-native expect-native socat-native" -RDEPENDS_${PN} += "tpm-tools" -SRCREV = "4f4f2f0a7e3195f6df8d235d58630a08e69403d8" -SRC_URI = "git://github.com/stefanberger/swtpm.git \ - file://fix_lib_search_path.patch \ +SRCREV = "94bb9f2d716d09bcc6cd2a2e033018f8592008e7" +SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=tpm2-preview.v2 \ file://fix_fcntl_h.patch \ file://ioctl_h.patch \ " S = "${WORKDIR}/git" -inherit autotools-brokensep pkgconfig +inherit autotools pkgconfig PARALLEL_MAKE = "" TSS_USER="tss" @@ -36,21 +34,12 @@ EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}" export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}" -# dup bootstrap -do_configure_prepend () { - libtoolize --force --copy - autoheader - aclocal - automake --add-missing -c - autoconf -} - USERADD_PACKAGES = "${PN}" GROUPADD_PARAM_${PN} = "--system ${TSS_USER}" USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \ --no-create-home --shell /bin/false ${BPN}" -RDEPENDS_${PN} = "libtpm expect socat bash" +RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch new file mode 100644 index 0000000000..5018d45b21 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch @@ -0,0 +1,56 @@ +Title: Fix FTBFS with clang due to uninitialized values +Date: 2015-06-28 +Author: Alexander +Bug-Debian: http://bugs.debian.org/753063 + +Upstream-Status: Backport +tpm-tools_1.3.9.1-0.1.debian.tar + +Signed-off-by: Armin kuster + +--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c 2012-05-17 21:49:58.000000000 +0400 ++++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_present.c 2014-06-29 01:01:11.502081468 +0400 +@@ -165,7 +165,7 @@ + + TSS_BOOL bCmd, bHwd; + BOOL bRc; +- TSS_HPOLICY hTpmPolicy; ++ TSS_HPOLICY hTpmPolicy = 0; + char *pwd = NULL; + int pswd_len; + char rsp[5]; +--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_takeownership.c 2010-09-30 21:28:09.000000000 +0400 ++++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_takeownership.c 2014-06-29 01:01:51.069373655 +0400 +@@ -67,7 +67,7 @@ + char *szSrkPasswd = NULL; + int tpm_len, srk_len; + TSS_HTPM hTpm; +- TSS_HKEY hSrk; ++ TSS_HKEY hSrk = 0; + TSS_FLAG fSrkAttrs; + TSS_HPOLICY hTpmPolicy, hSrkPolicy; + int iRc = -1; +--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_nvwrite.c 2011-08-17 16:20:35.000000000 +0400 ++++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_nvwrite.c 2014-06-29 01:02:45.836397172 +0400 +@@ -220,7 +220,7 @@ + close(fd); + fd = -1; + } else if (fillvalue >= 0) { +- if (length < 0) { ++ if (length == 0) { + logError(_("Requiring size parameter.\n")); + return -1; + } +--- tpm-tools-1.3.8/src/data_mgmt/data_protect.c 2012-05-17 21:49:58.000000000 +0400 ++++ tpm-tools-1.3.8-my/src/data_mgmt/data_protect.c 2014-06-29 01:03:49.863254459 +0400 +@@ -432,8 +432,8 @@ + + char *pszPin = NULL; + +- CK_RV rv; +- CK_SESSION_HANDLE hSession; ++ CK_RV rv = 0; ++ CK_SESSION_HANDLE hSession = 0; + CK_OBJECT_HANDLE hObject; + CK_MECHANISM tMechanism = { CKM_AES_ECB, NULL, 0 }; + diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch new file mode 100644 index 0000000000..c2a264b628 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch @@ -0,0 +1,110 @@ +Author: Philipp Kern +Subject: Fix openssl1.1 support in data_mgmt +Date: Tue, 31 Jan 2017 22:40:10 +0100 + +Upstream-Status: Backport +tpm-tools_1.3.9.1-0.1.debian.tar + +Signed-off-by: Armin kuster + +--- + src/data_mgmt/data_import.c | 60 ++++++++++++++++++++++++++++---------------- + 1 file changed, 39 insertions(+), 21 deletions(-) + +--- a/src/data_mgmt/data_import.c ++++ b/src/data_mgmt/data_import.c +@@ -372,7 +372,7 @@ readX509Cert( const char *a_pszFile, + goto out; + } + +- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) { ++ if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) { + logError( TOKEN_RSA_KEY_ERROR ); + + X509_free( pX509 ); +@@ -691,8 +691,13 @@ createRsaPubKeyObject( RSA + + int rc = -1; + +- int nLen = BN_num_bytes( a_pRsa->n ); +- int eLen = BN_num_bytes( a_pRsa->e ); ++ const BIGNUM *bn; ++ const BIGNUM *be; ++ ++ RSA_get0_key( a_pRsa, &bn, &be, NULL ); ++ ++ int nLen = BN_num_bytes( bn ); ++ int eLen = BN_num_bytes( be ); + + CK_RV rv; + +@@ -732,8 +737,8 @@ createRsaPubKeyObject( RSA + } + + // Get binary representations of the RSA key information +- BN_bn2bin( a_pRsa->n, n ); +- BN_bn2bin( a_pRsa->e, e ); ++ BN_bn2bin( bn, n ); ++ BN_bn2bin( be, e ); + + // Create the RSA public key object + rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); +@@ -760,14 +765,27 @@ createRsaPrivKeyObject( RSA + + int rc = -1; + +- int nLen = BN_num_bytes( a_pRsa->n ); +- int eLen = BN_num_bytes( a_pRsa->e ); +- int dLen = BN_num_bytes( a_pRsa->d ); +- int pLen = BN_num_bytes( a_pRsa->p ); +- int qLen = BN_num_bytes( a_pRsa->q ); +- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 ); +- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 ); +- int iqmpLen = BN_num_bytes( a_pRsa->iqmp ); ++ const BIGNUM *bn; ++ const BIGNUM *be; ++ const BIGNUM *bd; ++ const BIGNUM *bp; ++ const BIGNUM *bq; ++ const BIGNUM *bdmp1; ++ const BIGNUM *bdmq1; ++ const BIGNUM *biqmp; ++ ++ RSA_get0_key( a_pRsa, &bn, &be, &bd); ++ RSA_get0_factors( a_pRsa, &bp, &bq); ++ RSA_get0_crt_params( a_pRsa, &bdmp1, &bdmq1, &biqmp ); ++ ++ int nLen = BN_num_bytes( bn ); ++ int eLen = BN_num_bytes( be ); ++ int dLen = BN_num_bytes( bd ); ++ int pLen = BN_num_bytes( bp ); ++ int qLen = BN_num_bytes( bq ); ++ int dmp1Len = BN_num_bytes( bdmp1 ); ++ int dmq1Len = BN_num_bytes( bdmq1 ); ++ int iqmpLen = BN_num_bytes( biqmp ); + + CK_RV rv; + +@@ -821,14 +839,14 @@ createRsaPrivKeyObject( RSA + } + + // Get binary representations of the RSA key information +- BN_bn2bin( a_pRsa->n, n ); +- BN_bn2bin( a_pRsa->e, e ); +- BN_bn2bin( a_pRsa->d, d ); +- BN_bn2bin( a_pRsa->p, p ); +- BN_bn2bin( a_pRsa->q, q ); +- BN_bn2bin( a_pRsa->dmp1, dmp1 ); +- BN_bn2bin( a_pRsa->dmq1, dmq1 ); +- BN_bn2bin( a_pRsa->iqmp, iqmp ); ++ BN_bn2bin( bn, n ); ++ BN_bn2bin( be, e ); ++ BN_bn2bin( bd, d ); ++ BN_bn2bin( bp, p ); ++ BN_bn2bin( bq, q ); ++ BN_bn2bin( bdmp1, dmp1 ); ++ BN_bn2bin( bdmq1, dmq1 ); ++ BN_bn2bin( biqmp, iqmp ); + + // Create the RSA private key object + rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch new file mode 100644 index 0000000000..9ae3f72a3e --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch @@ -0,0 +1,18 @@ +Upstream-Status: Pending +Update to build with openssl 1.1.x + +Signed-off-by: Armin Kuster + +Index: git/src/cmds/tpm_extendpcr.c +=================================================================== +--- git.orig/src/cmds/tpm_extendpcr.c ++++ git/src/cmds/tpm_extendpcr.c +@@ -136,7 +136,7 @@ int main(int argc, char **argv) + + unsigned char msg[EVP_MAX_MD_SIZE]; + unsigned int msglen; +- EVP_MD_CTX ctx; ++ EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + EVP_DigestInit(&ctx, EVP_sha1()); + while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) + EVP_DigestUpdate(&ctx, line, lineLen); diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch index ab5e683207..40150af87d 100644 --- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch +++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch @@ -1,8 +1,8 @@ -Index: tpm-tools-1.3.8/include/tpm_tspi.h +Index: git/include/tpm_tspi.h =================================================================== ---- tpm-tools-1.3.8.orig/include/tpm_tspi.h 2011-08-17 08:20:35.000000000 -0400 -+++ tpm-tools-1.3.8/include/tpm_tspi.h 2013-01-05 23:26:31.571598217 -0500 -@@ -117,6 +117,10 @@ +--- git.orig/include/tpm_tspi.h ++++ git/include/tpm_tspi.h +@@ -117,6 +117,10 @@ TSS_RESULT tpmPcrRead(TSS_HTPM a_hTpm, U UINT32 *a_PcrSize, BYTE **a_PcrValue); TSS_RESULT pcrcompositeSetPcrValue(TSS_HPCRS a_hPcrs, UINT32 a_Idx, UINT32 a_PcrSize, BYTE *a_PcrValue); @@ -13,11 +13,11 @@ Index: tpm-tools-1.3.8/include/tpm_tspi.h #ifdef TSS_LIB_IS_12 TSS_RESULT unloadVersionInfo(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v); TSS_RESULT pcrcompositeSetPcrLocality(TSS_HPCRS a_hPcrs, UINT32 localityValue); -Index: tpm-tools-1.3.8/lib/tpm_tspi.c +Index: git/lib/tpm_tspi.c =================================================================== ---- tpm-tools-1.3.8.orig/lib/tpm_tspi.c 2011-08-17 08:20:35.000000000 -0400 -+++ tpm-tools-1.3.8/lib/tpm_tspi.c 2013-01-05 23:27:37.731593490 -0500 -@@ -594,6 +594,20 @@ +--- git.orig/lib/tpm_tspi.c ++++ git/lib/tpm_tspi.c +@@ -594,6 +594,20 @@ pcrcompositeSetPcrValue(TSS_HPCRS a_hPcr return result; } @@ -38,10 +38,10 @@ Index: tpm-tools-1.3.8/lib/tpm_tspi.c #ifdef TSS_LIB_IS_12 /* * These getPasswd functions will wrap calls to the other functions and check to see if the TSS -Index: tpm-tools-1.3.8/src/cmds/Makefile.am +Index: git/src/cmds/Makefile.am =================================================================== ---- tpm-tools-1.3.8.orig/src/cmds/Makefile.am 2011-08-15 13:52:08.000000000 -0400 -+++ tpm-tools-1.3.8/src/cmds/Makefile.am 2013-01-05 23:30:46.223593698 -0500 +--- git.orig/src/cmds/Makefile.am ++++ git/src/cmds/Makefile.am @@ -22,6 +22,7 @@ # @@ -50,16 +50,16 @@ Index: tpm-tools-1.3.8/src/cmds/Makefile.am tpm_unsealdata if TSS_LIB_IS_12 -@@ -33,4 +34,5 @@ - LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi $(top_builddir)/lib/libtpm_unseal.la -ltpm_unseal -lcrypto +@@ -33,4 +34,5 @@ endif + LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi $(top_builddir)/lib/libtpm_unseal.la -ltpm_unseal -lcrypto @INTLLIBS@ tpm_sealdata_SOURCES = tpm_sealdata.c +tpm_extendpcr_SOURCES = tpm_extendpcr.c tpm_unsealdata_SOURCES = tpm_unsealdata.c -Index: tpm-tools-1.3.8/src/cmds/tpm_extendpcr.c +Index: git/src/cmds/tpm_extendpcr.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ tpm-tools-1.3.8/src/cmds/tpm_extendpcr.c 2013-01-05 23:37:43.403585514 -0500 +--- /dev/null ++++ git/src/cmds/tpm_extendpcr.c @@ -0,0 +1,181 @@ +/* + * The Initial Developer of the Original Code is International diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb new file mode 100644 index 0000000000..88ef19f732 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb @@ -0,0 +1,36 @@ +SUMMARY = "The tpm-tools package contains commands to allow the platform administrator the ability to manage and diagnose the platform's TPM." +DESCRIPTION = " \ + The tpm-tools package contains commands to allow the platform administrator \ + the ability to manage and diagnose the platform's TPM. Additionally, the \ + package contains commands to utilize some of the capabilities available \ + in the TPM PKCS#11 interface implemented in the openCryptoki project. \ + " +SECTION = "tpm" +LICENSE = "CPL-1.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9" + +DEPENDS = "libtspi openssl" +DEPENDS_class-native = "trousers-native" + +SRCREV = "bdf9f1bc8f63cd6fc370c2deb58d03ac55079e84" +SRC_URI = " \ + git://git.code.sf.net/p/trousers/tpm-tools \ + file://tpm-tools-extendpcr.patch \ + file://04-fix-FTBFS-clang.patch \ + file://05-openssl1.1_fix_data_mgmt.patch \ + file://openssl1.1_fix.patch \ + " + +inherit autotools-brokensep gettext + +S = "${WORKDIR}/git" + +do_configure_prepend () { + mkdir -p po + mkdir -p m4 + cp -R po_/* po/ + touch po/Makefile.in.in + touch m4/Makefile.am +} + +BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb deleted file mode 100644 index f670bffce5..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb +++ /dev/null @@ -1,35 +0,0 @@ -SUMMARY = "The tpm-tools package contains commands to allow the platform administrator the ability to manage and diagnose the platform's TPM." -DESCRIPTION = " \ - The tpm-tools package contains commands to allow the platform administrator \ - the ability to manage and diagnose the platform's TPM. Additionally, the \ - package contains commands to utilize some of the capabilities available \ - in the TPM PKCS#11 interface implemented in the openCryptoki project. \ - " -SECTION = "tpm" -LICENSE = "CPL-1.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9" - -DEPENDS = "libtspi openssl" -DEPENDS_class-native = "trousers-native" - -SRCREV = "5c5126bedf2da97906358adcfb8c43c86e7dd0ee" -SRC_URI = " \ - git://git.code.sf.net/p/trousers/tpm-tools \ - file://tpm-tools-extendpcr.patch \ - " - -PV = "1.3.9.1+git${SRCPV}" - -inherit autotools-brokensep gettext - -S = "${WORKDIR}/git" - -do_configure_prepend () { - mkdir -p po - mkdir -p m4 - cp -R po_/* po/ - touch po/Makefile.in.in - touch m4/Makefile.am -} - -BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb b/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb deleted file mode 100644 index a5d6843b98..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb +++ /dev/null @@ -1,54 +0,0 @@ -SUMMARY = "TPM2 Access Broker & Resource Manager" -DESCRIPTION = "This is a system daemon implementing the TPM2 access \ -broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) \ -is implemented using Glib and the GObject system. In this documentation and \ -in the code we use `tpm2-abrmd` and `tabrmd` interchangeably. \ -" -SECTION = "security/tpm" - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" - -DEPENDS += "autoconf-archive dbus glib-2.0 pkgconfig tpm2.0-tss glib-2.0-native" - -SRC_URI = "\ - git://github.com/01org/tpm2-abrmd.git \ - file://tpm2-abrmd-init.sh \ - file://tpm2-abrmd.default \ -" -SRCREV = "59ce1008e5fa3bd5a143437b0f7390851fd25bd8" - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig systemd update-rc.d useradd - -SYSTEMD_PACKAGES += "${PN}" -SYSTEMD_SERVICE_${PN} = "tpm2-abrmd.service" -SYSTEMD_AUTO_ENABLE_${PN} = "disable" - -INITSCRIPT_NAME = "${PN}" -INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "tss" -USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" - -PACKAGECONFIG ?="udev" -PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" - -PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" -PACKAGECONFIG[udev] = "--with-udevrulesdir=${sysconfdir}/udev/rules.d, --without-udevrulesdir" - -do_install_append() { - install -d "${D}${sysconfdir}/init.d" - install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" - - install -d "${D}${sysconfdir}/default" - install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" -} - -FILES_${PN} += "${libdir}/systemd/system-preset" - -RDEPENDS_${PN} += "libgcc dbus-glib libtss2 libtctidevice libtctisocket" - -BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb b/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb new file mode 100644 index 0000000000..63473790db --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb @@ -0,0 +1,54 @@ +SUMMARY = "TPM2 Access Broker & Resource Manager" +DESCRIPTION = "This is a system daemon implementing the TPM2 access \ +broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) \ +is implemented using Glib and the GObject system. In this documentation and \ +in the code we use `tpm2-abrmd` and `tabrmd` interchangeably. \ +" +SECTION = "security/tpm" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" + +DEPENDS = "autoconf-archive dbus glib-2.0 tpm2.0-tss glib-2.0-native \ + libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim" + + +SRC_URI = "\ + git://github.com/01org/tpm2-abrmd.git \ + file://tpm2-abrmd-init.sh \ + file://tpm2-abrmd.default \ +" +SRCREV = "d0120ace58d97bc9520c0d558657eaca87ae73b1" + +S = "${WORKDIR}/git" + +inherit autotools pkgconfig systemd update-rc.d useradd + +SYSTEMD_PACKAGES += "${PN}" +SYSTEMD_SERVICE_${PN} = "tpm2-abrmd.service" +SYSTEMD_AUTO_ENABLE_${PN} = "disable" + +INITSCRIPT_NAME = "${PN}" +INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "tss" +USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" + +PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" +PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" + +do_install_append() { + install -d "${D}${sysconfdir}/init.d" + install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" + + install -d "${D}${sysconfdir}/default" + install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" +} + +FILES_${PN} += "${libdir}/systemd/system-preset \ + ${datadir}/dbus-1" + +RDEPENDS_${PN} += "tpm2.0-tss" + +BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb new file mode 100644 index 0000000000..3f40eb70e7 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb @@ -0,0 +1,15 @@ +SUMMARY = "Tools for TPM2." +DESCRIPTION = "tpm2.0-tools" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819" +SECTION = "tpm" + +DEPENDS = "pkgconfig tpm2.0-tss openssl curl autoconf-archive" + +SRCREV = "5e2f1aafc58e60c5050f85147a14914561f28ad9" + +SRC_URI = "git://github.com/01org/tpm2.0-tools.git;name=tpm2.0-tools;destsuffix=tpm2.0-tools;branch=3.X" + +S = "${WORKDIR}/tpm2.0-tools" + +inherit autotools pkgconfig diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb deleted file mode 100644 index 7ec12fc731..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb +++ /dev/null @@ -1,18 +0,0 @@ -SUMMARY = "Tools for TPM2." -DESCRIPTION = "tpm2.0-tools" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819" -SECTION = "tpm" - -DEPENDS = "pkgconfig tpm2.0-tss openssl curl autoconf-archive" - -# July 10, 2017 -SRCREV = "26c0557040c1cf8107fa3ebbcf2a5b07cc84b881" - -SRC_URI = "git://github.com/01org/tpm2.0-tools.git;name=tpm2.0-tools;destsuffix=tpm2.0-tools" - -S = "${WORKDIR}/tpm2.0-tools" - -PV = "2.0.0+git${SRCPV}" - -inherit autotools pkgconfig diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb deleted file mode 100644 index b673c2bfdb..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb +++ /dev/null @@ -1,99 +0,0 @@ -SUMMARY = "Software stack for TPM2." -DESCRIPTION = "tpm2.0-tss like woah." -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" -SECTION = "tpm" - -DEPENDS = "autoconf-archive pkgconfig" - -SRCREV = "b1d9ece8c6bea2e3043943b2edfaebcdca330c38" - -SRC_URI = " \ - git://github.com/tpm2-software/tpm2-tss.git;branch=1.x \ - file://ax_pthread.m4 \ -" - -inherit autotools pkgconfig systemd - -S = "${WORKDIR}/git" - -do_configure_prepend () { - mkdir -p ${S}/m4 - cp ${WORKDIR}/ax_pthread.m4 ${S}/m4 - # execute the bootstrap script - currentdir=$(pwd) - cd ${S} - ACLOCAL="aclocal --system-acdir=${STAGING_DATADIR}/aclocal" ./bootstrap - cd $currentdir -} - -INHERIT += "extrausers" -EXTRA_USERS_PARAMS = "\ - useradd -p '' tss; \ - groupadd tss; \ - " - -SYSTEMD_PACKAGES = "resourcemgr" -SYSTEMD_SERVICE_resourcemgr = "resourcemgr.service" -SYSTEMD_AUTO_ENABLE_resourcemgr = "enable" - -do_patch[postfuncs] += "${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','fix_systemd_unit','', d)}" -fix_systemd_unit () { - sed -i -e 's;^ExecStart=.*/resourcemgr;ExecStart=${sbindir}/resourcemgr;' ${S}/contrib/resourcemgr.service -} - -do_install_append() { - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}${systemd_system_unitdir} - install -m0644 ${S}/contrib/resourcemgr.service ${D}${systemd_system_unitdir}/resourcemgr.service - fi -} - -PROVIDES = "${PACKAGES}" -PACKAGES = " \ - ${PN}-dbg \ - ${PN}-doc \ - libtss2 \ - libtss2-dev \ - libtss2-staticdev \ - libtctidevice \ - libtctidevice-dev \ - libtctidevice-staticdev \ - libtctisocket \ - libtctisocket-dev \ - libtctisocket-staticdev \ - resourcemgr \ -" - -FILES_libtss2 = " \ - ${libdir}/libsapi.so.0.0.0 \ - ${libdir}/libmarshal.so.0.0.0 \ -" -FILES_libtss2-dev = " \ - ${includedir}/sapi \ - ${includedir}/tcti/common.h \ - ${libdir}/libsapi.so* \ - ${libdir}/libmarshal.so* \ - ${libdir}/pkgconfig/sapi.pc \ -" -FILES_libtss2-staticdev = " \ - ${libdir}/libsapi.a \ - ${libdir}/libsapi.la \ - ${libdir}/libmarshal.a \ - ${libdir}/libmarshal.la \ -" -FILES_libtctidevice = "${libdir}/libtcti-device.so.0.0.0" -FILES_libtctidevice-dev = " \ - ${includedir}/tcti/tcti_device.h \ - ${libdir}/libtcti-device.so* \ - ${libdir}/pkgconfig/tcti-device.pc \ -" -FILES_libtctidevice-staticdev = "${libdir}/libtcti-device.*a" -FILES_libtctisocket = "${libdir}/libtcti-socket.so.0.0.0" -FILES_libtctisocket-dev = " \ - ${includedir}/tcti/tcti_socket.h \ - ${libdir}/libtcti-socket.so* \ - ${libdir}/pkgconfig/tcti-socket.pc \ -" -FILES_libtctisocket-staticdev = "${libdir}/libtcti-socket.*a" -FILES_resourcemgr = "${sbindir}/resourcemgr ${systemd_system_unitdir}/resourcemgr.service" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb new file mode 100644 index 0000000000..9d1ff72f39 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb @@ -0,0 +1,74 @@ +SUMMARY = "Software stack for TPM2." +DESCRIPTION = "tpm2.0-tss like woah." +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=0b1d631c4218b72f6b05cb58613606f4" +SECTION = "tpm" + +DEPENDS = "autoconf-archive-native libgcrypt" + +SRCREV = "dc31e8dca9dbc77d16e419dc514ce8c526cd3351" + +SRC_URI = "git://github.com/tpm2-software/tpm2-tss.git;branch=2.0.x" + +inherit autotools-brokensep pkgconfig systemd + +S = "${WORKDIR}/git" + +do_configure_prepend () { + ./bootstrap +} + +INHERIT += "extrausers" +EXTRA_USERS_PARAMS = "\ + useradd -p '' tss; \ + groupadd tss; \ + " + +PROVIDES = "${PACKAGES}" +PACKAGES = " \ + ${PN} \ + ${PN}-dbg \ + ${PN}-doc \ + libtss2-mu \ + libtss2-mu-dev \ + libtss2-mu-staticdev \ + libtss2-tcti-device \ + libtss2-tcti-device-dev \ + libtss2-tcti-device-staticdev \ + libtss2-tcti-mssim \ + libtss2-tcti-mssim-dev \ + libtss2-tcti-mssim-staticdev \ + libtss2 \ + libtss2-dev \ + libtss2-staticdev \ +" + +FILES_libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" +FILES_libtss2-tcti-device-dev = " \ + ${includedir}/tss2/tss2_tcti_device.h \ + ${libdir}/pkgconfig/tss2-tcti-device.pc \ + ${libdir}/libtss2-tcti-device.so" +FILES_libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" + +FILES_libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" +FILES_libtss2-tcti-mssim-dev = " \ + ${includedir}/tss2/tss2_tcti_mssim.h \ + ${libdir}/pkgconfig/tss2-tcti-mssim.pc \ + ${libdir}/libtss2-tcti-mssim.so" +FILES_libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" + +FILES_libtss2-mu = "${libdir}/libtss2-mu.so.*" +FILES_libtss2-mu-dev = " \ + ${includedir}/tss2/tss2_mu.h \ + ${libdir}/pkgconfig/tss2-mu.pc \ + ${libdir}/libtss2-mu.so" +FILES_libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" + +FILES_libtss2 = "${libdir}/libtss2*so.*" +FILES_libtss2-dev = " \ + ${includedir} \ + ${libdir}/pkgconfig \ + ${libdir}/libtss2*so" +FILES_libtss2-staticdev = "${libdir}/libtss*a" + +FILES_${PN} = "${libdir}/udev" diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator-native_138.bb b/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator-native_138.bb deleted file mode 100644 index 866791c291..0000000000 --- a/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator-native_138.bb +++ /dev/null @@ -1,22 +0,0 @@ -SUMMARY = "TPM 2.0 Simulator Extraction Script" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=1415f7be284540b81d9d28c67c1a6b8b" - -DEPENDS = "python" - -SRCREV = "e45324eba268723d39856111e7933c5c76238481" -SRC_URI = "git://github.com/stwagnr/tpm2simulator.git" - -S = "${WORKDIR}/git" -OECMAKE_SOURCEPATH = "${S}/cmake" - -inherit native lib_package cmake - -EXTRA_OECMAKE = " \ - -DCMAKE_BUILD_TYPE=Debug \ - -DSPEC_VERSION=138 \ -" - -do_configure_prepend () { - sed -i 's/^SET = False/SET = True/' ${S}/scripts/settings.py -} diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb b/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb new file mode 100644 index 0000000000..866791c291 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb @@ -0,0 +1,22 @@ +SUMMARY = "TPM 2.0 Simulator Extraction Script" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=1415f7be284540b81d9d28c67c1a6b8b" + +DEPENDS = "python" + +SRCREV = "e45324eba268723d39856111e7933c5c76238481" +SRC_URI = "git://github.com/stwagnr/tpm2simulator.git" + +S = "${WORKDIR}/git" +OECMAKE_SOURCEPATH = "${S}/cmake" + +inherit native lib_package cmake + +EXTRA_OECMAKE = " \ + -DCMAKE_BUILD_TYPE=Debug \ + -DSPEC_VERSION=138 \ +" + +do_configure_prepend () { + sed -i 's/^SET = False/SET = True/' ${S}/scripts/settings.py +} -- cgit v1.2.3