From 9347dd4efc156c93b1d9beaeb32e9b719ad6a3d2 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 3 Mar 2023 12:38:41 -0600 Subject: subtree updates: raspberrypi security arm MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit meta-raspberrypi: e43af1e3a6..e15b876155: Florian Frank (1): linux-firmware-rpidistro: Fix wireless on model 3B and Zero W Khem Raj (1): linux-raspberrypi_5.15.bb: Upgrade to 5.15.92 Martin Jansa (1): gstreamer1.0-plugins-good: rename bbappend, drop version meta-arm: dc10b73cc5..eb9c47a4e1: Gowtham Suresh Kumar (6): arm/edk2-basetools: Add edk2 base tool native recipe arm-bsp/uefi_capsule: Add UEFI capsule generation class arm-bsp/corstone1000-image: Generate UEFI capsule for corstone1000 platform arm/edk2-basetools: Convert edk2 basetools recipes to native only arm-bsp/uefi_capsule: Use json file to pass capsule config arm/uefi_capsule: Move UEFI capsule to IMGDEPLOYDIR Jon Mason (5): arm/boot-wrapper-aarch64: update to a newer SHA arm/gn: update to a more recent SHA arm/opencsd: update to v1.4.0 arm/trusted-firmware-a: update version and relocate fiptool arm/sbsa-acs: update to v6.1.0 Mohamed Omar Asaker (5): arm-bsp/trusted-services: corstone1000:Align psa crypto client with TF-Mv1.7 arm-bsp/trusted-services:corstone1000: disable obsolete algorithms for crypto arm-bsp/trusted-services: corstone1000: Disable SHA512/384 arm-bsp/trusted-firmware-m:corstone1000: Increase number of assets arm-bsp/trusted-firmware-m:corstone1000: Set SPM backend to IPC Peter Hoyes (11): arm,arm-bsp/classes: Move wic_nopt to meta-arm arm-bsp/classes: Use :append to add to IMAGE_TYPES in wic_nopt CI: Factor out CACHE_DIR to improve mirror configurability CI: Collect testimage logs on failure arm/trusted-firmware-m: Synchronize with 1.7.0 release arm/classes: Factor out image signing arguments in tfm_image_sign arm/trusted-firmware-m: Create common inc file for src definitions arm/trusted-firmware-m: Create inc file for common config arm/trusted-firmware-m-scripts: Create inc file for common config arm/classes: Add sstate support to tfm_sign_images CI: Add BUILD_ENABLE_REGEX option to conditionally enable builds Ross Burton (8): arm-bsp/external-system: fix the gen_module race, again arm-bsp/linux-yocto: add 5.19 kernel recipe for N1SDP arm/linux-yocto: remove obsolete 5.19 bbappend arm/trusted-firmware-m: Do not use release branches arm/boot-wrapper-aarch64: tell upgrade checker to look for new SHAs CI/machine-summary: add missing recipes arm-toolchain/gcc-arm: add missing Signed-off-by tag arm/optee-os: add missing patch header meta-security: 3529cfb43e..c06b9a18a6: Maciej Borzęcki (1): dm-verity-img.bbclass: add squashfs images Petr Gotthard (4): tpm2-tss: upgrade 3.2.0 -> 4.0.1 tpm2-tools: upgrade 5.3 -> 5.5 tpm2-pkcs11: upgrade 1.8.0 -> 1.9.0 tpm2-abrmd: upgrade 2.4.1 -> 3.0.0 Signed-off-by: Andrew Geissler Change-Id: I0e1629b2f70ad1e5f7b97f5ae6d768bde101cc6f --- meta-security/classes/dm-verity-img.bbclass | 7 +- .../recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb | 54 ------------ .../recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb | 54 ++++++++++++ .../recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb | 52 ------------ .../recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb | 47 +++++++++++ .../recipes-tpm2/tpm2-tools/tpm2-tools_5.3.bb | 23 ----- .../recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb | 18 ++++ .../tpm2-tss/tpm2-tss/fixup_hosttools.patch | 10 +-- .../recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb | 97 ---------------------- .../recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb | 93 +++++++++++++++++++++ 10 files changed, 223 insertions(+), 232 deletions(-) delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.3.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb delete mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb create mode 100644 meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb (limited to 'meta-security') diff --git a/meta-security/classes/dm-verity-img.bbclass b/meta-security/classes/dm-verity-img.bbclass index dd447e661f..e5946bc327 100644 --- a/meta-security/classes/dm-verity-img.bbclass +++ b/meta-security/classes/dm-verity-img.bbclass @@ -63,7 +63,12 @@ verity_setup() { veritysetup --data-block-size=${DM_VERITY_IMAGE_DATA_BLOCK_SIZE} --hash-offset=$SIZE format $OUTPUT $OUTPUT | tail -n +2 | process_verity } -VERITY_TYPES = "ext2.verity ext3.verity ext4.verity btrfs.verity erofs.verity erofs-lz4.verity erofs-lz4hc.verity" +VERITY_TYPES = " \ + ext2.verity ext3.verity ext4.verity \ + btrfs.verity \ + erofs.verity erofs-lz4.verity erofs-lz4hc.verity \ + squashfs.verity squashfs-xz.verity squashfs-lzo.verity squashfs-lz4.verity squashfs-zst.verity \ +" IMAGE_TYPES += "${VERITY_TYPES}" CONVERSIONTYPES += "verity" CONVERSION_CMD:verity = "verity_setup ${type}" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb deleted file mode 100644 index 75e958841d..0000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.4.1.bb +++ /dev/null @@ -1,54 +0,0 @@ -SUMMARY = "TPM2 Access Broker & Resource Manager" -DESCRIPTION = "This is a system daemon implementing the TPM2 access \ -broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) \ -is implemented using Glib and the GObject system. In this documentation and \ -in the code we use `tpm2-abrmd` and `tabrmd` interchangeably. \ -" -SECTION = "security/tpm" - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" - -DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \ - libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim" - -SRC_URI = "\ - https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \ - file://tpm2-abrmd-init.sh \ - file://tpm2-abrmd.default \ -" - -SRC_URI[sha256sum] = "a7844a257eaf5176f612fe9620018edc0880cca7036465ad2593f83ae0ad6673" - -UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" - -inherit autotools pkgconfig systemd update-rc.d useradd - -SYSTEMD_PACKAGES += "${PN}" -SYSTEMD_SERVICE:${PN} = "tpm2-abrmd.service" -SYSTEMD_AUTO_ENABLE:${PN} = "disable" - -INITSCRIPT_NAME = "${PN}" -INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM:${PN} = "tss" -USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" - -PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" -PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" - -do_install:append() { - install -d "${D}${sysconfdir}/init.d" - install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" - - install -d "${D}${sysconfdir}/default" - install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" -} - -FILES:${PN} += "${libdir}/systemd/system-preset \ - ${datadir}/dbus-1" - -RDEPENDS:${PN} += "tpm2-tss" - -BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb new file mode 100644 index 0000000000..ea2433c9fb --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb @@ -0,0 +1,54 @@ +SUMMARY = "TPM2 Access Broker & Resource Manager" +DESCRIPTION = "This is a system daemon implementing the TPM2 access \ +broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) \ +is implemented using Glib and the GObject system. In this documentation and \ +in the code we use `tpm2-abrmd` and `tabrmd` interchangeably. \ +" +SECTION = "security/tpm" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" + +DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \ + libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim" + +SRC_URI = "\ + https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \ + file://tpm2-abrmd-init.sh \ + file://tpm2-abrmd.default \ +" + +SRC_URI[sha256sum] = "d59aff34164aa705b05155b86607f6b66918a433104f754a3fcf76216dd9f465" + +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + +inherit autotools pkgconfig systemd update-rc.d useradd + +SYSTEMD_PACKAGES += "${PN}" +SYSTEMD_SERVICE:${PN} = "tpm2-abrmd.service" +SYSTEMD_AUTO_ENABLE:${PN} = "disable" + +INITSCRIPT_NAME = "${PN}" +INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "tss" +USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" + +PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" +PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" + +do_install:append() { + install -d "${D}${sysconfdir}/init.d" + install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" + + install -d "${D}${sysconfdir}/default" + install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" +} + +FILES:${PN} += "${libdir}/systemd/system-preset \ + ${datadir}/dbus-1" + +RDEPENDS:${PN} += "tpm2-tss" + +BBCLASSEXTEND = "native" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb deleted file mode 100644 index 38847a804c..0000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb +++ /dev/null @@ -1,52 +0,0 @@ -SUMMARY = "A PKCS#11 interface for TPM2 hardware" -DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token." -SECTION = "security/tpm" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab" - -DEPENDS = "autoconf-archive pkgconfig sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native" - -SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" - -SRC_URI[sha256sum] = "79f28899047defd6b4b72b7268dd56abf27774954022315f818c239af33e05bd" - -UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" - -inherit autotools-brokensep pkgconfig python3native - -EXTRA_OECONF += "--disable-ptool-checks" - -do_configure:prepend() { - # do not extract the version number from git - sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac -} - -do_compile:append() { - cd ${S}/tools - python3 setup.py build -} - -do_install:append() { - cd ${S}/tools - export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}" - ${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build - - sed -i -e "s:${PYTHON}:${USRBINPATH}/env ${PYTHON_PN}:g" "${D}${bindir}"/tpm2_ptool -} - -PACKAGES =+ "${PN}-tools" - -FILES:${PN}-tools = "\ - ${bindir}/tpm2_ptool \ - ${libdir}/${PYTHON_DIR}/* \ - " - -FILES:${PN} += "\ - ${libdir}/pkcs11/* \ - ${datadir}/p11-kit/* \ - " - -INSANE_SKIP:${PN} += "dev-so" - -RDEPENDS:${PN} = "p11-kit tpm2-tools " -RDEPENDS:${PN}-tools = "${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb new file mode 100644 index 0000000000..e0def0f704 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb @@ -0,0 +1,47 @@ +SUMMARY = "A PKCS#11 interface for TPM2 hardware" +DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token." +SECTION = "security/tpm" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab" + +DEPENDS = "autoconf-archive pkgconfig sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" + +SRC_URI[sha256sum] = "35bf06c30cfa76fc0eba2c5f503cf7dd0d34a66afb2d292fee896b90362f633b" + +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + +inherit autotools-brokensep pkgconfig python3native + +EXTRA_OECONF += "--disable-ptool-checks" + +do_compile:append() { + cd ${S}/tools + python3 setup.py build +} + +do_install:append() { + cd ${S}/tools + export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}" + ${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build + + sed -i -e "s:${PYTHON}:${USRBINPATH}/env ${PYTHON_PN}:g" "${D}${bindir}"/tpm2_ptool +} + +PACKAGES =+ "${PN}-tools" + +FILES:${PN}-tools = "\ + ${bindir}/tpm2_ptool \ + ${libdir}/${PYTHON_DIR}/* \ + " + +FILES:${PN} += "\ + ${libdir}/pkcs11/* \ + ${datadir}/p11-kit/* \ + " + +INSANE_SKIP:${PN} += "dev-so" + +RDEPENDS:${PN} = "p11-kit tpm2-tools " +RDEPENDS:${PN}-tools = "${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.3.bb deleted file mode 100644 index 53d5abb07e..0000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.3.bb +++ /dev/null @@ -1,23 +0,0 @@ -SUMMARY = "Tools for TPM2." -DESCRIPTION = "tpm2-tools" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=a846608d090aa64494c45fc147cc12e3" -SECTION = "tpm" - -DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive" - -SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" - -SRC_URI[sha256sum] = "e7ce2fd36ef5cdbd7872d823a442e8754a4f0ca7c54b60efcdb75c12a1f98f8f" - -UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" - -inherit autotools pkgconfig bash-completion - -do_configure:prepend() { - # do not extract the version number from git - sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac -} - -# need tss-esys -RDEPENDS:${PN} = "libtss2 tpm2-abrmd" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb new file mode 100644 index 0000000000..ef73238927 --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb @@ -0,0 +1,18 @@ +SUMMARY = "Tools for TPM2." +DESCRIPTION = "tpm2-tools" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=a846608d090aa64494c45fc147cc12e3" +SECTION = "tpm" + +DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" + +SRC_URI[sha256sum] = "1fdb49c730537bfdaed088884881a61e3bfd121e957ec0bdceeec0261236c123" + +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + +inherit autotools pkgconfig bash-completion + +# need tss-esys +RDEPENDS:${PN} = "libtss2 tpm2-abrmd" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch index 450698ff64..04a29644c1 100644 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch @@ -5,16 +5,16 @@ Not appropriate for cross build env. Upstream-Status: OE [inappropriate] Signed-off-by: Armin Kuster -Index: tpm2-tss-3.2.0/configure.ac +Index: tpm2-tss-4.0.1/configure.ac =================================================================== ---- tpm2-tss-3.2.0.orig/configure.ac -+++ tpm2-tss-3.2.0/configure.ac -@@ -488,17 +488,6 @@ +--- tpm2-tss-4.0.1.orig/configure.ac ++++ tpm2-tss-4.0.1/configure.ac +@@ -554,17 +554,6 @@ AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes") AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes) AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes") -# Check all tools used by make install --AS_IF([test "$HOSTOS" = "Linux"], +-AS_IF([test "$HOSTOS" = "Linux" && test "x$systemd_sysusers" != "xyes"], - [ AC_CHECK_PROG(useradd, useradd, yes) - AC_CHECK_PROG(groupadd, groupadd, yes) - AC_CHECK_PROG(adduser, adduser, yes) diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb deleted file mode 100644 index 1556273171..0000000000 --- a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.2.0.bb +++ /dev/null @@ -1,97 +0,0 @@ -SUMMARY = "Software stack for TPM2." -DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) " -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" -SECTION = "tpm" - -DEPENDS = "autoconf-archive-native libgcrypt openssl" - -SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \ - file://fixup_hosttools.patch \ - " - -SRC_URI[sha256sum] = "48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912" - -UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" - -inherit autotools pkgconfig systemd useradd - -PACKAGECONFIG ??= "" -PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " -PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,curl json-c " - -EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/" -EXTRA_OECONF += "--runstatedir=/run" -EXTRA_OECONF:remove = " --disable-static" - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM:${PN} = "--system tss" -USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" - -do_configure:prepend() { - # do not extract the version number from git - sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac -} - -do_install:append() { - # Remove /run as it is created on startup - rm -rf ${D}/run -} - -PROVIDES = "${PACKAGES}" -PACKAGES = " \ - ${PN} \ - ${PN}-dbg \ - ${PN}-doc \ - libtss2-mu \ - libtss2-mu-dev \ - libtss2-mu-staticdev \ - libtss2-tcti-device \ - libtss2-tcti-device-dev \ - libtss2-tcti-device-staticdev \ - libtss2-tcti-mssim \ - libtss2-tcti-mssim-dev \ - libtss2-tcti-mssim-staticdev \ - libtss2 \ - libtss2-dev \ - libtss2-staticdev \ -" - -FILES:libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" -FILES:libtss2-tcti-device-dev = " \ - ${includedir}/tss2/tss2_tcti_device.h \ - ${libdir}/pkgconfig/tss2-tcti-device.pc \ - ${libdir}/libtss2-tcti-device.so" -FILES:libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" - -FILES:libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" -FILES:libtss2-tcti-mssim-dev = " \ - ${includedir}/tss2/tss2_tcti_mssim.h \ - ${libdir}/pkgconfig/tss2-tcti-mssim.pc \ - ${libdir}/libtss2-tcti-mssim.so" -FILES:libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" - -FILES:libtss2-mu = "${libdir}/libtss2-mu.so.*" -FILES:libtss2-mu-dev = " \ - ${includedir}/tss2/tss2_mu.h \ - ${libdir}/pkgconfig/tss2-mu.pc \ - ${libdir}/libtss2-mu.so" -FILES:libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" - -FILES:libtss2 = "${libdir}/libtss2*so.*" -FILES:libtss2-dev = " \ - ${includedir} \ - ${libdir}/pkgconfig \ - ${libdir}/libtss2*so" -FILES:libtss2-staticdev = "${libdir}/libtss*a" - -FILES:${PN} = "\ - ${libdir}/udev \ - /var/lib/tpm2-tss \ - /var/run \ - ${nonarch_base_libdir}/udev \ - ${sysconfdir}/tmpfiles.d \ - ${sysconfdir}/tpm2-tss \ - ${sysconfdir}/sysusers.d" - -RDEPENDS:libtss2 = "libgcrypt" diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb new file mode 100644 index 0000000000..657a2cd94c --- /dev/null +++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb @@ -0,0 +1,93 @@ +SUMMARY = "Software stack for TPM2." +DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) " +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" +SECTION = "tpm" + +DEPENDS = "autoconf-archive-native libgcrypt openssl" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \ + file://fixup_hosttools.patch \ + " + +SRC_URI[sha256sum] = "532a70133910b6bd842289915b3f9423c0205c0ea009d65294ca18a74087c950" + +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + +inherit autotools pkgconfig systemd useradd + +PACKAGECONFIG ??= "vendor" +PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " +PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,curl json-c util-linux-libuuid " +PACKAGECONFIG[policy] = "--enable-policy,--disable-policy,json-c util-linux-libuuid " + +EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/" +EXTRA_OECONF += "--runstatedir=/run" +EXTRA_OECONF:remove = " --disable-static" + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system tss" +USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" + +do_install:append() { + # Remove /run as it is created on startup + rm -rf ${D}/run +} + +PROVIDES = "${PACKAGES}" +PACKAGES = " \ + ${PN} \ + ${PN}-dbg \ + ${PN}-doc \ + libtss2-mu \ + libtss2-mu-dev \ + libtss2-mu-staticdev \ + libtss2-tcti-device \ + libtss2-tcti-device-dev \ + libtss2-tcti-device-staticdev \ + libtss2-tcti-mssim \ + libtss2-tcti-mssim-dev \ + libtss2-tcti-mssim-staticdev \ + libtss2 \ + libtss2-dev \ + libtss2-staticdev \ +" + +FILES:libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" +FILES:libtss2-tcti-device-dev = " \ + ${includedir}/tss2/tss2_tcti_device.h \ + ${libdir}/pkgconfig/tss2-tcti-device.pc \ + ${libdir}/libtss2-tcti-device.so" +FILES:libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" + +FILES:libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" +FILES:libtss2-tcti-mssim-dev = " \ + ${includedir}/tss2/tss2_tcti_mssim.h \ + ${libdir}/pkgconfig/tss2-tcti-mssim.pc \ + ${libdir}/libtss2-tcti-mssim.so" +FILES:libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" + +FILES:libtss2-mu = "${libdir}/libtss2-mu.so.*" +FILES:libtss2-mu-dev = " \ + ${includedir}/tss2/tss2_mu.h \ + ${libdir}/pkgconfig/tss2-mu.pc \ + ${libdir}/libtss2-mu.so" +FILES:libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" + +FILES:libtss2 = "${libdir}/libtss2*so.*" +FILES:libtss2-dev = " \ + ${includedir} \ + ${libdir}/pkgconfig \ + ${libdir}/libtss2*so" +FILES:libtss2-staticdev = "${libdir}/libtss*a" + +FILES:${PN} = "\ + ${libdir}/udev \ + /var/lib/tpm2-tss \ + /var/run \ + ${nonarch_base_libdir}/udev \ + ${sysconfdir}/tmpfiles.d \ + ${sysconfdir}/tpm2-tss \ + ${sysconfdir}/sysusers.d" + +RDEPENDS:libtss2 = "libgcrypt" -- cgit v1.2.3