diff options
Diffstat (limited to 'meta-tpm')
75 files changed, 809 insertions, 1183 deletions
diff --git a/meta-tpm/README b/meta-tpm/README.md index dd662b3..983c753 100644 --- a/meta-tpm/README +++ b/meta-tpm/README.md @@ -1,6 +1,25 @@ meta-tpm layer ============== +The bbappend files for some recipes (e.g. linux-yocto) in this layer need +to have 'tpm' in DISTRO_FEATURES to have effect. +To enable them, add in configuration file the following line. + + DISTRO_FEATURES:append = " tpm" + +If meta-tpm is included, but tpm is not enabled as a +distro feature a warning is printed at parse time: + + You have included the meta-tpm layer, but + 'tpm' has not been enabled in your DISTRO_FEATURES. Some bbappend files + and preferred version setting may not take effect. + +If you know what you are doing, this warning can be disabled by setting the following +variable in your configuration: + + SKIP_META_TPM_SANITY_CHECK = 1 + + This layer contains base TPM recipes. Dependencies @@ -38,14 +57,14 @@ other layers needed. e.g.: Maintenance ----------- -Send pull requests, patches, comments or questions to yocto@yoctoproject.org +Send pull requests, patches, comments or questions to yocto-patches@lists.yoctoproject.org When sending single patches, please using something like: -'git send-email -1 --to yocto@yoctoproject.org --subject-prefix=meta-security][PATCH' +'git send-email -1 --to yocto-patches@lists.yoctoproject.org --subject-prefix=meta-security][PATCH' These values can be set as defaults for this repository: -$ git config sendemail.to yocto@yoctoproject.org +$ git config sendemail.to yocto-patches@lists.yoctoproject.org $ git config format.subjectPrefix meta-security][PATCH Now you can just do 'git send-email origin/master' to send all local patches. diff --git a/meta-tpm/classes/sanity-meta-tpm.bbclass b/meta-tpm/classes/sanity-meta-tpm.bbclass new file mode 100644 index 0000000..1ab03c8 --- /dev/null +++ b/meta-tpm/classes/sanity-meta-tpm.bbclass @@ -0,0 +1,12 @@ +addhandler tpm_machinecheck +tpm_machinecheck[eventmask] = "bb.event.SanityCheck" +python tpm_machinecheck() { + skip_check = e.data.getVar('SKIP_META_TPM_SANITY_CHECK') == "1" + if 'tpm' not in e.data.getVar('DISTRO_FEATURES').split() and \ + 'tpm2' not in e.data.getVar('DISTRO_FEATURES').split() and \ + not skip_check: + bb.warn("You have included the meta-tpm layer, but \ +'tpm or tpm2' has not been enabled in your DISTRO_FEATURES. Some bbappend files \ +and preferred version setting may not take effect. See the meta-tpm README \ +for details on enabling tpm support.") +} diff --git a/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc b/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc new file mode 100644 index 0000000..e7b216d --- /dev/null +++ b/meta-tpm/conf/distro/include/maintainers-meta-tpm.inc @@ -0,0 +1,38 @@ +# meta-tpm Maintainers File +# +# This file contains a list of recipe maintainers. +# +# Please submit any patches against recipes in meta to the +# Yocto mail list (yocto@yoctoproject.org) +# +# If you have problems with or questions about a particular recipe, feel +# free to contact the maintainer directly (cc:ing the appropriate mailing list +# puts it in the archive and helps other people who might have the same +# questions in the future), but please try to do the following first: +# +# - look in the Yocto Project Bugzilla +# (http://bugzilla.yoctoproject.org/) to see if a problem has +# already been reported +# +# The format is as a bitbake variable override for each recipe +# +# RECIPE_MAINTAINER:pn-<recipe name> = "Full Name <address@domain>" +# +# Please keep this list in alphabetical order. +RECIPE_MAINTAINER:pn-aircrack-ng = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-pcr-extend = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-tpm-quote-tools = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-libtpm = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-trousers = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-swtpm = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-openssl-tpm-engine = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-tpm-tools = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-tpm2-abrmd = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-tpm2-totp = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-tpm2-tcti-uefi = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-tpm2-tss-engine = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-tpm2-pkcs11 = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-tpm2-tss = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-tpm2-tools = "Armin Kuster <akuster808@gmail.com>" +RECIPE_MAINTAINER:pn-ibmswtpm2 = "Armin Kuster <akuster808@gmail.com>" + diff --git a/meta-tpm/conf/distro/include/maintainers.inc b/meta-tpm/conf/distro/include/maintainers.inc deleted file mode 100644 index 74c1a18..0000000 --- a/meta-tpm/conf/distro/include/maintainers.inc +++ /dev/null @@ -1,39 +0,0 @@ -# meta-tpm Maintainers File -# -# This file contains a list of recipe maintainers. -# -# Please submit any patches against recipes in meta to the -# Yocto mail list (yocto@yoctoproject.org) -# -# If you have problems with or questions about a particular recipe, feel -# free to contact the maintainer directly (cc:ing the appropriate mailing list -# puts it in the archive and helps other people who might have the same -# questions in the future), but please try to do the following first: -# -# - look in the Yocto Project Bugzilla -# (http://bugzilla.yoctoproject.org/) to see if a problem has -# already been reported -# -# The format is as a bitbake variable override for each recipe -# -# RECIPE_MAINTAINER_pn-<recipe name> = "Full Name <address@domain>" -# -# Please keep this list in alphabetical order. -RECIPE_MAINTAINER_pn-aircrack-ng = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-pcr-extend = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-tpm-quote-tools = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-libtpm = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-trousers = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-swtpm = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-openssl-tpm-engine = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-tpm-tools = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-tpm2-abrmd = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-tpm2-totp = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-tpm2-tcti-uefi = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-tpm2-tss-engine = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-tpm2-pkcs11 = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-tpm2-tss = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-cryptsetup-tpm-incubator = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-tpm2-tools = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-ibmswtpm2 = "Armin Kuster <akuster808@gmail.com>" - diff --git a/meta-tpm/conf/layer.conf b/meta-tpm/conf/layer.conf index 175eba8..58b61d4 100644 --- a/meta-tpm/conf/layer.conf +++ b/meta-tpm/conf/layer.conf @@ -6,12 +6,25 @@ BBFILES += "${LAYERDIR}/recipes*/*/*.bb ${LAYERDIR}/recipes*/*/*.bbappend" BBFILE_COLLECTIONS += "tpm-layer" BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/" -BBFILE_PRIORITY_tpm-layer = "10" +BBFILE_PRIORITY_tpm-layer = "6" -LAYERSERIES_COMPAT_tpm-layer = "zeus" +LAYERSERIES_COMPAT_tpm-layer = "nanbield scarthgap" LAYERDEPENDS_tpm-layer = " \ core \ openembedded-layer \ + meta-python \ " BBLAYERS_LAYERINDEX_NAME_tpm-layer = "meta-tpm" + +# Sanity check for meta-integrity layer. +# Setting SKIP_META_TPM_SANITY_CHECK to "1" would skip the bbappend files check. +INHERIT += "sanity-meta-tpm" + +BBFILES_DYNAMIC += " \ +networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \ +" + +addpylib ${LAYERDIR}/lib oeqa + +WARN_QA:append:tmp-layer = " patch-status missing-metadata" diff --git a/meta-tpm/lib/oeqa/runtime/cases/swtpm.py b/meta-tpm/lib/oeqa/runtime/cases/swtpm.py new file mode 100644 index 0000000..0be5c59 --- /dev/null +++ b/meta-tpm/lib/oeqa/runtime/cases/swtpm.py @@ -0,0 +1,26 @@ +# Copyright (C) 2022 Armin Kuster <akuster808@gmail.com> +# +from oeqa.runtime.case import OERuntimeTestCase +from oeqa.core.decorator.depends import OETestDepends +from oeqa.runtime.decorator.package import OEHasPackage +from oeqa.core.decorator.data import skipIfNotFeature + +class SwTpmTest(OERuntimeTestCase): + @classmethod + def setUpClass(cls): + cls.tc.target.run('swtpm_ioctl -s --tcp :2322') + cls.tc.target.run('mkdir /tmp/myvtpm2') + cls.tc.target.run('chown tss:root /tmp/myvtpm2') + + @classmethod + def tearDownClass(cls): + cls.tc.target.run('swtpm_ioctl -s --tcp :2322') + cls.tc.target.run('rm -fr /tmp/myvtpm2') + + @skipIfNotFeature('tpm2','Test tpm2_swtpm_socket requires tpm2 to be in DISTRO_FEATURES') + @OETestDepends(['ssh.SSHTest.test_ssh']) + @OEHasPackage(['swtpm']) + def test_swtpm2_ek_cert(self): + cmd = 'swtpm_setup --tpmstate /tmp/myvtpm2 --create-ek-cert --create-platform-cert --tpm2', + status, output = self.target.run(cmd) + self.assertEqual(status, 0, msg="swtpm create-ek-cert failed: %s" % output) diff --git a/meta-tpm/lib/oeqa/runtime/cases/tpm2.py b/meta-tpm/lib/oeqa/runtime/cases/tpm2.py index c6f9d92..8e90dc9 100644 --- a/meta-tpm/lib/oeqa/runtime/cases/tpm2.py +++ b/meta-tpm/lib/oeqa/runtime/cases/tpm2.py @@ -1,11 +1,21 @@ -# Copyright (C) 2019 Armin Kuster <akuster808@gmail.com> +# Copyright (C) 2019 - 2022 Armin Kuster <akuster808@gmail.com> # from oeqa.runtime.case import OERuntimeTestCase from oeqa.core.decorator.depends import OETestDepends from oeqa.runtime.decorator.package import OEHasPackage - +from oeqa.core.decorator.data import skipIfNotFeature class Tpm2Test(OERuntimeTestCase): + @classmethod + def setUpClass(cls): + cls.tc.target.run('swtpm_ioctl -s --tcp :2322') + cls.tc.target.run('mkdir /tmp/myvtpm2') + + @classmethod + def tearDownClass(cls): + cls.tc.target.run('swtpm_ioctl -s --tcp :2322') + cls.tc.target.run('rm -fr /tmp/myvtpm2') + def check_endlines(self, results, expected_endlines): for line in results.splitlines(): for el in expected_endlines: @@ -16,28 +26,44 @@ class Tpm2Test(OERuntimeTestCase): if expected_endlines: self.fail('Missing expected line endings:\n %s' % '\n '.join(expected_endlines)) - @OEHasPackage(['tpm2-tss']) - @OEHasPackage(['tpm2-abrmd']) @OEHasPackage(['tpm2-tools']) - @OEHasPackage(['ibmswtpm2']) + @OEHasPackage(['tpm2-abrmd']) + @OEHasPackage(['swtpm']) + @skipIfNotFeature('tpm2','Test tpm2_startup requires tpm2 to be in DISTRO_FEATURES') @OETestDepends(['ssh.SSHTest.test_ssh']) - def test_tpm2_sim(self): + def test_tpm2_startup(self): cmds = [ - 'tpm_server &', - 'tpm2-abrmd --allow-root --tcti=mssim &' + 'swtpm socket -d --tpmstate dir=/tmp/myvtpm2 --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init', + 'tpm2_startup -c -T "swtpm:port=2321"', ] for cmd in cmds: status, output = self.target.run(cmd) self.assertEqual(status, 0, msg='\n'.join([cmd, output])) - @OETestDepends(['tpm2.Tpm2Test.test_tpm2_sim']) - def test_tpm2(self): - (status, output) = self.target.run('tpm2_pcrlist') + @OETestDepends(['tpm2.Tpm2Test.test_tpm2_startup']) + def test_tpm2_pcrread(self): + (status, output) = self.target.run('tpm2_pcrread') expected_endlines = [] - expected_endlines.append('sha1 :') - expected_endlines.append(' 0 : 0000000000000000000000000000000000000003') - expected_endlines.append(' 1 : 0000000000000000000000000000000000000000') + expected_endlines.append(' sha1:') + expected_endlines.append(' 0 : 0x0000000000000000000000000000000000000000') + expected_endlines.append(' 1 : 0x0000000000000000000000000000000000000000') + expected_endlines.append(' sha256:') + expected_endlines.append(' 0 : 0x0000000000000000000000000000000000000000000000000000000000000000') + expected_endlines.append(' 1 : 0x0000000000000000000000000000000000000000000000000000000000000000') + self.check_endlines(output, expected_endlines) + + @OEHasPackage(['p11-kit']) + @OEHasPackage(['tpm2-pkcs11']) + @OETestDepends(['tpm2.Tpm2Test.test_tpm2_pcrread']) + def test_tpm2_pkcs11(self): + (status, output) = self.target.run('p11-kit list-modules -v') + self.assertEqual(status, 0, msg="Modules missing: %s" % output) + + @OETestDepends(['tpm2.Tpm2Test.test_tpm2_pkcs11']) + def test_tpm2_swtpm_reset(self): + (status, output) = self.target.run('swtpm_ioctl -i --tcp :2322') + self.assertEqual(status, 0, msg="swtpm reset failed: %s" % output) diff --git a/meta-tpm/recipes-core/images/security-tpm2-image.bb b/meta-tpm/recipes-core/images/security-tpm2-image.bb index 7e047d1..941a661 100644 --- a/meta-tpm/recipes-core/images/security-tpm2-image.bb +++ b/meta-tpm/recipes-core/images/security-tpm2-image.bb @@ -7,6 +7,7 @@ IMAGE_INSTALL = "\ packagegroup-core-boot \ packagegroup-security-tpm2 \ os-release \ + swtpm \ " IMAGE_LINGUAS ?= " " diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb index 3b9d271..e3de797 100644 --- a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb +++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb @@ -7,8 +7,8 @@ inherit packagegroup PACKAGES = "packagegroup-security-tpm-i2c" -SUMMARY_packagegroup-security-tpm-i2c = "Security TPM i2c support" -RDEPENDS_packagegroup-security-tpm-i2c = " \ +SUMMARY:packagegroup-security-tpm-i2c = "Security TPM i2c support" +RDEPENDS:packagegroup-security-tpm-i2c = " \ ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'packagegroup-security-tpm', '', d)} \ ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'packagegroup-security-tpm2', '', d)} \ kernel-module-tpm-i2c-atmel \ diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb index 25126ef..a1d4d44 100644 --- a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb +++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb @@ -7,22 +7,27 @@ inherit packagegroup PACKAGES = "packagegroup-security-tpm" -SUMMARY_packagegroup-security-tpm = "Security TPM support" -RDEPENDS_packagegroup-security-tpm = " \ +SUMMARY:packagegroup-security-tpm = "Security TPM support" +RDEPENDS:packagegroup-security-tpm = " \ tpm-tools \ trousers \ + pcr-extend \ + tpm-quote-tools \ + swtpm \ + libhoth \ + openssl-tpm-engine \ ${X86_TPM_MODULES} \ " X86_TPM_MODULES ?= "" -X86_TPM_MODULES_x86 = " \ +X86_TPM_MODULES:x86 = " \ kernel-module-tpm-atmel \ kernel-module-tpm-infineon \ kernel-module-tpm-nsc \ " -X86_TPM_MODULES_x86-64 = " \ +X86_TPM_MODULES:x86-64 = " \ kernel-module-tpm-atmel \ kernel-module-tpm-infineon \ kernel-module-tpm-nsc \ diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb index 8f5c537..b986097 100644 --- a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb +++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb @@ -3,21 +3,25 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \ file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" +PACKAGE_ARCH = "${TUNE_PKGARCH}" + inherit packagegroup PACKAGES = "${PN}" -SUMMARY_packagegroup-security-tpm2 = "Security TPM 2.0 support" -RDEPENDS_packagegroup-security-tpm2 = " \ +SUMMARY:packagegroup-security-tpm2 = "Security TPM 2.0 support" +RDEPENDS:packagegroup-security-tpm2 = " \ tpm2-tools \ trousers \ tpm2-tss \ - libtss2 \ libtss2-mu \ libtss2-tcti-device \ libtss2-tcti-mssim \ + libtss2 \ tpm2-abrmd \ tpm2-pkcs11 \ - ibmswtpm2 \ - cryptsetup-tpm-incubator \ + tpm2-openssl \ + tpm2-tss-engine \ + tpm2-tss-engine-engines \ + python3-tpm2-pytss \ " diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-vtpm.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-vtpm.bb index 2e9394f..3a8f2fa 100644 --- a/meta-tpm/recipes-core/packagegroup/packagegroup-security-vtpm.bb +++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-vtpm.bb @@ -7,8 +7,8 @@ inherit packagegroup PACKAGES = "packagegroup-security-vtpm" -SUMMARY_packagegroup-security-vtpm = "Security Software vTPM support" -RDEPENDS_packagegroup-security-vtpm = " \ +SUMMARY:packagegroup-security-vtpm = "Security Software vTPM support" +RDEPENDS:packagegroup-security-vtpm = " \ libtpm \ swtpm \ " diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto-rt_%.bbappend b/meta-tpm/recipes-kernel/linux/linux-yocto-rt_%.bbappend new file mode 100644 index 0000000..e8027ff --- /dev/null +++ b/meta-tpm/recipes-kernel/linux/linux-yocto-rt_%.bbappend @@ -0,0 +1 @@ +require ${@bb.utils.contains_any('DISTRO_FEATURES', 'tpm tpm2', 'linux-yocto_tpm.inc', '', d)} diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg deleted file mode 100644 index 8be331a..0000000 --- a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg +++ /dev/null @@ -1,4 +0,0 @@ -CONFIG_TCG_NSC=m -CONFIG_TCG_ATMEL=m -CONFIG_TCG_INFINEON=m -CONFIG_TCG_TIS_ST33ZP24=m diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto_%.bbappend b/meta-tpm/recipes-kernel/linux/linux-yocto_%.bbappend new file mode 100644 index 0000000..e8027ff --- /dev/null +++ b/meta-tpm/recipes-kernel/linux/linux-yocto_%.bbappend @@ -0,0 +1 @@ +require ${@bb.utils.contains_any('DISTRO_FEATURES', 'tpm tpm2', 'linux-yocto_tpm.inc', '', d)} diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend b/meta-tpm/recipes-kernel/linux/linux-yocto_tpm.inc index cea8b1b..7a27683 100644 --- a/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend +++ b/meta-tpm/recipes-kernel/linux/linux-yocto_tpm.inc @@ -1,17 +1,8 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" +FILESEXTRAPATHS:prepend := "${THISDIR}/linux-yocto:" -# Enable tpm in kernel -SRC_URI_append_x86 = " \ - ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \ - ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm2.scc', '', d)} \ - " - -SRC_URI_append_x86-64 = " \ +SRC_URI += " \ ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \ ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm2.scc', '', d)} \ - " - -SRC_URI += " \ ${@bb.utils.contains('MACHINE_FEATURES', 'tpm_i2c', 'file://tpm_i2c.scc', '', d)} \ ${@bb.utils.contains('MACHINE_FEATURES', 'vtpm', 'file://vtpm.scc', '', d)} \ " diff --git a/meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch b/meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch deleted file mode 100644 index 9e1021a..0000000 --- a/meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 09e7dd42e5201d079bad70e9f7cc6033ce1c7cad Mon Sep 17 00:00:00 2001 -From: Stefan Berger <stefanb@linux.vnet.ibm.com> -Date: Fri, 3 Feb 2017 10:58:22 -0500 -Subject: [PATCH] Convert another vdprintf to dprintf - -Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> -Upstream-Status: Backport -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - src/tpm_library.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: git/src/tpm_library.c -=================================================================== ---- git.orig/src/tpm_library.c -+++ git/src/tpm_library.c -@@ -427,7 +427,7 @@ void TPMLIB_LogPrintfA(unsigned int inde - indent = sizeof(spaces) - 1; - memset(spaces, ' ', indent); - spaces[indent] = 0; -- vdprintf(debug_fd, spaces, NULL); -+ dprintf(debug_fd, "%s", spaces); - } - - va_start(args, format); diff --git a/meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch b/meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch deleted file mode 100644 index a71b5c1..0000000 --- a/meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 6a9b4e5d70f770aa9ca31e3e6d3b1ae72c192070 Mon Sep 17 00:00:00 2001 -From: Stefan Berger <stefanb@linux.vnet.ibm.com> -Date: Tue, 31 Jan 2017 20:10:51 -0500 -Subject: [PATCH] Use format '%s' for call to dprintf - -Fix the dprintf call to use a format parameter that otherwise causes -errors with gcc on certain platforms. - -Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> - -Upstream-Status: Backport -replaces local patch -Signed-off-by: Armin Kuster <akuster@mvsita.com> - ---- - src/tpm_library.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: git/src/tpm_library.c -=================================================================== ---- git.orig/src/tpm_library.c -+++ git/src/tpm_library.c -@@ -405,8 +405,8 @@ int TPMLIB_LogPrintf(const char *format, - } - - if (debug_prefix) -- dprintf(debug_fd, debug_prefix); -- dprintf(debug_fd, buffer); -+ dprintf(debug_fd, "%s", debug_prefix); -+ dprintf(debug_fd, "%s", buffer); - - return i; - } diff --git a/meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch b/meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch deleted file mode 100644 index fc13aa5..0000000 --- a/meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch +++ /dev/null @@ -1,48 +0,0 @@ -Upstream-Status: Pending -Signed-off-by: Armin kuster <akuster808@gmail.com> - -Index: git/src/swtpm/ctrlchannel.c -=================================================================== ---- git.orig/src/swtpm/ctrlchannel.c -+++ git/src/swtpm/ctrlchannel.c -@@ -152,7 +152,8 @@ static int ctrlchannel_receive_state(ptm - uint32_t tpm_number = 0; - unsigned char *blob = NULL; - uint32_t blob_length = be32toh(pss->u.req.length); -- uint32_t remain = blob_length, offset = 0; -+ ssize_t remain = (ssize_t) blob_length; -+ uint32_t offset = 0; - TPM_RESULT res; - uint32_t flags = be32toh(pss->u.req.state_flags); - TPM_BOOL is_encrypted = (flags & PTM_STATE_FLAG_ENCRYPTED) != 0; -Index: git/src/swtpm_ioctl/tpm_ioctl.c -=================================================================== ---- git.orig/src/swtpm_ioctl/tpm_ioctl.c -+++ git/src/swtpm_ioctl/tpm_ioctl.c -@@ -303,7 +303,7 @@ static int do_save_state_blob(int fd, bo - numbytes = write(file_fd, pgs.u.resp.data, - devtoh32(is_chardev, pgs.u.resp.length)); - -- if (numbytes != devtoh32(is_chardev, pgs.u.resp.length)) { -+ if (numbytes != (ssize_t) devtoh32(is_chardev, pgs.u.resp.length)) { - fprintf(stderr, - "Could not write to file '%s': %s\n", - filename, strerror(errno)); -@@ -420,7 +420,7 @@ static int do_load_state_blob(int fd, bo - had_error = true; - break; - } -- pss.u.req.length = htodev32(is_chardev, numbytes); -+ pss.u.req.length = htodev32(is_chardev, (uint32_t) numbytes); - - /* the returnsize is zero on all intermediate packets */ - returnsize = ((size_t)numbytes < sizeof(pss.u.req.data)) -@@ -863,7 +863,7 @@ int main(int argc, char *argv[]) - return EXIT_FAILURE; - } - /* no tpm_result here */ -- printf("ptm capability is 0x%lx\n", (uint64_t)devtoh64(is_chardev, cap)); -+ printf("ptm capability is 0x%llx\n", (uint64_t)devtoh64(is_chardev, cap)); - - } else if (!strcmp(command, "-i")) { - init.u.req.init_flags = htodev32(is_chardev, PTM_INIT_FLAG_DELETE_VOLATILE); diff --git a/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.0.bb b/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.6.bb index d9863fa..a860319 100644 --- a/meta-tpm/recipes-tpm/libtpm/libtpm_0.7.0.bb +++ b/meta-tpm/recipes-tpm/libtpm/libtpm_0.9.6.bb @@ -2,13 +2,13 @@ SUMMARY = "LIBPM - Software TPM Library" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9" -SRCREV = "c26e8f7b08b19a69cea9e8f1f1e6639c7951fb01" -SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-${PV}" +SRCREV = "f8c2dc7e12a730dcca4220d7ac5ad86d13dfd630" +SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-0.9;protocol=https" PE = "1" S = "${WORKDIR}/git" -inherit autotools-brokensep pkgconfig +inherit autotools-brokensep pkgconfig perlnative PACKAGECONFIG ?= "openssl" PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch deleted file mode 100644 index 3d16431..0000000 --- a/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 8750a6c3f0b4d9e7e45b4079150d29eb44774e9c Mon Sep 17 00:00:00 2001 -From: Armin Kuster <akuster@mvista.com> -Date: Tue, 14 Mar 2017 22:59:36 -0700 -Subject: [PATCH 2/4] logging: Fix musl build issue with fcntl - - error: #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.h> [-Werror=cpp] - #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl. - -Upstream-Status: Pending -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - src/swtpm/logging.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/swtpm/logging.c b/src/swtpm/logging.c -index f16cab6..7da8606 100644 ---- a/src/swtpm/logging.c -+++ b/src/swtpm/logging.c -@@ -45,7 +45,7 @@ - #include <errno.h> - #include <string.h> - #include <sys/types.h> --#include <sys/fcntl.h> -+#include <fcntl.h> - #include <sys/stat.h> - #include <stdio.h> - #include <stdlib.h> --- -2.11.0 - diff --git a/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch deleted file mode 100644 index 60958f7..0000000 --- a/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 672bb4ee625da3141ba6cecb0601c7563de4c483 Mon Sep 17 00:00:00 2001 -From: Armin Kuster <akuster808@gmail.com> -Date: Thu, 13 Oct 2016 02:03:56 -0700 -Subject: [PATCH 1/4] swtpm: add new package - -Upstream-Status: Inappropriate [OE config] - -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Rebased to current tip. - -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> - ---- - configure.ac | 34 ++++++++++------------------------ - 1 file changed, 10 insertions(+), 24 deletions(-) - -diff --git a/configure.ac b/configure.ac -index abf5be1..85ed6ac 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -395,31 +395,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-security" - dnl We have to make sure libtpms is using the same crypto library - dnl to avoid problems - AC_MSG_CHECKING([the crypto library libtpms is using]) --dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \ -- sed -n '/SEARCH_DIR/p' | \ -- sed 's/SEARCH_DIR("\(@<:@^"@:>@*\)"); */\1 /g' | \ -- sed 's|=/|/|g') --for dir in $dirs $LIBRARY_PATH; do -- if test -r $dir/libtpms.so; then -- if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then -- libtpms_cryptolib="openssl" -- break -- fi -- if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then -- libtpms_cryptolib="freebl" -- break -- fi -+dir="$SEARCH_DIR" -+if test -r $dir/libtpms.so; then -+ if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then -+ libtpms_cryptolib="openssl" -+ break - fi -- case $host_os in -- cygwin|openbsd*) -- if test -r $dir/libtpms.a; then -- if test -n "$(nm $dir/libtpms.a | grep "U AES_encrypt")"; then -- libtpms_cryptolib="openssl" -- fi -- fi -- ;; -- esac --done -+ if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then -+ libtpms_cryptolib="freebl" -+ break -+ fi -+fi - - if test -z "$libtpms_cryptolib"; then - AC_MSG_ERROR([Could not determine libtpms crypto library.]) --- -2.11.0 - diff --git a/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch b/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch deleted file mode 100644 index d736bc6..0000000 --- a/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch +++ /dev/null @@ -1,22 +0,0 @@ -tpm_ioctl: fix musl for missing ioctl - -tpm_ioctl.c: In function 'ioctl_to_cmd': -tpm_ioctl.c:86:26: error: '_IOC_NRSHIFT' undeclared (first use in this function) - return ((ioctlnum >> _IOC_NRSHIFT) & _IOC_NRMASK) + 1; - - -Upstream-status: -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: git/src/swtpm_ioctl/tpm_ioctl.c -=================================================================== ---- git.orig/src/swtpm_ioctl/tpm_ioctl.c -+++ git/src/swtpm_ioctl/tpm_ioctl.c -@@ -58,6 +58,7 @@ - #include <fcntl.h> - #include <unistd.h> - #include <sys/ioctl.h> -+#include <asm/ioctl.h> - #include <getopt.h> - #include <sys/un.h> - #include <sys/types.h> diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb index 644f3ac..bb93374 100644 --- a/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb +++ b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb @@ -1,6 +1,6 @@ SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools" LICENSE = "MIT" -DEPENDS = "swtpm-native tpm-tools-native net-tools-native" +DEPENDS = "swtpm-native" inherit native @@ -14,23 +14,19 @@ do_create_wrapper () { for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do exe=`basename $i` case $exe in - swtpm_setup.sh) + swtpm_setup) cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF #! /bin/sh # -# Wrapper around swtpm_setup.sh which adds parameters required to +# Wrapper around swtpm_setup which adds parameters required to # run the setup as non-root directly from the native sysroot. PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH" export PATH -# tcsd only allows to be run as root or tss. Pretend to be root... -exec env ${FAKEROOTENV} ${FAKEROOTCMD} swtpm_setup.sh --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@" +exec swtpm_setup --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@" EOF ;; - swtpm_setup) - true - ;; *) cat >${WORKDIR}/${exe}_oe.sh <<EOF #! /bin/sh diff --git a/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_0.8.1.bb index 35c77c8..7a538da 100644 --- a/meta-tpm/recipes-tpm/swtpm/swtpm_0.2.0.bb +++ b/meta-tpm/recipes-tpm/swtpm/swtpm_0.8.1.bb @@ -3,50 +3,47 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" SECTION = "apps" -DEPENDS = "libtasn1 expect socat glib-2.0 net-tools-native libtpm libtpm-native" +# expect-native, socat-native, coreutils-native and net-tools-native are reportedly only required for the tests +DEPENDS = "libtasn1 coreutils-native expect-native socat-native glib-2.0 net-tools-native libtpm json-glib" -# configure checks for the tools already during compilation and -# then swtpm_setup needs them at runtime -DEPENDS += "tpm-tools-native expect-native socat-native" - -SRCREV = "39673a0139b0ee14a0109aba50a0635592c672c4" -SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-${PV} \ - file://fix_fcntl_h.patch \ - file://ioctl_h.patch \ - " +SRCREV = "d2849a9f5ced70438d67036693438344b47b4161" +SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-0.8;protocol=https" PE = "1" S = "${WORKDIR}/git" -inherit autotools pkgconfig PARALLEL_MAKE = "" +inherit autotools pkgconfig perlnative TSS_USER="tss" TSS_GROUP="tss" -PACKAGECONFIG ?= "openssl" +PACKAGECONFIG ?= "openssl gnutls" PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" +PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)}" PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}" PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" -PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls" +# expect, bash, tpm2-pkcs11-tools (tpm2_ptool), tpmtool and certtool is +# used by swtpm-create-tpmca (the last two is provided by gnutls) +# gnutls is required by: swtpm-create-tpmca, swtpm-localca and swtpm_cert +PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls-native gnutls, gnutls-bin expect bash tpm2-pkcs11-tools" PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse" PACKAGECONFIG[seccomp] = "--with-seccomp, --without-seccomp, libseccomp" EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}" -export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}" - USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "--system ${TSS_USER}" -USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \ +GROUPADD_PARAM:${PN} = "--system ${TSS_USER}" +USERADD_PARAM:${PN} = "--system -g ${TSS_GROUP} --home-dir / \ --no-create-home --shell /bin/false ${BPN}" + PACKAGE_BEFORE_PN = "${PN}-cuse" -FILES_${PN}-cuse = "${bindir}/swtpm_cuse" +FILES:${PN}-cuse = "${bindir}/swtpm_cuse" -INSANE_SKIP_${PN} += "dev-so" +INSANE_SKIP:${PN} += "dev-so" -RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools" +RDEPENDS:${PN} = "libtpm" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch b/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch deleted file mode 100644 index c2a264b..0000000 --- a/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch +++ /dev/null @@ -1,110 +0,0 @@ -Author: Philipp Kern <pkern@debian.org> -Subject: Fix openssl1.1 support in data_mgmt -Date: Tue, 31 Jan 2017 22:40:10 +0100 - -Upstream-Status: Backport -tpm-tools_1.3.9.1-0.1.debian.tar - -Signed-off-by: Armin kuster <akuster808@gmail.com> - ---- - src/data_mgmt/data_import.c | 60 ++++++++++++++++++++++++++++---------------- - 1 file changed, 39 insertions(+), 21 deletions(-) - ---- a/src/data_mgmt/data_import.c -+++ b/src/data_mgmt/data_import.c -@@ -372,7 +372,7 @@ readX509Cert( const char *a_pszFile, - goto out; - } - -- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) { -+ if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) { - logError( TOKEN_RSA_KEY_ERROR ); - - X509_free( pX509 ); -@@ -691,8 +691,13 @@ createRsaPubKeyObject( RSA - - int rc = -1; - -- int nLen = BN_num_bytes( a_pRsa->n ); -- int eLen = BN_num_bytes( a_pRsa->e ); -+ const BIGNUM *bn; -+ const BIGNUM *be; -+ -+ RSA_get0_key( a_pRsa, &bn, &be, NULL ); -+ -+ int nLen = BN_num_bytes( bn ); -+ int eLen = BN_num_bytes( be ); - - CK_RV rv; - -@@ -732,8 +737,8 @@ createRsaPubKeyObject( RSA - } - - // Get binary representations of the RSA key information -- BN_bn2bin( a_pRsa->n, n ); -- BN_bn2bin( a_pRsa->e, e ); -+ BN_bn2bin( bn, n ); -+ BN_bn2bin( be, e ); - - // Create the RSA public key object - rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); -@@ -760,14 +765,27 @@ createRsaPrivKeyObject( RSA - - int rc = -1; - -- int nLen = BN_num_bytes( a_pRsa->n ); -- int eLen = BN_num_bytes( a_pRsa->e ); -- int dLen = BN_num_bytes( a_pRsa->d ); -- int pLen = BN_num_bytes( a_pRsa->p ); -- int qLen = BN_num_bytes( a_pRsa->q ); -- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 ); -- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 ); -- int iqmpLen = BN_num_bytes( a_pRsa->iqmp ); -+ const BIGNUM *bn; -+ const BIGNUM *be; -+ const BIGNUM *bd; -+ const BIGNUM *bp; -+ const BIGNUM *bq; -+ const BIGNUM *bdmp1; -+ const BIGNUM *bdmq1; -+ const BIGNUM *biqmp; -+ -+ RSA_get0_key( a_pRsa, &bn, &be, &bd); -+ RSA_get0_factors( a_pRsa, &bp, &bq); -+ RSA_get0_crt_params( a_pRsa, &bdmp1, &bdmq1, &biqmp ); -+ -+ int nLen = BN_num_bytes( bn ); -+ int eLen = BN_num_bytes( be ); -+ int dLen = BN_num_bytes( bd ); -+ int pLen = BN_num_bytes( bp ); -+ int qLen = BN_num_bytes( bq ); -+ int dmp1Len = BN_num_bytes( bdmp1 ); -+ int dmq1Len = BN_num_bytes( bdmq1 ); -+ int iqmpLen = BN_num_bytes( biqmp ); - - CK_RV rv; - -@@ -821,14 +839,14 @@ createRsaPrivKeyObject( RSA - } - - // Get binary representations of the RSA key information -- BN_bn2bin( a_pRsa->n, n ); -- BN_bn2bin( a_pRsa->e, e ); -- BN_bn2bin( a_pRsa->d, d ); -- BN_bn2bin( a_pRsa->p, p ); -- BN_bn2bin( a_pRsa->q, q ); -- BN_bn2bin( a_pRsa->dmp1, dmp1 ); -- BN_bn2bin( a_pRsa->dmq1, dmq1 ); -- BN_bn2bin( a_pRsa->iqmp, iqmp ); -+ BN_bn2bin( bn, n ); -+ BN_bn2bin( be, e ); -+ BN_bn2bin( bd, d ); -+ BN_bn2bin( bp, p ); -+ BN_bn2bin( bq, q ); -+ BN_bn2bin( bdmp1, dmp1 ); -+ BN_bn2bin( bdmq1, dmq1 ); -+ BN_bn2bin( biqmp, iqmp ); - - // Create the RSA private key object - rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject ); diff --git a/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb b/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb new file mode 100644 index 0000000..df1dc04 --- /dev/null +++ b/meta-tpm/recipes-tpm1/hoth/libhoth_git.bb @@ -0,0 +1,17 @@ +SUMMARY = "Google Hoth USB library" +DESCRIPTION = "Libraries and example programs for interacting with a \ + hoth-class root of trust." +HOMEPAGE = "https://github.com/google/libhoth" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +SRC_URI = "git://github.com/google/libhoth;protocol=https;branch=main" +SRCREV = "e4827163741e0804f12ac96c81b8e97649be6795" + +DEPENDS += "libusb1" + +S = "${WORKDIR}/git" + +inherit pkgconfig meson + diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch index bed8b92..e6068af 100644 --- a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch @@ -1,3 +1,5 @@ +Upstream-Status: Pending + commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed Author: Junxian.Xiao <Junxian.Xiao@windriver.com> Date: Wed Jun 19 18:57:13 2013 +0800 diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch index 2caaaf0..74def4f 100644 --- a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch @@ -1,3 +1,5 @@ +Upstream-Status: Pending + commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed Author: Junxian.Xiao <Junxian.Xiao@windriver.com> Date: Wed Jun 19 18:57:13 2013 +0800 diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch index cc8772d..732961d 100644 --- a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch @@ -17,6 +17,8 @@ export TPM_SRK_ENC_PW=xxxxxxxx Signed-off-by: Meng Li <Meng.Li@windriver.com> --- +Upstream-Status: Pending + e_tpm.c | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- e_tpm.h | 4 ++ e_tpm_err.c | 4 ++ diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch index 535472a..3cbfc3c 100644 --- a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch @@ -12,6 +12,8 @@ wrong case. Signed-off-by: Meng Li <Meng.Li@windriver.com> --- +Upstream-Status: Pending + create_tpm_key.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/openssl11_build_fix.patch index 2f8eb81..2f8eb81 100644 --- a/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/files/openssl11_build_fix.patch diff --git a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-tpm/recipes-tpm1/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb index 0f98b79..e3e643e 100644 --- a/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb +++ b/meta-tpm/recipes-tpm1/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb @@ -2,13 +2,13 @@ DESCRIPTION = "OpenSSL secure engine based on TPM hardware" HOMEPAGE = "https://github.com/mgerstner/openssl_tpm_engine" SECTION = "security/tpm" -LICENSE = "openssl" +LICENSE = "OpenSSL" LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52" DEPENDS += "openssl trousers" SRC_URI = "\ - git://github.com/mgerstner/openssl_tpm_engine.git \ + git://github.com/mgerstner/openssl_tpm_engine.git;branch=master;protocol=https \ file://0001-create-tpm-key-support-well-known-key-option.patch \ file://0002-libtpm-support-env-TPM_SRK_PW.patch \ file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \ @@ -35,31 +35,31 @@ inherit autotools-brokensep pkgconfig srk_dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\"" srk_dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\"" -CFLAGS_append += "-DSRK_DEC_PW=${srk_dec_pw} -DSRK_DEC_SALT=${srk_dec_salt}" +CFLAGS:append = " -DSRK_DEC_PW=${srk_dec_pw} -DSRK_DEC_SALT=${srk_dec_salt}" # Uncomment below line if using the plain srk password for development -#CFLAGS_append += "-DTPM_SRK_PLAIN_PW" +#CFLAGS:append = " -DTPM_SRK_PLAIN_PW" -do_configure_prepend() { +do_configure:prepend() { cd ${B} cp LICENSE COPYING touch NEWS AUTHORS ChangeLog README } -FILES_${PN}-staticdev += "${libdir}/ssl/engines-1.1/tpm.la" -FILES_${PN}-dbg += "\ - ${libdir}/ssl/engines-1.1/.debug \ - ${libdir}/engines-1.1/.debug \ - ${prefix}/local/ssl/lib/engines-1.1/.debug \ +FILES:${PN}-staticdev += "${libdir}/ssl/engines-3/tpm.la" +FILES:${PN}-dbg += "\ + ${libdir}/ssl/engines-3/.debug \ + ${libdir}/engines-3/.debug \ + ${prefix}/local/ssl/lib/engines-3/.debug \ " -FILES_${PN} += "\ - ${libdir}/ssl/engines-1.1/tpm.so* \ - ${libdir}/engines-1.1/tpm.so* \ +FILES:${PN} += "\ + ${libdir}/ssl/engines-3/tpm.so* \ + ${libdir}/engines-3/tpm.so* \ ${libdir}/libtpm.so* \ - ${prefix}/local/ssl/lib/engines-1.1/tpm.so* \ + ${prefix}/local/ssl/lib/engines-3/tpm.so* \ " -RDEPENDS_${PN} += "libcrypto libtspi" +RDEPENDS:${PN} += "libcrypto libtspi" -INSANE_SKIP_${PN} = "libdir" -INSANE_SKIP_${PN}-dbg = "libdir" +INSANE_SKIP:${PN} = "libdir" +INSANE_SKIP:${PN}-dbg = "libdir" diff --git a/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch b/meta-tpm/recipes-tpm1/pcr-extend/files/fix_openssl11_build.patch index cf2d437..cf2d437 100644 --- a/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch +++ b/meta-tpm/recipes-tpm1/pcr-extend/files/fix_openssl11_build.patch diff --git a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/meta-tpm/recipes-tpm1/pcr-extend/pcr-extend_git.bb index f8347b7..45da416 100644 --- a/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb +++ b/meta-tpm/recipes-tpm1/pcr-extend/pcr-extend_git.bb @@ -1,7 +1,7 @@ SUMMARY = "Command line utility to extend hash of arbitrary data into a TPMs PCR." HOMEPAGE = "https://github.com/flihp/pcr-extend" SECTION = "security/tpm" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "libtspi" @@ -9,7 +9,7 @@ DEPENDS = "libtspi" PV = "0.1+git${SRCPV}" SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316" -SRC_URI = "git://github.com/flihp/pcr-extend.git \ +SRC_URI = "git://github.com/flihp/pcr-extend.git;branch=master;protocol=https \ file://fix_openssl11_build.patch " inherit autotools diff --git a/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb b/meta-tpm/recipes-tpm1/tpm-quote-tools/tpm-quote-tools_1.0.4.bb index 8486d00..4672bba 100644 --- a/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb +++ b/meta-tpm/recipes-tpm1/tpm-quote-tools/tpm-quote-tools_1.0.4.bb @@ -15,9 +15,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8ec30b01163d242ecf07d9cd84e3611f" DEPENDS = "libtspi tpm-tools" -SRC_URI = "${SOURCEFORGE_MIRROR}/tpmquotetools/${PV}/${BP}.tar.gz" - -SRC_URI[md5sum] = "6e194f5bc534301bbaef53dc6d22c233" -SRC_URI[sha256sum] = "10dc4eade02635557a9496b388360844cd18e7864e2eb882f5e45ab2fa405ae2" +SRC_URI = "git://git.code.sf.net/p/tpmquotetools/tpm-quote-tools;branch=master" +SRCREV = "4511874d5c9b4504bb96e94f8a14bd6c39a36295" +S = "${WORKDIR}/git" inherit autotools diff --git a/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch b/meta-tpm/recipes-tpm1/tpm-tools/files/04-fix-FTBFS-clang.patch index 5018d45..5018d45 100644 --- a/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch +++ b/meta-tpm/recipes-tpm1/tpm-tools/files/04-fix-FTBFS-clang.patch diff --git a/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch b/meta-tpm/recipes-tpm1/tpm-tools/files/openssl1.1_fix.patch index 9ae3f72..9ae3f72 100644 --- a/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch +++ b/meta-tpm/recipes-tpm1/tpm-tools/files/openssl1.1_fix.patch diff --git a/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch b/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch index 40150af..d427d67 100644 --- a/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch +++ b/meta-tpm/recipes-tpm1/tpm-tools/files/tpm-tools-extendpcr.patch @@ -1,3 +1,5 @@ +Upstream-Status: Pending + Index: git/include/tpm_tspi.h =================================================================== --- git.orig/include/tpm_tspi.h diff --git a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb b/meta-tpm/recipes-tpm1/tpm-tools/tpm-tools_1.3.9.2.bb index 88ef19f..b47d53a 100644 --- a/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb +++ b/meta-tpm/recipes-tpm1/tpm-tools/tpm-tools_1.3.9.2.bb @@ -9,23 +9,22 @@ SECTION = "tpm" LICENSE = "CPL-1.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9" -DEPENDS = "libtspi openssl" -DEPENDS_class-native = "trousers-native" +DEPENDS = "libtspi openssl perl-native" +DEPENDS:class-native = "trousers-native" -SRCREV = "bdf9f1bc8f63cd6fc370c2deb58d03ac55079e84" +SRCREV = "bf43837575c5f7d31865562dce7778eae970052e" SRC_URI = " \ - git://git.code.sf.net/p/trousers/tpm-tools \ - file://tpm-tools-extendpcr.patch \ - file://04-fix-FTBFS-clang.patch \ - file://05-openssl1.1_fix_data_mgmt.patch \ - file://openssl1.1_fix.patch \ - " + git://git.code.sf.net/p/trousers/tpm-tools;branch=master \ + file://tpm-tools-extendpcr.patch \ + file://04-fix-FTBFS-clang.patch \ + file://openssl1.1_fix.patch \ + " inherit autotools-brokensep gettext S = "${WORKDIR}/git" -do_configure_prepend () { +do_configure:prepend () { mkdir -p po mkdir -p m4 cp -R po_/* po/ diff --git a/meta-tpm/recipes-tpm/trousers/files/0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch b/meta-tpm/recipes-tpm1/trousers/files/0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch index 7b3cc77..7b3cc77 100644 --- a/meta-tpm/recipes-tpm/trousers/files/0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch +++ b/meta-tpm/recipes-tpm1/trousers/files/0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch diff --git a/meta-tpm/recipes-tpm/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch b/meta-tpm/recipes-tpm1/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch index 3f5a144..3f5a144 100644 --- a/meta-tpm/recipes-tpm/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch +++ b/meta-tpm/recipes-tpm1/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch diff --git a/meta-tpm/recipes-tpm/trousers/files/tcsd.service b/meta-tpm/recipes-tpm1/trousers/files/tcsd.service index 787d4e9..787d4e9 100644 --- a/meta-tpm/recipes-tpm/trousers/files/tcsd.service +++ b/meta-tpm/recipes-tpm1/trousers/files/tcsd.service diff --git a/meta-tpm/recipes-tpm/trousers/files/trousers-udev.rules b/meta-tpm/recipes-tpm1/trousers/files/trousers-udev.rules index 256babd..256babd 100644 --- a/meta-tpm/recipes-tpm/trousers/files/trousers-udev.rules +++ b/meta-tpm/recipes-tpm1/trousers/files/trousers-udev.rules diff --git a/meta-tpm/recipes-tpm/trousers/files/trousers.init.sh b/meta-tpm/recipes-tpm1/trousers/files/trousers.init.sh index d0d6cb3..d0d6cb3 100644 --- a/meta-tpm/recipes-tpm/trousers/files/trousers.init.sh +++ b/meta-tpm/recipes-tpm1/trousers/files/trousers.init.sh diff --git a/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/meta-tpm/recipes-tpm1/trousers/trousers_git.bb index fe8f557..192c66c 100644 --- a/meta-tpm/recipes-tpm/trousers/trousers_git.bb +++ b/meta-tpm/recipes-tpm1/trousers/trousers_git.bb @@ -1,16 +1,16 @@ SUMMARY = "TrouSerS - An open-source TCG Software Stack implementation." -LICENSE = "BSD" +LICENSE = "BSD-3-Clause" HOMEPAGE = "http://sourceforge.net/projects/trousers/" LIC_FILES_CHKSUM = "file://README;startline=3;endline=4;md5=2af28fbed0832e4d83a9e6dd68bb4413" SECTION = "security/tpm" DEPENDS = "openssl" -SRCREV = "4b9a70d5789b0b74f43957a6c19ab2156a72d3e0" -PV = "0.3.14+git${SRCPV}" +SRCREV = "94144b0a1dcef6e31845d6c319e9bd7357208eb9" +PV = "0.3.15+git${SRCPV}" SRC_URI = " \ - git://git.code.sf.net/p/trousers/trousers \ + git://git.code.sf.net/p/trousers/trousers;branch=master \ file://trousers.init.sh \ file://trousers-udev.rules \ file://tcsd.service \ @@ -30,7 +30,7 @@ do_install () { oe_runmake DESTDIR=${D} install } -do_install_append() { +do_install:append() { install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/trousers.init.sh ${D}${sysconfdir}/init.d/trousers install -d ${D}${sysconfdir}/udev/rules.d @@ -43,7 +43,7 @@ do_install_append() { fi } -CONFFILES_${PN} += "${sysconfig}/tcsd.conf" +CONFFILES:${PN} += "${sysconfig}/tcsd.conf" PROVIDES = "${PACKAGES}" PACKAGES = " \ @@ -59,39 +59,39 @@ PACKAGES = " \ # libtspi needs tcsd for most (all?) operations, so suggest to # install that. -RRECOMMENDS_libtspi = "${PN}" +RRECOMMENDS:libtspi = "${PN}" -FILES_libtspi = " \ +FILES:libtspi = " \ ${libdir}/*.so.1 \ ${libdir}/*.so.1.2.0 \ " -FILES_libtspi-dbg = " \ +FILES:libtspi-dbg = " \ ${libdir}/.debug \ ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/tspi \ ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/trspi \ ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/include/*.h \ ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/include/tss \ " -FILES_libtspi-dev = " \ +FILES:libtspi-dev = " \ ${includedir} \ ${libdir}/*.so \ " -FILES_libtspi-doc = " \ +FILES:libtspi-doc = " \ ${mandir}/man3 \ " -FILES_libtspi-staticdev = " \ +FILES:libtspi-staticdev = " \ ${libdir}/*.la \ ${libdir}/*.a \ " -FILES_${PN} = " \ +FILES:${PN} = " \ ${sbindir}/tcsd \ ${sysconfdir} \ ${localstatedir} \ " -FILES_${PN}-dev += "${libdir}/trousers" +FILES:${PN}-dev += "${libdir}/trousers" -FILES_${PN}-dbg = " \ +FILES:${PN}-dbg = " \ ${sbindir}/.debug \ ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/tcs \ ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/tcsd \ @@ -99,20 +99,22 @@ FILES_${PN}-dbg = " \ ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/trousers \ ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/include/trousers \ " -FILES_${PN}-doc = " \ +FILES:${PN}-doc = " \ ${mandir}/man5 \ ${mandir}/man8 \ " +FILES:${PN} += "${systemd_unitdir}/*" + INITSCRIPT_NAME = "trousers" INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "--system tss" -USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" +GROUPADD_PARAM:${PN} = "--system tss" +USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" SYSTEMD_PACKAGES = "${PN}" -SYSTEMD_SERVICE_${PN} = "tcsd.service" +SYSTEMD_SERVICE:${PN} = "tcsd.service" SYSTEMD_AUTO_ENABLE = "disable" BBCLASSEXTEND = "native" diff --git a/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb b/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb deleted file mode 100644 index b706d15..0000000 --- a/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb +++ /dev/null @@ -1,42 +0,0 @@ -SUMMARY = "An extension to cryptsetup/LUKS that enables use of the TPM 2.0 via tpm2-tss" -DESCRIPTION = "Cryptsetup is utility used to conveniently setup disk encryption based on DMCrypt kernel module." - -SECTION = "security/tpm" -LICENSE = "LGPL-2.1 | GPL-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326 \ - file://COPYING.LGPL;md5=1960515788100ce5f9c98ea78a65dc52 \ - " - -DEPENDS = "autoconf-archive pkgconfig gettext libtss2-dev libdevmapper popt libgcrypt json-c" - -SRC_URI = "git://github.com/AndreasFuchsSIT/cryptsetup-tpm-incubator.git;branch=luks2tpm \ - file://configure_fix.patch " - -SRCREV = "15c283195f19f1d980e39ba45448683d5e383179" - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig gettext - -PACKAGECONFIG ??= "openssl" -PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl" -PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt" - -EXTRA_OECONF = "--enable-static" - -RRECOMMENDS_${PN} = "kernel-module-aes-generic \ - kernel-module-dm-crypt \ - kernel-module-md5 \ - kernel-module-cbc \ - kernel-module-sha256-generic \ - kernel-module-xts \ - " - -FILES_${PN} += "${libdir}/tmpfiles.d" -RDEPENDS_${PN} += "lvm2 libdevmapper" -RRECOMMENDS_${PN} += "lvm2-udevrules" - -RREPLACES_${PN} = "cryptsetup" -RCONFLICTS_${PN} ="cryptsetup" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/files/configure_fix.patch b/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/files/configure_fix.patch deleted file mode 100644 index 8c7b6da..0000000 --- a/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/files/configure_fix.patch +++ /dev/null @@ -1,16 +0,0 @@ -Upstream-Status: OE specific -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Index: git/configure.ac -=================================================================== ---- git.orig/configure.ac -+++ git/configure.ac -@@ -16,7 +16,7 @@ AC_CONFIG_HEADERS([config.h:config.h.in] - - # For old automake use this - #AM_INIT_AUTOMAKE(dist-xz subdir-objects) --AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects]) -+AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects foreign]) - - if test "x$prefix" = "xNONE"; then - sysconfdir=/etc diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/files/remove_optimization.patch b/meta-tpm/recipes-tpm2/ibmswtpm2/files/remove_optimization.patch deleted file mode 100644 index 2919e2e..0000000 --- a/meta-tpm/recipes-tpm2/ibmswtpm2/files/remove_optimization.patch +++ /dev/null @@ -1,26 +0,0 @@ -Allow recipe to overide optimization. - -fixes: - -397 | # warning _FORTIFY_SOURCE requires compiling with optimization (-O) -| | ^~~~~~~ -| cc1: all warnings being treated as errors - - -Upstream-Status: OE specific - -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Index: src/makefile -=================================================================== ---- src.orig/makefile -+++ src/makefile -@@ -43,7 +43,7 @@ CC = /usr/bin/gcc - CCFLAGS = -Wall \ - -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \ - -Werror -Wsign-compare \ -- -c -ggdb -O0 \ -+ -c -ggdb -O \ - -DTPM_POSIX \ - -D_POSIX_ \ - -DTPM_NUVOTON diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch b/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch new file mode 100644 index 0000000..09aab78 --- /dev/null +++ b/meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch @@ -0,0 +1,51 @@ +1) Allow recipe to overide optimization. + +fixes: + +397 | # warning _FORTIFY_SOURCE requires compiling with optimization (-O) +| | ^~~~~~~ +| cc1: all warnings being treated as errors + +2) Allow recipe to override OE related compile-/link-flags + +fixes: + +ERROR: QA Issue: File /usr/bin/tpm_server in package ibmswtpm2 doesn't have GNU_HASH (didn't pass LDFLAGS?) [ldflags] + +Upstream-Status: Inappropriate [OE specific] + +Signed-off-by: Jens Rehsack <sno@NetBSD.org> + +Index: src/makefile +=================================================================== +--- src.orig/makefile ++++ src/makefile +@@ -38,13 +38,11 @@ + ################################################################################# + + +-CC = /usr/bin/gcc +- + CCFLAGS = -Wall \ + -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \ + -Werror -Wsign-compare \ + -Wno-deprecated-declarations \ +- -c -ggdb -O0 \ ++ -c -ggdb -O \ + -DTPM_POSIX \ + -D_POSIX_ \ + -DTPM_NUVOTON +@@ -80,11 +78,11 @@ TcpServerPosix.o : $(HEADERS) + .PRECIOUS: %.o + + tpm_server: $(OBJFILES) +- $(CC) $(OBJFILES) $(LNFLAGS) -o tpm_server ++ $(CCLD) $(OBJFILES) $(LDFLAGS) $(LNFLAGS) -o tpm_server + + clean: + rm -f *.o tpm_server *~ + + %.o: %.c +- $(CC) $(CCFLAGS) $< -o $@ ++ $(CC) $(CCFLAGS) $(CFLAGS) $< -o $@ + diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1563.bb b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1563.bb deleted file mode 100644 index 8054226..0000000 --- a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1563.bb +++ /dev/null @@ -1,27 +0,0 @@ -SUMMARY = "IBM's Software TPM 2.0" -LICENSE = "BSD" -SECTION = "securty/tpm" -LIC_FILES_CHKSUM = "file://../LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f" - -DEPENDS = "openssl" - -SRC_URI = "https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm${PV}.tar.gz \ - file://remove_optimization.patch \ - " -SRC_URI[md5sum] = "13013612b3a13dc935fefe1a5684179c" -SRC_URI[sha256sum] = "fc3a17f8315c1f47670764f2384943afc0d3ba1e9a0422dacb08d455733bd1e9" -SRC_URI[sha1sum] = "a2a5335024a2edc1739f08b99e716fa355be627d" -SRC_URI[sha384sum] = "b1f278acabe2198aa79c0fe8aa0182733fe701336cbf54a88058be0b574cab768f59f9315882d0e689e634678d05b79f" -SRC_URI[sha512sum] = "ff0b9e5f0d0070eb572b23641f7a0e70a8bc65cbf4b59dca1778be3bb014124011221a492147d4c492584e87af23e2f842ca6307641b3919f67a3f27f09312c0" - -S = "${WORKDIR}/src" - -do_compile () { - make CC='${CC}' -} - -do_install () { - install -d ${D}/${bindir} - install -m 0755 tpm_server ${D}/${bindir} -} - diff --git a/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb new file mode 100644 index 0000000..7ed9569 --- /dev/null +++ b/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_183-2024-03-27.bb @@ -0,0 +1,37 @@ +SUMMARY = "IBM's Software TPM 2.0" +DESCRIPTION = "The software TPM 2.0 is targeted toward application development, \ +education, and virtualization. \ +\ +The intent is that an application can be developed using the software TPM. \ +The application should then run using a hardware TPM without changes. \ +Advantages of this approach: \ +* In contrast to a hardware TPM, it runs on many platforms and it's generally faster. \ +* Application software errors are easily reversed by simply removing the TPM state and starting over. \ +* Difficult crypto errors are quickly debugged by looking inside the TPM." +HOMEPAGE = "http://ibmswtpm.sourceforge.net/ibmswtpm2.html" +LICENSE = "BSD-2-Clause" +SECTION = "securty/tpm" +LIC_FILES_CHKSUM = "file://../LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f" +LIC_FILES_CHKSUM += "file://LICENSE;md5=c75e465155c42c14154bf6a2acb7347b" + +DEPENDS = "openssl" + +SRC_URI = "git://git.code.sf.net/p/ibmswtpm2/tpm2;protocol=https;branch=master \ + file://tune-makefile.patch \ + " +SRCREV = "c37c74438429e1d5fe465232e7bf894b239a2cd4" + +UPSTREAM_CHECK_GITTAGREGEX = "rev(?P<pver>\d+(\-\d+)+)" + +S = "${WORKDIR}/git/src" + +CFLAGS += "-Wno-error=maybe-uninitialized" + +do_compile () { + make CC='${CC}' +} + +do_install () { + install -d ${D}/${bindir} + install -m 0755 tpm_server ${D}/${bindir} +} diff --git a/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch new file mode 100644 index 0000000..46af137 --- /dev/null +++ b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss/0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch @@ -0,0 +1,125 @@ +From 68fafb3516b6004d27f882273f934bda3f4714b4 Mon Sep 17 00:00:00 2001 +From: Jens Rehsack <sno@netbsd.org> +Date: Fri, 11 Sep 2020 07:46:41 +0200 +Subject: [PATCH] utils{,12}/Makefile.am: expand wildcards in prereqs + +Expand wildcards of required sources to avoid errors like: +make[2]: *** No rule to make target 'man/man1/*.1', needed by 'all-am'. Stop. +make[2]: *** Waiting for unfinished jobs.... + +Upstream-Status: Submitted + +Signed-off-by: Jens Rehsack <sno@netbsd.org> +--- + utils/Makefile.am | 75 +++++++++++++++++++++++++++++++++++++++++++-- + utils12/Makefile.am | 8 ++++- + 2 files changed, 79 insertions(+), 4 deletions(-) + +diff --git a/utils/Makefile.am b/utils/Makefile.am +index 7457269..14689c0 100755 +--- a/utils/Makefile.am ++++ b/utils/Makefile.am +@@ -93,9 +93,78 @@ libibmtssutils_la_LIBADD = libibmtss.la $(LIBCRYPTO_LIBS) $(EFIBOOT_LIBS) + + noinst_HEADERS = CommandAttributes.h imalib.h tssdev.h ntc2lib.h tssntc.h Commands_fp.h objecttemplates.h tssproperties.h cryptoutils.h Platform.h tssauth.h tsssocket.h ekutils.h eventlib.h efilib.h tssccattributes.h + # install every header in ibmtss +-nobase_include_HEADERS = ibmtss/*.h +- +-notrans_man_MANS = man/man1/*.1 ++nobase_include_HEADERS = ibmtss/ActivateCredential_fp.h ibmtss/ActivateIdentity_fp.h ibmtss/BaseTypes.h \ ++ ibmtss/CertifyCreation_fp.h ibmtss/Certify_fp.h ibmtss/CertifyX509_fp.h ibmtss/ChangeEPS_fp.h \ ++ ibmtss/ChangePPS_fp.h ibmtss/ClearControl_fp.h ibmtss/Clear_fp.h ibmtss/ClockRateAdjust_fp.h \ ++ ibmtss/ClockSet_fp.h ibmtss/Commit_fp.h ibmtss/ContextLoad_fp.h ibmtss/ContextSave_fp.h \ ++ ibmtss/CreateEndorsementKeyPair_fp.h ibmtss/Create_fp.h ibmtss/CreateLoaded_fp.h \ ++ ibmtss/CreatePrimary_fp.h ibmtss/CreateWrapKey_fp.h ibmtss/DictionaryAttackLockReset_fp.h \ ++ ibmtss/DictionaryAttackParameters_fp.h ibmtss/Duplicate_fp.h ibmtss/ECC_Parameters_fp.h \ ++ ibmtss/ECDH_KeyGen_fp.h ibmtss/ECDH_ZGen_fp.h ibmtss/EC_Ephemeral_fp.h ibmtss/EncryptDecrypt2_fp.h \ ++ ibmtss/EncryptDecrypt_fp.h ibmtss/EventSequenceComplete_fp.h ibmtss/EvictControl_fp.h ibmtss/Extend_fp.h \ ++ ibmtss/FlushContext_fp.h ibmtss/FlushSpecific_fp.h ibmtss/GetCapability12_fp.h ibmtss/GetCapability_fp.h \ ++ ibmtss/GetCommandAuditDigest_fp.h ibmtss/GetRandom_fp.h ibmtss/GetSessionAuditDigest_fp.h \ ++ ibmtss/GetTestResult_fp.h ibmtss/GetTime_fp.h ibmtss/Hash_fp.h ibmtss/HashSequenceStart_fp.h \ ++ ibmtss/HierarchyChangeAuth_fp.h ibmtss/HierarchyControl_fp.h ibmtss/HMAC_fp.h ibmtss/HMAC_Start_fp.h \ ++ ibmtss/Implementation.h ibmtss/Import_fp.h ibmtss/IncrementalSelfTest_fp.h ibmtss/LoadExternal_fp.h \ ++ ibmtss/Load_fp.h ibmtss/LoadKey2_fp.h ibmtss/MakeCredential_fp.h ibmtss/MakeIdentity_fp.h ibmtss/NTC_fp.h \ ++ ibmtss/NV_Certify_fp.h ibmtss/NV_ChangeAuth_fp.h ibmtss/NV_DefineSpace12_fp.h ibmtss/NV_DefineSpace_fp.h \ ++ ibmtss/NV_Extend_fp.h ibmtss/NV_GlobalWriteLock_fp.h ibmtss/NV_Increment_fp.h ibmtss/NV_Read_fp.h \ ++ ibmtss/NV_ReadLock_fp.h ibmtss/NV_ReadPublic_fp.h ibmtss/NV_ReadValueAuth_fp.h ibmtss/NV_ReadValue_fp.h \ ++ ibmtss/NV_SetBits_fp.h ibmtss/NV_UndefineSpace_fp.h ibmtss/NV_UndefineSpaceSpecial_fp.h ibmtss/NV_Write_fp.h \ ++ ibmtss/NV_WriteLock_fp.h ibmtss/NV_WriteValueAuth_fp.h ibmtss/NV_WriteValue_fp.h ibmtss/ObjectChangeAuth_fp.h \ ++ ibmtss/OIAP_fp.h ibmtss/OSAP_fp.h ibmtss/OwnerReadInternalPub_fp.h ibmtss/OwnerSetDisable_fp.h \ ++ ibmtss/Parameters12.h ibmtss/Parameters.h ibmtss/PCR_Allocate_fp.h ibmtss/PCR_Event_fp.h ibmtss/PCR_Extend_fp.h \ ++ ibmtss/PcrRead12_fp.h ibmtss/PCR_Read_fp.h ibmtss/PCR_Reset12_fp.h ibmtss/PCR_Reset_fp.h ibmtss/PCR_SetAuthPolicy_fp.h \ ++ ibmtss/PCR_SetAuthValue_fp.h ibmtss/PolicyAuthorize_fp.h ibmtss/PolicyAuthorizeNV_fp.h ibmtss/PolicyAuthValue_fp.h \ ++ ibmtss/PolicyCommandCode_fp.h ibmtss/PolicyCounterTimer_fp.h ibmtss/PolicyCpHash_fp.h ibmtss/PolicyDuplicationSelect_fp.h \ ++ ibmtss/PolicyGetDigest_fp.h ibmtss/PolicyLocality_fp.h ibmtss/PolicyNameHash_fp.h ibmtss/PolicyNV_fp.h \ ++ ibmtss/PolicyNvWritten_fp.h ibmtss/PolicyOR_fp.h ibmtss/PolicyPassword_fp.h ibmtss/PolicyPCR_fp.h \ ++ ibmtss/PolicyPhysicalPresence_fp.h ibmtss/PolicyRestart_fp.h ibmtss/PolicySecret_fp.h ibmtss/PolicySigned_fp.h \ ++ ibmtss/PolicyTemplate_fp.h ibmtss/PolicyTicket_fp.h ibmtss/PP_Commands_fp.h ibmtss/Quote2_fp.h ibmtss/Quote_fp.h \ ++ ibmtss/ReadClock_fp.h ibmtss/ReadPubek_fp.h ibmtss/ReadPublic_fp.h ibmtss/Rewrap_fp.h ibmtss/RSA_Decrypt_fp.h \ ++ ibmtss/RSA_Encrypt_fp.h ibmtss/SelfTest_fp.h ibmtss/SequenceComplete_fp.h ibmtss/SequenceUpdate_fp.h \ ++ ibmtss/SetAlgorithmSet_fp.h ibmtss/SetCommandCodeAuditStatus_fp.h ibmtss/SetPrimaryPolicy_fp.h ibmtss/Shutdown_fp.h \ ++ ibmtss/Sign12_fp.h ibmtss/Sign_fp.h ibmtss/StartAuthSession_fp.h ibmtss/Startup12_fp.h ibmtss/Startup_fp.h \ ++ ibmtss/StirRandom_fp.h ibmtss/TakeOwnership_fp.h ibmtss/TestParms_fp.h ibmtss/TPMB.h ibmtss/TpmBuildSwitches.h \ ++ ibmtss/tpmconstants12.h ibmtss/tpmstructures12.h ibmtss/tpmtypes12.h ibmtss/TPM_Types.h ibmtss/tsscrypto.h \ ++ ibmtss/tsscryptoh.h ibmtss/tsserror12.h ibmtss/tsserror.h ibmtss/tssfile.h ibmtss/tss.h ibmtss/tssmarshal12.h \ ++ ibmtss/tssmarshal.h ibmtss/tssprintcmd.h ibmtss/tssprint.h ibmtss/tssresponsecode.h ibmtss/tsstransmit.h \ ++ ibmtss/tssutils.h ibmtss/Unmarshal12_fp.h ibmtss/Unmarshal_fp.h ibmtss/Unseal_fp.h ibmtss/VerifySignature_fp.h \ ++ ibmtss/ZGen_2Phase_fp.h ++ ++notrans_man_MANS = man/man1/tssactivatecredential.1 man/man1/tsscertify.1 man/man1/tsscertifycreation.1 \ ++ man/man1/tsscertifyx509.1 man/man1/tsschangeeps.1 man/man1/tsschangepps.1 man/man1/tssclear.1 \ ++ man/man1/tssclearcontrol.1 man/man1/tssclockrateadjust.1 man/man1/tssclockset.1 man/man1/tsscommit.1 \ ++ man/man1/tsscontextload.1 man/man1/tsscontextsave.1 man/man1/tsscreate.1 man/man1/tsscreateek.1 \ ++ man/man1/tsscreateekcert.1 man/man1/tsscreateloaded.1 man/man1/tsscreateprimary.1 \ ++ man/man1/tssdictionaryattacklockreset.1 man/man1/tssdictionaryattackparameters.1 man/man1/tssduplicate.1 \ ++ man/man1/tsseccparameters.1 man/man1/tssecephemeral.1 man/man1/tssencryptdecrypt.1 man/man1/tsseventextend.1 \ ++ man/man1/tsseventsequencecomplete.1 man/man1/tssevictcontrol.1 man/man1/tssflushcontext.1 man/man1/tssgetcapability.1 \ ++ man/man1/tssgetcommandauditdigest.1 man/man1/tssgetcryptolibrary.1 man/man1/tssgetrandom.1 \ ++ man/man1/tssgetsessionauditdigest.1 man/man1/tssgettestresult.1 man/man1/tssgettime.1 man/man1/tsshash.1 \ ++ man/man1/tsshashsequencestart.1 man/man1/tsshierarchychangeauth.1 man/man1/tsshierarchycontrol.1 \ ++ man/man1/tsshmac.1 man/man1/tsshmacstart.1 man/man1/tssimaextend.1 man/man1/tssimport.1 man/man1/tssimportpem.1 \ ++ man/man1/tssload.1 man/man1/tssloadexternal.1 man/man1/tssmakecredential.1 man/man1/tssntc2getconfig.1 \ ++ man/man1/tssntc2lockconfig.1 man/man1/tssntc2preconfig.1 man/man1/tssnvcertify.1 man/man1/tssnvchangeauth.1 \ ++ man/man1/tssnvdefinespace.1 man/man1/tssnvextend.1 man/man1/tssnvglobalwritelock.1 man/man1/tssnvincrement.1 \ ++ man/man1/tssnvread.1 man/man1/tssnvreadlock.1 man/man1/tssnvreadpublic.1 man/man1/tssnvsetbits.1 \ ++ man/man1/tssnvundefinespace.1 man/man1/tssnvundefinespacespecial.1 man/man1/tssnvwrite.1 man/man1/tssnvwritelock.1 \ ++ man/man1/tssobjectchangeauth.1 man/man1/tsspcrallocate.1 man/man1/tsspcrevent.1 man/man1/tsspcrextend.1 \ ++ man/man1/tsspcrread.1 man/man1/tsspcrreset.1 man/man1/tsspolicyauthorize.1 man/man1/tsspolicyauthorizenv.1 \ ++ man/man1/tsspolicyauthvalue.1 man/man1/tsspolicycommandcode.1 man/man1/tsspolicycountertimer.1 \ ++ man/man1/tsspolicycphash.1 man/man1/tsspolicyduplicationselect.1 man/man1/tsspolicygetdigest.1 \ ++ man/man1/tsspolicymaker.1 man/man1/tsspolicymakerpcr.1 man/man1/tsspolicynamehash.1 man/man1/tsspolicynv.1 \ ++ man/man1/tsspolicynvwritten.1 man/man1/tsspolicyor.1 man/man1/tsspolicypassword.1 man/man1/tsspolicypcr.1 \ ++ man/man1/tsspolicyrestart.1 man/man1/tsspolicysecret.1 man/man1/tsspolicysigned.1 man/man1/tsspolicytemplate.1 \ ++ man/man1/tsspolicyticket.1 man/man1/tsspowerup.1 man/man1/tssprintattr.1 man/man1/tsspublicname.1 \ ++ man/man1/tssquote.1 man/man1/tssreadclock.1 man/man1/tssreadpublic.1 man/man1/tssreturncode.1 \ ++ man/man1/tssrewrap.1 man/man1/tssrsadecrypt.1 man/man1/tssrsaencrypt.1 man/man1/tsssequencecomplete.1 \ ++ man/man1/tsssequenceupdate.1 man/man1/tsssetcommandcodeauditstatus.1 man/man1/tsssetprimarypolicy.1 \ ++ man/man1/tssshutdown.1 man/man1/tsssign.1 man/man1/tsssignapp.1 man/man1/tssstartauthsession.1 \ ++ man/man1/tssstartup.1 man/man1/tssstirrandom.1 man/man1/tsstimepacket.1 man/man1/tsstpm2pem.1 \ ++ man/man1/tsstpmcmd.1 man/man1/tsstpmpublic2eccpoint.1 man/man1/tssunseal.1 man/man1/tssverifysignature.1 \ ++ man/man1/tsswriteapp.1 man/man1/tsszgen2phase.1 + + if CONFIG_TPM20 + noinst_HEADERS += tss20.h tssauth20.h ibmtss/tssprintcmd.h +diff --git a/utils12/Makefile.am b/utils12/Makefile.am +index 031d0de..02f4e21 100644 +--- a/utils12/Makefile.am ++++ b/utils12/Makefile.am +@@ -9,7 +9,13 @@ libibmtssutils12_la_CFLAGS = -I$(top_srcdir)/utils + # result: [current-age].age.revision + libibmtssutils12_la_LDFLAGS = -version-info @TSSLIB_VERSION_INFO@ ../utils/libibmtss.la + +-notrans_man_MANS = man/man1/*.1 ++notrans_man_MANS = man/man1/tss1activateidentity.1 man/man1/tss1createekcert.1 man/man1/tss1createendorsementkeypair.1 \ ++ man/man1/tss1createwrapkey.1 man/man1/tss1eventextend.1 man/man1/tss1extend.1 man/man1/tss1flushspecific.1 \ ++ man/man1/tss1getcapability.1 man/man1/tss1imaextend.1 man/man1/tss1loadkey2.1 man/man1/tss1makeekblob.1 \ ++ man/man1/tss1makeidentity.1 man/man1/tss1nvdefinespace.1 man/man1/tss1nvreadvalue.1 man/man1/tss1nvreadvalueauth.1 \ ++ man/man1/tss1nvwritevalue.1 man/man1/tss1nvwritevalueauth.1 man/man1/tss1oiap.1 man/man1/tss1osap.1 \ ++ man/man1/tss1ownerreadinternalpub.1 man/man1/tss1ownersetdisable.1 man/man1/tss1pcrread.1 man/man1/tss1quote2.1 \ ++ man/man1/tss1sign.1 man/man1/tss1startup.1 man/man1/tss1takeownership.1 man/man1/tss1tpminit.1 + noinst_HEADERS = ekutils12.h + + if !CONFIG_TSS_NOPRINT +-- +2.25.1 + diff --git a/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb new file mode 100644 index 0000000..8e941d1 --- /dev/null +++ b/meta-tpm/recipes-tpm2/ibmtpm2tss/ibmtpm2tss_2.2.0.bb @@ -0,0 +1,29 @@ +SUMMARY = "IBM's Software TPM 2.0 TSS" +DESCRIPTION = "This is a user space TSS for TPM 2.0. It implements the \ +functionality equivalent to (but not API compatible with) the TCG TSS \ +working group's ESAPI, SAPI, and TCTI API's (and perhaps more) but with a \ +hopefully simpler interface. \ +It comes with over 110 'TPM tools' samples that can be used for scripted \ +apps, rapid prototyping, education, and debugging. \ +It also comes with a web based TPM interface, suitable for a demo to an \ +audience that is unfamiliar with TCG technology. It is also useful for \ +basic TPM management." +HOMEPAGE = "http://ibmswtpm.sourceforge.net/ibmtss2.html" +LICENSE = "BSD-2-Clause" +SECTION = "securty/tpm" +LIC_FILES_CHKSUM = "file://LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f" + +DEPENDS = "openssl ibmswtpm2" + +inherit autotools pkgconfig + +SRC_URI = "git://git.code.sf.net/p/ibmtpm20tss/tss;protocol=https;branch=master \ + file://0001-utils-12-Makefile.am-expand-wildcards-in-prereqs.patch \ + " +SRCREV = "0b9d77e304f68228b13b20ff0d72b0c16ffd2651" + +UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" + +EXTRA_OECONF = "--disable-tpm-1.2" + +S = "${WORKDIR}/git" diff --git a/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.0.bb b/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb index 991364a..ea2433c 100644 --- a/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.3.0.bb +++ b/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_3.0.0.bb @@ -13,32 +13,32 @@ DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \ libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim" SRC_URI = "\ - git://github.com/tpm2-software/tpm2-abrmd.git \ + https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \ file://tpm2-abrmd-init.sh \ file://tpm2-abrmd.default \ " -SRCREV = "ac82192df1158cb58eac02777cf15c965b02cfbc" +SRC_URI[sha256sum] = "d59aff34164aa705b05155b86607f6b66918a433104f754a3fcf76216dd9f465" -S = "${WORKDIR}/git" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" inherit autotools pkgconfig systemd update-rc.d useradd SYSTEMD_PACKAGES += "${PN}" -SYSTEMD_SERVICE_${PN} = "tpm2-abrmd.service" -SYSTEMD_AUTO_ENABLE_${PN} = "disable" +SYSTEMD_SERVICE:${PN} = "tpm2-abrmd.service" +SYSTEMD_AUTO_ENABLE:${PN} = "disable" INITSCRIPT_NAME = "${PN}" INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "tss" -USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" +GROUPADD_PARAM:${PN} = "tss" +USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" -do_install_append() { +do_install:append() { install -d "${D}${sysconfdir}/init.d" install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" @@ -46,9 +46,9 @@ do_install_append() { install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" } -FILES_${PN} += "${libdir}/systemd/system-preset \ +FILES:${PN} += "${libdir}/systemd/system-preset \ ${datadir}/dbus-1" -RDEPENDS_${PN} += "tpm2-tss" +RDEPENDS:${PN} += "tpm2-tss" BBCLASSEXTEND = "native" diff --git a/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.1.bb new file mode 100644 index 0000000..b676871 --- /dev/null +++ b/meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.1.bb @@ -0,0 +1,21 @@ +SUMMARY = "Provider for integration of TPM 2.0 to OpenSSL 3.0" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=b75785ac083d3c3ca04d99d9e4e1fbab" + +DEPENDS = "autoconf-archive-native tpm2-tss openssl" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" + +SRC_URI[sha256sum] = "5a9bb0c6c61d026272b8843cbc291b5dfa9a55c1661a513b1c980807ad2dad01" + +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + +inherit autotools pkgconfig + +do_configure:prepend() { + # do not extract the version number from git + sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac +} + +FILES:${PN} = "\ + ${libdir}/ossl-modules/tpm2.so" diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch b/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch deleted file mode 100644 index d38e237..0000000 --- a/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch +++ /dev/null @@ -1,12 +0,0 @@ -Upstream-Status: OE specific -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Index: git/bootstrap -=================================================================== ---- git.orig/bootstrap -+++ git/bootstrap -@@ -27,4 +27,3 @@ echo "Generating file lists: ${VARS_FILE - ) > ${VARS_FILE} - - mkdir -p m4 --${AUTORECONF} --install --sym $@ diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb deleted file mode 100644 index 351e03e..0000000 --- a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb +++ /dev/null @@ -1,21 +0,0 @@ -SUMMARY = "A PKCS#11 interface for TPM2 hardware" -DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token." -SECTION = "security/tpm" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=93645981214b60a02688745c14f93c95" - -DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools" - -SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git \ - file://bootstrap_fixup.patch \ - " - -SRCREV = "6de3f6f9c6e0a4983f3fb90e35feb34906f8aea7" - -S = "${WORKDIR}/git" - -inherit autotools-brokensep pkgconfig - -do_configure_prepend () { - ${S}/bootstrap -} diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb new file mode 100644 index 0000000..9dea957 --- /dev/null +++ b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb @@ -0,0 +1,47 @@ +SUMMARY = "A PKCS#11 interface for TPM2 hardware" +DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token." +SECTION = "security/tpm" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab" + +DEPENDS = "autoconf-archive pkgconfig sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" + +SRC_URI[sha256sum] = "35bf06c30cfa76fc0eba2c5f503cf7dd0d34a66afb2d292fee896b90362f633b" + +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + +inherit autotools-brokensep pkgconfig python3native + +EXTRA_OECONF += "--disable-ptool-checks" + +do_compile:append() { + cd ${S}/tools + python3 setup.py build +} + +do_install:append() { + cd ${S}/tools + export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}" + python3 setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build + + sed -i -e "s:${PYTHON}:${USRBINPATH}/env python3:g" "${D}${bindir}"/tpm2_ptool +} + +PACKAGES =+ "${PN}-tools" + +FILES:${PN}-tools = "\ + ${bindir}/tpm2_ptool \ + ${libdir}/${PYTHON_DIR}/* \ + " + +FILES:${PN} += "\ + ${libdir}/pkcs11/* \ + ${datadir}/p11-kit/* \ + " + +INSANE_SKIP:${PN} += "dev-so" + +RDEPENDS:${PN} = "p11-kit tpm2-tools " +RDEPENDS:${PN}-tools = "python3-pyyaml python3-cryptography python3-pyasn1-modules" diff --git a/meta-tpm/recipes-tpm2/tpm2-pytss/python3-tpm2-pytss_2.1.0.bb b/meta-tpm/recipes-tpm2/tpm2-pytss/python3-tpm2-pytss_2.1.0.bb new file mode 100644 index 0000000..c98d4ab --- /dev/null +++ b/meta-tpm/recipes-tpm2/tpm2-pytss/python3-tpm2-pytss_2.1.0.bb @@ -0,0 +1,15 @@ +DESCRIPTION = "TPM2 TSS Python bindings for Enhanced System API (ESYS), Feature API (FAPI), Marshaling (MU), TCTI Loader (TCTILdr), TCTIs, policy, and RC Decoding (rcdecode) libraries" +HOMEPAGE = "https://github.com/tpm2-software/tpm2-pytss" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" + +SRC_URI[sha256sum] = "5b5b4b1456fdc1aeef3d2c3970beaa078c8f7f2648c97a69bcf60c5a2f95c897" + +PYPI_PACKAGE = "tpm2-pytss" + +DEPENDS = "python3-pkgconfig-native python3-pycparser-native python3-asn1crypto-native" +DEPENDS:append = " python3-cryptography-native tpm2-tss" + +inherit autotools pkgconfig pypi setuptools3_legacy + +RDEPENDS:${PN} = "libtss2" diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch index 8a216cd..a238c7f 100644 --- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch +++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch @@ -1,4 +1,4 @@ -Upstream-Status: OE specific +Upstream-Status: Inappropriate [OE specific] Signed-off-by: Armin Kuster <akuster808@gmail.com> Index: git/configure.ac diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/fix_header_file.patch b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/fix_header_file.patch index fc730e1..2554282 100644 --- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/fix_header_file.patch +++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/fix_header_file.patch @@ -4,7 +4,7 @@ Error building for i386 target in cross env ARCH is host arch, not target arch -Upstream-Status: Submitted +Upstream-Status: Submitted Signed-off-by: Armin Kuster <akuster808@gmail.com> Index: git/src/uefi-types.h diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch deleted file mode 100644 index bc70913..0000000 --- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch +++ /dev/null @@ -1,23 +0,0 @@ -Fix defined to match tpm2-tools 4.1.1 - -Upstream-Status: Submitted https://github.com/tpm2-software/tpm2-tcti-uefi/pull/81 -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Index: git/example/tpm2-get-caps-fixed.c -=================================================================== ---- git.orig/example/tpm2-get-caps-fixed.c -+++ git/example/tpm2-get-caps-fixed.c -@@ -140,11 +140,11 @@ dump_tpm_properties_fixed (TPMS_TAGGED_P - Print (L"TPM2_PT_INPUT_BUFFER:\n" - " value: 0x%X\n", value); - break; -- case TPM2_PT_HR_TRANSIENT_MIN: -+ case TPM2_PT_TPM2_HR_TRANSIENT_MIN: - Print (L"TPM2_PT_TPM2_HR_TRANSIENT_MIN:\n" - " value: 0x%X\n", value); - break; -- case TPM2_PT_HR_PERSISTENT_MIN: -+ case TPM2_PT_TPM2_HR_PERSISTENT_MIN: - Print (L"TPM2_PT_TPM2_HR_PERSISTENT_MIN:\n" - " value: 0x%X\n", value); - break; diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch index b3f2287..fe96b40 100644 --- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch +++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch @@ -6,7 +6,7 @@ Subject: [PATCH] configure.ac: stop inserting host directories into compile Do not insert /usr/lib and /usr/lib64 into library search path. -Upstream-Status: OE specific +Upstream-Status: Inappropriate [OE specific] Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com> --- configure.ac | 2 +- diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb index 67b36b7..9c60e2b 100644 --- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb +++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb @@ -4,42 +4,44 @@ LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" DEPENDS = "libtss2-dev libtss2-mu-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native" -SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \ +SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git;branch=master;protocol=https \ file://configure_oe_fixup.patch \ file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \ - file://tpm2-get-caps-fixed.patch \ file://fix_header_file.patch \ - " +" + SRCREV = "0241b08f069f0fdb3612f5c1b938144dbe9be811" +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + S = "${WORKDIR}/git" inherit autotools pkgconfig EFIDIR ?= "/EFI/BOOT" -EFI_ARCH_x86 = "ia32" -EFI_ARCH_x86-64 = "x86_64" +EFI_ARCH:x86 = "ia32" +EFI_ARCH:x86-64 = "x86_64" -CFLAGS_append = " -I${STAGING_INCDIR}/efi -I${STAGING_INCDIR}/efi/${EFI_ARCH}" +CFLAGS:append = " -I${STAGING_INCDIR}/efi -I${STAGING_INCDIR}/efi/${EFI_ARCH}" -EXTRA_OECONF_append = " \ +EXTRA_OECONF:append = " \ --with-efi-includedir=${STAGING_INCDIR} \ --with-efi-crt0=${STAGING_LIBDIR}/crt0-efi-${EFI_ARCH}.o \ --with-efi-lds=${STAGING_LIBDIR}/elf_${EFI_ARCH}_efi.lds \ " -do_compile_append() { +do_compile:append() { oe_runmake example } -do_install_append() { +do_install:append() { install -d "${D}${EFIDIR}" install -m 0755 "${B}"/example/*.efi "${D}${EFIDIR}" } COMPATIBLE_HOST = "(i.86|x86_64).*-linux" -FILES_${PN} += "${EFIDIR}" +FILES:${PN} += "${EFIDIR}" -RDEPENDS_${PN} = "gnu-efi libtss2-mu" +RDEPENDS:${PN} = "gnu-efi libtss2-mu" diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb deleted file mode 100644 index e90dcfe..0000000 --- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb +++ /dev/null @@ -1,17 +0,0 @@ -SUMMARY = "Tools for TPM2." -DESCRIPTION = "tpm2-tools" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc" -SECTION = "tpm" - -DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive" - -SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" - -SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395" -SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1" -SRC_URI[sha1sum] = "d097d321237983435f05c974533ad90e6f20acef" -SRC_URI[sha384sum] = "396547f400e4f5626d7741d77ec543f312d94e6697899f4c36260d15fab3f4f971ad2c0487e6eaa2d60256f3cf68f85f" -SRC_URI[sha512sum] = "25952cf947f0acd16b1a8dbd3ac8573bce85ff970a7e24c290c4f9cd29418e77a3e48ac82c932fbd250887a9303ab301ff92db594c2fffaba47b873382444d26" - -inherit autotools pkgconfig bash-completion diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb new file mode 100644 index 0000000..8119bb1 --- /dev/null +++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.5.bb @@ -0,0 +1,15 @@ +SUMMARY = "Tools for TPM2." +DESCRIPTION = "tpm2-tools" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=a846608d090aa64494c45fc147cc12e3" +SECTION = "tpm" + +DEPENDS = "tpm2-tss openssl curl" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" + +SRC_URI[sha256sum] = "1fdb49c730537bfdaed088884881a61e3bfd121e957ec0bdceeec0261236c123" + +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + +inherit autotools pkgconfig bash-completion diff --git a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.0.bb b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb index 0dad673..d324e33 100644 --- a/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.2.0.bb +++ b/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.3.0.bb @@ -9,9 +9,8 @@ DEPENDS = "autoconf-archive libtss2-dev qrencode" PE = "1" -SRCREV = "994b4203e4769baefa6e7719915629bc8210e90a" -SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=v0.2.x \ - " +SRCREV = "96a1448753a48974149003bc90ea3990ae8e8d0b" +SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git;branch=master;protocol=https" inherit autotools-brokensep pkgconfig diff --git a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb deleted file mode 100644 index 3641b1b..0000000 --- a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.0.1.bb +++ /dev/null @@ -1,23 +0,0 @@ -SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL." -DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures." - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=7b3ab643b9ce041de515d1ed092a36d4" - -SECTION = "security/tpm" - -DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl" - -SRCREV = "fdc8f65dfc8bad8b5a3aed181fae338267308f70" -SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git" - -inherit autotools-brokensep pkgconfig systemd - -S = "${WORKDIR}/git" - -PACKAGES += "${PN}-engines ${PN}-engines-staticdev ${PN}-bash-completion" - -FILES_${PN}-dev = "${libdir}/engines-1.1/tpm2tss.so ${includedir}/*" -FILES_${PN}-engines = "${libdir}/engines-1.1/lib*.so*" -FILES_${PN}-engines-staticdev = "${libdir}/engines-1.1/libtpm2tss.a" -FILES_${PN}-bash-completion += "${datadir}/bash-completion/completions" diff --git a/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb new file mode 100644 index 0000000..89162ee --- /dev/null +++ b/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb @@ -0,0 +1,32 @@ +SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL." +DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures." + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=7b3ab643b9ce041de515d1ed092a36d4" + +SECTION = "security/tpm" + +DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/v${PV}/${BPN}-${PV}.tar.gz" + +SRC_URI[sha256sum] = "ea2941695ac221d23a7f3e1321140e75b1495ae6ade876f2f4c2ed807c65e2a5" + +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + +inherit autotools-brokensep pkgconfig systemd + +# It uses the API deprecated since the OpenSSL 3.0 +CFLAGS:append = ' -Wno-deprecated-declarations -Wno-unused-parameter' + +do_configure:prepend() { + # do not extract the version number from git + sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac +} + +PACKAGES += "${PN}-engines ${PN}-engines-staticdev ${PN}-bash-completion" + +FILES:${PN}-dev = "${libdir}/engines-3/tpm2tss.so ${includedir}/*" +FILES:${PN}-engines = "${libdir}/engines-3/lib*.so*" +FILES:${PN}-engines-staticdev = "${libdir}/engines-3/libtpm2tss.a" +FILES:${PN}-bash-completion += "${datadir}/bash-completion/completions" diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4 b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4 deleted file mode 100644 index d383ad5..0000000 --- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4 +++ /dev/null @@ -1,332 +0,0 @@ -# =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_pthread.html -# =========================================================================== -# -# SYNOPSIS -# -# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) -# -# DESCRIPTION -# -# This macro figures out how to build C programs using POSIX threads. It -# sets the PTHREAD_LIBS output variable to the threads library and linker -# flags, and the PTHREAD_CFLAGS output variable to any special C compiler -# flags that are needed. (The user can also force certain compiler -# flags/libs to be tested by setting these environment variables.) -# -# Also sets PTHREAD_CC to any special C compiler that is needed for -# multi-threaded programs (defaults to the value of CC otherwise). (This -# is necessary on AIX to use the special cc_r compiler alias.) -# -# NOTE: You are assumed to not only compile your program with these flags, -# but also link it with them as well. e.g. you should link with -# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS -# -# If you are only building threads programs, you may wish to use these -# variables in your default LIBS, CFLAGS, and CC: -# -# LIBS="$PTHREAD_LIBS $LIBS" -# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" -# CC="$PTHREAD_CC" -# -# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant -# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name -# (e.g. PTHREAD_CREATE_UNDETACHED on AIX). -# -# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the -# PTHREAD_PRIO_INHERIT symbol is defined when compiling with -# PTHREAD_CFLAGS. -# -# ACTION-IF-FOUND is a list of shell commands to run if a threads library -# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it -# is not found. If ACTION-IF-FOUND is not specified, the default action -# will define HAVE_PTHREAD. -# -# Please let the authors know if this macro fails on any platform, or if -# you have any other suggestions or comments. This macro was based on work -# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help -# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by -# Alejandro Forero Cuervo to the autoconf macro repository. We are also -# grateful for the helpful feedback of numerous users. -# -# Updated for Autoconf 2.68 by Daniel Richard G. -# -# LICENSE -# -# Copyright (c) 2008 Steven G. Johnson <stevenj@alum.mit.edu> -# Copyright (c) 2011 Daniel Richard G. <skunk@iSKUNK.ORG> -# -# This program is free software: you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation, either version 3 of the License, or (at your -# option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General -# Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program. If not, see <http://www.gnu.org/licenses/>. -# -# As a special exception, the respective Autoconf Macro's copyright owner -# gives unlimited permission to copy, distribute and modify the configure -# scripts that are the output of Autoconf when processing the Macro. You -# need not follow the terms of the GNU General Public License when using -# or distributing such scripts, even though portions of the text of the -# Macro appear in them. The GNU General Public License (GPL) does govern -# all other use of the material that constitutes the Autoconf Macro. -# -# This special exception to the GPL applies to versions of the Autoconf -# Macro released by the Autoconf Archive. When you make and distribute a -# modified version of the Autoconf Macro, you may extend this special -# exception to the GPL to apply to your modified version as well. - -#serial 21 - -AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) -AC_DEFUN([AX_PTHREAD], [ -AC_REQUIRE([AC_CANONICAL_HOST]) -AC_LANG_PUSH([C]) -ax_pthread_ok=no - -# We used to check for pthread.h first, but this fails if pthread.h -# requires special compiler flags (e.g. on True64 or Sequent). -# It gets checked for in the link test anyway. - -# First of all, check if the user has set any of the PTHREAD_LIBS, -# etcetera environment variables, and if threads linking works using -# them: -if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - save_LIBS="$LIBS" - LIBS="$PTHREAD_LIBS $LIBS" - AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) - AC_TRY_LINK_FUNC([pthread_join], [ax_pthread_ok=yes]) - AC_MSG_RESULT([$ax_pthread_ok]) - if test x"$ax_pthread_ok" = xno; then - PTHREAD_LIBS="" - PTHREAD_CFLAGS="" - fi - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -fi - -# We must check for the threads library under a number of different -# names; the ordering is very important because some systems -# (e.g. DEC) have both -lpthread and -lpthreads, where one of the -# libraries is broken (non-POSIX). - -# Create a list of thread flags to try. Items starting with a "-" are -# C compiler flags, and other items are library names, except for "none" -# which indicates that we try without any flags at all, and "pthread-config" -# which is a program returning the flags for the Pth emulation library. - -ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" - -# The ordering *is* (sometimes) important. Some notes on the -# individual items follow: - -# pthreads: AIX (must check this before -lpthread) -# none: in case threads are in libc; should be tried before -Kthread and -# other compiler flags to prevent continual compiler warnings -# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) -# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) -# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) -# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) -# -pthreads: Solaris/gcc -# -mthreads: Mingw32/gcc, Lynx/gcc -# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it -# doesn't hurt to check since this sometimes defines pthreads too; -# also defines -D_REENTRANT) -# ... -mt is also the pthreads flag for HP/aCC -# pthread: Linux, etcetera -# --thread-safe: KAI C++ -# pthread-config: use pthread-config program (for GNU Pth library) - -case ${host_os} in - solaris*) - - # On Solaris (at least, for some versions), libc contains stubbed - # (non-functional) versions of the pthreads routines, so link-based - # tests will erroneously succeed. (We need to link with -pthreads/-mt/ - # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather - # a function called by this macro, so we could check for that, but - # who knows whether they'll stub that too in a future libc.) So, - # we'll just look for -pthreads and -lpthread first: - - ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" - ;; - - darwin*) - ax_pthread_flags="-pthread $ax_pthread_flags" - ;; -esac - -# Clang doesn't consider unrecognized options an error unless we specify -# -Werror. We throw in some extra Clang-specific options to ensure that -# this doesn't happen for GCC, which also accepts -Werror. - -AC_MSG_CHECKING([if compiler needs -Werror to reject unknown flags]) -save_CFLAGS="$CFLAGS" -ax_pthread_extra_flags="-Werror" -CFLAGS="$CFLAGS $ax_pthread_extra_flags -Wunknown-warning-option -Wsizeof-array-argument" -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([int foo(void);],[foo()])], - [AC_MSG_RESULT([yes])], - [ax_pthread_extra_flags= - AC_MSG_RESULT([no])]) -CFLAGS="$save_CFLAGS" - -if test x"$ax_pthread_ok" = xno; then -for flag in $ax_pthread_flags; do - - case $flag in - none) - AC_MSG_CHECKING([whether pthreads work without any flags]) - ;; - - -*) - AC_MSG_CHECKING([whether pthreads work with $flag]) - PTHREAD_CFLAGS="$flag" - ;; - - pthread-config) - AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no]) - if test x"$ax_pthread_config" = xno; then continue; fi - PTHREAD_CFLAGS="`pthread-config --cflags`" - PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" - ;; - - *) - AC_MSG_CHECKING([for the pthreads library -l$flag]) - PTHREAD_LIBS="-l$flag" - ;; - esac - - save_LIBS="$LIBS" - save_CFLAGS="$CFLAGS" - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS $ax_pthread_extra_flags" - - # Check for various functions. We must include pthread.h, - # since some functions may be macros. (On the Sequent, we - # need a special flag -Kthread to make this header compile.) - # We check for pthread_join because it is in -lpthread on IRIX - # while pthread_create is in libc. We check for pthread_attr_init - # due to DEC craziness with -lpthreads. We check for - # pthread_cleanup_push because it is one of the few pthread - # functions on Solaris that doesn't have a non-functional libc stub. - # We try pthread_create on general principles. - AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h> - static void routine(void *a) { a = 0; } - static void *start_routine(void *a) { return a; }], - [pthread_t th; pthread_attr_t attr; - pthread_create(&th, 0, start_routine, 0); - pthread_join(th, 0); - pthread_attr_init(&attr); - pthread_cleanup_push(routine, 0); - pthread_cleanup_pop(0) /* ; */])], - [ax_pthread_ok=yes], - []) - - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" - - AC_MSG_RESULT([$ax_pthread_ok]) - if test "x$ax_pthread_ok" = xyes; then - break; - fi - - PTHREAD_LIBS="" - PTHREAD_CFLAGS="" -done -fi - -# Various other checks: -if test "x$ax_pthread_ok" = xyes; then - save_LIBS="$LIBS" - LIBS="$PTHREAD_LIBS $LIBS" - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - - # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. - AC_MSG_CHECKING([for joinable pthread attribute]) - attr_name=unknown - for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do - AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>], - [int attr = $attr; return attr /* ; */])], - [attr_name=$attr; break], - []) - done - AC_MSG_RESULT([$attr_name]) - if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then - AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE], [$attr_name], - [Define to necessary symbol if this constant - uses a non-standard name on your system.]) - fi - - AC_MSG_CHECKING([if more special flags are required for pthreads]) - flag=no - case ${host_os} in - aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";; - osf* | hpux*) flag="-D_REENTRANT";; - solaris*) - if test "$GCC" = "yes"; then - flag="-D_REENTRANT" - else - # TODO: What about Clang on Solaris? - flag="-mt -D_REENTRANT" - fi - ;; - esac - AC_MSG_RESULT([$flag]) - if test "x$flag" != xno; then - PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" - fi - - AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], - [ax_cv_PTHREAD_PRIO_INHERIT], [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <pthread.h>]], - [[int i = PTHREAD_PRIO_INHERIT;]])], - [ax_cv_PTHREAD_PRIO_INHERIT=yes], - [ax_cv_PTHREAD_PRIO_INHERIT=no]) - ]) - AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"], - [AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.])]) - - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" - - # More AIX lossage: compile with *_r variant - if test "x$GCC" != xyes; then - case $host_os in - aix*) - AS_CASE(["x/$CC"], - [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6], - [#handle absolute path differently from PATH based program lookup - AS_CASE(["x$CC"], - [x/*], - [AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])], - [AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])]) - ;; - esac - fi -fi - -test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" - -AC_SUBST([PTHREAD_LIBS]) -AC_SUBST([PTHREAD_CFLAGS]) -AC_SUBST([PTHREAD_CC]) - -# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: -if test x"$ax_pthread_ok" = xyes; then - ifelse([$1],,[AC_DEFINE([HAVE_PTHREAD],[1],[Define if you have POSIX threads libraries and header files.])],[$1]) - : -else - ax_pthread_ok=no - $2 -fi -AC_LANG_POP -])dnl AX_PTHREAD diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch deleted file mode 100644 index ecaca6e..0000000 --- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch +++ /dev/null @@ -1,31 +0,0 @@ -This fixes musl build issue do to missing FD_* defines. -Add sys/select.h - -Upstream-Status: Pending - -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: TPM2.0-TSS/tcti/tcti_socket.cpp -=================================================================== ---- TPM2.0-TSS.orig/tcti/tcti_socket.cpp -+++ TPM2.0-TSS/tcti/tcti_socket.cpp -@@ -28,6 +28,7 @@ - #include <stdio.h> - #include <stdlib.h> // Needed for _wtoi - -+#include "sys/select.h" - #include <sapi/tpm20.h> - #include <tcti/tcti_socket.h> - #include "sysapi_util.h" -Index: TPM2.0-TSS/resourcemgr/resourcemgr.c -=================================================================== ---- TPM2.0-TSS.orig/resourcemgr/resourcemgr.c -+++ TPM2.0-TSS/resourcemgr/resourcemgr.c -@@ -28,6 +28,7 @@ - #include <stdio.h> - #include <stdlib.h> // Needed for _wtoi - -+#include "sys/select.h" - #include <sapi/tpm20.h> - #include <tcti/tcti_device.h> - #include <tcti/tcti_socket.h> diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch new file mode 100644 index 0000000..3f680ba --- /dev/null +++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch @@ -0,0 +1,29 @@ +revert configure: add checks for all tools used by make install + +Not appropriate for cross build env. + +Upstream-Status: Inappropriate [OE specific] +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: tpm2-tss-4.0.1/configure.ac +=================================================================== +--- tpm2-tss-4.0.1.orig/configure.ac ++++ tpm2-tss-4.0.1/configure.ac +@@ -554,17 +554,6 @@ AM_CONDITIONAL(SYSD_SYSUSERS, test "x$systemd_sysusers" = "xyes") + AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes) + AM_CONDITIONAL(SYSD_TMPFILES, test "x$systemd_tmpfiles" = "xyes") + +-# Check all tools used by make install +-AS_IF([test "$HOSTOS" = "Linux" && test "x$systemd_sysusers" != "xyes"], +- [ AC_CHECK_PROG(useradd, useradd, yes) +- AC_CHECK_PROG(groupadd, groupadd, yes) +- AC_CHECK_PROG(adduser, adduser, yes) +- AC_CHECK_PROG(addgroup, addgroup, yes) +- AS_IF([test "x$addgroup" != "xyes" && test "x$groupadd" != "xyes" ], +- [AC_MSG_ERROR([addgroup or groupadd are needed.])]) +- AS_IF([test "x$adduser" != "xyes" && test "x$useradd" != "xyes" ], +- [AC_MSG_ERROR([adduser or useradd are needed.])])]) +- + AC_SUBST([PATH]) + + dnl --------- Doxy Gen ----------------------- diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb deleted file mode 100644 index 135efed..0000000 --- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb +++ /dev/null @@ -1,81 +0,0 @@ -SUMMARY = "Software stack for TPM2." -DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) " -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" -SECTION = "tpm" - -DEPENDS = "autoconf-archive-native libgcrypt openssl" - -SRCREV = "a99e733ba66c359502689a9c42fd5e02ed1dd7d6" - -SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz" -SRC_URI[md5sum] = "fb7e6d371959a65dc6d129af81739742" -SRC_URI[sha256sum] = "82929a0611f39246e09202702a61b54c980ab694626c1f5823520ddf75024fa6" -SRC_URI[sha1sum] = "c24ce8b20a8686ada775239389292f6d78020668" -SRC_URI[sha384sum] = "a0c023c024efb6c9906df1e143d692f44433de332b616dc0584c9b4cd4fb0ad544308f291892e91c5a52ef1a4b2abf7f" -SRC_URI[sha512sum] = "7b679b54f3478c3adee5b6c3135cbe491ffd9f4712991f465edbd6c7d2831e5f1537038ec36f288e9545c719d5d167b61116c924cf5d816220615d0b58a1d436" - -inherit autotools pkgconfig systemd extrausers - -PACKAGECONFIG ??= "" -PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " - -EXTRA_OECONF += "--enable-static --with-udevrulesdir=${base_prefix}/lib/udev/rules.d/" -EXTRA_OECONF_remove = " --disable-static" - - -EXTRA_USERS_PARAMS = "\ - useradd -p '' tss; \ - groupadd tss; \ - " - -PROVIDES = "${PACKAGES}" -PACKAGES = " \ - ${PN} \ - ${PN}-dbg \ - ${PN}-doc \ - libtss2-mu \ - libtss2-mu-dev \ - libtss2-mu-staticdev \ - libtss2-tcti-device \ - libtss2-tcti-device-dev \ - libtss2-tcti-device-staticdev \ - libtss2-tcti-mssim \ - libtss2-tcti-mssim-dev \ - libtss2-tcti-mssim-staticdev \ - libtss2 \ - libtss2-dev \ - libtss2-staticdev \ -" - -FILES_libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" -FILES_libtss2-tcti-device-dev = " \ - ${includedir}/tss2/tss2_tcti_device.h \ - ${libdir}/pkgconfig/tss2-tcti-device.pc \ - ${libdir}/libtss2-tcti-device.so" -FILES_libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" - -FILES_libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" -FILES_libtss2-tcti-mssim-dev = " \ - ${includedir}/tss2/tss2_tcti_mssim.h \ - ${libdir}/pkgconfig/tss2-tcti-mssim.pc \ - ${libdir}/libtss2-tcti-mssim.so" -FILES_libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" - -FILES_libtss2-mu = "${libdir}/libtss2-mu.so.*" -FILES_libtss2-mu-dev = " \ - ${includedir}/tss2/tss2_mu.h \ - ${libdir}/pkgconfig/tss2-mu.pc \ - ${libdir}/libtss2-mu.so" -FILES_libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" - -FILES_libtss2 = "${libdir}/libtss2*so.*" -FILES_libtss2-dev = " \ - ${includedir} \ - ${libdir}/pkgconfig \ - ${libdir}/libtss2*so" -FILES_libtss2-staticdev = "${libdir}/libtss*a" - -FILES_${PN} = "${libdir}/udev ${base_prefix}/lib/udev" - -RDEPENDS_libtss2 = "libgcrypt" diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb new file mode 100644 index 0000000..dceebc2 --- /dev/null +++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_4.0.1.bb @@ -0,0 +1,97 @@ +SUMMARY = "Software stack for TPM2." +DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) " +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" +SECTION = "tpm" + +DEPENDS = "autoconf-archive-native libgcrypt openssl" + +SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \ + file://fixup_hosttools.patch \ + " + +SRC_URI[sha256sum] = "532a70133910b6bd842289915b3f9423c0205c0ea009d65294ca18a74087c950" + +UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases" + +CVE_PRODUCT = "tpm2_software_stack" + +inherit autotools pkgconfig systemd useradd + +PACKAGECONFIG ??= "" +PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, " +PACKAGECONFIG[fapi] = "--enable-fapi,--disable-fapi,curl json-c util-linux-libuuid " +PACKAGECONFIG[policy] = "--enable-policy,--disable-policy,json-c util-linux-libuuid " + +EXTRA_OECONF += "--enable-static --with-udevrulesdir=${nonarch_base_libdir}/udev/rules.d/" +EXTRA_OECONF += "--runstatedir=/run" +EXTRA_OECONF:remove = " --disable-static" + +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM:${PN} = "--system tss" +USERADD_PARAM:${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" + +do_install:append() { + # Remove /run as it is created on startup + rm -rf ${D}/run +} + +PROVIDES = "${PACKAGES}" +PACKAGES = " \ + ${PN} \ + ${PN}-dbg \ + ${PN}-doc \ + libtss2-mu \ + libtss2-mu-dev \ + libtss2-mu-staticdev \ + libtss2-tcti-device \ + libtss2-tcti-device-dev \ + libtss2-tcti-device-staticdev \ + libtss2-tcti-mssim \ + libtss2-tcti-mssim-dev \ + libtss2-tcti-mssim-staticdev \ + libtss2 \ + libtss2-dev \ + libtss2-staticdev \ +" + +FILES:libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*" +FILES:libtss2-tcti-device-dev = " \ + ${includedir}/tss2/tss2_tcti_device.h \ + ${libdir}/pkgconfig/tss2-tcti-device.pc \ + ${libdir}/libtss2-tcti-device.so" +FILES:libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a" + +FILES:libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*" +FILES:libtss2-tcti-mssim-dev = " \ + ${includedir}/tss2/tss2_tcti_mssim.h \ + ${libdir}/pkgconfig/tss2-tcti-mssim.pc \ + ${libdir}/libtss2-tcti-mssim.so" +FILES:libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a" + +FILES:libtss2-mu = "${libdir}/libtss2-mu.so.*" +FILES:libtss2-mu-dev = " \ + ${includedir}/tss2/tss2_mu.h \ + ${libdir}/pkgconfig/tss2-mu.pc \ + ${libdir}/libtss2-mu.so" +FILES:libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a" + +FILES:libtss2 = "${libdir}/libtss2*so.*" +FILES:libtss2-dev = " \ + ${includedir} \ + ${libdir}/pkgconfig \ + ${libdir}/libtss2*so" +FILES:libtss2-staticdev = "${libdir}/libtss*a" + +FILES:${PN} = "\ + ${libdir}/udev \ + /var/lib/tpm2-tss \ + /var/run \ + ${nonarch_base_libdir}/udev \ + ${sysconfdir}/tmpfiles.d \ + ${sysconfdir}/tpm2-tss \ + ${sysconfdir}/sysusers.d" + +RDEPENDS:libtss2 = "libgcrypt" + +BBCLASSEXTEND = "native" |