diff options
| author | Dave Cobbley <david.j.cobbley@linux.intel.com> | 2018-08-14 10:05:37 -0700 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-22 21:26:31 -0400 |
| commit | eb8dc40360f0cfef56fb6947cc817a547d6d9bc6 (patch) | |
| tree | de291a73dc37168da6370e2cf16c347d1eba9df8 /import-layers/meta-security/meta-tpm/recipes-tpm | |
| parent | 9c3cf826d853102535ead04cebc2d6023eff3032 (diff) | |
| download | talos-openbmc-eb8dc40360f0cfef56fb6947cc817a547d6d9bc6.tar.gz talos-openbmc-eb8dc40360f0cfef56fb6947cc817a547d6d9bc6.zip | |
[Subtree] Removing import-layers directory
As part of the move to subtrees, need to bring all the import layers
content to the top level.
Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f
Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'import-layers/meta-security/meta-tpm/recipes-tpm')
33 files changed, 0 insertions, 2191 deletions
diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch deleted file mode 100644 index 9e1021a23..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 09e7dd42e5201d079bad70e9f7cc6033ce1c7cad Mon Sep 17 00:00:00 2001 -From: Stefan Berger <stefanb@linux.vnet.ibm.com> -Date: Fri, 3 Feb 2017 10:58:22 -0500 -Subject: [PATCH] Convert another vdprintf to dprintf - -Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> -Upstream-Status: Backport -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - src/tpm_library.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: git/src/tpm_library.c -=================================================================== ---- git.orig/src/tpm_library.c -+++ git/src/tpm_library.c -@@ -427,7 +427,7 @@ void TPMLIB_LogPrintfA(unsigned int inde - indent = sizeof(spaces) - 1; - memset(spaces, ' ', indent); - spaces[indent] = 0; -- vdprintf(debug_fd, spaces, NULL); -+ dprintf(debug_fd, "%s", spaces); - } - - va_start(args, format); diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch deleted file mode 100644 index a71b5c1c7..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 6a9b4e5d70f770aa9ca31e3e6d3b1ae72c192070 Mon Sep 17 00:00:00 2001 -From: Stefan Berger <stefanb@linux.vnet.ibm.com> -Date: Tue, 31 Jan 2017 20:10:51 -0500 -Subject: [PATCH] Use format '%s' for call to dprintf - -Fix the dprintf call to use a format parameter that otherwise causes -errors with gcc on certain platforms. - -Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> - -Upstream-Status: Backport -replaces local patch -Signed-off-by: Armin Kuster <akuster@mvsita.com> - ---- - src/tpm_library.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: git/src/tpm_library.c -=================================================================== ---- git.orig/src/tpm_library.c -+++ git/src/tpm_library.c -@@ -405,8 +405,8 @@ int TPMLIB_LogPrintf(const char *format, - } - - if (debug_prefix) -- dprintf(debug_fd, debug_prefix); -- dprintf(debug_fd, buffer); -+ dprintf(debug_fd, "%s", debug_prefix); -+ dprintf(debug_fd, "%s", buffer); - - return i; - } diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch deleted file mode 100644 index fc13aa544..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch +++ /dev/null @@ -1,48 +0,0 @@ -Upstream-Status: Pending -Signed-off-by: Armin kuster <akuster808@gmail.com> - -Index: git/src/swtpm/ctrlchannel.c -=================================================================== ---- git.orig/src/swtpm/ctrlchannel.c -+++ git/src/swtpm/ctrlchannel.c -@@ -152,7 +152,8 @@ static int ctrlchannel_receive_state(ptm - uint32_t tpm_number = 0; - unsigned char *blob = NULL; - uint32_t blob_length = be32toh(pss->u.req.length); -- uint32_t remain = blob_length, offset = 0; -+ ssize_t remain = (ssize_t) blob_length; -+ uint32_t offset = 0; - TPM_RESULT res; - uint32_t flags = be32toh(pss->u.req.state_flags); - TPM_BOOL is_encrypted = (flags & PTM_STATE_FLAG_ENCRYPTED) != 0; -Index: git/src/swtpm_ioctl/tpm_ioctl.c -=================================================================== ---- git.orig/src/swtpm_ioctl/tpm_ioctl.c -+++ git/src/swtpm_ioctl/tpm_ioctl.c -@@ -303,7 +303,7 @@ static int do_save_state_blob(int fd, bo - numbytes = write(file_fd, pgs.u.resp.data, - devtoh32(is_chardev, pgs.u.resp.length)); - -- if (numbytes != devtoh32(is_chardev, pgs.u.resp.length)) { -+ if (numbytes != (ssize_t) devtoh32(is_chardev, pgs.u.resp.length)) { - fprintf(stderr, - "Could not write to file '%s': %s\n", - filename, strerror(errno)); -@@ -420,7 +420,7 @@ static int do_load_state_blob(int fd, bo - had_error = true; - break; - } -- pss.u.req.length = htodev32(is_chardev, numbytes); -+ pss.u.req.length = htodev32(is_chardev, (uint32_t) numbytes); - - /* the returnsize is zero on all intermediate packets */ - returnsize = ((size_t)numbytes < sizeof(pss.u.req.data)) -@@ -863,7 +863,7 @@ int main(int argc, char *argv[]) - return EXIT_FAILURE; - } - /* no tpm_result here */ -- printf("ptm capability is 0x%lx\n", (uint64_t)devtoh64(is_chardev, cap)); -+ printf("ptm capability is 0x%llx\n", (uint64_t)devtoh64(is_chardev, cap)); - - } else if (!strcmp(command, "-i")) { - init.u.req.init_flags = htodev32(is_chardev, PTM_INIT_FLAG_DELETE_VOLATILE); diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb b/import-layers/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb deleted file mode 100644 index b29ec6bbe..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb +++ /dev/null @@ -1,18 +0,0 @@ -SUMMARY = "LIBPM - Software TPM Library" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=97e5eea8d700d76b3ddfd35c4c96485f" - -SRCREV = "3388d45082bdc588c6fc0672f44d6d7d0aaa86ff" -SRC_URI = " \ - git://github.com/stefanberger/libtpms.git \ - " - -S = "${WORKDIR}/git" -inherit autotools-brokensep pkgconfig - -PACKAGECONFIG ?= "openssl" -PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" - -PV = "1.0+git${SRCPV}" - -BBCLASSEXTEND = "native" diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch deleted file mode 100644 index 67071b605..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch +++ /dev/null @@ -1,99 +0,0 @@ -commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed -Author: Junxian.Xiao <Junxian.Xiao@windriver.com> -Date: Wed Jun 19 18:57:13 2013 +0800 - -support well-known password in openssl-tpm-engine. - -Add "-z" option to select well known password in create_tpm_key tool. - -Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com> - -diff --git a/create_tpm_key.c b/create_tpm_key.c -index fee917f..7b94d62 100644 ---- a/create_tpm_key.c -+++ b/create_tpm_key.c -@@ -46,6 +46,8 @@ - #include <trousers/tss.h> - #include <trousers/trousers.h> - -+#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/ -+ - #define print_error(a,b) \ - fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \ - a, b, Trspi_Error_String(b)) -@@ -70,6 +72,7 @@ usage(char *argv0) - "\t\t-e|--enc-scheme encryption scheme to use [PKCSV15] or OAEP\n" - "\t\t-q|--sig-scheme signature scheme to use [DER] or SHA1\n" - "\t\t-s|--key-size key size in bits [2048]\n" -+ "\t\t-z|--zerokey use well known 20 bytes zero as SRK password.\n" - "\t\t-a|--auth require a password for the key [NO]\n" - "\t\t-p|--popup use TSS GUI popup dialogs to get the password " - "for the\n\t\t\t\t key [NO] (implies --auth)\n" -@@ -147,6 +150,7 @@ int main(int argc, char **argv) - int asn1_len; - char *filename, c, *openssl_key = NULL; - int option_index, auth = 0, popup = 0, wrap = 0; -+ int wellknownkey = 0; - UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; - UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER; - UINT32 key_size = 2048; -@@ -154,12 +158,15 @@ int main(int argc, char **argv) - - while (1) { - option_index = 0; -- c = getopt_long(argc, argv, "pe:q:s:ahw:", -+ c = getopt_long(argc, argv, "pe:q:s:zahw:", - long_options, &option_index); - if (c == -1) - break; - - switch (c) { -+ case 'z': -+ wellknownkey = 1; -+ break; - case 'a': - initFlags |= TSS_KEY_AUTHORIZATION; - auth = 1; -@@ -293,6 +300,8 @@ int main(int argc, char **argv) - - if (srk_authusage) { - char *authdata = calloc(1, 128); -+ TSS_FLAG secretMode = TSS_SECRET_MODE_PLAIN; -+ int authlen = 0; - - if (!authdata) { - fprintf(stderr, "malloc failed.\n"); -@@ -309,17 +318,26 @@ int main(int argc, char **argv) - exit(result); - } - -- if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) { -- Tspi_Context_CloseObject(hContext, hKey); -- Tspi_Context_Close(hContext); -- free(authdata); -- exit(result); -+ if (wellknownkey) { -+ memset(authdata, 0, TPM_WELL_KNOWN_KEY_LEN); -+ secretMode = TSS_SECRET_MODE_SHA1; -+ authlen = TPM_WELL_KNOWN_KEY_LEN; -+ } -+ else { -+ if (EVP_read_pw_string(authdata, 128, "SRK Password: ", 0)) { -+ Tspi_Context_CloseObject(hContext, hKey); -+ Tspi_Context_Close(hContext); -+ free(authdata); -+ exit(result); -+ } -+ secretMode = TSS_SECRET_MODE_PLAIN; -+ authlen = strlen(authdata); - } - - //Set Secret - if ((result = Tspi_Policy_SetSecret(srkUsagePolicy, -- TSS_SECRET_MODE_PLAIN, -- strlen(authdata), -+ secretMode, -+ authlen, - (BYTE *)authdata))) { - print_error("Tspi_Policy_SetSecret", result); - free(authdata); diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch deleted file mode 100644 index f718f2e64..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch +++ /dev/null @@ -1,80 +0,0 @@ -commit 16dac0cb7b73b8a7088300e45b98ac20819b03ed -Author: Junxian.Xiao <Junxian.Xiao@windriver.com> -Date: Wed Jun 19 18:57:13 2013 +0800 - -support reading SRK password from env TPM_SRK_PW - -Add "env TPM_SRK_PW=xxxx" to set password for libtpm.so. Specially, -use "env TPM_SRK_PW=#WELLKNOWN#" to set well known password. - -Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com> - -diff --git a/e_tpm.c b/e_tpm.c -index f3e8bcf..7dcb75a 100644 ---- a/e_tpm.c -+++ b/e_tpm.c -@@ -38,6 +38,8 @@ - - #include "e_tpm.h" - -+#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/ -+ - //#define DLOPEN_TSPI - - #ifndef OPENSSL_NO_HW -@@ -248,6 +250,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) - TSS_RESULT result; - UINT32 authusage; - BYTE *auth; -+ char *srkPasswd = NULL; -+ TSS_FLAG secretMode = secret_mode; -+ int authlen = 0; -+ - - if (hSRK != NULL_HKEY) { - DBGFN("SRK is already loaded."); -@@ -299,18 +305,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) - return 0; - } - -- if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ", -- cb_data)) { -- Tspi_Context_CloseObject(hContext, hSRK); -- free(auth); -- TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); -- return 0; -+ srkPasswd = getenv("TPM_SRK_PW"); -+ if (NULL != srkPasswd) { -+ if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) { -+ memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN); -+ secretMode = TSS_SECRET_MODE_SHA1; -+ authlen = TPM_WELL_KNOWN_KEY_LEN; -+ } else { -+ int authbuflen = 128; -+ memset(auth, 0, authbuflen); -+ strncpy(auth, srkPasswd, authbuflen-1); -+ secretMode = TSS_SECRET_MODE_PLAIN; -+ authlen = strlen(auth); -+ } -+ } -+ else { -+ if (!tpm_engine_get_auth(ui, (char *)auth, 128, -+ "SRK authorization: ", cb_data)) { -+ Tspi_Context_CloseObject(hContext, hSRK); -+ free(auth); -+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ secretMode = secret_mode; -+ authlen = strlen(auth); - } - - /* secret_mode is a global that may be set by engine ctrl - * commands. By default, its set to TSS_SECRET_MODE_PLAIN */ -- if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secret_mode, -- strlen((char *)auth), auth))) { -+ if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secretMode, -+ authlen, auth))) { - Tspi_Context_CloseObject(hContext, hSRK); - free(auth); - TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch deleted file mode 100644 index d24a150e5..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 7848445a1f4c750ef73bf96f5e89d402f87a1756 Mon Sep 17 00:00:00 2001 -From: Lans Zhang <jia.zhang@windriver.com> -Date: Mon, 19 Jun 2017 14:54:28 +0800 -Subject: [PATCH] Fix not building libtpm.la - -Signed-off-by: Lans Zhang <jia.zhang@windriver.com> ---- - Makefile.am | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/Makefile.am b/Makefile.am -index 6695656..634a7e6 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -10,4 +10,6 @@ libtpm_la_LIBADD=-lcrypto -lc -ltspi - libtpm_la_SOURCES=e_tpm.c e_tpm.h e_tpm_err.c - - create_tpm_key_SOURCES=create_tpm_key.c --create_tpm_key_LDADD=-ltspi -+create_tpm_key_LDFLAGS=-ltspi -+ -+LDADD=libtpm.la --- -2.7.5 - diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch deleted file mode 100644 index a88148fe4..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch +++ /dev/null @@ -1,254 +0,0 @@ -From eb28ad92a2722fd30f8114840cf2b1ade26b80ee Mon Sep 17 00:00:00 2001 -From: Limeng <Meng.Li@windriver.com> -Date: Fri, 23 Jun 2017 11:39:04 +0800 -Subject: [PATCH] tpm:openssl-tpm-engine:parse an encrypted tpm SRK password - from env - -Before, we support reading SRK password from env TPM_SRK_PW, -but it is a plain password and not secure. -So, we improve it and support to get an encrypted (AES algorithm) -SRK password from env, and then parse it. The default decrypting -AES password and salt is set in bb file. -When we initialize TPM, and set a SRK pw, and then we need to -encrypt it with the same AES password and salt by AES algorithm. -At last, we set a env as below: -export TPM_SRK_ENC_PW=xxxxxxxx -"xxxxxxxx" is the encrypted SRK password for libtpm.so. - -Signed-off-by: Meng Li <Meng.Li@windriver.com> ---- - e_tpm.c | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- - e_tpm.h | 4 ++ - e_tpm_err.c | 4 ++ - 3 files changed, 164 insertions(+), 1 deletion(-) - -diff --git a/e_tpm.c b/e_tpm.c -index 7dcb75a..11bf74b 100644 ---- a/e_tpm.c -+++ b/e_tpm.c -@@ -245,6 +245,118 @@ void ENGINE_load_tpm(void) - ERR_clear_error(); - } - -+static int tpm_decode_base64(unsigned char *indata, -+ int in_len, -+ unsigned char *outdata, -+ int *out_len) -+{ -+ int total_len, len, ret; -+ EVP_ENCODE_CTX dctx; -+ -+ EVP_DecodeInit(&dctx); -+ -+ total_len = 0; -+ ret = EVP_DecodeUpdate(&dctx, outdata, &len, indata, in_len); -+ if (ret < 0) { -+ TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED); -+ return 1; -+ } -+ -+ total_len += len; -+ ret = EVP_DecodeFinal(&dctx, outdata, &len); -+ if (ret < 0) { -+ TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED); -+ return 1; -+ } -+ total_len += len; -+ -+ *out_len = total_len; -+ -+ return 0; -+} -+ -+static int tpm_decrypt_srk_pw(unsigned char *indata, int in_len, -+ unsigned char *outdata, -+ int *out_len) -+{ -+ int dec_data_len, dec_data_lenfinal; -+ unsigned char dec_data[256]; -+ unsigned char *aes_pw; -+ unsigned char aes_salt[PKCS5_SALT_LEN]; -+ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; -+ const EVP_CIPHER *cipher = NULL; -+ const EVP_MD *dgst = NULL; -+ EVP_CIPHER_CTX *ctx = NULL; -+ -+ if (sizeof(SRK_DEC_SALT) - 1 > PKCS5_SALT_LEN) { -+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED); -+ return 1; -+ } -+ -+ aes_pw = malloc(sizeof(SRK_DEC_PW) - 1); -+ if (aes_pw == NULL) { -+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED); -+ return 1; -+ } -+ -+ memset(aes_salt, 0x00, sizeof(aes_salt)); -+ memcpy(aes_pw, SRK_DEC_PW, sizeof(SRK_DEC_PW) - 1); -+ memcpy(aes_salt, SRK_DEC_SALT, sizeof(SRK_DEC_SALT) - 1); -+ -+ cipher = EVP_get_cipherbyname("aes-128-cbc"); -+ if (cipher == NULL) { -+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED); -+ free(aes_pw); -+ return 1; -+ } -+ dgst = EVP_sha256(); -+ -+ EVP_BytesToKey(cipher, dgst, aes_salt, (unsigned char *)aes_pw, sizeof(SRK_DEC_PW) - 1, 1, key, iv); -+ -+ ctx = EVP_CIPHER_CTX_new(); -+ /* Don't set key or IV right away; we want to check lengths */ -+ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 0)) { -+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED); -+ free(aes_pw); -+ return 1; -+ } -+ -+ OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16); -+ OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); -+ -+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 0)) { -+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED); -+ free(aes_pw); -+ return 1; -+ } -+ -+ if (!EVP_CipherUpdate(ctx, dec_data, &dec_data_len, indata, in_len)) { -+ /* Error */ -+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED); -+ free(aes_pw); -+ EVP_CIPHER_CTX_free(ctx); -+ return 1; -+ } -+ -+ if (!EVP_CipherFinal_ex(ctx, dec_data + dec_data_len, &dec_data_lenfinal)) { -+ /* Error */ -+ TSSerr(TPM_F_TPM_DECRYPT_SRK_PW, TPM_R_DECRYPT_SRK_PW_FAILED); -+ free(aes_pw); -+ EVP_CIPHER_CTX_free(ctx); -+ return 1; -+ } -+ -+ dec_data_len = dec_data_len + dec_data_lenfinal; -+ -+ memcpy(outdata, dec_data, dec_data_len); -+ *out_len = dec_data_len; -+ -+ free(aes_pw); -+ EVP_CIPHER_CTX_free(ctx); -+ -+ return 0; -+} -+ - int tpm_load_srk(UI_METHOD *ui, void *cb_data) - { - TSS_RESULT result; -@@ -305,8 +417,50 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) - return 0; - } - -- srkPasswd = getenv("TPM_SRK_PW"); -+ srkPasswd = getenv("TPM_SRK_ENC_PW"); - if (NULL != srkPasswd) { -+ int in_len = strlen(srkPasswd); -+ int out_len; -+ unsigned char *out_buf; -+ -+ if (!in_len || in_len % 4) { -+ Tspi_Context_CloseObject(hContext, hSRK); -+ free(auth); -+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ -+ out_len = in_len * 3 / 4; -+ out_buf = malloc(out_len); -+ if (NULL == out_buf) { -+ Tspi_Context_CloseObject(hContext, hSRK); -+ free(auth); -+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ -+ if (tpm_decode_base64(srkPasswd, strlen(srkPasswd), -+ out_buf, &out_len)) { -+ Tspi_Context_CloseObject(hContext, hSRK); -+ free(auth); -+ free(out_buf); -+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ -+ if (tpm_decrypt_srk_pw(out_buf, out_len, -+ auth, &authlen)) { -+ Tspi_Context_CloseObject(hContext, hSRK); -+ free(auth); -+ free(out_buf); -+ TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); -+ return 0; -+ } -+ secretMode = TSS_SECRET_MODE_PLAIN; -+ free(out_buf); -+ } -+#ifdef TPM_SRK_PLAIN_PW -+ else if (NULL != (srkPasswd = getenv("TPM_SRK_PW")) { - if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) { - memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN); - secretMode = TSS_SECRET_MODE_SHA1; -@@ -319,6 +473,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data) - authlen = strlen(auth); - } - } -+#endif - else { - if (!tpm_engine_get_auth(ui, (char *)auth, 128, - "SRK authorization: ", cb_data)) { -diff --git a/e_tpm.h b/e_tpm.h -index 6316e0b..56ff202 100644 ---- a/e_tpm.h -+++ b/e_tpm.h -@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int reason, char *file, int line); - #define TPM_F_TPM_FILL_RSA_OBJECT 116 - #define TPM_F_TPM_ENGINE_GET_AUTH 117 - #define TPM_F_TPM_CREATE_SRK_POLICY 118 -+#define TPM_F_TPM_DECODE_BASE64 119 -+#define TPM_F_TPM_DECRYPT_SRK_PW 120 - - /* Reason codes. */ - #define TPM_R_ALREADY_LOADED 100 -@@ -96,6 +98,8 @@ void ERR_TSS_error(int function, int reason, char *file, int line); - #define TPM_R_ID_INVALID 125 - #define TPM_R_UI_METHOD_FAILED 126 - #define TPM_R_UNKNOWN_SECRET_MODE 127 -+#define TPM_R_DECODE_BASE64_FAILED 128 -+#define TPM_R_DECRYPT_SRK_PW_FAILED 129 - - /* structure pointed to by the RSA object's app_data pointer */ - struct rsa_app_data -diff --git a/e_tpm_err.c b/e_tpm_err.c -index 25a5d0f..439e267 100644 ---- a/e_tpm_err.c -+++ b/e_tpm_err.c -@@ -235,6 +235,8 @@ static ERR_STRING_DATA TPM_str_functs[] = { - {ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"}, - {ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"}, - {ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"}, -+ {ERR_PACK(0, TPM_F_TPM_DECODE_BASE64, 0), "TPM_DECODE_BASE64"}, -+ {ERR_PACK(0, TPM_F_TPM_DECRYPT_SRK_PW, 0), "TPM_DECRYPT_SRK_PW"}, - {0, NULL} - }; - -@@ -265,6 +267,8 @@ static ERR_STRING_DATA TPM_str_reasons[] = { - {TPM_R_FILE_READ_FAILED, "failed reading the key file"}, - {TPM_R_ID_INVALID, "engine id doesn't match"}, - {TPM_R_UI_METHOD_FAILED, "ui function failed"}, -+ {TPM_R_DECODE_BASE64_FAILED, "decode base64 failed"}, -+ {TPM_R_DECRYPT_SRK_PW_FAILED, "decrypt srk password failed"}, - {0, NULL} - }; - --- -2.9.3 - diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch deleted file mode 100644 index 076704de8..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fb44e2814fd819c086f9a4c925427f89c0e8cec6 Mon Sep 17 00:00:00 2001 -From: Limeng <Meng.Li@windriver.com> -Date: Fri, 21 Jul 2017 16:32:02 +0800 -Subject: [PATCH] tpm:openssl-tpm-engine: change variable c type from char - into int - -refer to getopt_long() function definition, its return value type is -int. So, change variable c type from char into int. -On arm platform, when getopt_long() calling fails, if we define c as -char type, its value will be 255, not -1. This will cause code enter -wrong case. - -Signed-off-by: Meng Li <Meng.Li@windriver.com> ---- - create_tpm_key.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/create_tpm_key.c b/create_tpm_key.c -index 7b94d62..f30af90 100644 ---- a/create_tpm_key.c -+++ b/create_tpm_key.c -@@ -148,7 +148,8 @@ int main(int argc, char **argv) - ASN1_OCTET_STRING *blob_str; - unsigned char *blob_asn1 = NULL; - int asn1_len; -- char *filename, c, *openssl_key = NULL; -+ char *filename, *openssl_key = NULL; -+ int c; - int option_index, auth = 0, popup = 0, wrap = 0; - int wellknownkey = 0; - UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; --- -1.7.9.5 - diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb b/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb deleted file mode 100644 index 4854f70e3..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb +++ /dev/null @@ -1,78 +0,0 @@ -DESCRIPTION = "OpenSSL secure engine based on TPM hardware" -HOMEPAGE = "https://sourceforge.net/projects/trousers/" -SECTION = "security/tpm" - -LICENSE = "openssl" -LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52" - -DEPENDS += "openssl trousers" - -SRC_URI = "\ - git://git.code.sf.net/p/trousers/openssl_tpm_engine \ - file://0001-create-tpm-key-support-well-known-key-option.patch \ - file://0002-libtpm-support-env-TPM_SRK_PW.patch \ - file://0003-Fix-not-building-libtpm.la.patch \ - file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \ - file://0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch \ -" -SRCREV = "bbc2b1af809f20686e0d3553a62f0175742c0d60" - -S = "${WORKDIR}/git" - -inherit autotools-brokensep - -# The definitions below are used to decrypt the srk password. -# It is allowed to define the values in 3 forms: string, hex number and -# the hybrid, e.g, -# srk_dec_pw = "incendia" -# srk_dec_pw = "\x69\x6e\x63\x65\x6e\x64\x69\x61" -# srk_dec_pw = "\x1""nc""\x3""nd""\x1""a" -# -# Due to the limit of escape character, the hybrid must be written in -# above style. The actual values defined below in C code style are: -# srk_dec_pw[] = { 0x01, 'n', 'c', 0x03, 'n', 'd', 0x01, 'a' }; -# srk_dec_salt[] = { 'r', 0x00, 0x00, 't' }; -srk_dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\"" -srk_dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\"" - -CFLAGS_append += "-DSRK_DEC_PW=${srk_dec_pw} -DSRK_DEC_SALT=${srk_dec_salt}" - -# Uncomment below line if using the plain srk password for development -#CFLAGS_append += "-DTPM_SRK_PLAIN_PW" - -do_configure_prepend() { - cd "${S}" - cp LICENSE COPYING - touch NEWS AUTHORS ChangeLog -} - -do_install_append() { - install -m 0755 -d "${D}${libdir}/engines" - install -m 0755 -d "${D}${prefix}/local/ssl/lib/engines" - install -m 0755 -d "${D}${libdir}/ssl/engines" - - cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/libtpm.so.0" - cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/engines/libtpm.so" - cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${prefix}/local/ssl/lib/engines/libtpm.so" - mv -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/ssl/engines/libtpm.so" - mv -f "${D}${libdir}/openssl/engines/libtpm.la" "${D}${libdir}/ssl/engines/libtpm.la" - rm -rf "${D}${libdir}/openssl" -} - -FILES_${PN}-staticdev += "${libdir}/ssl/engines/libtpm.la" -FILES_${PN}-dbg += "\ - ${libdir}/ssl/engines/.debug \ - ${libdir}/engines/.debug \ - ${prefix}/local/ssl/lib/engines/.debug \ -" -FILES_${PN} += "\ - ${libdir}/ssl/engines/libtpm.so* \ - ${libdir}/engines/libtpm.so* \ - ${libdir}/libtpm.so* \ - ${prefix}/local/ssl/lib/engines/libtpm.so* \ -" - -RDEPENDS_${PN} += "libcrypto libtspi" - -INSANE_SKIP_${PN} = "libdir" -INSANE_SKIP_${PN}-dbg = "libdir" diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/import-layers/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb deleted file mode 100644 index 0cc4f6370..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb +++ /dev/null @@ -1,25 +0,0 @@ -SUMMARY = "Command line utility to extend hash of arbitrary data into a TPMs PCR." -HOMEPAGE = "https://github.com/flihp/pcr-extend" -SECTION = "security/tpm" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" - -DEPENDS = "libtspi" - -PV = "0.1+git${SRCPV}" -SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316" - -SRC_URI = "git://github.com/flihp/pcr-extend.git " - -inherit autotools - -S = "${WORKDIR}/git" - -do_compile() { - oe_runmake -C ${S}/src -} - -do_install() { - install -d ${D}${bindir} - oe_runmake -C ${S}/src DESTDIR="${D}" install -} diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch deleted file mode 100644 index 3d1643120..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 8750a6c3f0b4d9e7e45b4079150d29eb44774e9c Mon Sep 17 00:00:00 2001 -From: Armin Kuster <akuster@mvista.com> -Date: Tue, 14 Mar 2017 22:59:36 -0700 -Subject: [PATCH 2/4] logging: Fix musl build issue with fcntl - - error: #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl.h> [-Werror=cpp] - #warning redirecting incorrect #include <sys/fcntl.h> to <fcntl. - -Upstream-Status: Pending -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - src/swtpm/logging.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/swtpm/logging.c b/src/swtpm/logging.c -index f16cab6..7da8606 100644 ---- a/src/swtpm/logging.c -+++ b/src/swtpm/logging.c -@@ -45,7 +45,7 @@ - #include <errno.h> - #include <string.h> - #include <sys/types.h> --#include <sys/fcntl.h> -+#include <fcntl.h> - #include <sys/stat.h> - #include <stdio.h> - #include <stdlib.h> --- -2.11.0 - diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch deleted file mode 100644 index 60958f763..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 672bb4ee625da3141ba6cecb0601c7563de4c483 Mon Sep 17 00:00:00 2001 -From: Armin Kuster <akuster808@gmail.com> -Date: Thu, 13 Oct 2016 02:03:56 -0700 -Subject: [PATCH 1/4] swtpm: add new package - -Upstream-Status: Inappropriate [OE config] - -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -Rebased to current tip. - -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> - ---- - configure.ac | 34 ++++++++++------------------------ - 1 file changed, 10 insertions(+), 24 deletions(-) - -diff --git a/configure.ac b/configure.ac -index abf5be1..85ed6ac 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -395,31 +395,17 @@ CFLAGS="$CFLAGS -Wformat -Wformat-security" - dnl We have to make sure libtpms is using the same crypto library - dnl to avoid problems - AC_MSG_CHECKING([the crypto library libtpms is using]) --dirs=$($CC $CFLAGS -Xlinker --verbose 2>/dev/null | \ -- sed -n '/SEARCH_DIR/p' | \ -- sed 's/SEARCH_DIR("\(@<:@^"@:>@*\)"); */\1 /g' | \ -- sed 's|=/|/|g') --for dir in $dirs $LIBRARY_PATH; do -- if test -r $dir/libtpms.so; then -- if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then -- libtpms_cryptolib="openssl" -- break -- fi -- if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then -- libtpms_cryptolib="freebl" -- break -- fi -+dir="$SEARCH_DIR" -+if test -r $dir/libtpms.so; then -+ if test -n "`ldd $dir/libtpms.so | grep libcrypto.so`"; then -+ libtpms_cryptolib="openssl" -+ break - fi -- case $host_os in -- cygwin|openbsd*) -- if test -r $dir/libtpms.a; then -- if test -n "$(nm $dir/libtpms.a | grep "U AES_encrypt")"; then -- libtpms_cryptolib="openssl" -- fi -- fi -- ;; -- esac --done -+ if test -n "`ldd $dir/libtpms.so | grep libnss3.so`"; then -+ libtpms_cryptolib="freebl" -+ break -+ fi -+fi - - if test -z "$libtpms_cryptolib"; then - AC_MSG_ERROR([Could not determine libtpms crypto library.]) --- -2.11.0 - diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch deleted file mode 100644 index d736bc66f..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch +++ /dev/null @@ -1,22 +0,0 @@ -tpm_ioctl: fix musl for missing ioctl - -tpm_ioctl.c: In function 'ioctl_to_cmd': -tpm_ioctl.c:86:26: error: '_IOC_NRSHIFT' undeclared (first use in this function) - return ((ioctlnum >> _IOC_NRSHIFT) & _IOC_NRMASK) + 1; - - -Upstream-status: -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: git/src/swtpm_ioctl/tpm_ioctl.c -=================================================================== ---- git.orig/src/swtpm_ioctl/tpm_ioctl.c -+++ git/src/swtpm_ioctl/tpm_ioctl.c -@@ -58,6 +58,7 @@ - #include <fcntl.h> - #include <unistd.h> - #include <sys/ioctl.h> -+#include <asm/ioctl.h> - #include <getopt.h> - #include <sys/un.h> - #include <sys/types.h> diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb deleted file mode 100644 index 644f3ac13..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb +++ /dev/null @@ -1,53 +0,0 @@ -SUMMARY = "SWTPM - OpenEmbedded wrapper scripts for native swtpm tools" -LICENSE = "MIT" -DEPENDS = "swtpm-native tpm-tools-native net-tools-native" - -inherit native - -# The whole point of the recipe is to make files available -# for use after the build is done, so don't clean up... -RM_WORK_EXCLUDE += "${PN}" - -do_create_wrapper () { - # Wrap (almost) all swtpm binaries. Some get special wrappers and some - # are not needed. - for i in `find ${bindir} ${base_bindir} ${sbindir} ${base_sbindir} -name 'swtpm*' -perm /+x -type f`; do - exe=`basename $i` - case $exe in - swtpm_setup.sh) - cat >${WORKDIR}/swtpm_setup_oe.sh <<EOF -#! /bin/sh -# -# Wrapper around swtpm_setup.sh which adds parameters required to -# run the setup as non-root directly from the native sysroot. - -PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH" -export PATH - -# tcsd only allows to be run as root or tss. Pretend to be root... -exec env ${FAKEROOTENV} ${FAKEROOTCMD} swtpm_setup.sh --config ${STAGING_DIR_NATIVE}/etc/swtpm_setup.conf "\$@" -EOF - ;; - swtpm_setup) - true - ;; - *) - cat >${WORKDIR}/${exe}_oe.sh <<EOF -#! /bin/sh -# -# Wrapper around $exe which makes it easier to invoke -# the right binary. - -PATH="${bindir}:${base_bindir}:${sbindir}:${base_sbindir}:\$PATH" -export PATH - -exec ${exe} "\$@" -EOF - ;; - esac - done - - chmod a+rx ${WORKDIR}/*.sh -} - -addtask do_create_wrapper before do_build after do_prepare_recipe_sysroot diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb b/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb deleted file mode 100644 index 747602000..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb +++ /dev/null @@ -1,61 +0,0 @@ -SUMMARY = "SWTPM - Software TPM Emulator" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8" -SECTION = "apps" - -DEPENDS = "libtasn1 expect socat glib-2.0 libtpm libtpm-native" - -# configure checks for the tools already during compilation and -# then swtpm_setup needs them at runtime -DEPENDS += "tpm-tools-native expect-native socat-native" -RDEPENDS_${PN} += "tpm-tools" - -SRCREV = "4f4f2f0a7e3195f6df8d235d58630a08e69403d8" -SRC_URI = "git://github.com/stefanberger/swtpm.git \ - file://fix_lib_search_path.patch \ - file://fix_fcntl_h.patch \ - file://ioctl_h.patch \ - " - -S = "${WORKDIR}/git" - -inherit autotools-brokensep pkgconfig -PARALLEL_MAKE = "" - -TSS_USER="tss" -TSS_GROUP="tss" - -PACKAGECONFIG ?= "openssl cuse" -PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}" -PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl" -PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls" -PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux" -PACKAGECONFIG[cuse] = "--with-cuse, --without-cuse, fuse" - -EXTRA_OECONF += "--with-tss-user=${TSS_USER} --with-tss-group=${TSS_GROUP}" - -export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}" - -# dup bootstrap -do_configure_prepend () { - libtoolize --force --copy - autoheader - aclocal - automake --add-missing -c - autoconf -} - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "--system ${TSS_USER}" -USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \ - --no-create-home --shell /bin/false ${BPN}" - -RDEPENDS_${PN} = "libtpm expect socat bash" - -BBCLASSEXTEND = "native nativesdk" - -python() { - if 'cuse' in d.getVar('PACKAGECONFIG') and \ - 'filesystems-layer' not in d.getVar('BBFILE_COLLECTIONS').split(): - raise bb.parse.SkipRecipe('Cuse enabled which requires meta-filesystems to be present.') -} diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb b/import-layers/meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb deleted file mode 100644 index 8486d0016..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm-quote-tools/tpm-quote-tools_1.0.4.bb +++ /dev/null @@ -1,23 +0,0 @@ -SUMMARY = "The TPM Quote Tools is a collection of programs that provide support \ - for TPM based attestation using the TPM quote mechanism. \ - " -DESCRIPTION = "The TPM Quote Tools is a collection of programs that provide support \ - for TPM based attestation using the TPM quote mechanism. The manual \ - page for tpm_quote_tools provides a usage overview. \ - \ - TPM Quote Tools has been tested with TrouSerS on Linux and NTRU on \ - Windows XP. It was ported to Windows using MinGW and MSYS. \ - " -HOMEPAGE = "https://sourceforge.net/projects/tpmquotetools/" -SECTION = "security/tpm" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=8ec30b01163d242ecf07d9cd84e3611f" - -DEPENDS = "libtspi tpm-tools" - -SRC_URI = "${SOURCEFORGE_MIRROR}/tpmquotetools/${PV}/${BP}.tar.gz" - -SRC_URI[md5sum] = "6e194f5bc534301bbaef53dc6d22c233" -SRC_URI[sha256sum] = "10dc4eade02635557a9496b388360844cd18e7864e2eb882f5e45ab2fa405ae2" - -inherit autotools diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch deleted file mode 100644 index ab5e68320..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch +++ /dev/null @@ -1,244 +0,0 @@ -Index: tpm-tools-1.3.8/include/tpm_tspi.h -=================================================================== ---- tpm-tools-1.3.8.orig/include/tpm_tspi.h 2011-08-17 08:20:35.000000000 -0400 -+++ tpm-tools-1.3.8/include/tpm_tspi.h 2013-01-05 23:26:31.571598217 -0500 -@@ -117,6 +117,10 @@ - UINT32 *a_PcrSize, BYTE **a_PcrValue); - TSS_RESULT pcrcompositeSetPcrValue(TSS_HPCRS a_hPcrs, UINT32 a_Idx, - UINT32 a_PcrSize, BYTE *a_PcrValue); -+TSS_RESULT tpmPcrExtend(TSS_HTPM a_hTpm, UINT32 a_Idx, -+ UINT32 a_DataSize, BYTE *a_Data, -+ TSS_PCR_EVENT *a_Event, -+ UINT32 *a_PcrSize, BYTE **a_PcrValue); - #ifdef TSS_LIB_IS_12 - TSS_RESULT unloadVersionInfo(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v); - TSS_RESULT pcrcompositeSetPcrLocality(TSS_HPCRS a_hPcrs, UINT32 localityValue); -Index: tpm-tools-1.3.8/lib/tpm_tspi.c -=================================================================== ---- tpm-tools-1.3.8.orig/lib/tpm_tspi.c 2011-08-17 08:20:35.000000000 -0400 -+++ tpm-tools-1.3.8/lib/tpm_tspi.c 2013-01-05 23:27:37.731593490 -0500 -@@ -594,6 +594,20 @@ - return result; - } - -+TSS_RESULT -+tpmPcrExtend(TSS_HTPM a_hTpm, UINT32 a_Idx, -+ UINT32 a_DataSize, BYTE *a_Data, -+ TSS_PCR_EVENT *a_Event, -+ UINT32 *a_PcrSize, BYTE **a_PcrValue) -+{ -+ TSS_RESULT result = -+ Tspi_TPM_PcrExtend(a_hTpm, a_Idx, a_DataSize, a_Data, a_Event, -+ a_PcrSize, a_PcrValue); -+ tspiResult("Tspi_TPM_PcrExtend", result); -+ -+ return result; -+} -+ - #ifdef TSS_LIB_IS_12 - /* - * These getPasswd functions will wrap calls to the other functions and check to see if the TSS -Index: tpm-tools-1.3.8/src/cmds/Makefile.am -=================================================================== ---- tpm-tools-1.3.8.orig/src/cmds/Makefile.am 2011-08-15 13:52:08.000000000 -0400 -+++ tpm-tools-1.3.8/src/cmds/Makefile.am 2013-01-05 23:30:46.223593698 -0500 -@@ -22,6 +22,7 @@ - # - - bin_PROGRAMS = tpm_sealdata \ -+ tpm_extendpcr \ - tpm_unsealdata - - if TSS_LIB_IS_12 -@@ -33,4 +34,5 @@ - LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi $(top_builddir)/lib/libtpm_unseal.la -ltpm_unseal -lcrypto - - tpm_sealdata_SOURCES = tpm_sealdata.c -+tpm_extendpcr_SOURCES = tpm_extendpcr.c - tpm_unsealdata_SOURCES = tpm_unsealdata.c -Index: tpm-tools-1.3.8/src/cmds/tpm_extendpcr.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ tpm-tools-1.3.8/src/cmds/tpm_extendpcr.c 2013-01-05 23:37:43.403585514 -0500 -@@ -0,0 +1,181 @@ -+/* -+ * The Initial Developer of the Original Code is International -+ * Business Machines Corporation. Portions created by IBM -+ * Corporation are Copyright (C) 2005, 2006 International Business -+ * Machines Corporation. All Rights Reserved. -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the Common Public License as published by -+ * IBM Corporation; either version 1 of the License, or (at your option) -+ * any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * Common Public License for more details. -+ * -+ * You should have received a copy of the Common Public License -+ * along with this program; if not, a copy can be viewed at -+ * http://www.opensource.org/licenses/cpl1.0.php. -+ */ -+#include <openssl/evp.h> -+#include <openssl/sha.h> -+#include <limits.h> -+#include "tpm_tspi.h" -+#include "tpm_utils.h" -+#include "tpm_seal.h" -+ -+// #define TPM_EXTENDPCR_DEBUG -+ -+static void help(const char *aCmd) -+{ -+ logCmdHelp(aCmd); -+ logCmdOption("-i, --infile FILE", -+ _ -+ ("Filename containing data to extend PCRs with. Default is STDIN.")); -+ logCmdOption("-p, --pcr NUMBER", -+ _("PCR to extend.")); -+ -+} -+ -+static char in_filename[PATH_MAX] = ""; -+static TSS_HPCRS hPcrs = NULL_HPCRS; -+static TSS_HTPM hTpm; -+static UINT32 selectedPcrs[24]; -+static UINT32 selectedPcrsLen = 0; -+TSS_HCONTEXT hContext = 0; -+ -+static int parse(const int aOpt, const char *aArg) -+{ -+ int rc = -1; -+ -+ switch (aOpt) { -+ case 'i': -+ if (aArg) { -+ strncpy(in_filename, aArg, PATH_MAX); -+ rc = 0; -+ } -+ break; -+ case 'p': -+ if (aArg) { -+ selectedPcrs[selectedPcrsLen++] = atoi(aArg); -+ rc = 0; -+ } -+ break; -+ default: -+ break; -+ } -+ return rc; -+ -+} -+ -+int main(int argc, char **argv) -+{ -+ -+ int iRc = -1; -+ struct option opts[] = { -+ {"infile", required_argument, NULL, 'i'}, -+ {"pcr", required_argument, NULL, 'p'}, -+ }; -+ unsigned char line[EVP_MD_block_size(EVP_sha1()) * 16]; -+ int lineLen; -+ UINT32 i; -+ -+ BIO *bin = NULL; -+ -+ initIntlSys(); -+ -+ if (genericOptHandler(argc, argv, "i:p:", opts, -+ sizeof(opts) / sizeof(struct option), parse, -+ help) != 0) -+ goto out; -+ -+ if (contextCreate(&hContext) != TSS_SUCCESS) -+ goto out; -+ -+ if (contextConnect(hContext) != TSS_SUCCESS) -+ goto out_close; -+ -+ if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) -+ goto out_close; -+ -+ /* Create a BIO for the input file */ -+ if ((bin = BIO_new(BIO_s_file())) == NULL) { -+ logError(_("Unable to open input BIO\n")); -+ goto out_close; -+ } -+ -+ /* Assign the input file to the BIO */ -+ if (strlen(in_filename) == 0) -+ BIO_set_fp(bin, stdin, BIO_NOCLOSE); -+ else if (!BIO_read_filename(bin, in_filename)) { -+ logError(_("Unable to open input file: %s\n"), -+ in_filename); -+ goto out_close; -+ } -+ -+ /* Create the PCRs object. If any PCRs above 15 are selected, this will need to be -+ * a 1.2 TSS/TPM */ -+ if (selectedPcrsLen) { -+ TSS_FLAG initFlag = 0; -+ UINT32 pcrSize; -+ BYTE *pcrValue; -+ -+ for (i = 0; i < selectedPcrsLen; i++) { -+ if (selectedPcrs[i] > 15) { -+#ifdef TSS_LIB_IS_12 -+ initFlag |= TSS_PCRS_STRUCT_INFO_LONG; -+#else -+ logError(_("This version of %s was compiled for a v1.1 TSS, which " -+ "can only seal\n data to PCRs 0-15. PCR %u is out of range" -+ "\n"), argv[0], selectedPcrs[i]); -+ goto out_close; -+#endif -+ } -+ } -+ -+ unsigned char msg[EVP_MAX_MD_SIZE]; -+ unsigned int msglen; -+ EVP_MD_CTX ctx; -+ EVP_DigestInit(&ctx, EVP_sha1()); -+ while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) -+ EVP_DigestUpdate(&ctx, line, lineLen); -+ EVP_DigestFinal(&ctx, msg, &msglen); -+ -+ if (contextCreateObject(hContext, TSS_OBJECT_TYPE_PCRS, initFlag, -+ &hPcrs) != TSS_SUCCESS) -+ goto out_close; -+ -+ for (i = 0; i < selectedPcrsLen; i++) { -+#ifdef TPM_EXTENDPCR_DEBUG -+ if (tpmPcrRead(hTpm, selectedPcrs[i], &pcrSize, &pcrValue) != TSS_SUCCESS) -+ goto out_close; -+ -+ unsigned int j; -+ for (j = 0; j < pcrSize; j++) -+ printf("%02X ", pcrValue[j]); -+ printf("\n"); -+#endif -+ -+ if (tpmPcrExtend(hTpm, selectedPcrs[i], msglen, msg, NULL, &pcrSize, &pcrValue) != TSS_SUCCESS) -+ goto out_close; -+ -+#ifdef TPM_EXTENDPCR_DEBUG -+ for (j = 0; j < pcrSize; j++) -+ printf("%02X ", pcrValue[j]); -+ printf("\n"); -+#endif -+ } -+ } -+ -+ iRc = 0; -+ logSuccess(argv[0]); -+ -+out_close: -+ contextClose(hContext); -+ -+out: -+ if (bin) -+ BIO_free(bin); -+ return iRc; -+} diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb b/import-layers/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb deleted file mode 100644 index f670bffce..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb +++ /dev/null @@ -1,35 +0,0 @@ -SUMMARY = "The tpm-tools package contains commands to allow the platform administrator the ability to manage and diagnose the platform's TPM." -DESCRIPTION = " \ - The tpm-tools package contains commands to allow the platform administrator \ - the ability to manage and diagnose the platform's TPM. Additionally, the \ - package contains commands to utilize some of the capabilities available \ - in the TPM PKCS#11 interface implemented in the openCryptoki project. \ - " -SECTION = "tpm" -LICENSE = "CPL-1.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=059e8cd6165cb4c31e351f2b69388fd9" - -DEPENDS = "libtspi openssl" -DEPENDS_class-native = "trousers-native" - -SRCREV = "5c5126bedf2da97906358adcfb8c43c86e7dd0ee" -SRC_URI = " \ - git://git.code.sf.net/p/trousers/tpm-tools \ - file://tpm-tools-extendpcr.patch \ - " - -PV = "1.3.9.1+git${SRCPV}" - -inherit autotools-brokensep gettext - -S = "${WORKDIR}/git" - -do_configure_prepend () { - mkdir -p po - mkdir -p m4 - cp -R po_/* po/ - touch po/Makefile.in.in - touch m4/Makefile.am -} - -BBCLASSEXTEND = "native" diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd-init.sh b/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd-init.sh deleted file mode 100644 index c8dfb7de3..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd-init.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -### BEGIN INIT INFO -# Provides: tpm2-abrmd -# Required-Start: $local_fs $remote_fs $network -# Required-Stop: $local_fs $remote_fs $network -# Should-Start: -# Should-Stop: -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: starts tpm2-abrmd -# Description: tpm2-abrmd implements the TCG resource manager -### END INIT INFO - -PATH=/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/sbin/tpm2-abrmd -NAME=tpm2-abrmd -DESC="TCG TSS2 Access Broker and Resource Management daemon" -USER="tss" - -test -x "${DAEMON}" || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -case "${1}" in - start) - echo -n "Starting $DESC: " - - if [ ! -e /dev/tpm* ] - then - echo "device driver not loaded, skipping." - exit 0 - fi - - start-stop-daemon --start --quiet --oknodo --background --pidfile /var/run/${NAME}.pid --user ${USER} --chuid ${USER} --exec ${DAEMON} -- ${DAEMON_OPTS} - RETVAL="$?" - echo "$NAME." - [ "$RETVAL" = 0 ] && pidof $DAEMON > /var/run/${NAME}.pid - exit $RETVAL - ;; - - stop) - echo -n "Stopping $DESC: " - - start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/${NAME}.pid --user ${USER} --exec ${DAEMON} - RETVAL="$?" - echo "$NAME." - rm -f /var/run/${NAME}.pid - exit $RETVAL - ;; - - restart|force-reload) - "${0}" stop - sleep 1 - "${0}" start - exit $? - ;; - *) - echo "Usage: ${NAME} {start|stop|restart|force-reload|status}" >&2 - exit 3 - ;; -esac - -exit 0 diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd.default b/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd.default deleted file mode 100644 index 987978a66..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd.default +++ /dev/null @@ -1 +0,0 @@ -DAEMON_OPTS="--tcti=device --logger=syslog --max-connections=20 --max-transient-objects=20 --fail-on-loaded-trans" diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb b/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb deleted file mode 100644 index a5d6843b9..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb +++ /dev/null @@ -1,54 +0,0 @@ -SUMMARY = "TPM2 Access Broker & Resource Manager" -DESCRIPTION = "This is a system daemon implementing the TPM2 access \ -broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) \ -is implemented using Glib and the GObject system. In this documentation and \ -in the code we use `tpm2-abrmd` and `tabrmd` interchangeably. \ -" -SECTION = "security/tpm" - -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" - -DEPENDS += "autoconf-archive dbus glib-2.0 pkgconfig tpm2.0-tss glib-2.0-native" - -SRC_URI = "\ - git://github.com/01org/tpm2-abrmd.git \ - file://tpm2-abrmd-init.sh \ - file://tpm2-abrmd.default \ -" -SRCREV = "59ce1008e5fa3bd5a143437b0f7390851fd25bd8" - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig systemd update-rc.d useradd - -SYSTEMD_PACKAGES += "${PN}" -SYSTEMD_SERVICE_${PN} = "tpm2-abrmd.service" -SYSTEMD_AUTO_ENABLE_${PN} = "disable" - -INITSCRIPT_NAME = "${PN}" -INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "tss" -USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" - -PACKAGECONFIG ?="udev" -PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}" - -PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no" -PACKAGECONFIG[udev] = "--with-udevrulesdir=${sysconfdir}/udev/rules.d, --without-udevrulesdir" - -do_install_append() { - install -d "${D}${sysconfdir}/init.d" - install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd" - - install -d "${D}${sysconfdir}/default" - install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd" -} - -FILES_${PN} += "${libdir}/systemd/system-preset" - -RDEPENDS_${PN} += "libgcc dbus-glib libtss2 libtctidevice libtctisocket" - -BBCLASSEXTEND = "native" diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb b/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb deleted file mode 100644 index 7ec12fc73..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb +++ /dev/null @@ -1,18 +0,0 @@ -SUMMARY = "Tools for TPM2." -DESCRIPTION = "tpm2.0-tools" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819" -SECTION = "tpm" - -DEPENDS = "pkgconfig tpm2.0-tss openssl curl autoconf-archive" - -# July 10, 2017 -SRCREV = "26c0557040c1cf8107fa3ebbcf2a5b07cc84b881" - -SRC_URI = "git://github.com/01org/tpm2.0-tools.git;name=tpm2.0-tools;destsuffix=tpm2.0-tools" - -S = "${WORKDIR}/tpm2.0-tools" - -PV = "2.0.0+git${SRCPV}" - -inherit autotools pkgconfig diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4 b/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4 deleted file mode 100644 index d383ad5c6..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4 +++ /dev/null @@ -1,332 +0,0 @@ -# =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_pthread.html -# =========================================================================== -# -# SYNOPSIS -# -# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) -# -# DESCRIPTION -# -# This macro figures out how to build C programs using POSIX threads. It -# sets the PTHREAD_LIBS output variable to the threads library and linker -# flags, and the PTHREAD_CFLAGS output variable to any special C compiler -# flags that are needed. (The user can also force certain compiler -# flags/libs to be tested by setting these environment variables.) -# -# Also sets PTHREAD_CC to any special C compiler that is needed for -# multi-threaded programs (defaults to the value of CC otherwise). (This -# is necessary on AIX to use the special cc_r compiler alias.) -# -# NOTE: You are assumed to not only compile your program with these flags, -# but also link it with them as well. e.g. you should link with -# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS -# -# If you are only building threads programs, you may wish to use these -# variables in your default LIBS, CFLAGS, and CC: -# -# LIBS="$PTHREAD_LIBS $LIBS" -# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" -# CC="$PTHREAD_CC" -# -# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant -# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name -# (e.g. PTHREAD_CREATE_UNDETACHED on AIX). -# -# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the -# PTHREAD_PRIO_INHERIT symbol is defined when compiling with -# PTHREAD_CFLAGS. -# -# ACTION-IF-FOUND is a list of shell commands to run if a threads library -# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it -# is not found. If ACTION-IF-FOUND is not specified, the default action -# will define HAVE_PTHREAD. -# -# Please let the authors know if this macro fails on any platform, or if -# you have any other suggestions or comments. This macro was based on work -# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help -# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by -# Alejandro Forero Cuervo to the autoconf macro repository. We are also -# grateful for the helpful feedback of numerous users. -# -# Updated for Autoconf 2.68 by Daniel Richard G. -# -# LICENSE -# -# Copyright (c) 2008 Steven G. Johnson <stevenj@alum.mit.edu> -# Copyright (c) 2011 Daniel Richard G. <skunk@iSKUNK.ORG> -# -# This program is free software: you can redistribute it and/or modify it -# under the terms of the GNU General Public License as published by the -# Free Software Foundation, either version 3 of the License, or (at your -# option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General -# Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program. If not, see <http://www.gnu.org/licenses/>. -# -# As a special exception, the respective Autoconf Macro's copyright owner -# gives unlimited permission to copy, distribute and modify the configure -# scripts that are the output of Autoconf when processing the Macro. You -# need not follow the terms of the GNU General Public License when using -# or distributing such scripts, even though portions of the text of the -# Macro appear in them. The GNU General Public License (GPL) does govern -# all other use of the material that constitutes the Autoconf Macro. -# -# This special exception to the GPL applies to versions of the Autoconf -# Macro released by the Autoconf Archive. When you make and distribute a -# modified version of the Autoconf Macro, you may extend this special -# exception to the GPL to apply to your modified version as well. - -#serial 21 - -AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) -AC_DEFUN([AX_PTHREAD], [ -AC_REQUIRE([AC_CANONICAL_HOST]) -AC_LANG_PUSH([C]) -ax_pthread_ok=no - -# We used to check for pthread.h first, but this fails if pthread.h -# requires special compiler flags (e.g. on True64 or Sequent). -# It gets checked for in the link test anyway. - -# First of all, check if the user has set any of the PTHREAD_LIBS, -# etcetera environment variables, and if threads linking works using -# them: -if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - save_LIBS="$LIBS" - LIBS="$PTHREAD_LIBS $LIBS" - AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) - AC_TRY_LINK_FUNC([pthread_join], [ax_pthread_ok=yes]) - AC_MSG_RESULT([$ax_pthread_ok]) - if test x"$ax_pthread_ok" = xno; then - PTHREAD_LIBS="" - PTHREAD_CFLAGS="" - fi - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" -fi - -# We must check for the threads library under a number of different -# names; the ordering is very important because some systems -# (e.g. DEC) have both -lpthread and -lpthreads, where one of the -# libraries is broken (non-POSIX). - -# Create a list of thread flags to try. Items starting with a "-" are -# C compiler flags, and other items are library names, except for "none" -# which indicates that we try without any flags at all, and "pthread-config" -# which is a program returning the flags for the Pth emulation library. - -ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" - -# The ordering *is* (sometimes) important. Some notes on the -# individual items follow: - -# pthreads: AIX (must check this before -lpthread) -# none: in case threads are in libc; should be tried before -Kthread and -# other compiler flags to prevent continual compiler warnings -# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) -# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) -# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) -# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) -# -pthreads: Solaris/gcc -# -mthreads: Mingw32/gcc, Lynx/gcc -# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it -# doesn't hurt to check since this sometimes defines pthreads too; -# also defines -D_REENTRANT) -# ... -mt is also the pthreads flag for HP/aCC -# pthread: Linux, etcetera -# --thread-safe: KAI C++ -# pthread-config: use pthread-config program (for GNU Pth library) - -case ${host_os} in - solaris*) - - # On Solaris (at least, for some versions), libc contains stubbed - # (non-functional) versions of the pthreads routines, so link-based - # tests will erroneously succeed. (We need to link with -pthreads/-mt/ - # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather - # a function called by this macro, so we could check for that, but - # who knows whether they'll stub that too in a future libc.) So, - # we'll just look for -pthreads and -lpthread first: - - ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" - ;; - - darwin*) - ax_pthread_flags="-pthread $ax_pthread_flags" - ;; -esac - -# Clang doesn't consider unrecognized options an error unless we specify -# -Werror. We throw in some extra Clang-specific options to ensure that -# this doesn't happen for GCC, which also accepts -Werror. - -AC_MSG_CHECKING([if compiler needs -Werror to reject unknown flags]) -save_CFLAGS="$CFLAGS" -ax_pthread_extra_flags="-Werror" -CFLAGS="$CFLAGS $ax_pthread_extra_flags -Wunknown-warning-option -Wsizeof-array-argument" -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([int foo(void);],[foo()])], - [AC_MSG_RESULT([yes])], - [ax_pthread_extra_flags= - AC_MSG_RESULT([no])]) -CFLAGS="$save_CFLAGS" - -if test x"$ax_pthread_ok" = xno; then -for flag in $ax_pthread_flags; do - - case $flag in - none) - AC_MSG_CHECKING([whether pthreads work without any flags]) - ;; - - -*) - AC_MSG_CHECKING([whether pthreads work with $flag]) - PTHREAD_CFLAGS="$flag" - ;; - - pthread-config) - AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no]) - if test x"$ax_pthread_config" = xno; then continue; fi - PTHREAD_CFLAGS="`pthread-config --cflags`" - PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" - ;; - - *) - AC_MSG_CHECKING([for the pthreads library -l$flag]) - PTHREAD_LIBS="-l$flag" - ;; - esac - - save_LIBS="$LIBS" - save_CFLAGS="$CFLAGS" - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS $ax_pthread_extra_flags" - - # Check for various functions. We must include pthread.h, - # since some functions may be macros. (On the Sequent, we - # need a special flag -Kthread to make this header compile.) - # We check for pthread_join because it is in -lpthread on IRIX - # while pthread_create is in libc. We check for pthread_attr_init - # due to DEC craziness with -lpthreads. We check for - # pthread_cleanup_push because it is one of the few pthread - # functions on Solaris that doesn't have a non-functional libc stub. - # We try pthread_create on general principles. - AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h> - static void routine(void *a) { a = 0; } - static void *start_routine(void *a) { return a; }], - [pthread_t th; pthread_attr_t attr; - pthread_create(&th, 0, start_routine, 0); - pthread_join(th, 0); - pthread_attr_init(&attr); - pthread_cleanup_push(routine, 0); - pthread_cleanup_pop(0) /* ; */])], - [ax_pthread_ok=yes], - []) - - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" - - AC_MSG_RESULT([$ax_pthread_ok]) - if test "x$ax_pthread_ok" = xyes; then - break; - fi - - PTHREAD_LIBS="" - PTHREAD_CFLAGS="" -done -fi - -# Various other checks: -if test "x$ax_pthread_ok" = xyes; then - save_LIBS="$LIBS" - LIBS="$PTHREAD_LIBS $LIBS" - save_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - - # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. - AC_MSG_CHECKING([for joinable pthread attribute]) - attr_name=unknown - for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do - AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>], - [int attr = $attr; return attr /* ; */])], - [attr_name=$attr; break], - []) - done - AC_MSG_RESULT([$attr_name]) - if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then - AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE], [$attr_name], - [Define to necessary symbol if this constant - uses a non-standard name on your system.]) - fi - - AC_MSG_CHECKING([if more special flags are required for pthreads]) - flag=no - case ${host_os} in - aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";; - osf* | hpux*) flag="-D_REENTRANT";; - solaris*) - if test "$GCC" = "yes"; then - flag="-D_REENTRANT" - else - # TODO: What about Clang on Solaris? - flag="-mt -D_REENTRANT" - fi - ;; - esac - AC_MSG_RESULT([$flag]) - if test "x$flag" != xno; then - PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" - fi - - AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], - [ax_cv_PTHREAD_PRIO_INHERIT], [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <pthread.h>]], - [[int i = PTHREAD_PRIO_INHERIT;]])], - [ax_cv_PTHREAD_PRIO_INHERIT=yes], - [ax_cv_PTHREAD_PRIO_INHERIT=no]) - ]) - AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"], - [AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.])]) - - LIBS="$save_LIBS" - CFLAGS="$save_CFLAGS" - - # More AIX lossage: compile with *_r variant - if test "x$GCC" != xyes; then - case $host_os in - aix*) - AS_CASE(["x/$CC"], - [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6], - [#handle absolute path differently from PATH based program lookup - AS_CASE(["x$CC"], - [x/*], - [AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])], - [AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])]) - ;; - esac - fi -fi - -test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" - -AC_SUBST([PTHREAD_LIBS]) -AC_SUBST([PTHREAD_CFLAGS]) -AC_SUBST([PTHREAD_CC]) - -# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: -if test x"$ax_pthread_ok" = xyes; then - ifelse([$1],,[AC_DEFINE([HAVE_PTHREAD],[1],[Define if you have POSIX threads libraries and header files.])],[$1]) - : -else - ax_pthread_ok=no - $2 -fi -AC_LANG_POP -])dnl AX_PTHREAD diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch deleted file mode 100644 index ecaca6ea5..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch +++ /dev/null @@ -1,31 +0,0 @@ -This fixes musl build issue do to missing FD_* defines. -Add sys/select.h - -Upstream-Status: Pending - -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: TPM2.0-TSS/tcti/tcti_socket.cpp -=================================================================== ---- TPM2.0-TSS.orig/tcti/tcti_socket.cpp -+++ TPM2.0-TSS/tcti/tcti_socket.cpp -@@ -28,6 +28,7 @@ - #include <stdio.h> - #include <stdlib.h> // Needed for _wtoi - -+#include "sys/select.h" - #include <sapi/tpm20.h> - #include <tcti/tcti_socket.h> - #include "sysapi_util.h" -Index: TPM2.0-TSS/resourcemgr/resourcemgr.c -=================================================================== ---- TPM2.0-TSS.orig/resourcemgr/resourcemgr.c -+++ TPM2.0-TSS/resourcemgr/resourcemgr.c -@@ -28,6 +28,7 @@ - #include <stdio.h> - #include <stdlib.h> // Needed for _wtoi - -+#include "sys/select.h" - #include <sapi/tpm20.h> - #include <tcti/tcti_device.h> - #include <tcti/tcti_socket.h> diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb b/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb deleted file mode 100644 index b673c2bfd..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb +++ /dev/null @@ -1,99 +0,0 @@ -SUMMARY = "Software stack for TPM2." -DESCRIPTION = "tpm2.0-tss like woah." -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da" -SECTION = "tpm" - -DEPENDS = "autoconf-archive pkgconfig" - -SRCREV = "b1d9ece8c6bea2e3043943b2edfaebcdca330c38" - -SRC_URI = " \ - git://github.com/tpm2-software/tpm2-tss.git;branch=1.x \ - file://ax_pthread.m4 \ -" - -inherit autotools pkgconfig systemd - -S = "${WORKDIR}/git" - -do_configure_prepend () { - mkdir -p ${S}/m4 - cp ${WORKDIR}/ax_pthread.m4 ${S}/m4 - # execute the bootstrap script - currentdir=$(pwd) - cd ${S} - ACLOCAL="aclocal --system-acdir=${STAGING_DATADIR}/aclocal" ./bootstrap - cd $currentdir -} - -INHERIT += "extrausers" -EXTRA_USERS_PARAMS = "\ - useradd -p '' tss; \ - groupadd tss; \ - " - -SYSTEMD_PACKAGES = "resourcemgr" -SYSTEMD_SERVICE_resourcemgr = "resourcemgr.service" -SYSTEMD_AUTO_ENABLE_resourcemgr = "enable" - -do_patch[postfuncs] += "${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','fix_systemd_unit','', d)}" -fix_systemd_unit () { - sed -i -e 's;^ExecStart=.*/resourcemgr;ExecStart=${sbindir}/resourcemgr;' ${S}/contrib/resourcemgr.service -} - -do_install_append() { - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}${systemd_system_unitdir} - install -m0644 ${S}/contrib/resourcemgr.service ${D}${systemd_system_unitdir}/resourcemgr.service - fi -} - -PROVIDES = "${PACKAGES}" -PACKAGES = " \ - ${PN}-dbg \ - ${PN}-doc \ - libtss2 \ - libtss2-dev \ - libtss2-staticdev \ - libtctidevice \ - libtctidevice-dev \ - libtctidevice-staticdev \ - libtctisocket \ - libtctisocket-dev \ - libtctisocket-staticdev \ - resourcemgr \ -" - -FILES_libtss2 = " \ - ${libdir}/libsapi.so.0.0.0 \ - ${libdir}/libmarshal.so.0.0.0 \ -" -FILES_libtss2-dev = " \ - ${includedir}/sapi \ - ${includedir}/tcti/common.h \ - ${libdir}/libsapi.so* \ - ${libdir}/libmarshal.so* \ - ${libdir}/pkgconfig/sapi.pc \ -" -FILES_libtss2-staticdev = " \ - ${libdir}/libsapi.a \ - ${libdir}/libsapi.la \ - ${libdir}/libmarshal.a \ - ${libdir}/libmarshal.la \ -" -FILES_libtctidevice = "${libdir}/libtcti-device.so.0.0.0" -FILES_libtctidevice-dev = " \ - ${includedir}/tcti/tcti_device.h \ - ${libdir}/libtcti-device.so* \ - ${libdir}/pkgconfig/tcti-device.pc \ -" -FILES_libtctidevice-staticdev = "${libdir}/libtcti-device.*a" -FILES_libtctisocket = "${libdir}/libtcti-socket.so.0.0.0" -FILES_libtctisocket-dev = " \ - ${includedir}/tcti/tcti_socket.h \ - ${libdir}/libtcti-socket.so* \ - ${libdir}/pkgconfig/tcti-socket.pc \ -" -FILES_libtctisocket-staticdev = "${libdir}/libtcti-socket.*a" -FILES_resourcemgr = "${sbindir}/resourcemgr ${systemd_system_unitdir}/resourcemgr.service" diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator-native_138.bb b/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator-native_138.bb deleted file mode 100644 index 866791c29..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator-native_138.bb +++ /dev/null @@ -1,22 +0,0 @@ -SUMMARY = "TPM 2.0 Simulator Extraction Script" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=1415f7be284540b81d9d28c67c1a6b8b" - -DEPENDS = "python" - -SRCREV = "e45324eba268723d39856111e7933c5c76238481" -SRC_URI = "git://github.com/stwagnr/tpm2simulator.git" - -S = "${WORKDIR}/git" -OECMAKE_SOURCEPATH = "${S}/cmake" - -inherit native lib_package cmake - -EXTRA_OECMAKE = " \ - -DCMAKE_BUILD_TYPE=Debug \ - -DSPEC_VERSION=138 \ -" - -do_configure_prepend () { - sed -i 's/^SET = False/SET = True/' ${S}/scripts/settings.py -} diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch deleted file mode 100644 index 7b3cc77c5..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 3396fc7a184293c23135161f034802062f7f3816 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <adraszik@tycoint.com> -Date: Wed, 1 Nov 2017 11:41:48 +0000 -Subject: [PATCH] build: don't override --localstatedir --mandir --sysconfdir -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It is currently impossible to override localstatedir, -mandir and sysconfdir during ./configure, because they -are being overriden unconditionally because of they -way trousers is built using rpmbuild. - -If they need massaging for rpmbuild, the values should -be specified inside the spec file, not in ./configure -and thereby overriding user-requested values. - -With this patch it is now possible to set above -locations as needed. The .spec file is being modified -as well so as to restore previous behaviour. - -Signed-off-by: André Draszik <adraszik@tycoint.com> ---- -Upstream-Status: Submitted [https://sourceforge.net/p/trousers/mailman/message/36099290/] -Signed-off-by: André Draszik <adraszik@tycoint.com> - configure.ac | 11 ++--------- - dist/trousers.spec.in | 2 +- - 2 files changed, 3 insertions(+), 10 deletions(-) - -diff --git a/configure.ac b/configure.ac -index b9626af..7fe5f8e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -376,16 +376,9 @@ CFLAGS="$CFLAGS -I../include \ - KERNEL_VERSION=`uname -r` - AC_SUBST(CFLAGS) - --# When we build the rpms, prefix will be /usr. This'll do some things that make sense, --# like put our sbin stuff in /usr/sbin and our library in /usr/lib. It'll do some other --# things that don't make sense like put our config file in /usr/etc. So, I'll just hack --# it here. If the --prefix option isn't specified during configure, let it all go to -+# If the --prefix option isn't specified during configure, let it all go to - # /usr/local, even /usr/local/etc. :-P --if test x"${prefix}" = x"/usr"; then -- sysconfdir="/etc" -- localstatedir="/var" -- mandir="/usr/share/man" --elif test x"${prefix}" = x"NONE"; then -+if test x"${prefix}" = x"NONE"; then - localstatedir="/usr/local/var" - fi - -diff --git a/dist/trousers.spec.in b/dist/trousers.spec.in -index b298b0e..10ef178 100644 ---- a/dist/trousers.spec.in -+++ b/dist/trousers.spec.in -@@ -45,7 +45,7 @@ applications. - - %build - %{?arch64:export PKG_CONFIG_PATH=%{pkgconfig_path}:$PKG_CONFIG_PATH} --./configure --prefix=/usr --libdir=%{_libdir} -+./configure --prefix=/usr --libdir=%{_libdir} --sysconfdir=/etc --localstatedir=/var --mandir=/usr/share/man - make - - %clean --- -2.15.0.rc1 - diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch b/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch deleted file mode 100644 index 3f5a144d9..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch +++ /dev/null @@ -1,49 +0,0 @@ -trousers: fix compiling with musl - -use POSIX getpwent instead of getpwent_r - -Upstream-Status: Submitted - -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: git/src/tspi/ps/tspps.c -=================================================================== ---- git.orig/src/tspi/ps/tspps.c -+++ git/src/tspi/ps/tspps.c -@@ -66,9 +66,6 @@ get_user_ps_path(char **file) - TSS_RESULT result; - char *file_name = NULL, *home_dir = NULL; - struct passwd *pwp; --#if (defined (__linux) || defined (linux) || defined(__GLIBC__)) -- struct passwd pw; --#endif - struct stat stat_buf; - char buf[PASSWD_BUFSIZE]; - uid_t euid; -@@ -96,24 +93,15 @@ get_user_ps_path(char **file) - #else - setpwent(); - while (1) { --#if (defined (__linux) || defined (linux) || defined(__GLIBC__)) -- rc = getpwent_r(&pw, buf, PASSWD_BUFSIZE, &pwp); -- if (rc) { -- LogDebugFn("USER PS: Error getting path to home directory: getpwent_r: %s", -- strerror(rc)); -- endpwent(); -- return TSPERR(TSS_E_INTERNAL_ERROR); -- } -- --#elif (defined (__FreeBSD__) || defined (__OpenBSD__)) - if ((pwp = getpwent()) == NULL) { - LogDebugFn("USER PS: Error getting path to home directory: getpwent: %s", - strerror(rc)); - endpwent(); -+#if (defined (__FreeBSD__) || defined (__OpenBSD__)) - MUTEX_UNLOCK(user_ps_path); -+#endif - return TSPERR(TSS_E_INTERNAL_ERROR); - } --#endif - if (euid == pwp->pw_uid) { - home_dir = strdup(pwp->pw_dir); - break; diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/tcsd.service b/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/tcsd.service deleted file mode 100644 index 787d4e97b..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/tcsd.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=TCG Core Services Daemon -After=syslog.target - -[Service] -Type=forking -ExecStart=@SBINDIR@/tcsd - -[Install] -WantedBy=multi-user.target diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/trousers-udev.rules b/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/trousers-udev.rules deleted file mode 100644 index 256babd73..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/trousers-udev.rules +++ /dev/null @@ -1,2 +0,0 @@ -# trousers daemon expects tpm device to be owned by tss user & group -KERNEL=="tpm[0-9]*", MODE="0600", OWNER="tss", GROUP="tss" diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/trousers.init.sh b/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/trousers.init.sh deleted file mode 100644 index d0d6cb3c4..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/files/trousers.init.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh - -### BEGIN INIT INFO -# Provides: tcsd trousers -# Required-Start: $local_fs $remote_fs $network -# Required-Stop: $local_fs $remote_fs $network -# Should-Start: -# Should-Stop: -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: starts tcsd -# Description: tcsd belongs to the TrouSerS TCG Software Stack -### END INIT INFO - -PATH=/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/sbin/tcsd -NAME=tcsd -DESC="Trusted Computing daemon" -USER="tss" - -test -x "${DAEMON}" || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -case "${1}" in - start) - echo "Starting $DESC: " - - if [ ! -e /dev/tpm* ] - then - echo "device driver not loaded, skipping." - exit 0 - fi - - start-stop-daemon --start --quiet --oknodo \ - --pidfile /var/run/${NAME}.pid --make-pidfile --background \ - --user ${USER} --chuid ${USER} \ - --exec ${DAEMON} -- ${DAEMON_OPTS} --foreground - RETVAL="$?" - echo "$NAME." - exit $RETVAL - ;; - - stop) - echo "Stopping $DESC: " - - start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/${NAME}.pid --user ${USER} --exec ${DAEMON} - RETVAL="$?" - echo "$NAME." - rm -f /var/run/${NAME}.pid - exit $RETVAL - ;; - - restart|force-reload) - "${0}" stop - sleep 1 - "${0}" start - exit $? - ;; - *) - echo "Usage: ${NAME} {start|stop|restart|force-reload|status}" >&2 - exit 3 - ;; -esac - -exit 0 diff --git a/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb b/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb deleted file mode 100644 index fe8f55714..000000000 --- a/import-layers/meta-security/meta-tpm/recipes-tpm/trousers/trousers_git.bb +++ /dev/null @@ -1,118 +0,0 @@ -SUMMARY = "TrouSerS - An open-source TCG Software Stack implementation." -LICENSE = "BSD" -HOMEPAGE = "http://sourceforge.net/projects/trousers/" -LIC_FILES_CHKSUM = "file://README;startline=3;endline=4;md5=2af28fbed0832e4d83a9e6dd68bb4413" -SECTION = "security/tpm" - -DEPENDS = "openssl" - -SRCREV = "4b9a70d5789b0b74f43957a6c19ab2156a72d3e0" -PV = "0.3.14+git${SRCPV}" - -SRC_URI = " \ - git://git.code.sf.net/p/trousers/trousers \ - file://trousers.init.sh \ - file://trousers-udev.rules \ - file://tcsd.service \ - file://get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch \ - file://0001-build-don-t-override-localstatedir-mandir-sysconfdir.patch \ - " - -S = "${WORKDIR}/git" - -inherit autotools pkgconfig useradd update-rc.d ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} - -PACKAGECONFIG ?= "gmp " -PACKAGECONFIG[gmp] = "--with-gmp, --with-gmp=no, gmp" -PACKAGECONFIG[gtk] = "--with-gui=gtk, --with-gui=none, gtk+" - -do_install () { - oe_runmake DESTDIR=${D} install -} - -do_install_append() { - install -d ${D}${sysconfdir}/init.d - install -m 0755 ${WORKDIR}/trousers.init.sh ${D}${sysconfdir}/init.d/trousers - install -d ${D}${sysconfdir}/udev/rules.d - install -m 0644 ${WORKDIR}/trousers-udev.rules ${D}${sysconfdir}/udev/rules.d/45-trousers.rules - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/tcsd.service ${D}${systemd_unitdir}/system/ - sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/tcsd.service - fi -} - -CONFFILES_${PN} += "${sysconfig}/tcsd.conf" - -PROVIDES = "${PACKAGES}" -PACKAGES = " \ - libtspi \ - libtspi-dbg \ - libtspi-dev \ - libtspi-doc \ - libtspi-staticdev \ - trousers \ - trousers-dbg \ - trousers-doc \ - " - -# libtspi needs tcsd for most (all?) operations, so suggest to -# install that. -RRECOMMENDS_libtspi = "${PN}" - -FILES_libtspi = " \ - ${libdir}/*.so.1 \ - ${libdir}/*.so.1.2.0 \ - " -FILES_libtspi-dbg = " \ - ${libdir}/.debug \ - ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/tspi \ - ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/trspi \ - ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/include/*.h \ - ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/include/tss \ - " -FILES_libtspi-dev = " \ - ${includedir} \ - ${libdir}/*.so \ - " -FILES_libtspi-doc = " \ - ${mandir}/man3 \ - " -FILES_libtspi-staticdev = " \ - ${libdir}/*.la \ - ${libdir}/*.a \ - " -FILES_${PN} = " \ - ${sbindir}/tcsd \ - ${sysconfdir} \ - ${localstatedir} \ - " - -FILES_${PN}-dev += "${libdir}/trousers" - -FILES_${PN}-dbg = " \ - ${sbindir}/.debug \ - ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/tcs \ - ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/tcsd \ - ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/tddl \ - ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/trousers \ - ${prefix}/src/debug/${PN}/${PV}-${PR}/git/src/include/trousers \ - " -FILES_${PN}-doc = " \ - ${mandir}/man5 \ - ${mandir}/man8 \ - " - -INITSCRIPT_NAME = "trousers" -INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ." - -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "--system tss" -USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss" - -SYSTEMD_PACKAGES = "${PN}" -SYSTEMD_SERVICE_${PN} = "tcsd.service" -SYSTEMD_AUTO_ENABLE = "disable" - -BBCLASSEXTEND = "native" |
