From patchwork Fri Feb 2 15:56:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Carlos Santos X-Patchwork-Id: 868652 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zY1p131czz9t0m for ; Sat, 3 Feb 2018 02:57:13 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 16AFA8A01F; Fri, 2 Feb 2018 15:57:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4N4-vfEDRPjF; Fri, 2 Feb 2018 15:57:06 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 8C2BF89FF7; Fri, 2 Feb 2018 15:57:06 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 3622C1CF018 for ; Fri, 2 Feb 2018 15:57:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 31A57893E1 for ; Fri, 2 Feb 2018 15:57:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 29n-tXiLGl31 for ; Fri, 2 Feb 2018 15:57:03 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail.datacom.ind.br (mx.datacom.ind.br [177.66.5.10]) by whitealder.osuosl.org (Postfix) with ESMTPS id 6BA2689422 for ; Fri, 2 Feb 2018 15:57:03 +0000 (UTC) Received: from mail.datacom.ind.br (localhost [127.0.0.1]) by mail.datacom.ind.br (Postfix) with ESMTPS id 9B83E16C7A13 for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) Received: from localhost (localhost [127.0.0.1]) by mail.datacom.ind.br (Postfix) with ESMTP id 8D88916C7527 for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) Received: from mail.datacom.ind.br ([127.0.0.1]) by localhost (mail.datacom.ind.br [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 0X-LQTR781E7 for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) Received: from pedeld202344.datacom.net (pedeld202344.datacom.net [10.0.120.87]) by mail.datacom.ind.br (Postfix) with ESMTPSA id 70ECB16C8A17 for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) From: Carlos Santos To: buildroot@buildroot.org Date: Fri, 2 Feb 2018 13:56:11 -0200 Message-Id: <20180202155614.26938-2-casantos@datacom.ind.br> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180202155614.26938-1-casantos@datacom.ind.br> References: <20180202155614.26938-1-casantos@datacom.ind.br> Subject: [Buildroot] [PATCH 1/4] tpm2-tss: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" OSS implementation of the TCG TPM2 Software Stack (TSS2). This stack consists of the following layers from top to bottom: * System API (SAPI) as described in the system level API and TPM command transmission interface specification. This API is a 1-to-1 mapping of the TPM2 commands documented in Part 3 of the TPM2 specification. Additionally there are asynchronous versions of each command. These asynchronous variants may be useful for integration into event-driven programming environments. Both the synchronous and asynchronous API are exposed through a single library: libsapi. * TPM Command Transmission Interface (TCTI) that is described in the same specification. This API provides a standard interface to transmit / receive TPM command / response buffers. It is expected that any number of libraries implementing the TCTI API will be implemented as a way to abstract various platform specific IPC mechanisms. Currently this repository provides two TCTI implementations: libtcti-device and libtcti-socket. The prior should be used for direct access to the TPM through the Linux kernel driver. The later implements the protocol exposed by the Microsoft software TPM2 simulator. Signed-off-by: Carlos Santos --- package/Config.in | 1 + package/tpm2-tss/Config.in | 32 ++++++++++++++++++++++++++++++++ package/tpm2-tss/tpm2-tss.hash | 3 +++ package/tpm2-tss/tpm2-tss.mk | 14 ++++++++++++++ 4 files changed, 50 insertions(+) create mode 100644 package/tpm2-tss/Config.in create mode 100644 package/tpm2-tss/tpm2-tss.hash create mode 100644 package/tpm2-tss/tpm2-tss.mk diff --git a/package/Config.in b/package/Config.in index f398c20cab..2e1a78efa2 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1056,6 +1056,7 @@ menu "Crypto" source "package/openssl/Config.in" source "package/rhash/Config.in" source "package/tinydtls/Config.in" + source "package/tpm2-tss/Config.in" source "package/trousers/Config.in" source "package/ustream-ssl/Config.in" source "package/wolfssl/Config.in" diff --git a/package/tpm2-tss/Config.in b/package/tpm2-tss/Config.in new file mode 100644 index 0000000000..1eb69d3e93 --- /dev/null +++ b/package/tpm2-tss/Config.in @@ -0,0 +1,32 @@ +config BR2_PACKAGE_TPM2_TSS + bool "tpm2-tss" + depends on BR2_i386 || BR2_x86_64 + select BR2_PACKAGE_LIBURIPARSER + help + OSS implementation of the Trusted Computing Group's (TCG) TPM2 + Software Stack (TSS). This stack consists of the following + layers from top to bottom: + + * System API (SAPI) as described in the system level API and + TPM command transmission interface specification. This API + is a 1-to-1 mapping of the TPM2 commands documented in Part + 3 of the TPM2 specification. Additionally there are + asynchronous versions of each command. These asynchronous + variants may be useful for integration into event-driven + programming environments. Both the synchronous and + asynchronous API are exposed through a single library: + libsapi. + + * TPM Command Transmission Interface (TCTI) that is described + in the same specification. This API provides a standard + interface to transmit / receive TPM command / response + buffers. It is expected that any number of libraries + implementing the TCTI API will be implemented as a way to + abstract various platform specific IPC mechanisms. Currently + this repository provides two TCTI implementations: + libtcti-device and libtcti-socket. The prior should be used + for direct access to the TPM through the Linux kernel + driver. The later implements the protocol exposed by the + Microsoft software TPM2 simulator. + + https://github.com/tpm2-software/tpm2-tss diff --git a/package/tpm2-tss/tpm2-tss.hash b/package/tpm2-tss/tpm2-tss.hash new file mode 100644 index 0000000000..df1c6d8b58 --- /dev/null +++ b/package/tpm2-tss/tpm2-tss.hash @@ -0,0 +1,3 @@ +# Locally computed: +sha256 c7d627de50394e9a02593edb1ce74e1bbac17831be726c54f689507f0c41a78a tpm2-tss-1.3.0.tar.gz +sha256 18c1bf4b1ba1fb2c4ffa7398c234d83c0d55475298e470ae1e5e3a8a8bd2e448 LICENSE diff --git a/package/tpm2-tss/tpm2-tss.mk b/package/tpm2-tss/tpm2-tss.mk new file mode 100644 index 0000000000..709602860f --- /dev/null +++ b/package/tpm2-tss/tpm2-tss.mk @@ -0,0 +1,14 @@ +################################################################################ +# +# tpm2-tss +# +################################################################################ + +TPM2_TSS_VERSION = 1.3.0 +TPM2_TSS_SITE = https://github.com/tpm2-software/tpm2-tss/releases/download/$(TPM2_TSS_VERSION) +TPM2_TSS_LICENSE = BSD-2-Clause +TPM2_TSS_LICENSE_FILES = LICENSE +TPM2_TSS_INSTALL_STAGING = YES +TPM2_TSS_DEPENDENCIES = liburiparser host-pkgconf + +$(eval $(autotools-package)) From patchwork Fri Feb 2 15:56:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Carlos Santos X-Patchwork-Id: 868654 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zY1p76dVRz9sRV for ; Sat, 3 Feb 2018 02:57:19 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 5EB738A016; Fri, 2 Feb 2018 15:57:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id krcgHRutwVF6; Fri, 2 Feb 2018 15:57:11 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id C15BB8A043; Fri, 2 Feb 2018 15:57:11 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 3243A1CEF86 for ; Fri, 2 Feb 2018 15:57:07 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 2DD6787B4D for ; Fri, 2 Feb 2018 15:57:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zgY3yn4e7Y0k for ; Fri, 2 Feb 2018 15:57:03 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail.datacom.ind.br (mx.datacom.ind.br [177.66.5.10]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 9A52688BE7 for ; Fri, 2 Feb 2018 15:57:03 +0000 (UTC) Received: from mail.datacom.ind.br (localhost [127.0.0.1]) by mail.datacom.ind.br (Postfix) with ESMTPS id B332D16C7527 for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) Received: from localhost (localhost [127.0.0.1]) by mail.datacom.ind.br (Postfix) with ESMTP id A556116C8A17 for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) Received: from mail.datacom.ind.br ([127.0.0.1]) by localhost (mail.datacom.ind.br [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id AA8pKoexukIX for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) Received: from pedeld202344.datacom.net (pedeld202344.datacom.net [10.0.120.87]) by mail.datacom.ind.br (Postfix) with ESMTPSA id 7549716C8ACA for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) From: Carlos Santos To: buildroot@buildroot.org Date: Fri, 2 Feb 2018 13:56:12 -0200 Message-Id: <20180202155614.26938-3-casantos@datacom.ind.br> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180202155614.26938-1-casantos@datacom.ind.br> References: <20180202155614.26938-1-casantos@datacom.ind.br> Subject: [Buildroot] [PATCH 2/4] tpm2-abrmd: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This is a system daemon implementing the TPM2 access broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) is implemented using Glib and the GObject system. Communication between the daemon and clients using the TPM is done with a combination of DBus and Unix pipes. DBus is used for discovery, session management and the 'cancel', 'setLocality', and 'getPollHandles' API calls (mostly these aren't yet implemented). Pipes are used to send and receive TPM commands and responses (respectively) between client and server. The daemon owns the com.intel.tss2.Tabrmd name on dbus. It can be configured to connect to either the system or the session bus. The package also provides a client library for interacting with the daemon via TPM Command Transmission Interface (TCTI). It is intended for use with the SAPI library (libsapi) like any other TCTI. Signed-off-by: Carlos Santos --- package/Config.in | 1 + package/tpm2-abrmd/Config.in | 26 +++++++++++ package/tpm2-abrmd/S30devtpmperms | 37 ++++++++++++++++ package/tpm2-abrmd/S80tpm2-abrmd | 74 +++++++++++++++++++++++++++++++ package/tpm2-abrmd/etc.default.tpm2-abrmd | 1 + package/tpm2-abrmd/tpm2-abrmd.hash | 3 ++ package/tpm2-abrmd/tpm2-abrmd.mk | 36 +++++++++++++++ 7 files changed, 178 insertions(+) create mode 100644 package/tpm2-abrmd/Config.in create mode 100755 package/tpm2-abrmd/S30devtpmperms create mode 100755 package/tpm2-abrmd/S80tpm2-abrmd create mode 100644 package/tpm2-abrmd/etc.default.tpm2-abrmd create mode 100644 package/tpm2-abrmd/tpm2-abrmd.hash create mode 100644 package/tpm2-abrmd/tpm2-abrmd.mk diff --git a/package/Config.in b/package/Config.in index 2e1a78efa2..c078d14688 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1996,6 +1996,7 @@ menu "System tools" source "package/sysvinit/Config.in" source "package/tar/Config.in" source "package/tpm-tools/Config.in" + source "package/tpm2-abrmd/Config.in" source "package/unscd/Config.in" source "package/util-linux/Config.in" source "package/xen/Config.in" diff --git a/package/tpm2-abrmd/Config.in b/package/tpm2-abrmd/Config.in new file mode 100644 index 0000000000..796f9ea7f9 --- /dev/null +++ b/package/tpm2-abrmd/Config.in @@ -0,0 +1,26 @@ +config BR2_PACKAGE_TPM2_ABRMD + bool "tpm2-abrmd" + depends on BR2_i386 || BR2_x86_64 + depends on BR2_USE_WCHAR # libglib2 + depends on BR2_TOOLCHAIN_HAS_THREADS # dbus, libglib2 + depends on BR2_USE_MMU # dbus, libglib2 + select BR2_PACKAGE_DBUS + select BR2_PACKAGE_LIBGLIB2 + select BR2_PACKAGE_TPM2_TSS + help + A system daemon implementing the TPM2 access broker (TAB) & + Resource Manager (RM) spec from the TCG. It should be started + during the OS boot process. Communication between the daemon + and clients using the TPM is done with a combination of DBus + and Unix pipes. + + The package also provides a client library for interacting + with the daemon via TPM Command Transmission Interface (TCTI). + It is intended for use with the SAPI library (libsapi) like + any other TCTI. + + https://github.com/tpm2-software/tpm2-abrmd + +comment "tpm2-abrmd needs a toolchain w/ wchar, threads" + depends on BR2_USE_MMU + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS diff --git a/package/tpm2-abrmd/S30devtpmperms b/package/tpm2-abrmd/S30devtpmperms new file mode 100755 index 0000000000..5d9c42d182 --- /dev/null +++ b/package/tpm2-abrmd/S30devtpmperms @@ -0,0 +1,37 @@ +#!/bin/sh +# +# Set the permissions of /dev/tpm[0-9]* +# + +check_device() { + ls -1 /dev/tpm[0-9]* > /dev/null 2>&1 || { + echo "device driver not loaded, skipping." + exit 0 + } +} + +start() { + printf "Setting the ownership and permissions of /dev/tpm: " + check_device + chown tss:tss /dev/tpm[0-9]* && chmod 600 /dev/tpm* \ + && echo "OK" || echo "FAIL" +} + +stop() { + printf "Restoring the ownership and permissions of /dev/tpm: " + check_device + chown root:root /dev/tpm[0-9]* && chmod 600 /dev/tpm \ + && echo "OK" || echo "FAIL" +} + +case "$1" in + start|restart|reload) + start + ;; + stop) + stop + ;; + *) + echo "Usage: $0 {start|stop|restart}" + exit 1 +esac diff --git a/package/tpm2-abrmd/S80tpm2-abrmd b/package/tpm2-abrmd/S80tpm2-abrmd new file mode 100755 index 0000000000..053bffdb4f --- /dev/null +++ b/package/tpm2-abrmd/S80tpm2-abrmd @@ -0,0 +1,74 @@ +#!/bin/sh + +my_name="$0" + +check_required_files() { + [ -x "$1" ] || { + echo "$my_name: $1 is missing" + exit 1 + } + [ -z "$2" ] || [ -f "$2" ] || { + echo "$my_name: $2 is missing" + exit 1 + } +} + +check_device() { + ls -1 /dev/tpm[0-9]* > /dev/null 2>&1 || { + echo "device driver not loaded, skipping." + exit 0 + } +} + +rm_stale_pidfile() { + if [ -e "$1" ]; then + exe="/proc/$(cat "$1")/exe" + { [ -s "$exe" ] && [ "$(readlink -f "$exe")" = "$2" ]; } || rm -f "$1" + fi +} + +start() { + printf "Starting tpm2-abrmd: " + check_device + rm_stale_pidfile /var/run/tpm2-abrmd.pid /usr/sbin/tpm2-abrmd + start-stop-daemon -S -q -o -b -p /var/run/tpm2-abrmd.pid -c tss:tss -x /usr/sbin/tpm2-abrmd -- ${DAEMON_OPTS} || { + echo "FAIL" + exit 1 + } + pidof /usr/sbin/tpm2-abrmd > /var/run/tpm2-abrmd.pid + echo "OK" +} + +stop() { + printf "Stopping tpm2-abrmd: " + start-stop-daemon -K -q -o -p /var/run/tpm2-abrmd.pid -u tss -x /usr/sbin/tpm2-abrmd || { + echo "FAIL" + exit 1 + } + rm_stale_pidfile /var/run/tpm2-abrmd.pid /usr/sbin/tpm2-abrmd + echo "OK" +} + +check_required_files /usr/sbin/tpm2-abrmd /etc/dbus-1/system.d/tpm2-abrmd.conf + +# Read configuration variable file if it is present +[ -r /etc/default/tpm2-abrmd ] && . /etc/default/tpm2-abrmd + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart|reload) + stop + sleep 1 + start + ;; + *) + echo "Usage: tpm2-abrmd {start|stop|restart|reload}" >&2 + exit 1 +esac + +exit 0 diff --git a/package/tpm2-abrmd/etc.default.tpm2-abrmd b/package/tpm2-abrmd/etc.default.tpm2-abrmd new file mode 100644 index 0000000000..987978a665 --- /dev/null +++ b/package/tpm2-abrmd/etc.default.tpm2-abrmd @@ -0,0 +1 @@ +DAEMON_OPTS="--tcti=device --logger=syslog --max-connections=20 --max-transient-objects=20 --fail-on-loaded-trans" diff --git a/package/tpm2-abrmd/tpm2-abrmd.hash b/package/tpm2-abrmd/tpm2-abrmd.hash new file mode 100644 index 0000000000..503b83e5e3 --- /dev/null +++ b/package/tpm2-abrmd/tpm2-abrmd.hash @@ -0,0 +1,3 @@ +# Locally computed: +sha256 e20d2796c3097f9eec8410cec6a99d1532769d1cc138d6d9331c8ee1f0d305a4 tpm2-abrmd-1.2.0.tar.gz +sha256 18c1bf4b1ba1fb2c4ffa7398c234d83c0d55475298e470ae1e5e3a8a8bd2e448 LICENSE diff --git a/package/tpm2-abrmd/tpm2-abrmd.mk b/package/tpm2-abrmd/tpm2-abrmd.mk new file mode 100644 index 0000000000..c2c3bfed46 --- /dev/null +++ b/package/tpm2-abrmd/tpm2-abrmd.mk @@ -0,0 +1,36 @@ +################################################################################ +# +# tpm2-abrmd +# +################################################################################ + +TPM2_ABRMD_VERSION = 1.2.0 +TPM2_ABRMD_SITE = https://github.com/tpm2-software/tpm2-abrmd/releases/download/$(TPM2_ABRMD_VERSION) +TPM2_ABRMD_LICENSE = BSD-2-Clause +TPM2_ABRMD_LICENSE_FILES = LICENSE +TPM2_ABRMD_INSTALL_STAGING = YES +TPM2_ABRMD_DEPENDENCIES = dbus libglib2 tpm2-tss host-pkgconf + +TPM2_ABRMD_CONF_OPTS += \ + --with-systemdsystemunitdir=$(if $(BR2_INIT_SYSTEMD),/usr/lib/systemd/system,no) \ + --with-udevrulesdir=$(if $(BR2_PACKAGE_HAS_UDEV),/usr/lib/udev/rules.d,no) + +define TPM2_ABRMD_INSTALL_INIT_SYSTEMD + $(TARGET_MAKE_ENV) $(MAKE1) -C $(@D) DESTDIR=$(TARGET_DIR) \ + install-systemdpresetDATA install-systemdsystemunitDATA +endef + +# Without udev we need an init script to set the ownership of /dev/tpm[0-9]* +define TPM2_ABRMD_INSTALL_INIT_SYSV + $(INSTALL) -D -m 0755 -t $(TARGET_DIR)/etc/init.d \ + $(if $(BR2_PACKAGE_HAS_UDEV),,$(TPM2_ABRMD_PKGDIR)/S30devtpmperms) \ + $(TPM2_ABRMD_PKGDIR)/S80tpm2-abrmd + $(INSTALL) -D -m 0644 $(TPM2_ABRMD_PKGDIR)/etc.default.tpm2-abrmd \ + $(TARGET_DIR)/etc/default/tpm2-abrmd +endef + +define TPM2_ABRMD_USERS + tss -1 tss -1 * - - - TPM2 Access Broker & Resource Management daemon +endef + +$(eval $(autotools-package)) From patchwork Fri Feb 2 15:56:13 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Carlos Santos X-Patchwork-Id: 868655 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zY1pB6DLVz9sRV for ; Sat, 3 Feb 2018 02:57:22 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 491A38A007; Fri, 2 Feb 2018 15:57:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id snbzsiSD0PJP; Fri, 2 Feb 2018 15:57:10 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 41A258A029; Fri, 2 Feb 2018 15:57:10 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 967631CEF86 for ; Fri, 2 Feb 2018 15:57:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 929DF30596 for ; Fri, 2 Feb 2018 15:57:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K47KGJVRX19v for ; Fri, 2 Feb 2018 15:57:03 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail.datacom.ind.br (mx.datacom.ind.br [177.66.5.10]) by silver.osuosl.org (Postfix) with ESMTPS id 75D1030535 for ; Fri, 2 Feb 2018 15:57:03 +0000 (UTC) Received: from mail.datacom.ind.br (localhost [127.0.0.1]) by mail.datacom.ind.br (Postfix) with ESMTPS id B095B16C7410 for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) Received: from localhost (localhost [127.0.0.1]) by mail.datacom.ind.br (Postfix) with ESMTP id A242C16C7527 for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) Received: from mail.datacom.ind.br ([127.0.0.1]) by localhost (mail.datacom.ind.br [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id UGA_IEOKmc3N for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) Received: from pedeld202344.datacom.net (pedeld202344.datacom.net [10.0.120.87]) by mail.datacom.ind.br (Postfix) with ESMTPSA id 83F4216C7410 for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) From: Carlos Santos To: buildroot@buildroot.org Date: Fri, 2 Feb 2018 13:56:13 -0200 Message-Id: <20180202155614.26938-4-casantos@datacom.ind.br> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180202155614.26938-1-casantos@datacom.ind.br> References: <20180202155614.26938-1-casantos@datacom.ind.br> Subject: [Buildroot] [PATCH 3/4] tpm2-tools: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" TPM (Trusted Platform Module) 2.0 CLI tools based on system API of TPM2-TSS. These tools can be used to manage keys, perform encryption/decryption/signing/etc crypto operations, and manage non-volatile storage through a TPM2.0 HW implementation. Signed-off-by: Carlos Santos --- package/Config.in | 1 + .../tpm2-tools/0001-Fix-build-with-LibreSSL.patch | 64 ++++++++++++++++++++++ package/tpm2-tools/Config.in | 17 ++++++ package/tpm2-tools/tpm2-tools.hash | 3 + package/tpm2-tools/tpm2-tools.mk | 13 +++++ 5 files changed, 98 insertions(+) create mode 100644 package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch create mode 100644 package/tpm2-tools/Config.in create mode 100644 package/tpm2-tools/tpm2-tools.hash create mode 100644 package/tpm2-tools/tpm2-tools.mk diff --git a/package/Config.in b/package/Config.in index c078d14688..8be3a7c73b 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1997,6 +1997,7 @@ menu "System tools" source "package/tar/Config.in" source "package/tpm-tools/Config.in" source "package/tpm2-abrmd/Config.in" + source "package/tpm2-tools/Config.in" source "package/unscd/Config.in" source "package/util-linux/Config.in" source "package/xen/Config.in" diff --git a/package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch b/package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch new file mode 100644 index 0000000000..0fdd2dc4dd --- /dev/null +++ b/package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch @@ -0,0 +1,64 @@ +From 7f8d9359dcf9edbb13bb447f70234397afa4fb05 Mon Sep 17 00:00:00 2001 +From: Carlos Santos +Date: Tue, 30 Jan 2018 11:21:14 -0200 +Subject: [PATCH] Fix build with LibreSSL + +OPENSSL_VERSION_NUMBER is used to test the version of OpenSSL but this +test alone breaks the build with LibreSSL due to implicit declarations +of functions 'RSA_set0_key' and 'HMAC_CTX_free'. + +Test if OpenSSL < 1.1.0 or LIBRESSL_VERSION_NUMBER is defined, instead. + +Signed-off-by: Carlos Santos +--- + lib/conversion.c | 2 +- + lib/tpm_kdfa.c | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/lib/conversion.c b/lib/conversion.c +index 1d0a0b7..df02de4 100644 +--- a/lib/conversion.c ++++ b/lib/conversion.c +@@ -133,7 +133,7 @@ static bool tpm2_convert_pubkey_ssl(TPMT_PUBLIC *public, pubkey_format format, c + goto error; + } + +-#if OPENSSL_VERSION_NUMBER < 0x1010000fL /* OpenSSL 1.1.0 */ ++#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0 */ + ssl_rsa_key->e = e; + ssl_rsa_key->n = n; + #else +diff --git a/lib/tpm_kdfa.c b/lib/tpm_kdfa.c +index ee3cf8a..e43bdeb 100644 +--- a/lib/tpm_kdfa.c ++++ b/lib/tpm_kdfa.c +@@ -54,7 +54,7 @@ static const EVP_MD *tpm_algorithm_to_openssl_digest(TPMI_ALG_HASH algorithm) { + static HMAC_CTX *hmac_alloc() + { + HMAC_CTX *ctx; +-#if OPENSSL_VERSION_NUMBER < 0x1010000fL /* OpenSSL 1.1.0 */ ++#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0 */ + ctx = malloc(sizeof(*ctx)); + #else + ctx = HMAC_CTX_new(); +@@ -62,7 +62,7 @@ static HMAC_CTX *hmac_alloc() + if (!ctx) + return NULL; + +-#if OPENSSL_VERSION_NUMBER < 0x1010000fL ++#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER) + HMAC_CTX_init(ctx); + #endif + +@@ -71,7 +71,7 @@ static HMAC_CTX *hmac_alloc() + + static void hmac_del(HMAC_CTX *ctx) + { +-#if OPENSSL_VERSION_NUMBER < 0x1010000fL ++#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER) + HMAC_CTX_cleanup(ctx); + free(ctx); + #else +-- +2.14.3 + diff --git a/package/tpm2-tools/Config.in b/package/tpm2-tools/Config.in new file mode 100644 index 0000000000..583fb33076 --- /dev/null +++ b/package/tpm2-tools/Config.in @@ -0,0 +1,17 @@ +config BR2_PACKAGE_TPM2_TOOLS + bool "tpm2-tools" + depends on BR2_i386 || BR2_x86_64 + select BR2_PACKAGE_DBUS + select BR2_PACKAGE_LIBCURL + select BR2_PACKAGE_LIBGLIB2 + select BR2_PACKAGE_OPENSSL + select BR2_PACKAGE_TPM2_ABRMD # run-time + select BR2_PACKAGE_TPM2_TSS + help + TPM (Trusted Platform Module) 2.0 CLI tools based on system + API of TPM2-TSS. These tools can be used to manage keys, + perform encryption/decryption/signing/etc crypto operations, + and manage non-volatile storage through a TPM2.0 HW + implementation. + + https://github.com/tpm2-software/tpm2-tools diff --git a/package/tpm2-tools/tpm2-tools.hash b/package/tpm2-tools/tpm2-tools.hash new file mode 100644 index 0000000000..e33b3e5945 --- /dev/null +++ b/package/tpm2-tools/tpm2-tools.hash @@ -0,0 +1,3 @@ +# Locally computed: +sha256 c990c0656165afef0fad61e1852a9a189a4b93b43d2a684b151a5dc0b3c6249d tpm2-tools-3.0.3.tar.gz +sha256 3d6b149c8b042bd5f3db678d587fbe55230d071ca084bd38dcae451679c6dd45 LICENSE diff --git a/package/tpm2-tools/tpm2-tools.mk b/package/tpm2-tools/tpm2-tools.mk new file mode 100644 index 0000000000..0697900d2d --- /dev/null +++ b/package/tpm2-tools/tpm2-tools.mk @@ -0,0 +1,13 @@ +################################################################################ +# +# tpm2-tools +# +################################################################################ + +TPM2_TOOLS_VERSION = 3.0.3 +TPM2_TOOLS_SITE = https://github.com/tpm2-software/tpm2-tools/releases/download/$(TPM2_TOOLS_VERSION) +TPM2_TOOLS_LICENSE = BSD-2-Clause +TPM2_TOOLS_LICENSE_FILES = LICENSE +TPM2_TOOLS_DEPENDENCIES = dbus libcurl libglib2 openssl tpm2-tss host-pkgconf + +$(eval $(autotools-package)) From patchwork Fri Feb 2 15:56:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Carlos Santos X-Patchwork-Id: 868653 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zY1p51fPZz9sRV for ; Sat, 3 Feb 2018 02:57:17 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 0C5BD895AE; Fri, 2 Feb 2018 15:57:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sx1UwFiPnn8z; Fri, 2 Feb 2018 15:57:08 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id C6BA4895A0; Fri, 2 Feb 2018 15:57:07 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 43EA51CEF86 for ; Fri, 2 Feb 2018 15:57:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 41A3988BF0 for ; Fri, 2 Feb 2018 15:57:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id upqGUeFaGz6S for ; Fri, 2 Feb 2018 15:57:03 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail.datacom.ind.br (mx.datacom.ind.br [177.66.5.10]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 9A53888BE9 for ; Fri, 2 Feb 2018 15:57:03 +0000 (UTC) Received: from mail.datacom.ind.br (localhost [127.0.0.1]) by mail.datacom.ind.br (Postfix) with ESMTPS id BB07D16C83EE for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) Received: from localhost (localhost [127.0.0.1]) by mail.datacom.ind.br (Postfix) with ESMTP id AED2316C9013 for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) Received: from mail.datacom.ind.br ([127.0.0.1]) by localhost (mail.datacom.ind.br [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 70Zw0uePJBBz for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) Received: from pedeld202344.datacom.net (pedeld202344.datacom.net [10.0.120.87]) by mail.datacom.ind.br (Postfix) with ESMTPSA id 9304B16C6BBC for ; Fri, 2 Feb 2018 13:57:00 -0200 (-02) From: Carlos Santos To: buildroot@buildroot.org Date: Fri, 2 Feb 2018 13:56:14 -0200 Message-Id: <20180202155614.26938-5-casantos@datacom.ind.br> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180202155614.26938-1-casantos@datacom.ind.br> References: <20180202155614.26938-1-casantos@datacom.ind.br> Subject: [Buildroot] [PATCH 4/4] DEVELOPERS: add myself for tpm2-{abrmd, tools, tss}. X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Signed-off-by: Carlos Santos --- DEVELOPERS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/DEVELOPERS b/DEVELOPERS index 9048d45b16..3abf030eb1 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -386,6 +386,9 @@ F: package/libpam-radius-auth/ F: package/libpam-tacplus/ F: package/perl-file-util/ F: package/util-linux/ +F: package/tpm2-abrmd/ +F: package/tpm2-tools/ +F: package/tpm2-tss/ N: Carsten Schoenert F: package/dvbsnoop/