reset upstream subtrees to HEAD
Reset the following subtrees on HEAD:
poky: 8217b477a1(master)
meta-xilinx: 64aa3d35ae(master)
meta-openembedded: 0435c9e193(master)
meta-raspberrypi: 490a4441ac(master)
meta-security: cb6d1c85ee(master)
Squashed patches:
meta-phosphor: drop systemd 239 patches
meta-phosphor: mrw-api: use correct install path
Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-security/meta-tpm/conf/distro/include/maintainers.inc b/meta-security/meta-tpm/conf/distro/include/maintainers.inc
new file mode 100644
index 0000000..74c1a18
--- /dev/null
+++ b/meta-security/meta-tpm/conf/distro/include/maintainers.inc
@@ -0,0 +1,39 @@
+# meta-tpm Maintainers File
+#
+# This file contains a list of recipe maintainers.
+#
+# Please submit any patches against recipes in meta to the
+# Yocto mail list (yocto@yoctoproject.org)
+#
+# If you have problems with or questions about a particular recipe, feel
+# free to contact the maintainer directly (cc:ing the appropriate mailing list
+# puts it in the archive and helps other people who might have the same
+# questions in the future), but please try to do the following first:
+#
+# - look in the Yocto Project Bugzilla
+# (http://bugzilla.yoctoproject.org/) to see if a problem has
+# already been reported
+#
+# The format is as a bitbake variable override for each recipe
+#
+# RECIPE_MAINTAINER_pn-<recipe name> = "Full Name <address@domain>"
+#
+# Please keep this list in alphabetical order.
+RECIPE_MAINTAINER_pn-aircrack-ng = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-pcr-extend = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-tpm-quote-tools = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-libtpm = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-trousers = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-swtpm = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-openssl-tpm-engine = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-tpm-tools = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-tpm2-abrmd = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-tpm2-totp = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-tpm2-tcti-uefi = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-tpm2-tss-engine = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-tpm2-pkcs11 = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-tpm2-tss = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-cryptsetup-tpm-incubator = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-tpm2-tools = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-ibmswtpm2 = "Armin Kuster <akuster808@gmail.com>"
+
diff --git a/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py b/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
new file mode 100644
index 0000000..240a9b3
--- /dev/null
+++ b/meta-security/meta-tpm/lib/oeqa/runtime/cases/tpm2.py
@@ -0,0 +1,43 @@
+# Copyright (C) 2019 Armin Kuster <akuster808@gmail.com>
+#
+from oeqa.runtime.case import OERuntimeTestCase
+from oeqa.core.decorator.depends import OETestDepends
+from oeqa.runtime.decorator.package import OEHasPackage
+
+
+class Tpm2Test(OERuntimeTestCase):
+ def check_endlines(self, results, expected_endlines):
+ for line in results.splitlines():
+ for el in expected_endlines:
+ if line == el:
+ expected_endlines.remove(el)
+ break
+
+ if expected_endlines:
+ self.fail('Missing expected line endings:\n %s' % '\n '.join(expected_endlines))
+
+ @OEHasPackage(['tpm2.0-tss'])
+ @OEHasPackage(['tpm2-abrmd'])
+ @OEHasPackage(['tpm2.0-tools'])
+ @OEHasPackage(['ibmswtpm2'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_tpm2_sim(self):
+ cmds = [
+ 'tpm_server &',
+ 'tpm2-abrmd --allow-root --tcti=mssim &'
+ ]
+
+ for cmd in cmds:
+ status, output = self.target.run(cmd)
+ self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
+
+ @OETestDepends(['tpm2.Tpm2Test.test_tpm2_sim'])
+ def test_tpm2(self):
+ (status, output) = self.target.run('tpm2_pcrlist')
+ expected_endlines = []
+ expected_endlines.append('sha1 :')
+ expected_endlines.append(' 0 : 0000000000000000000000000000000000000003')
+ expected_endlines.append(' 1 : 0000000000000000000000000000000000000000')
+
+ self.check_endlines(output, expected_endlines)
+
diff --git a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
index c4c8fb2..5ded3a2 100644
--- a/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
+++ b/meta-security/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
@@ -9,10 +9,15 @@
SUMMARY_packagegroup-security-tpm2 = "Security TPM 2.0 support"
RDEPENDS_packagegroup-security-tpm2 = " \
- tpm2.0-tools \
+ tpm2-tools \
trousers \
libtss2 \
libtss2-tcti-device \
libtss2-tcti-mssim \
tpm2-abrmd \
+ tpm2-pkcs11 \
+ cryptsetup-tpm-incubator \
"
+
+RDEPENDS_packagegroup-security-tpm2_append_x86 = " tpm2-tcti-uefi"
+RDEPENDS_packagegroup-security-tpm2_append_x86-64 = " tpm2-tcti-uefi"
diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.6.0.bb
similarity index 70%
rename from meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
rename to meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.6.0.bb
index a930d7b..a882960 100644
--- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_0.6.0.bb
@@ -2,8 +2,10 @@
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"
-SRCREV = "4111bd1bcf721e6e7b5f11ed9c2b93083677aa25"
-SRC_URI = "git://github.com/stefanberger/libtpms.git"
+SRCREV = "9dc915572b51db0714640ba1ddf8cca9c0f24f05"
+SRC_URI = "git://github.com/stefanberger/libtpms.git;branch=stable-${PV}"
+
+PE = "1"
S = "${WORKDIR}/git"
inherit autotools-brokensep pkgconfig
@@ -11,6 +13,4 @@
PACKAGECONFIG ?= "openssl"
PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
-PV = "1.0+git${SRCPV}"
-
BBCLASSEXTEND = "native"
diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.1.0.bb
similarity index 77%
rename from meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
rename to meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.1.0.bb
index 3fe1393..42de8b1 100644
--- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_0.1.0.bb
@@ -9,11 +9,12 @@
# then swtpm_setup needs them at runtime
DEPENDS += "tpm-tools-native expect-native socat-native"
-SRCREV = "94bb9f2d716d09bcc6cd2a2e033018f8592008e7"
-SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=tpm2-preview.v2 \
+SRCREV = "d803d84575ab3e5dac316bf863c7f569a27ea35f"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=stable-${PV} \
file://fix_fcntl_h.patch \
file://ioctl_h.patch \
"
+PE = "1"
S = "${WORKDIR}/git"
@@ -23,8 +24,9 @@
TSS_USER="tss"
TSS_GROUP="tss"
-PACKAGECONFIG ?= "openssl cuse"
+PACKAGECONFIG ?= "openssl"
PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
+PACKAGECONFIG += "${@bb.utils.contains('BBFILE_COLLECTIONS', 'filesystems-layer', 'cuse', '', d)}"
PACKAGECONFIG[openssl] = "--with-openssl, --without-openssl, openssl"
PACKAGECONFIG[gnutls] = "--with-gnutls, --without-gnutls, gnutls"
PACKAGECONFIG[selinux] = "--with-selinux, --without-selinux, libselinux"
@@ -39,12 +41,11 @@
USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \
--no-create-home --shell /bin/false ${BPN}"
+PACKAGE_BEFORE_PN = "${PN}-cuse"
+FILES_${PN}-cuse = "${bindir}/swtpm_cuse"
+
+INSANE_SKIP_${PN} += "dev-so"
+
RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools"
BBCLASSEXTEND = "native nativesdk"
-
-python() {
- if 'cuse' in d.getVar('PACKAGECONFIG') and \
- 'filesystems-layer' not in d.getVar('BBFILE_COLLECTIONS').split():
- raise bb.parse.SkipRecipe('Cuse enabled which requires meta-filesystems to be present.')
-}
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb
deleted file mode 100644
index 3f40eb7..0000000
--- a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb
+++ /dev/null
@@ -1,15 +0,0 @@
-SUMMARY = "Tools for TPM2."
-DESCRIPTION = "tpm2.0-tools"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819"
-SECTION = "tpm"
-
-DEPENDS = "pkgconfig tpm2.0-tss openssl curl autoconf-archive"
-
-SRCREV = "5e2f1aafc58e60c5050f85147a14914561f28ad9"
-
-SRC_URI = "git://github.com/01org/tpm2.0-tools.git;name=tpm2.0-tools;destsuffix=tpm2.0-tools;branch=3.X"
-
-S = "${WORKDIR}/tpm2.0-tools"
-
-inherit autotools pkgconfig
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb b/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb
deleted file mode 100644
index 866791c..0000000
--- a/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb
+++ /dev/null
@@ -1,22 +0,0 @@
-SUMMARY = "TPM 2.0 Simulator Extraction Script"
-LICENSE = "BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=1415f7be284540b81d9d28c67c1a6b8b"
-
-DEPENDS = "python"
-
-SRCREV = "e45324eba268723d39856111e7933c5c76238481"
-SRC_URI = "git://github.com/stwagnr/tpm2simulator.git"
-
-S = "${WORKDIR}/git"
-OECMAKE_SOURCEPATH = "${S}/cmake"
-
-inherit native lib_package cmake
-
-EXTRA_OECMAKE = " \
- -DCMAKE_BUILD_TYPE=Debug \
- -DSPEC_VERSION=138 \
-"
-
-do_configure_prepend () {
- sed -i 's/^SET = False/SET = True/' ${S}/scripts/settings.py
-}
diff --git a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb
new file mode 100644
index 0000000..8b50445
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb
@@ -0,0 +1,41 @@
+SUMMARY = "An extension to cryptsetup/LUKS that enables use of the TPM 2.0 via tpm2-tss"
+DESCRIPTION = "Cryptsetup is utility used to conveniently setup disk encryption based on DMCrypt kernel module."
+
+SECTION = "security/tpm"
+LICENSE = "LGPL-2.1 | GPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326 \
+ file://COPYING.LGPL;md5=1960515788100ce5f9c98ea78a65dc52 \
+ "
+
+DEPENDS = "autoconf-archive pkgconfig gettext libtss2-dev libdevmapper popt libgcrypt json-c"
+
+SRC_URI = "git://github.com/AndreasFuchsSIT/cryptsetup-tpm-incubator.git;branch=luks2tpm \
+ file://configure_fix.patch "
+
+SRCREV = "15c283195f19f1d980e39ba45448683d5e383179"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig gettext
+
+PACKAGECONFIG ??= "openssl"
+PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
+PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
+
+EXTRA_OECONF = "--enable-static"
+
+RRECOMMENDS_${PN} = "kernel-module-aes-generic \
+ kernel-module-dm-crypt \
+ kernel-module-md5 \
+ kernel-module-cbc \
+ kernel-module-sha256-generic \
+ kernel-module-xts \
+ "
+
+RDEPENDS_${PN} += "lvm2"
+RRECOMMENDS_${PN} += "lvm2-udevrules"
+
+RREPLACES_${PN} = "cryptsetup"
+RCONFLICTS_${PN} ="cryptsetup"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/files/configure_fix.patch b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/files/configure_fix.patch
new file mode 100644
index 0000000..8c7b6da
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/files/configure_fix.patch
@@ -0,0 +1,16 @@
+Upstream-Status: OE specific
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
++++ git/configure.ac
+@@ -16,7 +16,7 @@ AC_CONFIG_HEADERS([config.h:config.h.in]
+
+ # For old automake use this
+ #AM_INIT_AUTOMAKE(dist-xz subdir-objects)
+-AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects])
++AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects foreign])
+
+ if test "x$prefix" = "xNONE"; then
+ sysconfdir=/etc
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1332.bb b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1332.bb
new file mode 100644
index 0000000..a6068e6
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1332.bb
@@ -0,0 +1,24 @@
+SUMMARY = "IBM's Software TPM 2.0"
+
+LICENSE = "BSD"
+SECTION = "securty/tpm"
+LIC_FILES_CHKSUM = "file://../LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f"
+
+SRC_URI = "https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm1332.tar.gz"
+SRC_URI[md5sum] = "0ab34a655b4e09812d7ada19746af4f9"
+SRC_URI[sha256sum] = "8e8193af3d11d9ff6a951dda8cd1f4693cb01934a8ad7876b84e92c6148ab0fd"
+
+DEPENDS = "openssl"
+
+S = "${WORKDIR}/src"
+
+LDFLAGS = "${LDFALGS}"
+
+do_compile () {
+ make CC='${CC}'
+}
+
+do_install () {
+ install -d ${D}/${bindir}
+ install -m 0755 tpm_server ${D}/${bindir}
+}
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd-init.sh b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd-init.sh
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd-init.sh
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd-init.sh
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd.default b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd.default
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/files/tpm2-abrmd.default
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd.default
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.1.1.bb
similarity index 88%
rename from meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.1.1.bb
index 6347379..a4c6682 100644
--- a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.1.1.bb
@@ -9,16 +9,17 @@
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
-DEPENDS = "autoconf-archive dbus glib-2.0 tpm2.0-tss glib-2.0-native \
+DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \
libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim"
SRC_URI = "\
- git://github.com/01org/tpm2-abrmd.git \
+ git://github.com/tpm2-software/tpm2-abrmd.git \
file://tpm2-abrmd-init.sh \
file://tpm2-abrmd.default \
"
-SRCREV = "d0120ace58d97bc9520c0d558657eaca87ae73b1"
+
+SRCREV = "06d9d433ba27159687255406baa37940db15465b"
S = "${WORKDIR}/git"
@@ -49,6 +50,6 @@
FILES_${PN} += "${libdir}/systemd/system-preset \
${datadir}/dbus-1"
-RDEPENDS_${PN} += "tpm2.0-tss"
+RDEPENDS_${PN} += "tpm2-tss"
BBCLASSEXTEND = "native"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch
new file mode 100644
index 0000000..d38e237
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch
@@ -0,0 +1,12 @@
+Upstream-Status: OE specific
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/bootstrap
+===================================================================
+--- git.orig/bootstrap
++++ git/bootstrap
+@@ -27,4 +27,3 @@ echo "Generating file lists: ${VARS_FILE
+ ) > ${VARS_FILE}
+
+ mkdir -p m4
+-${AUTORECONF} --install --sym $@
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb
new file mode 100644
index 0000000..9031e63
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb
@@ -0,0 +1,21 @@
+SUMMARY = "A PKCS#11 interface for TPM2 hardware"
+DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token."
+SECTION = "security/tpm"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b748af41ef1300c98e105b3b7ec4ecc1"
+
+DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools"
+
+SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git \
+ file://bootstrap_fixup.patch \
+ "
+
+SRCREV = "3107d89b406ecd9c007884613733c9a344ef6d39"
+
+S = "${WORKDIR}/git"
+
+inherit autotools-brokensep pkgconfig
+
+do_configure_prepend () {
+ ${S}/bootstrap
+}
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch
new file mode 100644
index 0000000..8a216cd
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch
@@ -0,0 +1,27 @@
+Upstream-Status: OE specific
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
++++ git/configure.ac
+@@ -84,9 +84,6 @@ AC_ARG_WITH([efi-lds],
+ AS_HELP_STRING([--with-efi-lds=LDS_PATH],[Path to gnu-efi lds file.]),
+ [],
+ [with_efi_lds="/usr/lib/elf_${ARCH}_efi.lds"])
+-AC_CHECK_FILE(["${with_efi_lds}"],
+- [],
+- [AC_MSG_ERROR([Missing file: ${with_efi_lds}.])])
+ EXTRA_LDFLAGS="-L /usr/lib -L /usr/lib64 -Wl,--script=${with_efi_lds}"
+
+ # path to object file from gnu-efi
+@@ -94,9 +91,6 @@ AC_ARG_WITH([efi-crt0],
+ AS_HELP_STRING([--with-efi-crt0=OBJ_PATH],[Path to gnu-efi crt0 object file.]),
+ [],
+ [with_efi_crt0="/usr/lib/crt0-efi-${ARCH}.o"])
+-AC_CHECK_FILE(["${with_efi_crt0}"],
+- [],
+- [AC_MSG_ERROR([Missing ${with_efi_crt0} file.])])
+ EXTRA_LDLIBS="${with_efi_crt0}"
+
+ # check for efi and gnuefi libraries
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
new file mode 100644
index 0000000..815691d
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -0,0 +1,18 @@
+SUMMARY = "TCTI module for use with TSS2 libraries in UEFI environment"
+SECTION = "security/tpm"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
+DEPENDS = "libtss2-dev gnu-efi-native gnu-efi pkgconfig"
+
+SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \
+ file://configure_oe_fixup.patch \
+ "
+SRCREV = "131889d12d2c7d8974711d2ebd1032cd32577b7f"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig
+
+COMPATIBLE_HOST = "(i.86|x86_64).*-linux"
+EXTRA_OECONF_append = " --with-efi-includedir=${STAGING_INCDIR}/efi --with-efi-lds=${STAGING_LIBDIR_NATIVE}/"
+RDEPENDS_${PN} = "gnu-efi"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.1.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.1.3.bb
new file mode 100644
index 0000000..1f1f5c6
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.1.3.bb
@@ -0,0 +1,15 @@
+SUMMARY = "Tools for TPM2."
+DESCRIPTION = "tpm2-tools"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819"
+SECTION = "tpm"
+
+DEPENDS = "pkgconfig tpm2-tss openssl curl autoconf-archive"
+
+SRCREV = "74ba065e5914bc5d713ca3709d62a5751b097369"
+
+SRC_URI = "git://github.com/tpm2-software/tpm2-tools.git;branch=3.X"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch
new file mode 100644
index 0000000..c147054
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch
@@ -0,0 +1,36 @@
+C99 fixes:
+
+ src/libtpm2-totp.c:172:13: error: format '%li' expects argument of type 'long int', but argument 3 has type 'size_t' {aka 'unsigned int'} [-Werror=format=]
+| dbg("Calling Esys_GetRandom for %li bytes", SECRETLEN - *secret_size);
+
+src/tpm2-totp.c:343:23: error: format '%ld' expects argument of type 'long int', but argument 3 has type 'uint64_t' {aka 'long long unsigned int'} [-Werror=format=]
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/src/libtpm2-totp.c
+===================================================================
+--- git.orig/src/libtpm2-totp.c
++++ git/src/libtpm2-totp.c
+@@ -169,7 +169,7 @@ tpm2totp_generateKey(uint32_t pcrs, uint
+ if (rc != TPM2_RC_INITIALIZE) chkrc(rc, goto error);
+
+ while (*secret_size < SECRETLEN) {
+- dbg("Calling Esys_GetRandom for %li bytes", SECRETLEN - *secret_size);
++ dbg("Calling Esys_GetRandom for %li bytes", (long int) (SECRETLEN - *secret_size));
+ rc = Esys_GetRandom(ctx,
+ ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
+ SECRETLEN - *secret_size, &t);
+Index: git/src/tpm2-totp.c
+===================================================================
+--- git.orig/src/tpm2-totp.c
++++ git/src/tpm2-totp.c
+@@ -340,7 +340,7 @@ main(int argc, char **argv)
+ localtime (&now));
+ chkrc(rc, exit(1));
+ }
+- printf("%s%06ld", timestr, totp);
++ printf("%s%06ld", timestr, (long int)totp);
+ break;
+ case CMD_RESEAL:
+ rc = tpm2totp_loadKey_nv(opt.nvindex, &keyBlob, &keyBlob_size);
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.9.9.bb
new file mode 100644
index 0000000..bc94ab7
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.9.9.bb
@@ -0,0 +1,17 @@
+SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL."
+DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures."
+
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ed23833e93c95173c8d8913745e4b4e1"
+
+SECTION = "security/tpm"
+
+DEPENDS = "autoconf-archive libtss2-dev qrencode"
+
+SRCREV = "44fcb6819f79302d5a088b3def648616e3551d4a"
+SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git \
+ file://litpm2_totp_build_fix.patch "
+
+inherit autotools-brokensep pkgconfig
+
+S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_0.9.9.bb
new file mode 100644
index 0000000..36530be
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_0.9.9.bb
@@ -0,0 +1,23 @@
+SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL."
+DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures."
+
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3fb0047fd29391478a71e8e6101c76eb"
+
+SECTION = "security/tpm"
+
+DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"
+
+SRCREV = "bef89ec79cbb4c99963b0e336d9184827c545782"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git"
+
+inherit autotools-brokensep pkgconfig systemd
+
+S = "${WORKDIR}/git"
+
+PACKAGES += "${PN}-engines ${PN}-engines-staticdev ${PN}-bash-completion"
+
+FILES_${PN}-dev = "${libdir}/engines-1.1/tpm2tss.so ${includedir}/*"
+FILES_${PN}-engines = "${libdir}/engines-1.1/lib*.so*"
+FILES_${PN}-engines-staticdev = "${libdir}/engines-1.1/libtpm2tss.a"
+FILES_${PN}-bash-completion += "${datadir}/bash-completion/completions"
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4 b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.2.1.bb
similarity index 82%
rename from meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb
rename to meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.2.1.bb
index 9d1ff72..78bdeeb 100644
--- a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.2.1.bb
@@ -1,19 +1,22 @@
SUMMARY = "Software stack for TPM2."
-DESCRIPTION = "tpm2.0-tss like woah."
+DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) "
LICENSE = "BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=0b1d631c4218b72f6b05cb58613606f4"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
SECTION = "tpm"
-DEPENDS = "autoconf-archive-native libgcrypt"
+DEPENDS = "autoconf-archive-native libgcrypt openssl"
-SRCREV = "dc31e8dca9dbc77d16e419dc514ce8c526cd3351"
+SRCREV = "eb69e13559f20a0b49002a685c6f4a39be9503e2"
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss.git;branch=2.0.x"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss.git;branch=2.2.x"
inherit autotools-brokensep pkgconfig systemd
S = "${WORKDIR}/git"
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, "
+
do_configure_prepend () {
./bootstrap
}
@@ -72,3 +75,5 @@
FILES_libtss2-staticdev = "${libdir}/libtss*a"
FILES_${PN} = "${libdir}/udev"
+
+RDEPENDS_libtss2 = "libgcrypt"