reset upstream subtrees to HEAD

Reset the following subtrees on HEAD:
  poky: 8217b477a1(master)
  meta-xilinx: 64aa3d35ae(master)
  meta-openembedded: 0435c9e193(master)
  meta-raspberrypi: 490a4441ac(master)
  meta-security: cb6d1c85ee(master)

Squashed patches:
  meta-phosphor: drop systemd 239 patches
  meta-phosphor: mrw-api: use correct install path

Change-Id: I268e2646d9174ad305630c6bbd3fbc1a6105f43d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb
new file mode 100644
index 0000000..8b50445
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/cryptsetup-tpm-incubator_0.9.9.bb
@@ -0,0 +1,41 @@
+SUMMARY = "An extension to cryptsetup/LUKS that enables use of the TPM 2.0 via tpm2-tss"
+DESCRIPTION = "Cryptsetup is utility used to conveniently setup disk encryption based on DMCrypt kernel module."
+
+SECTION = "security/tpm"
+LICENSE = "LGPL-2.1 | GPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326 \
+                    file://COPYING.LGPL;md5=1960515788100ce5f9c98ea78a65dc52 \
+                    "
+
+DEPENDS = "autoconf-archive pkgconfig gettext libtss2-dev libdevmapper popt libgcrypt json-c"
+
+SRC_URI = "git://github.com/AndreasFuchsSIT/cryptsetup-tpm-incubator.git;branch=luks2tpm \
+           file://configure_fix.patch "
+
+SRCREV = "15c283195f19f1d980e39ba45448683d5e383179"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig gettext
+
+PACKAGECONFIG ??= "openssl"
+PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
+PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
+
+EXTRA_OECONF = "--enable-static"
+
+RRECOMMENDS_${PN} = "kernel-module-aes-generic \
+                     kernel-module-dm-crypt \
+                     kernel-module-md5 \
+                     kernel-module-cbc \
+                     kernel-module-sha256-generic \
+                     kernel-module-xts \
+                    "
+
+RDEPENDS_${PN} += "lvm2"
+RRECOMMENDS_${PN} += "lvm2-udevrules"
+
+RREPLACES_${PN} = "cryptsetup"
+RCONFLICTS_${PN}  ="cryptsetup"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/files/configure_fix.patch b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/files/configure_fix.patch
new file mode 100644
index 0000000..8c7b6da
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/cryptsetup-tpm-incubator/files/configure_fix.patch
@@ -0,0 +1,16 @@
+Upstream-Status: OE specific
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
++++ git/configure.ac
+@@ -16,7 +16,7 @@ AC_CONFIG_HEADERS([config.h:config.h.in]
+ 
+ # For old automake use this
+ #AM_INIT_AUTOMAKE(dist-xz subdir-objects)
+-AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects])
++AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects foreign])
+ 
+ if test "x$prefix" = "xNONE"; then
+ 	sysconfdir=/etc
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1332.bb b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1332.bb
new file mode 100644
index 0000000..a6068e6
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1332.bb
@@ -0,0 +1,24 @@
+SUMMARY = "IBM's Software TPM 2.0"
+
+LICENSE = "BSD"
+SECTION = "securty/tpm"
+LIC_FILES_CHKSUM = "file://../LICENSE;md5=1e023f61454ac828b4aa1bc4293f7d5f"
+
+SRC_URI = "https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm1332.tar.gz"
+SRC_URI[md5sum] = "0ab34a655b4e09812d7ada19746af4f9"
+SRC_URI[sha256sum] = "8e8193af3d11d9ff6a951dda8cd1f4693cb01934a8ad7876b84e92c6148ab0fd"
+
+DEPENDS = "openssl"
+
+S = "${WORKDIR}/src"
+
+LDFLAGS = "${LDFALGS}"
+
+do_compile () {
+   make CC='${CC}'
+}
+
+do_install () {
+   install -d ${D}/${bindir}
+   install -m 0755 tpm_server  ${D}/${bindir}
+}
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd-init.sh b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd-init.sh
new file mode 100644
index 0000000..c8dfb7d
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd-init.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides:		tpm2-abrmd
+# Required-Start:	$local_fs $remote_fs $network
+# Required-Stop:	$local_fs $remote_fs $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:	2 3 4 5
+# Default-Stop:		0 1 6
+# Short-Description:	starts tpm2-abrmd
+# Description:		tpm2-abrmd implements the TCG resource manager
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/tpm2-abrmd
+NAME=tpm2-abrmd
+DESC="TCG TSS2 Access Broker and Resource Management daemon"
+USER="tss"
+
+test -x "${DAEMON}" || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+case "${1}" in
+	start)
+		echo -n "Starting $DESC: "
+
+		if [ ! -e /dev/tpm* ]
+		then
+			echo "device driver not loaded, skipping."
+			exit 0
+		fi
+
+		start-stop-daemon --start --quiet --oknodo --background --pidfile /var/run/${NAME}.pid --user ${USER} --chuid ${USER} --exec ${DAEMON} -- ${DAEMON_OPTS}
+		RETVAL="$?"
+		echo "$NAME."
+		[ "$RETVAL" = 0 ] && pidof $DAEMON > /var/run/${NAME}.pid
+		exit $RETVAL
+		;;
+
+	stop)
+		echo -n "Stopping $DESC: "
+
+		start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/${NAME}.pid --user ${USER} --exec ${DAEMON}
+		RETVAL="$?"
+                echo  "$NAME."
+		rm -f /var/run/${NAME}.pid
+		exit $RETVAL
+		;;
+
+	restart|force-reload)
+		"${0}" stop
+		sleep 1
+		"${0}" start
+		exit $?
+		;;
+	*)
+		echo "Usage: ${NAME} {start|stop|restart|force-reload|status}" >&2
+		exit 3
+		;;
+esac
+
+exit 0
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd.default b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd.default
new file mode 100644
index 0000000..987978a
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/files/tpm2-abrmd.default
@@ -0,0 +1 @@
+DAEMON_OPTS="--tcti=device --logger=syslog --max-connections=20 --max-transient-objects=20 --fail-on-loaded-trans"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.1.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.1.1.bb
new file mode 100644
index 0000000..a4c6682
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-abrmd/tpm2-abrmd_2.1.1.bb
@@ -0,0 +1,55 @@
+SUMMARY = "TPM2 Access Broker & Resource Manager"
+DESCRIPTION = "This is a system daemon implementing the TPM2 access \
+broker (TAB) & Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) \
+is implemented using Glib and the GObject system. In this documentation and \
+in the code we use `tpm2-abrmd` and `tabrmd` interchangeably. \
+"
+SECTION = "security/tpm"
+
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
+
+DEPENDS = "autoconf-archive dbus glib-2.0 tpm2-tss glib-2.0-native \
+            libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim"
+
+
+SRC_URI = "\
+    git://github.com/tpm2-software/tpm2-abrmd.git \
+    file://tpm2-abrmd-init.sh \
+    file://tpm2-abrmd.default \
+"
+
+SRCREV = "06d9d433ba27159687255406baa37940db15465b"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig systemd update-rc.d useradd
+
+SYSTEMD_PACKAGES += "${PN}"
+SYSTEMD_SERVICE_${PN} = "tpm2-abrmd.service"
+SYSTEMD_AUTO_ENABLE_${PN} = "disable"
+
+INITSCRIPT_NAME = "${PN}"
+INITSCRIPT_PARAMS = "start 99 2 3 4 5 . stop 19 0 1 6 ."
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "tss"
+USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
+
+PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}"
+PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no"
+
+do_install_append() {
+    install -d "${D}${sysconfdir}/init.d"
+    install -m 0755 "${WORKDIR}/tpm2-abrmd-init.sh" "${D}${sysconfdir}/init.d/tpm2-abrmd"
+
+    install -d "${D}${sysconfdir}/default"
+    install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd"
+}
+
+FILES_${PN} += "${libdir}/systemd/system-preset \
+		${datadir}/dbus-1"
+
+RDEPENDS_${PN} += "tpm2-tss"
+
+BBCLASSEXTEND = "native"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch
new file mode 100644
index 0000000..d38e237
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch
@@ -0,0 +1,12 @@
+Upstream-Status: OE specific
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/bootstrap
+===================================================================
+--- git.orig/bootstrap
++++ git/bootstrap
+@@ -27,4 +27,3 @@ echo "Generating file lists: ${VARS_FILE
+ ) > ${VARS_FILE}
+ 
+ mkdir -p m4
+-${AUTORECONF} --install --sym $@
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb
new file mode 100644
index 0000000..9031e63
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_0.9.9.bb
@@ -0,0 +1,21 @@
+SUMMARY = "A PKCS#11 interface for TPM2 hardware"
+DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token."
+SECTION = "security/tpm"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=b748af41ef1300c98e105b3b7ec4ecc1"
+
+DEPENDS = "autoconf-archive pkgconfig dstat sqlite3 openssl libtss2-dev tpm2-tools"
+
+SRC_URI = "git://github.com/tpm2-software/tpm2-pkcs11.git \
+           file://bootstrap_fixup.patch \
+          "
+
+SRCREV = "3107d89b406ecd9c007884613733c9a344ef6d39"
+
+S = "${WORKDIR}/git"
+
+inherit autotools-brokensep pkgconfig
+
+do_configure_prepend () {
+    ${S}/bootstrap
+}
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch
new file mode 100644
index 0000000..8a216cd
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch
@@ -0,0 +1,27 @@
+Upstream-Status: OE specific
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
++++ git/configure.ac
+@@ -84,9 +84,6 @@ AC_ARG_WITH([efi-lds],
+             AS_HELP_STRING([--with-efi-lds=LDS_PATH],[Path to gnu-efi lds file.]),
+             [],
+             [with_efi_lds="/usr/lib/elf_${ARCH}_efi.lds"])
+-AC_CHECK_FILE(["${with_efi_lds}"],
+-              [],
+-              [AC_MSG_ERROR([Missing file: ${with_efi_lds}.])])
+ EXTRA_LDFLAGS="-L /usr/lib -L /usr/lib64 -Wl,--script=${with_efi_lds}"
+ 
+ # path to object file from gnu-efi
+@@ -94,9 +91,6 @@ AC_ARG_WITH([efi-crt0],
+             AS_HELP_STRING([--with-efi-crt0=OBJ_PATH],[Path to gnu-efi crt0 object file.]),
+             [],
+             [with_efi_crt0="/usr/lib/crt0-efi-${ARCH}.o"])
+-AC_CHECK_FILE(["${with_efi_crt0}"],
+-              [],
+-              [AC_MSG_ERROR([Missing ${with_efi_crt0} file.])])
+ EXTRA_LDLIBS="${with_efi_crt0}"
+ 
+ # check for efi and gnuefi libraries
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
new file mode 100644
index 0000000..815691d
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -0,0 +1,18 @@
+SUMMARY = "TCTI module for use with TSS2 libraries in UEFI environment"
+SECTION = "security/tpm"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
+DEPENDS = "libtss2-dev gnu-efi-native gnu-efi pkgconfig"
+
+SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \
+           file://configure_oe_fixup.patch \
+          "
+SRCREV = "131889d12d2c7d8974711d2ebd1032cd32577b7f"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig
+
+COMPATIBLE_HOST = "(i.86|x86_64).*-linux"
+EXTRA_OECONF_append = " --with-efi-includedir=${STAGING_INCDIR}/efi --with-efi-lds=${STAGING_LIBDIR_NATIVE}/"
+RDEPENDS_${PN} = "gnu-efi"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.1.3.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.1.3.bb
new file mode 100644
index 0000000..1f1f5c6
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_3.1.3.bb
@@ -0,0 +1,15 @@
+SUMMARY = "Tools for TPM2."
+DESCRIPTION = "tpm2-tools"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=91b7c548d73ea16537799e8060cea819"
+SECTION = "tpm"
+
+DEPENDS = "pkgconfig tpm2-tss openssl curl autoconf-archive"
+
+SRCREV = "74ba065e5914bc5d713ca3709d62a5751b097369"
+
+SRC_URI = "git://github.com/tpm2-software/tpm2-tools.git;branch=3.X"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch
new file mode 100644
index 0000000..c147054
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/files/litpm2_totp_build_fix.patch
@@ -0,0 +1,36 @@
+C99 fixes:
+
+ src/libtpm2-totp.c:172:13: error: format '%li' expects argument of type 'long int', but argument 3 has type 'size_t' {aka 'unsigned int'} [-Werror=format=]
+|          dbg("Calling Esys_GetRandom for %li bytes", SECRETLEN - *secret_size);
+
+src/tpm2-totp.c:343:23: error: format '%ld' expects argument of type 'long int', but argument 3 has type 'uint64_t' {aka 'long long unsigned int'} [-Werror=format=]
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/src/libtpm2-totp.c
+===================================================================
+--- git.orig/src/libtpm2-totp.c
++++ git/src/libtpm2-totp.c
+@@ -169,7 +169,7 @@ tpm2totp_generateKey(uint32_t pcrs, uint
+     if (rc != TPM2_RC_INITIALIZE) chkrc(rc, goto error);
+ 
+     while (*secret_size < SECRETLEN) {
+-        dbg("Calling Esys_GetRandom for %li bytes", SECRETLEN - *secret_size);
++        dbg("Calling Esys_GetRandom for %li bytes", (long int) (SECRETLEN - *secret_size));
+         rc = Esys_GetRandom(ctx,
+                             ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
+                             SECRETLEN - *secret_size, &t);
+Index: git/src/tpm2-totp.c
+===================================================================
+--- git.orig/src/tpm2-totp.c
++++ git/src/tpm2-totp.c
+@@ -340,7 +340,7 @@ main(int argc, char **argv)
+                             localtime (&now));
+             chkrc(rc, exit(1));
+         }
+-        printf("%s%06ld", timestr, totp);
++        printf("%s%06ld", timestr, (long int)totp);
+         break;
+     case CMD_RESEAL:
+         rc = tpm2totp_loadKey_nv(opt.nvindex, &keyBlob, &keyBlob_size);
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.9.9.bb
new file mode 100644
index 0000000..bc94ab7
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-totp/tpm2-totp_0.9.9.bb
@@ -0,0 +1,17 @@
+SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL." 
+DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures."
+
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ed23833e93c95173c8d8913745e4b4e1"
+
+SECTION = "security/tpm"
+
+DEPENDS = "autoconf-archive libtss2-dev qrencode"
+
+SRCREV = "44fcb6819f79302d5a088b3def648616e3551d4a"
+SRC_URI = "git://github.com/tpm2-software/tpm2-totp.git \
+           file://litpm2_totp_build_fix.patch "
+
+inherit autotools-brokensep pkgconfig
+
+S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_0.9.9.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_0.9.9.bb
new file mode 100644
index 0000000..36530be
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_0.9.9.bb
@@ -0,0 +1,23 @@
+SUMMARY = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL." 
+DESCRIPTION = "The tpm2-tss-engine project implements a cryptographic engine for OpenSSL for Trusted Platform Module (TPM 2.0) using the tpm2-tss software stack that follows the Trusted Computing Groups (TCG) TPM Software Stack (TSS 2.0). It uses the Enhanced System API (ESAPI) interface of the TSS 2.0 for downwards communication. It supports RSA decryption and signatures as well as ECDSA signatures."
+
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3fb0047fd29391478a71e8e6101c76eb"
+
+SECTION = "security/tpm"
+
+DEPENDS = "autoconf-archive-native bash-completion libtss2 libgcrypt openssl"
+
+SRCREV = "bef89ec79cbb4c99963b0e336d9184827c545782"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss-engine.git"
+
+inherit autotools-brokensep pkgconfig systemd
+
+S = "${WORKDIR}/git"
+
+PACKAGES += "${PN}-engines ${PN}-engines-staticdev ${PN}-bash-completion"
+
+FILES_${PN}-dev = "${libdir}/engines-1.1/tpm2tss.so ${includedir}/*"
+FILES_${PN}-engines = "${libdir}/engines-1.1/lib*.so*"
+FILES_${PN}-engines-staticdev = "${libdir}/engines-1.1/libtpm2tss.a"
+FILES_${PN}-bash-completion += "${datadir}/bash-completion/completions"
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4 b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4
new file mode 100644
index 0000000..d383ad5
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4
@@ -0,0 +1,332 @@
+# ===========================================================================
+#        http://www.gnu.org/software/autoconf-archive/ax_pthread.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]])
+#
+# DESCRIPTION
+#
+#   This macro figures out how to build C programs using POSIX threads. It
+#   sets the PTHREAD_LIBS output variable to the threads library and linker
+#   flags, and the PTHREAD_CFLAGS output variable to any special C compiler
+#   flags that are needed. (The user can also force certain compiler
+#   flags/libs to be tested by setting these environment variables.)
+#
+#   Also sets PTHREAD_CC to any special C compiler that is needed for
+#   multi-threaded programs (defaults to the value of CC otherwise). (This
+#   is necessary on AIX to use the special cc_r compiler alias.)
+#
+#   NOTE: You are assumed to not only compile your program with these flags,
+#   but also link it with them as well. e.g. you should link with
+#   $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS
+#
+#   If you are only building threads programs, you may wish to use these
+#   variables in your default LIBS, CFLAGS, and CC:
+#
+#     LIBS="$PTHREAD_LIBS $LIBS"
+#     CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+#     CC="$PTHREAD_CC"
+#
+#   In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant
+#   has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name
+#   (e.g. PTHREAD_CREATE_UNDETACHED on AIX).
+#
+#   Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the
+#   PTHREAD_PRIO_INHERIT symbol is defined when compiling with
+#   PTHREAD_CFLAGS.
+#
+#   ACTION-IF-FOUND is a list of shell commands to run if a threads library
+#   is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it
+#   is not found. If ACTION-IF-FOUND is not specified, the default action
+#   will define HAVE_PTHREAD.
+#
+#   Please let the authors know if this macro fails on any platform, or if
+#   you have any other suggestions or comments. This macro was based on work
+#   by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help
+#   from M. Frigo), as well as ac_pthread and hb_pthread macros posted by
+#   Alejandro Forero Cuervo to the autoconf macro repository. We are also
+#   grateful for the helpful feedback of numerous users.
+#
+#   Updated for Autoconf 2.68 by Daniel Richard G.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Steven G. Johnson <stevenj@alum.mit.edu>
+#   Copyright (c) 2011 Daniel Richard G. <skunk@iSKUNK.ORG>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 21
+
+AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD])
+AC_DEFUN([AX_PTHREAD], [
+AC_REQUIRE([AC_CANONICAL_HOST])
+AC_LANG_PUSH([C])
+ax_pthread_ok=no
+
+# We used to check for pthread.h first, but this fails if pthread.h
+# requires special compiler flags (e.g. on True64 or Sequent).
+# It gets checked for in the link test anyway.
+
+# First of all, check if the user has set any of the PTHREAD_LIBS,
+# etcetera environment variables, and if threads linking works using
+# them:
+if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then
+        save_CFLAGS="$CFLAGS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+        save_LIBS="$LIBS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS])
+        AC_TRY_LINK_FUNC([pthread_join], [ax_pthread_ok=yes])
+        AC_MSG_RESULT([$ax_pthread_ok])
+        if test x"$ax_pthread_ok" = xno; then
+                PTHREAD_LIBS=""
+                PTHREAD_CFLAGS=""
+        fi
+        LIBS="$save_LIBS"
+        CFLAGS="$save_CFLAGS"
+fi
+
+# We must check for the threads library under a number of different
+# names; the ordering is very important because some systems
+# (e.g. DEC) have both -lpthread and -lpthreads, where one of the
+# libraries is broken (non-POSIX).
+
+# Create a list of thread flags to try.  Items starting with a "-" are
+# C compiler flags, and other items are library names, except for "none"
+# which indicates that we try without any flags at all, and "pthread-config"
+# which is a program returning the flags for the Pth emulation library.
+
+ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config"
+
+# The ordering *is* (sometimes) important.  Some notes on the
+# individual items follow:
+
+# pthreads: AIX (must check this before -lpthread)
+# none: in case threads are in libc; should be tried before -Kthread and
+#       other compiler flags to prevent continual compiler warnings
+# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h)
+# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able)
+# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread)
+# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads)
+# -pthreads: Solaris/gcc
+# -mthreads: Mingw32/gcc, Lynx/gcc
+# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it
+#      doesn't hurt to check since this sometimes defines pthreads too;
+#      also defines -D_REENTRANT)
+#      ... -mt is also the pthreads flag for HP/aCC
+# pthread: Linux, etcetera
+# --thread-safe: KAI C++
+# pthread-config: use pthread-config program (for GNU Pth library)
+
+case ${host_os} in
+        solaris*)
+
+        # On Solaris (at least, for some versions), libc contains stubbed
+        # (non-functional) versions of the pthreads routines, so link-based
+        # tests will erroneously succeed.  (We need to link with -pthreads/-mt/
+        # -lpthread.)  (The stubs are missing pthread_cleanup_push, or rather
+        # a function called by this macro, so we could check for that, but
+        # who knows whether they'll stub that too in a future libc.)  So,
+        # we'll just look for -pthreads and -lpthread first:
+
+        ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags"
+        ;;
+
+        darwin*)
+        ax_pthread_flags="-pthread $ax_pthread_flags"
+        ;;
+esac
+
+# Clang doesn't consider unrecognized options an error unless we specify
+# -Werror. We throw in some extra Clang-specific options to ensure that
+# this doesn't happen for GCC, which also accepts -Werror.
+
+AC_MSG_CHECKING([if compiler needs -Werror to reject unknown flags])
+save_CFLAGS="$CFLAGS"
+ax_pthread_extra_flags="-Werror"
+CFLAGS="$CFLAGS $ax_pthread_extra_flags -Wunknown-warning-option -Wsizeof-array-argument"
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([int foo(void);],[foo()])],
+                  [AC_MSG_RESULT([yes])],
+                  [ax_pthread_extra_flags=
+                   AC_MSG_RESULT([no])])
+CFLAGS="$save_CFLAGS"
+
+if test x"$ax_pthread_ok" = xno; then
+for flag in $ax_pthread_flags; do
+
+        case $flag in
+                none)
+                AC_MSG_CHECKING([whether pthreads work without any flags])
+                ;;
+
+                -*)
+                AC_MSG_CHECKING([whether pthreads work with $flag])
+                PTHREAD_CFLAGS="$flag"
+                ;;
+
+                pthread-config)
+                AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no])
+                if test x"$ax_pthread_config" = xno; then continue; fi
+                PTHREAD_CFLAGS="`pthread-config --cflags`"
+                PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`"
+                ;;
+
+                *)
+                AC_MSG_CHECKING([for the pthreads library -l$flag])
+                PTHREAD_LIBS="-l$flag"
+                ;;
+        esac
+
+        save_LIBS="$LIBS"
+        save_CFLAGS="$CFLAGS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS $ax_pthread_extra_flags"
+
+        # Check for various functions.  We must include pthread.h,
+        # since some functions may be macros.  (On the Sequent, we
+        # need a special flag -Kthread to make this header compile.)
+        # We check for pthread_join because it is in -lpthread on IRIX
+        # while pthread_create is in libc.  We check for pthread_attr_init
+        # due to DEC craziness with -lpthreads.  We check for
+        # pthread_cleanup_push because it is one of the few pthread
+        # functions on Solaris that doesn't have a non-functional libc stub.
+        # We try pthread_create on general principles.
+        AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>
+                        static void routine(void *a) { a = 0; }
+                        static void *start_routine(void *a) { return a; }],
+                       [pthread_t th; pthread_attr_t attr;
+                        pthread_create(&th, 0, start_routine, 0);
+                        pthread_join(th, 0);
+                        pthread_attr_init(&attr);
+                        pthread_cleanup_push(routine, 0);
+                        pthread_cleanup_pop(0) /* ; */])],
+                [ax_pthread_ok=yes],
+                [])
+
+        LIBS="$save_LIBS"
+        CFLAGS="$save_CFLAGS"
+
+        AC_MSG_RESULT([$ax_pthread_ok])
+        if test "x$ax_pthread_ok" = xyes; then
+                break;
+        fi
+
+        PTHREAD_LIBS=""
+        PTHREAD_CFLAGS=""
+done
+fi
+
+# Various other checks:
+if test "x$ax_pthread_ok" = xyes; then
+        save_LIBS="$LIBS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        save_CFLAGS="$CFLAGS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+
+        # Detect AIX lossage: JOINABLE attribute is called UNDETACHED.
+        AC_MSG_CHECKING([for joinable pthread attribute])
+        attr_name=unknown
+        for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
+            AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>],
+                           [int attr = $attr; return attr /* ; */])],
+                [attr_name=$attr; break],
+                [])
+        done
+        AC_MSG_RESULT([$attr_name])
+        if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then
+            AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE], [$attr_name],
+                               [Define to necessary symbol if this constant
+                                uses a non-standard name on your system.])
+        fi
+
+        AC_MSG_CHECKING([if more special flags are required for pthreads])
+        flag=no
+        case ${host_os} in
+            aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";;
+            osf* | hpux*) flag="-D_REENTRANT";;
+            solaris*)
+            if test "$GCC" = "yes"; then
+                flag="-D_REENTRANT"
+            else
+                # TODO: What about Clang on Solaris?
+                flag="-mt -D_REENTRANT"
+            fi
+            ;;
+        esac
+        AC_MSG_RESULT([$flag])
+        if test "x$flag" != xno; then
+            PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS"
+        fi
+
+        AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT],
+            [ax_cv_PTHREAD_PRIO_INHERIT], [
+                AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <pthread.h>]],
+                                                [[int i = PTHREAD_PRIO_INHERIT;]])],
+                    [ax_cv_PTHREAD_PRIO_INHERIT=yes],
+                    [ax_cv_PTHREAD_PRIO_INHERIT=no])
+            ])
+        AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"],
+            [AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.])])
+
+        LIBS="$save_LIBS"
+        CFLAGS="$save_CFLAGS"
+
+        # More AIX lossage: compile with *_r variant
+        if test "x$GCC" != xyes; then
+            case $host_os in
+                aix*)
+                AS_CASE(["x/$CC"],
+                  [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6],
+                  [#handle absolute path differently from PATH based program lookup
+                   AS_CASE(["x$CC"],
+                     [x/*],
+                     [AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"])],
+                     [AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC])])])
+                ;;
+            esac
+        fi
+fi
+
+test -n "$PTHREAD_CC" || PTHREAD_CC="$CC"
+
+AC_SUBST([PTHREAD_LIBS])
+AC_SUBST([PTHREAD_CFLAGS])
+AC_SUBST([PTHREAD_CC])
+
+# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND:
+if test x"$ax_pthread_ok" = xyes; then
+        ifelse([$1],,[AC_DEFINE([HAVE_PTHREAD],[1],[Define if you have POSIX threads libraries and header files.])],[$1])
+        :
+else
+        ax_pthread_ok=no
+        $2
+fi
+AC_LANG_POP
+])dnl AX_PTHREAD
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch
new file mode 100644
index 0000000..ecaca6e
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch
@@ -0,0 +1,31 @@
+This fixes musl build issue do to missing FD_* defines.
+Add sys/select.h
+
+Upstream-Status: Pending
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: TPM2.0-TSS/tcti/tcti_socket.cpp
+===================================================================
+--- TPM2.0-TSS.orig/tcti/tcti_socket.cpp
++++ TPM2.0-TSS/tcti/tcti_socket.cpp
+@@ -28,6 +28,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>   // Needed for _wtoi
+ 
++#include "sys/select.h"
+ #include <sapi/tpm20.h>
+ #include <tcti/tcti_socket.h>
+ #include "sysapi_util.h"
+Index: TPM2.0-TSS/resourcemgr/resourcemgr.c
+===================================================================
+--- TPM2.0-TSS.orig/resourcemgr/resourcemgr.c
++++ TPM2.0-TSS/resourcemgr/resourcemgr.c
+@@ -28,6 +28,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>   // Needed for _wtoi
+ 
++#include "sys/select.h"
+ #include <sapi/tpm20.h>
+ #include <tcti/tcti_device.h>
+ #include <tcti/tcti_socket.h>
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.2.1.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.2.1.bb
new file mode 100644
index 0000000..78bdeeb
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.2.1.bb
@@ -0,0 +1,79 @@
+SUMMARY = "Software stack for TPM2."
+DESCRIPTION = "OSS implementation of the TCG TPM2 Software Stack (TSS2) "
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
+SECTION = "tpm"
+
+DEPENDS = "autoconf-archive-native libgcrypt openssl"
+
+SRCREV = "eb69e13559f20a0b49002a685c6f4a39be9503e2"
+
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss.git;branch=2.2.x"
+
+inherit autotools-brokensep pkgconfig systemd
+
+S = "${WORKDIR}/git"
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, "
+
+do_configure_prepend () {
+       ./bootstrap
+}
+
+INHERIT += "extrausers"
+EXTRA_USERS_PARAMS = "\
+	useradd -p '' tss; \
+	groupadd tss; \
+	"
+
+PROVIDES = "${PACKAGES}"
+PACKAGES = " \
+    ${PN} \
+    ${PN}-dbg \
+    ${PN}-doc \
+    libtss2-mu \
+    libtss2-mu-dev \
+    libtss2-mu-staticdev \
+    libtss2-tcti-device \
+    libtss2-tcti-device-dev \
+    libtss2-tcti-device-staticdev \
+    libtss2-tcti-mssim \
+    libtss2-tcti-mssim-dev \
+    libtss2-tcti-mssim-staticdev \
+    libtss2 \
+    libtss2-dev \
+    libtss2-staticdev \
+"
+
+FILES_libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*"
+FILES_libtss2-tcti-device-dev = " \
+    ${includedir}/tss2/tss2_tcti_device.h \
+    ${libdir}/pkgconfig/tss2-tcti-device.pc \
+    ${libdir}/libtss2-tcti-device.so"
+FILES_libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a"
+
+FILES_libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*"
+FILES_libtss2-tcti-mssim-dev = " \
+    ${includedir}/tss2/tss2_tcti_mssim.h \
+    ${libdir}/pkgconfig/tss2-tcti-mssim.pc \
+    ${libdir}/libtss2-tcti-mssim.so"
+FILES_libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a"
+
+FILES_libtss2-mu = "${libdir}/libtss2-mu.so.*"
+FILES_libtss2-mu-dev = " \
+    ${includedir}/tss2/tss2_mu.h \
+    ${libdir}/pkgconfig/tss2-mu.pc \
+    ${libdir}/libtss2-mu.so"
+FILES_libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a"
+
+FILES_libtss2 = "${libdir}/libtss2*so.*"
+FILES_libtss2-dev = " \
+    ${includedir} \
+    ${libdir}/pkgconfig \
+    ${libdir}/libtss2*so"
+FILES_libtss2-staticdev = "${libdir}/libtss*a"
+
+FILES_${PN} = "${libdir}/udev"
+
+RDEPENDS_libtss2 = "libgcrypt"