reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
index b29ec6b..a930d7b 100644
--- a/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
@@ -1,11 +1,9 @@
SUMMARY = "LIBPM - Software TPM Library"
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=97e5eea8d700d76b3ddfd35c4c96485f"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=e73f0786a936da3814896df06ad225a9"
-SRCREV = "3388d45082bdc588c6fc0672f44d6d7d0aaa86ff"
-SRC_URI = " \
- git://github.com/stefanberger/libtpms.git \
- "
+SRCREV = "4111bd1bcf721e6e7b5f11ed9c2b93083677aa25"
+SRC_URI = "git://github.com/stefanberger/libtpms.git"
S = "${WORKDIR}/git"
inherit autotools-brokensep pkgconfig
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
index 67071b6..bed8b92 100644
--- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
+++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0001-create-tpm-key-support-well-known-key-option.patch
@@ -8,20 +8,20 @@
Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
-diff --git a/create_tpm_key.c b/create_tpm_key.c
-index fee917f..7b94d62 100644
---- a/create_tpm_key.c
-+++ b/create_tpm_key.c
-@@ -46,6 +46,8 @@
- #include <trousers/tss.h>
- #include <trousers/trousers.h>
+Index: git/src/create_tpm_key.c
+===================================================================
+--- git.orig/src/create_tpm_key.c
++++ git/src/create_tpm_key.c
+@@ -48,6 +48,8 @@
+
+ #include "ssl_compat.h"
+#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/
+
#define print_error(a,b) \
fprintf(stderr, "%s:%d %s result: 0x%x (%s)\n", __FILE__, __LINE__, \
a, b, Trspi_Error_String(b))
-@@ -70,6 +72,7 @@ usage(char *argv0)
+@@ -72,6 +74,7 @@ usage(char *argv0)
"\t\t-e|--enc-scheme encryption scheme to use [PKCSV15] or OAEP\n"
"\t\t-q|--sig-scheme signature scheme to use [DER] or SHA1\n"
"\t\t-s|--key-size key size in bits [2048]\n"
@@ -29,7 +29,7 @@
"\t\t-a|--auth require a password for the key [NO]\n"
"\t\t-p|--popup use TSS GUI popup dialogs to get the password "
"for the\n\t\t\t\t key [NO] (implies --auth)\n"
-@@ -147,6 +150,7 @@ int main(int argc, char **argv)
+@@ -154,6 +157,7 @@ int main(int argc, char **argv)
int asn1_len;
char *filename, c, *openssl_key = NULL;
int option_index, auth = 0, popup = 0, wrap = 0;
@@ -37,7 +37,7 @@
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
UINT32 key_size = 2048;
-@@ -154,12 +158,15 @@ int main(int argc, char **argv)
+@@ -161,12 +165,15 @@ int main(int argc, char **argv)
while (1) {
option_index = 0;
@@ -54,7 +54,7 @@
case 'a':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
-@@ -293,6 +300,8 @@ int main(int argc, char **argv)
+@@ -300,6 +307,8 @@ int main(int argc, char **argv)
if (srk_authusage) {
char *authdata = calloc(1, 128);
@@ -63,7 +63,7 @@
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
-@@ -309,17 +318,26 @@ int main(int argc, char **argv)
+@@ -316,17 +325,26 @@ int main(int argc, char **argv)
exit(result);
}
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch
index f718f2e..2caaaf0 100644
--- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch
+++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0002-libtpm-support-env-TPM_SRK_PW.patch
@@ -9,20 +9,20 @@
Signed-off-by: Junxian.Xiao <Junxian.Xiao@windriver.com>
-diff --git a/e_tpm.c b/e_tpm.c
-index f3e8bcf..7dcb75a 100644
---- a/e_tpm.c
-+++ b/e_tpm.c
+Index: git/src/e_tpm.c
+===================================================================
+--- git.orig/src/e_tpm.c
++++ git/src/e_tpm.c
@@ -38,6 +38,8 @@
-
#include "e_tpm.h"
+ #include "ssl_compat.h"
+#define TPM_WELL_KNOWN_KEY_LEN 20 /*well know key length is 20 bytes zero*/
+
//#define DLOPEN_TSPI
#ifndef OPENSSL_NO_HW
-@@ -248,6 +250,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
+@@ -262,6 +264,10 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
TSS_RESULT result;
UINT32 authusage;
BYTE *auth;
@@ -33,7 +33,7 @@
if (hSRK != NULL_HKEY) {
DBGFN("SRK is already loaded.");
-@@ -299,18 +305,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
+@@ -313,18 +319,36 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
return 0;
}
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch
deleted file mode 100644
index d24a150..0000000
--- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-Fix-not-building-libtpm.la.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 7848445a1f4c750ef73bf96f5e89d402f87a1756 Mon Sep 17 00:00:00 2001
-From: Lans Zhang <jia.zhang@windriver.com>
-Date: Mon, 19 Jun 2017 14:54:28 +0800
-Subject: [PATCH] Fix not building libtpm.la
-
-Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
----
- Makefile.am | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 6695656..634a7e6 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -10,4 +10,6 @@ libtpm_la_LIBADD=-lcrypto -lc -ltspi
- libtpm_la_SOURCES=e_tpm.c e_tpm.h e_tpm_err.c
-
- create_tpm_key_SOURCES=create_tpm_key.c
--create_tpm_key_LDADD=-ltspi
-+create_tpm_key_LDFLAGS=-ltspi
-+
-+LDADD=libtpm.la
---
-2.7.5
-
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch
index a88148f..cc8772d 100644
--- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch
+++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch
@@ -22,11 +22,11 @@
e_tpm_err.c | 4 ++
3 files changed, 164 insertions(+), 1 deletion(-)
-diff --git a/e_tpm.c b/e_tpm.c
-index 7dcb75a..11bf74b 100644
---- a/e_tpm.c
-+++ b/e_tpm.c
-@@ -245,6 +245,118 @@ void ENGINE_load_tpm(void)
+Index: git/src/e_tpm.c
+===================================================================
+--- git.orig/src/e_tpm.c
++++ git/src/e_tpm.c
+@@ -259,6 +259,118 @@ void ENGINE_load_tpm(void)
ERR_clear_error();
}
@@ -145,7 +145,7 @@
int tpm_load_srk(UI_METHOD *ui, void *cb_data)
{
TSS_RESULT result;
-@@ -305,8 +417,50 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
+@@ -319,8 +431,50 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
return 0;
}
@@ -197,7 +197,7 @@
if (0 == strcmp(srkPasswd, "#WELLKNOWN#")) {
memset(auth, 0, TPM_WELL_KNOWN_KEY_LEN);
secretMode = TSS_SECRET_MODE_SHA1;
-@@ -319,6 +473,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb_data)
+@@ -333,6 +487,7 @@ int tpm_load_srk(UI_METHOD *ui, void *cb
authlen = strlen(auth);
}
}
@@ -205,11 +205,11 @@
else {
if (!tpm_engine_get_auth(ui, (char *)auth, 128,
"SRK authorization: ", cb_data)) {
-diff --git a/e_tpm.h b/e_tpm.h
-index 6316e0b..56ff202 100644
---- a/e_tpm.h
-+++ b/e_tpm.h
-@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int reason, char *file, int line);
+Index: git/src/e_tpm.h
+===================================================================
+--- git.orig/src/e_tpm.h
++++ git/src/e_tpm.h
+@@ -66,6 +66,8 @@ void ERR_TSS_error(int function, int rea
#define TPM_F_TPM_FILL_RSA_OBJECT 116
#define TPM_F_TPM_ENGINE_GET_AUTH 117
#define TPM_F_TPM_CREATE_SRK_POLICY 118
@@ -218,7 +218,7 @@
/* Reason codes. */
#define TPM_R_ALREADY_LOADED 100
-@@ -96,6 +98,8 @@ void ERR_TSS_error(int function, int reason, char *file, int line);
+@@ -96,6 +98,8 @@ void ERR_TSS_error(int function, int rea
#define TPM_R_ID_INVALID 125
#define TPM_R_UI_METHOD_FAILED 126
#define TPM_R_UNKNOWN_SECRET_MODE 127
@@ -227,11 +227,11 @@
/* structure pointed to by the RSA object's app_data pointer */
struct rsa_app_data
-diff --git a/e_tpm_err.c b/e_tpm_err.c
-index 25a5d0f..439e267 100644
---- a/e_tpm_err.c
-+++ b/e_tpm_err.c
-@@ -235,6 +235,8 @@ static ERR_STRING_DATA TPM_str_functs[] = {
+Index: git/src/e_tpm_err.c
+===================================================================
+--- git.orig/src/e_tpm_err.c
++++ git/src/e_tpm_err.c
+@@ -234,6 +234,8 @@ static ERR_STRING_DATA TPM_str_functs[]
{ERR_PACK(0, TPM_F_TPM_BIND_FN, 0), "TPM_BIND_FN"},
{ERR_PACK(0, TPM_F_TPM_FILL_RSA_OBJECT, 0), "TPM_FILL_RSA_OBJECT"},
{ERR_PACK(0, TPM_F_TPM_ENGINE_GET_AUTH, 0), "TPM_ENGINE_GET_AUTH"},
@@ -240,7 +240,7 @@
{0, NULL}
};
-@@ -265,6 +267,8 @@ static ERR_STRING_DATA TPM_str_reasons[] = {
+@@ -264,6 +266,8 @@ static ERR_STRING_DATA TPM_str_reasons[]
{TPM_R_FILE_READ_FAILED, "failed reading the key file"},
{TPM_R_ID_INVALID, "engine id doesn't match"},
{TPM_R_UI_METHOD_FAILED, "ui function failed"},
@@ -249,6 +249,3 @@
{0, NULL}
};
---
-2.9.3
-
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch
index 076704d..535472a 100644
--- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch
+++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch
@@ -15,11 +15,11 @@
create_tpm_key.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/create_tpm_key.c b/create_tpm_key.c
-index 7b94d62..f30af90 100644
---- a/create_tpm_key.c
-+++ b/create_tpm_key.c
-@@ -148,7 +148,8 @@ int main(int argc, char **argv)
+Index: git/src/create_tpm_key.c
+===================================================================
+--- git.orig/src/create_tpm_key.c
++++ git/src/create_tpm_key.c
+@@ -155,7 +155,8 @@ int main(int argc, char **argv)
ASN1_OCTET_STRING *blob_str;
unsigned char *blob_asn1 = NULL;
int asn1_len;
@@ -29,6 +29,3 @@
int option_index, auth = 0, popup = 0, wrap = 0;
int wellknownkey = 0;
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
---
-1.7.9.5
-
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch
new file mode 100644
index 0000000..2f8eb81
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/files/openssl11_build_fix.patch
@@ -0,0 +1,34 @@
+Fix compiling for openssl 1.1
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/src/e_tpm.c
+===================================================================
+--- git.orig/src/e_tpm.c
++++ git/src/e_tpm.c
+@@ -265,19 +265,20 @@ static int tpm_decode_base64(unsigned ch
+ int *out_len)
+ {
+ int total_len, len, ret;
+- EVP_ENCODE_CTX dctx;
++ EVP_ENCODE_CTX *dctx;
+
+- EVP_DecodeInit(&dctx);
++ dctx = EVP_ENCODE_CTX_new();
++ EVP_DecodeInit(dctx);
+
+ total_len = 0;
+- ret = EVP_DecodeUpdate(&dctx, outdata, &len, indata, in_len);
++ ret = EVP_DecodeUpdate(dctx, outdata, &len, indata, in_len);
+ if (ret < 0) {
+ TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED);
+ return 1;
+ }
+
+ total_len += len;
+- ret = EVP_DecodeFinal(&dctx, outdata, &len);
++ ret = EVP_DecodeFinal(dctx, outdata, &len);
+ if (ret < 0) {
+ TSSerr(TPM_F_TPM_DECODE_BASE64, TPM_R_DECODE_BASE64_FAILED);
+ return 1;
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb
deleted file mode 100644
index 4854f70..0000000
--- a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.4.2.bb
+++ /dev/null
@@ -1,78 +0,0 @@
-DESCRIPTION = "OpenSSL secure engine based on TPM hardware"
-HOMEPAGE = "https://sourceforge.net/projects/trousers/"
-SECTION = "security/tpm"
-
-LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52"
-
-DEPENDS += "openssl trousers"
-
-SRC_URI = "\
- git://git.code.sf.net/p/trousers/openssl_tpm_engine \
- file://0001-create-tpm-key-support-well-known-key-option.patch \
- file://0002-libtpm-support-env-TPM_SRK_PW.patch \
- file://0003-Fix-not-building-libtpm.la.patch \
- file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \
- file://0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch \
-"
-SRCREV = "bbc2b1af809f20686e0d3553a62f0175742c0d60"
-
-S = "${WORKDIR}/git"
-
-inherit autotools-brokensep
-
-# The definitions below are used to decrypt the srk password.
-# It is allowed to define the values in 3 forms: string, hex number and
-# the hybrid, e.g,
-# srk_dec_pw = "incendia"
-# srk_dec_pw = "\x69\x6e\x63\x65\x6e\x64\x69\x61"
-# srk_dec_pw = "\x1""nc""\x3""nd""\x1""a"
-#
-# Due to the limit of escape character, the hybrid must be written in
-# above style. The actual values defined below in C code style are:
-# srk_dec_pw[] = { 0x01, 'n', 'c', 0x03, 'n', 'd', 0x01, 'a' };
-# srk_dec_salt[] = { 'r', 0x00, 0x00, 't' };
-srk_dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\""
-srk_dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\""
-
-CFLAGS_append += "-DSRK_DEC_PW=${srk_dec_pw} -DSRK_DEC_SALT=${srk_dec_salt}"
-
-# Uncomment below line if using the plain srk password for development
-#CFLAGS_append += "-DTPM_SRK_PLAIN_PW"
-
-do_configure_prepend() {
- cd "${S}"
- cp LICENSE COPYING
- touch NEWS AUTHORS ChangeLog
-}
-
-do_install_append() {
- install -m 0755 -d "${D}${libdir}/engines"
- install -m 0755 -d "${D}${prefix}/local/ssl/lib/engines"
- install -m 0755 -d "${D}${libdir}/ssl/engines"
-
- cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/libtpm.so.0"
- cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/engines/libtpm.so"
- cp -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${prefix}/local/ssl/lib/engines/libtpm.so"
- mv -f "${D}${libdir}/openssl/engines/libtpm.so.0.0.0" "${D}${libdir}/ssl/engines/libtpm.so"
- mv -f "${D}${libdir}/openssl/engines/libtpm.la" "${D}${libdir}/ssl/engines/libtpm.la"
- rm -rf "${D}${libdir}/openssl"
-}
-
-FILES_${PN}-staticdev += "${libdir}/ssl/engines/libtpm.la"
-FILES_${PN}-dbg += "\
- ${libdir}/ssl/engines/.debug \
- ${libdir}/engines/.debug \
- ${prefix}/local/ssl/lib/engines/.debug \
-"
-FILES_${PN} += "\
- ${libdir}/ssl/engines/libtpm.so* \
- ${libdir}/engines/libtpm.so* \
- ${libdir}/libtpm.so* \
- ${prefix}/local/ssl/lib/engines/libtpm.so* \
-"
-
-RDEPENDS_${PN} += "libcrypto libtspi"
-
-INSANE_SKIP_${PN} = "libdir"
-INSANE_SKIP_${PN}-dbg = "libdir"
diff --git a/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
new file mode 100644
index 0000000..0f98b79
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm/openssl-tpm-engine/openssl-tpm-engine_0.5.0.bb
@@ -0,0 +1,65 @@
+DESCRIPTION = "OpenSSL secure engine based on TPM hardware"
+HOMEPAGE = "https://github.com/mgerstner/openssl_tpm_engine"
+SECTION = "security/tpm"
+
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=11f0ee3af475c85b907426e285c9bb52"
+
+DEPENDS += "openssl trousers"
+
+SRC_URI = "\
+ git://github.com/mgerstner/openssl_tpm_engine.git \
+ file://0001-create-tpm-key-support-well-known-key-option.patch \
+ file://0002-libtpm-support-env-TPM_SRK_PW.patch \
+ file://0003-tpm-openssl-tpm-engine-parse-an-encrypted-tpm-SRK-pa.patch \
+ file://0004-tpm-openssl-tpm-engine-change-variable-c-type-from-c.patch \
+ file://openssl11_build_fix.patch \
+"
+SRCREV = "b28de5065e6eb9aa5d5afe2276904f7624c2cbaf"
+
+S = "${WORKDIR}/git"
+
+inherit autotools-brokensep pkgconfig
+
+# The definitions below are used to decrypt the srk password.
+# It is allowed to define the values in 3 forms: string, hex number and
+# the hybrid, e.g,
+# srk_dec_pw = "incendia"
+# srk_dec_pw = "\x69\x6e\x63\x65\x6e\x64\x69\x61"
+# srk_dec_pw = "\x1""nc""\x3""nd""\x1""a"
+#
+# Due to the limit of escape character, the hybrid must be written in
+# above style. The actual values defined below in C code style are:
+# srk_dec_pw[] = { 0x01, 'n', 'c', 0x03, 'n', 'd', 0x01, 'a' };
+# srk_dec_salt[] = { 'r', 0x00, 0x00, 't' };
+srk_dec_pw ?= "\\"\\\x1\\"\\"nc\\"\\"\\\x3\\"\\"nd\\"\\"\\\x1\\"\\"a\\""
+srk_dec_salt ?= "\\"r\\"\\"\\\x00\\\x00\\"\\"t\\""
+
+CFLAGS_append += "-DSRK_DEC_PW=${srk_dec_pw} -DSRK_DEC_SALT=${srk_dec_salt}"
+
+# Uncomment below line if using the plain srk password for development
+#CFLAGS_append += "-DTPM_SRK_PLAIN_PW"
+
+do_configure_prepend() {
+ cd ${B}
+ cp LICENSE COPYING
+ touch NEWS AUTHORS ChangeLog README
+}
+
+FILES_${PN}-staticdev += "${libdir}/ssl/engines-1.1/tpm.la"
+FILES_${PN}-dbg += "\
+ ${libdir}/ssl/engines-1.1/.debug \
+ ${libdir}/engines-1.1/.debug \
+ ${prefix}/local/ssl/lib/engines-1.1/.debug \
+"
+FILES_${PN} += "\
+ ${libdir}/ssl/engines-1.1/tpm.so* \
+ ${libdir}/engines-1.1/tpm.so* \
+ ${libdir}/libtpm.so* \
+ ${prefix}/local/ssl/lib/engines-1.1/tpm.so* \
+"
+
+RDEPENDS_${PN} += "libcrypto libtspi"
+
+INSANE_SKIP_${PN} = "libdir"
+INSANE_SKIP_${PN}-dbg = "libdir"
diff --git a/meta-security/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch b/meta-security/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch
new file mode 100644
index 0000000..cf2d437
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm/pcr-extend/files/fix_openssl11_build.patch
@@ -0,0 +1,45 @@
+Enable building with openssl 1.1
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/src/pcr-extend.c
+===================================================================
+--- git.orig/src/pcr-extend.c
++++ git/src/pcr-extend.c
+@@ -118,7 +118,7 @@ dump_buf (FILE *file, char *buf, size_t
+ static unsigned char*
+ sha1_file (FILE *file, unsigned int *hash_len)
+ {
+- EVP_MD_CTX ctx = { 0 };
++ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+ unsigned char *buf = NULL, *hash = NULL;
+ size_t num_read = 0;
+
+@@ -127,7 +127,7 @@ sha1_file (FILE *file, unsigned int *has
+ perror ("malloc:\n");
+ goto sha1_fail;
+ }
+- if (EVP_DigestInit (&ctx, EVP_sha1 ()) == 0) {
++ if (EVP_DigestInit (ctx, EVP_sha1 ()) == 0) {
+ ERR_print_errors_fp (stderr);
+ goto sha1_fail;
+ }
+@@ -135,7 +135,7 @@ sha1_file (FILE *file, unsigned int *has
+ num_read = fread (buf, 1, BUF_SIZE, file);
+ if (num_read <= 0)
+ break;
+- if (EVP_DigestUpdate (&ctx, buf, num_read) == 0) {
++ if (EVP_DigestUpdate (ctx, buf, num_read) == 0) {
+ ERR_print_errors_fp (stderr);
+ goto sha1_fail;
+ }
+@@ -149,7 +149,7 @@ sha1_file (FILE *file, unsigned int *has
+ perror ("calloc of hash buffer:\n");
+ goto sha1_fail;
+ }
+- if (EVP_DigestFinal (&ctx, hash, hash_len) == 0) {
++ if (EVP_DigestFinal (ctx, hash, hash_len) == 0) {
+ ERR_print_errors_fp (stderr);
+ goto sha1_fail;
+ }
diff --git a/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb b/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
index 0cc4f63..f8347b7 100644
--- a/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
+++ b/meta-security/meta-tpm/recipes-tpm/pcr-extend/pcr-extend_git.bb
@@ -9,7 +9,8 @@
PV = "0.1+git${SRCPV}"
SRCREV = "c02ad8f628b3d99f6d4c087b402fe31a40ee6316"
-SRC_URI = "git://github.com/flihp/pcr-extend.git "
+SRC_URI = "git://github.com/flihp/pcr-extend.git \
+ file://fix_openssl11_build.patch "
inherit autotools
diff --git a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
index 7476020..3fe1393 100644
--- a/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
@@ -3,23 +3,21 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=fe8092c832b71ef20dfe4c6d3decb3a8"
SECTION = "apps"
-DEPENDS = "libtasn1 expect socat glib-2.0 libtpm libtpm-native"
+DEPENDS = "libtasn1 expect socat glib-2.0 net-tools-native libtpm libtpm-native"
# configure checks for the tools already during compilation and
# then swtpm_setup needs them at runtime
DEPENDS += "tpm-tools-native expect-native socat-native"
-RDEPENDS_${PN} += "tpm-tools"
-SRCREV = "4f4f2f0a7e3195f6df8d235d58630a08e69403d8"
-SRC_URI = "git://github.com/stefanberger/swtpm.git \
- file://fix_lib_search_path.patch \
+SRCREV = "94bb9f2d716d09bcc6cd2a2e033018f8592008e7"
+SRC_URI = "git://github.com/stefanberger/swtpm.git;branch=tpm2-preview.v2 \
file://fix_fcntl_h.patch \
file://ioctl_h.patch \
"
S = "${WORKDIR}/git"
-inherit autotools-brokensep pkgconfig
+inherit autotools pkgconfig
PARALLEL_MAKE = ""
TSS_USER="tss"
@@ -36,21 +34,12 @@
export SEARCH_DIR = "${STAGING_LIBDIR_NATIVE}"
-# dup bootstrap
-do_configure_prepend () {
- libtoolize --force --copy
- autoheader
- aclocal
- automake --add-missing -c
- autoconf
-}
-
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM_${PN} = "--system ${TSS_USER}"
USERADD_PARAM_${PN} = "--system -g ${TSS_GROUP} --home-dir \
--no-create-home --shell /bin/false ${BPN}"
-RDEPENDS_${PN} = "libtpm expect socat bash"
+RDEPENDS_${PN} = "libtpm expect socat bash tpm-tools"
BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch
new file mode 100644
index 0000000..5018d45
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/04-fix-FTBFS-clang.patch
@@ -0,0 +1,56 @@
+Title: Fix FTBFS with clang due to uninitialized values
+Date: 2015-06-28
+Author: Alexander <sanek23994@gmail.com>
+Bug-Debian: http://bugs.debian.org/753063
+
+Upstream-Status: Backport
+tpm-tools_1.3.9.1-0.1.debian.tar
+
+Signed-off-by: Armin kuster <akuster808@gmail.com>
+
+--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c 2012-05-17 21:49:58.000000000 +0400
++++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_present.c 2014-06-29 01:01:11.502081468 +0400
+@@ -165,7 +165,7 @@
+
+ TSS_BOOL bCmd, bHwd;
+ BOOL bRc;
+- TSS_HPOLICY hTpmPolicy;
++ TSS_HPOLICY hTpmPolicy = 0;
+ char *pwd = NULL;
+ int pswd_len;
+ char rsp[5];
+--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_takeownership.c 2010-09-30 21:28:09.000000000 +0400
++++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_takeownership.c 2014-06-29 01:01:51.069373655 +0400
+@@ -67,7 +67,7 @@
+ char *szSrkPasswd = NULL;
+ int tpm_len, srk_len;
+ TSS_HTPM hTpm;
+- TSS_HKEY hSrk;
++ TSS_HKEY hSrk = 0;
+ TSS_FLAG fSrkAttrs;
+ TSS_HPOLICY hTpmPolicy, hSrkPolicy;
+ int iRc = -1;
+--- tpm-tools-1.3.8/src/tpm_mgmt/tpm_nvwrite.c 2011-08-17 16:20:35.000000000 +0400
++++ tpm-tools-1.3.8-my/src/tpm_mgmt/tpm_nvwrite.c 2014-06-29 01:02:45.836397172 +0400
+@@ -220,7 +220,7 @@
+ close(fd);
+ fd = -1;
+ } else if (fillvalue >= 0) {
+- if (length < 0) {
++ if (length == 0) {
+ logError(_("Requiring size parameter.\n"));
+ return -1;
+ }
+--- tpm-tools-1.3.8/src/data_mgmt/data_protect.c 2012-05-17 21:49:58.000000000 +0400
++++ tpm-tools-1.3.8-my/src/data_mgmt/data_protect.c 2014-06-29 01:03:49.863254459 +0400
+@@ -432,8 +432,8 @@
+
+ char *pszPin = NULL;
+
+- CK_RV rv;
+- CK_SESSION_HANDLE hSession;
++ CK_RV rv = 0;
++ CK_SESSION_HANDLE hSession = 0;
+ CK_OBJECT_HANDLE hObject;
+ CK_MECHANISM tMechanism = { CKM_AES_ECB, NULL, 0 };
+
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
new file mode 100644
index 0000000..c2a264b
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/05-openssl1.1_fix_data_mgmt.patch
@@ -0,0 +1,110 @@
+Author: Philipp Kern <pkern@debian.org>
+Subject: Fix openssl1.1 support in data_mgmt
+Date: Tue, 31 Jan 2017 22:40:10 +0100
+
+Upstream-Status: Backport
+tpm-tools_1.3.9.1-0.1.debian.tar
+
+Signed-off-by: Armin kuster <akuster808@gmail.com>
+
+---
+ src/data_mgmt/data_import.c | 60 ++++++++++++++++++++++++++++----------------
+ 1 file changed, 39 insertions(+), 21 deletions(-)
+
+--- a/src/data_mgmt/data_import.c
++++ b/src/data_mgmt/data_import.c
+@@ -372,7 +372,7 @@ readX509Cert( const char *a_pszFile,
+ goto out;
+ }
+
+- if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
++ if ( EVP_PKEY_base_id( pKey ) != EVP_PKEY_RSA ) {
+ logError( TOKEN_RSA_KEY_ERROR );
+
+ X509_free( pX509 );
+@@ -691,8 +691,13 @@ createRsaPubKeyObject( RSA
+
+ int rc = -1;
+
+- int nLen = BN_num_bytes( a_pRsa->n );
+- int eLen = BN_num_bytes( a_pRsa->e );
++ const BIGNUM *bn;
++ const BIGNUM *be;
++
++ RSA_get0_key( a_pRsa, &bn, &be, NULL );
++
++ int nLen = BN_num_bytes( bn );
++ int eLen = BN_num_bytes( be );
+
+ CK_RV rv;
+
+@@ -732,8 +737,8 @@ createRsaPubKeyObject( RSA
+ }
+
+ // Get binary representations of the RSA key information
+- BN_bn2bin( a_pRsa->n, n );
+- BN_bn2bin( a_pRsa->e, e );
++ BN_bn2bin( bn, n );
++ BN_bn2bin( be, e );
+
+ // Create the RSA public key object
+ rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
+@@ -760,14 +765,27 @@ createRsaPrivKeyObject( RSA
+
+ int rc = -1;
+
+- int nLen = BN_num_bytes( a_pRsa->n );
+- int eLen = BN_num_bytes( a_pRsa->e );
+- int dLen = BN_num_bytes( a_pRsa->d );
+- int pLen = BN_num_bytes( a_pRsa->p );
+- int qLen = BN_num_bytes( a_pRsa->q );
+- int dmp1Len = BN_num_bytes( a_pRsa->dmp1 );
+- int dmq1Len = BN_num_bytes( a_pRsa->dmq1 );
+- int iqmpLen = BN_num_bytes( a_pRsa->iqmp );
++ const BIGNUM *bn;
++ const BIGNUM *be;
++ const BIGNUM *bd;
++ const BIGNUM *bp;
++ const BIGNUM *bq;
++ const BIGNUM *bdmp1;
++ const BIGNUM *bdmq1;
++ const BIGNUM *biqmp;
++
++ RSA_get0_key( a_pRsa, &bn, &be, &bd);
++ RSA_get0_factors( a_pRsa, &bp, &bq);
++ RSA_get0_crt_params( a_pRsa, &bdmp1, &bdmq1, &biqmp );
++
++ int nLen = BN_num_bytes( bn );
++ int eLen = BN_num_bytes( be );
++ int dLen = BN_num_bytes( bd );
++ int pLen = BN_num_bytes( bp );
++ int qLen = BN_num_bytes( bq );
++ int dmp1Len = BN_num_bytes( bdmp1 );
++ int dmq1Len = BN_num_bytes( bdmq1 );
++ int iqmpLen = BN_num_bytes( biqmp );
+
+ CK_RV rv;
+
+@@ -821,14 +839,14 @@ createRsaPrivKeyObject( RSA
+ }
+
+ // Get binary representations of the RSA key information
+- BN_bn2bin( a_pRsa->n, n );
+- BN_bn2bin( a_pRsa->e, e );
+- BN_bn2bin( a_pRsa->d, d );
+- BN_bn2bin( a_pRsa->p, p );
+- BN_bn2bin( a_pRsa->q, q );
+- BN_bn2bin( a_pRsa->dmp1, dmp1 );
+- BN_bn2bin( a_pRsa->dmq1, dmq1 );
+- BN_bn2bin( a_pRsa->iqmp, iqmp );
++ BN_bn2bin( bn, n );
++ BN_bn2bin( be, e );
++ BN_bn2bin( bd, d );
++ BN_bn2bin( bp, p );
++ BN_bn2bin( bq, q );
++ BN_bn2bin( bdmp1, dmp1 );
++ BN_bn2bin( bdmq1, dmq1 );
++ BN_bn2bin( biqmp, iqmp );
+
+ // Create the RSA private key object
+ rv = createObject( a_hSession, tAttr, ulAttrCount, a_hObject );
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch
new file mode 100644
index 0000000..9ae3f72
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/openssl1.1_fix.patch
@@ -0,0 +1,18 @@
+Upstream-Status: Pending
+Update to build with openssl 1.1.x
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/src/cmds/tpm_extendpcr.c
+===================================================================
+--- git.orig/src/cmds/tpm_extendpcr.c
++++ git/src/cmds/tpm_extendpcr.c
+@@ -136,7 +136,7 @@ int main(int argc, char **argv)
+
+ unsigned char msg[EVP_MAX_MD_SIZE];
+ unsigned int msglen;
+- EVP_MD_CTX ctx;
++ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+ EVP_DigestInit(&ctx, EVP_sha1());
+ while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0)
+ EVP_DigestUpdate(&ctx, line, lineLen);
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
index ab5e683..40150af 100644
--- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
+++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
@@ -1,8 +1,8 @@
-Index: tpm-tools-1.3.8/include/tpm_tspi.h
+Index: git/include/tpm_tspi.h
===================================================================
---- tpm-tools-1.3.8.orig/include/tpm_tspi.h 2011-08-17 08:20:35.000000000 -0400
-+++ tpm-tools-1.3.8/include/tpm_tspi.h 2013-01-05 23:26:31.571598217 -0500
-@@ -117,6 +117,10 @@
+--- git.orig/include/tpm_tspi.h
++++ git/include/tpm_tspi.h
+@@ -117,6 +117,10 @@ TSS_RESULT tpmPcrRead(TSS_HTPM a_hTpm, U
UINT32 *a_PcrSize, BYTE **a_PcrValue);
TSS_RESULT pcrcompositeSetPcrValue(TSS_HPCRS a_hPcrs, UINT32 a_Idx,
UINT32 a_PcrSize, BYTE *a_PcrValue);
@@ -13,11 +13,11 @@
#ifdef TSS_LIB_IS_12
TSS_RESULT unloadVersionInfo(UINT64 *offset, BYTE *blob, TPM_CAP_VERSION_INFO *v);
TSS_RESULT pcrcompositeSetPcrLocality(TSS_HPCRS a_hPcrs, UINT32 localityValue);
-Index: tpm-tools-1.3.8/lib/tpm_tspi.c
+Index: git/lib/tpm_tspi.c
===================================================================
---- tpm-tools-1.3.8.orig/lib/tpm_tspi.c 2011-08-17 08:20:35.000000000 -0400
-+++ tpm-tools-1.3.8/lib/tpm_tspi.c 2013-01-05 23:27:37.731593490 -0500
-@@ -594,6 +594,20 @@
+--- git.orig/lib/tpm_tspi.c
++++ git/lib/tpm_tspi.c
+@@ -594,6 +594,20 @@ pcrcompositeSetPcrValue(TSS_HPCRS a_hPcr
return result;
}
@@ -38,10 +38,10 @@
#ifdef TSS_LIB_IS_12
/*
* These getPasswd functions will wrap calls to the other functions and check to see if the TSS
-Index: tpm-tools-1.3.8/src/cmds/Makefile.am
+Index: git/src/cmds/Makefile.am
===================================================================
---- tpm-tools-1.3.8.orig/src/cmds/Makefile.am 2011-08-15 13:52:08.000000000 -0400
-+++ tpm-tools-1.3.8/src/cmds/Makefile.am 2013-01-05 23:30:46.223593698 -0500
+--- git.orig/src/cmds/Makefile.am
++++ git/src/cmds/Makefile.am
@@ -22,6 +22,7 @@
#
@@ -50,16 +50,16 @@
tpm_unsealdata
if TSS_LIB_IS_12
-@@ -33,4 +34,5 @@
- LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi $(top_builddir)/lib/libtpm_unseal.la -ltpm_unseal -lcrypto
+@@ -33,4 +34,5 @@ endif
+ LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi $(top_builddir)/lib/libtpm_unseal.la -ltpm_unseal -lcrypto @INTLLIBS@
tpm_sealdata_SOURCES = tpm_sealdata.c
+tpm_extendpcr_SOURCES = tpm_extendpcr.c
tpm_unsealdata_SOURCES = tpm_unsealdata.c
-Index: tpm-tools-1.3.8/src/cmds/tpm_extendpcr.c
+Index: git/src/cmds/tpm_extendpcr.c
===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ tpm-tools-1.3.8/src/cmds/tpm_extendpcr.c 2013-01-05 23:37:43.403585514 -0500
+--- /dev/null
++++ git/src/cmds/tpm_extendpcr.c
@@ -0,0 +1,181 @@
+/*
+ * The Initial Developer of the Original Code is International
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
similarity index 84%
rename from meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb
rename to meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
index f670bff..88ef19f 100644
--- a/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb
+++ b/meta-security/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_1.3.9.1.bb
@@ -12,14 +12,15 @@
DEPENDS = "libtspi openssl"
DEPENDS_class-native = "trousers-native"
-SRCREV = "5c5126bedf2da97906358adcfb8c43c86e7dd0ee"
+SRCREV = "bdf9f1bc8f63cd6fc370c2deb58d03ac55079e84"
SRC_URI = " \
git://git.code.sf.net/p/trousers/tpm-tools \
file://tpm-tools-extendpcr.patch \
+ file://04-fix-FTBFS-clang.patch \
+ file://05-openssl1.1_fix_data_mgmt.patch \
+ file://openssl1.1_fix.patch \
"
-PV = "1.3.9.1+git${SRCPV}"
-
inherit autotools-brokensep gettext
S = "${WORKDIR}/git"
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb b/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb
similarity index 75%
rename from meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb
rename to meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb
index a5d6843..6347379 100644
--- a/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_1.2.0.bb
+++ b/meta-security/meta-tpm/recipes-tpm/tpm2-abrmd/tpm2-abrmd_2.0.2.bb
@@ -9,14 +9,16 @@
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
-DEPENDS += "autoconf-archive dbus glib-2.0 pkgconfig tpm2.0-tss glib-2.0-native"
+DEPENDS = "autoconf-archive dbus glib-2.0 tpm2.0-tss glib-2.0-native \
+ libtss2 libtss2-mu libtss2-tcti-device libtss2-tcti-mssim"
+
SRC_URI = "\
git://github.com/01org/tpm2-abrmd.git \
file://tpm2-abrmd-init.sh \
file://tpm2-abrmd.default \
"
-SRCREV = "59ce1008e5fa3bd5a143437b0f7390851fd25bd8"
+SRCREV = "d0120ace58d97bc9520c0d558657eaca87ae73b1"
S = "${WORKDIR}/git"
@@ -33,11 +35,8 @@
GROUPADD_PARAM_${PN} = "tss"
USERADD_PARAM_${PN} = "--system -M -d /var/lib/tpm -s /bin/false -g tss tss"
-PACKAGECONFIG ?="udev"
-PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}"
-
+PACKAGECONFIG ?="${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd', '', d)}"
PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}, --with-systemdsystemunitdir=no"
-PACKAGECONFIG[udev] = "--with-udevrulesdir=${sysconfdir}/udev/rules.d, --without-udevrulesdir"
do_install_append() {
install -d "${D}${sysconfdir}/init.d"
@@ -47,8 +46,9 @@
install -m 0644 "${WORKDIR}/tpm2-abrmd.default" "${D}${sysconfdir}/default/tpm2-abrmd"
}
-FILES_${PN} += "${libdir}/systemd/system-preset"
+FILES_${PN} += "${libdir}/systemd/system-preset \
+ ${datadir}/dbus-1"
-RDEPENDS_${PN} += "libgcc dbus-glib libtss2 libtctidevice libtctisocket"
+RDEPENDS_${PN} += "tpm2.0-tss"
BBCLASSEXTEND = "native"
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb
similarity index 73%
rename from meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
rename to meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb
index 7ec12fc..3f40eb7 100644
--- a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
+++ b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_3.1.2.bb
@@ -6,13 +6,10 @@
DEPENDS = "pkgconfig tpm2.0-tss openssl curl autoconf-archive"
-# July 10, 2017
-SRCREV = "26c0557040c1cf8107fa3ebbcf2a5b07cc84b881"
+SRCREV = "5e2f1aafc58e60c5050f85147a14914561f28ad9"
-SRC_URI = "git://github.com/01org/tpm2.0-tools.git;name=tpm2.0-tools;destsuffix=tpm2.0-tools"
+SRC_URI = "git://github.com/01org/tpm2.0-tools.git;name=tpm2.0-tools;destsuffix=tpm2.0-tools;branch=3.X"
S = "${WORKDIR}/tpm2.0-tools"
-PV = "2.0.0+git${SRCPV}"
-
inherit autotools pkgconfig
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb
deleted file mode 100644
index b673c2b..0000000
--- a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_1.3.0.bb
+++ /dev/null
@@ -1,99 +0,0 @@
-SUMMARY = "Software stack for TPM2."
-DESCRIPTION = "tpm2.0-tss like woah."
-LICENSE = "BSD-2-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
-SECTION = "tpm"
-
-DEPENDS = "autoconf-archive pkgconfig"
-
-SRCREV = "b1d9ece8c6bea2e3043943b2edfaebcdca330c38"
-
-SRC_URI = " \
- git://github.com/tpm2-software/tpm2-tss.git;branch=1.x \
- file://ax_pthread.m4 \
-"
-
-inherit autotools pkgconfig systemd
-
-S = "${WORKDIR}/git"
-
-do_configure_prepend () {
- mkdir -p ${S}/m4
- cp ${WORKDIR}/ax_pthread.m4 ${S}/m4
- # execute the bootstrap script
- currentdir=$(pwd)
- cd ${S}
- ACLOCAL="aclocal --system-acdir=${STAGING_DATADIR}/aclocal" ./bootstrap
- cd $currentdir
-}
-
-INHERIT += "extrausers"
-EXTRA_USERS_PARAMS = "\
- useradd -p '' tss; \
- groupadd tss; \
- "
-
-SYSTEMD_PACKAGES = "resourcemgr"
-SYSTEMD_SERVICE_resourcemgr = "resourcemgr.service"
-SYSTEMD_AUTO_ENABLE_resourcemgr = "enable"
-
-do_patch[postfuncs] += "${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','fix_systemd_unit','', d)}"
-fix_systemd_unit () {
- sed -i -e 's;^ExecStart=.*/resourcemgr;ExecStart=${sbindir}/resourcemgr;' ${S}/contrib/resourcemgr.service
-}
-
-do_install_append() {
- if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- install -d ${D}${systemd_system_unitdir}
- install -m0644 ${S}/contrib/resourcemgr.service ${D}${systemd_system_unitdir}/resourcemgr.service
- fi
-}
-
-PROVIDES = "${PACKAGES}"
-PACKAGES = " \
- ${PN}-dbg \
- ${PN}-doc \
- libtss2 \
- libtss2-dev \
- libtss2-staticdev \
- libtctidevice \
- libtctidevice-dev \
- libtctidevice-staticdev \
- libtctisocket \
- libtctisocket-dev \
- libtctisocket-staticdev \
- resourcemgr \
-"
-
-FILES_libtss2 = " \
- ${libdir}/libsapi.so.0.0.0 \
- ${libdir}/libmarshal.so.0.0.0 \
-"
-FILES_libtss2-dev = " \
- ${includedir}/sapi \
- ${includedir}/tcti/common.h \
- ${libdir}/libsapi.so* \
- ${libdir}/libmarshal.so* \
- ${libdir}/pkgconfig/sapi.pc \
-"
-FILES_libtss2-staticdev = " \
- ${libdir}/libsapi.a \
- ${libdir}/libsapi.la \
- ${libdir}/libmarshal.a \
- ${libdir}/libmarshal.la \
-"
-FILES_libtctidevice = "${libdir}/libtcti-device.so.0.0.0"
-FILES_libtctidevice-dev = " \
- ${includedir}/tcti/tcti_device.h \
- ${libdir}/libtcti-device.so* \
- ${libdir}/pkgconfig/tcti-device.pc \
-"
-FILES_libtctidevice-staticdev = "${libdir}/libtcti-device.*a"
-FILES_libtctisocket = "${libdir}/libtcti-socket.so.0.0.0"
-FILES_libtctisocket-dev = " \
- ${includedir}/tcti/tcti_socket.h \
- ${libdir}/libtcti-socket.so* \
- ${libdir}/pkgconfig/tcti-socket.pc \
-"
-FILES_libtctisocket-staticdev = "${libdir}/libtcti-socket.*a"
-FILES_resourcemgr = "${sbindir}/resourcemgr ${systemd_system_unitdir}/resourcemgr.service"
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb
new file mode 100644
index 0000000..9d1ff72
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_2.0.1.bb
@@ -0,0 +1,74 @@
+SUMMARY = "Software stack for TPM2."
+DESCRIPTION = "tpm2.0-tss like woah."
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=0b1d631c4218b72f6b05cb58613606f4"
+SECTION = "tpm"
+
+DEPENDS = "autoconf-archive-native libgcrypt"
+
+SRCREV = "dc31e8dca9dbc77d16e419dc514ce8c526cd3351"
+
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss.git;branch=2.0.x"
+
+inherit autotools-brokensep pkgconfig systemd
+
+S = "${WORKDIR}/git"
+
+do_configure_prepend () {
+ ./bootstrap
+}
+
+INHERIT += "extrausers"
+EXTRA_USERS_PARAMS = "\
+ useradd -p '' tss; \
+ groupadd tss; \
+ "
+
+PROVIDES = "${PACKAGES}"
+PACKAGES = " \
+ ${PN} \
+ ${PN}-dbg \
+ ${PN}-doc \
+ libtss2-mu \
+ libtss2-mu-dev \
+ libtss2-mu-staticdev \
+ libtss2-tcti-device \
+ libtss2-tcti-device-dev \
+ libtss2-tcti-device-staticdev \
+ libtss2-tcti-mssim \
+ libtss2-tcti-mssim-dev \
+ libtss2-tcti-mssim-staticdev \
+ libtss2 \
+ libtss2-dev \
+ libtss2-staticdev \
+"
+
+FILES_libtss2-tcti-device = "${libdir}/libtss2-tcti-device.so.*"
+FILES_libtss2-tcti-device-dev = " \
+ ${includedir}/tss2/tss2_tcti_device.h \
+ ${libdir}/pkgconfig/tss2-tcti-device.pc \
+ ${libdir}/libtss2-tcti-device.so"
+FILES_libtss2-tcti-device-staticdev = "${libdir}/libtss2-tcti-device.*a"
+
+FILES_libtss2-tcti-mssim = "${libdir}/libtss2-tcti-mssim.so.*"
+FILES_libtss2-tcti-mssim-dev = " \
+ ${includedir}/tss2/tss2_tcti_mssim.h \
+ ${libdir}/pkgconfig/tss2-tcti-mssim.pc \
+ ${libdir}/libtss2-tcti-mssim.so"
+FILES_libtss2-tcti-mssim-staticdev = "${libdir}/libtss2-tcti-mssim.*a"
+
+FILES_libtss2-mu = "${libdir}/libtss2-mu.so.*"
+FILES_libtss2-mu-dev = " \
+ ${includedir}/tss2/tss2_mu.h \
+ ${libdir}/pkgconfig/tss2-mu.pc \
+ ${libdir}/libtss2-mu.so"
+FILES_libtss2-mu-staticdev = "${libdir}/libtss2-mu.*a"
+
+FILES_libtss2 = "${libdir}/libtss2*so.*"
+FILES_libtss2-dev = " \
+ ${includedir} \
+ ${libdir}/pkgconfig \
+ ${libdir}/libtss2*so"
+FILES_libtss2-staticdev = "${libdir}/libtss*a"
+
+FILES_${PN} = "${libdir}/udev"
diff --git a/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator-native_138.bb b/meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb
similarity index 100%
rename from meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator-native_138.bb
rename to meta-security/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator_138.bb