subtree updates: raspberrypi security arm
meta-raspberrypi: e43af1e3a6..e15b876155:
Florian Frank (1):
linux-firmware-rpidistro: Fix wireless on model 3B and Zero W
Khem Raj (1):
linux-raspberrypi_5.15.bb: Upgrade to 5.15.92
Martin Jansa (1):
gstreamer1.0-plugins-good: rename bbappend, drop version
meta-arm: dc10b73cc5..eb9c47a4e1:
Gowtham Suresh Kumar (6):
arm/edk2-basetools: Add edk2 base tool native recipe
arm-bsp/uefi_capsule: Add UEFI capsule generation class
arm-bsp/corstone1000-image: Generate UEFI capsule for corstone1000 platform
arm/edk2-basetools: Convert edk2 basetools recipes to native only
arm-bsp/uefi_capsule: Use json file to pass capsule config
arm/uefi_capsule: Move UEFI capsule to IMGDEPLOYDIR
Jon Mason (5):
arm/boot-wrapper-aarch64: update to a newer SHA
arm/gn: update to a more recent SHA
arm/opencsd: update to v1.4.0
arm/trusted-firmware-a: update version and relocate fiptool
arm/sbsa-acs: update to v6.1.0
Mohamed Omar Asaker (5):
arm-bsp/trusted-services: corstone1000:Align psa crypto client with TF-Mv1.7
arm-bsp/trusted-services:corstone1000: disable obsolete algorithms for crypto
arm-bsp/trusted-services: corstone1000: Disable SHA512/384
arm-bsp/trusted-firmware-m:corstone1000: Increase number of assets
arm-bsp/trusted-firmware-m:corstone1000: Set SPM backend to IPC
Peter Hoyes (11):
arm,arm-bsp/classes: Move wic_nopt to meta-arm
arm-bsp/classes: Use :append to add to IMAGE_TYPES in wic_nopt
CI: Factor out CACHE_DIR to improve mirror configurability
CI: Collect testimage logs on failure
arm/trusted-firmware-m: Synchronize with 1.7.0 release
arm/classes: Factor out image signing arguments in tfm_image_sign
arm/trusted-firmware-m: Create common inc file for src definitions
arm/trusted-firmware-m: Create inc file for common config
arm/trusted-firmware-m-scripts: Create inc file for common config
arm/classes: Add sstate support to tfm_sign_images
CI: Add BUILD_ENABLE_REGEX option to conditionally enable builds
Ross Burton (8):
arm-bsp/external-system: fix the gen_module race, again
arm-bsp/linux-yocto: add 5.19 kernel recipe for N1SDP
arm/linux-yocto: remove obsolete 5.19 bbappend
arm/trusted-firmware-m: Do not use release branches
arm/boot-wrapper-aarch64: tell upgrade checker to look for new SHAs
CI/machine-summary: add missing recipes
arm-toolchain/gcc-arm: add missing Signed-off-by tag
arm/optee-os: add missing patch header
meta-security: 3529cfb43e..c06b9a18a6:
Maciej Borzęcki (1):
dm-verity-img.bbclass: add squashfs images
Petr Gotthard (4):
tpm2-tss: upgrade 3.2.0 -> 4.0.1
tpm2-tools: upgrade 5.3 -> 5.5
tpm2-pkcs11: upgrade 1.8.0 -> 1.9.0
tpm2-abrmd: upgrade 2.4.1 -> 3.0.0
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I0e1629b2f70ad1e5f7b97f5ae6d768bde101cc6f
diff --git a/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb
new file mode 100644
index 0000000..e0def0f
--- /dev/null
+++ b/meta-security/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.9.0.bb
@@ -0,0 +1,47 @@
+SUMMARY = "A PKCS#11 interface for TPM2 hardware"
+DESCRIPTION = "PKCS #11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/ devices such as hardware security modules (HSM), smart cards, etc. In this project we intend to use a TPM2 device as the cryptographic token."
+SECTION = "security/tpm"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=0fc19f620a102768d6dbd1e7166e78ab"
+
+DEPENDS = "autoconf-archive pkgconfig sqlite3 openssl libtss2-dev tpm2-tools libyaml p11-kit python3-setuptools-native"
+
+SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+
+SRC_URI[sha256sum] = "35bf06c30cfa76fc0eba2c5f503cf7dd0d34a66afb2d292fee896b90362f633b"
+
+UPSTREAM_CHECK_URI = "https://github.com/tpm2-software/${BPN}/releases"
+
+inherit autotools-brokensep pkgconfig python3native
+
+EXTRA_OECONF += "--disable-ptool-checks"
+
+do_compile:append() {
+ cd ${S}/tools
+ python3 setup.py build
+}
+
+do_install:append() {
+ cd ${S}/tools
+ export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}"
+ ${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build
+
+ sed -i -e "s:${PYTHON}:${USRBINPATH}/env ${PYTHON_PN}:g" "${D}${bindir}"/tpm2_ptool
+}
+
+PACKAGES =+ "${PN}-tools"
+
+FILES:${PN}-tools = "\
+ ${bindir}/tpm2_ptool \
+ ${libdir}/${PYTHON_DIR}/* \
+ "
+
+FILES:${PN} += "\
+ ${libdir}/pkcs11/* \
+ ${datadir}/p11-kit/* \
+ "
+
+INSANE_SKIP:${PN} += "dev-so"
+
+RDEPENDS:${PN} = "p11-kit tpm2-tools "
+RDEPENDS:${PN}-tools = "${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules"