cryptfs-tpm2: Add support for QEMU swtpm tpm2

The device nodes are in a different place when using the swtpm + ovfm + qemu. The luks-setup.sh needs to look in an additional location to properly support qemu. [ Issue: LINUXEXEC-2450 ] Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
author: Jason Wessel <jason.wessel@windriver.com> 2019-10-24 12:22:32 -0700
committer: Jia Zhang <zhang.jia@linux.alibaba.com> 2019-11-08 13:27:23 +0800
commit: e19748f11e061fff827ecfa0fc88af822e6f9ab4 (patch)
tree: 15f7a96b855a2c3a9737293d097fc7aa671d9d84
parent: 4a7afb4477449178d853272ba1a6040c20043b71 (diff)
download: meta-secure-core-e19748f11e061fff827ecfa0fc88af822e6f9ab4.tar.gz
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2/0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2/0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch
new file mode 100644
index 0000000..d9dd67e
--- /dev/null
+++ b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2/0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch
@@ -0,0 +1,33 @@
+From b586d7fb8f1e94501fd37555e65fc877b49e7f89 Mon Sep 17 00:00:00 2001
+From: Jason Wessel <jason.wessel@windriver.com>
+Date: Fri, 20 Sep 2019 13:28:04 -0700
+Subject: [PATCH] luks-setup.sh: Add support for qemu with the swtpm
+The swtpm which is a 2.0 TPM implmentation with PPI 1.3 is detected
+slightly differently, than the hardware TPMs.  This allows the
+luks-setup.sh to run properly.
+Upstream-Status: Pending
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+---
+ scripts/luks-setup.sh | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/scripts/luks-setup.sh b/scripts/luks-setup.sh
+index 5d87928..6e244d2 100755
+--- a/scripts/luks-setup.sh
+++ b/scripts/luks-setup.sh
+@@ -104,6 +104,9 @@ detect_tpm() {
+         # With newer kernel, TPM device description file is renamed
+         grep -q "TPM 2.0 Device" "/sys/class/tpm/$dev/device/firmware_node/description" 2>/dev/null &&
+             tpm_absent=0 && break
+
+       # Support virtual TPM
+       ls "/sys/class/tpm/$dev/device/driver" 2> /dev/null | grep -q MSFT0101 && tpm_absent=0 && break
+     done
+ 
+     [ $tpm_absent -eq 1 ] && print_info "No TPM device found" && return 1
+-- 
+2.23.0
diff --git a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb
index e7b436b..94b81aa 100644
--- a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb
+++ b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb
@@ -21,6 +21,7 @@ PV = "0.7.0+git${SRCPV}"
 SRC_URI = "\
    git://github.com/jiazhang0/cryptfs-tpm2.git \
+    file://0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch \
 "
 SRCREV = "87c35c63090a33d4de437f518b8da9f2d1f1d828"
author	Jason Wessel <jason.wessel@windriver.com>	2019-10-24 12:22:32 -0700
committer	Jia Zhang <zhang.jia@linux.alibaba.com>	2019-11-08 13:27:23 +0800
commit	e19748f11e061fff827ecfa0fc88af822e6f9ab4 (patch)
tree	15f7a96b855a2c3a9737293d097fc7aa671d9d84
parent	4a7afb4477449178d853272ba1a6040c20043b71 (diff)
download	meta-secure-core-e19748f11e061fff827ecfa0fc88af822e6f9ab4.tar.gz

diff --git a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2/0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2/0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch new file mode 100644 index 0000000..d9dd67e --- /dev/null +++ b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2/0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch
@@ -0,0 +1,33 @@
		1	From b586d7fb8f1e94501fd37555e65fc877b49e7f89 Mon Sep 17 00:00:00 2001
		2	From: Jason Wessel <jason.wessel@windriver.com>
		3	Date: Fri, 20 Sep 2019 13:28:04 -0700
		4	Subject: [PATCH] luks-setup.sh: Add support for qemu with the swtpm
		5
		6	The swtpm which is a 2.0 TPM implmentation with PPI 1.3 is detected
		7	slightly differently, than the hardware TPMs. This allows the
		8	luks-setup.sh to run properly.
		9
		10	Upstream-Status: Pending
		11
		12	Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
		13	---
		14	scripts/luks-setup.sh \| 3 +++
		15	1 file changed, 3 insertions(+)
		16
		17	diff --git a/scripts/luks-setup.sh b/scripts/luks-setup.sh
		18	index 5d87928..6e244d2 100755
		19	--- a/scripts/luks-setup.sh
		20	+++ b/scripts/luks-setup.sh
		21	@@ -104,6 +104,9 @@ detect_tpm() {
		22	# With newer kernel, TPM device description file is renamed
		23	grep -q "TPM 2.0 Device" "/sys/class/tpm/$dev/device/firmware_node/description" 2>/dev/null &&
		24	tpm_absent=0 && break
		25	+
		26	+ # Support virtual TPM
		27	+ ls "/sys/class/tpm/$dev/device/driver" 2> /dev/null \| grep -q MSFT0101 && tpm_absent=0 && break
		28	done
		29
		30	[ $tpm_absent -eq 1 ] && print_info "No TPM device found" && return 1
		31	--
		32	2.23.0
		33


diff --git a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb index e7b436b..94b81aa 100644 --- a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb +++ b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb
@@ -21,6 +21,7 @@ PV = "0.7.0+git${SRCPV}"
21		21
22	SRC_URI = "\	22	SRC_URI = "\
23	git://github.com/jiazhang0/cryptfs-tpm2.git \	23	git://github.com/jiazhang0/cryptfs-tpm2.git \
		24	file://0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch \
24	"	25	"
25	SRCREV = "87c35c63090a33d4de437f518b8da9f2d1f1d828"	26	SRCREV = "87c35c63090a33d4de437f518b8da9f2d1f1d828"
26		27