| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
0005-tpm-openssl-tpm-engine-parse-an-encrypted-TPM-key-pa.patch to 0.5.0
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
change to a fork that is being maintained and that enabled openssl 1.1
Refresh patches
Drop one no longer needed
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Backport from meta-security
http://git.yoctoproject.org/cgit/cgit.cgi/meta-security/commit/?id=3bae06e29b60d71177cb63ad0b85bc5c46f7a144
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
| |
|
|
| |
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- Support openssl 1.1.x
- Fix compile warning
|tpm_extendpcr.c:55:4: warning: 'strncpy' specified bound 4096 equals
destination size [-Wstringop-truncation]
| strncpy(in_filename, aArg, PATH_MAX);
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
| |
|
|
| |
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
when openssl-tpm-engine lib is used on an unattended device, there is no
way to input TPM key password. So add this feature to support parse an
encrypted(AES algorithm) TPM key password from env.
The default decrypting AES password and salt is set in bb file.
When we create a TPM key(TSS format), generate a 8 bytes random data
as its password, and then we need to encrypt the password with the same
AES password and salt in bb file.
At last, we set a env as below:
export TPM_KEY_ENC_PW=xxxxxxxx
"xxxxxxxx" is the encrypted TPM key password for libtpm.so.
Signed-off-by: Meng Li <Meng.Li@windriver.com>
|
| |
|
|
| |
Signed-off-by: Jia Zhang <lans.zhang2008@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
| |
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before, we support reading SRK password from env TPM_SRK_PW,
but it is a plain password and not secure.
So, we improve it and support to get an encrypted (AES algorithm)
SRK password from env, and then parse it. The default decrypting
AES password and salt is set in bb file.
When we initialize TPM, and set a SRK pw, and then we need to
encrypt it with the same AES password and salt by AES algorithm.
At last, we set a env as below:
export TPM_SRK_ENC_PW=xxxxxxxx
"xxxxxxxx" is the encrypted SRK password for libtpm.so.
Signed-off-by: Meng Li <Meng.Li@windriver.com>
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
|
|
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
|
