From e19748f11e061fff827ecfa0fc88af822e6f9ab4 Mon Sep 17 00:00:00 2001 From: Jason Wessel Date: Thu, 24 Oct 2019 12:22:32 -0700 Subject: cryptfs-tpm2: Add support for QEMU swtpm tpm2 The device nodes are in a different place when using the swtpm + ovfm + qemu. The luks-setup.sh needs to look in an additional location to properly support qemu. [ Issue: LINUXEXEC-2450 ] Signed-off-by: Jason Wessel --- ...up.sh-Add-support-for-qemu-with-the-swtpm.patch | 33 ++++++++++++++++++++++ .../recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2/0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch diff --git a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2/0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2/0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch new file mode 100644 index 0000000..d9dd67e --- /dev/null +++ b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2/0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch @@ -0,0 +1,33 @@ +From b586d7fb8f1e94501fd37555e65fc877b49e7f89 Mon Sep 17 00:00:00 2001 +From: Jason Wessel +Date: Fri, 20 Sep 2019 13:28:04 -0700 +Subject: [PATCH] luks-setup.sh: Add support for qemu with the swtpm + +The swtpm which is a 2.0 TPM implmentation with PPI 1.3 is detected +slightly differently, than the hardware TPMs. This allows the +luks-setup.sh to run properly. + +Upstream-Status: Pending + +Signed-off-by: Jason Wessel +--- + scripts/luks-setup.sh | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/scripts/luks-setup.sh b/scripts/luks-setup.sh +index 5d87928..6e244d2 100755 +--- a/scripts/luks-setup.sh ++++ b/scripts/luks-setup.sh +@@ -104,6 +104,9 @@ detect_tpm() { + # With newer kernel, TPM device description file is renamed + grep -q "TPM 2.0 Device" "/sys/class/tpm/$dev/device/firmware_node/description" 2>/dev/null && + tpm_absent=0 && break ++ ++ # Support virtual TPM ++ ls "/sys/class/tpm/$dev/device/driver" 2> /dev/null | grep -q MSFT0101 && tpm_absent=0 && break + done + + [ $tpm_absent -eq 1 ] && print_info "No TPM device found" && return 1 +-- +2.23.0 + diff --git a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb index e7b436b..94b81aa 100644 --- a/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb +++ b/meta-encrypted-storage/recipes-tpm/cryptfs-tpm2/cryptfs-tpm2_git.bb @@ -21,6 +21,7 @@ PV = "0.7.0+git${SRCPV}" SRC_URI = "\ git://github.com/jiazhang0/cryptfs-tpm2.git \ + file://0001-luks-setup.sh-Add-support-for-qemu-with-the-swtpm.patch \ " SRCREV = "87c35c63090a33d4de437f518b8da9f2d1f1d828" -- cgit v1.2.3-54-g00ecf