| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Upstream and other distros like Debian use package name
libtpms so use this name for recipe too to match CVEs etc.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Needed by newer swtpm. Improves error messages etc.
Changes:
https://github.com/stefanberger/libtpms/releases/tag/v0.10.0
version 0.10.0:
tpm2: Support for profiles: default-v1 & custom
tpm2: Add new API call TPMLIB_SetProfile to enable user to set a profile
tpm2: Extende TPMLIB_GetInfo to return profiles-related info
tpm2: Implemented crypto tests and restrictions on crypto related to
FIPS-140-3; can be enabled with profiles
tpm2: Enable Camellia-192 and AES-192
tpm2: Implement TPMLIB_WasManufactured API call
tpm2: Fixes for issues detected by static analyzers
tpm2: Use OpenSSL-based KDFe implementation if possible
tpm2: Update to TPM 2 spec rev 183 (many changes)
tpm2: Better support for OpenSSL 3.x
tpm2: Use Carmichael function for RSA priv. exponent D (>= 2048 bits)
tpm2: Fixes for CVE-2023-1017 and CVE-2023-1018
tpm2: Fix of SignedCompareB().
NOTE: This fix may result in backwards compatibility issues with
PCR policies used by TPM2_PolicyCounterTimer and TPM2_PolicyNV
when upgrading from v0.9 to v0.10.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
systemd-boot will then measure boot components to TPM device.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Enable "tpm2" support if "tpm2" is in DISTRO_FEATURES.
Also enable cryptsetup, openssl and repart features which
are needed to use TPM device to encrypt filesystems with
systemd configuration. See:
https://www.freedesktop.org/software/systemd/man/latest/systemd-repart.html#--tpm2-device=
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
"tpm2" is used elsewhere in distro and machine featues to
enable TPM device support.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this there is a floating dependency which can fall back
to build host and possibly fail if header file is found but
shared library not. Without this change do_configure log
shows:
checking for efivar... no
checking for efivar/efivar.h... no
../tpm2-tools-5.7/configure: line 15461: efivar: command not found
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Measured Boot is the term used to describe the process of securely
recording and computing hashes of code and critical data at each stage
in the boot chain prior to their use.
These measurements can be employed by other system components to
establish a comprehensive attestation system. For example, they could be
employed to enforce local attestation policies (such as the release of
specific platform keys) or to securely transmit them to a remote
challenger, also known as a verifier, post-boot to verify the condition
of the code and critical data.
Measured launch does not authenticate the code or critical data; rather,
it records the code or critical data that was present on the system
during boot.
Initially, the TPM measures the BIOS/EFI layer in the fundamental flow.
This measurement involves the generation of a cryptographic hash of the
binary image and the verification of the binary instructions that this
layer will execute. The TPM stores the generated hash in one of the
numerous "slots" in the Platform Configuration Register (PCR). The TPM
or entities external to the TPM can read these portions of memory at a
later time; however, they are unalterable once they have been written.
These memory pieces are protected by integrity protection from the
instant they are first written. This guarantees that the value written
to a PCR by the TPM will remain constant for the duration of the system,
unless the system is powered off or rebooted.
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
few more layers to fixup
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Include Security fixes:
Fixed CVE-2024-29038
Fixed CVE-2024-29039
Changelog:
https://github.com/tpm2-software/tpm2-tools/releases/tag/5.7
https://github.com/tpm2-software/tpm2-tools/releases/tag/5.6
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream changlog shows that python 3.12 support
was added/fixed in version 2.2.0:
https://github.com/tpm2-software/tpm2-pytss/blob/master/CHANGELOG.md
To fix build error:
| DEBUG: Executing python function autotools_aclocals
| DEBUG: SITE files ['endian-little', 'bit-64', 'arm-common', 'arm-64', 'common-linux', 'common-glibc', 'aarch64-linux', 'common']
| DEBUG: Python function autotools_aclocals finished
| DEBUG: Executing shell function do_compile
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/__init__.py:80: _DeprecatedInstaller: setuptools.installer and fetch_build_eggs are deprecated.
| !!
|
| ********************************************************************************
| Requirements should be satisfied by a PEP 517 installer.
| If you are using pip, you can try `pip install --use-pep517`.
| ********************************************************************************
|
| !!
| dist.fetch_build_eggs(dist.setup_requires)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:27: SyntaxWarning: invalid escape sequence '\('
| s = re.sub("#define TSS2_RC_LAYER\(level\).*", "", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:28: SyntaxWarning: invalid escape sequence '\('
| s = re.sub("(#define.*)TSS2_RC_LAYER\(0xff\)", "\g<1>0xff0000", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:28: SyntaxWarning: invalid escape sequence '\g'
| s = re.sub("(#define.*)TSS2_RC_LAYER\(0xff\)", "\g<1>0xff0000", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:31: SyntaxWarning: invalid escape sequence '\*'
| s = re.sub("/\*.*?\*/", "", s, flags=re.MULTILINE)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:34: SyntaxWarning: invalid escape sequence '\('
| s = re.sub("(#define [A-Za-z0-9_]+) +\(\(.*?\) \(.*?\)\)", "\g<1>...", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:34: SyntaxWarning: invalid escape sequence '\g'
| s = re.sub("(#define [A-Za-z0-9_]+) +\(\(.*?\) \(.*?\)\)", "\g<1>...", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:35: SyntaxWarning: invalid escape sequence '\('
| s = re.sub("(#define [A-Za-z0-9_]+) +\(\(.*?\).*?\) ", "\g<1>...", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:35: SyntaxWarning: invalid escape sequence '\g'
| s = re.sub("(#define [A-Za-z0-9_]+) +\(\(.*?\).*?\) ", "\g<1>...", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:37: SyntaxWarning: invalid escape sequence '\)'
| "(#define [A-Za-z0-9_]+) .*\n.*?.*\)\)", "\g<1>...", s, flags=re.MULTILINE
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:37: SyntaxWarning: invalid escape sequence '\g'
| "(#define [A-Za-z0-9_]+) .*\n.*?.*\)\)", "\g<1>...", s, flags=re.MULTILINE
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:39: SyntaxWarning: invalid escape sequence '\g'
| s = re.sub("(#define [A-Za-z0-9_]+) .*", "\g<1>...", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:42: SyntaxWarning: invalid escape sequence '\['
| s = re.sub("\[.+?\]", "[...]", s)
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:77: SyntaxWarning: invalid escape sequence '\)'
| "#define TPM2_MAX_TAGGED_POLICIES.*\n.*TPMS_TAGGED_POLICY\)\)",
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:262: SyntaxWarning: invalid escape sequence '\s'
| "TSS2_RC\s+Tss2_MU_BYTE_Marshal\(.+?\);", s, re.DOTALL | re.MULTILINE
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:266: SyntaxWarning: invalid escape sequence '\s'
| "TSS2_RC\s+Tss2_MU_BYTE_Marshal\(.+?\);", "", s, 1, re.DOTALL | re.MULTILINE
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:270: SyntaxWarning: invalid escape sequence '\s'
| "TSS2_RC\s+Tss2_MU_BYTE_Unmarshal\(.+?\);", s, re.DOTALL | re.MULTILINE
| /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts/prepare_headers.py:274: SyntaxWarning: invalid escape sequence '\s'
| "TSS2_RC\s+Tss2_MU_BYTE_Unmarshal\(.+?\);",
| adding path: /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/scripts
| Traceback (most recent call last):
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/tpm2-pytss-2.1.0/setup.py", line 280, in <module>
| setup(
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/__init__.py", line 103, in setup
| return distutils.core.setup(**attrs)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/_distutils/core.py", line 146, in setup
| _setup_distribution = dist = klass(attrs)
| ^^^^^^^^^^^^
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/dist.py", line 307, in __init__
| _Distribution.__init__(self, dist_attrs)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/_distutils/dist.py", line 286, in __init__
| self.finalize_options()
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/dist.py", line 659, in finalize_options
| ep(self)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/setuptools/dist.py", line 679, in _finalize_setup_keywords
| ep.load()(self, ep.name, value)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/setuptools_ext.py", line 216, in cffi_modules
| add_cffi_module(dist, cffi_module)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/setuptools_ext.py", line 49, in add_cffi_module
| execfile(build_file_name, mod_vars)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/setuptools_ext.py", line 25, in execfile
| exec(code, glob, glob)
| File "scripts/libtss2_build.py", line 69, in <module>
| ffibuilder.cdef(open("libesys.h").read())
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/api.py", line 112, in cdef
| self._cdef(csource, override=override, packed=packed, pack=pack)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/api.py", line 126, in _cdef
| self._parser.parse(csource, override=override, **options)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/cparser.py", line 389, in parse
| self._internal_parse(csource)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/cparser.py", line 396, in _internal_parse
| self._process_macros(macros)
| File "/home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/recipe-sysroot-native/usr/lib/python3.12/site-packages/cffi/cparser.py", line 479, in _process_macros
| raise CDefError(
| cffi.CDefError: only supports one of the following syntax:
| #define TPM2_HR_PCR ... (literally dot-dot-dot)
| #define TPM2_HR_PCR NUMBER (with NUMBER an integer constant, decimal/hex/octal)
| got:
| #define TPM2_HR_PCR ...<< TPM2_HR_SHIFT)
| ERROR: 'python3 setup.py build ' execution failed.
| WARNING: /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/temp/run.do_compile.2430604:190 exit 1 from 'exit 1'
| WARNING: Backtrace (BB generated script):
| #1: bbfatal_log, /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/temp/run.do_compile.2430604, line 190
| #2: setuptools3_legacy_do_compile, /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/temp/run.do_compile.2430604, line 180
| #3: do_compile, /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/temp/run.do_compile.2430604, line 162
| #4: main, /home/builder/src/base/build/tmp_trs-qemuarm64/work/cortexa57-trs-linux/python3-tpm2-pytss/2.1.0/temp/run.do_compile.2430604, line 194
NOTE: recipe python3-tpm2-pytss-2.1.0-r0: task do_compile: Failed
ERROR: Task (/home/builder/src/base/build/../meta-security/meta-tpm/recipes-tpm2/tpm2-pytss/python3-tpm2-pytss_2.1.0.bb:do_compile) failed with exit code '1'
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Replace references of WORKDIR with UNPACKDIR where it makes sense to do so in preparation for changing the default value of UNPACKDIR.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream removed gcrypt backend as part of the 3.0.0 release
(https://github.com/tpm2-software/tpm2-tss/pull/1781), but it was not
removed from the recipe during the update.
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* WORKDIR -> UNPACKDIR transition
* Switch away from S = WORKDIR
Signed-off-by: Changqing Li <changqing.li@windriver.com>
[Fixed up the smack changes due to prior patch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump tpm2-tss library version from 4.0.1 to 4.1.2.
This simply involves renaming the recipe and chaning the target SHA256
library file hash.
Also update the fixup_hosttools.patch to apply to the new version of the
library. It stays the same functionally, but some line numbers needed to
be updated to apply cleanly.
Signed-off-by: Valentin Kunin <kunin@google.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Dependency for nativesdk-swtpm
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
nativesdk-swtpm needs nativesdk-libtpm
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
tpm2-pkcs11-tools-native needs tpm2-tools-native
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
swtpm-native requires tpm2-pkcs11-tools-native for gnutls PACKAGECONFIG
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
version 0.8.2:
- swtpm:
- cuse: Lock file_ops_lock before reading tpm_running
- build-sys:
- Add support for --disable-tests to disable tests
https://github.com/stefanberger/swtpm/compare/v0.8.1...v0.8.2
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
* Refresh patch
* Fix UPSTREAM_CHECK_GITTAGREGEX
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Remove '-DALG_CAMELLIA=ALG_NO' from CFLAGS to fix compile error:
| TpmProfile_Common.h:109: error: "ALG_CAMELLIA" redefined [-Werror]
| 109 | #define ALG_CAMELLIA ALG_YES
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
V2] Fix typo in python3-pyinotify changes
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nicholas Nooney (1):
Update error messages in htool_exec_hostcmd (#43)
Royce (1):
Add ability to process raw host commands (#41)
Yoan Andreev (1):
Payload getstatus (#40)
daimeng (1):
htool: Allow console snapshot on proxy channels (#42)
Signed-off-by: Yushi Sun <yushis@google.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
systemd tool ukify
https://www.freedesktop.org/software/systemd/man/latest/ukify.html
depends on systemd-measure
https://www.freedesktop.org/software/systemd/man/latest/systemd-measure.html
which depends on tpm2-tss. So to support creating UKI
images containing both kernel and initramfs with systemd-native,
tpm2-tss support is needed for native too.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Erik Schilling <erik.schilling@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
Dawid Dabrowski
Add support for payload update protocol for generic Titan images.
Nick Nooney
Add BUILD rules to support using libhoth with external tools.
Yoan Andreev
Add spi passthrough enable and disable commands.
Add arm_coordinated_reset.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
Royce Rajan
0e3eec6 Claim + Release USB connection when running `htool console`
b36ebfc bazel: Stamp Git commit as version
fd90feb meson: Stamp Git commit as version
ba1403d Add get/clear panic record commands (#30)
Chris Evans
e34e9bd Update README.md for recently-added commands.
Daimeng Wang
611381e htool: Implement authz_record read/erase/build/set
aaed60f htool: Add authz_record command API
ad68019 libhoth: MTD allows zero byte read
Pai Peng
101f711 Add the 'statistics' command
Signed-off-by: John Broadbent <jebr@google.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
* oe-core switched to nanbield in:
https://git.openembedded.org/openembedded-core/commit/?id=f212cb12a0db9c9de5afd3cc89b1331d386e55f6
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
So that the security features in this layer can be used on the
rt kernel.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There could be some false possitives (the script is far from perfect), so please
test it on your QA, I've only double checked with "git grep" (the script looks
only in parent directory).
@ ~/layers/meta-security $ /OE/extra-layers/meta-ros/scripts/check-patch-files.sh .
./recipes-ids/tripwire/files/add_armeb_arch.patch: not used in any recipe
./dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch: not used in any recipe
./recipes-scanners/clamav/files/fix2_libcurl_check.patch: not used in any recipe
./recipes-scanners/arpwatch/files/postfix_workaround.patch: not used in any recipe
./meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch: not used in any recipe
./meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch: not used in any recipe
./meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch: not used in any recipe
./meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch: not used in any recipe
./meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch: not used in any recipe
./recipes-mac/AppArmor/files/disable_perl_h_check.patch: not used in any recipe
@ ~/layers/meta-security $ git grep add_armeb_arch.patch
@ ~/layers/meta-security $ git grep 0001-To-fix-build-error-of-xrang.patch
@ ~/layers/meta-security $ git grep fix2_libcurl_check.patch
@ ~/layers/meta-security $ git grep postfix_workaround.patch
@ ~/layers/meta-security $ git grep Use-format-s-for-call-to-dprintf.patch
@ ~/layers/meta-security $ git grep fix_signed_issue.patch
@ ~/layers/meta-security $ git grep Convert-another-vdprintf-to-dprintf.patch
@ ~/layers/meta-security $ git grep fix_lib_search_path.patch
@ ~/layers/meta-security $ git grep fix_fcntl_h.patch
@ ~/layers/meta-security $ git grep disable_perl_h_check.patch
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* as reported by openembedded-core/scripts/contrib/patchreview.py -v .
Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/fix_header_file.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch
Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a
This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).
This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.
This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:
0 (0%) meta-parsec
N/A (0%) meta-hardening
1 (100%) meta-integrity
15 (68%) meta-tpm
27 (61%) meta-security
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
pass the required argument to --home-dir
fixes: Bugzilla-15034
Signed-off-by: Ahmed Abdelfattah <a.abfattah@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This version supports openssl 3.1
The maintainer changed his tag versions hence the different looking
version.
The maintainer also has stopped releasing tar files and asked we
directly grab from git.
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
It's not used by linux-yocto bbappends in any configuration.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
arm, arm64 and other machines can also have tpm and tpm2 devices
and the config snippets tpm.scc and tpm2.scc work there too.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating libhoth to match version in openbmc
https://gerrit.openbmc.org/c/openbmc/openbmc/+/63424
libhoth detailed changes:
Willy Tu
Expose header files expose USB APIs
aranikam
Add flash_spi_info command
Add address mode flag for spi update/read
Chris Evans
Rename ec_ commands; permit old command names as an alias.
Apply clang-format, and enable it as a check action. (#24)
Sui Chen
Add payload status
Add console snapshot
Daimeng Wang
libhoth: automated mtd mailbox discovery
libhoth: implement MTD transport
libhoth: add MTD backend boilerplate API
Yoan Andreev
Dont check for non-snapshot console params
Extern c wrap (#22)
Build improvements (#18)
Add basic abstraction to libhoth and SPIDEV support (#17)
Vidya Satyamsetti
Add extern
Kor Nielsen
htool console: Don't leave O_NONBLOCK set on stdin
[fix] In legacy mailbox protocol, look at response size.
[fix] Support legacy response buffers larger than 62 bytes.
[feat] htool: Support Hoth-B devices.
Add --baud_rate flag to "htool console".
Setup github workflow to build project.
Rename "htool console -l" to "htool console -n".
Add --onlcr flag to "htool console".
Make example visibility public.
Fix BUILD file formatting.
Remove out-of-date :enumerate and :ec_hello.
Add libusb to bazel WORKSPACE.
Fix undefined behavior in htool command handling.
Signed-off-by: John Edward Broadbent <jebr@google.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
