summaryrefslogtreecommitdiffstats
path: root/meta-tpm
Commit message (Collapse)AuthorAgeFilesLines
...
* layer.conf: update LAYERSERIES_COMPAT for nanbieldMartin Jansa2023-09-111-1/+1
| | | | | | | | * oe-core switched to nanbield in: https://git.openembedded.org/openembedded-core/commit/?id=f212cb12a0db9c9de5afd3cc89b1331d386e55f6 Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer: add QA_WARNINGS to all layersArmin Kuster2023-08-061-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-tpm linux-yocto-rt: Add the bbappend for rt kernelArmin Kuster2023-08-061-0/+1
| | | | | | | So that the security features in this layer can be used on the rt kernel. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-security-tpm2: add more pkgsArmin Kuster2023-07-311-0/+3
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup: add python3-tpm2-pytssArmin Kuster2023-07-311-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python3-tpm2-pytss: add python tss2 supportArmin Kuster2023-07-311-0/+15
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* .patch: remove probably unused patchesMartin Jansa2023-06-255-204/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There could be some false possitives (the script is far from perfect), so please test it on your QA, I've only double checked with "git grep" (the script looks only in parent directory). @ ~/layers/meta-security $ /OE/extra-layers/meta-ros/scripts/check-patch-files.sh . ./recipes-ids/tripwire/files/add_armeb_arch.patch: not used in any recipe ./dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-To-fix-build-error-of-xrang.patch: not used in any recipe ./recipes-scanners/clamav/files/fix2_libcurl_check.patch: not used in any recipe ./recipes-scanners/arpwatch/files/postfix_workaround.patch: not used in any recipe ./meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch: not used in any recipe ./meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch: not used in any recipe ./meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch: not used in any recipe ./meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch: not used in any recipe ./meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch: not used in any recipe ./recipes-mac/AppArmor/files/disable_perl_h_check.patch: not used in any recipe @ ~/layers/meta-security $ git grep add_armeb_arch.patch @ ~/layers/meta-security $ git grep 0001-To-fix-build-error-of-xrang.patch @ ~/layers/meta-security $ git grep fix2_libcurl_check.patch @ ~/layers/meta-security $ git grep postfix_workaround.patch @ ~/layers/meta-security $ git grep Use-format-s-for-call-to-dprintf.patch @ ~/layers/meta-security $ git grep fix_signed_issue.patch @ ~/layers/meta-security $ git grep Convert-another-vdprintf-to-dprintf.patch @ ~/layers/meta-security $ git grep fix_lib_search_path.patch @ ~/layers/meta-security $ git grep fix_fcntl_h.patch @ ~/layers/meta-security $ git grep disable_perl_h_check.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-tpm: *.patch: fix malformed Upstream-Status linesMartin Jansa2023-06-255-5/+5
| | | | | | | | | | | | | * as reported by openembedded-core/scripts/contrib/patchreview.py -v . Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/ibmswtpm2/files/tune-makefile.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/configure_oe_fixup.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/fix_header_file.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch Malformed Upstream-Status 'Malformed Upstream-Status in patch meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fixup_hosttools.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* *.patch: add Upstream-Status to all patchesMartin Jansa2023-06-255-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | There is new patch-status QA check in oe-core: https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a This is temporary work around just to hide _many_ warnings from optional patch-status (if you add it to WARN_QA). This just added Upstream-Status: Pending everywhere without actually investigating what's the proper status. This is just to hide current QA warnings and to catch new .patch files being added without Upstream-Status, but the number of Pending patches is now terrible: 0 (0%) meta-parsec N/A (0%) meta-hardening 1 (100%) meta-integrity 15 (68%) meta-tpm 27 (61%) meta-security Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: fix parser error when using USERADDEXTENSION="useradd-staticids"Ahmed Abdelfattah2023-06-111-1/+1
| | | | | | | | pass the required argument to --home-dir fixes: Bugzilla-15034 Signed-off-by: Ahmed Abdelfattah <a.abfattah@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmswtpm2: update to 164-2020-192.1Andrew Geissler2023-06-031-4/+5
| | | | | | | | | | | | | This version supports openssl 3.1 The maintainer changed his tag versions hence the different looking version. The maintainer also has stopped releasing tar files and asked we directly grab from git. Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-yocto: remove tpm_x86.cfgMikko Rapeli2023-06-031-4/+0
| | | | | | | It's not used by linux-yocto bbappends in any configuration. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-yocto: support tpm and tpm2 on all architecturesMikko Rapeli2023-06-031-10/+1
| | | | | | | | arm, arm64 and other machines can also have tpm and tpm2 devices and the config snippets tpm.scc and tpm2.scc work there too. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libhoth_git.bb:SRCREV bump 1622e8a04..d769296220dJohn Edward Broadbent2023-05-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Updating libhoth to match version in openbmc https://gerrit.openbmc.org/c/openbmc/openbmc/+/63424 libhoth detailed changes: Willy Tu Expose header files expose USB APIs aranikam Add flash_spi_info command Add address mode flag for spi update/read Chris Evans Rename ec_ commands; permit old command names as an alias. Apply clang-format, and enable it as a check action. (#24) Sui Chen Add payload status Add console snapshot Daimeng Wang libhoth: automated mtd mailbox discovery libhoth: implement MTD transport libhoth: add MTD backend boilerplate API Yoan Andreev Dont check for non-snapshot console params Extern c wrap (#22) Build improvements (#18) Add basic abstraction to libhoth and SPIDEV support (#17) Vidya Satyamsetti Add extern Kor Nielsen htool console: Don't leave O_NONBLOCK set on stdin [fix] In legacy mailbox protocol, look at response size. [fix] Support legacy response buffers larger than 62 bytes. [feat] htool: Support Hoth-B devices. Add --baud_rate flag to "htool console". Setup github workflow to build project. Rename "htool console -l" to "htool console -n". Add --onlcr flag to "htool console". Make example visibility public. Fix BUILD file formatting. Remove out-of-date :enumerate and :ec_hello. Add libusb to bazel WORKSPACE. Fix undefined behavior in htool command handling. Signed-off-by: John Edward Broadbent <jebr@google.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: Insert addpylib declarationArmin Kuster2023-05-221-0/+2
| | | | | | | | | | | Yocto mickledore introduced the addpylib directive for explicitly adding layer paths to the PYTHONPATH. Standalone OEQA test suite discovery does not require this directive but it is required to import test cases from other layers, e.g. to extend and modify the test cases. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-security-tpm2: restore pkgs removed earlierArmin Kuster2023-05-061-0/+5
| | | | | | | | | commit: 0594aee packagegroup-security-tpm2.bb: remove dynamic pkgs is causing an issue with some users. Restore the packages and opted to fix via PACKAGE_ARCH = "${TUNE_PKGARCH}" Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: drop vendor from PACKAGECONFIGArmin Kuster2023-05-061-1/+1
| | | | | | | fixes: WARNING: tpm2-tss-4.0.1-r0 do_configure: QA Issue: tpm2-tss: invalid PACKAGECONFIG: vendor [invalid-packageconfig] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* maintainers.inc: rename to avoid clashes with oe-coreAlexander Kanavin2023-05-061-0/+0
| | | | | | | | | | Additional maintainer entries should be added to ones provided by oe-core, but not be replacing them, as that breaks oe-core tests. Another option is to place them directly into recipes. Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtpm: update to 0.9.6Armin Kuster2023-05-061-1/+1
| | | | | | include: CVE-2023-1017 & CVE-2023-1018 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* swtpm: update to 0.8.0Armin Kuster2023-05-061-2/+2
| | | | | | includes CVE-2022-23645 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes-tpm: use this for common tpm recipesArmin Kuster2023-05-068-0/+0
| | | | | | a bit of re-org Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-tpm: rename recipes-tpm to recipes-tpm1Armin Kuster2023-05-0628-0/+0
| | | | | | a bit of re-org. Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: Remove unnecessary and optional dependenciesPeter Kjellerstedt2023-05-061-4/+1
| | | | | | | | | | | | | | | * The dependency on autoconf-archive is only needed when building from the Git repository (and it should really be autoconf-archive-native). * Removing the build dependency on tpm2-abrmd does not change the output in any way, i.e., nothing is used from it. * The runtime dependency on libtss2 is added automatically by bitbake since /usr/bin/tpm2 is linked with libtss2-esys.so.0. * The runtime dependency on tpm2-abrmd is optional. Such dependencies are better handled at a higher level, e.g., by depending on packagegroup-security-tpm2. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: correct CVE productPeter Marko2023-03-261-0/+2
| | | | | | | | | | | | | | | | | Currently CVE-2023-22745 does not show up in kirkstone CVE report. This fixes that. Products from yocto's CVE check NVD database: sqlite> select * from products where product like "tpm2%"; CVE-2017-7524|tpm2-tools_project|tpm2.0-tools|||1.1.0|<= CVE-2020-24455|tpm2_software_stack_project|tpm2_software_stack|||2.4.3|< CVE-2020-24455|tpm2_software_stack_project|tpm2_software_stack|3.0.0|>=|3.0.1|< CVE-2021-3565|tpm2-tools_project|tpm2-tools|5.1|>=|5.1.1|< CVE-2021-3565|tpm2-tools_project|tpm2-tools|||4.3.2|< CVE-2023-22745|tpm2_software_stack_project|tpm2_software_stack|||4.0.0|<= Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-tpm/layer: lower the priority from 10 to 6Jose Quaresma2023-03-201-1/+1
| | | | | | | | | | The priority change on sumo version without any description. Since then is very hard to add in other layers a new version of any recipe on this layer with such priority so these patch reverts the priority back to 6. Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-abrmd: upgrade 2.4.1 -> 3.0.0Petr Gotthard2023-02-221-1/+1
| | | | | | | | Changelog: https://github.com/tpm2-software/tpm2-abrmd/blob/3.0.0/CHANGELOG.md Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: upgrade 1.8.0 -> 1.9.0Petr Gotthard2023-02-221-6/+1
| | | | | | | | Changelog: https://github.com/tpm2-software/tpm2-pkcs11/blob/1.9.0/CHANGELOG.md Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: upgrade 5.3 -> 5.5Petr Gotthard2023-02-221-6/+1
| | | | | | | | Changelog: https://github.com/tpm2-software/tpm2-tools/blob/5.5/docs/CHANGELOG.md Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: upgrade 3.2.0 -> 4.0.1Petr Gotthard2023-02-222-13/+9
| | | | | | | | Changelog: https://github.com/tpm2-software/tpm2-tss/blob/4.0.1/CHANGELOG.md Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* linux-yocto: drop version from bbappendsMikko Rapeli2023-02-061-0/+0
| | | | | | | | | | | | | | | | | | | These bbappends apply to multiple kernel versions so no need to make them version dependent. Fixes recipe parsing when using meta-security master branch on kirkstone. In our custom layer we set layer compatibility for kirkstone and I understand why meta-security upstream would not want to do that: LAYERSERIES_COMPAT_security-layer += 'kirkstone' LAYERSERIES_COMPAT_parsec-layer += 'kirkstone' LAYERSERIES_COMPAT_tpm-layer += 'kirkstone' While I work towards supporting also yocto master branch and newer releases than kirkstone, I would appreciate if I would not have to branch off layers over minor details like this. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-tpm: bump linux-yocto to 6.x kernelArmin Kuster2023-01-281-0/+0
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* layer.conf: update LAYERSERIES_COMPAT for mickledoreMartin Jansa2023-01-041-1/+1
| | | | | | | | * oe-core switched to mickedore in: https://git.openembedded.org/openembedded-core/commit/?id=57239d66b933c4313cf331d35d13ec2d0661c38f Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: update to 5.3Michael Haener2022-11-191-2/+2
|
* tpm2-openssl: update to 1.1.1Michael Haener2022-10-241-1/+1
| | | | | Signed-off-by: Michael Haener <michael.haener@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm: update the linux-yocto rule with the one from sanity-meta-tpm classMichael Haener2022-09-251-1/+1
|
* swtpm: update to 0.7.3Armin Kuster2022-08-022-24/+1
| | | | | | drop musl patch.Fix another way Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmswtpm2: update to 1682Armin Kuster2022-08-022-4/+4
| | | | | | fixes openssl 3.0 support Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmswtpm2: fix UPSTREAM_CHECKArmin Kuster2022-08-021-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmtpm2tss: update version formatArmin Kuster2022-08-021-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libtpm: upgrade 0.9.3 -> 0.9.5Armpit's Upgrade Helper2022-07-301-1/+1
|
* tpm2-tcti-uefi: Add UPSTREAM_CHECK_URIArmin Kuster2022-07-301-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-abrmd: add UPSTREAM_CHECK_URIArmin Kuster2022-07-301-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-pkcs11: Add UPSTREAM_CHECK_URIArmin Kuster2022-07-301-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-openssl: Add UPSTREAM_CHECK_URIArmin Kuster2022-07-301-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tools: Add UPSTREAM_CHECK_URIArmin Kuster2022-07-301-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss: add UPSTREAM_CHECK_URIArmin Kuster2022-07-301-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tpm2-tss-engine: add UPSTREAM_CHECK_URIArmin Kuster2022-07-301-0/+2
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ibmtpm2tss: fix SRC_URIArmin Kuster2022-07-301-1/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* packagegroup-security-tpm: add libhoth to pkg grpArmin Kuster2022-07-301-0/+1
| | | | Signed-off-by: Armin Kuster <akuster808@gmail.com>
* meta-security: Add recipe for libhothJohn Edward Broadbent2022-07-301-0/+17
| | | | | | | | Libhoth is usb protocol implementation which is required for hoth class devices Signed-off-by: John Edward Broadbent <jebr@google.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-22 07:01:57 +0000