| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
netstat from net-tools-native is needed for swtpm_setup.sh, which uses
it to check whether the swtpm daemon has started. The scripts hangs in
a loop during startup when netstat is missing.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Native recipes must be called <foo>-native. This is more than just a
recommendation, there's actual code which checks for the suffix.
Not following that rule broke swtpm-wrappers when using the "usrmerge"
DISTRO_FEATURE, because the code in native.bbclass which cleans up
DISTRO_FEATURES for native recipes was skipped and thus swtpm-wrappers
ended up using different paths than the other native recipes.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
remove merged patch now in tip
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Pull in changes to support passing client control sockets(--ctrl
type=unixio,clientfd=<fd>), that allows to fork swtpm and communicate using
socketpair.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[v2]:
include new hash
LICENSE file changes do to removal of TCG
minor changes do to configure and makefile updates
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
minor changes to reflect configure/makefile updates
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Install systemd resource.mgr service and it needed user/group.
version 2:
- do not hardcode sbin directory in a patch but use ${sbindir} instead
Signed-off-by: Benjamin Gaignard <benjamin.gaignard@linaro.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
| |
Soon it might be possible to let qemu start swtpm directly, without
requiring root privileges as for swtpm_cuse. For that to work
we also need to wrap the swtpm binary. Just in case we now also
do it for everything.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
|
| |
|
|
|
|
|
|
|
| |
use POSIX getpwent instead of getpwent_r
This was causing the libtspi to have the getpwent_r with when loaded via tpm-tools, it would fail.
[ Yocto #11095]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
add two fixes for musl build issues.
also update to latest tip
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
The configure script checks for expect and socat and
fails when it is not present.
Signed-off-by: Benjamin Gaignard <benjamin.gaignard@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
backport two upstream patches and remove local verison
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Brings in instructions for setting the log level. Setting the log level
with --log file=...,level=1 is necessary at the moment before anything
gets written to the log. Even errors are suppressed by default.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Native tools exist in recipe specific sysroots and are normally
not meant to be called from outside a build. But that's what we
need to do when using swtpm-native together with qemu, so these
wrappers make that possible by setting up the necessary environment
and hiding the internal paths.
Invoking swtpm_setup.sh gets some special support: swtpm_setup.sh runs
two daemons, tcsd and swtpm, of which tcsd insists on running as root
or tss. In practice, running as the normal user is perfectly
fine. Instead of patching the upstream source code, the approach take
here is to run under pseudo.
Usage examples:
$ bitbake swtpm-wrappers
$ mkdir -p my-machine/myvtpm0
$ tmp-glibc/work/x86_64-linux/swtpm-wrappers/1.0-r0/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0
Starting vTPM manufacturing as root:root @ Mon 16 Jan 2017 04:09:21 PM CET
TPM is listening on TCP port 55675.
-rw------- 1 root root 65 Jan 16 16:09 /tmp/tmp.2yJBKTTwRk
Ending vTPM manufacturing @ Mon 16 Jan 2017 04:09:21 PM CET
The resulting "my-machine/myvtpm0" can then be used with swtpm (this
time, it really has to be running as root because it uses CUSE to
create /dev/vtpm0, and an absolute path is needed for the tpm state
dir) and qemu-tpm (patches not currently in OE-core, have to be
applied manually):
$ sudo tmp-glibc/work/x86_64-linux/swtpm-wrappers/1.0-r0/swtpm_cuse_oe.sh -n vtpm0 --tpmstate dir=`pwd`/my-machine/myvtpm0
$ sudo chmod a+rw /dev/vtpm0
$ runqemu ... 'qemuparams=-tpmdev cuse-tpm,id=tpm0,path=/dev/vtpm0 -device tpm-tis,tpmdev=tpm0'
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The CUSE support in swtpm does not depend on selinux. It is needed
for simulating a virtual TPM, one of the use cases for swtpm-native, so
enable it by default.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building for x86-64, gcc complains:
tpm_ioctl.c:866:9: error: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 2 has type ‘long unsigned int’ [-Werror=format=]
| printf("ptm capability is 0x%llx\n", (uint64_t)devtoh64(is_chardev, cap));
| ^
| cc1: all warnings being treated as errors
Casting to "long long unsigned" matches the format specifier in all
cases, including those where "long long" is larger than 64 bits.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
The configure script checks for tpm_nvdefine from tpm-tools and fails
when it is not present.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For use with qemu-tpm as described in the swtpm main README, swtpm
must be compiled natively. nativesdk is added just in case that
someone wants to add this to an SDK.
The fix_lib_search_path.patch was recently removed during the version
update, but it is still needed when building natively. Here's a
version that applies cleanly again.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream dist/Makefile.am ensures that /etc/tcsd.conf is owned by
tss:tss, and that must not be changed because otherwise tcsd refuses
to start.
In addition, tss group and user should be added as special system
group resp. user, because they are not normal users. This also avoids
the host-user-contaminated QA warning because the "tss" user will
typically not get assigned a UID from the same range as the host user
that is used for building.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Installing tpm-tools for tools like tpm_takeown pull in the libtspi
package, but the resulting system is not functional unless the tcsd
(from the main "trousers" package) also gets installed. A RRECOMMENDS
entry for that takes care of that automatically.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The soname of libtspi.so is "libtspi.so.1" and therefore apps
linked against that library depend on the libtspi.so.1 symlink
to find the library.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
fix signed build issues
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
fix several build issues
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
convert to git and remove incorperated patches
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
remove incorperated patches.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Backport patches to fix compilation.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
.8/src/tpm_mgmt/tpm_present.c
| ../../../tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c: In function 'main':
| ../../../tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c:358:5: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
| if (szTpmPasswd && !isWellKnown)
| ^~
| ../../../tpm-tools-1.3.8/src/tpm_mgmt/tpm_present.c:360:2: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
| return iRc;
| ^~~~~~
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
V2:
Change ${S} and add OECMAKE_SOURCEPATH
use ${S} instead of ${WORKDIR} in sed cmd
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
V2:
remove CACHED_CONFIGUREVARS, not needed after all
fix typo in selinux option
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
V2:
- use SRCPV
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
V2:
- drop 1.0 from PV
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Thomas Perrot <thomas.perrot@tupi.fr>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
| |
NOTE: meta-security/recipes-tpm/trousers/trousers_0.3.13.bb: base_contains is deprecated, please use bb.utils.contains instead.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
| |
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
