- 0001-Temporary-fix-for-build-without-C.patch, AC_PROG_CXX line
number changed.
- Makefile-fuzz-generated.am now in size zero.
- json-c, libcurl: new (FAPI) dependencies since tpm2-tss version 2.4.0
Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bugfix release, fixing a number of issues:
- Fixed mixing salted and unsalted sessions in the same ESAPI context
- Removed use of VLAs from TPML marshal code
- Added check for object node before calling compute_session_value function
- Fixed auth calculation in Esys_StartAuthSession called with optional parameters
- Fixed compute_encrypted_salt error handling in Esys_StartAuthSession
- Fixed exported symbols map for libtss2-mu
The 2.3.3 tarball accidently contains a Makefile-fuzz-generated.am with
content from a fuzz testing run (rather than an empty file as in earlier
releases), confusing autoreconf together with our
0001-configure-Only-use-CXX-when-fuzzing.patch.
Work around that by adding a post-patch hook to truncate the file. The
issue has been reported upstream and the release logic has been changed to
ensure this does not happen again for future releases:
d163041e3b
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- Drop patch (already in version)
- Update hash of license file (SPDX ID has been removed with
0dbc84ee45)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: use --disable-defaultflags and explicitly pass -std=c99]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a number of issues discovered post-2.1.2. For details, see:
https://github.com/tpm2-software/tpm2-tss/releases/tag/2.1.3
Drop 002-configure.ac-switch-default-ESAPI-crypto-backend-to-.patch as this
issue is now fixed upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
tss2-esys.pc contains a hardcoded -lgcrypt even though the openssl crypto
backend (as in Buildroot) may be used, leading to linker errors when using
esys.
Given that tpm2-tss doesn't allow static linking, there is no need to
explicitly list the crypto library dependency.
Cherry pick an upstream patch to fix this. Notice that the upstream patch
also changes the default crypto backend to openssl. As this isn't stricly
needed (we explicitly configure for openssl) and requires autoreconv, drop
the configure.ac hunk from the patch.
https://github.com/tpm2-software/tpm2-tss/pull/1173
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes a number of issues discovered post-2.1.1. For details, see:
https://github.com/tpm2-software/tpm2-tss/releases/tag/2.1.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since tpm2-tss version 2.0.0, tpm2 libraries have been renamed.
libsapi renamed to libtss2-sys
5f0ab55d4e
libtcti-device renamed to libtss2-tcti-device
libtcti-socket renamed to libtss2-tcti-mssim
b8584accbd
Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The configure script passes -U FORTIFY_SOURCE -D FORTIFY_SOURCE=2 by
default, which conflicts with BR2_FORTIFY_SOURCE_1 as -Werror is used:
<cross>-gcc .. -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 .. -D_FORTIFY_SOURCE=1
<command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]
Disable this so the FORTIFY_SOURCE flags in TARGET_CFLAGS (if any) is used
instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Stack protection is now controlled buildroot wide with the BR2_SSP_*
options, so disable the explicit -fstack-protector-all so the SSP logic in
the toolchain wrapper is used instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL and drop the patch to
compile with libressl.
The discussion with the tpm2-tss developers led to the conclusion that
libressl lacks some required functionalities. Quoting Andreas Fuchs[1]:
"LibreSSL does not support OAEP-mode with labels at all, even though the
internal OAEP-padding-function includes the parameters already. [...]
Further, the internal OAEP-padding-function does not support variable
hash algs, but staticly uses SHA1."
Notice that there will NOT be an option to use libgcrypt. OpenSSL will
soon become the default ESAPI crypto backend to prevent the problem of
forcing applications to link against both libgcrypt and libssl[2].
1. https://github.com/tpm2-software/tpm2-tss/pull/1207#issuecomment-440217659
2. https://github.com/tpm2-software/tpm2-tss/issues/1169
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The code includes dlfcn.h even if --enable-static and --disable-shared
are passed to configure. There is an "#ifndef NO_DL ... #endif" wrapper
but NO_DL is never defined and adding "-DNO_DL" to CFLAGS causes other
compilation errors.
Fixes:
http://autobuild.buildroot.net/results/cfc3bfef5e93329bf944a57947086d9ddc4fece3
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop C++ requirement (tmp2-tss is pure C now).
- Add explicit dependency on openssl (gnutls can be used too but this
option will be added by a subsequent patch).
- Drop the patch on tcti_socket.cpp, which is not applicable.
- Add a patch already submitted upstream to support using libressl[1].
- Update LICENSE hash. The terms are is still BSD-2-Clause but the file
now contains a SPDX license identifier.
1. https://github.com/tpm2-software/tpm2-tss/pull/1207
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Version 1.4.0 still contains some C++ code. This has already changed on
upstream, so future versions will drop the dependency on a C++ compiler.
[Peter: fix indentation, add dependency to config option]
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Improved compliance to the last public review spec and some bug fixes.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Followingig a suggestion from Peter Korsgaard, remove the restriction to
x86 and x86_64. It is preferable to expose the package unless there is a
build time dependency on an architecture or the package is specific to a
certain SoC or board.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OSS implementation of the TCG TPM2 Software Stack (TSS2). This stack
consists of the following layers from top to bottom:
* System API (SAPI) as described in the system level API and TPM command
transmission interface specification. This API is a 1-to-1 mapping of
the TPM2 commands documented in Part 3 of the TPM2 specification.
Additionally there are asynchronous versions of each command. These
asynchronous variants may be useful for integration into event-driven
programming environments. Both the synchronous and asynchronous API
are exposed through a single library: libsapi.
* TPM Command Transmission Interface (TCTI) that is described in the
same specification. This API provides a standard interface to transmit
/ receive TPM command / response buffers. It is expected that any
number of libraries implementing the TCTI API will be implemented as a
way to abstract various platform specific IPC mechanisms. Currently
this repository provides two TCTI implementations: libtcti-device and
libtcti-socket. The prior should be used for direct access to the TPM
through the Linux kernel driver. The later implements the protocol
exposed by the Microsoft software TPM2 simulator.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>