Commit Graph

22 Commits

Author SHA1 Message Date
Yair Ben-Avraham
89f3d90e24 package/tpm2-tss: bump version to 3.0.1
- 0001-Temporary-fix-for-build-without-C.patch, AC_PROG_CXX line
  number changed.
- Makefile-fuzz-generated.am now in size zero.
- json-c, libcurl: new (FAPI) dependencies since tpm2-tss version 2.4.0

Signed-off-by: Yair Ben-Avraham <yairba@protonmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-10-15 14:17:10 +02:00
Peter Korsgaard
950e81fd17 package/tpm2-tss: bump to version 2.3.3
Bugfix release, fixing a number of issues:

- Fixed mixing salted and unsalted sessions in the same ESAPI context
- Removed use of VLAs from TPML marshal code
- Added check for object node before calling compute_session_value function
- Fixed auth calculation in Esys_StartAuthSession called with optional parameters
- Fixed compute_encrypted_salt error handling in Esys_StartAuthSession
- Fixed exported symbols map for libtss2-mu

The 2.3.3 tarball accidently contains a Makefile-fuzz-generated.am with
content from a fuzz testing run (rather than an empty file as in earlier
releases), confusing autoreconf together with our
0001-configure-Only-use-CXX-when-fuzzing.patch.

Work around that by adding a post-patch hook to truncate the file.  The
issue has been reported upstream and the release logic has been changed to
ensure this does not happen again for future releases:

d163041e3b

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-23 09:38:06 +01:00
Carlos Santos
e103e47b8a package/tpm2-tss: fix build without C++
C++ is required only for the fuzzing tests but AC_PROG_CXX is included
by configure.ac even when fuzzing is not enabled (which we don't do on
Buildroot).

The patch applied upstream had issues and was reverted[1]. Use a local
patch to solve the problem temporaryly.

Fixes:
    http://autobuild.buildroot.net/results/13f5e37b47b255da4158bec34e5459136f7e60d4
    http://autobuild.buildroot.net/results/1c26db2509c79e00c0de1165945277eaa57b149f
    http://autobuild.buildroot.net/results/b7b6b7b7aca79e847b442cbd2305427d91fe5d70
    http://autobuild.buildroot.net/results/1cd5a82a0e799aa5027e2e2c03b246332cc3a15d
    http://autobuild.buildroot.net/results/d7ec878907f714377c83e9a496e97cbf9382d787
    http://autobuild.buildroot.net/results/1c7f0c1b3ce4871cd87bd6059b1f0a6dc4e74a9c
    http://autobuild.buildroot.net/results/196b81d580325607c8da90beeb79e1f6b8ab8b47
    http://autobuild.buildroot.net/results/f90f7b4ac710b56686635f8ae27059c11b963e47

1. 60c26e4c4f

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-12-23 20:56:45 +01:00
Fabrice Fontaine
48dd190c33 package/tpm2-tss: bump to version 2.3.2
- Drop patch (already in version)
- Update hash of license file (SPDX ID has been removed with
  0dbc84ee45)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: use --disable-defaultflags and explicitly pass -std=c99]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-15 09:21:45 +01:00
Peter Korsgaard
097ce6b3a8 package/tpm2-tss: bump version to 2.1.3
Fixes a number of issues discovered post-2.1.2. For details, see:
https://github.com/tpm2-software/tpm2-tss/releases/tag/2.1.3

Drop 002-configure.ac-switch-default-ESAPI-crypto-backend-to-.patch as this
issue is now fixed upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-17 08:41:22 +02:00
Peter Korsgaard
55c4f7ca4b package/tpm2-tss: add upstream patch to drop hardcoded -lgcrypt from tss2-esys.pc
tss2-esys.pc contains a hardcoded -lgcrypt even though the openssl crypto
backend (as in Buildroot) may be used, leading to linker errors when using
esys.

Given that tpm2-tss doesn't allow static linking, there is no need to
explicitly list the crypto library dependency.

Cherry pick an upstream patch to fix this.  Notice that the upstream patch
also changes the default crypto backend to openssl.  As this isn't stricly
needed (we explicitly configure for openssl) and requires autoreconv, drop
the configure.ac hunk from the patch.

https://github.com/tpm2-software/tpm2-tss/pull/1173

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-08 22:42:55 +02:00
Peter Korsgaard
2c47079d38 package/tpm2-tss: bump version to 2.1.2
Fixes a number of issues discovered post-2.1.1. For details, see:
https://github.com/tpm2-software/tpm2-tss/releases/tag/2.1.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-03 22:09:16 +02:00
Romain Naour
fb9c137660 package/tpm2-tss: rename tpm2-tss libraries in the help text
Since tpm2-tss version 2.0.0, tpm2 libraries have been renamed.

libsapi renamed to libtss2-sys
5f0ab55d4e

libtcti-device renamed to libtss2-tcti-device
libtcti-socket renamed to libtss2-tcti-mssim
b8584accbd

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Cc: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-09 15:36:11 +01:00
Fabrice Fontaine
ab59727b38 package/tpm2-tss: fix build with gcc <= 4.8
Fixes:
 - http://autobuild.buildroot.org/results/8d7b6dad6602fe67338abc696bc4752dda8e9717

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-07 22:42:13 +01:00
Peter Korsgaard
61f2d154b3 package/tpm2-tss: bump version to 2.1.1
Fixes a number of issues since 2.1.0:
https://github.com/tpm2-software/tpm2-tss/releases/tag/2.1.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-05 16:15:14 +01:00
Peter Korsgaard
223c4fb704 tpm2-tss: fix build with BR2_FORTIFY_SOURCE_1
The configure script passes -U FORTIFY_SOURCE -D FORTIFY_SOURCE=2 by
default, which conflicts with BR2_FORTIFY_SOURCE_1 as -Werror is used:

<cross>-gcc ..  -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 .. -D_FORTIFY_SOURCE=1
<command-line>:0:0: error: "_FORTIFY_SOURCE" redefined [-Werror]

Disable this so the FORTIFY_SOURCE flags in TARGET_CFLAGS (if any) is used
instead.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-16 14:24:37 +01:00
Peter Korsgaard
d38bcb9de5 tpm2-tss: do not enforce -fstack-protector-all
Stack protection is now controlled buildroot wide with the BR2_SSP_*
options, so disable the explicit -fstack-protector-all so the SSP logic in
the toolchain wrapper is used instead.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-16 14:24:25 +01:00
Carlos Santos
b122623145 package/tpm2-tss: force libopenssl as openssl provider
Select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL and drop the patch to
compile with libressl.

The discussion with the tpm2-tss developers led to the conclusion that
libressl lacks some required functionalities. Quoting Andreas Fuchs[1]:
"LibreSSL does not support OAEP-mode with labels at all, even though the
internal OAEP-padding-function includes the parameters already. [...]
Further, the internal OAEP-padding-function does not support variable
hash algs, but staticly uses SHA1."

Notice that there will NOT be an option to use libgcrypt. OpenSSL will
soon become the default ESAPI crypto backend to prevent the problem of
forcing applications to link against both libgcrypt and libssl[2].

1. https://github.com/tpm2-software/tpm2-tss/pull/1207#issuecomment-440217659
2. https://github.com/tpm2-software/tpm2-tss/issues/1169

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-24 15:08:39 +01:00
Carlos Santos
945353895f tpm2-tss: depend on shared libraries
The code includes dlfcn.h even if --enable-static and --disable-shared
are passed to configure. There is an "#ifndef NO_DL ... #endif" wrapper
but NO_DL is never defined and adding "-DNO_DL" to CFLAGS causes other
compilation errors.

Fixes:
  http://autobuild.buildroot.net/results/cfc3bfef5e93329bf944a57947086d9ddc4fece3

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-20 23:20:02 +01:00
Carlos Santos
d81767c988 tpm2-tss: fix build without stack smashing protection (SSP)
Restore a configuration environment setup that was incorrectly removed
along with the upgrade to version 2.1.0.

Fixes:
  http://autobuild.buildroot.net/results/44221140fb8e2ddcb7d624e657b92a59375c02dd
  http://autobuild.buildroot.net/results/08b2a8a4bdd1c38703626a4fc37dab31dce98f49
  http://autobuild.buildroot.net/results/e469b47a6c8f1e8812325fd2860345105052316c
  http://autobuild.buildroot.net/results/f230fe6bbeb8b22d2b5b7cfb3f0ac4b3b936dc37
  http://autobuild.buildroot.net/results/ceb824033888086f6dde22c66d5b5f692a253c7e
  http://autobuild.buildroot.net/results/f863947a7384cb754706e6c346d222be59ad4136

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-19 21:50:46 +01:00
Carlos Santos
fcc9232b0c tpm2-tss: bump to version 2.1.0
- Drop C++ requirement (tmp2-tss is pure C now).
- Add explicit dependency on openssl (gnutls can be used too but this
  option will be added by a subsequent patch).
- Drop the patch on tcti_socket.cpp, which is not applicable.
- Add a patch already submitted upstream to support using libressl[1].
- Update LICENSE hash. The terms are is still BSD-2-Clause but the file
  now contains a SPDX license identifier.

1. https://github.com/tpm2-software/tpm2-tss/pull/1207

Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-16 20:18:01 +01:00
Carlos Santos
86ad2d9207 tpm2-tss: fix build with musl
Add a missing <sys/select.h> inclusion, needed for the definition of the
fd_set type. This patch can't be sent upstream because the changed file
does not exist anymore on the master branch.

Fixes:
  http://autobuild.buildroot.net/results/09e8b3b85d7113d60e8967a2d41a6aea8f8197c0
  http://autobuild.buildroot.net/results/2e4c70f2f1239eb19235ae04a936a6492daf316d
  http://autobuild.buildroot.net/results/bbd68f52781da735e983b1260de5b804787374b1

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-24 11:37:51 +01:00
Carlos Santos
0f95f93b39 tpm2-tss: allow building without stack smashing protection (SSP)
Disable SSP if the toolchain does not support it. This must be done
explicitly because configure.ac passes -fstack-protector-all to the
compiler but doesn't contain a link test, so it doesn't detect when
libssp is missing.

Fixes:
  http://autobuild.buildroot.net/results/f98749311c5a4338f5fbd6d29c9ca29ac6c24abd
  http://autobuild.buildroot.net/results/4112a001038eb5e04c67c7b5c79280813d196911
  http://autobuild.buildroot.net/results/451fcf7e36ea8774967b84279abb89ffb0fd6923
  http://autobuild.buildroot.net/results/8e1181836249105be28f04a59cf6d31afcea91d7
  http://autobuild.buildroot.net/results/49151df111ad3d03c70551e4516c3d3b36e12d70
  http://autobuild.buildroot.net/results/42d625c579a8a16fb0c0a3df441ea186c3d52b9a
  http://autobuild.buildroot.net/results/b0af881e080c4fcc6094489c037ee853fdf42869
  http://autobuild.buildroot.net/results/0909d94af3f9589dd6b8897e2501c05b421262c4
  http://autobuild.buildroot.net/results/2fd0ee29c0b28cb1fee1b43433ab8373f49ca397
  http://autobuild.buildroot.net/results/3fa19441fd2594b064c8ff759df8849705100a65
  http://autobuild.buildroot.net/results/8675d2aa8f1e8e568a42bc0dbfae8f3721e86796
  http://autobuild.buildroot.net/results/786de50b53fa9a325c92a5d48f3928082eff0045
  http://autobuild.buildroot.net/results/a575b340f7cc562c1b87eb31d4304131b52698a7
  http://autobuild.buildroot.net/results/0b1d50d9e266d889d7e848275ebfbce45ccb419d
  http://autobuild.buildroot.net/results/d632b0e1efbb5e133dfb6595554badea9e31c492
  http://autobuild.buildroot.net/results/0c95459bfa82048d7e99661cf5f2d6d393179090
  http://autobuild.buildroot.net/results/bd494dc69fb0da46065f10a3cd8a4cab0bcbcc9b
  http://autobuild.buildroot.net/results/b397e44cd17b3d576cc55f02d5463e9c14743907
  http://autobuild.buildroot.net/results/40ed7a3b519c18102df515b5c4b993ed9a488236
  http://autobuild.buildroot.net/results/e5fc04c2ded86e03eb174a89845a50f52e407d48
  http://autobuild.buildroot.net/results/95a7c14da225d9e42545ee7a155f461303c62aa6
  http://autobuild.buildroot.net/results/25ebda7a13afa4790ad28018f42c46a795f3c284
  http://autobuild.buildroot.net/results/1bc081b78c625f13327c733fc734e36fe28ecc2a
  http://autobuild.buildroot.net/results/273108e2798155464109b9fb4d16884e7d0f9ab3
  http://autobuild.buildroot.net/results/f677d340cd42ea7242d4102fbb5fa6091a05e8ef
  http://autobuild.buildroot.net/results/ae15b625260801b494bbfa541ef86edcdbaedfe0

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-22 23:55:40 +01:00
Carlos Santos
319078d5de tpm2-tss: declare dependency on a toolchain with C++
Version 1.4.0 still contains some C++ code. This has already changed on
upstream, so future versions will drop the dependency on a C++ compiler.

[Peter: fix indentation, add dependency to config option]
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-22 23:50:42 +01:00
Carlos Santos
832e83f9f4 tmp2-tss: bump to version 1.4.0
Improved compliance to the last public review spec and some bug fixes.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 22:03:18 +01:00
Carlos Santos
03a82765b1 tmp2-tss: remove architecture restriction
Followingig a suggestion from Peter Korsgaard, remove the restriction to
x86 and x86_64. It is preferable to expose the package unless there is a
build time dependency on an architecture or the package is specific to a
certain SoC or board.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-18 21:58:24 +01:00
Carlos Santos
7b3bb51809 tpm2-tss: new package
OSS implementation of the TCG TPM2 Software Stack (TSS2). This stack
consists of the following layers from top to bottom:

* System API (SAPI) as described in the system level API and TPM command
  transmission interface specification. This API is a 1-to-1 mapping of
  the TPM2 commands documented in Part 3 of the TPM2 specification.
  Additionally there are asynchronous versions of each command. These
  asynchronous variants may be useful for integration into event-driven
  programming environments. Both the synchronous and asynchronous API
  are exposed through a single library: libsapi.

* TPM Command Transmission Interface (TCTI) that is described in the
  same specification. This API provides a standard interface to transmit
  / receive TPM command / response buffers. It is expected that any
  number of libraries implementing the TCTI API will be implemented as a
  way to abstract various platform specific IPC mechanisms. Currently
  this repository provides two TCTI implementations: libtcti-device and
  libtcti-socket. The prior should be used for direct access to the TPM
  through the Linux kernel driver. The later implements the protocol
  exposed by the Microsoft software TPM2 simulator.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-08 09:58:02 +01:00