c72be5dd2f
riscv32 is (surprise!) a 32-bit architecture. But it has been Y2038-safe
from its inception. As such, there are no legacy binaries that may use
the 32-bit time syscalls, and thus they are not available on riscv32.
Code that directly calls to the syscalls without using the C libraries
wrappers thus need to handle this case by themselves. That's what
upstream tried to do with:
5b5e2985f3
We initially carried that patch with 2bb26c1a1d (package/libopenssl:
fix build on riscv32).
However, as Arnd Bergmann puts it [0]:
The patch looks wrong to me: __NR_io_pgetevents_time64 must be used
whenever time_t is 64-bit wide on a 32-bit architecture, while
__NR_io_getevents/__NR_io_pgetevents must be used when time_t is the
same width as 'long'.
Checking whether __NR_io_getevents is defined is wrong for all
architectures other than riscv
And Arnd agrees that patch should be reverted [1] [2] (there are further
comments in that stream, that are worth reading).
As such, we've reverted 2bb26c1a1d with 6cfb4ad7f7.
This means we have no working solution to enable openssl on riscv32 for
now. So, rather than fail the build, or backport a dysfunctional patch,
let's just forbid openssl on riscv32.
Drop the default from the choice selection; it was anyway superfluous:
the default of a choice, if left unspecified, is the first entry of the
choice. Also, having a default means we'd have to also propagate the
dependencies of the defaulted-to symbol, which is yet a little bit more
maintenance. Since the chances we get a third implementation of openssl
are pretty slim (very, very slim), reasoning about what is the default
is still very easy.
When propagating dependencies to tpm2-tss' users, we've tried to keep
the architecture dependency toward the top when possible, and otherwise
we've added it together with existing arch dependencies (MMU).
While at it, drop a useless redundant comment in ibm-sw-tpm2: if we
select FORCE_LIBOPENSSL, it is obvious that's because libressl is not
supported... Besides none of the other users of FORCE_LIBOPENSSL have
such a comment.
Fixes:
http://autobuild.buildroot.org/results/eb9/eb9a64d4ffae8569b5225083f282cf87ffa7c681/
...
http://autobuild.buildroot.org/results/07e/07e413b24ba8adc9558c80267ce16dda339bf032/
[0] 5b5e2985f3 (commitcomment-44782859)
[1] 5b5e2985f3 (commitcomment-47826509)
[2] 5b5e2985f3 (commitcomment-47830530)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Mark Corbin <mark@dibsco.co.uk>
26 lines
1.1 KiB
Plaintext
26 lines
1.1 KiB
Plaintext
config BR2_PACKAGE_TPM2_TOTP
|
|
bool "tpm2-totp"
|
|
depends on BR2_PACKAGE_LIBOPENSSL_ARCH_SUPPORTS # tpm2-tss
|
|
depends on !BR2_STATIC_LIBS # tpm2-tss
|
|
depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM # glibc < 2.20
|
|
select BR2_PACKAGE_LIBQRENCODE
|
|
select BR2_PACKAGE_TPM2_TSS
|
|
help
|
|
This is a reimplementation of Matthew Garrett's tpmtotp
|
|
software for TPM 2.0 using the tpm2-tss software stack. Its
|
|
purpose is to attest the trustworthiness of a device against
|
|
a human using time-based one-time passwords (TOTP),
|
|
facilitating the Trusted Platform Module (TPM) to bind the
|
|
TOTP secret to the known trustworthy system state. In
|
|
addition to the original tpmtotp, given the new capabilities
|
|
of in-TPM hmac calculation, the tpm2-totp's secret HMAC keys
|
|
do not have to be exported from the TPM to the CPU's RAM on
|
|
boot anymore.
|
|
|
|
https://github.com/tpm2-software/tpm2-totp
|
|
|
|
comment "tpm2-totp needs a toolchain w/ dynamic library"
|
|
depends on BR2_PACKAGE_LIBOPENSSL_ARCH_SUPPORTS
|
|
depends on BR2_STATIC_LIBS
|
|
depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM
|