There exists only linux-yocto-tpm2.inc. BPN will resolve to
linux-yocto-rt and linux-yocto-dev which don't have a recipe specific
include files.
Fixes bitbake recipe parsing errors like:
ERROR: ParseError at
/home/builder/src/build/../meta-secure-core/meta-tpm2/recipes-kernel/linux/linux-yocto-rt_5.%.bbappend:1:
Could not include required file linux-yocto-rt-tpm2.inc
ERROR: Parsing halted due to errors, see error messages above
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Update SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Backport a patch to disable '-Werror' to fix build error until upstream
addresses openssl 3.0 compatibility issue.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
CVE-2021-3565:
A flaw was found in tpm2-tools in versions before 5.1.1 and before
4.3.2. tpm2_import used a fixed AES key for the inner wrapper,
potentially allowing a MITM attacker to unwrap the inner portion and
reveal the key being imported. The highest threat from this
vulnerability is to data confidentiality.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-3565
Patch from:
c069e4f179
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Remove the recipe because it is unmaintained and its dependency python2
is EOL. Users can use ibmswtpm2 in meta-security as a replacement.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Classes native/nativesdk must be inherited last to prevent unexpected
behaviour.
Fixes QA warning:
QA Issue: tpm2simulator-native: native/nativesdk class is not inherited
last, this can result in unexpected behaviour. Classes inherited after
native/nativesdk: cmake.bbclass lib_package.bbclass python-dir.bbclass
pythonnative.bbclass [native-last]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
The tpm2-abrmd daemon needs TCTI library for TPM2 device or simulator.
But the libtss2-tcti-device and libtss2-tcti-mssim packages are not
installed by default which causes the tpm2-abrmd daemon startup failure:
systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
tpm2-abrmd[459]: tcti_conf before: "device:/dev/tpm0"
tpm2-abrmd[459]: tcti_conf after: "device:/dev/tpm0"
tpm2-abrmd[459]: ERROR:tcti:../tpm2-tss-2.3.2/src/tss2-tcti/tctildr.c:418:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI
tpm2-abrmd[459]: init_thread_func: failed to create TCTI with conf "device:/dev/tpm0"
tpm2-abrmd[459]: g_bus_unown_name: assertion 'owner_id > 0' failed
Add libtss2-tcti-device and libtss2-tcti-mssim to runtime dependencies.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
fix do_package_qa error:
ERROR: QA Issue: tpm2-tss package is not obeying usrmerge distro feature. /lib should be relocated to /usr. [usrmerge]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Fixes:
ERROR: ParseError at
/buildarea/poky/meta-secure-core/meta-tpm2/recipes-devtools/python/python-beautifulsoup4_4.4.1.bb:19:
Could not inherit file classes/setuptools.bbclass
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
The python2 is removed from oe-core and there is no python symblic link
by default which will cause an error when running test scripts:
$ ./test_tpm2_activecredential.sh: line 66: python: command not found
So drop python2 support and only keep python3.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
After commit [5ef547b autoconf-archive: update to 2019.01.06]
applied in oe-core, there comes below error
when build tpm2-abrmd:
| NOTE: make -j 48
| Makefile:4381: *** missing separator. Stop.
So backport a patch from tpm2-abrmd upstream to fix
this failure.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
After commit [5ef547b autoconf-archive: update to 2019.01.06]
applied in oe-core, there comes below error
when build tpm2-tss:
| NOTE: make -j 48
| Makefile:14636: *** missing separator. Stop.
So backport a patch from tpm2-tss upstream to fix
this failure.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Since `9ec5a8a layer.conf: Drop sumo from LAYERSERIES_CORENAMES' and
`9867924 layer.conf: Add thud to LAYERSERIES_CORENAMES' applied in oe-core,
update LAYERSERIES_COMPAT `sumo' -> `thud'
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
The following commits are reverted by the way:
- seloader: Fix building for rocko (bc6bbe2)
- meta-integrity: rpm: Add back in required patches for rocko (5fa9c85)
Because they are only applicable to rocko.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
The --with-udevrulesdir configure option has been moved from tpm2-abrmd to
tpm2-tss in the code, therefore move its associated EXTRA_OECONF to suit.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Bitbake will try an ls-remote for any recipe whose SRCREV is AUTOREV,
even if that recipe will not ultimately be used for a particular build.
Therefore if the user specifies 'BB_NO_NETWORK = "1"', the _git versions of
the tpm2 recipes will cause the build to fail even if the _git versions are
not going to be built (which they won't be by default on account of their
DEFAULT_PREFERENCE being set to "-1").
This fix follows the same pattern as
721fcc89c5
With this fix, the user can disable networking and successfully build the
non-_git versions of the tpm2 recipes. If the user wants to build the _git
versions, networking must be enabled. The build is expected to fail if the
user asks for the _git versions, but disables networking.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
The latest git version has updated to use dl interface to load
the library of tpm2-abrmd, instead of linking it on compilation.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
