tpm2_import used a fixed AES key for the inner wrapper, which means that
a MITM attack would be able to unwrap the imported key. Even the
use of an encrypted session will not prevent this. The TPM only
encrypts the first parameter which is the fixed symmetric key.
To fix this, ensure the key size is 16 bytes or bigger and use
OpenSSL to generate a secure random AES key.
Upstream commit (with offset adjusted)
c069e4f179
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This error occurs randomly.
/bin/bash: pod2man: command not found
[Yocto #14304]
minor space/tab cleanup
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Cc: Ben <koncept1@gmail.com>
Without this we get weird conflict when you include dev packages:
rror: Transaction check error:
file /usr/include/libcryptsetup.h conflicts between attempted installs of
cryptsetup-tpm-incubator-dev-0.9.9-r0.corei7_64 and
lib32-cryptsetup-dev-2.3.2-r0.1.i586
file /usr/lib64/libcryptsetup.so conflicts between attempted installs of
cryptsetup-tpm-incubator-dev-0.9.9-r0.corei7_64 and
cryptsetup-dev-2.3.2-r0.1.corei7_64
file /usr/lib64/pkgconfig/libcryptsetup.pc conflicts between attempted
installs of cryptsetup-tpm-incubator-dev-0.9.9-r0.corei7_64 and
cryptsetup-dev-2.3.2-r0.1.corei7_64
file /usr/lib/libcryptsetup.so conflicts between attempted installs of
lib32-cryptsetup-tpm-incubator-dev-0.9.9-r0.i586 and
lib32-cryptsetup-dev-2.3.2-r0.1.i586
file /usr/lib/pkgconfig/libcryptsetup.pc conflicts between attempted installs
of lib32-cryptsetup-tpm-incubator-dev-0.9.9-r0.i586 and
lib32-cryptsetup-dev-2.3.2-r0.1.i586
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
As linux-yocto upgraded to 5.x in oe-core, update
the bbappend to 5.x to remove the warning
ERROR: No recipes available for:
.../meta-security/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
This patch hasn't been verified any further than allowing bitbake
to complete with a non-linux-yocto kernel. In particular options could
be different, or new ones needed / desired.
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
/bin/bash: pod2man: command not found
| Makefile:585: recipe for target 'TPMLIB_CancelCommand.3' failed
inherit perlnative to fix
Signed-off-by: Armin Kuster <akuster808@gmail.com>
checking for whether to build with seccomp profile... configure: error: "Is libseccomp-devel installed? -- could not get cflags for libseccomp"
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The tpm2 tool freezes in a XEN distro. It stores the udev rules in
/lib/udev directory,
thus these changes append the FILES and EXTRA_OECONF to make tpm2 work
properly.
Signed-off-by: Norbert Kaminski <norbert.kaminski@3mdeb.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
ERROR: cryptsetup-tpm-incubator-0.9.9-r0 do_package_qa: QA Issue: /usr/lib/libcryptsetup.so.12.3.0 contained in package cryptsetup-tpm-incubator requires libdevmapper.so.1.02(DM_1_02_97)(64bit), but no providers found in RDEPENDS_cryptsetup-tpm-incubator? [file-rdeps]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Examples are usefull to actually check TPM2 from UEFI shell. Add them to
tpm2-tcti-uefi package.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
New autoconf-archive comes with updated AX_CODE_COVERAGE macro, which is
not compatible with current tpm2-tss source base. Apply upstream patch
to fix this incompatibility.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
