[meta-security][PATCH 00/10] move tpm into its own layer

[meta-security][PATCH 00/10] move tpm into its own layer

[Armin Kuster]

tpm recipes copied as-is

This was done to allow inclusion of TPM components independent of the rest of the layer.
minimizes layerdepends

fixed incorrect use of DISTRO_FEATURES

Updated tpm kernel configs to newer version

added a few new packagegroups

Armin Kuster (10):
  tpm: move to a sub layer
  change tpm from distro to machine feature
  meta-tpm: add base package group as was in meta-security
  packagegroup: remove tpm components
  tpm packagegroups: split into logical units
  tpm-i2c: some systems us i2c TPM
  kernel tpm rework
  tpm-image: used for testing for now.
  linux-stable: fix module selections
  tpm2: package groups fixes

 meta-tpm/README                                    |  0
 meta-tpm/conf/layer.conf                           | 13 ++++++++++
 meta-tpm/recipes-core/images/security-tpm-image.bb | 19 ++++++++++++++
 .../packagegroup/packagegroup-security-tpm-i2c.bb  | 19 ++++++++++++++
 .../packagegroup/packagegroup-security-tpm.bb      | 29 ++++++++++++++++++++++
 .../packagegroup/packagegroup-security-tpm2.bb     | 18 ++++++++++++++
 .../packagegroup/packagegroup-security-vtpm.bb     | 14 +++++++++++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg  |  8 ++++++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc  |  3 +++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg |  6 +++++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc |  3 +++
 .../recipes-kernel/linux/linux-yocto/tpm_i2c.cfg   | 15 +++++++++++
 .../recipes-kernel/linux/linux-yocto/tpm_i2c.scc   |  6 +++++
 .../recipes-kernel/linux/linux-yocto/tpm_x86.cfg   |  4 +++
 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg |  5 ++++
 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc |  4 +++
 .../recipes-kernel/linux/linux-yocto_4.%.bbappend  | 17 +++++++++++++
 .../Convert-another-vdprintf-to-dprintf.patch      |  0
 .../files/Use-format-s-for-call-to-dprintf.patch   |  0
 .../libtpm/files/fix_signed_issue.patch            |  0
 .../recipes-tpm}/libtpm/libtpm_1.0.bb              |  0
 .../recipes-tpm}/swtpm/files/fix_fcntl_h.patch     |  0
 .../swtpm/files/fix_lib_search_path.patch          |  0
 .../swtpm/files/fix_signed_issue.patch             |  0
 .../recipes-tpm}/swtpm/files/ioctl_h.patch         |  0
 .../recipes-tpm}/swtpm/swtpm-wrappers-native.bb    |  0
 .../recipes-tpm}/swtpm/swtpm_1.0.bb                |  0
 .../tpm-tools/files/tpm-tools-extendpcr.patch      |  0
 .../recipes-tpm}/tpm-tools/tpm-tools_git.bb        |  0
 .../recipes-tpm}/tpm2.0-tools/tpm2.0-tools_git.bb  |  0
 .../tpm2.0-tss/tpm2.0-tss/ax_pthread.m4            |  0
 .../tpm2.0-tss/fix_musl_select_include.patch       |  0
 .../recipes-tpm}/tpm2.0-tss/tpm2.0-tss_git.bb      |  0
 .../tpm2simulator/tpm2simulator-native_116.bb      |  0
 ...path-use-POSIX-getpwent-instead-of-getpwe.patch |  0
 .../recipes-tpm}/trousers/files/tcsd.service       |  0
 .../trousers/files/trousers-udev.rules             |  0
 .../recipes-tpm}/trousers/files/trousers.init.sh   |  0
 .../recipes-tpm}/trousers/trousers_git.bb          |  0
 recipes-kernel/linux/linux-yocto_4.10.bbappend     |  3 ---
 .../packagegroup/packagegroup-core-security.bb     | 18 ++------------
 41 files changed, 185 insertions(+), 19 deletions(-)
 create mode 100644 meta-tpm/README
 create mode 100644 meta-tpm/conf/layer.conf
 create mode 100644 meta-tpm/recipes-core/images/security-tpm-image.bb
 create mode 100644 meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb
 create mode 100644 meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
 create mode 100644 meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
 create mode 100644 meta-tpm/recipes-core/packagegroup/packagegroup-security-vtpm.bb
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
 rename {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/files/Convert-another-vdprintf-to-dprintf.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/files/Use-format-s-for-call-to-dprintf.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/files/fix_signed_issue.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/libtpm_1.0.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/files/fix_fcntl_h.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/files/fix_lib_search_path.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/files/fix_signed_issue.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/files/ioctl_h.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/swtpm-wrappers-native.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/swtpm_1.0.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm-tools/files/tpm-tools-extendpcr.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm-tools/tpm-tools_git.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2.0-tools/tpm2.0-tools_git.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4 (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2.0-tss/tpm2.0-tss_git.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2simulator/tpm2simulator-native_116.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/files/tcsd.service (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/files/trousers-udev.rules (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/files/trousers.init.sh (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/trousers_git.bb (100%)

-- 
2.7.4

[meta-security][PATCH 01/10] tpm: move to a sub layer

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/README                                             |  0
 meta-tpm/conf/layer.conf                                    | 13 +++++++++++++
 meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend     |  5 +++++
 .../libtpm/files/Convert-another-vdprintf-to-dprintf.patch  |  0
 .../libtpm/files/Use-format-s-for-call-to-dprintf.patch     |  0
 .../recipes-tpm}/libtpm/files/fix_signed_issue.patch        |  0
 {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/libtpm_1.0.bb  |  0
 .../recipes-tpm}/swtpm/files/fix_fcntl_h.patch              |  0
 .../recipes-tpm}/swtpm/files/fix_lib_search_path.patch      |  0
 .../recipes-tpm}/swtpm/files/fix_signed_issue.patch         |  0
 .../recipes-tpm}/swtpm/files/ioctl_h.patch                  |  0
 .../recipes-tpm}/swtpm/swtpm-wrappers-native.bb             |  0
 {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/swtpm_1.0.bb    |  0
 .../recipes-tpm}/tpm-tools/files/tpm-tools-extendpcr.patch  |  0
 .../recipes-tpm}/tpm-tools/tpm-tools_git.bb                 |  0
 .../recipes-tpm}/tpm2.0-tools/tpm2.0-tools_git.bb           |  0
 .../recipes-tpm}/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4        |  0
 .../tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch     |  0
 .../recipes-tpm}/tpm2.0-tss/tpm2.0-tss_git.bb               |  0
 .../recipes-tpm}/tpm2simulator/tpm2simulator-native_116.bb  |  0
 ...-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch |  0
 .../recipes-tpm}/trousers/files/tcsd.service                |  0
 .../recipes-tpm}/trousers/files/trousers-udev.rules         |  0
 .../recipes-tpm}/trousers/files/trousers.init.sh            |  0
 .../recipes-tpm}/trousers/trousers_git.bb                   |  0
 recipes-kernel/linux/linux-yocto_4.10.bbappend              |  3 ---
 26 files changed, 18 insertions(+), 3 deletions(-)
 create mode 100644 meta-tpm/README
 create mode 100644 meta-tpm/conf/layer.conf
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend
 rename {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/files/Convert-another-vdprintf-to-dprintf.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/files/Use-format-s-for-call-to-dprintf.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/files/fix_signed_issue.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/libtpm_1.0.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/files/fix_fcntl_h.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/files/fix_lib_search_path.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/files/fix_signed_issue.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/files/ioctl_h.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/swtpm-wrappers-native.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/swtpm_1.0.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm-tools/files/tpm-tools-extendpcr.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm-tools/tpm-tools_git.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2.0-tools/tpm2.0-tools_git.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4 (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2.0-tss/tpm2.0-tss_git.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2simulator/tpm2simulator-native_116.bb (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/files/tcsd.service (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/files/trousers-udev.rules (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/files/trousers.init.sh (100%)
 rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/trousers_git.bb (100%)

diff --git a/meta-tpm/README b/meta-tpm/README
new file mode 100644
index 0000000..e69de29
diff --git a/meta-tpm/conf/layer.conf b/meta-tpm/conf/layer.conf
new file mode 100644
index 0000000..5085db5
--- /dev/null
+++ b/meta-tpm/conf/layer.conf
@@ -0,0 +1,13 @@
+# We have a conf and classes directory, add to BBPATH
+BBPATH .= ":${LAYERDIR}"
+
+# We have a recipes directory, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes*/*/*.bb ${LAYERDIR}/recipes*/*/*.bbappend ${LAYERDIR}/classes/*.bbclass"
+
+BBFILE_COLLECTIONS += "tpm-layer"
+BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/"
+BBFILE_PRIORITY_tpm-layer = "6"
+
+LAYERDEPENDS_tpm-layer = " \
+    core \
+"
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend b/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend
new file mode 100644
index 0000000..e6b3c65
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend
@@ -0,0 +1,5 @@
+#
+# TPM kernel support
+
+KERNEL_FEATURES_append += "${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' features/tpm/tpm.scc', '', d)}"
+
diff --git a/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch b/meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch
similarity index 100%
rename from recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch
rename to meta-tpm/recipes-tpm/libtpm/files/Convert-another-vdprintf-to-dprintf.patch
diff --git a/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch b/meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch
similarity index 100%
rename from recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch
rename to meta-tpm/recipes-tpm/libtpm/files/Use-format-s-for-call-to-dprintf.patch
diff --git a/recipes-tpm/libtpm/files/fix_signed_issue.patch b/meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch
similarity index 100%
rename from recipes-tpm/libtpm/files/fix_signed_issue.patch
rename to meta-tpm/recipes-tpm/libtpm/files/fix_signed_issue.patch
diff --git a/recipes-tpm/libtpm/libtpm_1.0.bb b/meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
similarity index 100%
rename from recipes-tpm/libtpm/libtpm_1.0.bb
rename to meta-tpm/recipes-tpm/libtpm/libtpm_1.0.bb
diff --git a/recipes-tpm/swtpm/files/fix_fcntl_h.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch
similarity index 100%
rename from recipes-tpm/swtpm/files/fix_fcntl_h.patch
rename to meta-tpm/recipes-tpm/swtpm/files/fix_fcntl_h.patch
diff --git a/recipes-tpm/swtpm/files/fix_lib_search_path.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch
similarity index 100%
rename from recipes-tpm/swtpm/files/fix_lib_search_path.patch
rename to meta-tpm/recipes-tpm/swtpm/files/fix_lib_search_path.patch
diff --git a/recipes-tpm/swtpm/files/fix_signed_issue.patch b/meta-tpm/recipes-tpm/swtpm/files/fix_signed_issue.patch
similarity index 100%
rename from recipes-tpm/swtpm/files/fix_signed_issue.patch
rename to meta-tpm/recipes-tpm/swtpm/files/fix_signed_issue.patch
diff --git a/recipes-tpm/swtpm/files/ioctl_h.patch b/meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch
similarity index 100%
rename from recipes-tpm/swtpm/files/ioctl_h.patch
rename to meta-tpm/recipes-tpm/swtpm/files/ioctl_h.patch
diff --git a/recipes-tpm/swtpm/swtpm-wrappers-native.bb b/meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
similarity index 100%
rename from recipes-tpm/swtpm/swtpm-wrappers-native.bb
rename to meta-tpm/recipes-tpm/swtpm/swtpm-wrappers-native.bb
diff --git a/recipes-tpm/swtpm/swtpm_1.0.bb b/meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
similarity index 100%
rename from recipes-tpm/swtpm/swtpm_1.0.bb
rename to meta-tpm/recipes-tpm/swtpm/swtpm_1.0.bb
diff --git a/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch b/meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
similarity index 100%
rename from recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
rename to meta-tpm/recipes-tpm/tpm-tools/files/tpm-tools-extendpcr.patch
diff --git a/recipes-tpm/tpm-tools/tpm-tools_git.bb b/meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb
similarity index 100%
rename from recipes-tpm/tpm-tools/tpm-tools_git.bb
rename to meta-tpm/recipes-tpm/tpm-tools/tpm-tools_git.bb
diff --git a/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb b/meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
similarity index 100%
rename from recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
rename to meta-tpm/recipes-tpm/tpm2.0-tools/tpm2.0-tools_git.bb
diff --git a/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4 b/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4
similarity index 100%
rename from recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4
rename to meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4
diff --git a/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch b/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch
similarity index 100%
rename from recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch
rename to meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch
diff --git a/recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb b/meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb
similarity index 100%
rename from recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb
rename to meta-tpm/recipes-tpm/tpm2.0-tss/tpm2.0-tss_git.bb
diff --git a/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb b/meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
similarity index 100%
rename from recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
rename to meta-tpm/recipes-tpm/tpm2simulator/tpm2simulator-native_116.bb
diff --git a/recipes-tpm/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch b/meta-tpm/recipes-tpm/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch
similarity index 100%
rename from recipes-tpm/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch
rename to meta-tpm/recipes-tpm/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch
diff --git a/recipes-tpm/trousers/files/tcsd.service b/meta-tpm/recipes-tpm/trousers/files/tcsd.service
similarity index 100%
rename from recipes-tpm/trousers/files/tcsd.service
rename to meta-tpm/recipes-tpm/trousers/files/tcsd.service
diff --git a/recipes-tpm/trousers/files/trousers-udev.rules b/meta-tpm/recipes-tpm/trousers/files/trousers-udev.rules
similarity index 100%
rename from recipes-tpm/trousers/files/trousers-udev.rules
rename to meta-tpm/recipes-tpm/trousers/files/trousers-udev.rules
diff --git a/recipes-tpm/trousers/files/trousers.init.sh b/meta-tpm/recipes-tpm/trousers/files/trousers.init.sh
similarity index 100%
rename from recipes-tpm/trousers/files/trousers.init.sh
rename to meta-tpm/recipes-tpm/trousers/files/trousers.init.sh
diff --git a/recipes-tpm/trousers/trousers_git.bb b/meta-tpm/recipes-tpm/trousers/trousers_git.bb
similarity index 100%
rename from recipes-tpm/trousers/trousers_git.bb
rename to meta-tpm/recipes-tpm/trousers/trousers_git.bb
diff --git a/recipes-kernel/linux/linux-yocto_4.10.bbappend b/recipes-kernel/linux/linux-yocto_4.10.bbappend
index 35a32b6..0e610d4 100644
--- a/recipes-kernel/linux/linux-yocto_4.10.bbappend
+++ b/recipes-kernel/linux/linux-yocto_4.10.bbappend
@@ -1,8 +1,5 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}-4.10:"
 
-# TPM kernel support
-KERNEL_FEATURES_append += "${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' features/tpm/tpm.scc', '', d)}"
-
 SRC_URI += "\
         ${@bb.utils.contains('DISTRO_FEATURES', 'apparmor', ' file://apparmor.cfg', '', d)} \
 "
-- 
2.7.4

[meta-security][PATCH 02/10] change tpm from distro to machine feature

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend     | 2 +-
 recipes-security/packagegroup/packagegroup-core-security.bb | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend b/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend
index e6b3c65..208d23f 100644
--- a/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend
@@ -1,5 +1,5 @@
 #
 # TPM kernel support
 
-KERNEL_FEATURES_append += "${@bb.utils.contains('DISTRO_FEATURES', 'tpm', ' features/tpm/tpm.scc', '', d)}"
+KERNEL_FEATURES_append += "${@bb.utils.contains('MACHINE_FEATURES', 'tpm', ' features/tpm/tpm.scc', '', d)}"
 
diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb b/recipes-security/packagegroup/packagegroup-core-security.bb
index ae856c7..2180908 100644
--- a/recipes-security/packagegroup/packagegroup-core-security.bb
+++ b/recipes-security/packagegroup/packagegroup-core-security.bb
@@ -11,7 +11,7 @@ PACKAGES = "\
     packagegroup-security-scanners \
     packagegroup-security-ids  \
     packagegroup-security-mac  \
-    ${@bb.utils.contains("DISTRO_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \
+    ${@bb.utils.contains("MACHINE_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \
     "
 
 RDEPENDS_packagegroup-core-security = "\
@@ -19,7 +19,7 @@ RDEPENDS_packagegroup-core-security = "\
     packagegroup-security-scanners \
     packagegroup-security-ids  \
     packagegroup-security-mac  \
-    ${@bb.utils.contains("DISTRO_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \
+    ${@bb.utils.contains("MACHINE_FEATURES", "tpm", "packagegroup-security-tpm", "",d)} \
     "
 
 SUMMARY_packagegroup-security-utils = "Security utilities"
-- 
2.7.4

[meta-security][PATCH 03/10] meta-tpm: add base package group as was in meta-security

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../packagegroup/packagegroup-security-tpm.bb      | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb

diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
new file mode 100644
index 0000000..f176627
--- /dev/null
+++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
@@ -0,0 +1,23 @@
+DESCRIPTION = "Security packagegroup for Poky"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+inherit packagegroup
+
+PACKAGES = "packagegroup-security-tpm"
+
+SUMMARY_packagegroup-security-tpm = "Security TPM support"
+RDEPENDS_packagegroup-security-tpm = " \
+    tpm-tools \
+    trousers \
+    tpm2.0-tools \
+    libtss2 \
+    resourcemgr \
+    libtctidevice \
+    libtctisocket \
+    resourcemgr \
+    libtpm \
+    swtpm \
+    "
+
-- 
2.7.4

[meta-security][PATCH 04/10] packagegroup: remove tpm components

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../packagegroup/packagegroup-core-security.bb             | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/recipes-security/packagegroup/packagegroup-core-security.bb b/recipes-security/packagegroup/packagegroup-core-security.bb
index 2180908..681874c 100644
--- a/recipes-security/packagegroup/packagegroup-core-security.bb
+++ b/recipes-security/packagegroup/packagegroup-core-security.bb
@@ -57,17 +57,3 @@ SUMMARY_packagegroup-security-mac = "Security Mandatory Access Control systems"
 RDEPENDS_packagegroup-security-mac = " \
     ${@bb.utils.contains("DISTRO_FEATURES", "tomoyo", "ccs-tools", "",d)} \
     "
-
-SUMMARY_packagegroup-security-tpm = "Security TPM support"
-RDEPENDS_packagegroup-security-tpm = " \
-    tpm-tools \
-    trousers \
-    tpm2.0-tools \
-    libtss2 \
-    resourcemgr \
-    libtctidevice \
-    libtctisocket \
-    resourcemgr \
-    libtpm \
-    swtpm \
-    "
-- 
2.7.4

[meta-security][PATCH 05/10] tpm packagegroups: split into logical units

[Armin Kuster]

this should help mitgate the need to pull in too many layers
if swtpm in not wanted

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../packagegroup/packagegroup-security-tpm.bb          |  9 ---------
 .../packagegroup/packagegroup-security-tpm2.bb         | 18 ++++++++++++++++++
 .../packagegroup/packagegroup-security-vtpm.bb         | 14 ++++++++++++++
 3 files changed, 32 insertions(+), 9 deletions(-)
 create mode 100644 meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
 create mode 100644 meta-tpm/recipes-core/packagegroup/packagegroup-security-vtpm.bb

diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
index f176627..2412348 100644
--- a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
+++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
@@ -11,13 +11,4 @@ SUMMARY_packagegroup-security-tpm = "Security TPM support"
 RDEPENDS_packagegroup-security-tpm = " \
     tpm-tools \
     trousers \
-    tpm2.0-tools \
-    libtss2 \
-    resourcemgr \
-    libtctidevice \
-    libtctisocket \
-    resourcemgr \
-    libtpm \
-    swtpm \
     "
-
diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
new file mode 100644
index 0000000..1c96cbe
--- /dev/null
+++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
@@ -0,0 +1,18 @@
+DESCRIPTION = "Security packagegroup for Poky"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+inherit packagegroup
+
+PACKAGES = "packagegroup-security-tpm2"
+
+SUMMARY_packagegroup-security-tpm2 = "Security TPM 2.0 support"
+RDEPENDS_packagegroup-security-tpm2 = " \
+    tpm2.0-tools \
+    libtss2 \
+    libtctidevice \
+    libtctisocket \
+    resourcemgr \
+    kernel-module-tpm-crb \
+    "
diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-vtpm.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-vtpm.bb
new file mode 100644
index 0000000..f7eee7c
--- /dev/null
+++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-vtpm.bb
@@ -0,0 +1,14 @@
+DESCRIPTION = "Security packagegroup for Poky"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+inherit packagegroup
+
+PACKAGES = "packagegroup-security-vtpm"
+
+SUMMARY_packagegroup-security-vtpm = "Security Software vTPM support"
+RDEPENDS_packagegroup-security-vtpm = " \
+    libtpm \
+    swtpm \
+    "		
-- 
2.7.4

[meta-security][PATCH 06/10] tpm-i2c: some systems us i2c TPM

[Armin Kuster]

add modules and i2c support

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../packagegroup/packagegroup-security-tpm-i2c.bb       | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb

diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb
new file mode 100644
index 0000000..d4c3bb7
--- /dev/null
+++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb
@@ -0,0 +1,17 @@
+DESCRIPTION = "Security packagegroup for TPM i2c support"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
+                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+inherit packagegroup
+
+PACKAGES = "packagegroup-security-tpm-i2c"
+
+SUMMARY_packagegroup-security-tpm-i2c = "Security TPM i2c support"
+RDEPENDS_packagegroup-security-tpm-i2c = " \
+    kernel-module-tpm-i2c-atmel \
+    kernel-module-tpm-i2c-infineon \
+    kernel-module-tpm-i2c-nuvoton \
+    kernel-module-tpm-st33zp24 \
+    kernel-module-tpm-st33zp24-i2c \
+    "
-- 
2.7.4

[meta-security][PATCH 07/10] kernel tpm rework

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg       |  5 +++++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc       |  3 +++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg   | 15 +++++++++++++++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc   |  6 ++++++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg   |  4 ++++
 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg      |  5 +++++
 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc      |  4 ++++
 meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend  | 11 +++++++++++
 meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend |  5 -----
 9 files changed, 53 insertions(+), 5 deletions(-)
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
 delete mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend

diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
new file mode 100644
index 0000000..e34b24e
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
@@ -0,0 +1,5 @@
+CONFIG_HW_RANDOM_TPM=y
+CONFIG_TCG_TPM=y
+CONFIG_TCG_TIS_CORE=y
+CONFIG_TCG_TIS=y
+CONFIG_SECURITYFS=y
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc
new file mode 100644
index 0000000..2949ed4
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc
@@ -0,0 +1,3 @@
+define KFEATURE_DESCRIPTION "Enable TPM"
+
+kconf hardware tpm.cfg
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg
new file mode 100644
index 0000000..59993f9
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg
@@ -0,0 +1,15 @@
+CONFIG_HW_RANDOM_TPM=y
+CONFIG_TCG_TPM=y
+CONFIG_TCG_TIS_CORE=y
+CONFIG_TCG_TIS=y
+CONFIG_SECURITYFS=y
+
+CONFIG_REGMAP_I2C=y
+CONFIG_I2C_BOARDINFO=y
+CONFIG_I2C_COMPAT=y
+CONFIG_RTC_I2C_AND_SPI=y
+
+CONFIG_TCG_TIS_I2C_ATMEL=m
+CONFIG_TCG_TIS_I2C_INFINEON=m
+CONFIG_TCG_TIS_I2C_NUVOTON=m
+CONFIG_TCG_TIS_ST33ZP24_I2C=m
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc
new file mode 100644
index 0000000..0e4eedb
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc
@@ -0,0 +1,6 @@
+define KFEATURE_DESCRIPTION "Enable TPM i2c"
+
+include features/i2c/i2c.scc
+
+kconf hardware tpm_i2c.cfg
+
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg
new file mode 100644
index 0000000..8be331a
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg
@@ -0,0 +1,4 @@
+CONFIG_TCG_NSC=m
+CONFIG_TCG_ATMEL=m
+CONFIG_TCG_INFINEON=m
+CONFIG_TCG_TIS_ST33ZP24=m
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg
new file mode 100644
index 0000000..a8b3758
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg
@@ -0,0 +1,5 @@
+CONFIG_HW_RANDOM_TPM=y
+CONFIG_TCG_TPM=y
+CONFIG_TCG_VTPM_PROXY=y
+CONFIG_SECURITYFS=y
+~                    
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc b/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc
new file mode 100644
index 0000000..e842da6
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc
@@ -0,0 +1,4 @@
+define KFEATURE_DESCRIPTION "Enable vTPM"
+
+kconf hardware vtpm.cfg
+
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend b/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
new file mode 100644
index 0000000..0eebf00
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
@@ -0,0 +1,11 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
+
+# Enable tpm in kernel 
+SRC_URI_append_x86 = " \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \
+    "
+
+SRC_URI += " \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'tpm_i2c', 'file://tpm_i2c.scc', '', d)} \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'vtpm', 'file://vtpm.scc', '', d)} \
+    "
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend b/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend
deleted file mode 100644
index 208d23f..0000000
--- a/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# TPM kernel support
-
-KERNEL_FEATURES_append += "${@bb.utils.contains('MACHINE_FEATURES', 'tpm', ' features/tpm/tpm.scc', '', d)}"
-
-- 
2.7.4

[meta-security][PATCH 08/10] tpm-image: used for testing for now.

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/recipes-core/images/security-tpm-image.bb | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 meta-tpm/recipes-core/images/security-tpm-image.bb

diff --git a/meta-tpm/recipes-core/images/security-tpm-image.bb b/meta-tpm/recipes-core/images/security-tpm-image.bb
new file mode 100644
index 0000000..a337076
--- /dev/null
+++ b/meta-tpm/recipes-core/images/security-tpm-image.bb
@@ -0,0 +1,19 @@
+DESCRIPTION = "A small image for building meta-security packages"
+
+IMAGE_FEATURES += "ssh-server-openssh"
+
+IMAGE_INSTALL = "\
+    packagegroup-base \
+    packagegroup-core-boot \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'tpm',  'packagegroup-security-tpm',  '', d)} \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'packagegroup-security-tpm2', '', d)} \
+    os-release \
+    ${CORE_IMAGE_EXTRA_INSTALL}"
+
+IMAGE_LINGUAS ?= " "
+
+LICENSE = "MIT"
+
+inherit core-image
+
+export IMAGE_BASENAME = "security-tpm-image"
-- 
2.7.4

[meta-security][PATCH 09/10] linux-stable: fix module selections

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg      | 3 +++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg     | 6 ++++++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc     | 3 +++
 meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend | 6 ++++++
 4 files changed, 18 insertions(+)
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc

diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
index e34b24e..8782823 100644
--- a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
@@ -3,3 +3,6 @@ CONFIG_TCG_TPM=y
 CONFIG_TCG_TIS_CORE=y
 CONFIG_TCG_TIS=y
 CONFIG_SECURITYFS=y
+CONFIG_TCG_NSC=m
+CONFIG_TCG_ATMEL=m
+CONFIG_TCG_INFINEON=m
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg
new file mode 100644
index 0000000..a81b54d
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg
@@ -0,0 +1,6 @@
+CONFIG_HW_RANDOM_TPM=y
+CONFIG_TCG_TPM=y
+CONFIG_TCG_TIS_CORE=y
+CONFIG_TCG_TIS=y
+CONFIG_TCG_CRB=y
+CONFIG_SECURITYFS=y
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc
new file mode 100644
index 0000000..088148f
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc
@@ -0,0 +1,3 @@
+define KFEATURE_DESCRIPTION "Enable TPM 2.0"
+
+kconf hardware tpm2.cfg
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend b/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
index 0eebf00..cea8b1b 100644
--- a/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
@@ -3,6 +3,12 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
 # Enable tpm in kernel 
 SRC_URI_append_x86 = " \
     ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm2.scc', '', d)} \
+    "
+
+SRC_URI_append_x86-64 = " \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'file://tpm2.scc', '', d)} \
     "
 
 SRC_URI += " \
-- 
2.7.4

[meta-security][PATCH 10/10] tpm2: package groups fixes

[Armin Kuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../packagegroup/packagegroup-security-tpm-i2c.bb         |  2 ++
 .../packagegroup/packagegroup-security-tpm.bb             | 15 +++++++++++++++
 .../packagegroup/packagegroup-security-tpm2.bb            |  2 +-
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb
index d4c3bb7..d3d9ebc 100644
--- a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb
+++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb
@@ -9,6 +9,8 @@ PACKAGES = "packagegroup-security-tpm-i2c"
 
 SUMMARY_packagegroup-security-tpm-i2c = "Security TPM i2c support"
 RDEPENDS_packagegroup-security-tpm-i2c = " \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'packagegroup-security-tpm', '', d)} \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'tpm2', 'packagegroup-security-tpm2, '', d)} \
     kernel-module-tpm-i2c-atmel \
     kernel-module-tpm-i2c-infineon \
     kernel-module-tpm-i2c-nuvoton \
diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
index 2412348..2db8521 100644
--- a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
+++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
@@ -11,4 +11,19 @@ SUMMARY_packagegroup-security-tpm = "Security TPM support"
 RDEPENDS_packagegroup-security-tpm = " \
     tpm-tools \
     trousers \
+    ${X86_TPM_MODULES} \
+    "
+
+X86_TPM_MODULES ?= ""
+
+X86_TPM_MODULES_x86 = " \
+    kernel-module-tpm-atmel \
+    kernel-module-tpm-infineon \
+    kernel-module-tpm-nsc \
+    "
+
+X86_TPM_MODULES_x86-64 = " \
+    kernel-module-tpm-atmel \
+    kernel-module-tpm-infineon \
+    kernel-module-tpm-nsc \
     "
diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
index 1c96cbe..57b0722 100644
--- a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
+++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
@@ -10,9 +10,9 @@ PACKAGES = "packagegroup-security-tpm2"
 SUMMARY_packagegroup-security-tpm2 = "Security TPM 2.0 support"
 RDEPENDS_packagegroup-security-tpm2 = " \
     tpm2.0-tools \
+    trousers \
     libtss2 \
     libtctidevice \
     libtctisocket \
     resourcemgr \
-    kernel-module-tpm-crb \
     "
-- 
2.7.4

Re: [meta-security][PATCH 00/10] move tpm into its own layer

[Dominig ar Foll (Intel Open Source)]

[-- Attachment #1: Type: text/html, Size: 7355 bytes --]

Re: [meta-security][PATCH 00/10] move tpm into its own layer

[akuster]

[-- Attachment #1: Type: text/plain, Size: 7359 bytes --]



On 05/10/2017 12:46 AM, Dominig ar Foll (Intel Open Source) wrote:
> Armin,
>
> very interesting move. Could you tell us where is located your git repo ?
http://git.yoctoproject.org/cgit/cgit.cgi/meta-security/

currently the changes are in master-next

- armin
> Regards
>
> Dominig
>
> Le 09/05/2017 à 16:46, Armin Kuster a écrit :
>> tpm recipes copied as-is
>>
>> This was done to allow inclusion of TPM components independent of the rest of the layer.
>> minimizes layerdepends
>>
>> fixed incorrect use of DISTRO_FEATURES
>>
>> Updated tpm kernel configs to newer version
>>
>> added a few new packagegroups
>>
>> Armin Kuster (10):
>>    tpm: move to a sub layer
>>    change tpm from distro to machine feature
>>    meta-tpm: add base package group as was in meta-security
>>    packagegroup: remove tpm components
>>    tpm packagegroups: split into logical units
>>    tpm-i2c: some systems us i2c TPM
>>    kernel tpm rework
>>    tpm-image: used for testing for now.
>>    linux-stable: fix module selections
>>    tpm2: package groups fixes
>>
>>   meta-tpm/README                                    |  0
>>   meta-tpm/conf/layer.conf                           | 13 ++++++++++
>>   meta-tpm/recipes-core/images/security-tpm-image.bb | 19 ++++++++++++++
>>   .../packagegroup/packagegroup-security-tpm-i2c.bb  | 19 ++++++++++++++
>>   .../packagegroup/packagegroup-security-tpm.bb      | 29 ++++++++++++++++++++++
>>   .../packagegroup/packagegroup-security-tpm2.bb     | 18 ++++++++++++++
>>   .../packagegroup/packagegroup-security-vtpm.bb     | 14 +++++++++++
>>   meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg  |  8 ++++++
>>   meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc  |  3 +++
>>   meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg |  6 +++++
>>   meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc |  3 +++
>>   .../recipes-kernel/linux/linux-yocto/tpm_i2c.cfg   | 15 +++++++++++
>>   .../recipes-kernel/linux/linux-yocto/tpm_i2c.scc   |  6 +++++
>>   .../recipes-kernel/linux/linux-yocto/tpm_x86.cfg   |  4 +++
>>   meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg |  5 ++++
>>   meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc |  4 +++
>>   .../recipes-kernel/linux/linux-yocto_4.%.bbappend  | 17 +++++++++++++
>>   .../Convert-another-vdprintf-to-dprintf.patch      |  0
>>   .../files/Use-format-s-for-call-to-dprintf.patch   |  0
>>   .../libtpm/files/fix_signed_issue.patch            |  0
>>   .../recipes-tpm}/libtpm/libtpm_1.0.bb              |  0
>>   .../recipes-tpm}/swtpm/files/fix_fcntl_h.patch     |  0
>>   .../swtpm/files/fix_lib_search_path.patch          |  0
>>   .../swtpm/files/fix_signed_issue.patch             |  0
>>   .../recipes-tpm}/swtpm/files/ioctl_h.patch         |  0
>>   .../recipes-tpm}/swtpm/swtpm-wrappers-native.bb    |  0
>>   .../recipes-tpm}/swtpm/swtpm_1.0.bb                |  0
>>   .../tpm-tools/files/tpm-tools-extendpcr.patch      |  0
>>   .../recipes-tpm}/tpm-tools/tpm-tools_git.bb        |  0
>>   .../recipes-tpm}/tpm2.0-tools/tpm2.0-tools_git.bb  |  0
>>   .../tpm2.0-tss/tpm2.0-tss/ax_pthread.m4            |  0
>>   .../tpm2.0-tss/fix_musl_select_include.patch       |  0
>>   .../recipes-tpm}/tpm2.0-tss/tpm2.0-tss_git.bb      |  0
>>   .../tpm2simulator/tpm2simulator-native_116.bb      |  0
>>   ...path-use-POSIX-getpwent-instead-of-getpwe.patch |  0
>>   .../recipes-tpm}/trousers/files/tcsd.service       |  0
>>   .../trousers/files/trousers-udev.rules             |  0
>>   .../recipes-tpm}/trousers/files/trousers.init.sh   |  0
>>   .../recipes-tpm}/trousers/trousers_git.bb          |  0
>>   recipes-kernel/linux/linux-yocto_4.10.bbappend     |  3 ---
>>   .../packagegroup/packagegroup-core-security.bb     | 18 ++------------
>>   41 files changed, 185 insertions(+), 19 deletions(-)
>>   create mode 100644 meta-tpm/README
>>   create mode 100644 meta-tpm/conf/layer.conf
>>   create mode 100644 meta-tpm/recipes-core/images/security-tpm-image.bb
>>   create mode 100644 meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm-i2c.bb
>>   create mode 100644 meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm.bb
>>   create mode 100644 meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
>>   create mode 100644 meta-tpm/recipes-core/packagegroup/packagegroup-security-vtpm.bb
>>   create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
>>   create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc
>>   create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.cfg
>>   create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm2.scc
>>   create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg
>>   create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc
>>   create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg
>>   create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg
>>   create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc
>>   create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/files/Convert-another-vdprintf-to-dprintf.patch (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/files/Use-format-s-for-call-to-dprintf.patch (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/files/fix_signed_issue.patch (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/libtpm/libtpm_1.0.bb (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/files/fix_fcntl_h.patch (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/files/fix_lib_search_path.patch (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/files/fix_signed_issue.patch (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/files/ioctl_h.patch (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/swtpm-wrappers-native.bb (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/swtpm/swtpm_1.0.bb (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm-tools/files/tpm-tools-extendpcr.patch (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm-tools/tpm-tools_git.bb (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2.0-tools/tpm2.0-tools_git.bb (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2.0-tss/tpm2.0-tss/ax_pthread.m4 (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2.0-tss/tpm2.0-tss/fix_musl_select_include.patch (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2.0-tss/tpm2.0-tss_git.bb (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/tpm2simulator/tpm2simulator-native_116.bb (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/files/get-user-ps-path-use-POSIX-getpwent-instead-of-getpwe.patch (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/files/tcsd.service (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/files/trousers-udev.rules (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/files/trousers.init.sh (100%)
>>   rename {recipes-tpm => meta-tpm/recipes-tpm}/trousers/trousers_git.bb (100%)
>>
>
> -- 
> Dominig ar Foll
> Senior Software Architect
> Intel Open Source Technology Centre
>
>


[-- Attachment #2: Type: text/html, Size: 8278 bytes --]