[Buildroot] [git commit] tpm2-tss: new package

[Buildroot] [git commit] tpm2-tss: new package

[Peter Korsgaard]

commit: https://git.buildroot.net/buildroot/commit/?id=7b3bb51809517ea045dedc8544db51fc0515d5b4
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

OSS implementation of the TCG TPM2 Software Stack (TSS2). This stack
consists of the following layers from top to bottom:

* System API (SAPI) as described in the system level API and TPM command
  transmission interface specification. This API is a 1-to-1 mapping of
  the TPM2 commands documented in Part 3 of the TPM2 specification.
  Additionally there are asynchronous versions of each command. These
  asynchronous variants may be useful for integration into event-driven
  programming environments. Both the synchronous and asynchronous API
  are exposed through a single library: libsapi.

* TPM Command Transmission Interface (TCTI) that is described in the
  same specification. This API provides a standard interface to transmit
  / receive TPM command / response buffers. It is expected that any
  number of libraries implementing the TCTI API will be implemented as a
  way to abstract various platform specific IPC mechanisms. Currently
  this repository provides two TCTI implementations: libtcti-device and
  libtcti-socket. The prior should be used for direct access to the TPM
  through the Linux kernel driver. The later implements the protocol
  exposed by the Microsoft software TPM2 simulator.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/Config.in              |  1 +
 package/tpm2-tss/Config.in     | 32 ++++++++++++++++++++++++++++++++
 package/tpm2-tss/tpm2-tss.hash |  3 +++
 package/tpm2-tss/tpm2-tss.mk   | 14 ++++++++++++++
 4 files changed, 50 insertions(+)

diff --git a/package/Config.in b/package/Config.in
index 6abbb43e38..f455e74735 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1063,6 +1063,7 @@ menu "Crypto"
 	source "package/openssl/Config.in"
 	source "package/rhash/Config.in"
 	source "package/tinydtls/Config.in"
+	source "package/tpm2-tss/Config.in"
 	source "package/trousers/Config.in"
 	source "package/ustream-ssl/Config.in"
 	source "package/wolfssl/Config.in"
diff --git a/package/tpm2-tss/Config.in b/package/tpm2-tss/Config.in
new file mode 100644
index 0000000000..1eb69d3e93
--- /dev/null
+++ b/package/tpm2-tss/Config.in
@@ -0,0 +1,32 @@
+config BR2_PACKAGE_TPM2_TSS
+	bool "tpm2-tss"
+	depends on BR2_i386 || BR2_x86_64
+	select BR2_PACKAGE_LIBURIPARSER
+	help
+	  OSS implementation of the Trusted Computing Group's (TCG) TPM2
+	  Software Stack (TSS). This stack consists of the following
+	  layers from top to bottom:
+
+	  * System API (SAPI) as described in the system level API and
+	    TPM command transmission interface specification. This API
+	    is a 1-to-1 mapping of the TPM2 commands documented in Part
+	    3 of the TPM2 specification. Additionally there are
+	    asynchronous versions of each command. These asynchronous
+	    variants may be useful for integration into event-driven
+	    programming environments. Both the synchronous and
+	    asynchronous API are exposed through a single library:
+	    libsapi.
+
+	  * TPM Command Transmission Interface (TCTI) that is described
+	    in the same specification. This API provides a standard
+	    interface to transmit / receive TPM command / response
+	    buffers. It is expected that any number of libraries
+	    implementing the TCTI API will be implemented as a way to
+	    abstract various platform specific IPC mechanisms. Currently
+	    this repository provides two TCTI implementations:
+	    libtcti-device and libtcti-socket.  The prior should be used
+	    for direct access to the TPM through the Linux kernel
+	    driver. The later implements the protocol exposed by the
+	    Microsoft software TPM2 simulator.
+
+	  https://github.com/tpm2-software/tpm2-tss
diff --git a/package/tpm2-tss/tpm2-tss.hash b/package/tpm2-tss/tpm2-tss.hash
new file mode 100644
index 0000000000..df1c6d8b58
--- /dev/null
+++ b/package/tpm2-tss/tpm2-tss.hash
@@ -0,0 +1,3 @@
+# Locally computed:
+sha256 c7d627de50394e9a02593edb1ce74e1bbac17831be726c54f689507f0c41a78a  tpm2-tss-1.3.0.tar.gz
+sha256 18c1bf4b1ba1fb2c4ffa7398c234d83c0d55475298e470ae1e5e3a8a8bd2e448  LICENSE
diff --git a/package/tpm2-tss/tpm2-tss.mk b/package/tpm2-tss/tpm2-tss.mk
new file mode 100644
index 0000000000..709602860f
--- /dev/null
+++ b/package/tpm2-tss/tpm2-tss.mk
@@ -0,0 +1,14 @@
+################################################################################
+#
+# tpm2-tss
+#
+################################################################################
+
+TPM2_TSS_VERSION = 1.3.0
+TPM2_TSS_SITE = https://github.com/tpm2-software/tpm2-tss/releases/download/$(TPM2_TSS_VERSION)
+TPM2_TSS_LICENSE = BSD-2-Clause
+TPM2_TSS_LICENSE_FILES = LICENSE
+TPM2_TSS_INSTALL_STAGING = YES
+TPM2_TSS_DEPENDENCIES = liburiparser host-pkgconf
+
+$(eval $(autotools-package))

[Buildroot] [git commit] tpm2-tss: new package

[Carlos Santos]

> From: "Peter Korsgaard" <peter@korsgaard.com>
> To: "buildroot" <buildroot@buildroot.org>
> Sent: Thursday, March 8, 2018 5:58:02 AM
> Subject: [Buildroot] [git commit] tpm2-tss: new package

> commit:
> https://git.buildroot.net/buildroot/commit/?id=7b3bb51809517ea045dedc8544db51fc0515d5b4
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

What about the other packages in this series, tpm2-abrmd and tmp2-tools?

-- 
Carlos Santos (Casantos) - DATACOM, P&D
?The greatest triumph that modern PR can offer is the transcendent 
success of having your words and actions judged by your reputation, 
rather than the other way about.? ? Christopher Hitchens

[Buildroot] [git commit] tpm2-tss: new package

[Peter Korsgaard]

>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:

 >> From: "Peter Korsgaard" <peter@korsgaard.com>
 >> To: "buildroot" <buildroot@buildroot.org>
 >> Sent: Thursday, March 8, 2018 5:58:02 AM
 >> Subject: [Buildroot] [git commit] tpm2-tss: new package

 >> commit:
 >> https://git.buildroot.net/buildroot/commit/?id=7b3bb51809517ea045dedc8544db51fc0515d5b4
 >> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

 > What about the other packages in this series, tpm2-abrmd and tmp2-tools?

They will come, I just ran out of time to review the other day.

Thomas asked on IRC why this was x86 only. Can you explain why?

-- 
Bye, Peter Korsgaard

[Buildroot] [git commit] tpm2-tss: new package

[Carlos Santos]

> From: "Peter Korsgaard" <peter@korsgaard.com>
> To: "Carlos Santos" <casantos@datacom.ind.br>
> Cc: "buildroot" <buildroot@buildroot.org>
> Sent: Friday, March 9, 2018 6:26:03 PM
> Subject: Re: [git commit] tpm2-tss: new package

>>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:
> 
> >> From: "Peter Korsgaard" <peter@korsgaard.com>
> >> To: "buildroot" <buildroot@buildroot.org>
> >> Sent: Thursday, March 8, 2018 5:58:02 AM
> >> Subject: [Buildroot] [git commit] tpm2-tss: new package
> 
> >> commit:
> >> https://git.buildroot.net/buildroot/commit/?id=7b3bb51809517ea045dedc8544db51fc0515d5b4
> >> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> 
> > What about the other packages in this series, tpm2-abrmd and tmp2-tools?
> 
> They will come, I just ran out of time to review the other day.
> 
> Thomas asked on IRC why this was x86 only. Can you explain why?

Because it needs a hardware TPM, which as far as I know is available
only in some Intel processors (I tested it in a C3000 SOC).

-- 
Carlos Santos (Casantos) - DATACOM, P&D
?The greatest triumph that modern PR can offer is the transcendent 
success of having your words and actions judged by your reputation, 
rather than the other way about.? ? Christopher Hitchens

[Buildroot] [git commit] tpm2-tss: new package

[Peter Korsgaard]

>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:

 >> Thomas asked on IRC why this was x86 only. Can you explain why?

 > Because it needs a hardware TPM, which as far as I know is available
 > only in some Intel processors (I tested it in a C3000 SOC).

Aren't TPM2 devices still available as small microcontrollers connected
to the main processor over i2c/spi? I've seen ARM boards with such
TPM1.2 devices, and I think Thomas mentioned an ARM board with a TPM2
device connected over SPI.

In general, unless there is a build time dependency on architecture
specific files or the package is very specific to a SoC or board I
prefer to not hide packages, even if it is unlikely to be used on other
architectures.

So I think we should remove the dependencies from tpm2-tss.

-- 
Bye, Peter Korsgaard

[Buildroot] [git commit] tpm2-tss: new package

[Carlos Santos]

> From: "Peter Korsgaard" <peter@korsgaard.com>
> To: "Carlos Santos" <casantos@datacom.ind.br>, "Thomas Petazzoni" <thomas.petazzoni@bootlin.com>
> Cc: "buildroot" <buildroot@buildroot.org>
> Sent: Saturday, March 10, 2018 5:43:47 AM
> Subject: Re: [git commit] tpm2-tss: new package

>>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:
> 
> >> Thomas asked on IRC why this was x86 only. Can you explain why?
> 
> > Because it needs a hardware TPM, which as far as I know is available
> > only in some Intel processors (I tested it in a C3000 SOC).
> 
> Aren't TPM2 devices still available as small microcontrollers connected
> to the main processor over i2c/spi? I've seen ARM boards with such
> TPM1.2 devices, and I think Thomas mentioned an ARM board with a TPM2
> device connected over SPI.
> 
> In general, unless there is a build time dependency on architecture
> specific files or the package is very specific to a SoC or board I
> prefer to not hide packages, even if it is unlikely to be used on other
> architectures.
> 
> So I think we should remove the dependencies from tpm2-tss.

I agree.

-- 
Carlos Santos (Casantos) - DATACOM, P&D
?The greatest triumph that modern PR can offer is the transcendent 
success of having your words and actions judged by your reputation, 
rather than the other way about.? ? Christopher Hitchens