[meta-security][PATCH v2 1/6] packagegroup-security-tpm2: stop including tpm2-tcti-uefi

[meta-security][PATCH v2 1/6] packagegroup-security-tpm2: stop including tpm2-tcti-uefi

[Dmitry Eremin-Solenikov]

From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

tpm2-tcti-uefi is a EFI module, so it should not be included in the
rootfs.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
---
 .../recipes-core/packagegroup/packagegroup-security-tpm2.bb    | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
index 9296d9967e32..8f5c537b9505 100644
--- a/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
+++ b/meta-tpm/recipes-core/packagegroup/packagegroup-security-tpm2.bb
@@ -21,6 +21,3 @@ RDEPENDS_packagegroup-security-tpm2 = " \
     ibmswtpm2 \
     cryptsetup-tpm-incubator \
     "
-
-RDEPENDS_packagegroup-security-tpm2_append_x86 = " tpm2-tcti-uefi"
-RDEPENDS_packagegroup-security-tpm2_append_x86-64 = " tpm2-tcti-uefi"
-- 
2.20.1

[meta-security][PATCH v2 2/6] tpm2-tss: fix compilation when using updated AX_CODE_COVERAGE macro

[Dmitry Eremin-Solenikov]

From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

New autoconf-archive comes with updated AX_CODE_COVERAGE macro, which is
not compatible with current tpm2-tss source base. Apply upstream patch
to fix this incompatibility.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
---
 ...-ax_code_coverage.m4-version-2019.01.patch | 84 +++++++++++++++++++
 .../recipes-tpm2/tpm2-tss/tpm2-tss_2.2.3.bb   |  3 +-
 2 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-build-update-for-ax_code_coverage.m4-version-2019.01.patch

diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-build-update-for-ax_code_coverage.m4-version-2019.01.patch b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-build-update-for-ax_code_coverage.m4-version-2019.01.patch
new file mode 100644
index 000000000000..86b2cb6dd7d3
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/0001-build-update-for-ax_code_coverage.m4-version-2019.01.patch
@@ -0,0 +1,84 @@
+From ec08ab41495ac40641475707c46e844503ada5b3 Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas@gmx.de>
+Date: Mon, 7 Jan 2019 22:15:06 +0100
+Subject: [PATCH] build: update for ax_code_coverage.m4 version 2019.01.06
+
+@CODE_COVERAGE_RULES@ doesn't exist any more and needs to be replaced.
+Also includes a compatibility switch for older versions of the file.
+
+Signed-off-by: Jonas Witschel <diabonas@gmx.de>
+---
+ .gitignore   |  1 +
+ .travis.yml  | 10 +++++-----
+ Makefile.am  |  6 ++++++
+ configure.ac |  3 +++
+ 4 files changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/.gitignore b/.gitignore
+index 7c6a7b62e6c1..aa1a7efdff71 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -26,6 +26,7 @@
+ AUTHORS
+ tags
+ aclocal.m4
++aminclude_static.am
+ autom4te.cache/
+ [Bb]uild/
+ [Dd]ebug/
+diff --git a/.travis.yml b/.travis.yml
+index 55f88e22999b..a668e2953dc2 100644
+--- a/.travis.yml
++++ b/.travis.yml
+@@ -44,11 +44,11 @@ addons:
+ 
+ install:
+ # Autoconf archive
+-  - wget https://download.01.org/tpm2/autoconf-archive-2017.09.28.tar.xz
+-  - sha256sum autoconf-archive-2017.09.28.tar.xz | grep -q 5c9fb5845b38b28982a3ef12836f76b35f46799ef4a2e46b48e2bd3c6182fa01 || travis_terminate 1
+-  - tar xJf autoconf-archive-2017.09.28.tar.xz
+-  - cp autoconf-archive-2017.09.28/m4/ax_code_coverage.m4 m4/
+-  - cp autoconf-archive-2017.09.28/m4/ax_prog_doxygen.m4 m4/
++  - wget http://ftpmirror.gnu.org/autoconf-archive/autoconf-archive-2019.01.06.tar.xz
++  - sha256sum autoconf-archive-2019.01.06.tar.xz | grep -q 17195c833098da79de5778ee90948f4c5d90ed1a0cf8391b4ab348e2ec511e3f || travis_terminate 1
++  - tar xJf autoconf-archive-2019.01.06.tar.xz
++  - cp autoconf-archive-2019.01.06/m4/ax_code_coverage.m4 m4/
++  - cp autoconf-archive-2019.01.06/m4/ax_prog_doxygen.m4 m4/
+ # IBM-TPM
+   - wget https://download.01.org/tpm2/ibmtpm974.tar.gz
+ # OpenSSL 1.0.2
+diff --git a/Makefile.am b/Makefile.am
+index 1b792d89a392..8e62e9c77c7d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -19,7 +19,13 @@ noinst_PROGRAMS =
+ 
+ ### Add ax_* rules ###
+ # ax_code_coverage
++if AUTOCONF_CODE_COVERAGE_2019_01_06
++include $(top_srcdir)/aminclude_static.am
++clean-local: code-coverage-clean
++dist-clean-local: code-coverage-dist-clean
++else
+ @CODE_COVERAGE_RULES@
++endif
+ 
+ # ax_doxygen
+ @DX_RULES@
+diff --git a/configure.ac b/configure.ac
+index 6c7b0fd96399..22b79c50c015 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -312,6 +312,9 @@ AS_IF([test "x$enable_doxygen_doc" != xno],
+       [ERROR_IF_NO_PROG([doxygen])])
+ 
+ AX_CODE_COVERAGE
++m4_ifdef([_AX_CODE_COVERAGE_RULES],
++         [AM_CONDITIONAL(AUTOCONF_CODE_COVERAGE_2019_01_06, [true])],
++         [AM_CONDITIONAL(AUTOCONF_CODE_COVERAGE_2019_01_06, [false])])
+ 
+ AC_OUTPUT
+ 
+-- 
+2.20.1
+
diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.2.3.bb b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.2.3.bb
index cf93159ce40f..ffbd3f4e4eff 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.2.3.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.2.3.bb
@@ -8,7 +8,8 @@ DEPENDS = "autoconf-archive-native libgcrypt openssl"
 
 SRCREV = "36b1539c82bf675265d6f6a6cd808a189b6971f4"
 
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss.git;branch=2.2.x"
+SRC_URI = "git://github.com/tpm2-software/tpm2-tss.git;branch=2.2.x \
+    file://0001-build-update-for-ax_code_coverage.m4-version-2019.01.patch"
 
 inherit autotools-brokensep pkgconfig systemd
 
-- 
2.20.1

[meta-security][PATCH v2 3/6] tpm2-tcti-uefi: add autoconf-archive-native dependency

[Dmitry Eremin-Solenikov]

From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

Add dependency on autoconf-archive-native to receive AX_* macro definitions.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
---
 meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index 43854c414c22..983f72ebeb68 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -2,7 +2,7 @@ SUMMARY = "TCTI module for use with TSS2 libraries in UEFI environment"
 SECTION = "security/tpm"
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
-DEPENDS = "libtss2-dev gnu-efi-native gnu-efi pkgconfig"
+DEPENDS = "libtss2-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native"
 
 SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \
            file://configure_oe_fixup.patch \
-- 
2.20.1

[meta-security][PATCH v2 4/6] tpm2-tcti-uefi: fix configure arguments

[Dmitry Eremin-Solenikov]

From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

Pass correct location of EFI's crt0 and ld script.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
---
 .../recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb  | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index 983f72ebeb68..03140506931d 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -13,6 +13,13 @@ S = "${WORKDIR}/git"
 
 inherit autotools pkgconfig
 
+EFI_ARCH_x86 = "ia32"
+EFI_ARCH_x86-64 = "x86_64"
+
 COMPATIBLE_HOST = "(i.86|x86_64).*-linux"
-EXTRA_OECONF_append = " --with-efi-includedir=${STAGING_INCDIR}/efi --with-efi-lds=${STAGING_LIBDIR_NATIVE}/"
+EXTRA_OECONF_append = "\
+    --with-efi-includedir=${STAGING_INCDIR}/efi \
+    --with-efi-crt0=${STAGING_LIBDIR_NATIVE}/crt0-efi-${EFI_ARCH}.o \
+    --with-efi-lds=${STAGING_LIBDIR_NATIVE}/elf_${EFI_ARCH}_efi.lds \
+"
 RDEPENDS_${PN} = "gnu-efi"
-- 
2.20.1

[meta-security][PATCH v2 5/6] tpm2-tcti-uefi: stop inserting host directories into build path

[Dmitry Eremin-Solenikov]

From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

Do not insert /usr/lib and /usr/lib64 into LDFLAGS.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
---
 ...p-inserting-host-directories-into-co.patch | 27 +++++++++++++++++++
 .../tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb    |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch

diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch
new file mode 100644
index 000000000000..3b54dddf763f
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch
@@ -0,0 +1,27 @@
+From b74837184cfdefb45e48f3fdc974fc67691fc861 Mon Sep 17 00:00:00 2001
+From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
+Date: Wed, 3 Jul 2019 19:16:35 +0300
+Subject: [PATCH] configure.ac: stop inserting host directories into compile
+ path
+
+Do not insert /usr/lib and /usr/lib64 into library search path.
+
+Upstream-Status: OE specific
+Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: git/configure.ac
+===================================================================
+--- git.orig/configure.ac
++++ git/configure.ac
+@@ -81,7 +81,7 @@ AC_ARG_WITH([efi-lds],
+             AS_HELP_STRING([--with-efi-lds=LDS_PATH],[Path to gnu-efi lds file.]),
+             [],
+             [with_efi_lds="/usr/lib/elf_${ARCH}_efi.lds"])
+-EXTRA_LDFLAGS="-L /usr/lib -L /usr/lib64 -Wl,--script=${with_efi_lds}"
++EXTRA_LDFLAGS="-Wl,--script=${with_efi_lds}"
+ 
+ # path to object file from gnu-efi
+ AC_ARG_WITH([efi-crt0],
diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index 03140506931d..b2d0b85af280 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -6,6 +6,7 @@ DEPENDS = "libtss2-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native"
 
 SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \
            file://configure_oe_fixup.patch \
+	   file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \
           "
 SRCREV = "7baf1eebfeb56a896bdd5d677fb24377d619eb9d"
 
-- 
2.20.1

[meta-security][PATCH v2 6/6] tpm2-tcti-uefi: build and install examples

[Dmitry Eremin-Solenikov]

From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

Examples are usefull to actually check TPM2 from UEFI shell. Add them to
tpm2-tcti-uefi package.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
---
 .../tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb          | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index b2d0b85af280..e822e2974f37 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -14,6 +14,17 @@ S = "${WORKDIR}/git"
 
 inherit autotools pkgconfig
 
+EFIDIR ?= "/EFI/BOOT"
+
+do_compile_append() {
+	oe_runmake example
+}
+
+do_install_append() {
+	install -d "${D}${EFIDIR}"
+	install -m 0755 "${B}"/example/*.efi "${D}${EFIDIR}"
+}
+
 EFI_ARCH_x86 = "ia32"
 EFI_ARCH_x86-64 = "x86_64"
 
@@ -24,3 +35,5 @@ EXTRA_OECONF_append = "\
     --with-efi-lds=${STAGING_LIBDIR_NATIVE}/elf_${EFI_ARCH}_efi.lds \
 "
 RDEPENDS_${PN} = "gnu-efi"
+
+FILES_${PN} += "${EFIDIR}"
-- 
2.20.1