[meta-security][PATCH 1/3] tpm2-tcti-uefi: fix build issue for i386 machine

[meta-security][PATCH 1/3] tpm2-tcti-uefi: fix build issue for i386 machine

[akuster]

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../files/fix_header_file.patch               | 25 +++++++++++++++++
 .../files/tpm2-get-caps-fixed.patch           | 23 +++++++++++++++
 ...p-inserting-host-directories-into-co.patch | 13 ++++++++-
 .../tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb    | 28 +++++++++++--------
 4 files changed, 77 insertions(+), 12 deletions(-)
 create mode 100644 meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/fix_header_file.patch
 create mode 100644 meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch

diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/fix_header_file.patch b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/fix_header_file.patch
new file mode 100644
index 0000000..fc730e1
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/fix_header_file.patch
@@ -0,0 +1,25 @@
+Error building for i386 target in cross env
+
+#include <efi/x86_64/efibind.h>
+
+ARCH is host arch, not target arch
+
+Upstream-Status: Submitted 
+
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+Index: git/src/uefi-types.h
+===================================================================
+--- git.orig/src/uefi-types.h
++++ git/src/uefi-types.h
+@@ -3,9 +3,9 @@
+ #define UEFI_TYPES_H
+ 
+ #ifndef EDK2_BUILD
+-#if ARCH == x86_64
++#if defined(__x86_64__)
+ #include <efi/x86_64/efibind.h>
+-#elif ARCH == ia32
++#elif defined(__i386__)
+ #include <efi/ia32/efibind.h>
+ #else
+ #error "Unsupported ARCH."
diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch
new file mode 100644
index 0000000..bc70913
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/files/tpm2-get-caps-fixed.patch
@@ -0,0 +1,23 @@
+Fix defined to match tpm2-tools 4.1.1
+
+Upstream-Status: Submitted https://github.com/tpm2-software/tpm2-tcti-uefi/pull/81
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: git/example/tpm2-get-caps-fixed.c
+===================================================================
+--- git.orig/example/tpm2-get-caps-fixed.c
++++ git/example/tpm2-get-caps-fixed.c
+@@ -140,11 +140,11 @@ dump_tpm_properties_fixed (TPMS_TAGGED_P
+             Print (L"TPM2_PT_INPUT_BUFFER:\n"
+                     "  value: 0x%X\n", value);
+             break;
+-        case TPM2_PT_HR_TRANSIENT_MIN:
++        case TPM2_PT_TPM2_HR_TRANSIENT_MIN:
+             Print (L"TPM2_PT_TPM2_HR_TRANSIENT_MIN:\n"
+                     "  value: 0x%X\n", value);
+             break;
+-        case TPM2_PT_HR_PERSISTENT_MIN:
++        case TPM2_PT_TPM2_HR_PERSISTENT_MIN:
+             Print (L"TPM2_PT_TPM2_HR_PERSISTENT_MIN:\n"
+                     "  value: 0x%X\n", value);
+             break;
diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch
index 3b54ddd..b3f2287 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi/0001-configure.ac-stop-inserting-host-directories-into-co.patch
@@ -16,7 +16,18 @@ Index: git/configure.ac
 ===================================================================
 --- git.orig/configure.ac
 +++ git/configure.ac
-@@ -81,7 +81,7 @@ AC_ARG_WITH([efi-lds],
+@@ -70,10 +70,6 @@ EXTRA_CFLAGS+="-I${with_efi_includedir}
+ # compiler flags / search path
+ CFLAGS_TMP="$CFLAGS"
+ CFLAGS="$CFLAGS $EXTRA_CFLAGS"
+-AC_CHECK_HEADERS([efi.h efilib.h],
+-                 [],
+-                 [AC_MSG_ERROR([Missing gnu-efi headers.])],
+-                 [#include <efi.h>])
+ CFLAGS="$CFLAGS_TMP"
+ 
+ # path to linker script from gnu-efi
+@@ -81,7 +77,7 @@ AC_ARG_WITH([efi-lds],
              AS_HELP_STRING([--with-efi-lds=LDS_PATH],[Path to gnu-efi lds file.]),
              [],
              [with_efi_lds="/usr/lib/elf_${ARCH}_efi.lds"])
diff --git a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
index f4918ec..67b36b7 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tcti-uefi/tpm2-tcti-uefi_0.9.9.bb
@@ -2,13 +2,15 @@ SUMMARY = "TCTI module for use with TSS2 libraries in UEFI environment"
 SECTION = "security/tpm"
 LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
-DEPENDS = "libtss2-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native"
+DEPENDS = "libtss2-dev libtss2-mu-dev gnu-efi-native gnu-efi pkgconfig autoconf-archive-native"
 
 SRC_URI = "git://github.com/tpm2-software/tpm2-tcti-uefi.git \
            file://configure_oe_fixup.patch \
            file://0001-configure.ac-stop-inserting-host-directories-into-co.patch \
+           file://tpm2-get-caps-fixed.patch \
+           file://fix_header_file.patch \
           "
-SRCREV = "431c85f45dcdca5da003ed47c6e9814282476938"
+SRCREV = "0241b08f069f0fdb3612f5c1b938144dbe9be811"
 
 S = "${WORKDIR}/git"
 
@@ -16,6 +18,17 @@ inherit autotools pkgconfig
 
 EFIDIR ?= "/EFI/BOOT"
 
+EFI_ARCH_x86 = "ia32"
+EFI_ARCH_x86-64 = "x86_64"
+
+CFLAGS_append = " -I${STAGING_INCDIR}/efi -I${STAGING_INCDIR}/efi/${EFI_ARCH}"
+
+EXTRA_OECONF_append = " \
+    --with-efi-includedir=${STAGING_INCDIR} \
+    --with-efi-crt0=${STAGING_LIBDIR}/crt0-efi-${EFI_ARCH}.o \
+    --with-efi-lds=${STAGING_LIBDIR}/elf_${EFI_ARCH}_efi.lds \
+"
+
 do_compile_append() {
 	oe_runmake example
 }
@@ -25,15 +38,8 @@ do_install_append() {
 	install -m 0755 "${B}"/example/*.efi "${D}${EFIDIR}"
 }
 
-EFI_ARCH_x86 = "ia32"
-EFI_ARCH_x86-64 = "x86_64"
-
 COMPATIBLE_HOST = "(i.86|x86_64).*-linux"
-EXTRA_OECONF_append = "\
-    --with-efi-includedir=${STAGING_INCDIR}/efi \
-    --with-efi-crt0=${STAGING_LIBDIR_NATIVE}/crt0-efi-${EFI_ARCH}.o \
-    --with-efi-lds=${STAGING_LIBDIR_NATIVE}/elf_${EFI_ARCH}_efi.lds \
-"
-RDEPENDS_${PN} = "gnu-efi"
 
 FILES_${PN} += "${EFIDIR}"
+
+RDEPENDS_${PN} = "gnu-efi libtss2-mu"
-- 
2.17.1

[meta-security][PATCH 2/3] tpm2-tss: update to 2.3.2

[akuster]

clean up reciped. drop git fetching

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../{tpm2-tss_2.3.1.bb => tpm2-tss_2.3.2.bb}   | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)
 rename meta-tpm/recipes-tpm2/tpm2-tss/{tpm2-tss_2.3.1.bb => tpm2-tss_2.3.2.bb} (72%)

diff --git a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb
similarity index 72%
rename from meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb
rename to meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb
index dfdf734..135efed 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.2.bb
@@ -8,22 +8,22 @@ DEPENDS = "autoconf-archive-native libgcrypt openssl"
 
 SRCREV = "a99e733ba66c359502689a9c42fd5e02ed1dd7d6"
 
-SRC_URI = "git://github.com/tpm2-software/tpm2-tss.git;branch=2.3.x"
+SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+SRC_URI[md5sum] = "fb7e6d371959a65dc6d129af81739742"
+SRC_URI[sha256sum] = "82929a0611f39246e09202702a61b54c980ab694626c1f5823520ddf75024fa6"
+SRC_URI[sha1sum] = "c24ce8b20a8686ada775239389292f6d78020668"
+SRC_URI[sha384sum] = "a0c023c024efb6c9906df1e143d692f44433de332b616dc0584c9b4cd4fb0ad544308f291892e91c5a52ef1a4b2abf7f"
+SRC_URI[sha512sum] = "7b679b54f3478c3adee5b6c3135cbe491ffd9f4712991f465edbd6c7d2831e5f1537038ec36f288e9545c719d5d167b61116c924cf5d816220615d0b58a1d436"
 
-inherit autotools-brokensep pkgconfig systemd
-
-S = "${WORKDIR}/git"
+inherit autotools pkgconfig systemd extrausers
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[oxygen] = ",--disable-doxygen-doc, "
 
-EXTRA_OECONF += "--with-udevrulesdir=${base_prefix}/lib/udev/rules.d/"
+EXTRA_OECONF += "--enable-static --with-udevrulesdir=${base_prefix}/lib/udev/rules.d/"
+EXTRA_OECONF_remove = " --disable-static"
 
-do_configure_prepend () {
-       ./bootstrap
-}
 
-INHERIT += "extrausers"
 EXTRA_USERS_PARAMS = "\
 	useradd -p '' tss; \
 	groupadd tss; \
-- 
2.17.1

[meta-security][PATCH 3/3] tpm2-tools: fix compile issue with new gcc

[akuster]

fixes:

releated to issue:
https://github.com/tpm2-software/tpm2-tools/issues/1561

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
index e90dcfe..aee4d3b 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
@@ -15,3 +15,5 @@ SRC_URI[sha384sum] = "396547f400e4f5626d7741d77ec543f312d94e6697899f4c36260d15fa
 SRC_URI[sha512sum] = "25952cf947f0acd16b1a8dbd3ac8573bce85ff970a7e24c290c4f9cd29418e77a3e48ac82c932fbd250887a9303ab301ff92db594c2fffaba47b873382444d26"
 
 inherit autotools pkgconfig bash-completion
+
+CFLAGS_remove = "-O2 "
-- 
2.17.1