* [PATCH] systemd: Add tpm2 PACKAGECONFIG
@ 2021-09-15 10:23 Kristian Klausen
2021-09-15 10:48 ` [OE-core] " Quentin Schulz
0 siblings, 1 reply; 7+ messages in thread
From: Kristian Klausen @ 2021-09-15 10:23 UTC (permalink / raw)
To: openembedded-core; +Cc: Kristian Klausen
The TPM2 support is used, among other things, for unlocking encrypted
volumes.
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
---
meta/recipes-core/systemd/systemd_249.3.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-core/systemd/systemd_249.3.bb b/meta/recipes-core/systemd/systemd_249.3.bb
index c027b88fd6..f8c85dabf0 100644
--- a/meta/recipes-core/systemd/systemd_249.3.bb
+++ b/meta/recipes-core/systemd/systemd_249.3.bb
@@ -128,6 +128,7 @@ PACKAGECONFIG[bzip2] = "-Dbzip2=true,-Dbzip2=false,bzip2"
PACKAGECONFIG[cgroupv2] = "-Ddefault-hierarchy=unified,-Ddefault-hierarchy=hybrid"
PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false"
PACKAGECONFIG[cryptsetup] = "-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup"
+PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 libtss2-tcti-device"
PACKAGECONFIG[dbus] = "-Ddbus=true,-Ddbus=false,dbus"
PACKAGECONFIG[efi] = "-Defi=true,-Defi=false"
PACKAGECONFIG[gnu-efi] = "-Dgnu-efi=true -Defi-libdir=${STAGING_LIBDIR} -Defi-includedir=${STAGING_INCDIR}/efi,-Dgnu-efi=false,gnu-efi"
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH] systemd: Add tpm2 PACKAGECONFIG
2021-09-15 10:23 [PATCH] systemd: Add tpm2 PACKAGECONFIG Kristian Klausen
@ 2021-09-15 10:48 ` Quentin Schulz
2021-09-15 11:31 ` Kristian Klausen
0 siblings, 1 reply; 7+ messages in thread
From: Quentin Schulz @ 2021-09-15 10:48 UTC (permalink / raw)
To: kristian; +Cc: openembedded-core
Hi Kristian,
On Wed, Sep 15, 2021 at 12:23:08PM +0200, Kristian Klausen via lists.openembedded.org wrote:
> The TPM2 support is used, among other things, for unlocking encrypted
> volumes.
>
> Signed-off-by: Kristian Klausen <kristian@klausen.dk>
> ---
> meta/recipes-core/systemd/systemd_249.3.bb | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-core/systemd/systemd_249.3.bb b/meta/recipes-core/systemd/systemd_249.3.bb
> index c027b88fd6..f8c85dabf0 100644
> --- a/meta/recipes-core/systemd/systemd_249.3.bb
> +++ b/meta/recipes-core/systemd/systemd_249.3.bb
> @@ -128,6 +128,7 @@ PACKAGECONFIG[bzip2] = "-Dbzip2=true,-Dbzip2=false,bzip2"
> PACKAGECONFIG[cgroupv2] = "-Ddefault-hierarchy=unified,-Ddefault-hierarchy=hybrid"
> PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false"
> PACKAGECONFIG[cryptsetup] = "-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup"
> +PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 libtss2-tcti-device"
Shouldn't the RDEPENDS part of the PACKAGECONFIG be pulled in
automatically by Bitbake since I assume the libs they contained are used
by the linker for systemd?
Also looking at the tpm2-tss recipe, I'm not sure there's a package
named libtss2-tcti-device?
I would assume that
PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss"
would be enough except if there's dynamic loading of libraries or
binaries from tpm2-tss that are required at runtime?
Cheers,
Quentin
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH] systemd: Add tpm2 PACKAGECONFIG
2021-09-15 10:48 ` [OE-core] " Quentin Schulz
@ 2021-09-15 11:31 ` Kristian Klausen
2021-09-15 11:34 ` Quentin Schulz
2021-09-17 15:47 ` Alexandre Belloni
0 siblings, 2 replies; 7+ messages in thread
From: Kristian Klausen @ 2021-09-15 11:31 UTC (permalink / raw)
To: Quentin Schulz; +Cc: kristian, openembedded-core
Den Wed, Sep 15, 2021 at 12:48:18 +0200 skrev Quentin Schulz:
> Hi Kristian,
>
> On Wed, Sep 15, 2021 at 12:23:08PM +0200, Kristian Klausen via lists.openembedded.org wrote:
> > The TPM2 support is used, among other things, for unlocking encrypted
> > volumes.
> >
> > Signed-off-by: Kristian Klausen <kristian@klausen.dk>
> > ---
> > meta/recipes-core/systemd/systemd_249.3.bb | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/meta/recipes-core/systemd/systemd_249.3.bb b/meta/recipes-core/systemd/systemd_249.3.bb
> > index c027b88fd6..f8c85dabf0 100644
> > --- a/meta/recipes-core/systemd/systemd_249.3.bb
> > +++ b/meta/recipes-core/systemd/systemd_249.3.bb
> > @@ -128,6 +128,7 @@ PACKAGECONFIG[bzip2] = "-Dbzip2=true,-Dbzip2=false,bzip2"
> > PACKAGECONFIG[cgroupv2] = "-Ddefault-hierarchy=unified,-Ddefault-hierarchy=hybrid"
> > PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false"
> > PACKAGECONFIG[cryptsetup] = "-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup"
> > +PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 libtss2-tcti-device"
>
> Shouldn't the RDEPENDS part of the PACKAGECONFIG be pulled in
> automatically by Bitbake since I assume the libs they contained are used
> by the linker for systemd?
>
> Also looking at the tpm2-tss recipe, I'm not sure there's a package
> named libtss2-tcti-device?
Are we looking at the same recipe? It is defined in
tpm2-tss_3.0.3.bb[1].
[1] https://git.yoctoproject.org/cgit/cgit.cgi/meta-security/tree/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb?id=e0fca90835169e21ffabe6f2e4b901678236d36e#n37
>
> I would assume that
>
> PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss"
>
> would be enough except if there's dynamic loading of libraries or
> binaries from tpm2-tss that are required at runtime?
I my testing it didn't work, presumably due to systemd not linking with
libtss2*.so but loading them with dlopen()[2].
libtss2 is also using dlopen() for loading the TCTI implementation
(libtss2-tcti-device in this case)[3].
[2] https://github.com/systemd/systemd/blob/aff870ef61bda152ea6241f684dcab26a9265e78/src/shared/tpm2-util.c#L46-L81
[3] https://github.com/tpm2-software/tpm2-tss/blob/9288970a3e657cdee85d08d3813199ec864de3ad/src/tss2-tcti/tctildr-dl.c#L79-L125
Cheers,
Kristian
>
> Cheers,
> Quentin
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH] systemd: Add tpm2 PACKAGECONFIG
2021-09-15 11:31 ` Kristian Klausen
@ 2021-09-15 11:34 ` Quentin Schulz
2021-09-17 15:47 ` Alexandre Belloni
1 sibling, 0 replies; 7+ messages in thread
From: Quentin Schulz @ 2021-09-15 11:34 UTC (permalink / raw)
To: Kristian Klausen; +Cc: openembedded-core
Hi Kristian,
On Wed, Sep 15, 2021 at 01:31:07PM +0200, Kristian Klausen wrote:
> Den Wed, Sep 15, 2021 at 12:48:18 +0200 skrev Quentin Schulz:
> > Hi Kristian,
> >
> > On Wed, Sep 15, 2021 at 12:23:08PM +0200, Kristian Klausen via lists.openembedded.org wrote:
> > > The TPM2 support is used, among other things, for unlocking encrypted
> > > volumes.
> > >
> > > Signed-off-by: Kristian Klausen <kristian@klausen.dk>
> > > ---
> > > meta/recipes-core/systemd/systemd_249.3.bb | 1 +
> > > 1 file changed, 1 insertion(+)
> > >
> > > diff --git a/meta/recipes-core/systemd/systemd_249.3.bb b/meta/recipes-core/systemd/systemd_249.3.bb
> > > index c027b88fd6..f8c85dabf0 100644
> > > --- a/meta/recipes-core/systemd/systemd_249.3.bb
> > > +++ b/meta/recipes-core/systemd/systemd_249.3.bb
> > > @@ -128,6 +128,7 @@ PACKAGECONFIG[bzip2] = "-Dbzip2=true,-Dbzip2=false,bzip2"
> > > PACKAGECONFIG[cgroupv2] = "-Ddefault-hierarchy=unified,-Ddefault-hierarchy=hybrid"
> > > PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false"
> > > PACKAGECONFIG[cryptsetup] = "-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup"
> > > +PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 libtss2-tcti-device"
> >
> > Shouldn't the RDEPENDS part of the PACKAGECONFIG be pulled in
> > automatically by Bitbake since I assume the libs they contained are used
> > by the linker for systemd?
> >
> > Also looking at the tpm2-tss recipe, I'm not sure there's a package
> > named libtss2-tcti-device?
>
> Are we looking at the same recipe? It is defined in
> tpm2-tss_3.0.3.bb[1].
>
> [1] https://urldefense.proofpoint.com/v2/url?u=https-3A__git.yoctoproject.org_cgit_cgit.cgi_meta-2Dsecurity_tree_meta-2Dtpm_recipes-2Dtpm2_tpm2-2Dtss_tpm2-2Dtss-5F3.0.3.bb-3Fid-3De0fca90835169e21ffabe6f2e4b901678236d36e-23n37&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=YhnjtFDUXJqt4E89iFwwS6UgV0wqekVtZVyVfp05TSo&s=DN-nSy3eRWcgLmzegO1kzafrJwuNAp36bKdUuPBwqYo&e=
>
I was looking at the one in meta-measured layer. For some reason it
seems the above layer does not appear in the layerindex :/
> >
> > I would assume that
> >
> > PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss"
> >
> > would be enough except if there's dynamic loading of libraries or
> > binaries from tpm2-tss that are required at runtime?
>
> I my testing it didn't work, presumably due to systemd not linking with
> libtss2*.so but loading them with dlopen()[2].
>
> libtss2 is also using dlopen() for loading the TCTI implementation
> (libtss2-tcti-device in this case)[3].
>
> [2] https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_systemd_systemd_blob_aff870ef61bda152ea6241f684dcab26a9265e78_src_shared_tpm2-2Dutil.c-23L46-2DL81&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=YhnjtFDUXJqt4E89iFwwS6UgV0wqekVtZVyVfp05TSo&s=tP52Oja6E8aYHPFpUEJnTxBW8ECdM1zaSqG1bk5vpuc&e=
> [3] https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_tpm2-2Dsoftware_tpm2-2Dtss_blob_9288970a3e657cdee85d08d3813199ec864de3ad_src_tss2-2Dtcti_tctildr-2Ddl.c-23L79-2DL125&d=DwIBAg&c=_sEr5x9kUWhuk4_nFwjJtA&r=LYjLexDn7rXIzVmkNPvw5ymA1XTSqHGq8yBP6m6qZZ4njZguQhZhkI_-172IIy1t&m=YhnjtFDUXJqt4E89iFwwS6UgV0wqekVtZVyVfp05TSo&s=qeaguTVVsgGOzAgPagMJBe6qeimxYewI5ufmfYjT97c&e=
>
Then:
Reviewed-by: Quentin Schulz <foss@0leil.net>
Thanks!
Quentin
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH] systemd: Add tpm2 PACKAGECONFIG
2021-09-15 11:31 ` Kristian Klausen
2021-09-15 11:34 ` Quentin Schulz
@ 2021-09-17 15:47 ` Alexandre Belloni
2021-09-18 9:17 ` Richard Purdie
2021-09-18 15:26 ` Armin Kuster
1 sibling, 2 replies; 7+ messages in thread
From: Alexandre Belloni @ 2021-09-17 15:47 UTC (permalink / raw)
To: kristian; +Cc: Quentin Schulz, openembedded-core
On 15/09/2021 13:31:07+0200, Kristian Klausen via lists.openembedded.org wrote:
> Den Wed, Sep 15, 2021 at 12:48:18 +0200 skrev Quentin Schulz:
> > Hi Kristian,
> >
> > On Wed, Sep 15, 2021 at 12:23:08PM +0200, Kristian Klausen via lists.openembedded.org wrote:
> > > The TPM2 support is used, among other things, for unlocking encrypted
> > > volumes.
> > >
> > > Signed-off-by: Kristian Klausen <kristian@klausen.dk>
> > > ---
> > > meta/recipes-core/systemd/systemd_249.3.bb | 1 +
> > > 1 file changed, 1 insertion(+)
> > >
> > > diff --git a/meta/recipes-core/systemd/systemd_249.3.bb b/meta/recipes-core/systemd/systemd_249.3.bb
> > > index c027b88fd6..f8c85dabf0 100644
> > > --- a/meta/recipes-core/systemd/systemd_249.3.bb
> > > +++ b/meta/recipes-core/systemd/systemd_249.3.bb
> > > @@ -128,6 +128,7 @@ PACKAGECONFIG[bzip2] = "-Dbzip2=true,-Dbzip2=false,bzip2"
> > > PACKAGECONFIG[cgroupv2] = "-Ddefault-hierarchy=unified,-Ddefault-hierarchy=hybrid"
> > > PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false"
> > > PACKAGECONFIG[cryptsetup] = "-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup"
> > > +PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 libtss2-tcti-device"
> >
> > Shouldn't the RDEPENDS part of the PACKAGECONFIG be pulled in
> > automatically by Bitbake since I assume the libs they contained are used
> > by the linker for systemd?
> >
> > Also looking at the tpm2-tss recipe, I'm not sure there's a package
> > named libtss2-tcti-device?
>
> Are we looking at the same recipe? It is defined in
> tpm2-tss_3.0.3.bb[1].
>
> [1] https://git.yoctoproject.org/cgit/cgit.cgi/meta-security/tree/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb?id=e0fca90835169e21ffabe6f2e4b901678236d36e#n37
>
Then, shouldn't that be a bbappend in meta-security? Else, you run the
risk of pulling a dependency for a recipe in a layer you don't have.
> >
> > I would assume that
> >
> > PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss"
> >
> > would be enough except if there's dynamic loading of libraries or
> > binaries from tpm2-tss that are required at runtime?
>
> I my testing it didn't work, presumably due to systemd not linking with
> libtss2*.so but loading them with dlopen()[2].
>
> libtss2 is also using dlopen() for loading the TCTI implementation
> (libtss2-tcti-device in this case)[3].
>
> [2] https://github.com/systemd/systemd/blob/aff870ef61bda152ea6241f684dcab26a9265e78/src/shared/tpm2-util.c#L46-L81
> [3] https://github.com/tpm2-software/tpm2-tss/blob/9288970a3e657cdee85d08d3813199ec864de3ad/src/tss2-tcti/tctildr-dl.c#L79-L125
>
> Cheers,
> Kristian
>
> >
> > Cheers,
> > Quentin
>
>
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH] systemd: Add tpm2 PACKAGECONFIG
2021-09-17 15:47 ` Alexandre Belloni
@ 2021-09-18 9:17 ` Richard Purdie
2021-09-18 15:26 ` Armin Kuster
1 sibling, 0 replies; 7+ messages in thread
From: Richard Purdie @ 2021-09-18 9:17 UTC (permalink / raw)
To: Alexandre Belloni, kristian; +Cc: Quentin Schulz, openembedded-core
On Fri, 2021-09-17 at 17:47 +0200, Alexandre Belloni wrote:
> On 15/09/2021 13:31:07+0200, Kristian Klausen via lists.openembedded.org wrote:
> > Den Wed, Sep 15, 2021 at 12:48:18 +0200 skrev Quentin Schulz:
> > > Hi Kristian,
> > >
> > > On Wed, Sep 15, 2021 at 12:23:08PM +0200, Kristian Klausen via lists.openembedded.org wrote:
> > > > The TPM2 support is used, among other things, for unlocking encrypted
> > > > volumes.
> > > >
> > > > Signed-off-by: Kristian Klausen <kristian@klausen.dk>
> > > > ---
> > > > meta/recipes-core/systemd/systemd_249.3.bb | 1 +
> > > > 1 file changed, 1 insertion(+)
> > > >
> > > > diff --git a/meta/recipes-core/systemd/systemd_249.3.bb b/meta/recipes-core/systemd/systemd_249.3.bb
> > > > index c027b88fd6..f8c85dabf0 100644
> > > > --- a/meta/recipes-core/systemd/systemd_249.3.bb
> > > > +++ b/meta/recipes-core/systemd/systemd_249.3.bb
> > > > @@ -128,6 +128,7 @@ PACKAGECONFIG[bzip2] = "-Dbzip2=true,-Dbzip2=false,bzip2"
> > > > PACKAGECONFIG[cgroupv2] = "-Ddefault-hierarchy=unified,-Ddefault-hierarchy=hybrid"
> > > > PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false"
> > > > PACKAGECONFIG[cryptsetup] = "-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup"
> > > > +PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 libtss2-tcti-device"
> > >
> > > Shouldn't the RDEPENDS part of the PACKAGECONFIG be pulled in
> > > automatically by Bitbake since I assume the libs they contained are used
> > > by the linker for systemd?
> > >
> > > Also looking at the tpm2-tss recipe, I'm not sure there's a package
> > > named libtss2-tcti-device?
> >
> > Are we looking at the same recipe? It is defined in
> > tpm2-tss_3.0.3.bb[1].
> >
> > [1] https://git.yoctoproject.org/cgit/cgit.cgi/meta-security/tree/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb?id=e0fca90835169e21ffabe6f2e4b901678236d36e#n37
> >
>
> Then, shouldn't that be a bbappend in meta-security? Else, you run the
> risk of pulling a dependency for a recipe in a layer you don't have.
Even if the dependency is in another layer, we've been moving towards having the
PACKAGECONFIG in the main recipe with the default as not enabled. This means the
correct "disable" configure options are added explicitly.
Cheers,
Richard
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [OE-core] [PATCH] systemd: Add tpm2 PACKAGECONFIG
2021-09-17 15:47 ` Alexandre Belloni
2021-09-18 9:17 ` Richard Purdie
@ 2021-09-18 15:26 ` Armin Kuster
1 sibling, 0 replies; 7+ messages in thread
From: Armin Kuster @ 2021-09-18 15:26 UTC (permalink / raw)
To: Alexandre Belloni, kristian; +Cc: Quentin Schulz, openembedded-core
On 9/17/21 8:47 AM, Alexandre Belloni wrote:
> On 15/09/2021 13:31:07+0200, Kristian Klausen via lists.openembedded.org wrote:
>> Den Wed, Sep 15, 2021 at 12:48:18 +0200 skrev Quentin Schulz:
>>> Hi Kristian,
>>>
>>> On Wed, Sep 15, 2021 at 12:23:08PM +0200, Kristian Klausen via lists.openembedded.org wrote:
>>>> The TPM2 support is used, among other things, for unlocking encrypted
>>>> volumes.
>>>>
>>>> Signed-off-by: Kristian Klausen <kristian@klausen.dk>
>>>> ---
>>>> meta/recipes-core/systemd/systemd_249.3.bb | 1 +
>>>> 1 file changed, 1 insertion(+)
>>>>
>>>> diff --git a/meta/recipes-core/systemd/systemd_249.3.bb b/meta/recipes-core/systemd/systemd_249.3.bb
>>>> index c027b88fd6..f8c85dabf0 100644
>>>> --- a/meta/recipes-core/systemd/systemd_249.3.bb
>>>> +++ b/meta/recipes-core/systemd/systemd_249.3.bb
>>>> @@ -128,6 +128,7 @@ PACKAGECONFIG[bzip2] = "-Dbzip2=true,-Dbzip2=false,bzip2"
>>>> PACKAGECONFIG[cgroupv2] = "-Ddefault-hierarchy=unified,-Ddefault-hierarchy=hybrid"
>>>> PACKAGECONFIG[coredump] = "-Dcoredump=true,-Dcoredump=false"
>>>> PACKAGECONFIG[cryptsetup] = "-Dlibcryptsetup=true,-Dlibcryptsetup=false,cryptsetup,,cryptsetup"
>>>> +PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss,tpm2-tss libtss2 libtss2-tcti-device"
>>> Shouldn't the RDEPENDS part of the PACKAGECONFIG be pulled in
>>> automatically by Bitbake since I assume the libs they contained are used
>>> by the linker for systemd?
>>>
>>> Also looking at the tpm2-tss recipe, I'm not sure there's a package
>>> named libtss2-tcti-device?
>> Are we looking at the same recipe? It is defined in
>> tpm2-tss_3.0.3.bb[1].
>>
>> [1] https://git.yoctoproject.org/cgit/cgit.cgi/meta-security/tree/meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_3.0.3.bb?id=e0fca90835169e21ffabe6f2e4b901678236d36e#n37
>>
> Then, shouldn't that be a bbappend in meta-security? Else, you run the
> risk of pulling a dependency for a recipe in a layer you don't have.
Well, this may help avoid the need for a bbappend, add this to the
systemd recipe:
PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'tpm2', d)}
or
PACKAGECONFIG += "${@bb.utils.contains_any('DISTRO_FEATURES', 'tpm
tpm2', 'tpm2', d)}"
Since tpm and tpm2 are required to enable things in meta-security.
- armin
>
>>> I would assume that
>>>
>>> PACKAGECONFIG[tpm2] = "-Dtpm2=true,-Dtpm2=false,tpm2-tss"
>>>
>>> would be enough except if there's dynamic loading of libraries or
>>> binaries from tpm2-tss that are required at runtime?
>> I my testing it didn't work, presumably due to systemd not linking with
>> libtss2*.so but loading them with dlopen()[2].
>>
>> libtss2 is also using dlopen() for loading the TCTI implementation
>> (libtss2-tcti-device in this case)[3].
>>
>> [2] https://github.com/systemd/systemd/blob/aff870ef61bda152ea6241f684dcab26a9265e78/src/shared/tpm2-util.c#L46-L81
>> [3] https://github.com/tpm2-software/tpm2-tss/blob/9288970a3e657cdee85d08d3813199ec864de3ad/src/tss2-tcti/tctildr-dl.c#L79-L125
>>
>> Cheers,
>> Kristian
>>
>>> Cheers,
>>> Quentin
>>
>>
>
>
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-09-18 15:26 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-15 10:23 [PATCH] systemd: Add tpm2 PACKAGECONFIG Kristian Klausen
2021-09-15 10:48 ` [OE-core] " Quentin Schulz
2021-09-15 11:31 ` Kristian Klausen
2021-09-15 11:34 ` Quentin Schulz
2021-09-17 15:47 ` Alexandre Belloni
2021-09-18 9:17 ` Richard Purdie
2021-09-18 15:26 ` Armin Kuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.