[Buildroot] [PATCH 1/5] tmp2-tss: remove architecture restriction

[Buildroot] [PATCH 1/5] tmp2-tss: remove architecture restriction

[Carlos Santos]

Followingig a suggestion from Peter Korsgaard, remove the restriction to
x86 and x86_64. It is preferable to expose the package unless there is a
build time dependency on an architecture or the package is specific to a
certain SoC or board.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
---
 package/tpm2-tss/Config.in | 1 -
 1 file changed, 1 deletion(-)

diff --git a/package/tpm2-tss/Config.in b/package/tpm2-tss/Config.in
index 1eb69d3e93..ebf0fd262d 100644
--- a/package/tpm2-tss/Config.in
+++ b/package/tpm2-tss/Config.in
@@ -1,6 +1,5 @@
 config BR2_PACKAGE_TPM2_TSS
 	bool "tpm2-tss"
-	depends on BR2_i386 || BR2_x86_64
 	select BR2_PACKAGE_LIBURIPARSER
 	help
 	  OSS implementation of the Trusted Computing Group's (TCG) TPM2
-- 
2.14.3

[Buildroot] [PATCH 2/5] tmp2-tss: bump to version 1.4.0

[Carlos Santos]

Improved compliance to the last public review spec and some bug fixes.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
---
 package/tpm2-tss/tpm2-tss.hash | 2 +-
 package/tpm2-tss/tpm2-tss.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/tpm2-tss/tpm2-tss.hash b/package/tpm2-tss/tpm2-tss.hash
index df1c6d8b58..67c5a85842 100644
--- a/package/tpm2-tss/tpm2-tss.hash
+++ b/package/tpm2-tss/tpm2-tss.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256 c7d627de50394e9a02593edb1ce74e1bbac17831be726c54f689507f0c41a78a  tpm2-tss-1.3.0.tar.gz
+sha256 cf8784cc536be16e6fba47f77033e093a6aeaed8420877ac9f42f77fb7b09031  tpm2-tss-1.4.0.tar.gz
 sha256 18c1bf4b1ba1fb2c4ffa7398c234d83c0d55475298e470ae1e5e3a8a8bd2e448  LICENSE
diff --git a/package/tpm2-tss/tpm2-tss.mk b/package/tpm2-tss/tpm2-tss.mk
index 709602860f..f5169a2770 100644
--- a/package/tpm2-tss/tpm2-tss.mk
+++ b/package/tpm2-tss/tpm2-tss.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-TPM2_TSS_VERSION = 1.3.0
+TPM2_TSS_VERSION = 1.4.0
 TPM2_TSS_SITE = https://github.com/tpm2-software/tpm2-tss/releases/download/$(TPM2_TSS_VERSION)
 TPM2_TSS_LICENSE = BSD-2-Clause
 TPM2_TSS_LICENSE_FILES = LICENSE
-- 
2.14.3

[Buildroot] [PATCH 3/5] tpm2-abrmd: new package

[Carlos Santos]

This is a system daemon implementing the TPM2 access broker (TAB) &
Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) is
implemented using Glib and the GObject system.

Communication between the daemon and clients using the TPM is done with
a combination of DBus and Unix pipes. DBus is used for discovery,
session management and the 'cancel', 'setLocality', and 'getPollHandles'
API calls (mostly these aren't yet implemented). Pipes are used to send
and receive TPM commands and responses (respectively) between client and
server.

The daemon owns the com.intel.tss2.Tabrmd name on dbus. It can be
configured to connect to either the system or the session bus.

The package also provides a client library for interacting with the
daemon via TPM Command Transmission Interface (TCTI). It is intended for
use with the SAPI library (libsapi) like any other TCTI.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
---
 package/Config.in                         |  1 +
 package/tpm2-abrmd/Config.in              | 25 +++++++++++
 package/tpm2-abrmd/S30devtpmperms         | 37 ++++++++++++++++
 package/tpm2-abrmd/S80tpm2-abrmd          | 74 +++++++++++++++++++++++++++++++
 package/tpm2-abrmd/etc.default.tpm2-abrmd |  1 +
 package/tpm2-abrmd/tpm2-abrmd.hash        |  3 ++
 package/tpm2-abrmd/tpm2-abrmd.mk          | 36 +++++++++++++++
 7 files changed, 177 insertions(+)
 create mode 100644 package/tpm2-abrmd/Config.in
 create mode 100755 package/tpm2-abrmd/S30devtpmperms
 create mode 100755 package/tpm2-abrmd/S80tpm2-abrmd
 create mode 100644 package/tpm2-abrmd/etc.default.tpm2-abrmd
 create mode 100644 package/tpm2-abrmd/tpm2-abrmd.hash
 create mode 100644 package/tpm2-abrmd/tpm2-abrmd.mk

diff --git a/package/Config.in b/package/Config.in
index 449ffcc47b..af94c0ad91 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2012,6 +2012,7 @@ menu "System tools"
 	source "package/sysvinit/Config.in"
 	source "package/tar/Config.in"
 	source "package/tpm-tools/Config.in"
+	source "package/tpm2-abrmd/Config.in"
 	source "package/unscd/Config.in"
 	source "package/util-linux/Config.in"
 	source "package/xen/Config.in"
diff --git a/package/tpm2-abrmd/Config.in b/package/tpm2-abrmd/Config.in
new file mode 100644
index 0000000000..31c5ae7d6b
--- /dev/null
+++ b/package/tpm2-abrmd/Config.in
@@ -0,0 +1,25 @@
+config BR2_PACKAGE_TPM2_ABRMD
+	bool "tpm2-abrmd"
+	depends on BR2_USE_WCHAR # libglib2
+	depends on BR2_TOOLCHAIN_HAS_THREADS # dbus, libglib2
+	depends on BR2_USE_MMU # dbus, libglib2
+	select BR2_PACKAGE_DBUS
+	select BR2_PACKAGE_LIBGLIB2
+	select BR2_PACKAGE_TPM2_TSS
+	help
+	  A system daemon implementing the TPM2 access broker (TAB) &
+	  Resource Manager (RM) spec from the TCG. It should be started
+	  during the OS boot process. Communication between the daemon
+	  and clients using the TPM is done with a combination of DBus
+	  and Unix pipes.
+
+	  The package also provides a client library for interacting
+	  with the daemon via TPM Command Transmission Interface (TCTI).
+	  It is intended for use with the SAPI library (libsapi) like
+	  any other TCTI.
+
+	  https://github.com/tpm2-software/tpm2-abrmd
+
+comment "tpm2-abrmd needs a toolchain w/ wchar, threads"
+	depends on BR2_USE_MMU
+	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
diff --git a/package/tpm2-abrmd/S30devtpmperms b/package/tpm2-abrmd/S30devtpmperms
new file mode 100755
index 0000000000..5d9c42d182
--- /dev/null
+++ b/package/tpm2-abrmd/S30devtpmperms
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# Set the permissions of /dev/tpm[0-9]*
+#
+
+check_device() {
+	ls -1 /dev/tpm[0-9]* > /dev/null 2>&1 || {
+		echo "device driver not loaded, skipping."
+		exit 0
+	}
+}
+
+start() {
+	printf "Setting the ownership and permissions of /dev/tpm: "
+	check_device
+	chown tss:tss /dev/tpm[0-9]* && chmod 600 /dev/tpm* \
+	&& echo "OK" || echo "FAIL"
+}
+
+stop() {
+	printf "Restoring the ownership and permissions of /dev/tpm: "
+	check_device
+	chown root:root /dev/tpm[0-9]* && chmod 600 /dev/tpm \
+	&& echo "OK" || echo "FAIL"
+}
+
+case "$1" in
+  start|restart|reload)
+      start
+	;;
+  stop)
+      stop
+	;;
+  *)
+	echo "Usage: $0 {start|stop|restart}"
+	exit 1
+esac
diff --git a/package/tpm2-abrmd/S80tpm2-abrmd b/package/tpm2-abrmd/S80tpm2-abrmd
new file mode 100755
index 0000000000..053bffdb4f
--- /dev/null
+++ b/package/tpm2-abrmd/S80tpm2-abrmd
@@ -0,0 +1,74 @@
+#!/bin/sh
+
+my_name="$0"
+
+check_required_files() {
+	[ -x "$1" ] || {
+		echo "$my_name: $1 is missing"
+		exit 1
+	}
+	[ -z "$2" ] || [ -f "$2" ] || {
+		echo "$my_name: $2 is missing"
+		exit 1
+	}
+}
+
+check_device() {
+	ls -1 /dev/tpm[0-9]* > /dev/null 2>&1 || {
+		echo "device driver not loaded, skipping."
+		exit 0
+	}
+}
+
+rm_stale_pidfile() {
+	if [ -e "$1" ]; then
+		exe="/proc/$(cat "$1")/exe"
+		{ [ -s "$exe" ] && [ "$(readlink -f "$exe")" = "$2" ]; } || rm -f "$1"
+	fi
+}
+
+start() {
+	printf "Starting tpm2-abrmd: "
+	check_device
+	rm_stale_pidfile /var/run/tpm2-abrmd.pid /usr/sbin/tpm2-abrmd
+	start-stop-daemon -S -q -o -b -p /var/run/tpm2-abrmd.pid -c tss:tss -x /usr/sbin/tpm2-abrmd -- ${DAEMON_OPTS} || {
+		echo "FAIL"
+		exit 1
+	}
+	pidof /usr/sbin/tpm2-abrmd > /var/run/tpm2-abrmd.pid
+	echo "OK"
+}
+
+stop() {
+	printf "Stopping tpm2-abrmd: "
+	start-stop-daemon -K -q -o -p /var/run/tpm2-abrmd.pid -u tss -x /usr/sbin/tpm2-abrmd || {
+		echo "FAIL"
+		exit 1
+	}
+	rm_stale_pidfile /var/run/tpm2-abrmd.pid /usr/sbin/tpm2-abrmd
+	echo "OK"
+}
+
+check_required_files /usr/sbin/tpm2-abrmd /etc/dbus-1/system.d/tpm2-abrmd.conf
+
+# Read configuration variable file if it is present
+[ -r /etc/default/tpm2-abrmd ] && . /etc/default/tpm2-abrmd
+
+case "$1" in
+	start)
+		start
+	       	;;
+	stop)
+	   	stop
+		;;
+	restart|reload)
+		stop
+		sleep 1
+		start
+		;;
+	*)
+		echo "Usage: tpm2-abrmd {start|stop|restart|reload}" >&2
+		exit 1
+esac
+
+exit 0
diff --git a/package/tpm2-abrmd/etc.default.tpm2-abrmd b/package/tpm2-abrmd/etc.default.tpm2-abrmd
new file mode 100644
index 0000000000..987978a665
--- /dev/null
+++ b/package/tpm2-abrmd/etc.default.tpm2-abrmd
@@ -0,0 +1 @@
+DAEMON_OPTS="--tcti=device --logger=syslog --max-connections=20 --max-transient-objects=20 --fail-on-loaded-trans"
diff --git a/package/tpm2-abrmd/tpm2-abrmd.hash b/package/tpm2-abrmd/tpm2-abrmd.hash
new file mode 100644
index 0000000000..6af991d469
--- /dev/null
+++ b/package/tpm2-abrmd/tpm2-abrmd.hash
@@ -0,0 +1,3 @@
+# Locally computed:
+sha256 e32e19de93b539374a485d9df7fe9415ce147ec03c8d9ba6593e50f7a67a7a51  tpm2-abrmd-1.3.0.tar.gz
+sha256 18c1bf4b1ba1fb2c4ffa7398c234d83c0d55475298e470ae1e5e3a8a8bd2e448  LICENSE
diff --git a/package/tpm2-abrmd/tpm2-abrmd.mk b/package/tpm2-abrmd/tpm2-abrmd.mk
new file mode 100644
index 0000000000..4964affbf3
--- /dev/null
+++ b/package/tpm2-abrmd/tpm2-abrmd.mk
@@ -0,0 +1,36 @@
+################################################################################
+#
+# tpm2-abrmd
+#
+################################################################################
+
+TPM2_ABRMD_VERSION = 1.3.0
+TPM2_ABRMD_SITE = https://github.com/tpm2-software/tpm2-abrmd/releases/download/$(TPM2_ABRMD_VERSION)
+TPM2_ABRMD_LICENSE = BSD-2-Clause
+TPM2_ABRMD_LICENSE_FILES = LICENSE
+TPM2_ABRMD_INSTALL_STAGING = YES
+TPM2_ABRMD_DEPENDENCIES = dbus libglib2 tpm2-tss host-pkgconf
+
+TPM2_ABRMD_CONF_OPTS += \
+	--with-systemdsystemunitdir=$(if $(BR2_INIT_SYSTEMD),/usr/lib/systemd/system,no) \
+	--with-udevrulesdir=$(if $(BR2_PACKAGE_HAS_UDEV),/usr/lib/udev/rules.d,no)
+
+define TPM2_ABRMD_INSTALL_INIT_SYSTEMD
+	$(TARGET_MAKE_ENV) $(MAKE1) -C $(@D) DESTDIR=$(TARGET_DIR) \
+		install-systemdpresetDATA install-systemdsystemunitDATA
+endef
+
+# Without udev we need an init script to set the ownership of /dev/tpm[0-9]*
+define TPM2_ABRMD_INSTALL_INIT_SYSV
+	$(INSTALL) -D -m 0755 -t $(TARGET_DIR)/etc/init.d \
+		$(if $(BR2_PACKAGE_HAS_UDEV),,$(TPM2_ABRMD_PKGDIR)/S30devtpmperms) \
+		$(TPM2_ABRMD_PKGDIR)/S80tpm2-abrmd
+	$(INSTALL) -D -m 0644 $(TPM2_ABRMD_PKGDIR)/etc.default.tpm2-abrmd \
+		$(TARGET_DIR)/etc/default/tpm2-abrmd
+endef
+
+define TPM2_ABRMD_USERS
+	tss -1 tss -1 * - - - TPM2 Access Broker & Resource Management daemon
+endef
+
+$(eval $(autotools-package))
-- 
2.14.3

[Buildroot] [PATCH 4/5] tpm2-tools: new package

[Carlos Santos]

TPM (Trusted Platform Module) 2.0 CLI tools based on system API of
TPM2-TSS. These tools can be used to manage keys, perform
encryption/decryption/signing/etc crypto operations, and manage
non-volatile storage through a TPM2.0 HW implementation.

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
---
 package/Config.in                                  |  1 +
 .../tpm2-tools/0001-Fix-build-with-LibreSSL.patch  | 64 ++++++++++++++++++++++
 package/tpm2-tools/Config.in                       | 16 ++++++
 package/tpm2-tools/tpm2-tools.hash                 |  3 +
 package/tpm2-tools/tpm2-tools.mk                   | 13 +++++
 5 files changed, 97 insertions(+)
 create mode 100644 package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch
 create mode 100644 package/tpm2-tools/Config.in
 create mode 100644 package/tpm2-tools/tpm2-tools.hash
 create mode 100644 package/tpm2-tools/tpm2-tools.mk

diff --git a/package/Config.in b/package/Config.in
index af94c0ad91..58dfd6306d 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2013,6 +2013,7 @@ menu "System tools"
 	source "package/tar/Config.in"
 	source "package/tpm-tools/Config.in"
 	source "package/tpm2-abrmd/Config.in"
+	source "package/tpm2-tools/Config.in"
 	source "package/unscd/Config.in"
 	source "package/util-linux/Config.in"
 	source "package/xen/Config.in"
diff --git a/package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch b/package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch
new file mode 100644
index 0000000000..0fdd2dc4dd
--- /dev/null
+++ b/package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch
@@ -0,0 +1,64 @@
+From 7f8d9359dcf9edbb13bb447f70234397afa4fb05 Mon Sep 17 00:00:00 2001
+From: Carlos Santos <casantos@datacom.ind.br>
+Date: Tue, 30 Jan 2018 11:21:14 -0200
+Subject: [PATCH] Fix build with LibreSSL
+
+OPENSSL_VERSION_NUMBER is used to test the version of OpenSSL but this
+test alone breaks the build with LibreSSL due to implicit declarations
+of functions 'RSA_set0_key' and 'HMAC_CTX_free'.
+
+Test if OpenSSL < 1.1.0 or LIBRESSL_VERSION_NUMBER is defined, instead.
+
+Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
+---
+ lib/conversion.c | 2 +-
+ lib/tpm_kdfa.c   | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lib/conversion.c b/lib/conversion.c
+index 1d0a0b7..df02de4 100644
+--- a/lib/conversion.c
++++ b/lib/conversion.c
+@@ -133,7 +133,7 @@ static bool tpm2_convert_pubkey_ssl(TPMT_PUBLIC *public, pubkey_format format, c
+         goto error;
+     }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x1010000fL /* OpenSSL 1.1.0 */
++#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0 */
+     ssl_rsa_key->e = e;
+     ssl_rsa_key->n = n;
+ #else
+diff --git a/lib/tpm_kdfa.c b/lib/tpm_kdfa.c
+index ee3cf8a..e43bdeb 100644
+--- a/lib/tpm_kdfa.c
++++ b/lib/tpm_kdfa.c
+@@ -54,7 +54,7 @@ static const EVP_MD *tpm_algorithm_to_openssl_digest(TPMI_ALG_HASH algorithm) {
+ static HMAC_CTX *hmac_alloc()
+ {
+     HMAC_CTX *ctx;
+-#if OPENSSL_VERSION_NUMBER < 0x1010000fL /* OpenSSL 1.1.0 */
++#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER) /* OpenSSL 1.1.0 */
+     ctx = malloc(sizeof(*ctx));
+ #else
+     ctx = HMAC_CTX_new();
+@@ -62,7 +62,7 @@ static HMAC_CTX *hmac_alloc()
+     if (!ctx)
+         return NULL;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
++#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER)
+     HMAC_CTX_init(ctx);
+ #endif
+ 
+@@ -71,7 +71,7 @@ static HMAC_CTX *hmac_alloc()
+ 
+ static void hmac_del(HMAC_CTX *ctx)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
++#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER)
+     HMAC_CTX_cleanup(ctx);
+     free(ctx);
+ #else
+-- 
+2.14.3
+
diff --git a/package/tpm2-tools/Config.in b/package/tpm2-tools/Config.in
new file mode 100644
index 0000000000..6429b24531
--- /dev/null
+++ b/package/tpm2-tools/Config.in
@@ -0,0 +1,16 @@
+config BR2_PACKAGE_TPM2_TOOLS
+	bool "tpm2-tools"
+	select BR2_PACKAGE_DBUS
+	select BR2_PACKAGE_LIBCURL
+	select BR2_PACKAGE_LIBGLIB2
+	select BR2_PACKAGE_OPENSSL
+	select BR2_PACKAGE_TPM2_ABRMD # run-time
+	select BR2_PACKAGE_TPM2_TSS
+	help
+	  TPM (Trusted Platform Module) 2.0 CLI tools based on system
+	  API of TPM2-TSS. These tools can be used to manage keys,
+	  perform encryption/decryption/signing/etc crypto operations,
+	  and manage non-volatile storage through a TPM2.0 HW
+	  implementation.
+
+	  https://github.com/tpm2-software/tpm2-tools
diff --git a/package/tpm2-tools/tpm2-tools.hash b/package/tpm2-tools/tpm2-tools.hash
new file mode 100644
index 0000000000..e33b3e5945
--- /dev/null
+++ b/package/tpm2-tools/tpm2-tools.hash
@@ -0,0 +1,3 @@
+# Locally computed:
+sha256 c990c0656165afef0fad61e1852a9a189a4b93b43d2a684b151a5dc0b3c6249d  tpm2-tools-3.0.3.tar.gz
+sha256 3d6b149c8b042bd5f3db678d587fbe55230d071ca084bd38dcae451679c6dd45  LICENSE
diff --git a/package/tpm2-tools/tpm2-tools.mk b/package/tpm2-tools/tpm2-tools.mk
new file mode 100644
index 0000000000..0697900d2d
--- /dev/null
+++ b/package/tpm2-tools/tpm2-tools.mk
@@ -0,0 +1,13 @@
+################################################################################
+#
+# tpm2-tools
+#
+################################################################################
+
+TPM2_TOOLS_VERSION = 3.0.3
+TPM2_TOOLS_SITE = https://github.com/tpm2-software/tpm2-tools/releases/download/$(TPM2_TOOLS_VERSION)
+TPM2_TOOLS_LICENSE = BSD-2-Clause
+TPM2_TOOLS_LICENSE_FILES = LICENSE
+TPM2_TOOLS_DEPENDENCIES = dbus libcurl libglib2 openssl tpm2-tss host-pkgconf
+
+$(eval $(autotools-package))
-- 
2.14.3

[Buildroot] [PATCH 5/5] DEVELOPERS: add myself for tpm2-{abrmd, tools, tss}.

[Carlos Santos]

Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
---
 DEVELOPERS | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/DEVELOPERS b/DEVELOPERS
index 3df820e712..1faefc45fc 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -394,6 +394,9 @@ F:	package/libpam-radius-auth/
 F:	package/libpam-tacplus/
 F:	package/perl-file-util/
 F:	package/util-linux/
+F:	package/tpm2-abrmd/
+F:	package/tpm2-tools/
+F:	package/tpm2-tss/
 
 N:	Carsten Schoenert <c.schoenert@gmail.com>
 F:	package/dvbsnoop/
-- 
2.14.3

[Buildroot] [PATCH 1/5] tmp2-tss: remove architecture restriction

[Peter Korsgaard]

>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:

 > Followingig a suggestion from Peter Korsgaard, remove the restriction to
 > x86 and x86_64. It is preferable to expose the package unless there is a
 > build time dependency on an architecture or the package is specific to a
 > certain SoC or board.

 > Signed-off-by: Carlos Santos <casantos@datacom.ind.br>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 2/5] tmp2-tss: bump to version 1.4.0

[Peter Korsgaard]

>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:

 > Improved compliance to the last public review spec and some bug fixes.
 > Signed-off-by: Carlos Santos <casantos@datacom.ind.br>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 3/5] tpm2-abrmd: new package

[Peter Korsgaard]

>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:

 > This is a system daemon implementing the TPM2 access broker (TAB) &
 > Resource Manager (RM) spec from the TCG. The daemon (tpm2-abrmd) is
 > implemented using Glib and the GObject system.

 > Communication between the daemon and clients using the TPM is done with
 > a combination of DBus and Unix pipes. DBus is used for discovery,
 > session management and the 'cancel', 'setLocality', and 'getPollHandles'
 > API calls (mostly these aren't yet implemented). Pipes are used to send
 > and receive TPM commands and responses (respectively) between client and
 > server.

 > The daemon owns the com.intel.tss2.Tabrmd name on dbus. It can be
 > configured to connect to either the system or the session bus.

 > The package also provides a client library for interacting with the
 > daemon via TPM Command Transmission Interface (TCTI). It is intended for
 > use with the SAPI library (libsapi) like any other TCTI.

 > Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
 > ---
 >  package/Config.in                         |  1 +
 >  package/tpm2-abrmd/Config.in              | 25 +++++++++++
 >  package/tpm2-abrmd/S30devtpmperms         | 37 ++++++++++++++++
 >  package/tpm2-abrmd/S80tpm2-abrmd          | 74 +++++++++++++++++++++++++++++++
 >  package/tpm2-abrmd/etc.default.tpm2-abrmd |  1 +

I think this is a bit too complicated / wordy. When there are sensible
defaults we add those to the init script and just allow an
/etc/default/<pkg> to override it for special setups, so I've dropped
the etc.default.tpm2-abrmd.

The same for S30devtpmperms - I have simply added:

chown tss:tss /dev/tpm[0-9]* && chmod 600 /dev/tpm*

To check_device() in S80tpm2-abrmd and dropped S30devtpmperms.

Committed with these changes, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 4/5] tpm2-tools: new package

[Peter Korsgaard]

>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:

 > TPM (Trusted Platform Module) 2.0 CLI tools based on system API of
 > TPM2-TSS. These tools can be used to manage keys, perform
 > encryption/decryption/signing/etc crypto operations, and manage
 > non-volatile storage through a TPM2.0 HW implementation.

 > Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
 > ---
 >  package/Config.in                                  |  1 +
 >  .../tpm2-tools/0001-Fix-build-with-LibreSSL.patch  | 64 ++++++++++++++++++++++
 >  package/tpm2-tools/Config.in                       | 16 ++++++
 >  package/tpm2-tools/tpm2-tools.hash                 |  3 +
 >  package/tpm2-tools/tpm2-tools.mk                   | 13 +++++
 >  5 files changed, 97 insertions(+)
 >  create mode 100644 package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch
 >  create mode 100644 package/tpm2-tools/Config.in
 >  create mode 100644 package/tpm2-tools/tpm2-tools.hash
 >  create mode 100644 package/tpm2-tools/tpm2-tools.mk

 > diff --git a/package/Config.in b/package/Config.in
 > index af94c0ad91..58dfd6306d 100644
 > --- a/package/Config.in
 > +++ b/package/Config.in
 > @@ -2013,6 +2013,7 @@ menu "System tools"
 >  	source "package/tar/Config.in"
 >  	source "package/tpm-tools/Config.in"
 >  	source "package/tpm2-abrmd/Config.in"
 > +	source "package/tpm2-tools/Config.in"
 >  	source "package/unscd/Config.in"
 >  	source "package/util-linux/Config.in"
 >  	source "package/xen/Config.in"
 > diff --git a/package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch b/package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch
 > new file mode 100644
 > index 0000000000..0fdd2dc4dd
 > --- /dev/null
 > +++ b/package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch
 > @@ -0,0 +1,64 @@
 > +From 7f8d9359dcf9edbb13bb447f70234397afa4fb05 Mon Sep 17 00:00:00 2001
 > +From: Carlos Santos <casantos@datacom.ind.br>
 > +Date: Tue, 30 Jan 2018 11:21:14 -0200
 > +Subject: [PATCH] Fix build with LibreSSL
 > +
 > +OPENSSL_VERSION_NUMBER is used to test the version of OpenSSL but this
 > +test alone breaks the build with LibreSSL due to implicit declarations
 > +of functions 'RSA_set0_key' and 'HMAC_CTX_free'.
 > +
 > +Test if OpenSSL < 1.1.0 or LIBRESSL_VERSION_NUMBER is defined, instead.
 > +
 > +Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
 > +---
 > + lib/conversion.c | 2 +-
 > + lib/tpm_kdfa.c   | 6 +++---
 > + 2 files changed, 4 insertions(+), 4 deletions(-)

It would have been good to mention that this patch is now upstream:

https://github.com/tpm2-software/tpm2-tools/commit/0899f5b7acfb0ef1b71518f7b94cf84776018edd

I see that the upstream commit also patches a number of files under
tools/ - Why did you drop those here?

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 5/5] DEVELOPERS: add myself for tpm2-{abrmd, tools, tss}.

[Peter Korsgaard]

>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:

 > Signed-off-by: Carlos Santos <casantos@datacom.ind.br>

Committed, thanks.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 2/5] tmp2-tss: bump to version 1.4.0

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:
 >> Improved compliance to the last public review spec and some bug fixes.
 >> Signed-off-by: Carlos Santos <casantos@datacom.ind.br>

 > Committed, thanks.

It looks like this now contains some C++ code. Care to send a patch
fixing the dependencies?

http://autobuild.buildroot.net/results/799/79963f81da0a250b04b105c2a73c0221e89c4c17/build-end.log

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH 4/5] tpm2-tools: new package

[Carlos Santos]

> From: "Peter Korsgaard" <peter@korsgaard.com>
> To: "Carlos Santos" <casantos@datacom.ind.br>
> Cc: "buildroot" <buildroot@buildroot.org>
> Sent: Sunday, March 18, 2018 7:24:17 PM
> Subject: Re: [PATCH 4/5] tpm2-tools: new package

>>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:
> 
> > TPM (Trusted Platform Module) 2.0 CLI tools based on system API of
> > TPM2-TSS. These tools can be used to manage keys, perform
> > encryption/decryption/signing/etc crypto operations, and manage
> > non-volatile storage through a TPM2.0 HW implementation.
> 
> > Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
> > ---
> >  package/Config.in                                  |  1 +
> >  .../tpm2-tools/0001-Fix-build-with-LibreSSL.patch  | 64 ++++++++++++++++++++++
> >  package/tpm2-tools/Config.in                       | 16 ++++++
> >  package/tpm2-tools/tpm2-tools.hash                 |  3 +
> >  package/tpm2-tools/tpm2-tools.mk                   | 13 +++++
> >  5 files changed, 97 insertions(+)
> >  create mode 100644 package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch
> >  create mode 100644 package/tpm2-tools/Config.in
> >  create mode 100644 package/tpm2-tools/tpm2-tools.hash
> >  create mode 100644 package/tpm2-tools/tpm2-tools.mk
> 
> > diff --git a/package/Config.in b/package/Config.in
> > index af94c0ad91..58dfd6306d 100644
> > --- a/package/Config.in
> > +++ b/package/Config.in
> > @@ -2013,6 +2013,7 @@ menu "System tools"
> >  	source "package/tar/Config.in"
> >  	source "package/tpm-tools/Config.in"
> >  	source "package/tpm2-abrmd/Config.in"
> > +	source "package/tpm2-tools/Config.in"
> >  	source "package/unscd/Config.in"
> >  	source "package/util-linux/Config.in"
> >  	source "package/xen/Config.in"
> > diff --git a/package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch
> > b/package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch
> > new file mode 100644
> > index 0000000000..0fdd2dc4dd
> > --- /dev/null
> > +++ b/package/tpm2-tools/0001-Fix-build-with-LibreSSL.patch
> > @@ -0,0 +1,64 @@
> > +From 7f8d9359dcf9edbb13bb447f70234397afa4fb05 Mon Sep 17 00:00:00 2001
> > +From: Carlos Santos <casantos@datacom.ind.br>
> > +Date: Tue, 30 Jan 2018 11:21:14 -0200
> > +Subject: [PATCH] Fix build with LibreSSL
> > +
> > +OPENSSL_VERSION_NUMBER is used to test the version of OpenSSL but this
> > +test alone breaks the build with LibreSSL due to implicit declarations
> > +of functions 'RSA_set0_key' and 'HMAC_CTX_free'.
> > +
> > +Test if OpenSSL < 1.1.0 or LIBRESSL_VERSION_NUMBER is defined, instead.
> > +
> > +Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
> > +---
> > + lib/conversion.c | 2 +-
> > + lib/tpm_kdfa.c   | 6 +++---
> > + 2 files changed, 4 insertions(+), 4 deletions(-)
> 
> It would have been good to mention that this patch is now upstream:
> 
> https://github.com/tpm2-software/tpm2-tools/commit/0899f5b7acfb0ef1b71518f7b94cf84776018edd
> 
> I see that the upstream commit also patches a number of files under
> tools/ - Why did you drop those here?

This patch is for version 3.0.3. The patches submitted upstream were
for the master branch on which those additional files exist. 

> Committed, thanks.

Thanks

[Sorry for the late answer. I was on vacations and on travel until
 last Monday.]

-- 
Carlos Santos (Casantos) - DATACOM, P&D
?The greatest triumph that modern PR can offer is the transcendent 
success of having your words and actions judged by your reputation, 
rather than the other way about.? ? Christopher Hitchens

[Buildroot] [PATCH 2/5] tmp2-tss: bump to version 1.4.0

[Carlos Santos]

> From: "Peter Korsgaard" <peter@korsgaard.com>
> To: "Carlos Santos" <casantos@datacom.ind.br>
> Cc: "buildroot" <buildroot@buildroot.org>
> Sent: Tuesday, March 20, 2018 3:23:27 AM
> Subject: Re: [PATCH 2/5] tmp2-tss: bump to version 1.4.0

>>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> 
>>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:
> >> Improved compliance to the last public review spec and some bug fixes.
> >> Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
> 
> > Committed, thanks.
> 
> It looks like this now contains some C++ code. Care to send a patch
> fixing the dependencies?
> 
> http://autobuild.buildroot.net/results/799/79963f81da0a250b04b105c2a73c0221e89c4c17/build-end.log

Working on this now that I'm back from vacations an traveling.

-- 
Carlos Santos (Casantos) - DATACOM, P&D
?The greatest triumph that modern PR can offer is the transcendent 
success of having your words and actions judged by your reputation, 
rather than the other way about.? ? Christopher Hitchens

[Buildroot] [PATCH 2/5] tmp2-tss: bump to version 1.4.0

[Peter Korsgaard]

>>>>> "Carlos" == Carlos Santos <casantos@datacom.ind.br> writes:

Hi,

 >> > Committed, thanks.
 >> 
 >> It looks like this now contains some C++ code. Care to send a patch
 >> fixing the dependencies?
 >> 
 >> http://autobuild.buildroot.net/results/799/79963f81da0a250b04b105c2a73c0221e89c4c17/build-end.log

 > Working on this now that I'm back from vacations an traveling.

Thanks!

-- 
Bye, Peter Korsgaard