All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-security][PATCH 0/6] upgrade and cleanup tpm2-software
@ 2022-04-10 15:29 Petr Gotthard
  2022-04-14 20:03 ` [yocto] " akuster808
  0 siblings, 1 reply; 2+ messages in thread
From: Petr Gotthard @ 2022-04-10 15:29 UTC (permalink / raw)
  To: yocto

Hello. I'd suggest some "house cleaning" of the tpm2-software. (I am
a member of the tpm2-software community and an upstream developer of
the tpm2-openssl provider.)

In general:

Some tpm2-software is not having the latest versions. For the Kirkstone
I suggest upgrading to the latest, which has the best openssl 3.0 support.

Many tpm2-software have null version strings. I suggest fixing the build
procedure so that the tools are aware of the correct version. It is
crucial e.g. for library dependency checking.

There were some unused patches, some very, very old. Few other patches
have been accepted to the upstream or the upstream changed in a way the
patches are no longer needed (e.g. there is a switch to do the same thing).

Petr Gotthard (6):
  tpm2-tools: fix missing version number
  tpm2-openssl: update to 1.1.0
  tpm2-tss: update to 3.2.0
  tpm2-abrmd: update to 2.4.1
  tpm2-tss-engine: fix version string and build with openssl 3.0
  tpm2-pkcs11: update to 1.8.0

 ...pm2-abrmd_2.4.0.bb => tpm2-abrmd_2.4.1.bb} |    6 +-
 .../tpm2-openssl/tpm2-openssl_1.0.bb          |   11 -
 .../tpm2-openssl/tpm2-openssl_1.1.0.bb        |   19 +
 .../0001-remove-local-binary-checkes.patch    |   77 -
 .../0001-ssl-compile-against-OSSL-3.0.patch   | 1305 -----------------
 ...ssl-require-version-1.1.0-or-greater.patch |   93 --
 .../tpm2-pkcs11/files/bootstrap_fixup.patch   |   12 -
 ...2-pkcs11_1.7.0.bb => tpm2-pkcs11_1.8.0.bb} |   18 +-
 .../recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb |    5 +
 .../tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb  |   19 +-
 .../tpm2-tss/tpm2-tss/ax_pthread.m4           |  332 -----
 .../tpm2-tss/fix_musl_select_include.patch    |   31 -
 .../tpm2-tss/tpm2-tss/fixup_hosttools.patch   |   29 +-
 .../{tpm2-tss_3.1.0.bb => tpm2-tss_3.2.0.bb}  |    7 +-
 14 files changed, 68 insertions(+), 1896 deletions(-)
 rename meta-tpm/recipes-tpm2/tpm2-abrmd/{tpm2-abrmd_2.4.0.bb => tpm2-abrmd_2.4.1.bb} (90%)
 delete mode 100644 meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.0.bb
 create mode 100644 meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb
 delete mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0001-remove-local-binary-checkes.patch
 delete mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0001-ssl-compile-against-OSSL-3.0.patch
 delete mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0002-ossl-require-version-1.1.0-or-greater.patch
 delete mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch
 rename meta-tpm/recipes-tpm2/tpm2-pkcs11/{tpm2-pkcs11_1.7.0.bb => tpm2-pkcs11_1.8.0.bb} (76%)
 delete mode 100644 meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4
 delete mode 100644 meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch
 rename meta-tpm/recipes-tpm2/tpm2-tss/{tpm2-tss_3.1.0.bb => tpm2-tss_3.2.0.bb} (91%)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [yocto] [meta-security][PATCH 0/6] upgrade and cleanup tpm2-software
  2022-04-10 15:29 [meta-security][PATCH 0/6] upgrade and cleanup tpm2-software Petr Gotthard
@ 2022-04-14 20:03 ` akuster808
  0 siblings, 0 replies; 2+ messages in thread
From: akuster808 @ 2022-04-14 20:03 UTC (permalink / raw)
  To: Petr Gotthard, yocto

series merged.

thanks

On 4/10/22 08:29, Petr Gotthard wrote:
> Hello. I'd suggest some "house cleaning" of the tpm2-software. (I am
> a member of the tpm2-software community and an upstream developer of
> the tpm2-openssl provider.)
>
> In general:
>
> Some tpm2-software is not having the latest versions. For the Kirkstone
> I suggest upgrading to the latest, which has the best openssl 3.0 support.
>
> Many tpm2-software have null version strings. I suggest fixing the build
> procedure so that the tools are aware of the correct version. It is
> crucial e.g. for library dependency checking.
>
> There were some unused patches, some very, very old. Few other patches
> have been accepted to the upstream or the upstream changed in a way the
> patches are no longer needed (e.g. there is a switch to do the same thing).
>
> Petr Gotthard (6):
>    tpm2-tools: fix missing version number
>    tpm2-openssl: update to 1.1.0
>    tpm2-tss: update to 3.2.0
>    tpm2-abrmd: update to 2.4.1
>    tpm2-tss-engine: fix version string and build with openssl 3.0
>    tpm2-pkcs11: update to 1.8.0
>
>   ...pm2-abrmd_2.4.0.bb => tpm2-abrmd_2.4.1.bb} |    6 +-
>   .../tpm2-openssl/tpm2-openssl_1.0.bb          |   11 -
>   .../tpm2-openssl/tpm2-openssl_1.1.0.bb        |   19 +
>   .../0001-remove-local-binary-checkes.patch    |   77 -
>   .../0001-ssl-compile-against-OSSL-3.0.patch   | 1305 -----------------
>   ...ssl-require-version-1.1.0-or-greater.patch |   93 --
>   .../tpm2-pkcs11/files/bootstrap_fixup.patch   |   12 -
>   ...2-pkcs11_1.7.0.bb => tpm2-pkcs11_1.8.0.bb} |   18 +-
>   .../recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb |    5 +
>   .../tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb  |   19 +-
>   .../tpm2-tss/tpm2-tss/ax_pthread.m4           |  332 -----
>   .../tpm2-tss/fix_musl_select_include.patch    |   31 -
>   .../tpm2-tss/tpm2-tss/fixup_hosttools.patch   |   29 +-
>   .../{tpm2-tss_3.1.0.bb => tpm2-tss_3.2.0.bb}  |    7 +-
>   14 files changed, 68 insertions(+), 1896 deletions(-)
>   rename meta-tpm/recipes-tpm2/tpm2-abrmd/{tpm2-abrmd_2.4.0.bb => tpm2-abrmd_2.4.1.bb} (90%)
>   delete mode 100644 meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.0.bb
>   create mode 100644 meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb
>   delete mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0001-remove-local-binary-checkes.patch
>   delete mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0001-ssl-compile-against-OSSL-3.0.patch
>   delete mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0002-ossl-require-version-1.1.0-or-greater.patch
>   delete mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch
>   rename meta-tpm/recipes-tpm2/tpm2-pkcs11/{tpm2-pkcs11_1.7.0.bb => tpm2-pkcs11_1.8.0.bb} (76%)
>   delete mode 100644 meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4
>   delete mode 100644 meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch
>   rename meta-tpm/recipes-tpm2/tpm2-tss/{tpm2-tss_3.1.0.bb => tpm2-tss_3.2.0.bb} (91%)
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#56703): https://lists.yoctoproject.org/g/yocto/message/56703
> Mute This Topic: https://lists.yoctoproject.org/mt/90375985/3616698
> Group Owner: yocto+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [akuster808@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>



^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-14 20:37 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-10 15:29 [meta-security][PATCH 0/6] upgrade and cleanup tpm2-software Petr Gotthard
2022-04-14 20:03 ` [yocto] " akuster808

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.