summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJia Zhang <qianyue.zj@alibaba-inc.com>2019-09-04 20:01:13 +0800
committerGitHub <noreply@github.com>2019-09-04 20:01:13 +0800
commitdf51a87b5a8a99902a43cf3ec139df0a0927fe81 (patch)
tree9d8ff8c6a1dbdd98516533c644faa6a8e80e62a6
parent127542429bfaf669d33f5d681ce72f8e9cec6598 (diff)
parent6d1bd0da1f8b6f28188fbdcc552df8c0dcf80a79 (diff)
downloadmeta-secure-core-df51a87b5a8a99902a43cf3ec139df0a0927fe81.tar.gz
Merge pull request #115 from lumag/master
Several updates and additional patch for grub-efi MOK2 support
Diffstat
-rw-r--r--meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc1
-rw-r--r--meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-multiboot.patch54
-rw-r--r--meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/0001-Install-evmctl-to-sbindir-rather-than-bindir.patch8
-rw-r--r--meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/Fix-the-build-failure-with-openssl-1.1.x.patch299
-rw-r--r--meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb7
-rw-r--r--meta-integrity/recipes-support/ima-inspect/ima-inspect/fix-new-imaevm.patch13
-rw-r--r--meta-integrity/recipes-support/ima-inspect/ima-inspect_0.11.bb5
-rw-r--r--meta-tpm2/recipes-tpm/tpm2-tools/tpm2-tools_3.2.0.bb (renamed from meta-tpm2/recipes-tpm/tpm2-tools/tpm2-tools_3.1.1.bb)4
-rw-r--r--meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss.inc2
-rw-r--r--meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-build-update-for-ax_code_coverage.m4-version-2019.01.patch6
-rw-r--r--meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.2.3.bb (renamed from meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.0.0.bb)5
11 files changed, 89 insertions, 315 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
index 32da43a..71a2bc1 100644
--- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
+++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi-efi-secure-boot.inc
@@ -19,6 +19,7 @@ SRC_URI += "\
19 file://efi-chainloader-implemented-for-32-bit.patch \ 19 file://efi-chainloader-implemented-for-32-bit.patch \
20 file://Grub-get-and-set-efi-variables.patch \ 20 file://Grub-get-and-set-efi-variables.patch \
21 file://mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch \ 21 file://mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch \
22 file://mok2verify-multiboot.patch \
22 file://grub-efi.cfg \ 23 file://grub-efi.cfg \
23 file://boot-menu.inc \ 24 file://boot-menu.inc \
24 ${EXTRA_SRC_URI} \ 25 ${EXTRA_SRC_URI} \
diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-multiboot.patch b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-multiboot.patch
new file mode 100644
index 0000000..eebc3f1
--- /dev/null
+++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-multiboot.patch
@@ -0,0 +1,54 @@
1Index: grub-2.02/grub-core/loader/multiboot.c
2===================================================================
3--- grub-2.02.orig/grub-core/loader/multiboot.c
4+++ grub-2.02/grub-core/loader/multiboot.c
5@@ -47,6 +47,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
6
7 #ifdef GRUB_MACHINE_EFI
8 #include <grub/efi/efi.h>
9+#include <grub/efi/mok2verify.h>
10 #endif
11
12 struct grub_relocator *GRUB_MULTIBOOT (relocator) = NULL;
13@@ -325,6 +326,20 @@ grub_cmd_multiboot (grub_command_t cmd _
14 if (! file)
15 return grub_errno;
16
17+#if GRUB_MACHINE_EFI
18+ err = grub_verify_file (argv[0]);
19+ if (err != GRUB_ERR_NONE)
20+ {
21+ grub_error(err, N_("Failed to verify module %s"), argv[0]);
22+
23+ /* An unauthenticated module always causes a complete boot failure. */
24+ if (grub_is_secured () == 1)
25+ grub_loader_unset();
26+
27+ return err;
28+ }
29+#endif
30+
31 grub_dl_ref (my_mod);
32
33 /* Skip filename. */
34@@ -379,6 +394,20 @@ grub_cmd_module (grub_command_t cmd __at
35 if (! file)
36 return grub_errno;
37
38+#if GRUB_MACHINE_EFI
39+ err = grub_verify_file (argv[0]);
40+ if (err != GRUB_ERR_NONE)
41+ {
42+ grub_error(err, N_("Failed to verify module %s"), argv[0]);
43+
44+ /* An unauthenticated module always causes a complete boot failure. */
45+ if (grub_is_secured () == 1)
46+ grub_loader_unset();
47+
48+ return err;
49+ }
50+#endif
51+
52 #ifndef GRUB_USE_MULTIBOOT2
53 lowest_addr = 0x100000;
54 if (grub_multiboot_quirks & GRUB_MULTIBOOT_QUIRK_MODULES_AFTER_KERNEL)
diff --git a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/0001-Install-evmctl-to-sbindir-rather-than-bindir.patch b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/0001-Install-evmctl-to-sbindir-rather-than-bindir.patch
index 545be42..2a63e80 100644
--- a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/0001-Install-evmctl-to-sbindir-rather-than-bindir.patch
+++ b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/0001-Install-evmctl-to-sbindir-rather-than-bindir.patch
@@ -14,15 +14,15 @@ diff --git a/src/Makefile.am b/src/Makefile.am
14index deb18fb..aa8f666 100644 14index deb18fb..aa8f666 100644
15--- a/src/Makefile.am 15--- a/src/Makefile.am
16+++ b/src/Makefile.am 16+++ b/src/Makefile.am
17@@ -9,7 +9,7 @@ libimaevm_la_LIBADD = $(OPENSSL_LIBS) 17@@ -15,7 +15,7 @@ EXTRA_DIST = hash_info.gen
18 18 hash_info.h: Makefile
19 include_HEADERS = imaevm.h 19 $(srcdir)/hash_info.gen $(KERNEL_HEADERS) >$@
20 20
21-bin_PROGRAMS = evmctl 21-bin_PROGRAMS = evmctl
22+sbin_PROGRAMS = evmctl 22+sbin_PROGRAMS = evmctl
23 23
24 evmctl_SOURCES = evmctl.c 24 evmctl_SOURCES = evmctl.c
25 evmctl_CPPFLAGS = $(OPENSSL_CFLAGS) 25 evmctl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCRYPTO_CFLAGS)
26-- 26--
272.7.4 272.7.4
28 28
diff --git a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/Fix-the-build-failure-with-openssl-1.1.x.patch b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/Fix-the-build-failure-with-openssl-1.1.x.patch
deleted file mode 100644
index 5551678..0000000
--- a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/Fix-the-build-failure-with-openssl-1.1.x.patch
+++ /dev/null
@@ -1,299 +0,0 @@
1From 61595d2d4eb9d6855680ea2f6d74492a4b7a553f Mon Sep 17 00:00:00 2001
2From: Lans Zhang <jia.zhang@windriver.com>
3Date: Wed, 16 Aug 2017 14:32:03 +0800
4Subject: [PATCH] Fix the build failure with openssl-1.1.x
5
6- Clean up the opaqu EVP_MD_CTX and RSA.
7- Similarly, HMAC_CTX is also opaqu. Note that there is no dynamic
8 allocation function like HMAC_CTX_create|new() available in 1.0.x.
9- HMAC_CTX_cleanup() is replaced by HMAC_CTX_reset().
10
11Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
12---
13 src/evmctl.c | 79 +++++++++++++++++++++++++++++++++++++++++----------------
14 src/libimaevm.c | 54 +++++++++++++++++++++++++--------------
15 2 files changed, 92 insertions(+), 41 deletions(-)
16
17diff --git a/src/evmctl.c b/src/evmctl.c
18index c54efbb..9156bcb 100644
19--- a/src/evmctl.c
20+++ b/src/evmctl.c
21@@ -314,7 +314,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
22 struct stat st;
23 int err;
24 uint32_t generation = 0;
25- EVP_MD_CTX ctx;
26+ EVP_MD_CTX *ctx;
27 unsigned int mdlen;
28 char **xattrname;
29 char xattr_value[1024];
30@@ -366,10 +366,17 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
31 return -1;
32 }
33
34- err = EVP_DigestInit(&ctx, EVP_sha1());
35+ ctx = EVP_MD_CTX_create();
36+ if (!ctx) {
37+ log_err("EVP_MD_CTX_create() failed\n");
38+ return -1;
39+ }
40+
41+ err = EVP_DigestInit(ctx, EVP_sha1());
42 if (!err) {
43 log_err("EVP_DigestInit() failed\n");
44- return 1;
45+ err = 1;
46+ goto out;
47 }
48
49 for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) {
50@@ -398,10 +405,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
51 /*log_debug("name: %s, value: %s, size: %d\n", *xattrname, xattr_value, err);*/
52 log_info("name: %s, size: %d\n", *xattrname, err);
53 log_debug_dump(xattr_value, err);
54- err = EVP_DigestUpdate(&ctx, xattr_value, err);
55+ err = EVP_DigestUpdate(ctx, xattr_value, err);
56 if (!err) {
57 log_err("EVP_DigestUpdate() failed\n");
58- return 1;
59+ err = 1;
60+ goto out;
61 }
62 }
63
64@@ -446,31 +454,38 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
65 log_debug("hmac_misc (%d): ", hmac_size);
66 log_debug_dump(&hmac_misc, hmac_size);
67
68- err = EVP_DigestUpdate(&ctx, &hmac_misc, hmac_size);
69+ err = EVP_DigestUpdate(ctx, &hmac_misc, hmac_size);
70 if (!err) {
71 log_err("EVP_DigestUpdate() failed\n");
72- return 1;
73+ err = 1;
74+ goto out;
75 }
76
77 if (!evm_immutable && !(hmac_flags & HMAC_FLAG_NO_UUID)) {
78 err = get_uuid(&st, uuid);
79- if (err)
80- return -1;
81+ if (err) {
82+ err = -1;
83+ goto out;
84+ }
85
86- err = EVP_DigestUpdate(&ctx, (const unsigned char *)uuid, sizeof(uuid));
87+ err = EVP_DigestUpdate(ctx, (const unsigned char *)uuid, sizeof(uuid));
88 if (!err) {
89 log_err("EVP_DigestUpdate() failed\n");
90- return 1;
91+ err = 1;
92+ goto out;
93 }
94 }
95
96- err = EVP_DigestFinal(&ctx, hash, &mdlen);
97- if (!err) {
98+ if (!EVP_DigestFinal(ctx, hash, &mdlen)) {
99 log_err("EVP_DigestFinal() failed\n");
100- return 1;
101- }
102+ err = 1;
103+ } else
104+ err = 0;
105+
106+out:
107+ EVP_MD_CTX_destroy(ctx);
108
109- return mdlen;
110+ return err ?: mdlen;
111 }
112
113 static int sign_evm(const char *file, const char *key)
114@@ -908,7 +923,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
115 struct stat st;
116 int err = -1;
117 uint32_t generation = 0;
118- HMAC_CTX ctx;
119+ HMAC_CTX *ctx = NULL;
120 unsigned int mdlen;
121 char **xattrname;
122 unsigned char xattr_value[1024];
123@@ -965,7 +980,17 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
124 goto out;
125 }
126
127- err = !HMAC_Init(&ctx, evmkey, sizeof(evmkey), EVP_sha1());
128+#if OPENSSL_VERSION_NUMBER < 0x10100000L
129+ ctx = malloc(sizeof(*ctx));
130+#else
131+ ctx = HMAC_CTX_new();
132+#endif
133+ if (!ctx) {
134+ log_err("HMAC_CTX_new() failed\n");
135+ goto out;
136+ }
137+
138+ err = !HMAC_Init(ctx, evmkey, sizeof(evmkey), EVP_sha1());
139 if (err) {
140 log_err("HMAC_Init() failed\n");
141 goto out;
142@@ -984,7 +1009,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
143 /*log_debug("name: %s, value: %s, size: %d\n", *xattrname, xattr_value, err);*/
144 log_info("name: %s, size: %d\n", *xattrname, err);
145 log_debug_dump(xattr_value, err);
146- err = !HMAC_Update(&ctx, xattr_value, err);
147+ err = !HMAC_Update(ctx, xattr_value, err);
148 if (err) {
149 log_err("HMAC_Update() failed\n");
150 goto out_ctx_cleanup;
151@@ -1025,17 +1050,27 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
152 log_debug("hmac_misc (%d): ", hmac_size);
153 log_debug_dump(&hmac_misc, hmac_size);
154
155- err = !HMAC_Update(&ctx, (const unsigned char *)&hmac_misc, hmac_size);
156+ err = !HMAC_Update(ctx, (const unsigned char *)&hmac_misc, hmac_size);
157 if (err) {
158 log_err("HMAC_Update() failed\n");
159 goto out_ctx_cleanup;
160 }
161- err = !HMAC_Final(&ctx, hash, &mdlen);
162+ err = !HMAC_Final(ctx, hash, &mdlen);
163 if (err)
164 log_err("HMAC_Final() failed\n");
165 out_ctx_cleanup:
166- HMAC_CTX_cleanup(&ctx);
167+#if OPENSSL_VERSION_NUMBER < 0x10100000L
168+ HMAC_CTX_cleanup(ctx);
169+#else
170+ HMAC_CTX_reset(ctx);
171+#endif
172 out:
173+ if (ctx)
174+#if OPENSSL_VERSION_NUMBER < 0x10100000L
175+ free(ctx);
176+#else
177+ HMAC_CTX_free(ctx);
178+#endif
179 free(key);
180 return err ?: mdlen;
181 }
182diff --git a/src/libimaevm.c b/src/libimaevm.c
183index eedffb4..3f23cac 100644
184--- a/src/libimaevm.c
185+++ b/src/libimaevm.c
186@@ -271,7 +271,7 @@ int ima_calc_hash(const char *file, uint8_t *hash)
187 {
188 const EVP_MD *md;
189 struct stat st;
190- EVP_MD_CTX ctx;
191+ EVP_MD_CTX *ctx;
192 unsigned int mdlen;
193 int err;
194
195@@ -288,41 +288,50 @@ int ima_calc_hash(const char *file, uint8_t *hash)
196 return 1;
197 }
198
199- err = EVP_DigestInit(&ctx, md);
200+ ctx = EVP_MD_CTX_create();
201+ if (!ctx) {
202+ log_err("EVP_MD_CTX_create() failed\n");
203+ return 1;
204+ }
205+
206+ err = EVP_DigestInit(ctx, md);
207 if (!err) {
208 log_err("EVP_DigestInit() failed\n");
209- return 1;
210+ err = 1;
211+ goto out;
212 }
213
214 switch (st.st_mode & S_IFMT) {
215 case S_IFREG:
216- err = add_file_hash(file, &ctx);
217+ err = add_file_hash(file, ctx);
218 break;
219 case S_IFDIR:
220- err = add_dir_hash(file, &ctx);
221+ err = add_dir_hash(file, ctx);
222 break;
223 case S_IFLNK:
224- err = add_link_hash(file, &ctx);
225+ err = add_link_hash(file, ctx);
226 break;
227 case S_IFIFO: case S_IFSOCK:
228 case S_IFCHR: case S_IFBLK:
229- err = add_dev_hash(&st, &ctx);
230+ err = add_dev_hash(&st, ctx);
231 break;
232 default:
233 log_errno("Unsupported file type");
234- return -1;
235+ err = -1;
236 }
237
238 if (err)
239- return err;
240+ goto out;
241
242- err = EVP_DigestFinal(&ctx, hash, &mdlen);
243- if (!err) {
244+ if (!EVP_DigestFinal(ctx, hash, &mdlen)) {
245 log_err("EVP_DigestFinal() failed\n");
246- return 1;
247+ err = 1;
248 }
249
250- return mdlen;
251+out:
252+ EVP_MD_CTX_destroy(ctx);
253+
254+ return err ?: mdlen;
255 }
256
257 RSA *read_pub_key(const char *keyfile, int x509)
258@@ -549,6 +558,7 @@ int key2bin(RSA *key, unsigned char *pub)
259 {
260 int len, b, offset = 0;
261 struct pubkey_hdr *pkh = (struct pubkey_hdr *)pub;
262+ BIGNUM *n, *e;
263
264 /* add key header */
265 pkh->version = 1;
266@@ -558,18 +568,24 @@ int key2bin(RSA *key, unsigned char *pub)
267
268 offset += sizeof(*pkh);
269
270- len = BN_num_bytes(key->n);
271- b = BN_num_bits(key->n);
272+#if OPENSSL_VERSION_NUMBER < 0x10100000L
273+ n = key->n;
274+ e = key->e;
275+#else
276+ RSA_get0_key(key, (const BIGNUM **)&n, (const BIGNUM **)&e, NULL);
277+#endif
278+ len = BN_num_bytes(n);
279+ b = BN_num_bits(n);
280 pub[offset++] = b >> 8;
281 pub[offset++] = b & 0xff;
282- BN_bn2bin(key->n, &pub[offset]);
283+ BN_bn2bin(n, &pub[offset]);
284 offset += len;
285
286- len = BN_num_bytes(key->e);
287- b = BN_num_bits(key->e);
288+ len = BN_num_bytes(e);
289+ b = BN_num_bits(e);
290 pub[offset++] = b >> 8;
291 pub[offset++] = b & 0xff;
292- BN_bn2bin(key->e, &pub[offset]);
293+ BN_bn2bin(e, &pub[offset]);
294 offset += len;
295
296 return offset;
297--
2982.7.5
299
diff --git a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb
index 0d0d703..bc98ce6 100644
--- a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb
+++ b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb
@@ -3,16 +3,15 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
3 3
4DEPENDS += "openssl attr keyutils" 4DEPENDS += "openssl attr keyutils"
5 5
6PV = "1.0+git${SRCPV}" 6PV = "1.2.1+git${SRCPV}"
7 7
8SRC_URI = "\ 8SRC_URI = "\
9 git://git.code.sf.net/p/linux-ima/ima-evm-utils \ 9 git://git.code.sf.net/p/linux-ima/ima-evm-utils;branch=ima-evm-utils-1.2.y \
10 file://0001-Don-t-build-man-pages.patch \ 10 file://0001-Don-t-build-man-pages.patch \
11 file://0001-Install-evmctl-to-sbindir-rather-than-bindir.patch \ 11 file://0001-Install-evmctl-to-sbindir-rather-than-bindir.patch \
12 file://Fix-the-build-failure-with-openssl-1.1.x.patch \
13 file://0001-ima-evm-utils-include-sys-types.h-in-header-to-fix-b.patch \ 12 file://0001-ima-evm-utils-include-sys-types.h-in-header-to-fix-b.patch \
14" 13"
15SRCREV = "3e2a67bdb0673581a97506262e62db098efef6d7" 14SRCREV = "3eab1f93b634249c1720f65fcb495b1996f0256e"
16 15
17S = "${WORKDIR}/git" 16S = "${WORKDIR}/git"
18 17
diff --git a/meta-integrity/recipes-support/ima-inspect/ima-inspect/fix-new-imaevm.patch b/meta-integrity/recipes-support/ima-inspect/ima-inspect/fix-new-imaevm.patch
new file mode 100644
index 0000000..6ba0fcd
--- /dev/null
+++ b/meta-integrity/recipes-support/ima-inspect/ima-inspect/fix-new-imaevm.patch
@@ -0,0 +1,13 @@
1Index: git/configure.ac
2===================================================================
3--- git.orig/configure.ac
4+++ git/configure.ac
5@@ -9,7 +9,7 @@ AM_INIT_AUTOMAKE([foreign subdir-objects
6 AC_CONFIG_FILES([Makefile])
7
8 PKG_CHECK_MODULES([TCLAP], [tclap])
9-AC_SEARCH_LIBS([do_dump], [imaevm], [], [
10+AC_SEARCH_LIBS([imaevm_do_hexdump], [imaevm], [], [
11 AC_MSG_ERROR([unable to find libimaevm, you need ima-evm-utils-devel or similar package])
12 ])
13
diff --git a/meta-integrity/recipes-support/ima-inspect/ima-inspect_0.11.bb b/meta-integrity/recipes-support/ima-inspect/ima-inspect_0.11.bb
index 8a3b239..09cbe15 100644
--- a/meta-integrity/recipes-support/ima-inspect/ima-inspect_0.11.bb
+++ b/meta-integrity/recipes-support/ima-inspect/ima-inspect_0.11.bb
@@ -3,7 +3,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a23a74b3f4caf9616230789d94217acb"
3 3
4DEPENDS += "attr ima-evm-utils tclap" 4DEPENDS += "attr ima-evm-utils tclap"
5 5
6SRC_URI = "git://github.com/mgerstner/ima-inspect.git" 6SRC_URI = " \
7 git://github.com/mgerstner/ima-inspect.git \
8 file://fix-new-imaevm.patch \
9"
7SRCREV = "e912be2d2a9fdf30a9693a7fc5d6b2473990a71c" 10SRCREV = "e912be2d2a9fdf30a9693a7fc5d6b2473990a71c"
8 11
9S = "${WORKDIR}/git" 12S = "${WORKDIR}/git"
diff --git a/meta-tpm2/recipes-tpm/tpm2-tools/tpm2-tools_3.1.1.bb b/meta-tpm2/recipes-tpm/tpm2-tools/tpm2-tools_3.2.0.bb
index 178ec15..058982d 100644
--- a/meta-tpm2/recipes-tpm/tpm2-tools/tpm2-tools_3.1.1.bb
+++ b/meta-tpm2/recipes-tpm/tpm2-tools/tpm2-tools_3.2.0.bb
@@ -3,7 +3,7 @@ include ${BPN}.inc
3SRC_URI = "\ 3SRC_URI = "\
4 https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \ 4 https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \
5" 5"
6SRC_URI[md5sum] = "ad9e856c4cbd8a19eb205d74ab635adc" 6SRC_URI[md5sum] = "af389756402fa26aa3f08aa4abfc5d88"
7SRC_URI[sha256sum] = "c7f0cdca51ef2006503f60c462b6d183c9b9dc038f4c3f74a89c111088fed8aa" 7SRC_URI[sha256sum] = "ad79ee83e2d4b34302e8883eaf313b27dbfabfd9cbc8ebcd95cf78fa097aef14"
8 8
9S = "${WORKDIR}/${BPN}-${PV}" 9S = "${WORKDIR}/${BPN}-${PV}"
diff --git a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss.inc b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss.inc
index e917b87..602cf6a 100644
--- a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss.inc
+++ b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss.inc
@@ -16,6 +16,8 @@ inherit autotools pkgconfig
16 16
17EXTRA_OECONF += " \ 17EXTRA_OECONF += " \
18 --with-udevrulesdir=${sysconfdir}/udev/rules.d \ 18 --with-udevrulesdir=${sysconfdir}/udev/rules.d \
19 --with-crypto=gcrypt \
20 --disable-doxygen-doc \
19" 21"
20 22
21PACKAGES = " \ 23PACKAGES = " \
diff --git a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-build-update-for-ax_code_coverage.m4-version-2019.01.patch b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-build-update-for-ax_code_coverage.m4-version-2019.01.patch
index 56f9d4b..c8b1ddb 100644
--- a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-build-update-for-ax_code_coverage.m4-version-2019.01.patch
+++ b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-build-update-for-ax_code_coverage.m4-version-2019.01.patch
@@ -19,7 +19,7 @@ diff --git a/Makefile.am b/Makefile.am
19index d78d23f..7815c4b 100644 19index d78d23f..7815c4b 100644
20--- a/Makefile.am 20--- a/Makefile.am
21+++ b/Makefile.am 21+++ b/Makefile.am
22@@ -42,7 +42,13 @@ noinst_PROGRAMS = 22@@ -19,7 +19,13 @@ noinst_PROGRAMS =
23 23
24 ### Add ax_* rules ### 24 ### Add ax_* rules ###
25 # ax_code_coverage 25 # ax_code_coverage
@@ -37,8 +37,8 @@ diff --git a/configure.ac b/configure.ac
37index c8aa314..40883a8 100644 37index c8aa314..40883a8 100644
38--- a/configure.ac 38--- a/configure.ac
39+++ b/configure.ac 39+++ b/configure.ac
40@@ -206,6 +206,9 @@ DX_INIT_DOXYGEN($PACKAGE_NAME, [Doxyfile], [doc/doxygen]) 40@@ -312,6 +312,9 @@ AS_IF([test "x$enable_doxygen_doc" != xn
41 AM_CONDITIONAL(DOXYMAN, [test $DX_FLAG_man -eq 1]) 41 [ERROR_IF_NO_PROG([doxygen])])
42 42
43 AX_CODE_COVERAGE 43 AX_CODE_COVERAGE
44+m4_ifdef([_AX_CODE_COVERAGE_RULES], 44+m4_ifdef([_AX_CODE_COVERAGE_RULES],
diff --git a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.0.0.bb b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.2.3.bb
index 9cc0247..9edc305 100644
--- a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.0.0.bb
+++ b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss_2.2.3.bb
@@ -1,10 +1,11 @@
1include ${BPN}.inc 1include ${BPN}.inc
2 2
3LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=500b2e742befc3da00684d8a1d5fd9da"
3SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \ 4SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz \
4 file://0001-build-update-for-ax_code_coverage.m4-version-2019.01.patch \ 5 file://0001-build-update-for-ax_code_coverage.m4-version-2019.01.patch \
5" 6"
6 7
7SRC_URI[md5sum] = "048ea77be36f881b7b6ecefbc1cf7dbd" 8SRC_URI[md5sum] = "593873bb023a0f8bcb93d12bc6640918"
8SRC_URI[sha256sum] = "7dfd05f7d2c4d5339d1c9ecbdba25f4ea6df70e96b09928e15e0560cce02d525" 9SRC_URI[sha256sum] = "1369aee648b33128b9ee8e3ad87f5fc6dc37c2077b9f134223ea04f4809a99c3"
9 10
10S = "${WORKDIR}/${BPN}-${PV}" 11S = "${WORKDIR}/${BPN}-${PV}"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-11-01 16:00:15 +0000