meta-tpm: add layer sanity check

Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2021-06-02 01:57:37 +0000
committer: Armin Kuster <akuster808@gmail.com> 2021-06-06 13:03:37 -0700
commit: 2bfc09017d3c6dfc611a46e42a09771c23004a93 (patch)
tree: d969a6cab5f70add8c5f54a11c568c3f179d3e99
parent: b226ebdc4af3be30018f9e73ae1c7e3f365323d9 (diff)
download: meta-security-2bfc09017d3c6dfc611a46e42a09771c23004a93.tar.gz
3 files changed, 33 insertions, 0 deletions
diff --git a/meta-tpm/README b/meta-tpm/README
index dd662b3..59d2ee3 100644
--- a/meta-tpm/README
+++ b/meta-tpm/README
@@ -1,6 +1,25 @@
 meta-tpm layer
 ==============
+The bbappend files for some recipes (e.g. linux-yocto) in this layer need
+to have 'tpm' in DISTRO_FEATURES to have effect.
+To enable them, add in configuration file the following line.
+  DISTRO_FEATURES_append = " tmp"
+If meta-tpm is included, but tpm is not enabled as a
+distro feature a warning is printed at parse time:
+    You have included the meta-tpm layer, but
+    'tpm' has not been enabled in your DISTRO_FEATURES. Some bbappend files
+    and preferred version setting may not take effect.
+If you know what you are doing, this warning can be disabled by setting the following
+variable in your configuration:
+  SKIP_META_TPM_SANITY_CHECK = 1
 This layer contains base TPM recipes.
 Dependencies
diff --git a/meta-tpm/classes/sanity-meta-tpm.bbclass b/meta-tpm/classes/sanity-meta-tpm.bbclass
new file mode 100644
index 0000000..2f8b52d
--- /dev/null
+++ b/meta-tpm/classes/sanity-meta-tpm.bbclass
@@ -0,0 +1,10 @@
+addhandler tpm_machinecheck
+tpm_machinecheck[eventmask] = "bb.event.SanityCheck"
+python tpm_machinecheck() {
+    skip_check = e.data.getVar('SKIP_META_TPM_SANITY_CHECK') == "1"
+    if 'tpm' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check:
+        bb.warn("You have included the meta-tpm layer, but \
+'tpm or tpm2' has not been enabled in your DISTRO_FEATURES. Some bbappend files \
+and preferred version setting may not take effect. See the meta-tpm README \
+for details on enabling tpm support.")
+}
diff --git a/meta-tpm/conf/layer.conf b/meta-tpm/conf/layer.conf
index 1b766cb..0b102c5 100644
--- a/meta-tpm/conf/layer.conf
+++ b/meta-tpm/conf/layer.conf
@@ -17,6 +17,10 @@ LAYERDEPENDS_tpm-layer = " \
 "
 BBLAYERS_LAYERINDEX_NAME_tpm-layer = "meta-tpm"
+# Sanity check for meta-integrity layer.
+# Setting SKIP_META_TPM_SANITY_CHECK to "1" would skip the bbappend files check.
+INHERIT += "sanity-meta-tpm"
 BBFILES_DYNAMIC += " \
 networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-*/*/*.bbappend \
 "
author	Armin Kuster <akuster808@gmail.com>	2021-06-02 01:57:37 +0000
committer	Armin Kuster <akuster808@gmail.com>	2021-06-06 13:03:37 -0700
commit	2bfc09017d3c6dfc611a46e42a09771c23004a93 (patch)
tree	d969a6cab5f70add8c5f54a11c568c3f179d3e99
parent	b226ebdc4af3be30018f9e73ae1c7e3f365323d9 (diff)
download	meta-security-2bfc09017d3c6dfc611a46e42a09771c23004a93.tar.gz

diff --git a/meta-tpm/README b/meta-tpm/README index dd662b3..59d2ee3 100644 --- a/meta-tpm/README +++ b/meta-tpm/README
@@ -1,6 +1,25 @@
1	meta-tpm layer	1	meta-tpm layer
2	==============	2	==============
3		3
		4	The bbappend files for some recipes (e.g. linux-yocto) in this layer need
		5	to have 'tpm' in DISTRO_FEATURES to have effect.
		6	To enable them, add in configuration file the following line.
		7
		8	DISTRO_FEATURES_append = " tmp"
		9
		10	If meta-tpm is included, but tpm is not enabled as a
		11	distro feature a warning is printed at parse time:
		12
		13	You have included the meta-tpm layer, but
		14	'tpm' has not been enabled in your DISTRO_FEATURES. Some bbappend files
		15	and preferred version setting may not take effect.
		16
		17	If you know what you are doing, this warning can be disabled by setting the following
		18	variable in your configuration:
		19
		20	SKIP_META_TPM_SANITY_CHECK = 1
		21
		22
4	This layer contains base TPM recipes.	23	This layer contains base TPM recipes.
5		24
6	Dependencies	25	Dependencies


diff --git a/meta-tpm/classes/sanity-meta-tpm.bbclass b/meta-tpm/classes/sanity-meta-tpm.bbclass new file mode 100644 index 0000000..2f8b52d --- /dev/null +++ b/meta-tpm/classes/sanity-meta-tpm.bbclass
@@ -0,0 +1,10 @@
		1	addhandler tpm_machinecheck
		2	tpm_machinecheck[eventmask] = "bb.event.SanityCheck"
		3	python tpm_machinecheck() {
		4	skip_check = e.data.getVar('SKIP_META_TPM_SANITY_CHECK') == "1"
		5	if 'tpm' not in e.data.getVar('DISTRO_FEATURES').split() and not skip_check:
		6	bb.warn("You have included the meta-tpm layer, but \
		7	'tpm or tpm2' has not been enabled in your DISTRO_FEATURES. Some bbappend files \
		8	and preferred version setting may not take effect. See the meta-tpm README \
		9	for details on enabling tpm support.")
		10	}


diff --git a/meta-tpm/conf/layer.conf b/meta-tpm/conf/layer.conf index 1b766cb..0b102c5 100644 --- a/meta-tpm/conf/layer.conf +++ b/meta-tpm/conf/layer.conf
@@ -17,6 +17,10 @@ LAYERDEPENDS_tpm-layer = " \
17	"	17	"
18	BBLAYERS_LAYERINDEX_NAME_tpm-layer = "meta-tpm"	18	BBLAYERS_LAYERINDEX_NAME_tpm-layer = "meta-tpm"
19		19
		20	# Sanity check for meta-integrity layer.
		21	# Setting SKIP_META_TPM_SANITY_CHECK to "1" would skip the bbappend files check.
		22	INHERIT += "sanity-meta-tpm"
		23
20	BBFILES_DYNAMIC += " \	24	BBFILES_DYNAMIC += " \
21	networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-//*.bbappend \	25	networking-layer:${LAYERDIR}/dynamic-layers/meta-networking/recipes-//*.bbappend \
22	"	26	"