<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/meta-tpm/recipes-tpm2, branch master</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2026-05-25T14:11:19+00:00</updated>
<entry>
<title>tpm2-pkcs11: upgrade 1.9.1 -&gt; 1.9.2</title>
<updated>2026-05-25T14:11:19+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-05-05T14:13:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=226839ac408223f8041cde1b1d8b762d6fbc8050'/>
<id>urn:sha1:226839ac408223f8041cde1b1d8b762d6fbc8050</id>
<content type='text'>
This contains fix for building native recipe with security flags
enabled:
* https://github.com/tpm2-software/tpm2-pkcs11/commit/be97b21ae641303ce83a8fbb54002701c1aede31

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>tpm2-tools: make efivar optional</title>
<updated>2026-05-17T14:44:55+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-05-07T08:39:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=cdb4e444acbb2b9df467d716241a206c9ea6d3b0'/>
<id>urn:sha1:cdb4e444acbb2b9df467d716241a206c9ea6d3b0</id>
<content type='text'>
Previous commit made this a hard dependency because it's autodetected.
Instead of that, make it configurable so it can be disabled (roughtly
equivalent to behavior before that commit).

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>tpm2-pkcs11: fix build failure</title>
<updated>2026-04-14T21:18:23+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-04-09T13:10:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=d975a55a6594cabed377a8f61a41f867a7e02405'/>
<id>urn:sha1:d975a55a6594cabed377a8f61a41f867a7e02405</id>
<content type='text'>
Use patch submitted upstream to fix build error:
| src/lib/tpm.c: In function ‘tpm_unseal’:
| src/lib/tpm.c:1040:16: error: incompatible types when returning type ‘_Bool’ but ‘twist’ {aka ‘const char *’} was expected
|  1040 |         return false;
|       |                ^~~~~

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>python3-tpm2-pytss: BBCLASSEXTEND native and nativesdk</title>
<updated>2026-03-04T10:12:48+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-02-12T08:38:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=f04f6fede966257d765ccdd22d671f93142afe57'/>
<id>urn:sha1:f04f6fede966257d765ccdd22d671f93142afe57</id>
<content type='text'>
Commit cd729862f68152bc76db02cd4a93ca12a9424f88 added native/nativesdk
possibility to tpm2-pkcs11.
After 784ca4b6584101e971b2d5d76ec7b716ad1301b5 which added rdepends on
python3-tpm2-pytss, there are errors like:

Missing or unbuildable dependency chain was:
['&lt;image&gt;', 'swtpm-native', 'tpm2-pkcs11-tools-native', 'python3-tpm2-pytss-native']

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>tpm2-tss-engine: remove libgcrypt dependency</title>
<updated>2025-09-10T22:08:38+00:00</updated>
<author>
<name>Patrick Wicki</name>
<email>patrick.wicki@siemens.com</email>
</author>
<published>2025-08-28T13:34:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=dafceb4ba498bb879af041d431655a9134876177'/>
<id>urn:sha1:dafceb4ba498bb879af041d431655a9134876177</id>
<content type='text'>
There is no hint of libgcrypt in the upstream code and distro packages
like Debian and Fedora do not have this dependency either.

Signed-off-by: Patrick Wicki &lt;patrick.wicki@siemens.com&gt;
</content>
</entry>
<entry>
<title>Adapt to S/UNPACKDIR changes</title>
<updated>2025-07-04T16:41:20+00:00</updated>
<author>
<name>Scott Murray</name>
<email>scott.murray@konsulko.com</email>
</author>
<published>2025-07-03T00:33:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=0272225ccdfb31a84408351c5911920a68249cc7'/>
<id>urn:sha1:0272225ccdfb31a84408351c5911920a68249cc7</id>
<content type='text'>
Remove or update S definitions as required to work with oe-core
S/UNPACKDIR changes.

Signed-off-by: Scott Murray &lt;scott.murray@konsulko.com&gt;
</content>
</entry>
<entry>
<title>recipes: fix whitespace warnings</title>
<updated>2025-06-23T13:05:21+00:00</updated>
<author>
<name>Max Krummenacher</name>
<email>max.krummenacher@toradex.com</email>
</author>
<published>2025-04-26T10:30:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=5b6ea2a099b2f6ebbe3a2872d4b36db3012920df'/>
<id>urn:sha1:5b6ea2a099b2f6ebbe3a2872d4b36db3012920df</id>
<content type='text'>
Since OE bitbake commit 24772dd2ae6c ("parse/ConfHandler: Add warning for
deprecated whitespace usage"), the current build generates the following
warning (as example):

| WARNING: ...meta-security/meta-tpm/recipes-core/systemd/systemd-boot_%.bbappend:7
| has a lack of whitespace around the assignment:
| 'EXTRA_OEMESON:append= "    ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', '-Dtpm2=true', '', d)} "'

Fix all the warnings.

Signed-off-by: Max Krummenacher &lt;max.krummenacher@toradex.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>tpm2-pkcs11: Add tools python runtime dependencies</title>
<updated>2025-04-13T18:07:57+00:00</updated>
<author>
<name>Omri Sarig</name>
<email>omri.sarig13@gmail.com</email>
</author>
<published>2025-03-11T10:33:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=784ca4b6584101e971b2d5d76ec7b716ad1301b5'/>
<id>urn:sha1:784ca4b6584101e971b2d5d76ec7b716ad1301b5</id>
<content type='text'>
The tpm2-pkcs11-tools python module is importing several modules which
are not currently included in it's dependencies. This causes the script
invocation to fail. The current commit adds the relevant dependencies,
to ensure that the python module is always able to run.

The relevant dependencies are:
* python3-fcntl: To add the fcntl module, imported in db.py.
* python3-sqlite3: To add the sqlite3 module, imported in db.py.
* python3-tpm2-pytss: To add the tpm2_pytss module, imported in
  utils.py.
* python3-compression: To add the zipfile module, imported through
  "importlib.metadata import distribution" in tpm2_ptool.

Signed-off-by: Omri Sarig &lt;omri.sarig13@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>tpm2-pytss: Add python3-asn1crypto runtime dependency</title>
<updated>2025-04-13T18:07:57+00:00</updated>
<author>
<name>Omri Sarig</name>
<email>omri.sarig13@gmail.com</email>
</author>
<published>2025-03-11T10:33:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=75a6ea387b1f48d875ae23ed92a8346c93720f0f'/>
<id>urn:sha1:75a6ea387b1f48d875ae23ed92a8346c93720f0f</id>
<content type='text'>
The tpm2-pytss module is importing the module asn1crypto in tsskey.py,
however, the current bitbake recipe is not including this python package
as runtime dependency. This causes the module invocation to fail at the
moment.

The commit adds this dependency to the bitbake recipe, to make the
recipe self contained.

Signed-off-by: Omri Sarig &lt;omri.sarig13@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>tpm2-tss-engine: add .so symmlink to engines package</title>
<updated>2025-04-13T18:07:57+00:00</updated>
<author>
<name>Adrian Freihofer</name>
<email>adrian.freihofer@siemens.com</email>
</author>
<published>2025-03-20T20:20:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=36840b49c8a9082ded705f46224cd3c74656a353'/>
<id>urn:sha1:36840b49c8a9082ded705f46224cd3c74656a353</id>
<content type='text'>
Without the symlink, the engine is not found by openssl:

openssl engine -t -c tpm2tss
20F0C5BDFFFF0000:error:12800067:DSO support routines:dlfcn_load:could
    not load the shared library:/usr/src/debug/openssl/3.2.4/crypto/dso/dso_dlfcn.c:118:
    filename(/usr/lib/engines-3/tpm2tss.so): /usr/lib/engines-3/tpm2tss.so:
    cannot open shared object file: No such file or directory
...

With sym-link it works (also without extra configuration for openssl)

cd /usr/lib/engines-3/
ln -s libtpm2tss.so tpm2tss.so
openssl engine -t -c tpm2tss
(tpm2tss) TPM2-TSS engine for OpenSSL
    [RSA, RAND]
        [ available ]

For exmample also the Fedora package has the symlink.

Signed-off-by: Adrian Freihofer &lt;adrian.freihofer@siemens.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
