* [ptxdist] [PATCH v4] tpm2-tools: Version bump. 4.1 -> 5.2
@ 2022-01-28 17:36 Christian Melki
2022-02-04 12:19 ` Michael Olbrich
0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2022-01-28 17:36 UTC (permalink / raw)
To: ptxdist
Approx 2 years worth of fixes.
https://github.com/tpm2-software/tpm2-tools/releases
* Fixes CVE-2021-3565.
* Update license file hash. File moved to a new directory.
* tpm2-tools now optionally depends on EFIVAR for prettyprinting
device paths.
* Update tpm2 binaries. Change them to softlinks. Binary wants
to be called busybox-style.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
rules/tpm2-tools.in | 14 +++++++++++++-
rules/tpm2-tools.make | 34 +++++++++++++++++++++++++++-------
2 files changed, 40 insertions(+), 8 deletions(-)
diff --git a/rules/tpm2-tools.in b/rules/tpm2-tools.in
index 4c9cbaa92..20a3a7b7e 100644
--- a/rules/tpm2-tools.in
+++ b/rules/tpm2-tools.in
@@ -1,13 +1,25 @@
## SECTION=tpm
-config TPM2_TOOLS
+menuconfig TPM2_TOOLS
tristate
select TPM2_TSS
select OPENSSL
select LIBCURL
+ select EFIVAR if TPM2_TOOLS_USE_EFIVAR
prompt "tpm2-tools"
help
This package contains a set of tools to use with TPM 2.0
chips, for common tasks and features provided by the
hardware; such as for doing basic key management,
attestation, encryption and signing.
+
+if TPM2_TOOLS
+
+config TPM2_TOOLS_USE_EFIVAR
+ bool
+ prompt "Use efivar"
+ help
+ Building with efivar enables pretty-printing of
+ the device path.
+
+endif
diff --git a/rules/tpm2-tools.make b/rules/tpm2-tools.make
index ead881ffb..829df1bdc 100644
--- a/rules/tpm2-tools.make
+++ b/rules/tpm2-tools.make
@@ -14,15 +14,15 @@ PACKAGES-$(PTXCONF_TPM2_TOOLS) += tpm2-tools
#
# Paths and names
#
-TPM2_TOOLS_VERSION := 4.1
-TPM2_TOOLS_MD5 := aecec22668233776922909f2ebf55e65
+TPM2_TOOLS_VERSION := 5.2
+TPM2_TOOLS_MD5 := 0057615ef43b9322d4577fc3bde0e8d6
TPM2_TOOLS := tpm2-tools-$(TPM2_TOOLS_VERSION)
TPM2_TOOLS_SUFFIX := tar.gz
TPM2_TOOLS_URL := https://github.com/tpm2-software/tpm2-tools/releases/download/$(TPM2_TOOLS_VERSION)/$(TPM2_TOOLS).$(TPM2_TOOLS_SUFFIX)
TPM2_TOOLS_SOURCE := $(SRCDIR)/$(TPM2_TOOLS).$(TPM2_TOOLS_SUFFIX)
TPM2_TOOLS_DIR := $(BUILDDIR)/$(TPM2_TOOLS)
TPM2_TOOLS_LICENSE := BSD-3-Clause
-TPM2_TOOLS_LICENSE_FILES := file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc
+TPM2_TOOLS_LICENSE_FILES := file://doc/LICENSE;md5=a846608d090aa64494c45fc147cc12e3
# ----------------------------------------------------------------------------
# Prepare
@@ -32,6 +32,10 @@ TPM2_TOOLS_LICENSE_FILES := file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc
# autoconf
#
TPM2_TOOLS_CONF_TOOL := autoconf
+TPM2_TOOLS_CONF_ENV := \
+ $(CROSS_ENV) \
+ $(call ptx/ifdef, PTXCONF_TPM2_TOOLS_USE_EFIVAR,,ac_cv_header_efivar_efivar_h=no)
+
TPM2_TOOLS_CONF_OPT := \
$(CROSS_AUTOCONF_USR) \
--enable-debug=info \
@@ -48,10 +52,11 @@ TPM2_TOOLS_CFLAGS := \
# Target-Install
# ----------------------------------------------------------------------------
-TPM2_TOOLS_PROGS := \
+TPM2_TOOLS_TPM2_PROGS := \
tpm2_activatecredential \
tpm2_certify \
tpm2_certifycreation \
+ tpm2_certifyX509certutil \
tpm2_changeauth \
tpm2_changeeps \
tpm2_changepps \
@@ -59,6 +64,7 @@ TPM2_TOOLS_PROGS := \
tpm2_clear \
tpm2_clearcontrol \
tpm2_clockrateadjust \
+ tpm2_commit \
tpm2_create \
tpm2_createak \
tpm2_createek \
@@ -66,12 +72,20 @@ TPM2_TOOLS_PROGS := \
tpm2_createprimary \
tpm2_dictionarylockout \
tpm2_duplicate \
+ tpm2_ecdhkeygen \
+ tpm2_ecdhzgen \
+ tpm2_ecephemeral \
tpm2_encryptdecrypt \
+ tpm2_eventlog \
tpm2_evictcontrol \
tpm2_flushcontext \
tpm2_getcap \
+ tpm2_getcommandauditdigest \
+ tpm2_geteccparameters \
tpm2_getekcertificate \
+ tpm2_getpolicydigest \
tpm2_getrandom \
+ tpm2_getsessionauditdigest \
tpm2_gettestresult \
tpm2_gettime \
tpm2_hash \
@@ -103,6 +117,7 @@ TPM2_TOOLS_PROGS := \
tpm2_policyauthvalue \
tpm2_policycommandcode \
tpm2_policycountertimer \
+ tpm2_policycphash \
tpm2_policyduplicationselect \
tpm2_policylocality \
tpm2_policynamehash \
@@ -125,7 +140,9 @@ TPM2_TOOLS_PROGS := \
tpm2_rsaencrypt \
tpm2_selftest \
tpm2_send \
+ tpm2_sessionconfig \
tpm2_setclock \
+ tpm2_setcommandauditstatus \
tpm2_setprimarypolicy \
tpm2_shutdown \
tpm2_sign \
@@ -134,7 +151,8 @@ TPM2_TOOLS_PROGS := \
tpm2_stirrandom \
tpm2_testparms \
tpm2_unseal \
- tpm2_verifysignature
+ tpm2_verifysignature \
+ tpm2_zgen2phase
$(STATEDIR)/tpm2-tools.targetinstall:
@$(call targetinfo)
@@ -145,8 +163,10 @@ $(STATEDIR)/tpm2-tools.targetinstall:
@$(call install_fixup, tpm2-tools,AUTHOR,"Marc Kleine-Budde <mkl@pengutronix.de>")
@$(call install_fixup, tpm2-tools,DESCRIPTION,missing)
- @$(foreach prog, $(TPM2_TOOLS_PROGS), \
- $(call install_copy, tpm2-tools, 0, 0, 0755, -, /usr/bin/$(prog))$(ptx/nl))
+ @$(call install_copy, tpm2-tools, 0, 0, 0755, -, /usr/bin/tpm2)
+
+ @$(foreach prog, $(TPM2_TOOLS_TPM2_PROGS), \
+ @$(call install_link, tpm2-tools, /usr/bin/$(prog), /usr/bin/tpm2)$(ptx/nl))
@$(call install_finish, tpm2-tools)
--
2.30.2
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [PATCH v4] tpm2-tools: Version bump. 4.1 -> 5.2
2022-01-28 17:36 [ptxdist] [PATCH v4] tpm2-tools: Version bump. 4.1 -> 5.2 Christian Melki
@ 2022-02-04 12:19 ` Michael Olbrich
0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2022-02-04 12:19 UTC (permalink / raw)
To: Christian Melki; +Cc: ptxdist
On Fri, Jan 28, 2022 at 06:36:43PM +0100, Christian Melki wrote:
> Approx 2 years worth of fixes.
> https://github.com/tpm2-software/tpm2-tools/releases
>
> * Fixes CVE-2021-3565.
> * Update license file hash. File moved to a new directory.
> * tpm2-tools now optionally depends on EFIVAR for prettyprinting
> device paths.
> * Update tpm2 binaries. Change them to softlinks. Binary wants
> to be called busybox-style.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> ---
> rules/tpm2-tools.in | 14 +++++++++++++-
> rules/tpm2-tools.make | 34 +++++++++++++++++++++++++++-------
> 2 files changed, 40 insertions(+), 8 deletions(-)
>
> diff --git a/rules/tpm2-tools.in b/rules/tpm2-tools.in
> index 4c9cbaa92..20a3a7b7e 100644
> --- a/rules/tpm2-tools.in
> +++ b/rules/tpm2-tools.in
> @@ -1,13 +1,25 @@
> ## SECTION=tpm
>
> -config TPM2_TOOLS
> +menuconfig TPM2_TOOLS
> tristate
> select TPM2_TSS
> select OPENSSL
> select LIBCURL
> + select EFIVAR if TPM2_TOOLS_USE_EFIVAR
> prompt "tpm2-tools"
> help
> This package contains a set of tools to use with TPM 2.0
> chips, for common tasks and features provided by the
> hardware; such as for doing basic key management,
> attestation, encryption and signing.
> +
> +if TPM2_TOOLS
> +
> +config TPM2_TOOLS_USE_EFIVAR
> + bool
> + prompt "Use efivar"
> + help
> + Building with efivar enables pretty-printing of
> + the device path.
> +
> +endif
> diff --git a/rules/tpm2-tools.make b/rules/tpm2-tools.make
> index ead881ffb..829df1bdc 100644
> --- a/rules/tpm2-tools.make
> +++ b/rules/tpm2-tools.make
> @@ -14,15 +14,15 @@ PACKAGES-$(PTXCONF_TPM2_TOOLS) += tpm2-tools
> #
> # Paths and names
> #
> -TPM2_TOOLS_VERSION := 4.1
> -TPM2_TOOLS_MD5 := aecec22668233776922909f2ebf55e65
> +TPM2_TOOLS_VERSION := 5.2
> +TPM2_TOOLS_MD5 := 0057615ef43b9322d4577fc3bde0e8d6
> TPM2_TOOLS := tpm2-tools-$(TPM2_TOOLS_VERSION)
> TPM2_TOOLS_SUFFIX := tar.gz
> TPM2_TOOLS_URL := https://github.com/tpm2-software/tpm2-tools/releases/download/$(TPM2_TOOLS_VERSION)/$(TPM2_TOOLS).$(TPM2_TOOLS_SUFFIX)
> TPM2_TOOLS_SOURCE := $(SRCDIR)/$(TPM2_TOOLS).$(TPM2_TOOLS_SUFFIX)
> TPM2_TOOLS_DIR := $(BUILDDIR)/$(TPM2_TOOLS)
> TPM2_TOOLS_LICENSE := BSD-3-Clause
> -TPM2_TOOLS_LICENSE_FILES := file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc
> +TPM2_TOOLS_LICENSE_FILES := file://doc/LICENSE;md5=a846608d090aa64494c45fc147cc12e3
>
> # ----------------------------------------------------------------------------
> # Prepare
> @@ -32,6 +32,10 @@ TPM2_TOOLS_LICENSE_FILES := file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc
> # autoconf
> #
> TPM2_TOOLS_CONF_TOOL := autoconf
> +TPM2_TOOLS_CONF_ENV := \
> + $(CROSS_ENV) \
> + $(call ptx/ifdef, PTXCONF_TPM2_TOOLS_USE_EFIVAR,,ac_cv_header_efivar_efivar_h=no)
> +
> TPM2_TOOLS_CONF_OPT := \
> $(CROSS_AUTOCONF_USR) \
> --enable-debug=info \
> @@ -48,10 +52,11 @@ TPM2_TOOLS_CFLAGS := \
> # Target-Install
> # ----------------------------------------------------------------------------
>
> -TPM2_TOOLS_PROGS := \
> +TPM2_TOOLS_TPM2_PROGS := \
> tpm2_activatecredential \
> tpm2_certify \
> tpm2_certifycreation \
> + tpm2_certifyX509certutil \
> tpm2_changeauth \
> tpm2_changeeps \
> tpm2_changepps \
> @@ -59,6 +64,7 @@ TPM2_TOOLS_PROGS := \
> tpm2_clear \
> tpm2_clearcontrol \
> tpm2_clockrateadjust \
> + tpm2_commit \
> tpm2_create \
> tpm2_createak \
> tpm2_createek \
> @@ -66,12 +72,20 @@ TPM2_TOOLS_PROGS := \
> tpm2_createprimary \
> tpm2_dictionarylockout \
> tpm2_duplicate \
> + tpm2_ecdhkeygen \
> + tpm2_ecdhzgen \
> + tpm2_ecephemeral \
> tpm2_encryptdecrypt \
> + tpm2_eventlog \
> tpm2_evictcontrol \
> tpm2_flushcontext \
> tpm2_getcap \
> + tpm2_getcommandauditdigest \
> + tpm2_geteccparameters \
> tpm2_getekcertificate \
> + tpm2_getpolicydigest \
> tpm2_getrandom \
> + tpm2_getsessionauditdigest \
> tpm2_gettestresult \
> tpm2_gettime \
> tpm2_hash \
> @@ -103,6 +117,7 @@ TPM2_TOOLS_PROGS := \
> tpm2_policyauthvalue \
> tpm2_policycommandcode \
> tpm2_policycountertimer \
> + tpm2_policycphash \
> tpm2_policyduplicationselect \
> tpm2_policylocality \
> tpm2_policynamehash \
> @@ -125,7 +140,9 @@ TPM2_TOOLS_PROGS := \
> tpm2_rsaencrypt \
> tpm2_selftest \
> tpm2_send \
> + tpm2_sessionconfig \
> tpm2_setclock \
> + tpm2_setcommandauditstatus \
> tpm2_setprimarypolicy \
> tpm2_shutdown \
> tpm2_sign \
> @@ -134,7 +151,8 @@ TPM2_TOOLS_PROGS := \
> tpm2_stirrandom \
> tpm2_testparms \
> tpm2_unseal \
> - tpm2_verifysignature
> + tpm2_verifysignature \
> + tpm2_zgen2phase
>
> $(STATEDIR)/tpm2-tools.targetinstall:
> @$(call targetinfo)
> @@ -145,8 +163,10 @@ $(STATEDIR)/tpm2-tools.targetinstall:
> @$(call install_fixup, tpm2-tools,AUTHOR,"Marc Kleine-Budde <mkl@pengutronix.de>")
> @$(call install_fixup, tpm2-tools,DESCRIPTION,missing)
>
> - @$(foreach prog, $(TPM2_TOOLS_PROGS), \
> - $(call install_copy, tpm2-tools, 0, 0, 0755, -, /usr/bin/$(prog))$(ptx/nl))
> + @$(call install_copy, tpm2-tools, 0, 0, 0755, -, /usr/bin/tpm2)
> +
> + @$(foreach prog, $(TPM2_TOOLS_TPM2_PROGS), \
> + @$(call install_link, tpm2-tools, /usr/bin/$(prog), /usr/bin/tpm2)$(ptx/nl))
1. use relative links
2. src and dst are swapped
so:
@$(call install_link, tpm2-tools, tpm2, /usr/bin/$(prog))$(ptx/nl))
Michael
>
> @$(call install_finish, tpm2-tools)
>
> --
> 2.30.2
>
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-02-04 12:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-28 17:36 [ptxdist] [PATCH v4] tpm2-tools: Version bump. 4.1 -> 5.2 Christian Melki
2022-02-04 12:19 ` Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox