Re: [ptxdist] [PATCH v4] tpm2-tools: Version bump. 4.1 -> 5.2

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

From: Michael Olbrich <m.olbrich@pengutronix.de>
To: Christian Melki <christian.melki@t2data.com>
Cc: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH v4] tpm2-tools: Version bump. 4.1 -> 5.2
Date: Fri, 4 Feb 2022 13:19:19 +0100	[thread overview]
Message-ID: <Yf0ZxwXlvKD/so//@pengutronix.de> (raw)
In-Reply-To: <20220128173643.2593042-1-christian.melki@t2data.com>

On Fri, Jan 28, 2022 at 06:36:43PM +0100, Christian Melki wrote:
> Approx 2 years worth of fixes.
> https://github.com/tpm2-software/tpm2-tools/releases
> 
> * Fixes CVE-2021-3565.
> * Update license file hash. File moved to a new directory.
> * tpm2-tools now optionally depends on EFIVAR for prettyprinting
> device paths.
> * Update tpm2 binaries. Change them to softlinks. Binary wants
> to be called busybox-style.
> 
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> ---
>  rules/tpm2-tools.in   | 14 +++++++++++++-
>  rules/tpm2-tools.make | 34 +++++++++++++++++++++++++++-------
>  2 files changed, 40 insertions(+), 8 deletions(-)
> 
> diff --git a/rules/tpm2-tools.in b/rules/tpm2-tools.in
> index 4c9cbaa92..20a3a7b7e 100644
> --- a/rules/tpm2-tools.in
> +++ b/rules/tpm2-tools.in
> @@ -1,13 +1,25 @@
>  ## SECTION=tpm
>  
> -config TPM2_TOOLS
> +menuconfig TPM2_TOOLS
>  	tristate
>  	select TPM2_TSS
>  	select OPENSSL
>  	select LIBCURL
> +	select EFIVAR		if TPM2_TOOLS_USE_EFIVAR
>  	prompt "tpm2-tools"
>  	help
>  	  This package contains a set of tools to use with TPM 2.0
>  	  chips, for common tasks and features provided by the
>  	  hardware; such as for doing basic key management,
>  	  attestation, encryption and signing.
> +
> +if TPM2_TOOLS
> +
> +config TPM2_TOOLS_USE_EFIVAR
> +	bool
> +	prompt "Use efivar"
> +	help
> +	  Building with efivar enables pretty-printing of
> +	  the device path.
> +
> +endif
> diff --git a/rules/tpm2-tools.make b/rules/tpm2-tools.make
> index ead881ffb..829df1bdc 100644
> --- a/rules/tpm2-tools.make
> +++ b/rules/tpm2-tools.make
> @@ -14,15 +14,15 @@ PACKAGES-$(PTXCONF_TPM2_TOOLS) += tpm2-tools
>  #
>  # Paths and names
>  #
> -TPM2_TOOLS_VERSION		:= 4.1
> -TPM2_TOOLS_MD5			:= aecec22668233776922909f2ebf55e65
> +TPM2_TOOLS_VERSION		:= 5.2
> +TPM2_TOOLS_MD5			:= 0057615ef43b9322d4577fc3bde0e8d6
>  TPM2_TOOLS			:= tpm2-tools-$(TPM2_TOOLS_VERSION)
>  TPM2_TOOLS_SUFFIX		:= tar.gz
>  TPM2_TOOLS_URL			:= https://github.com/tpm2-software/tpm2-tools/releases/download/$(TPM2_TOOLS_VERSION)/$(TPM2_TOOLS).$(TPM2_TOOLS_SUFFIX)
>  TPM2_TOOLS_SOURCE		:= $(SRCDIR)/$(TPM2_TOOLS).$(TPM2_TOOLS_SUFFIX)
>  TPM2_TOOLS_DIR			:= $(BUILDDIR)/$(TPM2_TOOLS)
>  TPM2_TOOLS_LICENSE		:= BSD-3-Clause
> -TPM2_TOOLS_LICENSE_FILES	:= file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc
> +TPM2_TOOLS_LICENSE_FILES	:= file://doc/LICENSE;md5=a846608d090aa64494c45fc147cc12e3
>  
>  # ----------------------------------------------------------------------------
>  # Prepare
> @@ -32,6 +32,10 @@ TPM2_TOOLS_LICENSE_FILES	:= file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc
>  # autoconf
>  #
>  TPM2_TOOLS_CONF_TOOL	:= autoconf
> +TPM2_TOOLS_CONF_ENV := \
> +	$(CROSS_ENV) \
> +	$(call ptx/ifdef, PTXCONF_TPM2_TOOLS_USE_EFIVAR,,ac_cv_header_efivar_efivar_h=no)
> +
>  TPM2_TOOLS_CONF_OPT	:= \
>  	$(CROSS_AUTOCONF_USR) \
>  	--enable-debug=info \
> @@ -48,10 +52,11 @@ TPM2_TOOLS_CFLAGS	:= \
>  # Target-Install
>  # ----------------------------------------------------------------------------
>  
> -TPM2_TOOLS_PROGS := \
> +TPM2_TOOLS_TPM2_PROGS := \
>  	tpm2_activatecredential \
>  	tpm2_certify \
>  	tpm2_certifycreation \
> +	tpm2_certifyX509certutil \
>  	tpm2_changeauth \
>  	tpm2_changeeps \
>  	tpm2_changepps \
> @@ -59,6 +64,7 @@ TPM2_TOOLS_PROGS := \
>  	tpm2_clear \
>  	tpm2_clearcontrol \
>  	tpm2_clockrateadjust \
> +	tpm2_commit \
>  	tpm2_create \
>  	tpm2_createak \
>  	tpm2_createek \
> @@ -66,12 +72,20 @@ TPM2_TOOLS_PROGS := \
>  	tpm2_createprimary \
>  	tpm2_dictionarylockout \
>  	tpm2_duplicate \
> +	tpm2_ecdhkeygen \
> +	tpm2_ecdhzgen \
> +	tpm2_ecephemeral \
>  	tpm2_encryptdecrypt \
> +	tpm2_eventlog \
>  	tpm2_evictcontrol \
>  	tpm2_flushcontext \
>  	tpm2_getcap \
> +	tpm2_getcommandauditdigest \
> +	tpm2_geteccparameters \
>  	tpm2_getekcertificate \
> +	tpm2_getpolicydigest \
>  	tpm2_getrandom \
> +	tpm2_getsessionauditdigest \
>  	tpm2_gettestresult \
>  	tpm2_gettime \
>  	tpm2_hash \
> @@ -103,6 +117,7 @@ TPM2_TOOLS_PROGS := \
>  	tpm2_policyauthvalue \
>  	tpm2_policycommandcode \
>  	tpm2_policycountertimer \
> +	tpm2_policycphash \
>  	tpm2_policyduplicationselect \
>  	tpm2_policylocality \
>  	tpm2_policynamehash \
> @@ -125,7 +140,9 @@ TPM2_TOOLS_PROGS := \
>  	tpm2_rsaencrypt \
>  	tpm2_selftest \
>  	tpm2_send \
> +	tpm2_sessionconfig \
>  	tpm2_setclock \
> +	tpm2_setcommandauditstatus \
>  	tpm2_setprimarypolicy \
>  	tpm2_shutdown \
>  	tpm2_sign \
> @@ -134,7 +151,8 @@ TPM2_TOOLS_PROGS := \
>  	tpm2_stirrandom \
>  	tpm2_testparms \
>  	tpm2_unseal \
> -	tpm2_verifysignature
> +	tpm2_verifysignature \
> +	tpm2_zgen2phase
>  
>  $(STATEDIR)/tpm2-tools.targetinstall:
>  	@$(call targetinfo)
> @@ -145,8 +163,10 @@ $(STATEDIR)/tpm2-tools.targetinstall:
>  	@$(call install_fixup, tpm2-tools,AUTHOR,"Marc Kleine-Budde <mkl@pengutronix.de>")
>  	@$(call install_fixup, tpm2-tools,DESCRIPTION,missing)
>  
> -	@$(foreach prog, $(TPM2_TOOLS_PROGS), \
> -                $(call install_copy, tpm2-tools, 0, 0, 0755, -, /usr/bin/$(prog))$(ptx/nl))
> +	@$(call install_copy, tpm2-tools, 0, 0, 0755, -, /usr/bin/tpm2)
> +
> +	@$(foreach prog, $(TPM2_TOOLS_TPM2_PROGS), \
> +		@$(call install_link, tpm2-tools, /usr/bin/$(prog), /usr/bin/tpm2)$(ptx/nl))

1. use relative links
2. src and dst are swapped

so:

		@$(call install_link, tpm2-tools, tpm2, /usr/bin/$(prog))$(ptx/nl))

Michael

>  
>  	@$(call install_finish, tpm2-tools)
>  
> -- 
> 2.30.2
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

     prev parent reply	other threads:[~2022-02-04 12:20 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-28 17:36 Christian Melki
2022-02-04 12:19 ` Michael Olbrich [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Yf0ZxwXlvKD/so//@pengutronix.de \
    --to=m.olbrich@pengutronix.de \
    --cc=christian.melki@t2data.com \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox