From: Michael Olbrich <m.olbrich@pengutronix.de>
To: Christian Melki <christian.melki@t2data.com>
Cc: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH v4] tpm2-tools: Version bump. 4.1 -> 5.2
Date: Fri, 4 Feb 2022 13:19:19 +0100 [thread overview]
Message-ID: <Yf0ZxwXlvKD/so//@pengutronix.de> (raw)
In-Reply-To: <20220128173643.2593042-1-christian.melki@t2data.com>
On Fri, Jan 28, 2022 at 06:36:43PM +0100, Christian Melki wrote:
> Approx 2 years worth of fixes.
> https://github.com/tpm2-software/tpm2-tools/releases
>
> * Fixes CVE-2021-3565.
> * Update license file hash. File moved to a new directory.
> * tpm2-tools now optionally depends on EFIVAR for prettyprinting
> device paths.
> * Update tpm2 binaries. Change them to softlinks. Binary wants
> to be called busybox-style.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> ---
> rules/tpm2-tools.in | 14 +++++++++++++-
> rules/tpm2-tools.make | 34 +++++++++++++++++++++++++++-------
> 2 files changed, 40 insertions(+), 8 deletions(-)
>
> diff --git a/rules/tpm2-tools.in b/rules/tpm2-tools.in
> index 4c9cbaa92..20a3a7b7e 100644
> --- a/rules/tpm2-tools.in
> +++ b/rules/tpm2-tools.in
> @@ -1,13 +1,25 @@
> ## SECTION=tpm
>
> -config TPM2_TOOLS
> +menuconfig TPM2_TOOLS
> tristate
> select TPM2_TSS
> select OPENSSL
> select LIBCURL
> + select EFIVAR if TPM2_TOOLS_USE_EFIVAR
> prompt "tpm2-tools"
> help
> This package contains a set of tools to use with TPM 2.0
> chips, for common tasks and features provided by the
> hardware; such as for doing basic key management,
> attestation, encryption and signing.
> +
> +if TPM2_TOOLS
> +
> +config TPM2_TOOLS_USE_EFIVAR
> + bool
> + prompt "Use efivar"
> + help
> + Building with efivar enables pretty-printing of
> + the device path.
> +
> +endif
> diff --git a/rules/tpm2-tools.make b/rules/tpm2-tools.make
> index ead881ffb..829df1bdc 100644
> --- a/rules/tpm2-tools.make
> +++ b/rules/tpm2-tools.make
> @@ -14,15 +14,15 @@ PACKAGES-$(PTXCONF_TPM2_TOOLS) += tpm2-tools
> #
> # Paths and names
> #
> -TPM2_TOOLS_VERSION := 4.1
> -TPM2_TOOLS_MD5 := aecec22668233776922909f2ebf55e65
> +TPM2_TOOLS_VERSION := 5.2
> +TPM2_TOOLS_MD5 := 0057615ef43b9322d4577fc3bde0e8d6
> TPM2_TOOLS := tpm2-tools-$(TPM2_TOOLS_VERSION)
> TPM2_TOOLS_SUFFIX := tar.gz
> TPM2_TOOLS_URL := https://github.com/tpm2-software/tpm2-tools/releases/download/$(TPM2_TOOLS_VERSION)/$(TPM2_TOOLS).$(TPM2_TOOLS_SUFFIX)
> TPM2_TOOLS_SOURCE := $(SRCDIR)/$(TPM2_TOOLS).$(TPM2_TOOLS_SUFFIX)
> TPM2_TOOLS_DIR := $(BUILDDIR)/$(TPM2_TOOLS)
> TPM2_TOOLS_LICENSE := BSD-3-Clause
> -TPM2_TOOLS_LICENSE_FILES := file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc
> +TPM2_TOOLS_LICENSE_FILES := file://doc/LICENSE;md5=a846608d090aa64494c45fc147cc12e3
>
> # ----------------------------------------------------------------------------
> # Prepare
> @@ -32,6 +32,10 @@ TPM2_TOOLS_LICENSE_FILES := file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc
> # autoconf
> #
> TPM2_TOOLS_CONF_TOOL := autoconf
> +TPM2_TOOLS_CONF_ENV := \
> + $(CROSS_ENV) \
> + $(call ptx/ifdef, PTXCONF_TPM2_TOOLS_USE_EFIVAR,,ac_cv_header_efivar_efivar_h=no)
> +
> TPM2_TOOLS_CONF_OPT := \
> $(CROSS_AUTOCONF_USR) \
> --enable-debug=info \
> @@ -48,10 +52,11 @@ TPM2_TOOLS_CFLAGS := \
> # Target-Install
> # ----------------------------------------------------------------------------
>
> -TPM2_TOOLS_PROGS := \
> +TPM2_TOOLS_TPM2_PROGS := \
> tpm2_activatecredential \
> tpm2_certify \
> tpm2_certifycreation \
> + tpm2_certifyX509certutil \
> tpm2_changeauth \
> tpm2_changeeps \
> tpm2_changepps \
> @@ -59,6 +64,7 @@ TPM2_TOOLS_PROGS := \
> tpm2_clear \
> tpm2_clearcontrol \
> tpm2_clockrateadjust \
> + tpm2_commit \
> tpm2_create \
> tpm2_createak \
> tpm2_createek \
> @@ -66,12 +72,20 @@ TPM2_TOOLS_PROGS := \
> tpm2_createprimary \
> tpm2_dictionarylockout \
> tpm2_duplicate \
> + tpm2_ecdhkeygen \
> + tpm2_ecdhzgen \
> + tpm2_ecephemeral \
> tpm2_encryptdecrypt \
> + tpm2_eventlog \
> tpm2_evictcontrol \
> tpm2_flushcontext \
> tpm2_getcap \
> + tpm2_getcommandauditdigest \
> + tpm2_geteccparameters \
> tpm2_getekcertificate \
> + tpm2_getpolicydigest \
> tpm2_getrandom \
> + tpm2_getsessionauditdigest \
> tpm2_gettestresult \
> tpm2_gettime \
> tpm2_hash \
> @@ -103,6 +117,7 @@ TPM2_TOOLS_PROGS := \
> tpm2_policyauthvalue \
> tpm2_policycommandcode \
> tpm2_policycountertimer \
> + tpm2_policycphash \
> tpm2_policyduplicationselect \
> tpm2_policylocality \
> tpm2_policynamehash \
> @@ -125,7 +140,9 @@ TPM2_TOOLS_PROGS := \
> tpm2_rsaencrypt \
> tpm2_selftest \
> tpm2_send \
> + tpm2_sessionconfig \
> tpm2_setclock \
> + tpm2_setcommandauditstatus \
> tpm2_setprimarypolicy \
> tpm2_shutdown \
> tpm2_sign \
> @@ -134,7 +151,8 @@ TPM2_TOOLS_PROGS := \
> tpm2_stirrandom \
> tpm2_testparms \
> tpm2_unseal \
> - tpm2_verifysignature
> + tpm2_verifysignature \
> + tpm2_zgen2phase
>
> $(STATEDIR)/tpm2-tools.targetinstall:
> @$(call targetinfo)
> @@ -145,8 +163,10 @@ $(STATEDIR)/tpm2-tools.targetinstall:
> @$(call install_fixup, tpm2-tools,AUTHOR,"Marc Kleine-Budde <mkl@pengutronix.de>")
> @$(call install_fixup, tpm2-tools,DESCRIPTION,missing)
>
> - @$(foreach prog, $(TPM2_TOOLS_PROGS), \
> - $(call install_copy, tpm2-tools, 0, 0, 0755, -, /usr/bin/$(prog))$(ptx/nl))
> + @$(call install_copy, tpm2-tools, 0, 0, 0755, -, /usr/bin/tpm2)
> +
> + @$(foreach prog, $(TPM2_TOOLS_TPM2_PROGS), \
> + @$(call install_link, tpm2-tools, /usr/bin/$(prog), /usr/bin/tpm2)$(ptx/nl))
1. use relative links
2. src and dst are swapped
so:
@$(call install_link, tpm2-tools, tpm2, /usr/bin/$(prog))$(ptx/nl))
Michael
>
> @$(call install_finish, tpm2-tools)
>
> --
> 2.30.2
>
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
prev parent reply other threads:[~2022-02-04 12:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-28 17:36 Christian Melki
2022-02-04 12:19 ` Michael Olbrich [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yf0ZxwXlvKD/so//@pengutronix.de \
--to=m.olbrich@pengutronix.de \
--cc=christian.melki@t2data.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox