From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 04 Feb 2022 13:20:08 +0100 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nFxZQ-005WQf-LE for lore@lore.pengutronix.de; Fri, 04 Feb 2022 13:20:08 +0100 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1nFxZP-0003RR-JR; Fri, 04 Feb 2022 13:20:07 +0100 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nFxYf-0003R5-JY; Fri, 04 Feb 2022 13:19:21 +0100 Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1nFxYf-00ETf2-Ck; Fri, 04 Feb 2022 13:19:20 +0100 Received: from mol by dude03.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1nFxYd-0062k8-Di; Fri, 04 Feb 2022 13:19:19 +0100 Date: Fri, 4 Feb 2022 13:19:19 +0100 From: Michael Olbrich To: Christian Melki Message-ID: Mail-Followup-To: Christian Melki , ptxdist@pengutronix.de References: <20220128173643.2593042-1-christian.melki@t2data.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20220128173643.2593042-1-christian.melki@t2data.com> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-IRC: #ptxdist @freenode X-Accept-Language: de,en X-Accept-Content-Type: text/plain Subject: Re: [ptxdist] [PATCH v4] tpm2-tools: Version bump. 4.1 -> 5.2 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false On Fri, Jan 28, 2022 at 06:36:43PM +0100, Christian Melki wrote: > Approx 2 years worth of fixes. > https://github.com/tpm2-software/tpm2-tools/releases > > * Fixes CVE-2021-3565. > * Update license file hash. File moved to a new directory. > * tpm2-tools now optionally depends on EFIVAR for prettyprinting > device paths. > * Update tpm2 binaries. Change them to softlinks. Binary wants > to be called busybox-style. > > Signed-off-by: Christian Melki > --- > rules/tpm2-tools.in | 14 +++++++++++++- > rules/tpm2-tools.make | 34 +++++++++++++++++++++++++++------- > 2 files changed, 40 insertions(+), 8 deletions(-) > > diff --git a/rules/tpm2-tools.in b/rules/tpm2-tools.in > index 4c9cbaa92..20a3a7b7e 100644 > --- a/rules/tpm2-tools.in > +++ b/rules/tpm2-tools.in > @@ -1,13 +1,25 @@ > ## SECTION=tpm > > -config TPM2_TOOLS > +menuconfig TPM2_TOOLS > tristate > select TPM2_TSS > select OPENSSL > select LIBCURL > + select EFIVAR if TPM2_TOOLS_USE_EFIVAR > prompt "tpm2-tools" > help > This package contains a set of tools to use with TPM 2.0 > chips, for common tasks and features provided by the > hardware; such as for doing basic key management, > attestation, encryption and signing. > + > +if TPM2_TOOLS > + > +config TPM2_TOOLS_USE_EFIVAR > + bool > + prompt "Use efivar" > + help > + Building with efivar enables pretty-printing of > + the device path. > + > +endif > diff --git a/rules/tpm2-tools.make b/rules/tpm2-tools.make > index ead881ffb..829df1bdc 100644 > --- a/rules/tpm2-tools.make > +++ b/rules/tpm2-tools.make > @@ -14,15 +14,15 @@ PACKAGES-$(PTXCONF_TPM2_TOOLS) += tpm2-tools > # > # Paths and names > # > -TPM2_TOOLS_VERSION := 4.1 > -TPM2_TOOLS_MD5 := aecec22668233776922909f2ebf55e65 > +TPM2_TOOLS_VERSION := 5.2 > +TPM2_TOOLS_MD5 := 0057615ef43b9322d4577fc3bde0e8d6 > TPM2_TOOLS := tpm2-tools-$(TPM2_TOOLS_VERSION) > TPM2_TOOLS_SUFFIX := tar.gz > TPM2_TOOLS_URL := https://github.com/tpm2-software/tpm2-tools/releases/download/$(TPM2_TOOLS_VERSION)/$(TPM2_TOOLS).$(TPM2_TOOLS_SUFFIX) > TPM2_TOOLS_SOURCE := $(SRCDIR)/$(TPM2_TOOLS).$(TPM2_TOOLS_SUFFIX) > TPM2_TOOLS_DIR := $(BUILDDIR)/$(TPM2_TOOLS) > TPM2_TOOLS_LICENSE := BSD-3-Clause > -TPM2_TOOLS_LICENSE_FILES := file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc > +TPM2_TOOLS_LICENSE_FILES := file://doc/LICENSE;md5=a846608d090aa64494c45fc147cc12e3 > > # ---------------------------------------------------------------------------- > # Prepare > @@ -32,6 +32,10 @@ TPM2_TOOLS_LICENSE_FILES := file://LICENSE;md5=0eb1216e46938bd723098d93a23c3bcc > # autoconf > # > TPM2_TOOLS_CONF_TOOL := autoconf > +TPM2_TOOLS_CONF_ENV := \ > + $(CROSS_ENV) \ > + $(call ptx/ifdef, PTXCONF_TPM2_TOOLS_USE_EFIVAR,,ac_cv_header_efivar_efivar_h=no) > + > TPM2_TOOLS_CONF_OPT := \ > $(CROSS_AUTOCONF_USR) \ > --enable-debug=info \ > @@ -48,10 +52,11 @@ TPM2_TOOLS_CFLAGS := \ > # Target-Install > # ---------------------------------------------------------------------------- > > -TPM2_TOOLS_PROGS := \ > +TPM2_TOOLS_TPM2_PROGS := \ > tpm2_activatecredential \ > tpm2_certify \ > tpm2_certifycreation \ > + tpm2_certifyX509certutil \ > tpm2_changeauth \ > tpm2_changeeps \ > tpm2_changepps \ > @@ -59,6 +64,7 @@ TPM2_TOOLS_PROGS := \ > tpm2_clear \ > tpm2_clearcontrol \ > tpm2_clockrateadjust \ > + tpm2_commit \ > tpm2_create \ > tpm2_createak \ > tpm2_createek \ > @@ -66,12 +72,20 @@ TPM2_TOOLS_PROGS := \ > tpm2_createprimary \ > tpm2_dictionarylockout \ > tpm2_duplicate \ > + tpm2_ecdhkeygen \ > + tpm2_ecdhzgen \ > + tpm2_ecephemeral \ > tpm2_encryptdecrypt \ > + tpm2_eventlog \ > tpm2_evictcontrol \ > tpm2_flushcontext \ > tpm2_getcap \ > + tpm2_getcommandauditdigest \ > + tpm2_geteccparameters \ > tpm2_getekcertificate \ > + tpm2_getpolicydigest \ > tpm2_getrandom \ > + tpm2_getsessionauditdigest \ > tpm2_gettestresult \ > tpm2_gettime \ > tpm2_hash \ > @@ -103,6 +117,7 @@ TPM2_TOOLS_PROGS := \ > tpm2_policyauthvalue \ > tpm2_policycommandcode \ > tpm2_policycountertimer \ > + tpm2_policycphash \ > tpm2_policyduplicationselect \ > tpm2_policylocality \ > tpm2_policynamehash \ > @@ -125,7 +140,9 @@ TPM2_TOOLS_PROGS := \ > tpm2_rsaencrypt \ > tpm2_selftest \ > tpm2_send \ > + tpm2_sessionconfig \ > tpm2_setclock \ > + tpm2_setcommandauditstatus \ > tpm2_setprimarypolicy \ > tpm2_shutdown \ > tpm2_sign \ > @@ -134,7 +151,8 @@ TPM2_TOOLS_PROGS := \ > tpm2_stirrandom \ > tpm2_testparms \ > tpm2_unseal \ > - tpm2_verifysignature > + tpm2_verifysignature \ > + tpm2_zgen2phase > > $(STATEDIR)/tpm2-tools.targetinstall: > @$(call targetinfo) > @@ -145,8 +163,10 @@ $(STATEDIR)/tpm2-tools.targetinstall: > @$(call install_fixup, tpm2-tools,AUTHOR,"Marc Kleine-Budde ") > @$(call install_fixup, tpm2-tools,DESCRIPTION,missing) > > - @$(foreach prog, $(TPM2_TOOLS_PROGS), \ > - $(call install_copy, tpm2-tools, 0, 0, 0755, -, /usr/bin/$(prog))$(ptx/nl)) > + @$(call install_copy, tpm2-tools, 0, 0, 0755, -, /usr/bin/tpm2) > + > + @$(foreach prog, $(TPM2_TOOLS_TPM2_PROGS), \ > + @$(call install_link, tpm2-tools, /usr/bin/$(prog), /usr/bin/tpm2)$(ptx/nl)) 1. use relative links 2. src and dst are swapped so: @$(call install_link, tpm2-tools, tpm2, /usr/bin/$(prog))$(ptx/nl)) Michael > > @$(call install_finish, tpm2-tools) > > -- > 2.30.2 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de