From patchwork Thu May 19 22:35:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 8291 X-Patchwork-Delegate: akuster808@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BF51C4332F for ; Thu, 19 May 2022 22:35:38 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web09.2037.1652999735333028131 for ; Thu, 19 May 2022 15:35:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=NYWpLyjS; spf=pass (domain: gmail.com, ip: 209.85.216.43, mailfrom: akuster808@gmail.com) Received: by mail-pj1-f43.google.com with SMTP id f10so6476841pjs.3 for ; Thu, 19 May 2022 15:35:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=c58cKITg60pt9VaMjuV/Up4Tev9kYM2+m+lkyMM9nJA=; b=NYWpLyjSMzbxDmUM8oLsSSZH6szh57gKs2kfzrPE2jlZxEY9dwid8EDQ+PZR0EORnB Dhs5vPaejeZaI+p9twitVBaFGqiKH/6TsY9xeFB5TPhwaS2+kMvXW9FyeXGNRzkS3P9D 9oQusRJ5D4uGm/uxsbgrF4YJxKyWvWwFGebov3lRxAKcSgG8LGPMRL9z+pL7mBfOAQl8 BWzHSW8AdOcxy+PtGSg7O/rv7MaTw/cDcQf67JxCaVFETIhC3eV018mZkH8v4NlA3+xF FcbvcL8FgaHYHkqO5p3QVlxeGflLJvLjukdEdGEMbi7HL4iQ+V8QXpXQJnn12bI28HOg 6ccQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=c58cKITg60pt9VaMjuV/Up4Tev9kYM2+m+lkyMM9nJA=; b=omBxicEEOepNimancqwPFXvcP2aHd4MOZBJE4qd13w6MN2Ao5D1DYyuMdL4s/eq+BP SVmU7FOvcVMsqCsWuPqa6S8CeuLUlbUSJoW/yjvC3GSCpkXAotoVageEOx1Qn5l3v8Mx N/WRpZBQjkwtE00SXx0jG6J5UN70SwAx4D0bXScsfBUXXJpled+7fIPOmafgISBXGQeo DxBtm/affML3R60nz7hurNJxE6uDN9yzIIxbY2XT2TeE8a1rFKaprEambV8LCls4FgQC 1aVxd5oouWVMqqJrZ3Wva6E5oGGnxG9FG3FcLePfanEXghdQUInLPTn4LzGOaMRZfAel 7wzw== X-Gm-Message-State: AOAM531UypaWVLt76oqV7b40uAo6KOXqczyswz6tXKcjgFcUnjrkoyjM 6YXwDrQPIeceHbI4dbdN5txiwuGW6rWvMg== X-Google-Smtp-Source: ABdhPJxmkyII8s0ieusaoEBBbBlQOlQAxbCZGXD7KFAYv5IoSGYpIFq9msh0xHgkdj2YY7SoZ9QFsw== X-Received: by 2002:a17:90b:3ec7:b0:1dc:b008:3cd3 with SMTP id rm7-20020a17090b3ec700b001dcb0083cd3mr7975843pjb.226.1652999734055; Thu, 19 May 2022 15:35:34 -0700 (PDT) Received: from keaua.hsd1.ca.comcast.net ([2601:202:4180:a5c0:eff7:a795:a3a0:cee8]) by smtp.gmail.com with ESMTPSA id y17-20020aa78f31000000b005107a4d5096sm203277pfr.30.2022.05.19.15.35.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 May 2022 15:35:33 -0700 (PDT) From: Armin Kuster To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 1/3] tpm2-pkcs11: tpm2-pkcs11 module missing Date: Thu, 19 May 2022 15:35:29 -0700 Message-Id: <20220519223531.3851892-1-akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 19 May 2022 22:35:38 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/57141 Correctly fix symlink issue by putting module in -dev pkg. Signed-off-by: Armin Kuster --- meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb index a9174e6..e8812d0 100644 --- a/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb +++ b/meta-tpm/recipes-tpm2/tpm2-pkcs11/tpm2-pkcs11_1.8.0.bb @@ -27,8 +27,13 @@ do_compile:append() { do_install:append() { install -d ${D}${libdir}/pkcs11 install -d ${D}${datadir}/p11-kit + + # remove symlinks rm -f ${D}${libdir}/pkcs11/libtpm2_pkcs11.so + #install lib + install -m 755 ${B}/src/.libs/libtpm2_pkcs11.so ${D}${libdir}/pkcs11/libtpm2_pkcs11.so + cd ${S}/tools export PYTHONPATH="${D}${PYTHON_SITEPACKAGES_DIR}" ${PYTHON_PN} setup.py install --root="${D}" --prefix="${prefix}" --install-lib="${PYTHON_SITEPACKAGES_DIR}" --optimize=1 --skip-build @@ -48,5 +53,5 @@ FILES:${PN} += "\ ${datadir}/p11-kit/* \ " -RDEPENDS:${PN} = "tpm2-tools" -RDEPENDS:${PN}-tools += "${PYTHON_PN}-setuptools ${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules" +RDEPENDS:${PN} = "p11-kit tpm2-tools " +RDEPENDS:${PN}-tools = "${PYTHON_PN}-pyyaml ${PYTHON_PN}-cryptography ${PYTHON_PN}-pyasn1-modules" From patchwork Thu May 19 22:35:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 8292 X-Patchwork-Delegate: akuster808@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 433B1C433EF for ; Thu, 19 May 2022 22:35:38 +0000 (UTC) Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) by mx.groups.io with SMTP id smtpd.web08.2067.1652999736436507788 for ; Thu, 19 May 2022 15:35:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=XimTR/8p; spf=pass (domain: gmail.com, ip: 209.85.216.48, mailfrom: akuster808@gmail.com) Received: by mail-pj1-f48.google.com with SMTP id t11-20020a17090a6a0b00b001df6f318a8bso9929135pjj.4 for ; Thu, 19 May 2022 15:35:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=SUAkJnAW6W5cD8KqAQUSv1YddJPVowkOHS01Z2+lO84=; b=XimTR/8puwWNLNviJ4MeMtGa0yMU5sLtBJZ21c0T5Aj20O1Sg1Apfh+DRZCPSYkTGE CCn2N8uLOS2BpjvS9Nlp28CwYP9G1DKE/jQ2/IAEQHp2B77mZoGN5iZEqmvRUDYhYmbO jOSAbV69QWKroPq+lnLpLZThArr7xlIraCsdzFd2lVQLAh9ceK3zPAOuyo8jVsAAK35r Br+zWaijwPiT7KVlkX8E3Gk0RDyWXd3Hn+zM70GXCSTPM+tQelu4HyXZxDaBrpOGn223 Eb04PYp31KPLS1zGF69Fn4dhBzBgA+/FSQ1AQiH5Kb3bIXllQv4pKpTUKM1x4f5NorxU pTXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=SUAkJnAW6W5cD8KqAQUSv1YddJPVowkOHS01Z2+lO84=; b=ltOhoWr/n1aGOprrUiMEHNXbspdR1BNQe+WNmXnemdeTujltP1WsYd6fd1qxM8nvHM tDmYcdfBgWln5f5ut1VCb5C/mCC1vkYhf37MZcNvggEZOXwLLgBKInRX+5n4ko+sLjcR qV9CfUKU/gCPGF55GrnrnI9rzIPcclA3XP7vkeus/2TdQ+O1AYSRf8EScJpuxTDkFRh8 AD16KOj1nklBC2x2WfWJE/Zo1c12Ko5dpRbdgmQN7GrS4lMJhhQ9zvMbb8z1W+eaaWHP EFrd0r60L8erK7a454Ib1RUfVcHudH2293c/PAGEe44hazgAXM0/Ajh395J1wU/hB3cs +vRg== X-Gm-Message-State: AOAM532bfKzVjZsVGtG6d6YexGLH2GEpOPnfZpish4idDroPPINwnCww MnhMsvf0BY1kxCgHt9xDYs3u4k3Ls9d7Sg== X-Google-Smtp-Source: ABdhPJw7lbABxFyPkDaAlOnbxWhNsuMUkYkCQRUXjKUuBflwY61s+590dm71PJI3HWdnWSuaYJwmBA== X-Received: by 2002:a17:903:2281:b0:15e:95f7:37d1 with SMTP id b1-20020a170903228100b0015e95f737d1mr6691139plh.18.1652999735547; Thu, 19 May 2022 15:35:35 -0700 (PDT) Received: from keaua.hsd1.ca.comcast.net ([2601:202:4180:a5c0:eff7:a795:a3a0:cee8]) by smtp.gmail.com with ESMTPSA id y17-20020aa78f31000000b005107a4d5096sm203277pfr.30.2022.05.19.15.35.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 May 2022 15:35:34 -0700 (PDT) From: Armin Kuster To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 2/3] tpm2-tools: Add missing rdepends Date: Thu, 19 May 2022 15:35:30 -0700 Message-Id: <20220519223531.3851892-2-akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220519223531.3851892-1-akuster808@gmail.com> References: <20220519223531.3851892-1-akuster808@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 19 May 2022 22:35:38 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/57142 Signed-off-by: Armin Kuster --- meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb index f924038..c20af7e 100644 --- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb +++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb @@ -16,3 +16,6 @@ do_configure:prepend() { # do not extract the version number from git sed -i -e 's/m4_esyscmd_s(\[git describe --tags --always --dirty\])/${PV}/' ${S}/configure.ac } + +# need tss-esys +RDEPENDS:${PN} = "libtss2 tpm2-abrmd" From patchwork Thu May 19 22:35:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: akuster808 X-Patchwork-Id: 8290 X-Patchwork-Delegate: akuster808@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44ED1C433F5 for ; Thu, 19 May 2022 22:35:38 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web10.2067.1652999737701644320 for ; Thu, 19 May 2022 15:35:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=HPLwL2gW; spf=pass (domain: gmail.com, ip: 209.85.215.172, mailfrom: akuster808@gmail.com) Received: by mail-pg1-f172.google.com with SMTP id q76so6223703pgq.10 for ; Thu, 19 May 2022 15:35:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=ac0LKZUgJrBTwofmoyy+5SwKYji1Tc/4tXHpohXKGYs=; b=HPLwL2gWdSftZ+H1zgSI5rCRmvLrm8StF6bmlFYyZ+yZkX5h87dtAd2zYGmLLQ/TBn BPdfIwLLWL3ACnSMJpAdClS3wN5Z/h3qevMO3GbDD/iO1ZFghAdICgmBCEvNMnf/eE1P xbOCVRaBovyitWFP0p1nBJSOM2qU2KWV1LyAh0f7s8Ksgy+8W8JTMF4qCBqqWvKx3fXb zTWWTSuNzX1OLTybWiFnDTpH6ODczQ3BJgaiIqbelJruZ+/Hoz6jNc6AsRHJE9nc8eJf ppul+DkUFQSZDsJ6SVbM8GPcocYtUfWGhjLKs9lZOGypdsJmVE/Ugg+R71wLNz0SMvxl l7qQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ac0LKZUgJrBTwofmoyy+5SwKYji1Tc/4tXHpohXKGYs=; b=RZ228NscKdtvATxgr496osBjnl/cNQ+r4Y8NUbGgQb0UiMDXj2hDeOQzA+fE8ofFDX mO02m0FS6jnsDUBaN2LMIgLkYUf0IpUH6sVfQZQ+uhWmqVGDavO+5R6Wb6RNMG7pBUVN nyk6xgSejKlQOGBYsC+mFIV5ozGa2E2uWENX/wzTOLBpD1tdSHGI4UgdDKiiB7N/8/NH DL6eMIGaWSkvbCrKvHGn9O2G7cQJa7ZwefT4BjMVX7sUUg9qwDJkg7QQTLFyg/PKK5VU emH7hqvYo6xsrtTGdj64paxVfEcqiomeDC4fYUFtdCDk2FEBsNHjCdXmAtKpBdEJsIAk j4GA== X-Gm-Message-State: AOAM530DXRV4UDNtJm/09ife0naFusRgdZaSJZsqpgBse0lP4bQp7rrj 3E7ruoSI+ih/INJUyIXVaRpRROSNItSOXw== X-Google-Smtp-Source: ABdhPJypNsfzHEBzm/oRGVIXJp2lkcoBgy1Z+gHR9VfvSvHuI194OFBivLirUfxWxvHxMn3CsKJn0Q== X-Received: by 2002:a65:5b0e:0:b0:3f5:d7c2:b3b3 with SMTP id y14-20020a655b0e000000b003f5d7c2b3b3mr5807017pgq.256.1652999736805; Thu, 19 May 2022 15:35:36 -0700 (PDT) Received: from keaua.hsd1.ca.comcast.net ([2601:202:4180:a5c0:eff7:a795:a3a0:cee8]) by smtp.gmail.com with ESMTPSA id y17-20020aa78f31000000b005107a4d5096sm203277pfr.30.2022.05.19.15.35.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 May 2022 15:35:36 -0700 (PDT) From: Armin Kuster To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 3/3] oeqa/cases/tpm2: fix and enhance test suite Date: Thu, 19 May 2022 15:35:31 -0700 Message-Id: <20220519223531.3851892-3-akuster808@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220519223531.3851892-1-akuster808@gmail.com> References: <20220519223531.3851892-1-akuster808@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 19 May 2022 22:35:38 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/57143 local.conf TEST_SUITES = "ssh ping tpm2" IMAGE_INSTALL:append = " swtpm tpm2-pkcs11" RESULTS: RESULTS - ping.PingTest.test_ping: PASSED (0.05s) RESULTS - ssh.SSHTest.test_ssh: PASSED (2.19s) RESULTS - tpm2.Tpm2Test.test_tpm2_pcrread: PASSED (1.06s) RESULTS - tpm2.Tpm2Test.test_tpm2_pkcs11: PASSED (1.17s) RESULTS - tpm2.Tpm2Test.test_tpm2_swtpm_reset: PASSED (0.59s) RESULTS - tpm2.Tpm2Test.test_tpm2_swtpm_socket: PASSED (307.72s) Signed-off-by: Armin Kuster --- meta-tpm/lib/oeqa/runtime/cases/tpm2.py | 41 +++++++++++++++++-------- 1 file changed, 29 insertions(+), 12 deletions(-) diff --git a/meta-tpm/lib/oeqa/runtime/cases/tpm2.py b/meta-tpm/lib/oeqa/runtime/cases/tpm2.py index c6f9d92..c2c95e7 100644 --- a/meta-tpm/lib/oeqa/runtime/cases/tpm2.py +++ b/meta-tpm/lib/oeqa/runtime/cases/tpm2.py @@ -16,28 +16,45 @@ class Tpm2Test(OERuntimeTestCase): if expected_endlines: self.fail('Missing expected line endings:\n %s' % '\n '.join(expected_endlines)) - @OEHasPackage(['tpm2-tss']) - @OEHasPackage(['tpm2-abrmd']) @OEHasPackage(['tpm2-tools']) - @OEHasPackage(['ibmswtpm2']) + @OEHasPackage(['tpm2-abrmd']) + @OEHasPackage(['swtpm']) @OETestDepends(['ssh.SSHTest.test_ssh']) - def test_tpm2_sim(self): + def test_tpm2_swtpm_socket(self): cmds = [ - 'tpm_server &', - 'tpm2-abrmd --allow-root --tcti=mssim &' + 'mkdir /tmp/myvtpm', + 'swtpm socket --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init &', + 'export TPM2TOOLS_TCTI="swtpm:port=2321"', + 'tpm2_startup -c' ] for cmd in cmds: status, output = self.target.run(cmd) self.assertEqual(status, 0, msg='\n'.join([cmd, output])) - @OETestDepends(['tpm2.Tpm2Test.test_tpm2_sim']) - def test_tpm2(self): - (status, output) = self.target.run('tpm2_pcrlist') + @OETestDepends(['tpm2.Tpm2Test.test_tpm2_swtpm_socket']) + def test_tpm2_pcrread(self): + (status, output) = self.target.run('tpm2_pcrread') expected_endlines = [] - expected_endlines.append('sha1 :') - expected_endlines.append(' 0 : 0000000000000000000000000000000000000003') - expected_endlines.append(' 1 : 0000000000000000000000000000000000000000') + expected_endlines.append(' sha1:') + expected_endlines.append(' 0 : 0x0000000000000000000000000000000000000000') + expected_endlines.append(' 1 : 0x0000000000000000000000000000000000000000') + expected_endlines.append(' sha256:') + expected_endlines.append(' 0 : 0x0000000000000000000000000000000000000000000000000000000000000000') + expected_endlines.append(' 1 : 0x0000000000000000000000000000000000000000000000000000000000000000') + self.check_endlines(output, expected_endlines) + + @OEHasPackage(['p11-kit']) + @OEHasPackage(['tpm2-pkcs11']) + @OETestDepends(['tpm2.Tpm2Test.test_tpm2_swtpm_socket']) + def test_tpm2_pkcs11(self): + (status, output) = self.target.run('p11-kit list-modules -v') + self.assertEqual(status, 0, msg="Modules missing: %s" % output) + + @OETestDepends(['tpm2.Tpm2Test.test_tpm2_pkcs11']) + def test_tpm2_swtpm_reset(self): + (status, output) = self.target.run('swtpm_ioctl -i --tcp :2322') + self.assertEqual(status, 0, msg="swtpm reset failed: %s" % output)