2022-08-25 18:43:31 +00:00
|
|
|
# TPM2 tools program
|
|
|
|
modules-$(CONFIG_TPM2_TOOLS) += tpm2-tools
|
|
|
|
|
tpm2-tools: Change sense of CONFIG_TPM to mean any TPM, not just TPM1.
Most logic throughout Heads doesn't need to know TPM1 versus TPM2 (and
shouldn't, the differences should be localized). Some checks were
incorrect and are fixed by this change. Most checks are now unchanged
relative to master.
There are not that many places outside of tpmr that need to
differentiate TPM1 and TPM2. Some of those are duplicate code that
should be consolidated (seal-hotpkey, unseal-totp, unseal-hotp), and
some more are probably good candidates for abstracting in tpmr so the
business logic doesn't have to know TPM1 vs. TPM2.
Previously, CONFIG_TPM could be variously 'y', 'n', or empty. Now it
is always 'y' or 'n', and 'y' means "any TPM". Board configs are
unchanged, setting CONFIG_TPM2_TOOLS=y implies CONFIG_TPM=y so this
doesn't have to be duplicated and can't be mistakenly mismatched.
There were a few checks for CONFIG_TPM = n that only coincidentally
worked for TPM2 because CONFIG_TPM was empty (not 'n'). This test is
now OK, but the checks were also cleaned up to '!= "y"' for robustness.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-02-22 21:30:07 +00:00
|
|
|
# CONFIG_TPM means any TPM version. (CONFIG_TPM2_TOOLS differentiates them when
|
|
|
|
# they must be handled differently, which should be localized.) Boards setting
|
|
|
|
# CONFIG_TPM2_TOOLS=y imply CONFIG_TPM=y.
|
|
|
|
ifeq "$(CONFIG_TPM2_TOOLS)" "y"
|
|
|
|
export CONFIG_TPM=y
|
|
|
|
endif
|
|
|
|
|
2024-04-02 16:18:39 +00:00
|
|
|
tpm2-tools_version := 5.6
|
2022-08-25 18:43:31 +00:00
|
|
|
|
|
|
|
tpm2-tools_dir := tpm2-tools-$(tpm2-tools_version)
|
|
|
|
tpm2-tools_tar := tpm2-tools-$(tpm2-tools_version).tar.gz
|
|
|
|
tpm2-tools_url := https://github.com/tpm2-software/tpm2-tools/releases/download/$(tpm2-tools_version)/$(tpm2-tools_tar)
|
2024-04-02 16:18:39 +00:00
|
|
|
tpm2-tools_hash := 52c8bcbaadca082abfe5eb7ee4967d2d632d84b1677675f2f071b6d2ec22cec3
|
2022-08-25 18:43:31 +00:00
|
|
|
|
2024-04-02 16:18:39 +00:00
|
|
|
#tpm2-tools 5.6 adds release version based on git, while tarball downloaded doesn't include any .git
|
|
|
|
# the patch comments out git output to ./VERSION, and we fill it here based on this Makefile's version
|
|
|
|
#tpm2-tools doesn't play nice with reproducible builds, hardcoding lib paths without providing a configure option to remove rpaths
|
|
|
|
# We make sure no hardcoding of libdir flags exist in configure script prior of calling the script with sed call
|
|
|
|
# We pass additional remapping of prefix-map from $INSTALL to local dir
|
2024-04-09 16:36:03 +00:00
|
|
|
#
|
|
|
|
# TODO: remove all patches and uniformize with similar sed calls.
|
2024-03-27 20:14:31 +00:00
|
|
|
tpm2-tools_configure := \
|
2024-04-02 16:18:39 +00:00
|
|
|
echo "$(tpm2-tools_version)" > ./VERSION \
|
|
|
|
&& ./bootstrap \
|
2024-04-09 16:36:03 +00:00
|
|
|
&& sed -i 's/hardcode_libdir_flag_spec=.*/hardcode_libdir_flag_spec=" "/' configure \
|
2024-03-27 20:14:31 +00:00
|
|
|
&& ./configure \
|
2022-08-25 18:43:31 +00:00
|
|
|
$(CROSS_TOOLS) \
|
|
|
|
--host $(MUSL_ARCH)-elf-linux \
|
|
|
|
--prefix "/" \
|
|
|
|
--disable-fapi \
|
2024-04-02 16:18:39 +00:00
|
|
|
CFLAGS="-fdebug-prefix-map=$(INSTALL)=." \
|
2022-08-25 18:43:31 +00:00
|
|
|
|
|
|
|
tpm2-tools_target := $(MAKE_JOBS) \
|
|
|
|
DESTDIR="$(INSTALL)" \
|
|
|
|
$(CROSS_TOOLS) \
|
|
|
|
install \
|
|
|
|
|
|
|
|
tpm2-tools_output := tools/tpm2
|
|
|
|
|
2023-02-21 22:15:09 +00:00
|
|
|
tpm2-tools_depends := openssl tpm2-tss $(musl_dep)
|