tpm2: add openssl, tpm2-tools, and tpm2-tss modules

Signed-off-by: Trammell Hudson <hudson@trmm.net>
2024-12-18 20:47:55 +00:00 · 2020-11-04 14:46:34 -05:00 · 2020-11-04 14:46:34 -05:00 · 4253c4de76
commit 4253c4de76
parent 9395f91d02
5 changed files with 126 additions and 0 deletions
--- a/2
+++ b/2
@ -491,6 +491,8 @@ bin_modules-$(CONFIG_FBWHIPTAIL) += fbwhiptail
 bin_modules-$(CONFIG_HOTPKEY) += hotp-verification
 bin_modules-$(CONFIG_MSRTOOLS) += msrtools
 bin_modules-$(CONFIG_NKSTORECLI) += nkstorecli
+bin_modules-$(CONFIG_OPENSSL) += openssl
+bin_modules-$(CONFIG_TPM2_TOOLS) += tpm2-tools

 $(foreach m, $(bin_modules-y), \
 	$(call map,initrd_bin_add,$(call bins,$m)) \
--- a/modules/openssl
+++ b/modules/openssl
@ -0,0 +1,36 @@
+# OpenSSL library
+modules-$(CONFIG_OPENSSL) += openssl
+
+openssl_version := 1_1_1h
+openssl_dir := openssl-$(openssl_version)
+openssl_tar := openssl-$(openssl_version).tar.gz
+openssl_url := https://github.com/openssl/openssl/archive/OpenSSL_$(openssl_version).tar.gz
+openssl_hash := d1f723c1f6b6d1eaf26655caa50d2f60d4d33f4b04977b1da63def878f386fcc
+
+# hack to provide path to libgcc
+LIBGCC_DIR := $(dir $(shell $(heads_cc) -print-libgcc-file-name))
+
+openssl_configure := \
+	$(CROSS_TOOLS) \
+	LDFLAGS="-L$(LIBGCC_DIR)" \
+	./Configure \
+		--prefix="/" \
+		linux-x86_64 \
+
+openssl_target := $(MAKE_JOBS) \
+	build_programs \
+	&& \
+	$(MAKE) \
+		-C "$(build)/$(openssl_dir)" \
+		DESTDIR="$(INSTALL)" \
+		LIBDIR="lib" \
+		install_sw \
+
+openssl_libraries := \
+	libcrypto.so.1.1 \
+	libssl.so.1.1 \
+
+openssl_output := \
+	apps/openssl \
+
+openssl_depends := $(musl_dep)
--- a/modules/tpm2-tools
+++ b/modules/tpm2-tools
@ -0,0 +1,28 @@
+# TPM2 tools program
+modules-$(CONFIG_TPM2_TOOLS) += tpm2-tools
+
+#tpm2-tools_version := 4.3.0
+tpm2-tools_version := 78a7681
+tpm2-tools_repo := https://github.com/tpm2-software/tpm2-tools.git
+
+tpm2-tools_dir := tpm2-tools-$(tpm2-tools_version)
+tpm2-tools_tar := tpm2-tools-$(tpm2-tools_version).tar.gz
+tpm2-tools_url := https://github.com/tpm2-software/tpm2-tools/releases/download/$(tpm2-tools_version)/$(tpm2-tools_tar)
+tpm2-tools_hash := ae009b3495b44a16faa3d94d41ac9c9d99c71723482efad53c5eea17eeed80fc
+
+# we have ESYS 3.0, but it doesn't figure that out on its own
+tpm2-tools_configure := ./bootstrap && ./configure \
+	$(CROSS_TOOLS) \
+	--host i386-elf-linux \
+	--prefix "/" \
+	TSS2_ESYS_3_0_CFLAGS="-I$(INSTALL)/include" \
+	TSS2_ESYS_3_0_LIBS="-ltss2-esys" \
+
+tpm2-tools_target := $(MAKE_JOBS) \
+	DESTDIR="$(INSTALL)" \
+	$(CROSS_TOOLS) \
+	install \
+
+tpm2-tools_output := tools/tpm2
+
+tpm2-tools_depends := tpm2-tss $(musl_dep)
--- a/modules/tpm2-tss
+++ b/modules/tpm2-tss
@ -0,0 +1,39 @@
+# TPM2 TSS library
+modules-$(CONFIG_TPM2_TSS) += tpm2-tss
+
+tpm2-tss_version := 2.4.3
+tpm2-tss_dir := tpm2-tss-$(tpm2-tss_version)
+tpm2-tss_tar := tpm2-tss-$(tpm2-tss_version).tar.gz
+tpm2-tss_url := https://github.com/tpm2-software/tpm2-tss/releases/download/$(tpm2-tss_version)/$(tpm2-tss_tar)
+tpm2-tss_hash := e294677f8993234d0adfa191a5cbf9c5b83cc60c724c233e3d631c26712abea0
+
+tpm2-tss_configure := ./configure \
+	$(CROSS_TOOLS) \
+	--host i386-elf-linux \
+	--prefix "/" \
+	--disable-doxygen-doc \
+	--disable-doxygen-man \
+	--disable-doxygen-rtf \
+	--disable-doxygen-html \
+	--disable-fapi \
+
+# Run one build to generate the executables with the pre-defined
+# exec_prefix and datarootdir, then a second make to install the binaries
+# into our actual target location
+
+tpm2-tss_target := $(MAKE_JOBS) \
+	DESTDIR="$(INSTALL)" \
+	$(CROSS_TOOLS) \
+	install \
+
+# tpm2 binary wants to dlopen some libraries, so be sure that
+# they are available.  It would be nice to statically link these.
+tpm2-tss_libraries := \
+	src/tss2-rc/.libs/libtss2-rc.so.0 \
+	src/tss2-mu/.libs/libtss2-mu.so.0 \
+	src/tss2-sys/.libs/libtss2-sys.so.0 \
+	src/tss2-esys/.libs/libtss2-esys.so.0 \
+	src/tss2-tcti/.libs/libtss2-tctildr.so.0 \
+	src/tss2-tcti/.libs/libtss2-tcti-device.so.0 \
+
+tpm2-tss_depends := openssl $(musl_dep)
--- a/patches/tpm2-tools.patch
+++ b/patches/tpm2-tools.patch
@ -0,0 +1,21 @@
+diff --git a/Makefile.am b/Makefile.am
+index c58f0f34..a2bade09 100644
+--- a/Makefile.am
+++ b/Makefile.am
+@@ -93,7 +93,7 @@ tss2_tools = \
+ 
+ # Bundle all the tools into a single program similar to busybox
+ bin_PROGRAMS += tools/tpm2
+-tools_tpm2_LDADD = $(LDADD) $(CURL_LIBS)
+tools_tpm2_LDADD = $(LDADD)
+ tools_tpm2_CFLAGS = $(AM_CFLAGS) -DTPM2_TOOLS_MAX="$(words $(tpm2_tools))"
+ tools_tpm2_SOURCES = \
+ 	tools/tpm2_tool.c \
+@@ -127,7 +127,6 @@ tpm2_tools = \
+     tools/tpm2_encryptdecrypt.c \
+     tools/tpm2_evictcontrol.c \
+     tools/tpm2_flushcontext.c \
+-    tools/tpm2_getekcertificate.c \
+     tools/tpm2_getrandom.c \
+     tools/tpm2_gettime.c \
+     tools/tpm2_hash.c \