On 29.11.2019 11:01, Diego Santa Cruz
via Lists.Yoctoproject.Org wrote:
I got the feedback below by private email (was
meant to be sent to the m-l), so I think I’ll go with
meta-tmp2 from meta-secure-core for now.
But I may switch to meta-tpm from meta-security
in the future as it seems to have more tpm2 related recipes
(I’m on thud for now and the tpm2-tools in thud branch of
meta-security is too old).
Any other feedback from the community?
I'm currently using meta-tpm from meta-security for tpm2-tools.
My reasoning was that this one will likely be the one to go in the
long run since it's hosted on the poky git (?).
Diego Santa Cruz, PhD
T +41 21 341 15 50
to our Newlsetter
On Wed, Nov 27, 2019 at 02:56 PM, Diego
Santa Cruz wrote:
I need to use a
TPM2 software stack for my project (tpm2-tools,
tpm2-abrmd, tpm2-tss, etc.), where I am already using
Yocto, meta-intel, meta-oe, meta-networking, etc.
I see there are
at least the following three layers that carry the
necessary TPM2 bits, with varying recipe versions.
objective is to use the TPM2 as a security chip from our
software (in the future we may extend its use to root fs
encryption keys and the like). Are there any
recommendations as to which of these layers would be
more appropriate, is better maintained, etc.?
I've personally used the meta-tpm2 layer
in meta-secure-core repo with good success on both Intel and
ARM platforms with Infineon TPM chips. In particular, I
used the cryptfs-tpm2 and secure-core initramfs recipes from
that layer for managing root fs encryption. IIRC, this
layer seemed to offer the best support for what we needed
regarding TPM2 on Yocto 'Sumo' at the time.
I haven't really looked at the other layers recently so I
can't give a comparison with those. However, I did notice a
significant amount of activity via the mailing list related
to TPM2 support for the meta-security repo in recent weeks,
so that's probably worth a look too.
meta-tpm layer in meta-security repo is not listed in
the OpenEmbedded Layer index, although meta-security
itself and some of the other layers in that repo are
listed. Is that because of a name clash with the ones
under the meta-secure-core repo, which also carries
layers named meta-tpm and meta-integrity?
Santa Cruz, PhD
Links: You receive all messages sent to this group.
View/Reply Online (#47463): https://lists.yoctoproject.org/g/yocto/message/47463
Mute This Topic: https://lists.yoctoproject.org/mt/64331549/3616795
Group Owner: yocto+owner@...
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [maciej.pijanowski@...]
Embedded Systems Engineer
https://3mdeb.com | @3mdeb_com