Re: [meta-security][PATCH 0/6] upgrade and cleanup tpm2-software


Armin Kuster
 

series merged.

thanks

On 4/10/22 08:29, Petr Gotthard wrote:
Hello. I'd suggest some "house cleaning" of the tpm2-software. (I am
a member of the tpm2-software community and an upstream developer of
the tpm2-openssl provider.)

In general:

Some tpm2-software is not having the latest versions. For the Kirkstone
I suggest upgrading to the latest, which has the best openssl 3.0 support.

Many tpm2-software have null version strings. I suggest fixing the build
procedure so that the tools are aware of the correct version. It is
crucial e.g. for library dependency checking.

There were some unused patches, some very, very old. Few other patches
have been accepted to the upstream or the upstream changed in a way the
patches are no longer needed (e.g. there is a switch to do the same thing).

Petr Gotthard (6):
tpm2-tools: fix missing version number
tpm2-openssl: update to 1.1.0
tpm2-tss: update to 3.2.0
tpm2-abrmd: update to 2.4.1
tpm2-tss-engine: fix version string and build with openssl 3.0
tpm2-pkcs11: update to 1.8.0

...pm2-abrmd_2.4.0.bb => tpm2-abrmd_2.4.1.bb} | 6 +-
.../tpm2-openssl/tpm2-openssl_1.0.bb | 11 -
.../tpm2-openssl/tpm2-openssl_1.1.0.bb | 19 +
.../0001-remove-local-binary-checkes.patch | 77 -
.../0001-ssl-compile-against-OSSL-3.0.patch | 1305 -----------------
...ssl-require-version-1.1.0-or-greater.patch | 93 --
.../tpm2-pkcs11/files/bootstrap_fixup.patch | 12 -
...2-pkcs11_1.7.0.bb => tpm2-pkcs11_1.8.0.bb} | 18 +-
.../recipes-tpm2/tpm2-tools/tpm2-tools_5.2.bb | 5 +
.../tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb | 19 +-
.../tpm2-tss/tpm2-tss/ax_pthread.m4 | 332 -----
.../tpm2-tss/fix_musl_select_include.patch | 31 -
.../tpm2-tss/tpm2-tss/fixup_hosttools.patch | 29 +-
.../{tpm2-tss_3.1.0.bb => tpm2-tss_3.2.0.bb} | 7 +-
14 files changed, 68 insertions(+), 1896 deletions(-)
rename meta-tpm/recipes-tpm2/tpm2-abrmd/{tpm2-abrmd_2.4.0.bb => tpm2-abrmd_2.4.1.bb} (90%)
delete mode 100644 meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.0.bb
create mode 100644 meta-tpm/recipes-tpm2/tpm2-openssl/tpm2-openssl_1.1.0.bb
delete mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0001-remove-local-binary-checkes.patch
delete mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0001-ssl-compile-against-OSSL-3.0.patch
delete mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/0002-ossl-require-version-1.1.0-or-greater.patch
delete mode 100644 meta-tpm/recipes-tpm2/tpm2-pkcs11/files/bootstrap_fixup.patch
rename meta-tpm/recipes-tpm2/tpm2-pkcs11/{tpm2-pkcs11_1.7.0.bb => tpm2-pkcs11_1.8.0.bb} (76%)
delete mode 100644 meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/ax_pthread.m4
delete mode 100644 meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss/fix_musl_select_include.patch
rename meta-tpm/recipes-tpm2/tpm2-tss/{tpm2-tss_3.1.0.bb => tpm2-tss_3.2.0.bb} (91%)


Join yocto@lists.yoctoproject.org to automatically receive all group messages.