ZhuningOS/tpm2-0-tss
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initialize for tpm2-0-tss

Browse source
This commit is contained in:
zyppe 2024-02-29 15:56:00 +08:00
commit ba6e63314d
6 changed files with 757 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
tpm2-tss-3.1.0.tar.gz

1
.tpm2-0-tss.metadata Normal file
View file

@ -0,0 +1 @@
53825fa88d437d7e433493510181af5df86e3f8adaae7b951bb5850ed4b69f49 tpm2-tss-3.1.0.tar.gz

90
0001-tss2_rc-ensure-layer-number-is-in-bounds.patch Normal file
View file

@ -0,0 +1,90 @@
From 306490c8d848c367faa2d9df81f5e69dab46ffb5 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Thu, 19 Jan 2023 11:53:06 -0600
Subject: [PATCH] tss2_rc: ensure layer number is in bounds
The layer handler array was defined as 255, the max number of uint8,
which is the size of the layer field, however valid values are 0-255
allowing for 256 possibilities and thus the array was off by one and
needed to be sized to 256 entries. Update the size and add tests.
Note: previous implementations incorrectly dropped bits on unknown error
output, ie TSS2_RC of 0xFFFFFF should yeild a string of 255:0xFFFFFF,
but earlier implementations returned 255:0xFFFF, dropping the middle
bits, this patch fixes that.
Fixes: CVE-2023-22745
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
src/tss2-rc/tss2_rc.c | 31 +++++++++++++++++++++----------
test/unit/test_tss2_rc.c | 21 ++++++++++++++++++++-
2 files changed, 41 insertions(+), 11 deletions(-)
Index: tpm2-tss-3.1.0/src/tss2-rc/tss2_rc.c
===================================================================
--- tpm2-tss-3.1.0.orig/src/tss2-rc/tss2_rc.c
+++ tpm2-tss-3.1.0/src/tss2-rc/tss2_rc.c
@@ -1,5 +1,8 @@
/* SPDX-License-Identifier: BSD-2-Clause */
-
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <assert.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdio.h>
@@ -834,7 +837,7 @@ tss_err_handler (TSS2_RC rc)
static struct {
char name[TSS2_ERR_LAYER_NAME_MAX];
TSS2_RC_HANDLER handler;
-} layer_handler[TPM2_ERROR_TSS2_RC_LAYER_COUNT] = {
+} layer_handler[TPM2_ERROR_TSS2_RC_LAYER_COUNT + 1] = {
ADD_HANDLER("tpm" , tpm2_ehandler),
ADD_NULL_HANDLER, /* layer 1 is unused */
ADD_NULL_HANDLER, /* layer 2 is unused */
@@ -869,7 +872,7 @@ unknown_layer_handler(TSS2_RC rc)
static __thread char buf[32];
clearbuf(buf);
- catbuf(buf, "0x%X", tpm2_error_get(rc));
+ catbuf(buf, "0x%X", rc);
return buf;
}
@@ -966,19 +969,27 @@ Tss2_RC_Decode(TSS2_RC rc)
catbuf(buf, "%u:", layer);
}
- handler = !handler ? unknown_layer_handler : handler;
-
/*
* Handlers only need the error bits. This way they don't
* need to concern themselves with masking off the layer
* bits or anything else.
*/
- UINT16 err_bits = tpm2_error_get(rc);
- const char *e = err_bits ? handler(err_bits) : "success";
- if (e) {
- catbuf(buf, "%s", e);
+ if (handler) {
+ UINT16 err_bits = tpm2_error_get(rc);
+ const char *e = err_bits ? handler(err_bits) : "success";
+ if (e) {
+ catbuf(buf, "%s", e);
+ } else {
+ catbuf(buf, "0x%X", err_bits);
+ }
} else {
- catbuf(buf, "0x%X", err_bits);
+ /*
+ * we don't want to drop any bits if we don't know what to do with it
+ * so drop the layer byte since we we already have that.
+ */
+ const char *e = unknown_layer_handler(rc >> 8);
+ assert(e);
+ catbuf(buf, "%s", e);
}
return buf;

10
baselibs.conf Normal file
View file

@ -0,0 +1,10 @@
libtss2-esys0
libtss2-fapi1
libtss2-mu0
libtss2-rc0
libtss2-sys1
libtss2-tcti-cmd0
libtss2-tcti-device0
libtss2-tctildr0
libtss2-tcti-mssim0
libtss2-tcti-swtpm0

364
tpm2-0-tss.changes Normal file
View file

@ -0,0 +1,364 @@
* Fri Jan 20 2023 matthias.gerstner@suse.com
- add 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch: fixes
CVE-2023-22745 (bsc#1207325): Buffer Overlow in TSS2_RC_Decode. Overly large
RC values passed to the TSS2 function could lead to memory overread or
memory overread.
* Wed Dec 8 2021 aplanas@suse.com
- Version 3.1.0 includes:
+ cover update to 2.4.5 (jsc#SLE-17366)
+ cover update to 2.3.0 (jsc#SLE-9515)
+ fix policy session for TPM2_PolicyAuthValue (bsc#1160736)
- Add version the configuration file tpm2-tss-fapi.conf
* Thu Jul 15 2021 gmbr3@opensuse.org
- Remove conflicting sysusers.d file
* Wed Jul 14 2021 gmbr3@opensuse.org
- Clean spec file
- Add new library libtss2-tcti-pcap0
- Update to 3.1.0:
* Fix FAPI PolicyPCR not instatiating correctly (CVE-2020-24455)
* Fixed possible access outside the array in ifapi_calculate_tree
* Added pcap TCTI
* Added GlobalSign TPM Root CA certs to FAPI cert store
* Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59
* Added two new TPM commands TPM2_CC_CertifyX509,
and TPM2_CC_ACT_SetTimeout
* Mon Jun 28 2021 meissner@suse.com
- small services fixes and comments
* Thu Jan 28 2021 matthias.gerstner@suse.com
- update to 3.0.3:
- changes in 3.0.3:
* Fix Regression in Fapi_List
* Fix memory leak in policy calculation
- changes in 3.0.2:
* FAPI: Fix setting of the system flag of NV objects
* This will let NV object metadata be created system-wide always instead of
* locally in the user. Existing metadata will remain in the user directory.
* It can be moved to the corresponding systemstore manually if needed.
* FAPI: Fix policy searching, when a policyRef was provided
* FAPI: Accept EK-Certs without CRL dist point
* FAPI: Fix return codes of Fapi_List
* FAPI: Fix memleak in policy execution
* FAPI: Fix coverity NULL-pointer check
* FAPI: Set the written flag of NV objects in FAPI PolicyNV commands
* FAPI: Fix deleting of policy files.
* FAPI: Fix wrong file loading during object search.
* Fapi: Fix memory leak
* Fapi: Fix potential NULL-Dereference
* Fapi: Remove superfluous NULL check
* Fix a memory leak in async keystore load.
* Thu Oct 22 2020 matthias.gerstner@suse.com
- move the tcti-fapi tmpfiles.d config file into the libtss2-fapi1 sub-package.
- improve the descriptions of new libraries (fapi1, cmd0, swtpm0)
- adjust baselibs.conf to match new library versions and added libraries
* Mon Oct 19 2020 guillaume.gardet@opensuse.org
- Update to 3.0.1, changelog at:
https://github.com/tpm2-software/tpm2-tss/blob/3.0.x/CHANGELOG.md
- Update libtss2-sys0 to libtss2-sys1
- Add new libs:
* libtss2-fapi1
* libtss2-tcti-cmd0
* libtss2-tcti-swtpm0
* Wed Feb 19 2020 mardnh@gmx.de
- Update to version 2.3.3
* Fixed mixing salted and unsalted sessions in the same ESAPI
context
* Removed use of VLAs from TPML marshal code
* Added check for object node before calling compute_session_value
function
* Fixed auth calculation in Esys_StartAuthSession called with
optional parameters
* Fixed compute_encrypted_salt error handling in
Esys_StartAuthSession
* Fixed exported symbols map for libtss2-mu
* Fri Jan 31 2020 msuchanek@suse.com
- Use system-users for tss user creation (boo#1162360).
* Fri Jan 24 2020 dimstar@opensuse.org
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
shortcut through the -mini flavor.
* Sun Dec 29 2019 mardnh@gmx.de
- update to upstream version 2.3.2:
- changes since version 2.3.0:
- Fix unit tests on S390 architectures
- Fixed HMAC generation for policy sessions
* Wed Dec 11 2019 matthias.gerstner@suse.com
- update to upstream version 2.3.0:
- changes in version 2.3.0:
- tss2-tctildr: A new library that helps with tcti initialization
Recommend to use this in place of custom tcti loading code now !
- tss2-rc: A new library that provides textual representations for return
codes
- Option to disable NIST-deprecated crypto (--disable-weak-crypto)
- Support Esys_TR_FromTPMPublic on sessions (for use in Esys_FlushContext)
- map-files with correct symbol lists for tss2-sys and tss2-esys
This may lead to unresolved symbols in linked applications
- Support to call Tss2_Sys_Execute repeatedly on certain errors
- Reduced RAM consumption in Esys due to Tss2_Sys_Execute change
- Automated session attribution clearing for esys (decrypt and encrypt)
per cmd
- Removed libtss2-mu from "Requires" field of libtss2-esys.pc
Needs to be added explicitely now
- All fixes from 2.2.1, 2.2.2 and 2.2.3
- Fixed SPDX License Identifiers
- Fixed Null-pointer problems in tcti-tbs
- Fixed Default locality for tcti-mssim set to LOC_0
- Fixed coverity and valgrind leaks detected in test programs (not library
code)
* Fri Aug 23 2019 matthias.gerstner@suse.com
- update to upstream version 2.2.3:
- changes in version 2.2.3:
* Fix computation of session name
* Fixed PolicyPassword handling of session Attributes
* Fixed windows build from dist ball
* Fixed default tcti configure option
* Fixed nonce size calculation in ESYS sessions
- changes in version 2.2.2:
* Fixed wrong encryption flag in EncryptDecrypt
* Fixing openssl engine invocation
* Fri Apr 26 2019 mvetter@suse.com
- bsc#1130588: Require shadow instead of old pwdutils
* Wed Mar 6 2019 matthias.gerstner@suse.com
- update to upstream version 2.2.1:
- changes from version 2.2.0:
- Fixed leak of hkey on success in iesys_cryptossl_hmac_start
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- Added support for QNX build
- Added support for partial reads in device TCTI
- changes from version 2.1.1:
- Fixed leak of hkey on success in iesys_cryptossl_hmac_start
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- changes from version 2.1.0:
- Fixed handling of the default TCTI
- Changed logging to be ISO-C99 compatible
- Fixed leak of dlopen handle
- Fixed logging of a response header tag in Tss2_Sys_Execute
- Fixed marshaling of TPM2B parameters in SAPI commands
- Fixed unnecessary warning in Esys_Startup
- Fixed warnings in doxygen documentation
- Added Esys_Free wrapper function for systems using different C runtime libraries
- Added Windows TBS TCTI
- Added non-blocking mode of operation in tcti-device
- Added tests for Esys_HMAC and Esys_Hash
- Enabled integration tests on physical TPM device
- Added openssl libcrypto backend
- Added Doxygen documentation to integration tests
- Refactored SetDecryptParam
- Enabled OpenSSL crypto backend by default
- changes from 2.0.2:
- Fixed NULL ptr issues in Esys_HMAC_Start, Esys_HierarchyChangeAuth and Esys_NV_ChangeAuth
- Fixed NULL ptr issue in sequenceHandleNode
- Fixed NULL ptr auth handling in Esys_TR_SetAuth
- Fixed NULL auth handling in iesys_compute_session_value
- Fixed marshaling of TPM2Bs with sub types.
- Fixed NULL ptr session handling in Esys_TRSess_SetAttributes
- Fixed the way size of the hmac value of a session without authorization
- Added missing MU functions for TPM2_NT type
- Added missing MU functions for TPMA_ID_OBJECT type
- Added missing type TPM2_NT into tss2_tpm2_types.h
- Fixed wrong typename _ID_OBJECT in tss2_tpm2_types.h
- Fixed build breakage when --with-maxloglevel is not 'trace'
- Fixed build breakage in generated configure script when CFLAGS is set
- Fixed configure scritp ERROR_IF_NO_PROG macro
- Changed TPM2B type unmarshal to use sizeof of the dest buffer instead of dest
- Fixed unmarshaling of the TPM2B type with invalid size
- Removed dead code defect detected by coverity from Esys_TRSess_GetNonceTPM
- introduce _service file for syncing with upstream tags
* Wed Sep 26 2018 matthias.gerstner@suse.com
- update to upstream version 2.0.1 (FATE#324477):
- Fixed problems with doxygan failing make distcheck
- Fixed conversion of gcrypt mpi numbers to binary data
- Fixed an error in parsing socket address in MSSIM TCTI
- Fixed compilation error with --disable-tcti-mssim
- Added initialization function for gcrypt to suppress warning
- Fixed invalid type base type while marshaling TPMI_ECC_CURVE in Tss2_Sys_ECC_Parameters
- Fixed invalid RSA encryption with exponent equal to 0
- Fixed checking of return codes in ESAPI commands
- Added checks for programs required by the test harness @ configure time
- Fixed warning on TPM2_RC_INITIALIZE rc after a Startup in Esys_Startup
- Checked for 1.2 TPM type response
- Changed constants values in esys header file to unsigned
* Tue Sep 18 2018 matthias.gerstner@suse.com
- also process udev triggers for tpmrm subsystem, otherwise /dev/tpmrm0 isn't
properly updated (at least on SLES-12-SP4)
* Thu Jul 5 2018 matthias.gerstner@suse.com
- added all librares to baselibs.conf to satisfy 32-bit dependencies of esys0
and sys0
* Tue Jul 3 2018 matthias.gerstner@suse.com
- Explicitly require udev to fix missing ownership for /usr/lib/udev.
* Fri Jun 29 2018 matthias.gerstner@suse.com
- update to new major version 2.0.0:
- version_fix.patch: removed, we're now using the distribution tarballs
where this problem shouldn't happen
- this update introduces an incompatible ABI to the previous version.
all libraries have been renamed so there is not really a relation to
the old version any more.
- upstream changelog:
[#]# [2.0.0] - 2018-06-20
[#]## Added
- Implementation of the Marshal/Unmarshal library (libtss2-mu)
- Implementation of the Enhanced System API (libtss2-esys aka ESAPI)
- New implemetation of the TPM Command Transmission Interface (TCTI) for:
- communication with Linux TPM2 device driver: libtss2-tcti-device
- communication with Microsoft software simulator: libtss2-tcti-mssim
- New directory layout (API break)
- Updated documentation with new doxygen and updated man pages
- Support for Windows build with Visual Studio and clang, currently limited
to libtss2-mu and libtss2-sys
- Implementation of the new Attached Component (AC) commands
- Implementation of the new TPM2_PolicyAuthorizeNV command
- Implementation of the new TPM2_CreateLoaded command
- Implementation of the new TPM2_PolicyTemplate command
- Addition of _Complete functions to all TPM commands
- New logging framework
- Added const qualifiers to API input pointers (API break)
- Cleaned up headers and remove implementation.h and tpm2.h (API break)
[#]## Changed
- Converted all cpp files to c, removed dependency on C++ compiler.
- Cleaned out a number of marshaling functions from the SAPI code.
- Update Linux / Unix OS detection to use non-obsolete macros.
- Changed TCTI macros to CamelCase (API break)
- Changed TPMA_types to unsigned int with defines instead of bitfield structs (API/ABI break)
- Changed Get/SetCmd/RspAuths to new parameter types (API/ABI break)
- Fixed order of parameters in AC commands: Input command authorizations
now come after the input handles, but still before the command parameters.
[#]## Removed
- Removed all sysapi/sysapi_utils/*arshal_TPM*.c files
[#]## Fixed
- Updated invalid number of handles in TPM2_PolicyNvWritten and TPM2_TestParms
- Updated PlatformCommand function from libtss2-tcti-mssim to no longer send
CANCEL_OFF before every command.
- Expanded TPM2B macros and removed TPM2B_TYPE1 and TPM2B_TYPE2 macros
- Fixed wrong return type for Tss2_Sys_Finalize (API break).
[#]# [1.4.0] - 2018-03-02
[#]## Added
- Attached Component commands from the last public review spec.
[#]## Fixed
- Essential files missing from release tarballs are now included.
- Version string generation has been moved from configure.ac to the
bootstrap script. It is now stored in a file named `VERSION` that is
shipped in the release tarball.
- We've stopped shipping the built man page for InitSocketTcti.3 and now
ship the source.
* Wed Mar 7 2018 matthias.gerstner@suse.com
- removed leftover comment from dropped reproducable.patch
* Thu Feb 22 2018 matthias.gerstner@suse.com
- update to upstream version 1.3.0:
- support for reproducable builds
- improved documentation / manual pages
- various stability bugfixes
- EncryptDecrypt2 command is now implemented
- removed reproducible.patch. This is now included upstream.
- added version_fix.patch to fix package config version numbers.
* Fri Sep 1 2017 matthias.gerstner@suse.com
- fix the "fix", turns out only the unversioned symlink's supposed to go into
- devel.
* Thu Jul 20 2017 matthias.gerstner@suse.com
- no longer install the udev rule, it's now part of the new tpm2.0-abrmd
package.
- fixed a warning regarding a missing dependency of the devel package to the
main package
- correctly package library symlinks only in the devel package, the library
itself only in the library package. Was mixed up before.
* Wed Jul 19 2017 matthias.gerstner@suse.com
- removed tpm2-0-tss-configure.patch, it was just a hack, fixed by requiring
autoconf-archive, see https://github.com/01org/TPM2.0-TSS/issues/227.
* Wed Jul 19 2017 matthias.gerstner@suse.com
- Updated to upstream version 1.1.0
- With this version the resourcemgr daemon is dropped from this package. It
is replaced by a completely new implementation found in a new package
tpm2.0-abrmd. this package will only consist of the libraries any more.
- Changed
- tpmclient, disabled all tests that rely on the old resourcemgr.
- Fixed
- Fixed definition of PCR_LAST AND TRANSIENT_LAST macros.
- Removed
- tpmtest
- resourcemgr, replacement is in new repo: https://github.com/01org/tpm2-abrmd
* Sat May 27 2017 bwiedemann@suse.com
- Add reproducible.patch to sort input files to make build reproducible
(boo#1041090)
* Thu May 11 2017 matthias.gerstner@suse.com
- create tss user account and install udev rule to fix startup of resourcemgr
(bnc#1038586)
* Wed May 10 2017 mgerstner@suse.com
- remove unnecessary dependency of libsapi0 to trousers. trousers has nothing
to do with tpm2-tss.
* Tue Apr 11 2017 meissner@suse.com
- fixed typo in resourcemgr.service (bsc#1031004)
* Thu Feb 16 2017 jengelh@inai.de
- Remove --with-pic which is only for static libs.
- Fix an improper Requires line.
- Split libtcti* from libsapi0; these are independentlty
developable units.
* Wed Feb 8 2017 meissner@suse.com
- Updated to 1.0 (FATE#321508)
- Added
- Travis-CI integration with GitHub
- Unit tests for primitive (un)?marshal functions.
- Example systemd unit for resourcemgr.
- Allow for unit tests to be enabled selectively.
- added pkg-config files for libraries
- Changed
- move simulator initialization code to socket TCTI init function.
- socket TCTI finalize no longer frees context
- rename libtss2 to libsapi
- rename libtcti_device to libtcti-device
- rename libtcti_socket to libtcti-socket
- move $(includedir)/tss to $(includedir)/sapi
- Move default compiler flags to config.site file.
- Fixed
- Fix run away resourcemgr threads by closing client sockets when resourcemgr recv() call returns 0.
- Set MSG_NOSIGNAL for client connections to avoid SIGPIPE killing resourcemgr.
- Fixes to handling of persistent objects by resourcemgr.
- Removed
- Semicolon from TPMA_* macros definitions.
- Windows build files.
- SAPI_CLIENT macro tests.
- Security
- Fix buffer overflow in resourcemgr.
- use sample resourcemanager.service
- tpm2-0-tss-configure.patch: fix weird error.
* Thu Aug 25 2016 meissner@suse.com
- Remove type=forking from service file (bsc#995554)
* Sat Aug 6 2016 meissner@suse.com
- added a systemd unit service file (FATE#315631)
* Fri May 6 2016 jengelh@inai.de
- Correct package naming to be in line with shared library guideline
- Remove unused systemd build and runtime dependencies
(FATE#315631)
* Fri Apr 8 2016 dimstar@opensuse.org
- Fix rpm group of library package: libs belong, per definition, to
the group "System/Libraries". (FATE#315631)
* Wed Feb 24 2016 meissner@suse.com
- initial import of the tpm 2.0 tss stack (FATE#315631)

291
tpm2-0-tss.spec Normal file
View file

@ -0,0 +1,291 @@
#
# spec file for package tpm2-0-tss
#
# Copyright (c) 2022-2023 ZhuningOS
#
Name: tpm2-0-tss
Version: 3.1.0
Release: 150400.3.3.1
Summary: Intel's TCG Software Stack access libraries for TPM 2.0 chips
License: BSD-2-Clause
Group: Productivity/Security
URL: https://github.com/tpm2-software/tpm2-tss
Source0: https://github.com/tpm2-software/tpm2-tss/releases/download/%{version}/tpm2-tss-%{version}.tar.gz
Source2: baselibs.conf
Patch0: 0001-tss2_rc-ensure-layer-number-is-in-bounds.patch
BuildRequires: /usr/sbin/groupadd
BuildRequires: acl
BuildRequires: doxygen
BuildRequires: gcc-c++
BuildRequires: libgcrypt-devel
BuildRequires: pkgconfig
BuildRequires: pkgconfig(json-c)
BuildRequires: pkgconfig(libcurl)
BuildRequires: pkgconfig(libopenssl)
BuildRequires: pkgconfig(udev)
# The same user is employed by trousers (and was employed by the old
# resourcemgr shipped with the tpm2-0-tss package):
#
# trousers just needs those accounts for dropping privileges to. The service
# starts as root and uses set*id to drop to tss, after the tpm device has been
# opened.
#
# tpm2-abrmd has no set*id handling and thus requires /dev/tpm to be owned
# by the tss user. Therefore we also need to install a udev rule file.
#
# trousers was here first and created the user like this, also giving it a
# home in /var/lib/tpm. I don't think the home directory is used by either of
# the packages ATM. Trousers is keeping state there, but the directory is
# owned by root and files are opened before dropping privileges. The passwd
# entry seems not to be evaluated.
Requires(pre): user(tss)
%description
The tpm2-0-tss package provides a TPM 2.0 TSS implementation. This
implementation is developed by INTEL. This package contains the libraries,
see the tpm2.0-abrmd package for the resource manager daemon, tpm2.0-tools for
utilities.
%package devel
Summary: Development headers for the Intel TSS library for TPM 2.0 chips
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libtss2-esys0 = %{version}
Requires: libtss2-fapi1 = %{version}
Requires: libtss2-mu0 = %{version}
Requires: libtss2-rc0 = %{version}
Requires: libtss2-sys1 = %{version}
Requires: libtss2-tcti-cmd0 = %{version}
Requires: libtss2-tcti-device0 = %{version}
Requires: libtss2-tcti-mssim0 = %{version}
Requires: libtss2-tcti-pcap0 = %{version}
Requires: libtss2-tcti-swtpm0 = %{version}
Requires: libtss2-tctildr0 = %{version}
Requires: tpm2-0-tss = %{version}
%description devel
This package provides the development files for the tpm2 stack's libraries for
accessing TPM 2.0 chips.
%package -n libtss2-esys0
Summary: TPM2 Enhanced System API (ESAPI)
Group: System/Libraries
%description -n libtss2-esys0
This API is a 1-to-1 mapping of the TPM2 commands documented in Part 3 of the
TPM2 specification. Additionally there are asynchronous versions of each
command. In addition to SAPI, the ESAPI performs tracking of meta data for
TPM object and automatic calculation of session based authorization and
encryption values. Both the synchronous and asynchronous API are exposed
through this library.
%package -n libtss2-sys1
Summary: TPM2 System API (SAPI)
Group: System/Libraries
%description -n libtss2-sys1
System API (SAPI) as described in the system level API and TPM command
transmission interface specification. This API is a 1-to-1 mapping of the TPM2
commands documented in Part 3 of the TPM2 specification. Additionally there
are asynchronous versions of each command. These asynchronous variants may be
useful for integration into event-driven programming environments. Both the
synchronous and asynchronous API are exposed through this library.
%package -n libtss2-mu0
Summary: TPM2 marshaling/unmarshaling library
Group: System/Libraries
%description -n libtss2-mu0
Marshaling/Unmarshaling (MU) as described in the TCG TSS 2.0
Marshaling/Unmarshaling API Specification. This API provides a set of
marshaling and unmarshaling functions for all data types defined by the TPM
library specification.
%package -n libtss2-rc0
Summary: TPM2 error code translation library
Group: System/Libraries
%description -n libtss2-rc0
This library can translate TPM error codes into human readable strings.
%package -n libtss2-tctildr0
Summary: TCTI interface loading library
Group: System/Libraries
%description -n libtss2-tctildr0
This is a helper library that simplifies loading other tcti libraries. It is
recommended over custom tcti loading code in applications.
%package -n libtss2-tcti-device0
Summary: TCTI interface library for using a native TPM device node
Group: System/Libraries
%description -n libtss2-tcti-device0
TPM Command Transmission Interface library for communicating with a
TPM device node. This provides direct access to the TPM through the Linux
kernel driver.
%package -n libtss2-tcti-mssim0
Summary: TCTI interface library for Microsoft software TPM2 simulator
Group: System/Libraries
%description -n libtss2-tcti-mssim0
TPM Command Transmission Interface library for communicating using the
protocol exposed by the Microsoft software TPM2 simulator.
%package -n libtss2-fapi1
Summary: FAPI interface library
Group: System/Libraries
%description -n libtss2-fapi1
This is the tpm2 Feature API (FAPI) library. This API is designed to be very
high-level API, intended to make programming with the TPM as simple as
possible.
%package -n libtss2-tcti-cmd0
Summary: TCTI cmd interface library
Group: System/Libraries
%description -n libtss2-tcti-cmd0
A TCTI for interaction with a subprocess. It abstracts the details of direct
communication with the interface and protocol exposed by a subprocess that can
receive and transmit raw TPM2 command and response buffers.
%package -n libtss2-tcti-swtpm0
Summary: TCTI swtpm interface library
Group: System/Libraries
%description -n libtss2-tcti-swtpm0
A TCTI for interaction with the TPM2 software simulator. It abstracts the
details of direct communication with the interface and protocol exposed by the
daemon hosting the TPM2 reference implementation.
%package -n libtss2-tcti-pcap0
Summary: TCTI pcap interface library
Group: System/Libraries
%description -n libtss2-tcti-pcap0
A TCTI which prints TPM commands and responses to a file in pcap-ng format. It abstracts the
details of direct communication with the interface and protocol exposed by the
daemon hosting the TPM2 reference implementation.
%prep
%autosetup -p1 -n tpm2-tss-%{version}
%build
# configure looks for groupadd on PATH
export PATH="$PATH:%{_sbindir}"
%configure --disable-static \
--with-udevrulesdir=%{_udevrulesdir} \
--with-runstatedir=%{_rundir} \
--with-tmpfilesdir=%{_tmpfilesdir} \
--with-sysusersdir=%{_sysusersdir}
%make_build PTHREAD_LDFLAGS=-pthread
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
# rename the rules file to have a numbered prefix as all others have, too
%define udev_rule_file 90-tpm.rules
mv %{buildroot}%{_udevrulesdir}/tpm-udev.rules %{buildroot}%{_udevrulesdir}/%{udev_rule_file}
# Conflicts with system-users
rm %{buildroot}%{_sysusersdir}/tpm2-tss.conf
# Add version into the configuration tmpfiles.d configuration file
mv %{buildroot}%{_tmpfilesdir}/tpm2-tss-fapi.conf %{buildroot}%{_tmpfilesdir}/tpm2-tss-fapi-%{version}.conf
%post
%{_bindir}/udevadm trigger -s tpm -s tpmrm || :
%post -n libtss2-esys0 -p /sbin/ldconfig
%postun -n libtss2-esys0 -p /sbin/ldconfig
%post -n libtss2-sys1 -p /sbin/ldconfig
%postun -n libtss2-sys1 -p /sbin/ldconfig
%post -n libtss2-tctildr0 -p /sbin/ldconfig
%postun -n libtss2-tctildr0 -p /sbin/ldconfig
%post -n libtss2-tcti-device0 -p /sbin/ldconfig
%postun -n libtss2-tcti-device0 -p /sbin/ldconfig
%post -n libtss2-tcti-mssim0 -p /sbin/ldconfig
%postun -n libtss2-tcti-mssim0 -p /sbin/ldconfig
%post -n libtss2-mu0 -p /sbin/ldconfig
%postun -n libtss2-mu0 -p /sbin/ldconfig
%post -n libtss2-rc0 -p /sbin/ldconfig
%postun -n libtss2-rc0 -p /sbin/ldconfig
%post -n libtss2-fapi1
/sbin/ldconfig
%tmpfiles_create %{_tmpfilesdir}/tpm2-tss-fapi-%{version}.conf
%postun -n libtss2-fapi1 -p /sbin/ldconfig
%post -n libtss2-tcti-cmd0 -p /sbin/ldconfig
%postun -n libtss2-tcti-cmd0 -p /sbin/ldconfig
%post -n libtss2-tcti-swtpm0 -p /sbin/ldconfig
%postun -n libtss2-tcti-swtpm0 -p /sbin/ldconfig
%post -n libtss2-tcti-pcap0 -p /sbin/ldconfig
%postun -n libtss2-tcti-pcap0 -p /sbin/ldconfig
%files
%doc *.md
%license LICENSE
%{_mandir}/man3/*
%{_mandir}/man5/*
%{_mandir}/man7/tss2-*
%{_udevrulesdir}/%{udev_rule_file}
%dir %{_sysconfdir}/tpm2-tss/
%config %{_sysconfdir}/tpm2-tss/fapi-config.json
%dir %{_sysconfdir}/tpm2-tss/fapi-profiles
%config %{_sysconfdir}/tpm2-tss/fapi-profiles/*.json
%files devel
%{_includedir}/tss2
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%files -n libtss2-esys0
%{_libdir}/libtss2-esys.so.*
%files -n libtss2-sys1
%{_libdir}/libtss2-sys.so.*
%files -n libtss2-mu0
%{_libdir}/libtss2-mu.so.*
%files -n libtss2-rc0
%{_libdir}/libtss2-rc.so.*
%files -n libtss2-tctildr0
%{_libdir}/libtss2-tctildr.so.*
%files -n libtss2-tcti-device0
%{_libdir}/libtss2-tcti-device.so.*
%files -n libtss2-tcti-mssim0
%{_libdir}/libtss2-tcti-mssim.so.*
%files -n libtss2-fapi1
%{_libdir}/libtss2-fapi.so.*
%{_tmpfilesdir}/tpm2-tss-fapi-%{version}.conf
# this would fix "tmpfile-not-in-filelist" warnings but when adding these
# entries then it complains about "directories not owned by a package:" for
# /run/tpm2-0-tss & friends. When adding them as %%ghost, too, then Leap15.1
# complains about "found conflict of libtss2-fapi1-3.0.1-lp152.103.1.x86_64
# with libtss2-fapi1-3.0.1-lp152.103.1.x86_64". Thus leave it be for the
# moment, some insane circle of errors is involved here.
#
# it seems the problem is that during `make install` the package runs
# systemd-tmpfiles --create, and the directories are created outside the
# package's install tree. It seems this is not expected by RPM.
# %%ghost %%{_sharedstatedir}/%%{name}/system/keystore
# %%ghost %%{_rundir}/%%{name}/eventlog
%files -n libtss2-tcti-cmd0
%{_libdir}/libtss2-tcti-cmd.so.*
%files -n libtss2-tcti-swtpm0
%{_libdir}/libtss2-tcti-swtpm.so.*
%files -n libtss2-tcti-pcap0
%{_libdir}/libtss2-tcti-pcap.so.*
%changelog