| Message ID | 20220601194746.29106-1-dimi@tpm.dev |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/wolftpm: new package | expand |
Hi Thomas, I have taken all your feedback. Please review v3 of this patch series. ps: for some reason git send-email has ignored my --subject-prefix="PATCH v3" Regards, Dimi On 2022-06-01 10:47 PM, Dimi Tomov wrote: > From: Dimitar Tomov <dimi@tpm.dev> > > wolfTPM is an open-source TPM 2.0 stack with backward API > compatibility, > designed for embedded use. It is highly portable, and has native > support > for Linux. wolfTPM has a compact code size with low resource usage. > > Signed-off-by: Dimitar Tomov <dimi@tpm.dev> > --- > Changes v2 -> v3: > - Applied feedback from the maintainer, list of changes below > - Added new entry to the DEVELOPERS file > - Replaced depends with select for BR2_PACKAGE_WOLFSSL > - Added missing depends for BR2_TOOLCHAIN_HAS_THREADS > - Removed redundant --with-wolfcrypt option > Changes v1 -> v2: > - Fix typo in the hash file and create path before using touch > --- > DEVELOPERS | 3 +++ > package/Config.in | 1 + > package/wolftpm/Config.in | 15 +++++++++++++++ > package/wolftpm/wolftpm.hash | 2 ++ > package/wolftpm/wolftpm.mk | 29 +++++++++++++++++++++++++++++ > 5 files changed, 50 insertions(+) > create mode 100644 package/wolftpm/Config.in > create mode 100644 package/wolftpm/wolftpm.hash > create mode 100644 package/wolftpm/wolftpm.mk > > diff --git a/DEVELOPERS b/DEVELOPERS > index 71cc3da6d7..c123d1b915 100644 > --- a/DEVELOPERS > +++ b/DEVELOPERS > @@ -3072,3 +3072,6 @@ F: package/quazip/ > F: package/shapelib/ > F: package/simple-mail/ > F: package/tinc/ > + > +N: Dimi Tomov <dimi@tpm.dev> > +F: package/wolftpm/ > diff --git a/package/Config.in b/package/Config.in > index 00f061015f..b287c5a94d 100644 > --- a/package/Config.in > +++ b/package/Config.in > @@ -1431,6 +1431,7 @@ menu "Crypto" > source "package/trousers/Config.in" > source "package/ustream-ssl/Config.in" > source "package/wolfssl/Config.in" > + source "package/wolftpm/Config.in" > endmenu > > menu "Database" > diff --git a/package/wolftpm/Config.in b/package/wolftpm/Config.in > new file mode 100644 > index 0000000000..23932a4170 > --- /dev/null > +++ b/package/wolftpm/Config.in > @@ -0,0 +1,15 @@ > +config BR2_PACKAGE_WOLFTPM > + bool "wolftpm" > + depends on BR2_TOOLCHAIN_HAS_THREADS > + select on BR2_PACKAGE_WOLFSSL > + select on BR2_PACKAGE_WOLFSSL_ALL > + help > + wolfTPM is a portable, open-source TPM 2.0 stack with > + backward API compatibility, designed for embedded use. > + No external dependencies, compact code size with low > + resource usage. > + > + https://www.wolfssl.com/ > + > +comment "wolftpm needs a toolchain w/ threads" > + depends on !BR2_TOOLCHAIN_HAS_THREADS > diff --git a/package/wolftpm/wolftpm.hash > b/package/wolftpm/wolftpm.hash > new file mode 100644 > index 0000000000..6dbf143ffe > --- /dev/null > +++ b/package/wolftpm/wolftpm.hash > @@ -0,0 +1,2 @@ > +# Hash from > https://github.com/wolfSSL/wolfTPM/archive/refs/tags/v2.3.1.tar.gz > +sha256 > f0d7c095491ac2cc9e44aa4ac3c22febf15942ef080431d8b43a9d0312ca6567 > wolftpm-2.3.1.tar.gz > diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk > new file mode 100644 > index 0000000000..1e1ddc13e3 > --- /dev/null > +++ b/package/wolftpm/wolftpm.mk > @@ -0,0 +1,29 @@ > +################################################################################ > +# > +# wolftpm > +# > +################################################################################ > + > +WOLFTPM_VERSION = 2.3.1 > +WOLFTPM_SITE = $(call github,wolfSSL,wolfTPM,v$(WOLFTPM_VERSION)) > +WOLFTPM_INSTALL_STAGING = YES > +WOLFTPM_LICENSE = GPL-2.0+ > +WOLFTPM_LICENSE_FILES = LICENSE > +WOLFTPM_CPE_ID_VENDOR = wolfssl > + > +WOLFTPM_DEPENDENCIES = host-pkgconf > + > +# wolfTPM's source code is released without a configure script, > +# therefore we need autoreconf > +WOLFTPM_AUTORECONF = YES > + > +WOLFTPM_CONF_OPTS = --disable-examples --enable-devtpm > + > +define WOLFTPM_CONFIG_RPATH > + mkdir $(@D)/build-aux > + touch $(@D)/build-aux/config.rpath > +endef > +# Fix for autoconf bug with config.rconf > +WOLFTPM_PRE_CONFIGURE_HOOKS += WOLFTPM_CONFIG_RPATH > + > +$(eval $(autotools-package))
Hello Dimitar, On Wed, 1 Jun 2022 22:47:46 +0300 Dimi Tomov <dimi@tpm.dev> wrote: > From: Dimitar Tomov <dimi@tpm.dev> > > wolfTPM is an open-source TPM 2.0 stack with backward API compatibility, > designed for embedded use. It is highly portable, and has native support > for Linux. wolfTPM has a compact code size with low resource usage. > > Signed-off-by: Dimitar Tomov <dimi@tpm.dev> I've applied to our next branch, but after doing several additional fixes. Also, there is something to be fixed upstream, see below. > diff --git a/DEVELOPERS b/DEVELOPERS > index 71cc3da6d7..c123d1b915 100644 > --- a/DEVELOPERS > +++ b/DEVELOPERS > @@ -3072,3 +3072,6 @@ F: package/quazip/ > F: package/shapelib/ > F: package/simple-mail/ > F: package/tinc/ > + > +N: Dimi Tomov <dimi@tpm.dev> > +F: package/wolftpm/ Entries in this file are alphabetically sorted, so you shouldn't have added yourself at the end, but at the "right" place. > diff --git a/package/wolftpm/Config.in b/package/wolftpm/Config.in > new file mode 100644 > index 0000000000..23932a4170 > --- /dev/null > +++ b/package/wolftpm/Config.in > @@ -0,0 +1,15 @@ > +config BR2_PACKAGE_WOLFTPM > + bool "wolftpm" > + depends on BR2_TOOLCHAIN_HAS_THREADS You forgot: depends on !BR2_STATIC_LIBS which you need to replicate because you select BR2_PACKAGE_WOLFSSL_ALL. > + select on BR2_PACKAGE_WOLFSSL > + select on BR2_PACKAGE_WOLFSSL_ALL I'm wondering if you tested this, because "select on" doesn't exist in Kconfig. It's either "select" or "depends on", but not a mix of both. > + help > + wolfTPM is a portable, open-source TPM 2.0 stack with > + backward API compatibility, designed for embedded use. > + No external dependencies, compact code size with low > + resource usage. > + > + https://www.wolfssl.com/ > + > +comment "wolftpm needs a toolchain w/ threads" > + depends on !BR2_TOOLCHAIN_HAS_THREADS The comment had to be adjusted due to the !BR2_STATIC_LIBS dependency. > diff --git a/package/wolftpm/wolftpm.hash b/package/wolftpm/wolftpm.hash > new file mode 100644 > index 0000000000..6dbf143ffe > --- /dev/null > +++ b/package/wolftpm/wolftpm.hash > @@ -0,0 +1,2 @@ > +# Hash from https://github.com/wolfSSL/wolfTPM/archive/refs/tags/v2.3.1.tar.gz > +sha256 f0d7c095491ac2cc9e44aa4ac3c22febf15942ef080431d8b43a9d0312ca6567 wolftpm-2.3.1.tar.gz Gaah, I'm noticing now that the hash of the LICENSE file is missing, and I didn't realize before applying. I will fix this up. > diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk > new file mode 100644 > index 0000000000..1e1ddc13e3 > --- /dev/null > +++ b/package/wolftpm/wolftpm.mk > @@ -0,0 +1,29 @@ > +################################################################################ > +# > +# wolftpm > +# > +################################################################################ > + > +WOLFTPM_VERSION = 2.3.1 > +WOLFTPM_SITE = $(call github,wolfSSL,wolfTPM,v$(WOLFTPM_VERSION)) > +WOLFTPM_INSTALL_STAGING = YES > +WOLFTPM_LICENSE = GPL-2.0+ > +WOLFTPM_LICENSE_FILES = LICENSE > +WOLFTPM_CPE_ID_VENDOR = wolfssl > + > +WOLFTPM_DEPENDENCIES = host-pkgconf I've added: WOLFTPM_CONFIG_SCRIPTS = wolftpm-config so that the wolftpm-config script installed in $(STAGING_DIR)/usr/bin returns correct results. > +# wolfTPM's source code is released without a configure script, > +# therefore we need autoreconf > +WOLFTPM_AUTORECONF = YES > + > +WOLFTPM_CONF_OPTS = --disable-examples --enable-devtpm With just this, the build was failing for me, as wolftpm couldn't find wolfssl. I had to add: --with-wolfcrypt=$(STAGING_DIR)/usr > +define WOLFTPM_CONFIG_RPATH I renamed the hook to WOLFTPM_TOUCH_CONFIG_RPATH > + mkdir $(@D)/build-aux Changed to "mkdir -p" so that the hook can be re-executed without failing. > + touch $(@D)/build-aux/config.rpath > +endef > +# Fix for autoconf bug with config.rconf There is no autoreconf bug. The bug is in the code of wolftpm. In the configure.ac script line 165, it uses the AC_LIB_HAVE_LINKFLAGS m4 macro, which comes from gnulib. This macro is documented at, which specifies: Example of using AC_LIB_LINKFLAGS Suppose you want to use libz, the compression library. (1) In configure.ac you add the line AC_CONFIG_AUX_DIR([build-aux]) AC_LIB_LINKFLAGS([z]) Note that since the AC_LIB_LINKFLAGS invocation modifies the CPPFLAGS, it should precede all tests that check for header files, declarations, structures or types. (2) To the package’s build-aux directory you add the file config.rpath, also part of the Gnulib havelib module. (gnulib-tool will usually do this for you automatically.) (3) In Makefile.in you add @LIBZ@ to the link command line of your program. Or, if you are using Automake, you add $(LIBZ) to the LDADD variable that corresponds to your program. See point (2) ? This is what wasn't done correctly in wolftpm when integrating this gnulib m4 macro. Ideally this should be fixed in the upstream wolftpm code. However, to be honest, I'm not even sure why your configure.ac file is using AC_LIB_HAVE_LINKFLAGS(). You should probably just migrate to use pkg-config. Thanks for your contribution! Thomas
Hello Thomas, I have this working on a STM32MP157F-DK2 board with a ST33 TPM. https://gist.github.com/tomoveu/8f0519cb8d75a5374a999f29640cf45c Could it be that because I am using $make wolftpm-rebuild is saving me from seeing the same errors? ps: Do I need to submit v4? Thanks, Dimi On 2022-06-01 11:50 PM, Thomas Petazzoni via buildroot wrote: > Hello Dimitar, > > On Wed, 1 Jun 2022 22:47:46 +0300 > Dimi Tomov <dimi@tpm.dev> wrote: > >> From: Dimitar Tomov <dimi@tpm.dev> >> >> wolfTPM is an open-source TPM 2.0 stack with backward API >> compatibility, >> designed for embedded use. It is highly portable, and has native >> support >> for Linux. wolfTPM has a compact code size with low resource usage. >> >> Signed-off-by: Dimitar Tomov <dimi@tpm.dev> > > I've applied to our next branch, but after doing several additional > fixes. Also, there is something to be fixed upstream, see below. > >> diff --git a/DEVELOPERS b/DEVELOPERS >> index 71cc3da6d7..c123d1b915 100644 >> --- a/DEVELOPERS >> +++ b/DEVELOPERS >> @@ -3072,3 +3072,6 @@ F: package/quazip/ >> F: package/shapelib/ >> F: package/simple-mail/ >> F: package/tinc/ >> + >> +N: Dimi Tomov <dimi@tpm.dev> >> +F: package/wolftpm/ > > Entries in this file are alphabetically sorted, so you shouldn't have > added yourself at the end, but at the "right" place. > >> diff --git a/package/wolftpm/Config.in b/package/wolftpm/Config.in >> new file mode 100644 >> index 0000000000..23932a4170 >> --- /dev/null >> +++ b/package/wolftpm/Config.in >> @@ -0,0 +1,15 @@ >> +config BR2_PACKAGE_WOLFTPM >> + bool "wolftpm" >> + depends on BR2_TOOLCHAIN_HAS_THREADS > > You forgot: > > depends on !BR2_STATIC_LIBS > > which you need to replicate because you select BR2_PACKAGE_WOLFSSL_ALL. > >> + select on BR2_PACKAGE_WOLFSSL >> + select on BR2_PACKAGE_WOLFSSL_ALL > > I'm wondering if you tested this, because "select on" doesn't exist in > Kconfig. It's either "select" or "depends on", but not a mix of both. > >> + help >> + wolfTPM is a portable, open-source TPM 2.0 stack with >> + backward API compatibility, designed for embedded use. >> + No external dependencies, compact code size with low >> + resource usage. >> + >> + https://www.wolfssl.com/ >> + >> +comment "wolftpm needs a toolchain w/ threads" >> + depends on !BR2_TOOLCHAIN_HAS_THREADS > > The comment had to be adjusted due to the !BR2_STATIC_LIBS dependency. > >> diff --git a/package/wolftpm/wolftpm.hash >> b/package/wolftpm/wolftpm.hash >> new file mode 100644 >> index 0000000000..6dbf143ffe >> --- /dev/null >> +++ b/package/wolftpm/wolftpm.hash >> @@ -0,0 +1,2 @@ >> +# Hash from >> https://github.com/wolfSSL/wolfTPM/archive/refs/tags/v2.3.1.tar.gz >> +sha256 >> f0d7c095491ac2cc9e44aa4ac3c22febf15942ef080431d8b43a9d0312ca6567 >> wolftpm-2.3.1.tar.gz > > Gaah, I'm noticing now that the hash of the LICENSE file is missing, > and I didn't realize before applying. I will fix this up. > >> diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk >> new file mode 100644 >> index 0000000000..1e1ddc13e3 >> --- /dev/null >> +++ b/package/wolftpm/wolftpm.mk >> @@ -0,0 +1,29 @@ >> +################################################################################ >> +# >> +# wolftpm >> +# >> +################################################################################ >> + >> +WOLFTPM_VERSION = 2.3.1 >> +WOLFTPM_SITE = $(call github,wolfSSL,wolfTPM,v$(WOLFTPM_VERSION)) >> +WOLFTPM_INSTALL_STAGING = YES >> +WOLFTPM_LICENSE = GPL-2.0+ >> +WOLFTPM_LICENSE_FILES = LICENSE >> +WOLFTPM_CPE_ID_VENDOR = wolfssl >> + >> +WOLFTPM_DEPENDENCIES = host-pkgconf > > I've added: > > WOLFTPM_CONFIG_SCRIPTS = wolftpm-config > > so that the wolftpm-config script installed in $(STAGING_DIR)/usr/bin > returns correct results. > >> +# wolfTPM's source code is released without a configure script, >> +# therefore we need autoreconf >> +WOLFTPM_AUTORECONF = YES >> + >> +WOLFTPM_CONF_OPTS = --disable-examples --enable-devtpm > > With just this, the build was failing for me, as wolftpm couldn't find > wolfssl. I had to add: > > --with-wolfcrypt=$(STAGING_DIR)/usr > >> +define WOLFTPM_CONFIG_RPATH > > I renamed the hook to WOLFTPM_TOUCH_CONFIG_RPATH > >> + mkdir $(@D)/build-aux > > Changed to "mkdir -p" so that the hook can be re-executed without > failing. > >> + touch $(@D)/build-aux/config.rpath >> +endef >> +# Fix for autoconf bug with config.rconf > > There is no autoreconf bug. The bug is in the code of wolftpm. In the > configure.ac script line 165, it uses the AC_LIB_HAVE_LINKFLAGS m4 > macro, which comes from gnulib. This macro is documented at, which > specifies: > > Example of using AC_LIB_LINKFLAGS > > Suppose you want to use libz, the compression library. > > (1) In configure.ac you add the line > > AC_CONFIG_AUX_DIR([build-aux]) > AC_LIB_LINKFLAGS([z]) > > Note that since the AC_LIB_LINKFLAGS invocation modifies the > CPPFLAGS, it should precede all tests that check for header files, > declarations, structures or types. > > > (2) To the package’s build-aux directory you add the file > config.rpath, also part of the Gnulib havelib module. (gnulib-tool > will usually do this for you automatically.) > > > (3) In Makefile.in you add @LIBZ@ to the link command line of your > program. Or, if you are using Automake, you add $(LIBZ) to the > LDADD variable that corresponds to your program. > > See point (2) ? This is what wasn't done correctly in wolftpm when > integrating this gnulib m4 macro. > > Ideally this should be fixed in the upstream wolftpm code. However, to > be honest, I'm not even sure why your configure.ac file is using > AC_LIB_HAVE_LINKFLAGS(). You should probably just migrate to use > pkg-config. > > Thanks for your contribution! > > Thomas
Hello, On Thu, 02 Jun 2022 00:03:39 +0300 Dimi Tomov <dimi@tpm.dev> wrote: > Hello Thomas, > > I have this working on a STM32MP157F-DK2 board with a ST33 TPM. > > https://gist.github.com/tomoveu/8f0519cb8d75a5374a999f29640cf45c > > Could it be that because I am using $make wolftpm-rebuild is saving me > from seeing the same errors? I am not sure why you don't have the error about wolfssl being unavailable. It was clearly failing to build here. I would need access to your complete build log + output/build/wolftpm-<version>/config.log to be able to (perhaps) say what's going on. > ps: Do I need to submit v4? No, I said the patch was applied. It's in our next branch, see: https://git.buildroot.org/buildroot/commit/?h=next&id=4bb884a3c61c6b71e33f69453a90eb2a367f64b7 Thanks! Thomas
Thank you Thomas. This is awesome. Only FYI - I had no issues with wolfssl building from latest buildroot master. My only issue was with the config.rpath autoconf file while building wolftpm. Best Regards, Dimi On 2022-06-02 12:36 AM, Thomas Petazzoni via buildroot wrote: > Hello, > > On Thu, 02 Jun 2022 00:03:39 +0300 > Dimi Tomov <dimi@tpm.dev> wrote: > >> Hello Thomas, >> >> I have this working on a STM32MP157F-DK2 board with a ST33 TPM. >> >> https://gist.github.com/tomoveu/8f0519cb8d75a5374a999f29640cf45c >> >> Could it be that because I am using $make wolftpm-rebuild is saving me >> from seeing the same errors? > > I am not sure why you don't have the error about wolfssl being > unavailable. It was clearly failing to build here. I would need access > to your complete build log + output/build/wolftpm-<version>/config.log > to be able to (perhaps) say what's going on. > >> ps: Do I need to submit v4? > > No, I said the patch was applied. It's in our next branch, see: > > > https://git.buildroot.org/buildroot/commit/?h=next&id=4bb884a3c61c6b71e33f69453a90eb2a367f64b7 > > Thanks! > > Thomas
diff --git a/DEVELOPERS b/DEVELOPERS index 71cc3da6d7..c123d1b915 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -3072,3 +3072,6 @@ F: package/quazip/ F: package/shapelib/ F: package/simple-mail/ F: package/tinc/ + +N: Dimi Tomov <dimi@tpm.dev> +F: package/wolftpm/ diff --git a/package/Config.in b/package/Config.in index 00f061015f..b287c5a94d 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1431,6 +1431,7 @@ menu "Crypto" source "package/trousers/Config.in" source "package/ustream-ssl/Config.in" source "package/wolfssl/Config.in" + source "package/wolftpm/Config.in" endmenu menu "Database" diff --git a/package/wolftpm/Config.in b/package/wolftpm/Config.in new file mode 100644 index 0000000000..23932a4170 --- /dev/null +++ b/package/wolftpm/Config.in @@ -0,0 +1,15 @@ +config BR2_PACKAGE_WOLFTPM + bool "wolftpm" + depends on BR2_TOOLCHAIN_HAS_THREADS + select on BR2_PACKAGE_WOLFSSL + select on BR2_PACKAGE_WOLFSSL_ALL + help + wolfTPM is a portable, open-source TPM 2.0 stack with + backward API compatibility, designed for embedded use. + No external dependencies, compact code size with low + resource usage. + + https://www.wolfssl.com/ + +comment "wolftpm needs a toolchain w/ threads" + depends on !BR2_TOOLCHAIN_HAS_THREADS diff --git a/package/wolftpm/wolftpm.hash b/package/wolftpm/wolftpm.hash new file mode 100644 index 0000000000..6dbf143ffe --- /dev/null +++ b/package/wolftpm/wolftpm.hash @@ -0,0 +1,2 @@ +# Hash from https://github.com/wolfSSL/wolfTPM/archive/refs/tags/v2.3.1.tar.gz +sha256 f0d7c095491ac2cc9e44aa4ac3c22febf15942ef080431d8b43a9d0312ca6567 wolftpm-2.3.1.tar.gz diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk new file mode 100644 index 0000000000..1e1ddc13e3 --- /dev/null +++ b/package/wolftpm/wolftpm.mk @@ -0,0 +1,29 @@ +################################################################################ +# +# wolftpm +# +################################################################################ + +WOLFTPM_VERSION = 2.3.1 +WOLFTPM_SITE = $(call github,wolfSSL,wolfTPM,v$(WOLFTPM_VERSION)) +WOLFTPM_INSTALL_STAGING = YES +WOLFTPM_LICENSE = GPL-2.0+ +WOLFTPM_LICENSE_FILES = LICENSE +WOLFTPM_CPE_ID_VENDOR = wolfssl + +WOLFTPM_DEPENDENCIES = host-pkgconf + +# wolfTPM's source code is released without a configure script, +# therefore we need autoreconf +WOLFTPM_AUTORECONF = YES + +WOLFTPM_CONF_OPTS = --disable-examples --enable-devtpm + +define WOLFTPM_CONFIG_RPATH + mkdir $(@D)/build-aux + touch $(@D)/build-aux/config.rpath +endef +# Fix for autoconf bug with config.rconf +WOLFTPM_PRE_CONFIGURE_HOOKS += WOLFTPM_CONFIG_RPATH + +$(eval $(autotools-package))