Message ID | 20220612084538.1873673-1-fontaine.fabrice@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [v2,1/2] package/wolftpm: fix dependencies | expand |
Fabrice, All, On 2022-06-12 10:45 +0200, Fabrice Fontaine spake thusly: > pkg-config is not used by wolftpm and wolfssl dependency is missing (and > optional but highly recommended) resulting in the following build failure > since the addition of the package in commit > 4bb884a3c61c6b71e33f69453a90eb2a367f64b7: > > configure: error: WolfSSL library not found. You can get it from http://www.wolfssl.com/download.html > If it's already installed, specify its path using --with-wolfcrypt=/dir or --prefix=/dir > > Fixes: > - http://autobuild.buildroot.org/results/77a93521b909e701ef4e86f18524258b9242c721 > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Both patches applied to master, thanks. Regards, Yann E. MORIN. > --- > Changes v1 -> v2 (after review of Dimi Tomov): > - Add a wolfcrypt option which is enabled by default > > package/wolftpm/Config.in | 23 ++++++++++++++++++----- > package/wolftpm/wolftpm.mk | 13 ++++++++++--- > 2 files changed, 28 insertions(+), 8 deletions(-) > > diff --git a/package/wolftpm/Config.in b/package/wolftpm/Config.in > index 0fe094f277..0b964c3d7e 100644 > --- a/package/wolftpm/Config.in > +++ b/package/wolftpm/Config.in > @@ -1,9 +1,5 @@ > config BR2_PACKAGE_WOLFTPM > bool "wolftpm" > - depends on BR2_TOOLCHAIN_HAS_THREADS > - depends on !BR2_STATIC_LIBS > - select BR2_PACKAGE_WOLFSSL > - select BR2_PACKAGE_WOLFSSL_ALL > help > wolfTPM is a portable, open-source TPM 2.0 stack with > backward API compatibility, designed for embedded use. > @@ -12,5 +8,22 @@ config BR2_PACKAGE_WOLFTPM > > https://www.wolfssl.com/ > > -comment "wolftpm needs a toolchain w/ threads, dynamic library" > +if BR2_PACKAGE_WOLFTPM > + > +config BR2_PACKAGE_WOLFTPM_WOLFCRYPT > + bool "wolfCrypt hooks" > + default y > + depends on BR2_TOOLCHAIN_HAS_THREADS # wolfssl > + depends on !BR2_STATIC_LIBS # wolfssl-all > + select BR2_PACKAGE_WOLFSSL > + # not mandatory, but needed to get all features > + select BR2_PACKAGE_WOLFSSL_ALL > + help > + Enable wolfCrypt hooks for RNG, Auth Sessions and Parameter > + encryption. Disabling this option is not recommended as it > + could create a security breach in most environments. > + > +comment "wolfCrypt hooks need a toolchain w/ threads, dynamic library" > depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS > + > +endif > diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk > index ea01eaad6b..760656e134 100644 > --- a/package/wolftpm/wolftpm.mk > +++ b/package/wolftpm/wolftpm.mk > @@ -10,7 +10,6 @@ WOLFTPM_INSTALL_STAGING = YES > WOLFTPM_LICENSE = GPL-2.0+ > WOLFTPM_LICENSE_FILES = LICENSE > WOLFTPM_CPE_ID_VENDOR = wolfssl > -WOLFTPM_DEPENDENCIES = host-pkgconf > WOLFTPM_CONFIG_SCRIPTS = wolftpm-config > > # wolfTPM's source code is released without a configure script, > @@ -19,8 +18,7 @@ WOLFTPM_AUTORECONF = YES > > WOLFTPM_CONF_OPTS = \ > --disable-examples \ > - --enable-devtpm \ > - --with-wolfcrypt=$(STAGING_DIR)/usr > + --enable-devtpm > > # Fix for missing config.rpath in the codebase > define WOLFTPM_TOUCH_CONFIG_RPATH > @@ -29,4 +27,13 @@ define WOLFTPM_TOUCH_CONFIG_RPATH > endef > WOLFTPM_PRE_CONFIGURE_HOOKS += WOLFTPM_TOUCH_CONFIG_RPATH > > +ifeq ($(BR2_PACKAGE_WOLFTPM_WOLFCRYPT),y) > +WOLFTPM_CONF_OPTS += \ > + --enable-wolfcrypt \ > + --with-wolfcrypt=$(STAGING_DIR)/usr > +WOLFTPM_DEPENDENCIES += wolfssl > +else > +WOLFTPM_CONF_OPTS += --disable-wolfcrypt > +endif > + > $(eval $(autotools-package)) > -- > 2.35.1 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
Hi Yann, I just noticed one really bad typo. I could submit a patch that also adds extra wolfTPM options, so it is not a one-word patch. "Enable wolfCrypt hooks for RNG, Auth Sessions and Parameter encryption. " The TPM chip is the source of RNG. To claim that a TPM 2.0 library is using a Software-based source of RNG would be a red flag for users. The rest is accurate - wolfCrypt is used by wolfTPM to establish Session and Parameter encryption between the Host CPU and the TPM chip. Thanks, Dimi On 2022-06-12 06:19 PM, Yann E. MORIN wrote: > Fabrice, All, > > On 2022-06-12 10:45 +0200, Fabrice Fontaine spake thusly: >> pkg-config is not used by wolftpm and wolfssl dependency is missing >> (and >> optional but highly recommended) resulting in the following build >> failure >> since the addition of the package in commit >> 4bb884a3c61c6b71e33f69453a90eb2a367f64b7: >> >> configure: error: WolfSSL library not found. You can get it from >> http://www.wolfssl.com/download.html >> If it's already installed, specify its path using >> --with-wolfcrypt=/dir or --prefix=/dir >> >> Fixes: >> - >> http://autobuild.buildroot.org/results/77a93521b909e701ef4e86f18524258b9242c721 >> >> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > > Both patches applied to master, thanks. > > Regards, > Yann E. MORIN. > >> --- >> Changes v1 -> v2 (after review of Dimi Tomov): >> - Add a wolfcrypt option which is enabled by default >> >> package/wolftpm/Config.in | 23 ++++++++++++++++++----- >> package/wolftpm/wolftpm.mk | 13 ++++++++++--- >> 2 files changed, 28 insertions(+), 8 deletions(-) >> >> diff --git a/package/wolftpm/Config.in b/package/wolftpm/Config.in >> index 0fe094f277..0b964c3d7e 100644 >> --- a/package/wolftpm/Config.in >> +++ b/package/wolftpm/Config.in >> @@ -1,9 +1,5 @@ >> config BR2_PACKAGE_WOLFTPM >> bool "wolftpm" >> - depends on BR2_TOOLCHAIN_HAS_THREADS >> - depends on !BR2_STATIC_LIBS >> - select BR2_PACKAGE_WOLFSSL >> - select BR2_PACKAGE_WOLFSSL_ALL >> help >> wolfTPM is a portable, open-source TPM 2.0 stack with >> backward API compatibility, designed for embedded use. >> @@ -12,5 +8,22 @@ config BR2_PACKAGE_WOLFTPM >> >> https://www.wolfssl.com/ >> >> -comment "wolftpm needs a toolchain w/ threads, dynamic library" >> +if BR2_PACKAGE_WOLFTPM >> + >> +config BR2_PACKAGE_WOLFTPM_WOLFCRYPT >> + bool "wolfCrypt hooks" >> + default y >> + depends on BR2_TOOLCHAIN_HAS_THREADS # wolfssl >> + depends on !BR2_STATIC_LIBS # wolfssl-all >> + select BR2_PACKAGE_WOLFSSL >> + # not mandatory, but needed to get all features >> + select BR2_PACKAGE_WOLFSSL_ALL >> + help >> + Enable wolfCrypt hooks for RNG, Auth Sessions and Parameter >> + encryption. Disabling this option is not recommended as it >> + could create a security breach in most environments. >> + >> +comment "wolfCrypt hooks need a toolchain w/ threads, dynamic >> library" >> depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS >> + >> +endif >> diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk >> index ea01eaad6b..760656e134 100644 >> --- a/package/wolftpm/wolftpm.mk >> +++ b/package/wolftpm/wolftpm.mk >> @@ -10,7 +10,6 @@ WOLFTPM_INSTALL_STAGING = YES >> WOLFTPM_LICENSE = GPL-2.0+ >> WOLFTPM_LICENSE_FILES = LICENSE >> WOLFTPM_CPE_ID_VENDOR = wolfssl >> -WOLFTPM_DEPENDENCIES = host-pkgconf >> WOLFTPM_CONFIG_SCRIPTS = wolftpm-config >> >> # wolfTPM's source code is released without a configure script, >> @@ -19,8 +18,7 @@ WOLFTPM_AUTORECONF = YES >> >> WOLFTPM_CONF_OPTS = \ >> --disable-examples \ >> - --enable-devtpm \ >> - --with-wolfcrypt=$(STAGING_DIR)/usr >> + --enable-devtpm >> >> # Fix for missing config.rpath in the codebase >> define WOLFTPM_TOUCH_CONFIG_RPATH >> @@ -29,4 +27,13 @@ define WOLFTPM_TOUCH_CONFIG_RPATH >> endef >> WOLFTPM_PRE_CONFIGURE_HOOKS += WOLFTPM_TOUCH_CONFIG_RPATH >> >> +ifeq ($(BR2_PACKAGE_WOLFTPM_WOLFCRYPT),y) >> +WOLFTPM_CONF_OPTS += \ >> + --enable-wolfcrypt \ >> + --with-wolfcrypt=$(STAGING_DIR)/usr >> +WOLFTPM_DEPENDENCIES += wolfssl >> +else >> +WOLFTPM_CONF_OPTS += --disable-wolfcrypt >> +endif >> + >> $(eval $(autotools-package)) >> -- >> 2.35.1 >> >> _______________________________________________ >> buildroot mailing list >> buildroot@buildroot.org >> https://lists.buildroot.org/mailman/listinfo/buildroot
Hi Dimi, Le mer. 15 juin 2022 à 09:10, Dimi Tomov <dimi@tpm.dev> a écrit : > > Hi Yann, > > I just noticed one really bad typo. I could submit a patch that also > adds extra wolfTPM options, so it is not a one-word patch. > > "Enable wolfCrypt hooks for RNG, Auth Sessions and Parameter encryption. > " This sentence was copy/pasted from wolftpm's configure.ac/README.md: https://github.com/wolfSSL/wolfTPM/blob/160b3e04f6121aa7429f030c570bd86239ca01b8/configure.ac#L154 I would advise to also send them a PR if this is incorrect. However, after a quick search on upstream github, it seems that wolftpm supports hardware and software RNG through WOLFTPM2_USE_{HW,WOLF}_RNG: https://github.com/wolfSSL/wolfTPM/blob/160b3e04f6121aa7429f030c570bd86239ca01b8/wolftpm/tpm2_wrap.h#L1685 It even seems that WOLFTPM2_USE_HW_RNG is not defined by default resulting in WOLFTPM2_USE_WOLF_RNG being used as soon as wolfcrypt is available: https://github.com/wolfSSL/wolfTPM/blob/5dd781e4717422b717021ed1dd8aeb226d98e480/wolftpm/tpm2.h#L1694 So, IMHO, the sentence is not incorrect and an option to enable hardware RNG is needed. > > The TPM chip is the source of RNG. To claim that a TPM 2.0 library is > using a Software-based source of RNG would be a red flag for users. The > rest is accurate - wolfCrypt is used by wolfTPM to establish Session and > Parameter encryption between the Host CPU and the TPM chip. > > Thanks, > Dimi > > On 2022-06-12 06:19 PM, Yann E. MORIN wrote: > > Fabrice, All, > > > > On 2022-06-12 10:45 +0200, Fabrice Fontaine spake thusly: > >> pkg-config is not used by wolftpm and wolfssl dependency is missing > >> (and > >> optional but highly recommended) resulting in the following build > >> failure > >> since the addition of the package in commit > >> 4bb884a3c61c6b71e33f69453a90eb2a367f64b7: > >> > >> configure: error: WolfSSL library not found. You can get it from > >> http://www.wolfssl.com/download.html > >> If it's already installed, specify its path using > >> --with-wolfcrypt=/dir or --prefix=/dir > >> > >> Fixes: > >> - > >> http://autobuild.buildroot.org/results/77a93521b909e701ef4e86f18524258b9242c721 > >> > >> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > > > > Both patches applied to master, thanks. > > > > Regards, > > Yann E. MORIN. > > > >> --- > >> Changes v1 -> v2 (after review of Dimi Tomov): > >> - Add a wolfcrypt option which is enabled by default > >> > >> package/wolftpm/Config.in | 23 ++++++++++++++++++----- > >> package/wolftpm/wolftpm.mk | 13 ++++++++++--- > >> 2 files changed, 28 insertions(+), 8 deletions(-) > >> > >> diff --git a/package/wolftpm/Config.in b/package/wolftpm/Config.in > >> index 0fe094f277..0b964c3d7e 100644 > >> --- a/package/wolftpm/Config.in > >> +++ b/package/wolftpm/Config.in > >> @@ -1,9 +1,5 @@ > >> config BR2_PACKAGE_WOLFTPM > >> bool "wolftpm" > >> - depends on BR2_TOOLCHAIN_HAS_THREADS > >> - depends on !BR2_STATIC_LIBS > >> - select BR2_PACKAGE_WOLFSSL > >> - select BR2_PACKAGE_WOLFSSL_ALL > >> help > >> wolfTPM is a portable, open-source TPM 2.0 stack with > >> backward API compatibility, designed for embedded use. > >> @@ -12,5 +8,22 @@ config BR2_PACKAGE_WOLFTPM > >> > >> https://www.wolfssl.com/ > >> > >> -comment "wolftpm needs a toolchain w/ threads, dynamic library" > >> +if BR2_PACKAGE_WOLFTPM > >> + > >> +config BR2_PACKAGE_WOLFTPM_WOLFCRYPT > >> + bool "wolfCrypt hooks" > >> + default y > >> + depends on BR2_TOOLCHAIN_HAS_THREADS # wolfssl > >> + depends on !BR2_STATIC_LIBS # wolfssl-all > >> + select BR2_PACKAGE_WOLFSSL > >> + # not mandatory, but needed to get all features > >> + select BR2_PACKAGE_WOLFSSL_ALL > >> + help > >> + Enable wolfCrypt hooks for RNG, Auth Sessions and Parameter > >> + encryption. Disabling this option is not recommended as it > >> + could create a security breach in most environments. > >> + > >> +comment "wolfCrypt hooks need a toolchain w/ threads, dynamic > >> library" > >> depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS > >> + > >> +endif > >> diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk > >> index ea01eaad6b..760656e134 100644 > >> --- a/package/wolftpm/wolftpm.mk > >> +++ b/package/wolftpm/wolftpm.mk > >> @@ -10,7 +10,6 @@ WOLFTPM_INSTALL_STAGING = YES > >> WOLFTPM_LICENSE = GPL-2.0+ > >> WOLFTPM_LICENSE_FILES = LICENSE > >> WOLFTPM_CPE_ID_VENDOR = wolfssl > >> -WOLFTPM_DEPENDENCIES = host-pkgconf > >> WOLFTPM_CONFIG_SCRIPTS = wolftpm-config > >> > >> # wolfTPM's source code is released without a configure script, > >> @@ -19,8 +18,7 @@ WOLFTPM_AUTORECONF = YES > >> > >> WOLFTPM_CONF_OPTS = \ > >> --disable-examples \ > >> - --enable-devtpm \ > >> - --with-wolfcrypt=$(STAGING_DIR)/usr > >> + --enable-devtpm > >> > >> # Fix for missing config.rpath in the codebase > >> define WOLFTPM_TOUCH_CONFIG_RPATH > >> @@ -29,4 +27,13 @@ define WOLFTPM_TOUCH_CONFIG_RPATH > >> endef > >> WOLFTPM_PRE_CONFIGURE_HOOKS += WOLFTPM_TOUCH_CONFIG_RPATH > >> > >> +ifeq ($(BR2_PACKAGE_WOLFTPM_WOLFCRYPT),y) > >> +WOLFTPM_CONF_OPTS += \ > >> + --enable-wolfcrypt \ > >> + --with-wolfcrypt=$(STAGING_DIR)/usr > >> +WOLFTPM_DEPENDENCIES += wolfssl > >> +else > >> +WOLFTPM_CONF_OPTS += --disable-wolfcrypt > >> +endif > >> + > >> $(eval $(autotools-package)) > >> -- > >> 2.35.1 > >> > >> _______________________________________________ > >> buildroot mailing list > >> buildroot@buildroot.org > >> https://lists.buildroot.org/mailman/listinfo/buildroot > > -- > Founder of TPM.dev Best Regards, Fabrice
Hi Fabrice, You are right. I will submit a v2 of my patch. It will be just about extra TPM 2.0 functionality. I now remember that because the TPM RNG source is secure but rather slow, the default option was switched to SW RNG (Wolfcrypt) and then for security sensitive applications the RNG source is configurable through the WOLFTPM2_USE_HW_RNG define switch that you mention. Thank you. Thanks, Dimi On 2022-06-15 10:30 AM, Fabrice Fontaine wrote: > Hi Dimi, > > Le mer. 15 juin 2022 à 09:10, Dimi Tomov <dimi@tpm.dev> a écrit : >> >> Hi Yann, >> >> I just noticed one really bad typo. I could submit a patch that also >> adds extra wolfTPM options, so it is not a one-word patch. >> >> "Enable wolfCrypt hooks for RNG, Auth Sessions and Parameter >> encryption. >> " > > This sentence was copy/pasted from wolftpm's configure.ac/README.md: > https://github.com/wolfSSL/wolfTPM/blob/160b3e04f6121aa7429f030c570bd86239ca01b8/configure.ac#L154 > I would advise to also send them a PR if this is incorrect. > > However, after a quick search on upstream github, it seems that > wolftpm supports hardware and software RNG through > WOLFTPM2_USE_{HW,WOLF}_RNG: > https://github.com/wolfSSL/wolfTPM/blob/160b3e04f6121aa7429f030c570bd86239ca01b8/wolftpm/tpm2_wrap.h#L1685 > > It even seems that WOLFTPM2_USE_HW_RNG is not defined by default > resulting in WOLFTPM2_USE_WOLF_RNG being used as soon as wolfcrypt is > available: > https://github.com/wolfSSL/wolfTPM/blob/5dd781e4717422b717021ed1dd8aeb226d98e480/wolftpm/tpm2.h#L1694 > > So, IMHO, the sentence is not incorrect and an option to enable > hardware RNG is needed. > >> >> The TPM chip is the source of RNG. To claim that a TPM 2.0 library is >> using a Software-based source of RNG would be a red flag for users. >> The >> rest is accurate - wolfCrypt is used by wolfTPM to establish Session >> and >> Parameter encryption between the Host CPU and the TPM chip. >> >> Thanks, >> Dimi >> >> On 2022-06-12 06:19 PM, Yann E. MORIN wrote: >> > Fabrice, All, >> > >> > On 2022-06-12 10:45 +0200, Fabrice Fontaine spake thusly: >> >> pkg-config is not used by wolftpm and wolfssl dependency is missing >> >> (and >> >> optional but highly recommended) resulting in the following build >> >> failure >> >> since the addition of the package in commit >> >> 4bb884a3c61c6b71e33f69453a90eb2a367f64b7: >> >> >> >> configure: error: WolfSSL library not found. You can get it from >> >> http://www.wolfssl.com/download.html >> >> If it's already installed, specify its path using >> >> --with-wolfcrypt=/dir or --prefix=/dir >> >> >> >> Fixes: >> >> - >> >> http://autobuild.buildroot.org/results/77a93521b909e701ef4e86f18524258b9242c721 >> >> >> >> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> >> > >> > Both patches applied to master, thanks. >> > >> > Regards, >> > Yann E. MORIN. >> > >> >> --- >> >> Changes v1 -> v2 (after review of Dimi Tomov): >> >> - Add a wolfcrypt option which is enabled by default >> >> >> >> package/wolftpm/Config.in | 23 ++++++++++++++++++----- >> >> package/wolftpm/wolftpm.mk | 13 ++++++++++--- >> >> 2 files changed, 28 insertions(+), 8 deletions(-) >> >> >> >> diff --git a/package/wolftpm/Config.in b/package/wolftpm/Config.in >> >> index 0fe094f277..0b964c3d7e 100644 >> >> --- a/package/wolftpm/Config.in >> >> +++ b/package/wolftpm/Config.in >> >> @@ -1,9 +1,5 @@ >> >> config BR2_PACKAGE_WOLFTPM >> >> bool "wolftpm" >> >> - depends on BR2_TOOLCHAIN_HAS_THREADS >> >> - depends on !BR2_STATIC_LIBS >> >> - select BR2_PACKAGE_WOLFSSL >> >> - select BR2_PACKAGE_WOLFSSL_ALL >> >> help >> >> wolfTPM is a portable, open-source TPM 2.0 stack with >> >> backward API compatibility, designed for embedded use. >> >> @@ -12,5 +8,22 @@ config BR2_PACKAGE_WOLFTPM >> >> >> >> https://www.wolfssl.com/ >> >> >> >> -comment "wolftpm needs a toolchain w/ threads, dynamic library" >> >> +if BR2_PACKAGE_WOLFTPM >> >> + >> >> +config BR2_PACKAGE_WOLFTPM_WOLFCRYPT >> >> + bool "wolfCrypt hooks" >> >> + default y >> >> + depends on BR2_TOOLCHAIN_HAS_THREADS # wolfssl >> >> + depends on !BR2_STATIC_LIBS # wolfssl-all >> >> + select BR2_PACKAGE_WOLFSSL >> >> + # not mandatory, but needed to get all features >> >> + select BR2_PACKAGE_WOLFSSL_ALL >> >> + help >> >> + Enable wolfCrypt hooks for RNG, Auth Sessions and Parameter >> >> + encryption. Disabling this option is not recommended as it >> >> + could create a security breach in most environments. >> >> + >> >> +comment "wolfCrypt hooks need a toolchain w/ threads, dynamic >> >> library" >> >> depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS >> >> + >> >> +endif >> >> diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk >> >> index ea01eaad6b..760656e134 100644 >> >> --- a/package/wolftpm/wolftpm.mk >> >> +++ b/package/wolftpm/wolftpm.mk >> >> @@ -10,7 +10,6 @@ WOLFTPM_INSTALL_STAGING = YES >> >> WOLFTPM_LICENSE = GPL-2.0+ >> >> WOLFTPM_LICENSE_FILES = LICENSE >> >> WOLFTPM_CPE_ID_VENDOR = wolfssl >> >> -WOLFTPM_DEPENDENCIES = host-pkgconf >> >> WOLFTPM_CONFIG_SCRIPTS = wolftpm-config >> >> >> >> # wolfTPM's source code is released without a configure script, >> >> @@ -19,8 +18,7 @@ WOLFTPM_AUTORECONF = YES >> >> >> >> WOLFTPM_CONF_OPTS = \ >> >> --disable-examples \ >> >> - --enable-devtpm \ >> >> - --with-wolfcrypt=$(STAGING_DIR)/usr >> >> + --enable-devtpm >> >> >> >> # Fix for missing config.rpath in the codebase >> >> define WOLFTPM_TOUCH_CONFIG_RPATH >> >> @@ -29,4 +27,13 @@ define WOLFTPM_TOUCH_CONFIG_RPATH >> >> endef >> >> WOLFTPM_PRE_CONFIGURE_HOOKS += WOLFTPM_TOUCH_CONFIG_RPATH >> >> >> >> +ifeq ($(BR2_PACKAGE_WOLFTPM_WOLFCRYPT),y) >> >> +WOLFTPM_CONF_OPTS += \ >> >> + --enable-wolfcrypt \ >> >> + --with-wolfcrypt=$(STAGING_DIR)/usr >> >> +WOLFTPM_DEPENDENCIES += wolfssl >> >> +else >> >> +WOLFTPM_CONF_OPTS += --disable-wolfcrypt >> >> +endif >> >> + >> >> $(eval $(autotools-package)) >> >> -- >> >> 2.35.1 >> >> >> >> _______________________________________________ >> >> buildroot mailing list >> >> buildroot@buildroot.org >> >> https://lists.buildroot.org/mailman/listinfo/buildroot >> >> -- >> Founder of TPM.dev > > Best Regards, > > Fabrice > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
diff --git a/package/wolftpm/Config.in b/package/wolftpm/Config.in index 0fe094f277..0b964c3d7e 100644 --- a/package/wolftpm/Config.in +++ b/package/wolftpm/Config.in @@ -1,9 +1,5 @@ config BR2_PACKAGE_WOLFTPM bool "wolftpm" - depends on BR2_TOOLCHAIN_HAS_THREADS - depends on !BR2_STATIC_LIBS - select BR2_PACKAGE_WOLFSSL - select BR2_PACKAGE_WOLFSSL_ALL help wolfTPM is a portable, open-source TPM 2.0 stack with backward API compatibility, designed for embedded use. @@ -12,5 +8,22 @@ config BR2_PACKAGE_WOLFTPM https://www.wolfssl.com/ -comment "wolftpm needs a toolchain w/ threads, dynamic library" +if BR2_PACKAGE_WOLFTPM + +config BR2_PACKAGE_WOLFTPM_WOLFCRYPT + bool "wolfCrypt hooks" + default y + depends on BR2_TOOLCHAIN_HAS_THREADS # wolfssl + depends on !BR2_STATIC_LIBS # wolfssl-all + select BR2_PACKAGE_WOLFSSL + # not mandatory, but needed to get all features + select BR2_PACKAGE_WOLFSSL_ALL + help + Enable wolfCrypt hooks for RNG, Auth Sessions and Parameter + encryption. Disabling this option is not recommended as it + could create a security breach in most environments. + +comment "wolfCrypt hooks need a toolchain w/ threads, dynamic library" depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS + +endif diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk index ea01eaad6b..760656e134 100644 --- a/package/wolftpm/wolftpm.mk +++ b/package/wolftpm/wolftpm.mk @@ -10,7 +10,6 @@ WOLFTPM_INSTALL_STAGING = YES WOLFTPM_LICENSE = GPL-2.0+ WOLFTPM_LICENSE_FILES = LICENSE WOLFTPM_CPE_ID_VENDOR = wolfssl -WOLFTPM_DEPENDENCIES = host-pkgconf WOLFTPM_CONFIG_SCRIPTS = wolftpm-config # wolfTPM's source code is released without a configure script, @@ -19,8 +18,7 @@ WOLFTPM_AUTORECONF = YES WOLFTPM_CONF_OPTS = \ --disable-examples \ - --enable-devtpm \ - --with-wolfcrypt=$(STAGING_DIR)/usr + --enable-devtpm # Fix for missing config.rpath in the codebase define WOLFTPM_TOUCH_CONFIG_RPATH @@ -29,4 +27,13 @@ define WOLFTPM_TOUCH_CONFIG_RPATH endef WOLFTPM_PRE_CONFIGURE_HOOKS += WOLFTPM_TOUCH_CONFIG_RPATH +ifeq ($(BR2_PACKAGE_WOLFTPM_WOLFCRYPT),y) +WOLFTPM_CONF_OPTS += \ + --enable-wolfcrypt \ + --with-wolfcrypt=$(STAGING_DIR)/usr +WOLFTPM_DEPENDENCIES += wolfssl +else +WOLFTPM_CONF_OPTS += --disable-wolfcrypt +endif + $(eval $(autotools-package))
pkg-config is not used by wolftpm and wolfssl dependency is missing (and optional but highly recommended) resulting in the following build failure since the addition of the package in commit 4bb884a3c61c6b71e33f69453a90eb2a367f64b7: configure: error: WolfSSL library not found. You can get it from http://www.wolfssl.com/download.html If it's already installed, specify its path using --with-wolfcrypt=/dir or --prefix=/dir Fixes: - http://autobuild.buildroot.org/results/77a93521b909e701ef4e86f18524258b9242c721 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- Changes v1 -> v2 (after review of Dimi Tomov): - Add a wolfcrypt option which is enabled by default package/wolftpm/Config.in | 23 ++++++++++++++++++----- package/wolftpm/wolftpm.mk | 13 ++++++++++--- 2 files changed, 28 insertions(+), 8 deletions(-)