[yocto] [meta-security][PATCH 0/8] tpm: virtual TPM for qemu

[akuster808]

Patrick,



On 01/30/2017 11:47 PM, Patrick Ohly wrote:
> I recently started using swtpm-native in combination with the qemu-tpm
> patches to simulate a virtual TPM chip in qemu. The qemu-tpm patches
> should go into OE-core, but currently usage is a bit cumbersome
> (requires root privileges and manually starting swtpm before each
> runqemu invocation), so at this time I only consider the meta-security
> changes ready and useful enough for merging.
>
> Inside the virtual machine I used tpm-tools + trousers to set up
> sealed keys for EVM, which required fixing a few things.
>
> These patches were based on Armin's swtpm+trousers version update
> series which needs to be merged first to avoid merge conflicts.
>
> Patrick Ohly (8):
>    trousers: missing libtspi.so.1 in libtspi package
>    trousers: recommend tcsd
>    trousers: tcsd.conf must be owned tss:tss
>    swtpm: enable native and nativesdk flavors
>    swtpm: depends on tpm-tools
>    swtpm: fix compiler format warning
>    swtpm: cuse packageconfig
>    swtpm-wrappers: simplify using swtpm-native

Thanks for the patch series, I am looking at them now.

- armin
>
>   recipes-tpm/swtpm/files/fix_lib_search_path.patch | 64 ++++++++++++++++-
>   recipes-tpm/swtpm/files/fix_signed_issue.patch    |  2 +-
>   recipes-tpm/swtpm/swtpm-wrappers.bb               | 41 ++++++++++-
>   recipes-tpm/swtpm/swtpm_1.0.bb                    | 12 ++-
>   recipes-tpm/trousers/trousers_git.bb              |  7 +-
>   5 files changed, 121 insertions(+), 5 deletions(-)
>   create mode 100644 recipes-tpm/swtpm/files/fix_lib_search_path.patch
>   create mode 100644 recipes-tpm/swtpm/swtpm-wrappers.bb
>
> base-commit: 6787dd986122cd6420b1f348c4550a42ed596f57