[yocto] [meta-security][PATCH v2 0/9] tpm: virtual TPM for qemu

[akuster808]

On 2/3/17 12:46 AM, Patrick Ohly wrote:
> I recently started using swtpm-native in combination with the qemu-tpm
> patches to simulate a virtual TPM chip in qemu. The qemu-tpm patches
> should go into OE-core, but currently usage is a bit cumbersome
> (requires root privileges and manually starting swtpm before each
> runqemu invocation), so at this time I only consider the meta-security
> changes ready and useful enough for merging.
>
> Inside the virtual machine I used tpm-tools + trousers to set up
> sealed keys for EVM, which required fixing a few things.
>
> These patches were based on Armin's swtpm+trousers version update
> series which needs to be merged first to avoid merge conflicts.
In staging,

Thanks,
- armin
>
> Changes in V2:
> - add --system to tss user and group creation
> - revised commit message for wrapper scripts (swtpm_cuse needs
>   absolute path to tpm state dir, can be passed via parameter)
> - another swtpm SRCREV bump
>
> Patrick Ohly (9):
>   trousers: missing libtspi.so.1 in libtspi package
>   trousers: recommend tcsd
>   trousers: tcsd.conf must be owned tss:tss
>   swtpm: enable native and nativesdk flavors
>   swtpm: depends on tpm-tools
>   swtpm: fix compiler format warning
>   swtpm: cuse packageconfig
>   swtpm-wrappers: simplify using swtpm-native
>   swtpm: update to latest tip
>
>  recipes-tpm/swtpm/files/fix_lib_search_path.patch | 64 ++++++++++++++++-
>  recipes-tpm/swtpm/files/fix_signed_issue.patch    |  2 +-
>  recipes-tpm/swtpm/swtpm-wrappers.bb               | 41 ++++++++++-
>  recipes-tpm/swtpm/swtpm_1.0.bb                    | 14 +++-
>  recipes-tpm/trousers/trousers_git.bb              | 11 +--
>  5 files changed, 124 insertions(+), 8 deletions(-)
>  create mode 100644 recipes-tpm/swtpm/files/fix_lib_search_path.patch
>  create mode 100644 recipes-tpm/swtpm/swtpm-wrappers.bb
>
> base-commit: 6787dd986122cd6420b1f348c4550a42ed596f57