[yocto] [meta-security][PATCH 07/10] kernel tpm rework

Armin Kuster akuster808 at gmail.com
Tue May 9 07:46:58 PDT 2017 

Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg       |  5 +++++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc       |  3 +++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg   | 15 +++++++++++++++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc   |  6 ++++++
 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg   |  4 ++++
 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg      |  5 +++++
 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc      |  4 ++++
 meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend  | 11 +++++++++++
 meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend |  5 -----
 9 files changed, 53 insertions(+), 5 deletions(-)
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc
 create mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
 delete mode 100644 meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend

diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
new file mode 100644
index 0000000..e34b24e
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.cfg
@@ -0,0 +1,5 @@
+CONFIG_HW_RANDOM_TPM=y
+CONFIG_TCG_TPM=y
+CONFIG_TCG_TIS_CORE=y
+CONFIG_TCG_TIS=y
+CONFIG_SECURITYFS=y
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc
new file mode 100644
index 0000000..2949ed4
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm.scc
@@ -0,0 +1,3 @@
+define KFEATURE_DESCRIPTION "Enable TPM"
+
+kconf hardware tpm.cfg
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg
new file mode 100644
index 0000000..59993f9
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.cfg
@@ -0,0 +1,15 @@
+CONFIG_HW_RANDOM_TPM=y
+CONFIG_TCG_TPM=y
+CONFIG_TCG_TIS_CORE=y
+CONFIG_TCG_TIS=y
+CONFIG_SECURITYFS=y
+
+CONFIG_REGMAP_I2C=y
+CONFIG_I2C_BOARDINFO=y
+CONFIG_I2C_COMPAT=y
+CONFIG_RTC_I2C_AND_SPI=y
+
+CONFIG_TCG_TIS_I2C_ATMEL=m
+CONFIG_TCG_TIS_I2C_INFINEON=m
+CONFIG_TCG_TIS_I2C_NUVOTON=m
+CONFIG_TCG_TIS_ST33ZP24_I2C=m
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc
new file mode 100644
index 0000000..0e4eedb
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_i2c.scc
@@ -0,0 +1,6 @@
+define KFEATURE_DESCRIPTION "Enable TPM i2c"
+
+include features/i2c/i2c.scc
+
+kconf hardware tpm_i2c.cfg
+
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg
new file mode 100644
index 0000000..8be331a
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/tpm_x86.cfg
@@ -0,0 +1,4 @@
+CONFIG_TCG_NSC=m
+CONFIG_TCG_ATMEL=m
+CONFIG_TCG_INFINEON=m
+CONFIG_TCG_TIS_ST33ZP24=m
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg b/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg
new file mode 100644
index 0000000..a8b3758
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.cfg
@@ -0,0 +1,5 @@
+CONFIG_HW_RANDOM_TPM=y
+CONFIG_TCG_TPM=y
+CONFIG_TCG_VTPM_PROXY=y
+CONFIG_SECURITYFS=y
+~                    
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc b/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc
new file mode 100644
index 0000000..e842da6
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto/vtpm.scc
@@ -0,0 +1,4 @@
+define KFEATURE_DESCRIPTION "Enable vTPM"
+
+kconf hardware vtpm.cfg
+
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend b/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
new file mode 100644
index 0000000..0eebf00
--- /dev/null
+++ b/meta-tpm/recipes-kernel/linux/linux-yocto_4.%.bbappend
@@ -0,0 +1,11 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
+
+# Enable tpm in kernel 
+SRC_URI_append_x86 = " \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'tpm', 'file://tpm.scc', '', d)} \
+    "
+
+SRC_URI += " \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'tpm_i2c', 'file://tpm_i2c.scc', '', d)} \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'vtpm', 'file://vtpm.scc', '', d)} \
+    "
diff --git a/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend b/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend
deleted file mode 100644
index 208d23f..0000000
--- a/meta-tpm/recipes-kernel/linux/linux-yocto_4.10.bbappend
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# TPM kernel support
-
-KERNEL_FEATURES_append += "${@bb.utils.contains('MACHINE_FEATURES', 'tpm', ' features/tpm/tpm.scc', '', d)}"
-
-- 
2.7.4

More information about the yocto mailing list