Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

base: pkcs11-provider: add recipe #1058

Closed
wants to merge 8 commits into from
Closed

base: pkcs11-provider: add recipe #1058

wants to merge 8 commits into from

Conversation

quaresmajose
Copy link
Member

@quaresmajose quaresmajose commented Mar 2, 2023
edited
Loading

A pkcs#11 provider for OpenSSL 3.0+

This is an Openssl 3.x provider to access Hardware or Software
Tokens using the PKCS#11 Cryptographic Token Interface

Signed-off-by: Jose Quaresma [email protected]

@quaresmajose quaresmajose requested a review from a team March 2, 2023 15:58
@ricardosalveti
Copy link
Member

Please add a description of the recipe as part of your commit message (body).

@ricardosalveti ricardosalveti requested a review from a team March 2, 2023 16:10
@ldts
Copy link
Contributor

ldts commented Mar 2, 2023

is this patch something that can be proposed to meta-security?

@quaresmajose
Copy link
Member Author

Please add a description of the recipe as part of your commit message (body).

Add the description on commit and on the PR

@quaresmajose
Copy link
Member Author

is this patch something that can be proposed to meta-security?

since nothing exists, it might be useful. after we test for a while i can send.

@ldts
Copy link
Contributor

ldts commented Mar 2, 2023

also, do we need to add the recipe to lmp-feature-tpm2.inc?

@quaresmajose
Copy link
Member Author

I think so, if the idea is to have it installed when we have a machine with tpm2.

@ricardosalveti
Copy link
Member

Yeah, once we find a stable rev and we know it works correctly we can send to meta-security.

ricardosalveti
ricardosalveti approved these changes Mar 2, 2023
View reviewed changes
Copy link
Member

@ricardosalveti ricardosalveti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, @ldts merge when needed.

@ldts
Copy link
Contributor

ldts commented Mar 2, 2023

testing now. btw when I build this is not landing in my wic and I dont want to trigger a clean build so just copying it manually to the target for testing

@quaresmajose quaresmajose force-pushed the pkcs11-provider branch 2 times, most recently from 194a5e6 to 58d00ab Compare March 3, 2023 18:22
@quaresmajose quaresmajose marked this pull request as draft March 3, 2023 18:22
@quaresmajose
Copy link
Member Author

Move to draft because we need to propose a change of BBFILE_PRIORITY in meta-security.

@quaresmajose
base: pkcs11-provider: add recipe
4829af8 
A pkcs#11 provider for OpenSSL 3.0+

This is an Openssl 3.x provider to access Hardware or Software
Tokens using the PKCS#11 Cryptographic Token Interface

Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: lmp-feature-tpm2: adds pkcs11-provider
0874842 
Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: tpm2-pkcs11: add 1.9.0 from meta-tpm rev 13653bf
d9f3fc2 
Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: tpm2-pkcs11: backport master tip
6b7294c 
Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: tpm2-pkcs11: add knob to control fapi
ae24282 
Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: layer: incrase the BBFILE_PRIORITY
140aa62 
The meta-tpm layer on meta-securit have the BBFILE_PRIORITY 10
and with that is not possible to provide other versions
of the recipes in meta-lmp-base.

Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: tpm2-tss/tpm2-pkcs11: enable fapi
5ed3354 
Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
Revert "base: tpm2-tss/tpm2-pkcs11: enable fapi"
6095690 
This reverts commit 1f89e9832946d6669cb121491df4cbdfa3b0bd81.

Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
Copy link
Member Author

I have already sent the patch to meta-security to change the layer priority but it can take a while for they land on kirstone stable branch, this if they are accepted.

Another solution can be rename our fork recipe to tpm2-pkcs11-fio_1.9.0.bb renaming acordante also our tpm2-pkcs11_%.bbappend and create a bbappend to replace the upstream version with ours in packagegroup-security-tpm2.bbappend

RDEPENDS:packagegroup-security-tpm2 += "tpm2-pkcs11-fio"
RDEPENDS:packagegroup-security-tpm2:remove = "tpm2-pkcs11"

A quick local test show that it works.

@ricardosalveti ricardosalveti mentioned this pull request Mar 8, 2023
Merged
@ricardosalveti
Copy link
Member

Will close this one as we're not going to use provider atm, and the other changes were merged in the other pr.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ricardosalveti ricardosalveti ricardosalveti approved these changes

@MrCry0 MrCry0 MrCry0 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@quaresmajose @ricardosalveti @ldts @MrCry0