| Message ID | 20241220140441.271395-13-mikko.rapeli@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | various updates | expand |
Mikko Rapeli via lists.yoctoproject.org schrieb am Fr 20. Dez, 16:04 (+0200): > Enable "tpm2" support if "tpm2" is in DISTRO_FEATURES. > Also enable cryptsetup, openssl and repart features which > are needed to use TPM device to encrypt filesystems with > systemd configuration. See: > > https://www.freedesktop.org/software/systemd/man/latest/systemd-repart.html#--tpm2-device= > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > --- > .../recipes-core/systemd/systemd_%.bbappend | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > create mode 100644 meta-tpm/recipes-core/systemd/systemd_%.bbappend > > diff --git a/meta-tpm/recipes-core/systemd/systemd_%.bbappend b/meta-tpm/recipes-core/systemd/systemd_%.bbappend > new file mode 100644 > index 0000000..82b79ba > --- /dev/null > +++ b/meta-tpm/recipes-core/systemd/systemd_%.bbappend > @@ -0,0 +1,17 @@ > +PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'tpm2', '', d)}" How about using `bb.utils.filter('DISTRO_FEATURES', 'tmp2', d)` here? Regards, Jörg
Hi, On Sun, Dec 22, 2024 at 08:37:05AM +0100, J�rg Sommer wrote: > Mikko Rapeli via lists.yoctoproject.org schrieb am Fr 20. Dez, 16:04 (+0200): > > Enable "tpm2" support if "tpm2" is in DISTRO_FEATURES. > > Also enable cryptsetup, openssl and repart features which > > are needed to use TPM device to encrypt filesystems with > > systemd configuration. See: > > > > https://www.freedesktop.org/software/systemd/man/latest/systemd-repart.html#--tpm2-device= > > > > Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> > > --- > > .../recipes-core/systemd/systemd_%.bbappend | 17 +++++++++++++++++ > > 1 file changed, 17 insertions(+) > > create mode 100644 meta-tpm/recipes-core/systemd/systemd_%.bbappend > > > > diff --git a/meta-tpm/recipes-core/systemd/systemd_%.bbappend b/meta-tpm/recipes-core/systemd/systemd_%.bbappend > > new file mode 100644 > > index 0000000..82b79ba > > --- /dev/null > > +++ b/meta-tpm/recipes-core/systemd/systemd_%.bbappend > > @@ -0,0 +1,17 @@ > > +PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'tpm2', '', d)}" > > How about using `bb.utils.filter('DISTRO_FEATURES', 'tmp2', d)` here? Yes, this could be an improvement. The end effect is the same. This patch is already merged so I'll try to remember this in future updates. Cheers, -Mikko
diff --git a/meta-tpm/recipes-core/systemd/systemd_%.bbappend b/meta-tpm/recipes-core/systemd/systemd_%.bbappend new file mode 100644 index 0000000..82b79ba --- /dev/null +++ b/meta-tpm/recipes-core/systemd/systemd_%.bbappend @@ -0,0 +1,17 @@ +PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'tpm2', '', d)}" + +# for encrypted filesystems +PACKAGECONFIG:append = " \ + ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'cryptsetup cryptsetup-plugins efi openssl repart', '', d)} \ +" + +# ukify.py and systemd-measure don't work in cross compile environment without +# a tpm2 device, thus switch from measured-uki (new in v256) back to tpm2 +# (default before v256). +# TODO: use swtpm-native to calculate TPM measurements +do_install:append() { + if "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'true', 'false', d)}"; then + sed -i -e "s/^ConditionSecurity=measured-uki/ConditionSecurity=tpm2/g" \ + $( grep -rl ^ConditionSecurity=measured-uki ${D} ) + fi +}
Enable "tpm2" support if "tpm2" is in DISTRO_FEATURES. Also enable cryptsetup, openssl and repart features which are needed to use TPM device to encrypt filesystems with systemd configuration. See: https://www.freedesktop.org/software/systemd/man/latest/systemd-repart.html#--tpm2-device= Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> --- .../recipes-core/systemd/systemd_%.bbappend | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 meta-tpm/recipes-core/systemd/systemd_%.bbappend