Date: Fri, 4 Nov 2022 11:05:22 GMT From: Mateusz Piotrowski <0mp@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 01e03aed2f7d - main - security/tpm-quote-tools: Add new port Message-ID: <202211041105.2A4B5MOC028736@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by 0mp: URL: https://cgit.FreeBSD.org/ports/commit/?id=01e03aed2f7d021e57c72563c9113249b6ed6456 commit 01e03aed2f7d021e57c72563c9113249b6ed6456 Author: Mateusz Piotrowski <0mp@FreeBSD.org> AuthorDate: 2022-11-03 13:26:29 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2022-11-04 11:05:08 +0000 security/tpm-quote-tools: Add new port The TPM Quote Tools is a collection of programs that provide support for TPM based attestation using the TPM quote mechanism. The manual page for tpm_quote_tools provides a usage overview. The manangement tools are only used to take ownership of a TPM. The additional patches[1] in files/ come from AUR and were authored by Michael Niewöhner. The patches were incomplete according to grawity[2]. I've incorporated grawity's feedback into our patches so that the -y flag is recognized by a call to getopt(). [1]: https://aur.archlinux.org/cgit/aur.git/plain/0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools [2]: https://aur.archlinux.org/packages/tpm-quote-tools#comment-684239 Sponsored by: Klara, Inc. --- security/Makefile | 1 + security/tpm-quote-tools/Makefile | 19 +++++++++ security/tpm-quote-tools/distinfo | 5 +++ security/tpm-quote-tools/files/patch-tpm__mkaik.8 | 24 +++++++++++ security/tpm-quote-tools/files/patch-tpm__mkaik.c | 51 +++++++++++++++++++++++ security/tpm-quote-tools/pkg-descr | 5 +++ security/tpm-quote-tools/pkg-plist | 17 ++++++++ 7 files changed, 122 insertions(+) diff --git a/security/Makefile b/security/Makefile index 581657e300b3..0ffcd131c72d 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1253,6 +1253,7 @@ SUBDIR += tor SUBDIR += tor-devel SUBDIR += totp-cli + SUBDIR += tpm-quote-tools SUBDIR += tpm-tools SUBDIR += tpm2-abrmd SUBDIR += tpm2-tools diff --git a/security/tpm-quote-tools/Makefile b/security/tpm-quote-tools/Makefile new file mode 100644 index 000000000000..3abb52ca7958 --- /dev/null +++ b/security/tpm-quote-tools/Makefile @@ -0,0 +1,19 @@ +PORTNAME= tpm-quote-tools +DISTVERSION= 1.0.4 +CATEGORIES= security +MASTER_SITES= SF/tpmquotetools/${PORTVERSION} + +MAINTAINER= 0mp@FreeBSD.org +COMMENT= Tools for TPM-based remote attestation using the TPM quote operation +WWW= https://sourceforge.net/projects/tpmquotetools/ + +LICENSE= BSD3CLAUSE +LICENSE_FILE= ${WRKSRC}/COPYING + +LIB_DEPENDS= libtspi.so:security/trousers + +USES= iconv localbase:ldflags ssl + +GNU_CONFIGURE= YES + +.include <bsd.port.mk> diff --git a/security/tpm-quote-tools/distinfo b/security/tpm-quote-tools/distinfo new file mode 100644 index 000000000000..d9ff6303af99 --- /dev/null +++ b/security/tpm-quote-tools/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1667481591 +SHA256 (tpm-quote-tools-1.0.4.tar.gz) = 10dc4eade02635557a9496b388360844cd18e7864e2eb882f5e45ab2fa405ae2 +SIZE (tpm-quote-tools-1.0.4.tar.gz) = 188806 +SHA256 (0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools) = 32f814b8d22c409d3543c34e4199f21152a30f3410162ef6c91f6a713641f19d +SIZE (0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools) = 2803 diff --git a/security/tpm-quote-tools/files/patch-tpm__mkaik.8 b/security/tpm-quote-tools/files/patch-tpm__mkaik.8 new file mode 100644 index 000000000000..15f0683bd61d --- /dev/null +++ b/security/tpm-quote-tools/files/patch-tpm__mkaik.8 @@ -0,0 +1,24 @@ +--- tpm_mkaik.8.orig 2017-01-18 17:10:09 UTC ++++ tpm_mkaik.8 +@@ -3,7 +3,7 @@ tpm_mkaik \- make a TPM Attestation Identity Key + tpm_mkaik \- make a TPM Attestation Identity Key + .SH SYNOPSIS + .B tpm_mkaik +-.RB [ \-zuhv ] ++.RB [ \-yzuhv ] + .RI BLOB-FILE + .RI PUBKEY-FILE + .br +@@ -16,8 +16,11 @@ The public key is DER encoded. + .RI PUBKEY-FILE. + The public key is DER encoded. + .TP +-.RB \-z ++.RB \-y + Use the well known secret used as the owner secret. ++.TP ++.RB \-z ++Use the well known secret used as the SRK secret. + .TP + .RB \-u + Use TSS UNICODE encoding for passwords. diff --git a/security/tpm-quote-tools/files/patch-tpm__mkaik.c b/security/tpm-quote-tools/files/patch-tpm__mkaik.c new file mode 100644 index 000000000000..2da26581ec93 --- /dev/null +++ b/security/tpm-quote-tools/files/patch-tpm__mkaik.c @@ -0,0 +1,51 @@ +--- tpm_mkaik.c.orig 2017-05-26 13:25:17 UTC ++++ tpm_mkaik.c +@@ -102,7 +102,8 @@ static int usage(const char *prog) + const char text[] = + "Usage: %s [options] blob pubkey\n" + "Options:\n" +- "\t-z Use well known secret used as owner secret\n" ++ "\t-y Use well known secret used as owner secret\n" ++ "\t-z Use well known secret used as SRK secret\n" + "\t-u Use TSS UNICODE encoding for passwords\n" + "\t-h Display command usage info\n" + "\t-v Display command version info\n" +@@ -115,13 +116,17 @@ int main (int argc, char **argv) + + int main (int argc, char **argv) + { +- int well_known = 0; ++ int well_known_srk = 0; ++ int well_known_owner = 0; + int utf16le = 0; + int opt; +- while ((opt = getopt(argc, argv, "zuhv")) != -1) { ++ while ((opt = getopt(argc, argv, "yzuhv")) != -1) { + switch (opt) { ++ case 'y': ++ well_known_owner = 1; ++ break; + case 'z': +- well_known = 1; ++ well_known_srk = 1; + break; + case 'u': + utf16le = 1; +@@ -173,7 +178,7 @@ int main (int argc, char **argv) + if (rc != TSS_SUCCESS) + return tidy(hContext, tss_err(rc, "getting SRK policy")); + +- rc = setSecret("Enter SRK password: ", hContext, hSrkPolicy, well_known, utf16le); ++ rc = setSecret("Enter SRK password: ", hContext, hSrkPolicy, well_known_srk, utf16le); + if (rc != TSS_SUCCESS) + return tidy(hContext, tss_err(rc, "setting SRK secret")); + +@@ -193,7 +198,7 @@ int main (int argc, char **argv) + if (rc != TSS_SUCCESS) + return tidy(hContext, tss_err(rc, "assigning TPM policy")); + +- rc = setSecret("Enter owner password: ", hContext, hTPMPolicy, well_known, utf16le); ++ rc = setSecret("Enter owner password: ", hContext, hTPMPolicy, well_known_owner, utf16le); + if (rc != TSS_SUCCESS) + return tidy(hContext, tss_err(rc, "setting TPM policy secret")); + diff --git a/security/tpm-quote-tools/pkg-descr b/security/tpm-quote-tools/pkg-descr new file mode 100644 index 000000000000..affeb9e0e71e --- /dev/null +++ b/security/tpm-quote-tools/pkg-descr @@ -0,0 +1,5 @@ +The TPM Quote Tools is a collection of programs that provide support +for TPM based attestation using the TPM quote mechanism. The manual +page for tpm_quote_tools provides a usage overview. + +The management tools are only used to take ownership of a TPM. diff --git a/security/tpm-quote-tools/pkg-plist b/security/tpm-quote-tools/pkg-plist new file mode 100644 index 000000000000..4243caa18d84 --- /dev/null +++ b/security/tpm-quote-tools/pkg-plist @@ -0,0 +1,17 @@ +bin/tpm_getpcrhash +bin/tpm_getquote +bin/tpm_loadkey +bin/tpm_mkaik +bin/tpm_mkuuid +bin/tpm_unloadkey +bin/tpm_updatepcrhash +bin/tpm_verifyquote +man/man8/tpm_getpcrhash.8.gz +man/man8/tpm_getquote.8.gz +man/man8/tpm_loadkey.8.gz +man/man8/tpm_mkaik.8.gz +man/man8/tpm_mkuuid.8.gz +man/man8/tpm_quote_tools.8.gz +man/man8/tpm_unloadkey.8.gz +man/man8/tpm_updatepcrhash.8.gz +man/man8/tpm_verifyquote.8.gz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202211041105.2A4B5MOC028736>