[Buildroot] [PATCH 1/1] package/wolftpm: new package
Dimi Tomov
dimi at tpm.dev
Wed Jun 1 21:03:39 UTC 2022
Hello Thomas,
I have this working on a STM32MP157F-DK2 board with a ST33 TPM.
https://gist.github.com/tomoveu/8f0519cb8d75a5374a999f29640cf45c
Could it be that because I am using $make wolftpm-rebuild is saving me
from seeing the same errors?
ps: Do I need to submit v4?
Thanks,
Dimi
On 2022-06-01 11:50 PM, Thomas Petazzoni via buildroot wrote:
> Hello Dimitar,
>
> On Wed, 1 Jun 2022 22:47:46 +0300
> Dimi Tomov <dimi at tpm.dev> wrote:
>
>> From: Dimitar Tomov <dimi at tpm.dev>
>>
>> wolfTPM is an open-source TPM 2.0 stack with backward API
>> compatibility,
>> designed for embedded use. It is highly portable, and has native
>> support
>> for Linux. wolfTPM has a compact code size with low resource usage.
>>
>> Signed-off-by: Dimitar Tomov <dimi at tpm.dev>
>
> I've applied to our next branch, but after doing several additional
> fixes. Also, there is something to be fixed upstream, see below.
>
>> diff --git a/DEVELOPERS b/DEVELOPERS
>> index 71cc3da6d7..c123d1b915 100644
>> --- a/DEVELOPERS
>> +++ b/DEVELOPERS
>> @@ -3072,3 +3072,6 @@ F: package/quazip/
>> F: package/shapelib/
>> F: package/simple-mail/
>> F: package/tinc/
>> +
>> +N: Dimi Tomov <dimi at tpm.dev>
>> +F: package/wolftpm/
>
> Entries in this file are alphabetically sorted, so you shouldn't have
> added yourself at the end, but at the "right" place.
>
>> diff --git a/package/wolftpm/Config.in b/package/wolftpm/Config.in
>> new file mode 100644
>> index 0000000000..23932a4170
>> --- /dev/null
>> +++ b/package/wolftpm/Config.in
>> @@ -0,0 +1,15 @@
>> +config BR2_PACKAGE_WOLFTPM
>> + bool "wolftpm"
>> + depends on BR2_TOOLCHAIN_HAS_THREADS
>
> You forgot:
>
> depends on !BR2_STATIC_LIBS
>
> which you need to replicate because you select BR2_PACKAGE_WOLFSSL_ALL.
>
>> + select on BR2_PACKAGE_WOLFSSL
>> + select on BR2_PACKAGE_WOLFSSL_ALL
>
> I'm wondering if you tested this, because "select on" doesn't exist in
> Kconfig. It's either "select" or "depends on", but not a mix of both.
>
>> + help
>> + wolfTPM is a portable, open-source TPM 2.0 stack with
>> + backward API compatibility, designed for embedded use.
>> + No external dependencies, compact code size with low
>> + resource usage.
>> +
>> + https://www.wolfssl.com/
>> +
>> +comment "wolftpm needs a toolchain w/ threads"
>> + depends on !BR2_TOOLCHAIN_HAS_THREADS
>
> The comment had to be adjusted due to the !BR2_STATIC_LIBS dependency.
>
>> diff --git a/package/wolftpm/wolftpm.hash
>> b/package/wolftpm/wolftpm.hash
>> new file mode 100644
>> index 0000000000..6dbf143ffe
>> --- /dev/null
>> +++ b/package/wolftpm/wolftpm.hash
>> @@ -0,0 +1,2 @@
>> +# Hash from
>> https://github.com/wolfSSL/wolfTPM/archive/refs/tags/v2.3.1.tar.gz
>> +sha256
>> f0d7c095491ac2cc9e44aa4ac3c22febf15942ef080431d8b43a9d0312ca6567
>> wolftpm-2.3.1.tar.gz
>
> Gaah, I'm noticing now that the hash of the LICENSE file is missing,
> and I didn't realize before applying. I will fix this up.
>
>> diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk
>> new file mode 100644
>> index 0000000000..1e1ddc13e3
>> --- /dev/null
>> +++ b/package/wolftpm/wolftpm.mk
>> @@ -0,0 +1,29 @@
>> +################################################################################
>> +#
>> +# wolftpm
>> +#
>> +################################################################################
>> +
>> +WOLFTPM_VERSION = 2.3.1
>> +WOLFTPM_SITE = $(call github,wolfSSL,wolfTPM,v$(WOLFTPM_VERSION))
>> +WOLFTPM_INSTALL_STAGING = YES
>> +WOLFTPM_LICENSE = GPL-2.0+
>> +WOLFTPM_LICENSE_FILES = LICENSE
>> +WOLFTPM_CPE_ID_VENDOR = wolfssl
>> +
>> +WOLFTPM_DEPENDENCIES = host-pkgconf
>
> I've added:
>
> WOLFTPM_CONFIG_SCRIPTS = wolftpm-config
>
> so that the wolftpm-config script installed in $(STAGING_DIR)/usr/bin
> returns correct results.
>
>> +# wolfTPM's source code is released without a configure script,
>> +# therefore we need autoreconf
>> +WOLFTPM_AUTORECONF = YES
>> +
>> +WOLFTPM_CONF_OPTS = --disable-examples --enable-devtpm
>
> With just this, the build was failing for me, as wolftpm couldn't find
> wolfssl. I had to add:
>
> --with-wolfcrypt=$(STAGING_DIR)/usr
>
>> +define WOLFTPM_CONFIG_RPATH
>
> I renamed the hook to WOLFTPM_TOUCH_CONFIG_RPATH
>
>> + mkdir $(@D)/build-aux
>
> Changed to "mkdir -p" so that the hook can be re-executed without
> failing.
>
>> + touch $(@D)/build-aux/config.rpath
>> +endef
>> +# Fix for autoconf bug with config.rconf
>
> There is no autoreconf bug. The bug is in the code of wolftpm. In the
> configure.ac script line 165, it uses the AC_LIB_HAVE_LINKFLAGS m4
> macro, which comes from gnulib. This macro is documented at, which
> specifies:
>
> Example of using AC_LIB_LINKFLAGS
>
> Suppose you want to use libz, the compression library.
>
> (1) In configure.ac you add the line
>
> AC_CONFIG_AUX_DIR([build-aux])
> AC_LIB_LINKFLAGS([z])
>
> Note that since the AC_LIB_LINKFLAGS invocation modifies the
> CPPFLAGS, it should precede all tests that check for header files,
> declarations, structures or types.
>
>
> (2) To the package’s build-aux directory you add the file
> config.rpath, also part of the Gnulib havelib module. (gnulib-tool
> will usually do this for you automatically.)
>
>
> (3) In Makefile.in you add @LIBZ@ to the link command line of your
> program. Or, if you are using Automake, you add $(LIBZ) to the
> LDADD variable that corresponds to your program.
>
> See point (2) ? This is what wasn't done correctly in wolftpm when
> integrating this gnulib m4 macro.
>
> Ideally this should be fixed in the upstream wolftpm code. However, to
> be honest, I'm not even sure why your configure.ac file is using
> AC_LIB_HAVE_LINKFLAGS(). You should probably just migrate to use
> pkg-config.
>
> Thanks for your contribution!
>
> Thomas
--
Founder of TPM.dev
More information about the buildroot
mailing list