[Buildroot] [PATCH 1/1] package/wolftpm: new package

Dimi Tomov dimi at tpm.dev
Wed Jun 1 21:03:39 UTC 2022 

Hello Thomas,

I have this working on a STM32MP157F-DK2 board with a ST33 TPM.

https://gist.github.com/tomoveu/8f0519cb8d75a5374a999f29640cf45c

Could it be that because I am using $make wolftpm-rebuild is saving me 
from seeing the same errors?

ps: Do I need to submit v4?

Thanks,

Dimi

On 2022-06-01 11:50 PM, Thomas Petazzoni via buildroot wrote:
> Hello Dimitar,
> 
> On Wed,  1 Jun 2022 22:47:46 +0300
> Dimi Tomov <dimi at tpm.dev> wrote:
> 
>> From: Dimitar Tomov <dimi at tpm.dev>
>> 
>> wolfTPM is an open-source TPM 2.0 stack with backward API 
>> compatibility,
>> designed for embedded use. It is highly portable, and has native 
>> support
>> for Linux. wolfTPM has a compact code size with low resource usage.
>> 
>> Signed-off-by: Dimitar Tomov <dimi at tpm.dev>
> 
> I've applied to our next branch, but after doing several additional
> fixes. Also, there is something to be fixed upstream, see below.
> 
>> diff --git a/DEVELOPERS b/DEVELOPERS
>> index 71cc3da6d7..c123d1b915 100644
>> --- a/DEVELOPERS
>> +++ b/DEVELOPERS
>> @@ -3072,3 +3072,6 @@ F:	package/quazip/
>>  F:	package/shapelib/
>>  F:	package/simple-mail/
>>  F:	package/tinc/
>> +
>> +N:	Dimi Tomov <dimi at tpm.dev>
>> +F:	package/wolftpm/
> 
> Entries in this file are alphabetically sorted, so you shouldn't have
> added yourself at the end, but at the "right" place.
> 
>> diff --git a/package/wolftpm/Config.in b/package/wolftpm/Config.in
>> new file mode 100644
>> index 0000000000..23932a4170
>> --- /dev/null
>> +++ b/package/wolftpm/Config.in
>> @@ -0,0 +1,15 @@
>> +config BR2_PACKAGE_WOLFTPM
>> +	bool "wolftpm"
>> +	depends on BR2_TOOLCHAIN_HAS_THREADS
> 
> You forgot:
> 
> 	depends on !BR2_STATIC_LIBS
> 
> which you need to replicate because you select BR2_PACKAGE_WOLFSSL_ALL.
> 
>> +	select on BR2_PACKAGE_WOLFSSL
>> +	select on BR2_PACKAGE_WOLFSSL_ALL
> 
> I'm wondering if you tested this, because "select on" doesn't exist in
> Kconfig. It's either "select" or "depends on", but not a mix of both.
> 
>> +	help
>> +	  wolfTPM is a portable, open-source TPM 2.0 stack with
>> +	  backward API compatibility, designed for embedded use.
>> +	  No external dependencies, compact code size with low
>> +	  resource usage.
>> +
>> +	  https://www.wolfssl.com/
>> +
>> +comment "wolftpm needs a toolchain w/ threads"
>> +	depends on !BR2_TOOLCHAIN_HAS_THREADS
> 
> The comment had to be adjusted due to the !BR2_STATIC_LIBS dependency.
> 
>> diff --git a/package/wolftpm/wolftpm.hash 
>> b/package/wolftpm/wolftpm.hash
>> new file mode 100644
>> index 0000000000..6dbf143ffe
>> --- /dev/null
>> +++ b/package/wolftpm/wolftpm.hash
>> @@ -0,0 +1,2 @@
>> +# Hash from 
>> https://github.com/wolfSSL/wolfTPM/archive/refs/tags/v2.3.1.tar.gz
>> +sha256  
>> f0d7c095491ac2cc9e44aa4ac3c22febf15942ef080431d8b43a9d0312ca6567  
>> wolftpm-2.3.1.tar.gz
> 
> Gaah, I'm noticing now that the hash of the LICENSE file is missing,
> and I didn't realize before applying. I will fix this up.
> 
>> diff --git a/package/wolftpm/wolftpm.mk b/package/wolftpm/wolftpm.mk
>> new file mode 100644
>> index 0000000000..1e1ddc13e3
>> --- /dev/null
>> +++ b/package/wolftpm/wolftpm.mk
>> @@ -0,0 +1,29 @@
>> +################################################################################
>> +#
>> +# wolftpm
>> +#
>> +################################################################################
>> +
>> +WOLFTPM_VERSION = 2.3.1
>> +WOLFTPM_SITE = $(call github,wolfSSL,wolfTPM,v$(WOLFTPM_VERSION))
>> +WOLFTPM_INSTALL_STAGING = YES
>> +WOLFTPM_LICENSE = GPL-2.0+
>> +WOLFTPM_LICENSE_FILES = LICENSE
>> +WOLFTPM_CPE_ID_VENDOR = wolfssl
>> +
>> +WOLFTPM_DEPENDENCIES = host-pkgconf
> 
> I've added:
> 
> WOLFTPM_CONFIG_SCRIPTS = wolftpm-config
> 
> so that the wolftpm-config script installed in $(STAGING_DIR)/usr/bin
> returns correct results.
> 
>> +# wolfTPM's source code is released without a configure script,
>> +# therefore we need autoreconf
>> +WOLFTPM_AUTORECONF = YES
>> +
>> +WOLFTPM_CONF_OPTS = --disable-examples --enable-devtpm
> 
> With just this, the build was failing for me, as wolftpm couldn't find
> wolfssl. I had to add:
> 
>         --with-wolfcrypt=$(STAGING_DIR)/usr
> 
>> +define WOLFTPM_CONFIG_RPATH
> 
> I renamed the hook to WOLFTPM_TOUCH_CONFIG_RPATH
> 
>> +    mkdir $(@D)/build-aux
> 
> Changed to "mkdir -p" so that the hook can be re-executed without
> failing.
> 
>> +    touch $(@D)/build-aux/config.rpath
>> +endef
>> +# Fix for autoconf bug with config.rconf
> 
> There is no autoreconf bug. The bug is in the code of wolftpm. In the
> configure.ac script line 165, it uses the AC_LIB_HAVE_LINKFLAGS m4
> macro, which comes from gnulib. This macro is documented at, which
> specifies:
> 
> Example of using AC_LIB_LINKFLAGS
> 
> Suppose you want to use libz, the compression library.
> 
>    (1)  In configure.ac you add the line
> 
>       AC_CONFIG_AUX_DIR([build-aux])
>       AC_LIB_LINKFLAGS([z])
> 
>     Note that since the AC_LIB_LINKFLAGS invocation modifies the
>     CPPFLAGS, it should precede all tests that check for header files,
>     declarations, structures or types.
> 
> 
>     (2) To the package’s build-aux directory you add the file
>     config.rpath, also part of the Gnulib havelib module. (gnulib-tool
>     will usually do this for you automatically.)
> 
> 
>     (3) In Makefile.in you add @LIBZ@ to the link command line of your
>     program. Or, if you are using Automake, you add $(LIBZ) to the
>     LDADD variable that corresponds to your program.
> 
> See point (2) ? This is what wasn't done correctly in wolftpm when
> integrating this gnulib m4 macro.
> 
> Ideally this should be fixed in the upstream wolftpm code. However, to
> be honest, I'm not even sure why your configure.ac file is using
> AC_LIB_HAVE_LINKFLAGS(). You should probably just migrate to use
> pkg-config.
> 
> Thanks for your contribution!
> 
> Thomas

-- 
Founder of TPM.dev

More information about the buildroot mailing list