From e45961cc1b2d0636d7329bc3f3a0f6381e4094d2 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20Weism=C3=BCller?= Date: Tue, 8 Jul 2025 17:04:28 +0200 Subject: [PATCH] swtpm: New package MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This implements an emulator for TPM 2.0 devices for libvirt to be able to run virtual machines with Windows 11+. Signed-off-by: Daniel Weismüller Signed-off-by: Michael Tremer --- config/rootfiles/packages/swtpm | 239 ++++++++++++++++++++++++++++++++ lfs/libvirt | 4 +- lfs/swtpm | 89 ++++++++++++ make.sh | 3 +- 4 files changed, 332 insertions(+), 3 deletions(-) create mode 100644 config/rootfiles/packages/swtpm create mode 100644 lfs/swtpm diff --git a/config/rootfiles/packages/swtpm b/config/rootfiles/packages/swtpm new file mode 100644 index 000000000..19dca860d --- /dev/null +++ b/config/rootfiles/packages/swtpm @@ -0,0 +1,239 @@ +etc/swtpm-localca.conf +etc/swtpm-localca.options +etc/swtpm_setup.conf +usr/bin/swtpm +usr/bin/swtpm_bios +usr/bin/swtpm_cert +usr/bin/swtpm_ioctl +usr/bin/swtpm_localca +usr/bin/swtpm_setup +#usr/include/swtpm +#usr/include/swtpm/tpm_ioctl.h +#usr/lib/swtpm +#usr/lib/swtpm/libswtpm_libtpms.a +#usr/lib/swtpm/libswtpm_libtpms.la +usr/lib/swtpm/libswtpm_libtpms.so +usr/lib/swtpm/libswtpm_libtpms.so.0 +usr/lib/swtpm/libswtpm_libtpms.so.0.0.0 +#usr/libexec/installed-tests/swtpm +#usr/libexec/installed-tests/swtpm/_test_encrypted_state +#usr/libexec/installed-tests/swtpm/_test_getcap +#usr/libexec/installed-tests/swtpm/_test_hashing +#usr/libexec/installed-tests/swtpm/_test_hashing2 +#usr/libexec/installed-tests/swtpm/_test_init +#usr/libexec/installed-tests/swtpm/_test_locality +#usr/libexec/installed-tests/swtpm/_test_migration_key +#usr/libexec/installed-tests/swtpm/_test_migration_key_2 +#usr/libexec/installed-tests/swtpm/_test_print_capabilities +#usr/libexec/installed-tests/swtpm/_test_print_states +#usr/libexec/installed-tests/swtpm/_test_resume_volatile +#usr/libexec/installed-tests/swtpm/_test_save_load_encrypted_state +#usr/libexec/installed-tests/swtpm/_test_save_load_state +#usr/libexec/installed-tests/swtpm/_test_setbuffersize +#usr/libexec/installed-tests/swtpm/_test_swtpm_bios +#usr/libexec/installed-tests/swtpm/_test_tpm2_avoid_da_lockout +#usr/libexec/installed-tests/swtpm/_test_tpm2_derived_keys +#usr/libexec/installed-tests/swtpm/_test_tpm2_encrypted_state +#usr/libexec/installed-tests/swtpm/_test_tpm2_file_permissions +#usr/libexec/installed-tests/swtpm/_test_tpm2_getcap +#usr/libexec/installed-tests/swtpm/_test_tpm2_hashing +#usr/libexec/installed-tests/swtpm/_test_tpm2_hashing2 +#usr/libexec/installed-tests/swtpm/_test_tpm2_hashing3 +#usr/libexec/installed-tests/swtpm/_test_tpm2_init +#usr/libexec/installed-tests/swtpm/_test_tpm2_locality +#usr/libexec/installed-tests/swtpm/_test_tpm2_migration_key +#usr/libexec/installed-tests/swtpm/_test_tpm2_print_capabilities +#usr/libexec/installed-tests/swtpm/_test_tpm2_print_states +#usr/libexec/installed-tests/swtpm/_test_tpm2_probe +#usr/libexec/installed-tests/swtpm/_test_tpm2_resume_volatile +#usr/libexec/installed-tests/swtpm/_test_tpm2_save_load_encrypted_state +#usr/libexec/installed-tests/swtpm/_test_tpm2_save_load_state +#usr/libexec/installed-tests/swtpm/_test_tpm2_save_load_state_da_timeout +#usr/libexec/installed-tests/swtpm/_test_tpm2_save_load_state_locking +#usr/libexec/installed-tests/swtpm/_test_tpm2_savestate +#usr/libexec/installed-tests/swtpm/_test_tpm2_setbuffersize +#usr/libexec/installed-tests/swtpm/_test_tpm2_swtpm_bios +#usr/libexec/installed-tests/swtpm/_test_tpm2_volatilestate +#usr/libexec/installed-tests/swtpm/_test_tpm2_wrongorder +#usr/libexec/installed-tests/swtpm/_test_tpm_probe +#usr/libexec/installed-tests/swtpm/_test_volatilestate +#usr/libexec/installed-tests/swtpm/_test_wrongorder +#usr/libexec/installed-tests/swtpm/common +#usr/libexec/installed-tests/swtpm/create_certs.sh +#usr/libexec/installed-tests/swtpm/data +#usr/libexec/installed-tests/swtpm/data/ecprivek.pem +#usr/libexec/installed-tests/swtpm/data/ecpubek.pem +#usr/libexec/installed-tests/swtpm/data/issuercert.pem +#usr/libexec/installed-tests/swtpm/data/keyfile.txt +#usr/libexec/installed-tests/swtpm/data/keyfile256bit.txt +#usr/libexec/installed-tests/swtpm/data/migkey1 +#usr/libexec/installed-tests/swtpm/data/migkey1/tpm2-volatilestate.bin +#usr/libexec/installed-tests/swtpm/data/migkey1/volatilestate.bin +#usr/libexec/installed-tests/swtpm/data/pubek.pem +#usr/libexec/installed-tests/swtpm/data/pwdfile.txt +#usr/libexec/installed-tests/swtpm/data/signkey-encrypted.pem +#usr/libexec/installed-tests/swtpm/data/signkey.pem +#usr/libexec/installed-tests/swtpm/data/tpm2state1 +#usr/libexec/installed-tests/swtpm/data/tpm2state1/tpm2-00.permall +#usr/libexec/installed-tests/swtpm/data/tpm2state1/tpm2-00.volatilestate +#usr/libexec/installed-tests/swtpm/data/tpm2state2 +#usr/libexec/installed-tests/swtpm/data/tpm2state2/pwdfile.txt +#usr/libexec/installed-tests/swtpm/data/tpm2state2/tpm2-00.permall +#usr/libexec/installed-tests/swtpm/data/tpm2state2/tpm2-00.volatilestate +#usr/libexec/installed-tests/swtpm/data/tpm2state2b +#usr/libexec/installed-tests/swtpm/data/tpm2state2b/pwdfile.txt +#usr/libexec/installed-tests/swtpm/data/tpm2state2b/tpm2-00.permall +#usr/libexec/installed-tests/swtpm/data/tpm2state2b/tpm2-00.volatilestate +#usr/libexec/installed-tests/swtpm/data/tpm2state3 +#usr/libexec/installed-tests/swtpm/data/tpm2state3/hkey.priv +#usr/libexec/installed-tests/swtpm/data/tpm2state3/hkey.pub +#usr/libexec/installed-tests/swtpm/data/tpm2state3/signature.bin +#usr/libexec/installed-tests/swtpm/data/tpm2state3/tpm2-00.permall +#usr/libexec/installed-tests/swtpm/data/tpm2state3b +#usr/libexec/installed-tests/swtpm/data/tpm2state3b/h02000000.bin +#usr/libexec/installed-tests/swtpm/data/tpm2state3b/h81000000.bin +#usr/libexec/installed-tests/swtpm/data/tpm2state3b/tpm2-00.permall +#usr/libexec/installed-tests/swtpm/data/tpm2state3b/tpm2-00.volatilestate +#usr/libexec/installed-tests/swtpm/data/tpm2state3c +#usr/libexec/installed-tests/swtpm/data/tpm2state3c/tpm2-00.permall +#usr/libexec/installed-tests/swtpm/data/tpm2state3c/tpm2-00.volatilestate +#usr/libexec/installed-tests/swtpm/data/tpm2state3d +#usr/libexec/installed-tests/swtpm/data/tpm2state3d/signature2.bin +#usr/libexec/installed-tests/swtpm/data/tpm2state3d/tpm2-00.permall +#usr/libexec/installed-tests/swtpm/data/tpm2state3d/tpm2-00.volatilestate +#usr/libexec/installed-tests/swtpm/data/tpm2state4 +#usr/libexec/installed-tests/swtpm/data/tpm2state4/tpm2-00.permall +#usr/libexec/installed-tests/swtpm/data/tpm2state4/tpm2-00.volatilestate +#usr/libexec/installed-tests/swtpm/data/tpm2state5 +#usr/libexec/installed-tests/swtpm/data/tpm2state5/signature.bin +#usr/libexec/installed-tests/swtpm/data/tpm2state5/tpm2-00.permall +#usr/libexec/installed-tests/swtpm/data/tpm2state6 +#usr/libexec/installed-tests/swtpm/data/tpm2state6/tpm2-00.permall +#usr/libexec/installed-tests/swtpm/data/tpmstate1 +#usr/libexec/installed-tests/swtpm/data/tpmstate1/README +#usr/libexec/installed-tests/swtpm/data/tpmstate1/tpm-00.permall +#usr/libexec/installed-tests/swtpm/data/tpmstate1/tpm-00.volatilestate +#usr/libexec/installed-tests/swtpm/data/tpmstate2 +#usr/libexec/installed-tests/swtpm/data/tpmstate2/README +#usr/libexec/installed-tests/swtpm/data/tpmstate2/pwdfile.txt +#usr/libexec/installed-tests/swtpm/data/tpmstate2/tpm-00.permall +#usr/libexec/installed-tests/swtpm/data/tpmstate2/tpm-00.volatilestate +#usr/libexec/installed-tests/swtpm/data/tpmstate2b +#usr/libexec/installed-tests/swtpm/data/tpmstate2b/pwdfile.txt +#usr/libexec/installed-tests/swtpm/data/tpmstate2b/tpm-00.permall +#usr/libexec/installed-tests/swtpm/data/tpmstate2b/tpm-00.volatilestate +#usr/libexec/installed-tests/swtpm/fileinstall +#usr/libexec/installed-tests/swtpm/installed-runner.sh +#usr/libexec/installed-tests/swtpm/load_vtpm_proxy +#usr/libexec/installed-tests/swtpm/patches +#usr/libexec/installed-tests/swtpm/patches/0001-Deactivate-test-cases-accessing-rootcerts.txt.patch +#usr/libexec/installed-tests/swtpm/patches/0002-Implement-powerup-for-swtpm.patch +#usr/libexec/installed-tests/swtpm/patches/0003-Set-CRYPTOLIBRARY-to-openssl.patch +#usr/libexec/installed-tests/swtpm/patches/0004-Store-and-restore-volatile-state-at-every-step.patch +#usr/libexec/installed-tests/swtpm/patches/0005-Disable-tests-related-to-events.patch +#usr/libexec/installed-tests/swtpm/patches/0010-Adjust-test-cases-for-OpenSSL-3.patch +#usr/libexec/installed-tests/swtpm/patches/0012-Disable-Nuvoton-commands.patch +#usr/libexec/installed-tests/swtpm/patches/libtpm.patch +#usr/libexec/installed-tests/swtpm/sed-inplace +#usr/libexec/installed-tests/swtpm/softhsm_setup +#usr/libexec/installed-tests/swtpm/swtpm_setup.conf +#usr/libexec/installed-tests/swtpm/test_clientfds.py +#usr/libexec/installed-tests/swtpm/test_commandline +#usr/libexec/installed-tests/swtpm/test_common +#usr/libexec/installed-tests/swtpm/test_config +#usr/libexec/installed-tests/swtpm/test_ctrlchannel +#usr/libexec/installed-tests/swtpm/test_ctrlchannel2 +#usr/libexec/installed-tests/swtpm/test_ctrlchannel3 +#usr/libexec/installed-tests/swtpm/test_ctrlchannel4 +#usr/libexec/installed-tests/swtpm/test_cuse +#usr/libexec/installed-tests/swtpm/test_encrypted_state +#usr/libexec/installed-tests/swtpm/test_getcap +#usr/libexec/installed-tests/swtpm/test_hashing +#usr/libexec/installed-tests/swtpm/test_hashing2 +#usr/libexec/installed-tests/swtpm/test_init +#usr/libexec/installed-tests/swtpm/test_locality +#usr/libexec/installed-tests/swtpm/test_migration_key +#usr/libexec/installed-tests/swtpm/test_parameters +#usr/libexec/installed-tests/swtpm/test_print_capabilities +#usr/libexec/installed-tests/swtpm/test_print_states +#usr/libexec/installed-tests/swtpm/test_resume_volatile +#usr/libexec/installed-tests/swtpm/test_samples_create_tpmca +#usr/libexec/installed-tests/swtpm/test_save_load_encrypted_state +#usr/libexec/installed-tests/swtpm/test_save_load_state +#usr/libexec/installed-tests/swtpm/test_setbuffersize +#usr/libexec/installed-tests/swtpm/test_setdatafd.py +#usr/libexec/installed-tests/swtpm/test_swtpm_bios +#usr/libexec/installed-tests/swtpm/test_swtpm_cert +#usr/libexec/installed-tests/swtpm/test_swtpm_setup_create_cert +#usr/libexec/installed-tests/swtpm/test_swtpm_setup_file_backend +#usr/libexec/installed-tests/swtpm/test_swtpm_setup_misc +#usr/libexec/installed-tests/swtpm/test_swtpm_setup_overwrite +#usr/libexec/installed-tests/swtpm/test_tpm12 +#usr/libexec/installed-tests/swtpm/test_tpm2_avoid_da_lockout +#usr/libexec/installed-tests/swtpm/test_tpm2_chroot_chardev +#usr/libexec/installed-tests/swtpm/test_tpm2_chroot_cuse +#usr/libexec/installed-tests/swtpm/test_tpm2_chroot_socket +#usr/libexec/installed-tests/swtpm/test_tpm2_ctrlchannel2 +#usr/libexec/installed-tests/swtpm/test_tpm2_ctrlchannel3 +#usr/libexec/installed-tests/swtpm/test_tpm2_derived_keys +#usr/libexec/installed-tests/swtpm/test_tpm2_encrypted_state +#usr/libexec/installed-tests/swtpm/test_tpm2_file_permissions +#usr/libexec/installed-tests/swtpm/test_tpm2_getcap +#usr/libexec/installed-tests/swtpm/test_tpm2_hashing +#usr/libexec/installed-tests/swtpm/test_tpm2_hashing2 +#usr/libexec/installed-tests/swtpm/test_tpm2_hashing3 +#usr/libexec/installed-tests/swtpm/test_tpm2_ibmtss2 +#usr/libexec/installed-tests/swtpm/test_tpm2_init +#usr/libexec/installed-tests/swtpm/test_tpm2_libtpms_versions_profiles +#usr/libexec/installed-tests/swtpm/test_tpm2_locality +#usr/libexec/installed-tests/swtpm/test_tpm2_migration_key +#usr/libexec/installed-tests/swtpm/test_tpm2_parameters +#usr/libexec/installed-tests/swtpm/test_tpm2_partial_reads +#usr/libexec/installed-tests/swtpm/test_tpm2_print_capabilities +#usr/libexec/installed-tests/swtpm/test_tpm2_print_states +#usr/libexec/installed-tests/swtpm/test_tpm2_probe +#usr/libexec/installed-tests/swtpm/test_tpm2_resume_volatile +#usr/libexec/installed-tests/swtpm/test_tpm2_save_load_encrypted_state +#usr/libexec/installed-tests/swtpm/test_tpm2_save_load_state +#usr/libexec/installed-tests/swtpm/test_tpm2_save_load_state_2 +#usr/libexec/installed-tests/swtpm/test_tpm2_save_load_state_2_block +#usr/libexec/installed-tests/swtpm/test_tpm2_save_load_state_2_linear +#usr/libexec/installed-tests/swtpm/test_tpm2_save_load_state_3 +#usr/libexec/installed-tests/swtpm/test_tpm2_save_load_state_da_timeout +#usr/libexec/installed-tests/swtpm/test_tpm2_save_load_state_locking +#usr/libexec/installed-tests/swtpm/test_tpm2_savestate +#usr/libexec/installed-tests/swtpm/test_tpm2_setbuffersize +#usr/libexec/installed-tests/swtpm/test_tpm2_swtpm_bios +#usr/libexec/installed-tests/swtpm/test_tpm2_swtpm_cert +#usr/libexec/installed-tests/swtpm/test_tpm2_swtpm_cert_ecc +#usr/libexec/installed-tests/swtpm/test_tpm2_swtpm_localca +#usr/libexec/installed-tests/swtpm/test_tpm2_swtpm_localca_pkcs11.test +#usr/libexec/installed-tests/swtpm/test_tpm2_swtpm_setup_create_cert +#usr/libexec/installed-tests/swtpm/test_tpm2_swtpm_setup_overwrite +#usr/libexec/installed-tests/swtpm/test_tpm2_swtpm_setup_profile +#usr/libexec/installed-tests/swtpm/test_tpm2_swtpm_setup_profile_name +#usr/libexec/installed-tests/swtpm/test_tpm2_volatilestate +#usr/libexec/installed-tests/swtpm/test_tpm2_vtpm_proxy +#usr/libexec/installed-tests/swtpm/test_tpm2_wrongorder +#usr/libexec/installed-tests/swtpm/test_tpm_probe +#usr/libexec/installed-tests/swtpm/test_volatilestate +#usr/libexec/installed-tests/swtpm/test_vtpm_proxy +#usr/libexec/installed-tests/swtpm/test_wrongorder +#usr/libexec/installed-tests/swtpm/tests +#usr/share/man/man3/swtpm_ioctls.3 +#usr/share/man/man5/swtpm-localca.conf.5 +#usr/share/man/man5/swtpm-localca.options.5 +#usr/share/man/man5/swtpm_setup.conf.5 +#usr/share/man/man8/swtpm-create-tpmca.8 +#usr/share/man/man8/swtpm-localca.8 +#usr/share/man/man8/swtpm.8 +#usr/share/man/man8/swtpm_bios.8 +#usr/share/man/man8/swtpm_cert.8 +#usr/share/man/man8/swtpm_ioctl.8 +#usr/share/man/man8/swtpm_localca.8 +#usr/share/man/man8/swtpm_setup.8 +#usr/share/swtpm +usr/share/swtpm/swtpm-create-tpmca +usr/share/swtpm/swtpm-create-user-config-files +usr/share/swtpm/swtpm-localca +var/lib/swtpm-localca diff --git a/lfs/libvirt b/lfs/libvirt index f2915ec94..dc8e0aa99 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -35,9 +35,9 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = x86_64 aarch64 PROG = libvirt -PAK_VER = 40 +PAK_VER = 41 -DEPS = ebtables libpciaccess ovmf qemu +DEPS = ebtables libpciaccess ovmf swtpm qemu SERVICES = libvirtd virtlogd diff --git a/lfs/swtpm b/lfs/swtpm new file mode 100644 index 000000000..ccd09517e --- /dev/null +++ b/lfs/swtpm @@ -0,0 +1,89 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2025 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +SUMMARY = Libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. + +VER = 0.10.1 + +THISAPP = swtpm-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = swtpm +PAK_VER = 1 + +DEPS = libtpms + +SERVICES = + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = fa282338a975b4e3067e444ae5781744b3c153f482377a11b5c71072ed519709d561f6759e478a008813946da2f03c0650259d9f1ca17afd07892cd37f46529e + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + -mkdir -pv $(DIR_APP) + cd $(DIR_APP) && autoreconf -vfi + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --disable-hardening + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 12d097fd8..789d01540 100755 --- a/make.sh +++ b/make.sh @@ -2033,7 +2033,9 @@ build_system() { lfsmake2 frr lfsmake2 dmidecode lfsmake2 mcelog + lfsmake2 socat lfsmake2 libtpms + lfsmake2 swtpm lfsmake2 libpciaccess lfsmake2 ovmf lfsmake2 libvirt @@ -2065,7 +2067,6 @@ build_system() { lfsmake2 libloc lfsmake2 ncdu lfsmake2 lshw - lfsmake2 socat lfsmake2 libcdada lfsmake2 pmacct lfsmake2 squid-asnbl -- 2.47.3