packages/tpm2-abrmd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:c586f5b2333e3721f4d4866391e4a80271bfb060
Branches Tags
packages:main
..
compare: packages:e146904ab1fdded0ed5d0645819773fd26fe37ed
Branches Tags
packages:main

No commits in common. "c586f5b2333e3721f4d4866391e4a80271bfb060" and "e146904ab1fdded0ed5d0645819773fd26fe37ed" have entirely different histories.
c586f5b233 ... e146904ab1

4 changed files with 3 additions and 129 deletions
Show Stats Expand all files Collapse all files

42
Hygon-Add-support-for-TCM-devices.patch
View File

@ -1,42 +0,0 @@
From a12832040ba73e44e0b04a662df05eedbe3614fd Mon Sep 17 00:00:00 2001
From: chench00 <chench@hygon.cn>
Date: Wed, 27 Mar 2024 15:56:35 +0800
Subject: [PATCH] [newfeature][all] Add support for TCM devices
---
dist/tpm2-abrmd.service.in | 5 +++--
src/tabrmd-defaults.h | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/dist/tpm2-abrmd.service.in b/dist/tpm2-abrmd.service.in
index b0b562c..0effaa9 100644
--- a/dist/tpm2-abrmd.service.in
+++ b/dist/tpm2-abrmd.service.in
@@ -2,8 +2,9 @@
Description=TPM2 Access Broker and Resource Management Daemon
# These settings are needed when using the device TCTI. If the
# TCP mssim is used then the settings should be commented out.
-After=dev-tpm0.device
-Requires=dev-tpm0.device
+After=dev-tpm0.device dev-tcm0.device
+ConditionPathExists=|/dev/tpm0
+ConditionPathExists=|/dev/tcm0
[Service]
Type=dbus
diff --git a/src/tabrmd-defaults.h b/src/tabrmd-defaults.h
index 7387a47..0396189 100644
--- a/src/tabrmd-defaults.h
+++ b/src/tabrmd-defaults.h
@@ -16,7 +16,7 @@
#define TABRMD_ENTROPY_SRC_DEFAULT "/dev/urandom"
#define TABRMD_SESSIONS_MAX_DEFAULT 4
#define TABRMD_SESSIONS_MAX 64
-#define TABRMD_TCTI_CONF_DEFAULT "device:/dev/tpm0"
+#define TABRMD_TCTI_CONF_DEFAULT ((!access("/dev/tcm0", F_OK)) ? ("device:/dev/tcm0") : ("device:/dev/tpm0"))
#define TABRMD_TRANSIENT_MAX_DEFAULT 27
#define TABRMD_TRANSIENT_MAX 100
--
2.25.1

25
backport-call-init_nnp_daemon_domain-for-domain-to-allow.patch
View File

@ -1,25 +0,0 @@
From 2740de19da2153df8eb0e2ab0a98544e7db2d7da Mon Sep 17 00:00:00 2001
From: jiawenhao <jiawenhao@xfusion.com>
Date: Sun, 20 Apr 2025 09:33:56 +0800
Subject: [PATCH] call-init_nnp_daemon_domain-for-domain-to-allow-for-systemd
---
selinux/tabrmd.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/selinux/tabrmd.te b/selinux/tabrmd.te
index 8996a46..efd2336 100644
--- a/selinux/tabrmd.te
+++ b/selinux/tabrmd.te
@@ -9,7 +9,7 @@ gen_tunable(`tabrmd_connect_all_unreserved', false)
type tabrmd_t;
type tabrmd_exec_t;
-init_daemon_domain(tabrmd_t, tabrmd_exec_t)
+init_nnp_daemon_domain(tabrmd_t, tabrmd_exec_t)
allow tabrmd_t self:unix_dgram_socket { create_socket_perms };
--
2.43.0

25
backport-fix-in-SELinux-interface-file-a-typo.patch
View File

@ -1,25 +0,0 @@
From 259f00ee59c98d97ce218143ca073066dac60d1f Mon Sep 17 00:00:00 2001
From: jiawenhao <jiawenhao@xfusion.com>
Date: Fri, 18 Apr 2025 15:39:06 +0800
Subject: [PATCH] fix-in-SELinux-interface-file-a-typo
---
selinux/tabrmd.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/selinux/tabrmd.if b/selinux/tabrmd.if
index c04eca0..81c7853 100644
--- a/selinux/tabrmd.if
+++ b/selinux/tabrmd.if
@@ -29,7 +29,7 @@ interface(`tabrmd_create_unix_stream_sockets',`
## </summary>
## </param>
#
-interface(`tabr,d_dbus_chat',`
+interface(`tabrmd_dbus_chat',`
gen_require(`
type tabrmd_t;
class dbus send_msg;
--
2.27.0

40
tpm2-abrmd.spec
View File

@ -2,20 +2,16 @@
Name: tpm2-abrmd
Version: 3.0.0
Release: 6
Release: 1
Summary: A system daemon implementing the TPM2 access broker (TAB) & Resource Manager (RM) spec from the TCG
License: BSD
URL: https://github.com/tpm2-software/tpm2-abrmd
Source0: https://github.com/tpm2-software/tpm2-abrmd/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch3001: Hygon-Add-support-for-TCM-devices.patch
Patch3002: backport-fix-in-SELinux-interface-file-a-typo.patch
Patch3003: backport-call-init_nnp_daemon_domain-for-domain-to-allow.patch
BuildRequires: systemd pkgconfig(cmocka) pkgconfig(dbus-1) pkgconfig(gio-unix-2.0) pkgconfig(tss2-mu) pkgconfig(tss2-sys)
BuildRequires: tpm2-tss-devel >= 2.4.0 libtool autoconf-archive libgcrypt libgcrypt-devel
BuildRequires: chrpath
BuildRequires: selinux-policy-devel pkgconfig(systemd) dbus-daemon
BuildRequires: selinux-policy-devel pkgconfig(systemd)
# tpm2-abrmd depends on the package that contains itsSELinux policy module
Requires: (%{name}-selinux >= 2.3.3-2 if selinux-policy)
@ -140,36 +136,6 @@ fi
%{_datadir}/selinux/packages/tabrmd.pp.bz2
%changelog
* Sun Apr 20 2025 jiawenhao <jiawenhao@xfusion.com> - 3.0.0-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: call init_nnp_daemon_domain for domain to allow for systemd
* Fri Apr 18 2025 jiawenhao <jiawenhao@xfusion.com> - 3.0.0-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: Fix in SELinux interface file a typo
* Thu Nov 07 2024 liningjie <liningjie@xfusion.com> - 3.0.0-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: fix bad date in changelog
* Tue Sep 10 2024 chench <chench@hygon.cn> - 3.0.0-3
- Type:enhancement
- ID:NA
- SUG:NA
- DESC: add support for TCM devices
* Wed Apr 10 2024 wangxiaomeng <wangxiaomeng@kylinos.cn> - 3.0.0-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Fix build check error
* Tue Jul 18 2023 jinlun<jinlun@huawei.com> - 3.0.0-1
- Type:enhancement
- ID:NA
@ -188,7 +154,7 @@ fi
- SUG:NA
- DESC:update to 2.4.1
* Thu Nov 3 2022 wuzx<wuzx1226@qq.com> - 2.4.0-3
* Thu Nov 3 wuzx<wuzx1226@qq.com> - 2.4.0-3
- Type:feature
- CVE:NA
- SUG:NA