Skip to content

base: pkcs11-provider: add recipe#1058

Closed
quaresmajose wants to merge 8 commits intofoundriesio:mainfrom
quaresmajose:pkcs11-provider
Closed

base: pkcs11-provider: add recipe#1058
quaresmajose wants to merge 8 commits intofoundriesio:mainfrom
quaresmajose:pkcs11-provider

Conversation

@quaresmajose
Copy link
Copy Markdown
Member

@quaresmajose quaresmajose commented Mar 2, 2023
edited
Loading

A pkcs#11 provider for OpenSSL 3.0+

This is an Openssl 3.x provider to access Hardware or Software
Tokens using the PKCS#11 Cryptographic Token Interface

Signed-off-by: Jose Quaresma [email protected]

@quaresmajose quaresmajose requested a review from a team March 2, 2023 15:58
ricardosalveti
ricardosalveti reviewed Mar 2, 2023
View reviewed changes
Comment thread meta-lmp-base/recipes-security/pkcs11/pkcs11-provider_git.bb Outdated
@ricardosalveti
Copy link
Copy Markdown
Member

ricardosalveti commented Mar 2, 2023

Please add a description of the recipe as part of your commit message (body).

@ricardosalveti ricardosalveti requested a review from a team March 2, 2023 16:10
@ldts
Copy link
Copy Markdown
Contributor

ldts commented Mar 2, 2023

is this patch something that can be proposed to meta-security?

@quaresmajose
Copy link
Copy Markdown
Member Author

quaresmajose commented Mar 2, 2023

Please add a description of the recipe as part of your commit message (body).

Add the description on commit and on the PR

@quaresmajose
Copy link
Copy Markdown
Member Author

quaresmajose commented Mar 2, 2023

is this patch something that can be proposed to meta-security?

since nothing exists, it might be useful. after we test for a while i can send.

@ldts
Copy link
Copy Markdown
Contributor

ldts commented Mar 2, 2023

also, do we need to add the recipe to lmp-feature-tpm2.inc?

@quaresmajose
Copy link
Copy Markdown
Member Author

quaresmajose commented Mar 2, 2023

I think so, if the idea is to have it installed when we have a machine with tpm2.

@ricardosalveti
Copy link
Copy Markdown
Member

ricardosalveti commented Mar 2, 2023

Yeah, once we find a stable rev and we know it works correctly we can send to meta-security.

ricardosalveti
ricardosalveti approved these changes Mar 2, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@ricardosalveti ricardosalveti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, @ldts merge when needed.

@ldts
Copy link
Copy Markdown
Contributor

ldts commented Mar 2, 2023

testing now. btw when I build this is not landing in my wic and I dont want to trigger a clean build so just copying it manually to the target for testing

@quaresmajose quaresmajose force-pushed the pkcs11-provider branch 2 times, most recently from 194a5e6 to 58d00ab Compare March 3, 2023 18:22
@quaresmajose quaresmajose marked this pull request as draft March 3, 2023 18:22
@quaresmajose
Copy link
Copy Markdown
Member Author

quaresmajose commented Mar 3, 2023

Move to draft because we need to propose a change of BBFILE_PRIORITY in meta-security.

@quaresmajose
base: pkcs11-provider: add recipe
4829af8 
A pkcs#11 provider for OpenSSL 3.0+

This is an Openssl 3.x provider to access Hardware or Software
Tokens using the PKCS#11 Cryptographic Token Interface

Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: lmp-feature-tpm2: adds pkcs11-provider
0874842 
Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: tpm2-pkcs11: add 1.9.0 from meta-tpm rev 13653bf
d9f3fc2 
Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: tpm2-pkcs11: backport master tip
6b7294c 
Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: tpm2-pkcs11: add knob to control fapi
ae24282 
Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: layer: incrase the BBFILE_PRIORITY
140aa62 
The meta-tpm layer on meta-securit have the BBFILE_PRIORITY 10
and with that is not possible to provide other versions
of the recipes in meta-lmp-base.

Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
base: tpm2-tss/tpm2-pkcs11: enable fapi
5ed3354 
Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
Revert "base: tpm2-tss/tpm2-pkcs11: enable fapi"
6095690 
This reverts commit 1f89e9832946d6669cb121491df4cbdfa3b0bd81.

Signed-off-by: Jose Quaresma <[email protected]>
@quaresmajose
Copy link
Copy Markdown
Member Author

quaresmajose commented Mar 8, 2023

I have already sent the patch to meta-security to change the layer priority but it can take a while for they land on kirstone stable branch, this if they are accepted.

Another solution can be rename our fork recipe to tpm2-pkcs11-fio_1.9.0.bb renaming acordante also our tpm2-pkcs11_%.bbappend and create a bbappend to replace the upstream version with ours in packagegroup-security-tpm2.bbappend

RDEPENDS:packagegroup-security-tpm2 += "tpm2-pkcs11-fio"
RDEPENDS:packagegroup-security-tpm2:remove = "tpm2-pkcs11"

A quick local test show that it works.

@ricardosalveti ricardosalveti mentioned this pull request Mar 8, 2023
Merged
@ricardosalveti
Copy link
Copy Markdown
Member

ricardosalveti commented Mar 14, 2023

Will close this one as we're not going to use provider atm, and the other changes were merged in the other pr.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ricardosalveti ricardosalveti ricardosalveti approved these changes

@angolini angolini Awaiting requested review from angolini angolini will be requested when the pull request is marked ready for review angolini is a code owner

+1 more reviewer

@MrCry0 MrCry0 MrCry0 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@quaresmajose @ricardosalveti @ldts @MrCry0