diff options
author | Alexander Kjeldaas <ak@formalprivacy.com> | 2013-08-14 08:16:52 +0200 |
---|---|---|
committer | Alexander Kjeldaas <ak@formalprivacy.com> | 2014-04-22 13:24:44 +0200 |
commit | dbe8d7ad030206987910057a9cfb0bd90a8b5c15 (patch) | |
tree | 7b7a00af8e30bd94733b844089ce3d9b00748b6a /pkgs/tools | |
parent | 396da207391b3b16d511b6fa6bbed035af82a6e8 (diff) | |
download | nixlib-dbe8d7ad030206987910057a9cfb0bd90a8b5c15.tar nixlib-dbe8d7ad030206987910057a9cfb0bd90a8b5c15.tar.gz nixlib-dbe8d7ad030206987910057a9cfb0bd90a8b5c15.tar.bz2 nixlib-dbe8d7ad030206987910057a9cfb0bd90a8b5c15.tar.lz nixlib-dbe8d7ad030206987910057a9cfb0bd90a8b5c15.tar.xz nixlib-dbe8d7ad030206987910057a9cfb0bd90a8b5c15.tar.zst nixlib-dbe8d7ad030206987910057a9cfb0bd90a8b5c15.zip |
Added trousers, tpm-tools, and tboot.
Added lcp_writepol -Z option.
Diffstat (limited to 'pkgs/tools')
7 files changed, 189 insertions, 0 deletions
diff --git a/pkgs/tools/security/tboot/default.nix b/pkgs/tools/security/tboot/default.nix new file mode 100644 index 000000000000..71a8d32a6e19 --- /dev/null +++ b/pkgs/tools/security/tboot/default.nix @@ -0,0 +1,22 @@ +{stdenv, fetchurl, autoconf, automake, trousers, openssl, zlib}: + +stdenv.mkDerivation { + name = "tboot-1.8.0"; + + src = fetchurl { + url = https://sourceforge.net/projects/tboot/files/tboot/tboot-1.8.0.tar.gz; + sha256 = "04z1maryqnr714f3rcynqrpmlx76lxr6bb543xwj5rdl1yvdw2xr"; + }; + + buildInputs = [ trousers openssl zlib ]; + + patches = [ ./tboot-add-well-known-secret-option-to-lcp_writepol.patch ]; + + configurePhase = '' + for a in lcptools utils tb_polgen; do + substituteInPlace $a/Makefile --replace /usr/sbin /sbin + done + substituteInPlace docs/Makefile --replace /usr/share /share + ''; + installFlags = "DESTDIR=$(out)"; +} diff --git a/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch b/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch new file mode 100644 index 000000000000..a16ba9f4fbab --- /dev/null +++ b/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch @@ -0,0 +1,50 @@ +diff -urp tboot-1.8.0.orig/lcptools/writepol.c tboot-1.8.0/lcptools/writepol.c +--- tboot-1.8.0.orig/lcptools/writepol.c 2014-01-30 10:34:57.000000000 +0100 ++++ tboot-1.8.0/lcptools/writepol.c 2014-02-12 01:48:51.523581057 +0100 +@@ -40,6 +40,7 @@ + #include <getopt.h> + #include <trousers/tss.h> + #include <trousers/trousers.h> ++#include <tss/tss_defines.h> + + #define PRINT printf + #include "../include/uuid.h" +@@ -51,14 +52,15 @@ static uint32_t index_value = 0; + static char *file_arg=NULL; + static uint32_t fLeng; + static unsigned char *policy_data = NULL; +-static char *password = NULL; ++static const char *password = NULL; + static uint32_t passwd_length = 0; ++static const char well_known_secret[] = TSS_WELL_KNOWN_SECRET; + static int help_input = 0; + static unsigned char empty_pol_data[] = {0}; + +-static const char *short_option = "ehi:f:p:"; ++static const char *short_option = "ehi:f:p:Z"; + static const char *usage_string = "lcp_writepol -i index_value " +- "[-f policy_file] [-e] [-p passwd] [-h]"; ++ "[-f policy_file] [-e] [-p passwd|-Z] [-h]"; + + static const char *option_strings[] = { + "-i index value: uint32/string.\n" +@@ -67,6 +69,7 @@ static const char *option_strings[] = { + "\tINDEX_AUX:0x50000002 or \"aux\"\n", + "-f file_name: string. File name of the policy data is stored. \n", + "-p password: string. \n", ++ "-Z use well known secret as password. \n", + "-e write 0 length data to the index.\n" + "\tIt will be used for some special index.\n" + "\tFor example, the index with permission WRITEDEFINE.\n", +@@ -119,6 +122,11 @@ parse_cmdline(int argc, const char * arg + fLeng = 0; + break; + ++ case 'Z': ++ password = well_known_secret; ++ passwd_length = sizeof(well_known_secret); ++ break; ++ + case 'h': + help_input = 1; + break; diff --git a/pkgs/tools/security/tpm-tools/default.nix b/pkgs/tools/security/tpm-tools/default.nix new file mode 100644 index 000000000000..f8c6ead3d2a6 --- /dev/null +++ b/pkgs/tools/security/tpm-tools/default.nix @@ -0,0 +1,12 @@ +{stdenv, fetchurl, autoconf, automake, trousers, openssl}: + +stdenv.mkDerivation { + name = "tpm-tools-1.3.8"; + + src = fetchurl { + url = https://sourceforge.net/projects/trousers/files/tpm-tools/1.3.8/tpm-tools-1.3.8.tar.gz; + sha256 = "10za1gi89vi9m2lmm7jfzs281h55x1sbbm2bdgdh692ljpq4zsv6"; + }; + + buildInputs = [ trousers openssl ]; +} diff --git a/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch b/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch new file mode 100644 index 000000000000..774a14f72bab --- /dev/null +++ b/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch @@ -0,0 +1,19 @@ +diff -ur trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c trousers-0.3.11.2/src/tcsd/tcsd_conf.c +--- trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c 2013-07-12 18:27:37.000000000 +0200 ++++ trousers-0.3.11.2/src/tcsd/tcsd_conf.c 2013-08-21 14:29:42.917231648 +0200 +@@ -763,6 +763,7 @@ + return TCSERR(TSS_E_INTERNAL_ERROR); + } + ++#ifndef ALLOW_NON_TSS_CONFIG_FILE + /* make sure user/group TSS owns the conf file */ + if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) { + LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file, +@@ -775,6 +776,7 @@ + LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file); + return TCSERR(TSS_E_INTERNAL_ERROR); + } ++#endif + #endif /* SOLARIS */ + + if ((f = fopen(tcsd_config_file, "r")) == NULL) { diff --git a/pkgs/tools/security/trousers/default.nix b/pkgs/tools/security/trousers/default.nix new file mode 100644 index 000000000000..20952aeea9dd --- /dev/null +++ b/pkgs/tools/security/trousers/default.nix @@ -0,0 +1,27 @@ +{stdenv, fetchurl, autoconf, automake, openssl}: + +stdenv.mkDerivation { + name = "trousers-0.3.11.2"; + + src = fetchurl { + url = https://sourceforge.net/projects/trousers/files/trousers/0.3.11/trousers-0.3.11.2.tar.gz; + sha256 = "03c71szmij1nx3jicacmazh0yan3qm00k0ahmh4mq88fw00k1p4v"; + }; + + buildInputs = [ openssl ]; + + patches = [ # ./double-installed-man-page.patch + ./disable-install-rule.patch + ./allow-non-tss-config-file-owner.patch + ]; + + NIX_CFLAGS_COMPILE = "-DALLOW_NON_TSS_CONFIG_FILE"; + NIX_LDFLAGS = "-lgcc_s"; + + meta = with stdenv.lib; { + description = "TrouSerS is an CPL (Common Public License) licensed Trusted Computing Software Stack."; + homepage = http://trousers.sourceforge.net/; + license = licenses.cpl; + platforms = platforms.unix; + }; +} diff --git a/pkgs/tools/security/trousers/disable-install-rule.patch b/pkgs/tools/security/trousers/disable-install-rule.patch new file mode 100644 index 000000000000..698beac9ffde --- /dev/null +++ b/pkgs/tools/security/trousers/disable-install-rule.patch @@ -0,0 +1,27 @@ +--- trousers-0.3.11/dist/Makefile.in 2013-08-14 06:49:37.597558787 +0200 ++++ trousers-0.3.11/dist/Makefile.in 2013-08-14 06:50:07.134510774 +0200 +@@ -363,16 +363,16 @@ + uninstall uninstall-am uninstall-hook + + install: install-exec-hook +- if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi +- /bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true +- /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf ++# echo if test ! -e ${DESTDIR}/@sysconfdir@/tcsd.conf; then mkdir -p ${DESTDIR}/@sysconfdir@ && cp tcsd.conf ${DESTDIR}/@sysconfdir@; fi ++ echo /bin/chown tss:tss ${DESTDIR}/@sysconfdir@/tcsd.conf || true ++ echo /bin/chmod 0600 ${DESTDIR}/@sysconfdir@/tcsd.conf + + install-exec-hook: +- /usr/sbin/groupadd tss || true +- /usr/sbin/useradd -r tss -g tss || true +- /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi' +- /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true +- /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm ++ echo /usr/sbin/groupadd tss || true ++ echo /usr/sbin/useradd -r tss -g tss || true ++ echo /bin/sh -c 'if [ ! -e ${DESTDIR}/@localstatedir@/lib/tpm ];then mkdir -p ${DESTDIR}/@localstatedir@/lib/tpm; fi' ++ echo /bin/chown tss:tss ${DESTDIR}/@localstatedir@/lib/tpm || true ++ echo /bin/chmod 0700 ${DESTDIR}/@localstatedir@/lib/tpm + + uninstall-hook: + /usr/sbin/userdel tss || true diff --git a/pkgs/tools/security/trousers/double-installed-man-page.patch b/pkgs/tools/security/trousers/double-installed-man-page.patch new file mode 100644 index 000000000000..6b40716120ea --- /dev/null +++ b/pkgs/tools/security/trousers/double-installed-man-page.patch @@ -0,0 +1,32 @@ +--- trousers-0.3.11/man/man3/Makefile.am 2013-08-14 04:57:47.018494495 +0200 ++++ trousers-0.3.11/man/man3/Makefile.am 2013-08-14 04:58:10.353453471 +0200 +@@ -75,7 +75,6 @@ + Tspi_TPM_TakeOwnership.3 \ + Tspi_TPM_GetAuditDigest.3 \ + Tspi_TPM_OwnerGetSRKPubKey.3 \ +- Tspi_TPM_Quote.3 \ + Tspi_TPM_CMKSetRestrictions.3 + if TSS_BUILD_DAA + man3_MANS += Tspi_DAA_IssueCredential.3 \ +--- trousers-0.3.11/man/man3/Makefile.in 2013-08-14 05:06:25.029490899 +0200 ++++ trousers-0.3.11/man/man3/Makefile.in 2013-08-14 05:06:43.153457942 +0200 +@@ -243,7 +243,7 @@ + Tspi_TPM_PcrExtend.3 Tspi_TPM_Quote.3 Tspi_TPM_SelfTestFull.3 \ + Tspi_TPM_SetStatus.3 Tspi_TPM_StirRandom.3 \ + Tspi_TPM_TakeOwnership.3 Tspi_TPM_GetAuditDigest.3 \ +- Tspi_TPM_OwnerGetSRKPubKey.3 Tspi_TPM_Quote.3 \ ++ Tspi_TPM_OwnerGetSRKPubKey.3 \ + Tspi_TPM_CMKSetRestrictions.3 $(am__append_1) + EXTRA_DIST = $(man3_MANS) + all: all-am +--- trousers-0.3.11/man/man3/Makefile 2013-08-14 05:07:05.686414845 +0200 ++++ trousers-0.3.11/man/man3/Makefile 2013-08-14 05:07:23.233381327 +0200 +@@ -243,7 +243,7 @@ + Tspi_TPM_PcrExtend.3 Tspi_TPM_Quote.3 Tspi_TPM_SelfTestFull.3 \ + Tspi_TPM_SetStatus.3 Tspi_TPM_StirRandom.3 \ + Tspi_TPM_TakeOwnership.3 Tspi_TPM_GetAuditDigest.3 \ +- Tspi_TPM_OwnerGetSRKPubKey.3 Tspi_TPM_Quote.3 \ ++ Tspi_TPM_OwnerGetSRKPubKey.3 \ + Tspi_TPM_CMKSetRestrictions.3 $(am__append_1) + EXTRA_DIST = $(man3_MANS) + all: all-am |