Added trousers, tpm-tools, and tboot.

Added lcp_writepol -Z option.

2 files changed, 72 insertions, 0 deletions

diff --git a/pkgs/tools/security/tboot/default.nix b/pkgs/tools/security/tboot/default.nix
new file mode 100644
index 0000000000000..71a8d32a6e192
--- /dev/null
+++ b/pkgs/tools/security/tboot/default.nix
@@ -0,0 +1,22 @@
+{stdenv, fetchurl, autoconf, automake, trousers, openssl, zlib}:
+
+stdenv.mkDerivation {
+  name = "tboot-1.8.0";
+
+  src = fetchurl {
+    url = https://sourceforge.net/projects/tboot/files/tboot/tboot-1.8.0.tar.gz;
+    sha256 = "04z1maryqnr714f3rcynqrpmlx76lxr6bb543xwj5rdl1yvdw2xr";
+  };
+
+  buildInputs = [ trousers openssl zlib ];
+
+  patches = [ ./tboot-add-well-known-secret-option-to-lcp_writepol.patch ];
+
+  configurePhase = ''
+    for a in lcptools utils tb_polgen; do
+      substituteInPlace $a/Makefile --replace /usr/sbin /sbin
+    done
+    substituteInPlace docs/Makefile --replace /usr/share /share
+  '';
+  installFlags = "DESTDIR=$(out)";
+}
diff --git a/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch b/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch
new file mode 100644
index 0000000000000..a16ba9f4fbab2
--- /dev/null
+++ b/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch
@@ -0,0 +1,50 @@
+diff -urp tboot-1.8.0.orig/lcptools/writepol.c tboot-1.8.0/lcptools/writepol.c
+--- tboot-1.8.0.orig/lcptools/writepol.c	2014-01-30 10:34:57.000000000 +0100
++++ tboot-1.8.0/lcptools/writepol.c	2014-02-12 01:48:51.523581057 +0100
+@@ -40,6 +40,7 @@
+ #include <getopt.h>
+ #include <trousers/tss.h>
+ #include <trousers/trousers.h>
++#include <tss/tss_defines.h>
+ 
+ #define PRINT   printf
+ #include "../include/uuid.h"
+@@ -51,14 +52,15 @@ static uint32_t index_value = 0;
+ static char *file_arg=NULL;
+ static uint32_t fLeng;
+ static unsigned char *policy_data = NULL;
+-static char *password = NULL;
++static const char *password = NULL;
+ static uint32_t passwd_length = 0;
++static const char well_known_secret[] = TSS_WELL_KNOWN_SECRET;
+ static int help_input = 0;
+ static unsigned char empty_pol_data[] = {0};
+ 
+-static const char *short_option = "ehi:f:p:";
++static const char *short_option = "ehi:f:p:Z";
+ static const char *usage_string = "lcp_writepol -i index_value "
+-                                  "[-f policy_file] [-e] [-p passwd] [-h]";
++                                  "[-f policy_file] [-e] [-p passwd|-Z] [-h]";
+ 
+ static const char *option_strings[] = {
+     "-i index value: uint32/string.\n"
+@@ -67,6 +69,7 @@ static const char *option_strings[] = {
+     "\tINDEX_AUX:0x50000002 or \"aux\"\n",
+     "-f file_name: string. File name of the policy data is stored. \n",
+     "-p password: string. \n",
++    "-Z use well known secret as password. \n",
+     "-e write 0 length data to the index.\n"
+     "\tIt will be used for some special index.\n"
+     "\tFor example, the index with permission WRITEDEFINE.\n",
+@@ -119,6 +122,11 @@ parse_cmdline(int argc, const char * arg
+                 fLeng = 0;
+                 break;
+ 
++            case 'Z':
++                password = well_known_secret;
++                passwd_length = sizeof(well_known_secret);
++                break;
++
+             case 'h':
+                 help_input = 1;
+                 break;