From dbe8d7ad030206987910057a9cfb0bd90a8b5c15 Mon Sep 17 00:00:00 2001 From: Alexander Kjeldaas Date: Wed, 14 Aug 2013 08:16:52 +0200 Subject: Added trousers, tpm-tools, and tboot. Added lcp_writepol -Z option. --- pkgs/tools/security/tboot/default.nix | 22 ++++++++++ ...-well-known-secret-option-to-lcp_writepol.patch | 50 ++++++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 pkgs/tools/security/tboot/default.nix create mode 100644 pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch (limited to 'pkgs/tools/security/tboot') diff --git a/pkgs/tools/security/tboot/default.nix b/pkgs/tools/security/tboot/default.nix new file mode 100644 index 0000000000000..71a8d32a6e192 --- /dev/null +++ b/pkgs/tools/security/tboot/default.nix @@ -0,0 +1,22 @@ +{stdenv, fetchurl, autoconf, automake, trousers, openssl, zlib}: + +stdenv.mkDerivation { + name = "tboot-1.8.0"; + + src = fetchurl { + url = https://sourceforge.net/projects/tboot/files/tboot/tboot-1.8.0.tar.gz; + sha256 = "04z1maryqnr714f3rcynqrpmlx76lxr6bb543xwj5rdl1yvdw2xr"; + }; + + buildInputs = [ trousers openssl zlib ]; + + patches = [ ./tboot-add-well-known-secret-option-to-lcp_writepol.patch ]; + + configurePhase = '' + for a in lcptools utils tb_polgen; do + substituteInPlace $a/Makefile --replace /usr/sbin /sbin + done + substituteInPlace docs/Makefile --replace /usr/share /share + ''; + installFlags = "DESTDIR=$(out)"; +} diff --git a/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch b/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch new file mode 100644 index 0000000000000..a16ba9f4fbab2 --- /dev/null +++ b/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch @@ -0,0 +1,50 @@ +diff -urp tboot-1.8.0.orig/lcptools/writepol.c tboot-1.8.0/lcptools/writepol.c +--- tboot-1.8.0.orig/lcptools/writepol.c 2014-01-30 10:34:57.000000000 +0100 ++++ tboot-1.8.0/lcptools/writepol.c 2014-02-12 01:48:51.523581057 +0100 +@@ -40,6 +40,7 @@ + #include + #include + #include ++#include + + #define PRINT printf + #include "../include/uuid.h" +@@ -51,14 +52,15 @@ static uint32_t index_value = 0; + static char *file_arg=NULL; + static uint32_t fLeng; + static unsigned char *policy_data = NULL; +-static char *password = NULL; ++static const char *password = NULL; + static uint32_t passwd_length = 0; ++static const char well_known_secret[] = TSS_WELL_KNOWN_SECRET; + static int help_input = 0; + static unsigned char empty_pol_data[] = {0}; + +-static const char *short_option = "ehi:f:p:"; ++static const char *short_option = "ehi:f:p:Z"; + static const char *usage_string = "lcp_writepol -i index_value " +- "[-f policy_file] [-e] [-p passwd] [-h]"; ++ "[-f policy_file] [-e] [-p passwd|-Z] [-h]"; + + static const char *option_strings[] = { + "-i index value: uint32/string.\n" +@@ -67,6 +69,7 @@ static const char *option_strings[] = { + "\tINDEX_AUX:0x50000002 or \"aux\"\n", + "-f file_name: string. File name of the policy data is stored. \n", + "-p password: string. \n", ++ "-Z use well known secret as password. \n", + "-e write 0 length data to the index.\n" + "\tIt will be used for some special index.\n" + "\tFor example, the index with permission WRITEDEFINE.\n", +@@ -119,6 +122,11 @@ parse_cmdline(int argc, const char * arg + fLeng = 0; + break; + ++ case 'Z': ++ password = well_known_secret; ++ passwd_length = sizeof(well_known_secret); ++ break; ++ + case 'h': + help_input = 1; + break; -- cgit 1.4.1