git: e61592617ae8 - main - security/tpm2-tss: Add patches to avoid using /dev/tpmrm0

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Gleb Popov <arrowd_at_FreeBSD.org>
Date: Wed, 14 May 2025 06:53:32 UTC
The branch main has been updated by arrowd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e61592617ae88b20c7323947d3bccf920c8f7b52

commit e61592617ae88b20c7323947d3bccf920c8f7b52
Author:     Andrea Cocito <andrea@cocito.eu>
AuthorDate: 2025-05-07 08:34:34 +0000
Commit:     Gleb Popov <arrowd@FreeBSD.org>
CommitDate: 2025-05-14 06:53:28 +0000

    security/tpm2-tss: Add patches to avoid using /dev/tpmrm0
    
    FreeBSD does not have an in-kernel Resource Manager for TPM, the tools
    must access the /dev/tpm0 device, either directly or through an
    userland RM like tpm2-abrmd.
    
    The default behavior of the original code is to try the in kernel RM
    on /dev/tpmrm0 as first choice, this causes warnings and errors and
    forces the user to override the behavior with options or environment
    variables.
    
    This patch removes the attempt to use /dev/tpmrm0 so that the programs
    "just work" using the tpm0 device or through tpm2-abrmd.
    
    PR:             286218
    Approved by:    maintainer
    Pull Request:   https://github.com/freebsd/freebsd-ports/pull/392
---
 security/tpm2-tss/Makefile                               |  2 +-
 .../tpm2-tss/files/patch-src_tss2-esys_esys__context.c   | 11 +++++++++++
 .../tpm2-tss/files/patch-src_tss2-tcti_tcti-device.c     | 12 ++++++++++++
 security/tpm2-tss/files/patch-src_tss2-tcti_tctildr-dl.c | 16 ++++++++++++++++
 .../tpm2-tss/files/patch-src_tss2-tcti_tctildr-nodl.c    | 11 +++++++++++
 security/tpm2-tss/files/patch-test_unit_tctildr-nodl.c   | 14 ++++++++++++++
 6 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/security/tpm2-tss/Makefile b/security/tpm2-tss/Makefile
index f02c6c5417b2..8d60a2b418bc 100644
--- a/security/tpm2-tss/Makefile
+++ b/security/tpm2-tss/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	tpm2-tss
 DISTVERSION=	4.0.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	https://github.com/tpm2-software/tpm2-tss/releases/download/${DISTVERSION}/
 
diff --git a/security/tpm2-tss/files/patch-src_tss2-esys_esys__context.c b/security/tpm2-tss/files/patch-src_tss2-esys_esys__context.c
new file mode 100644
index 000000000000..d613ac6e7e64
--- /dev/null
+++ b/security/tpm2-tss/files/patch-src_tss2-esys_esys__context.c
@@ -0,0 +1,11 @@
+--- src/tss2-esys/esys_context.c.orig	2025-02-22 22:43:21 UTC
++++ src/tss2-esys/esys_context.c
+@@ -26,7 +26,7 @@
+  * If not specified, load a TCTI in this order:
+  *       Library libtss2-tcti-default.so (link to the preferred TCTI)
+  *       Library libtss2-tcti-tabrmd.so (tabrmd)
+- *       Device /dev/tpmrm0 (kernel resident resource manager)
++ *       Device /dev/tpmrm0 (kernel resident resource manager, SKIPPED on FreeBSD)
+  *       Device /dev/tpm0 (hardware TPM)
+  *       TCP socket localhost:2321 (TPM simulator)
+  * @param esys_context [out] The ESYS_CONTEXT.
diff --git a/security/tpm2-tss/files/patch-src_tss2-tcti_tcti-device.c b/security/tpm2-tss/files/patch-src_tss2-tcti_tcti-device.c
new file mode 100644
index 000000000000..52a165e2a191
--- /dev/null
+++ b/security/tpm2-tss/files/patch-src_tss2-tcti_tcti-device.c
@@ -0,0 +1,12 @@
+--- src/tss2-tcti/tcti-device.c.orig	2023-01-23 18:36:16.000000000 +0000
++++ src/tss2-tcti/tcti-device.c	2025-05-08 08:40:29.255475000 +0000
+@@ -61,7 +61,9 @@
+ #ifdef __VXWORKS__
+     "/tpm0"
+ #else
++#ifndef __FreeBSD__
+     "/dev/tpmrm0",
++#endif /* __FreeBSD__ */
+     "/dev/tpm0",
+ #endif /* __VX_WORKS__ */
+ };
diff --git a/security/tpm2-tss/files/patch-src_tss2-tcti_tctildr-dl.c b/security/tpm2-tss/files/patch-src_tss2-tcti_tctildr-dl.c
new file mode 100644
index 000000000000..9353fa36c133
--- /dev/null
+++ b/security/tpm2-tss/files/patch-src_tss2-tcti_tctildr-dl.c
@@ -0,0 +1,16 @@
+--- src/tss2-tcti/tctildr-dl.c.orig	2025-02-22 22:43:21 UTC
++++ src/tss2-tcti/tctildr-dl.c
+@@ -37,11 +37,13 @@ struct {
+         .file = "libtss2-tcti-tabrmd.so.0",
+         .description = "Access libtss2-tcti-tabrmd.so",
+     },
++#if !defined(__FreeBSD__)
+     {
+         .file = "libtss2-tcti-device.so.0",
+         .conf = "/dev/tpmrm0",
+         .description = "Access libtss2-tcti-device.so.0 with /dev/tpmrm0",
+     },
++#endif
+     {
+         .file = "libtss2-tcti-device.so.0",
+         .conf = "/dev/tpm0",
diff --git a/security/tpm2-tss/files/patch-src_tss2-tcti_tctildr-nodl.c b/security/tpm2-tss/files/patch-src_tss2-tcti_tctildr-nodl.c
new file mode 100644
index 000000000000..219dee0c0639
--- /dev/null
+++ b/security/tpm2-tss/files/patch-src_tss2-tcti_tctildr-nodl.c
@@ -0,0 +1,11 @@
+--- src/tss2-tcti/tctildr-nodl.c.orig	2025-02-22 22:43:21 UTC
++++ src/tss2-tcti/tctildr-nodl.c
+@@ -67,7 +67,7 @@ struct {
+         .init = Tss2_Tcti_Tbs_Init,
+         .description = "Access to TBS",
+     },
+-#elif defined (__VXWORKS__)
++#elif defined (__VXWORKS__) || defined(__FreeBSD__)
+     {
+         .names = {
+             "libtss2-tcti-device.so.0",
diff --git a/security/tpm2-tss/files/patch-test_unit_tctildr-nodl.c b/security/tpm2-tss/files/patch-test_unit_tctildr-nodl.c
new file mode 100644
index 000000000000..99090001bd2b
--- /dev/null
+++ b/security/tpm2-tss/files/patch-test_unit_tctildr-nodl.c
@@ -0,0 +1,14 @@
+--- test/unit/tctildr-nodl.c.orig	2025-02-22 22:43:21 UTC
++++ test/unit/tctildr-nodl.c
+@@ -65,9 +65,11 @@ test_tctildr_get_default_all_fail (void **state)
+     /* device:/dev/tpm0 */
+     will_return (__wrap_tcti_from_init, tcti_ctx);
+     will_return (__wrap_tcti_from_init, TEST_RC);
++#if !defined (__FreeBSD__)
+     /* device:/dev/tpmrm0 */
+     will_return (__wrap_tcti_from_init, tcti_ctx);
+     will_return (__wrap_tcti_from_init, TEST_RC);
++#endif
+     /* swtpm */
+     will_return (__wrap_tcti_from_init, tcti_ctx);
+     will_return (__wrap_tcti_from_init, TEST_RC);