tcgtool: new recipe

Create recipe for tcgtool, a program that replicates the structures used to represent data measured and hashed to extend TPM PCRs. This is useful to compute a PCR hash at runtime, which is normally computed by the firmware before the OS boots. This allows for adjusting a TPM2 policy to unlock the disk encryption passphrase with the updated state on the next boot. Change-type: patch Signed-off-by: Joseph Kogut <joseph@balena.io>
balena-os · Mar 20, 2024 · 5217a6c · 5217a6c
1 parent 27808e2
commit 5217a6c
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/meta-balena-common/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bb b/meta-balena-common/recipes-support/hostapp-update-hooks/hostapp-update-hooks.bb
@@ -55,7 +55,7 @@ RDEPENDS:${PN} = " \
     os-helpers-sb \
     "
 
-RDEPENDS:${PN}:append = "${@bb.utils.contains('MACHINE_FEATURES', 'efi', ' efivar efitools-utils', '',d)}"
+RDEPENDS:${PN}:append = "${@bb.utils.contains('MACHINE_FEATURES', 'efi', ' efivar efitools-utils tcgtool', '',d)}"
 
 do_install() {
 	mkdir -p ${D}${sysconfdir}/hostapp-update-hooks.d/

diff --git a/meta-balena-common/recipes-support/tcgtool/tcgtool_git.bb b/meta-balena-common/recipes-support/tcgtool/tcgtool_git.bb
@@ -0,0 +1,20 @@
+DESCRIPTION = "Pack efivar data for hashing to extend PCRs"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://${BALENA_COREBASE}/COPYING.Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10"
+SRC_URI = "git://github.com/balena-os/tcgtool.git;branch=master;protocol=https"
+SRCREV = "633b7d7617873a58f38cbe5b414d5f43f04355df"
+
+S = "${WORKDIR}/git"
+
+do_compile() {
+    oe_runmake ${PN}
+}
+
+do_install() {
+    install -d ${D}${bindir}
+    install -m 755 ${B}/${PN} ${D}${bindir}/${PN}
+}
+
+BB_STRICT_CHECKSUM = "0"
+
+BBCLASSEXTEND = "native"