diff options
author | Jason Zaman <perfinion@gentoo.org> | 2015-05-07 19:41:41 +0000 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2015-05-07 19:41:41 +0000 |
commit | dff2cab2316c9a346da7ba4f8297bcc3f9bdafb8 (patch) | |
tree | 8f94cee9d57940b33ceae8759be71c828bf7f839 /sys-boot/tboot | |
parent | Depend on newer procps to avoid has_version in src_configure. (diff) | |
download | historical-dff2cab2316c9a346da7ba4f8297bcc3f9bdafb8.tar.gz historical-dff2cab2316c9a346da7ba4f8297bcc3f9bdafb8.tar.bz2 historical-dff2cab2316c9a346da7ba4f8297bcc3f9bdafb8.zip |
Initial commit of tboot
Package-Manager: portage-2.2.18/cvs/Linux x86_64
Manifest-Sign-Key: 0x7EF137EC935B0EAF
Diffstat (limited to 'sys-boot/tboot')
-rw-r--r-- | sys-boot/tboot/ChangeLog | 12 | ||||
-rw-r--r-- | sys-boot/tboot/Manifest | 29 | ||||
-rw-r--r-- | sys-boot/tboot/files/tboot-1.8.2-disable-pcid.patch | 26 | ||||
-rw-r--r-- | sys-boot/tboot/files/tboot-1.8.2-genkernel_arch.patch | 57 | ||||
-rw-r--r-- | sys-boot/tboot/files/tboot-1.8.2-stack-check-no.patch | 11 | ||||
-rw-r--r-- | sys-boot/tboot/metadata.xml | 12 | ||||
-rw-r--r-- | sys-boot/tboot/tboot-1.8.3.ebuild | 72 |
7 files changed, 219 insertions, 0 deletions
diff --git a/sys-boot/tboot/ChangeLog b/sys-boot/tboot/ChangeLog new file mode 100644 index 000000000000..983b45b6cdfa --- /dev/null +++ b/sys-boot/tboot/ChangeLog @@ -0,0 +1,12 @@ +# ChangeLog for sys-boot/tboot +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sys-boot/tboot/ChangeLog,v 1.1 2015/05/07 19:41:35 perfinion Exp $ + +*tboot-1.8.3 (07 May 2015) + + 07 May 2015; Jason Zaman <perfinion@gentoo.org> +tboot-1.8.3.ebuild, + +files/tboot-1.8.2-disable-pcid.patch, + +files/tboot-1.8.2-genkernel_arch.patch, + +files/tboot-1.8.2-stack-check-no.patch, +metadata.xml: + Initial commit of tboot + diff --git a/sys-boot/tboot/Manifest b/sys-boot/tboot/Manifest new file mode 100644 index 000000000000..f2d46a0b399f --- /dev/null +++ b/sys-boot/tboot/Manifest @@ -0,0 +1,29 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +AUX tboot-1.8.2-disable-pcid.patch 1004 SHA256 89db7965c60f6e269c10063500b940a2afbc8698efd6149acdab3954ed4c6016 SHA512 8ea33ca7d75089b09e4898d82fc0e6e8c93354acfb9908c5e62337158006d53e58cb75339c2efed750e55a2035a6b564995567cf6600fd3753dbabb003510a61 WHIRLPOOL 79cef14a0f6e57d00184767ee65d1323b7aa65acb185c53da8ddfa7937c345afbd710ba1d4f1bdb8468c58c308542110b7feee719a50af1992bf61d569373a13 +AUX tboot-1.8.2-genkernel_arch.patch 2318 SHA256 bb30746f3bed4fc1a3a942938e98e3f47581b2065d0a634bf3854a9489ebae03 SHA512 02af1ee0c31000766d0266c501bd7d1eed2ac338e7e7ef9d825221ec8010d995e3a74ac45be5de636bf946ac63ad593f0a7144a93ba72c8beca7bb3b94d8a711 WHIRLPOOL 9fcedbcc861906a83bc0235a410f69759efc25b7e3e3d70b81c5b7d8df665e5c4e7153377ab5ab80b697211f7396a3e36a0176106824ece09eb620d8bead8dc9 +AUX tboot-1.8.2-stack-check-no.patch 718 SHA256 ed3459b326957f709bc05dbc4de70215913faa74dc6342a1bef2878d8ea9481a SHA512 b7295f4d152e11eb49fa61085b42389e3edf063182ebd8c681e06e2025744516a3386dc5688ce53cd87c024d7fdcdcb54f0f1b04898704613137ed8eaaf7781f WHIRLPOOL afc4564cd6b25e73f26332e6cb436a5284e52622403405b33a605a412039173ee873e13f05cbbf6b551c08c6aa56d28a9e5579b13b5211b2711b0bfc1d2a4c8e +DIST tboot-1.8.3.tar.gz 554084 SHA256 2f2e0c3865b45691f76b31730c5aaea2f076e7949ee6309e78ed7f80d8c53d39 SHA512 cde961af07c64a7d8b77f64d48e6d9230048135420e78efc6277f32e4df78012b5bbd73e4f2ce1cd6194091ec306cc84c65356865815a7311e140fd2b94f6443 WHIRLPOOL 030ab29ee710c6201e894abfd693944490c157b2607425dd6d476f836a635ee7f82c29180ad13fc80508596dc62148aa1c108bd7aba1c9ca7329f99197d97db6 +EBUILD tboot-1.8.3.ebuild 1844 SHA256 2a3a797aae84238f45c1ae8832589e5a5b244127f5e344a2b77aafafaf63c44a SHA512 9d09353120126b7fa6b0b4f858dd3e4ba1e30f0391becdce3e097438d8868729d283392096e9caf3cdd1c9e30e143e49935ef2d289e9f851cf193cadd2f3962c WHIRLPOOL 4926f46028dc6a7884db3f53c1efc04cbe419ef6798a2124f18926979525b653d566deb664a79c1e0f88fde8386d62e37c07dca475960ef90b6eca79208a0a07 +MISC ChangeLog 472 SHA256 89cb089f9ab0625e7faf0b85fd9391125146e9b8a870288e6c20410edbcd2d5a SHA512 5d3882c8a3f4a682b70ea6d8373e6c8c91bd5471bec0b4bdbe074628951c76780726a3d8e73c1d30f1a0a66e961c436016db375e8619e88a67e1c0492e17fbad WHIRLPOOL 9d147ee23ec5b6255ea67ee666fad26afe630d07b4774e0e02e2d9dee007a474aacd34c28daa0362b91ff340b0a9b30cd7d3089207c9ca45a9b9e4b20c6ec8a5 +MISC metadata.xml 419 SHA256 776ffd511903ed035840f13b8a6b6245e6e2300b5a4463bc08679d34c05f23fb SHA512 15307c17ba26bc6db917dc50497115bddfd537d3c3919b1ab39da553379840729d596eed8cc8168bcb660fa292f55916edef3efa2c45a6c7ae65cf755fee3536 WHIRLPOOL 1ad2d3e6d626d4725c465eb96253454e29a55be235ef9e991b1c1c1f0be7f71ac367cede5a8a15f982d6e138859105e4f1b75e2c9cdc91544f07e4448aaeebde +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0 + +iQJ8BAEBCABmBQJVS7/0XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w +ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFMTYyREVBRDFDQ0REMTEzRjA0QjNENDky +QkJFRDlDQjFBNjhFRjU1AAoJECu+2csaaO9VqYwQALbbn/k1pumHxfwwR/JlThp3 +V/Hzz7TG1ZmWJrJJO1LWbFRBT4igdwgvByXmkxzHMKyl8FxiAZJlF8ImTfNQ8JEt +ezl4g/DVmWOp8dgUWfvxo4RfaB2IiKusR6ukOOHbJ/+rm8iiP7S0+rqbZjinKpPf +BqJhwuuJYAM6qkq52MUM7Kr2wxTEAIDC80orxALpDlZrlO5eKxDDjOU3VctzJou7 +XPMCg+O1cShn4gSOHaf+RDp7ECOPL2/nWsnoTgteHpaygXmICfsN0P7RSRKvk4A/ +3kkyrHZAD8BJj2EmbRF5TGNDh1nvAajkUUsnzLxnPThYH8MKqmrnA0fVLGE8Yz3S +ZQI6Q36wKqFRlhaDbE+rBoP4T5ZqmNeJ2kqB2vpNw7xmY2ssxRhP3fM+7RIAh1hm +G5EZxYk1iZZZZYJGePb5SK0FWlOGIkp0Y5Z2dm9m7oyQaJgXQqqZ1xDpYIQ1tMGr +AQ4GOR+OFft8bN33YJT4BBZH6ZNdk8RnbJAlQvyFkQ5sVfPccV8ttUhpdtPaHqam +HhBhjgGm9u8kBORqgvhb0CfbPgTYycRE8pnOiq2owCglKQXc4NKeqF2y7kDu5Kbt +1xPmyCEwco/Ij1FyDR2BOE2zzMmiRqMsfShnILv3hoorFrvx7OPTSzCn0Rb+n/TF +Dcsy8Q23QJPhzO6RS32O +=DWK2 +-----END PGP SIGNATURE----- diff --git a/sys-boot/tboot/files/tboot-1.8.2-disable-pcid.patch b/sys-boot/tboot/files/tboot-1.8.2-disable-pcid.patch new file mode 100644 index 000000000000..383338e69933 --- /dev/null +++ b/sys-boot/tboot/files/tboot-1.8.2-disable-pcid.patch @@ -0,0 +1,26 @@ +diff -ur tboot-1.8.2.orig/tboot/common/shutdown.S tboot-1.8.2/tboot/common/shutdown.S +--- tboot-1.8.2.orig/tboot/common/shutdown.S 2014-07-28 12:24:22.000000000 +0400 ++++ tboot-1.8.2/tboot/common/shutdown.S 2015-05-07 03:05:47.300985413 +0400 +@@ -34,6 +34,11 @@ + */ + + compat_mode_entry: ++ /* Disable PCID */ ++ movl %cr4, %eax ++ andl $~CR4_PCIDE, %eax ++ movl %eax, %cr4 ++ + /* Disable paging and therefore leave 64 bit mode. */ + movl %cr0, %eax + andl $~CR0_PG, %eax +diff -ur tboot-1.8.2.orig/tboot/include/processor.h tboot-1.8.2/tboot/include/processor.h +--- tboot-1.8.2.orig/tboot/include/processor.h 2014-07-28 12:24:22.000000000 +0400 ++++ tboot-1.8.2/tboot/include/processor.h 2015-05-07 03:04:58.721244858 +0400 +@@ -92,6 +92,7 @@ + #define CR4_XMM 0x00000400 /* enable SIMD/MMX2 to use except 16 */ + #define CR4_VMXE 0x00002000/* enable VMX */ + #define CR4_SMXE 0x00004000/* enable SMX */ ++#define CR4_PCIDE 0x00020000/* enable PCID */ + + #ifndef __ASSEMBLY__ + diff --git a/sys-boot/tboot/files/tboot-1.8.2-genkernel_arch.patch b/sys-boot/tboot/files/tboot-1.8.2-genkernel_arch.patch new file mode 100644 index 000000000000..7fdcad652e03 --- /dev/null +++ b/sys-boot/tboot/files/tboot-1.8.2-genkernel_arch.patch @@ -0,0 +1,57 @@ +diff -ru tboot-1.8.2.orig/tboot/20_linux_tboot tboot-1.8.2/tboot/20_linux_tboot +--- tboot-1.8.2.orig/tboot/20_linux_tboot 2014-08-02 00:18:58.397147454 +0400 ++++ tboot-1.8.2/tboot/20_linux_tboot 2014-08-02 00:20:09.766700748 +0400 +@@ -121,6 +121,15 @@ + EOF + } + ++machine=`uname -m` ++case "$machine" in ++ i?86) GENKERNEL_ARCH="x86" ;; ++ mips|mips64) GENKERNEL_ARCH="mips" ;; ++ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; ++ arm*) GENKERNEL_ARCH="arm" ;; ++ *) GENKERNEL_ARCH="$machine" ;; ++esac ++ + linux_list=`for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* ; do + basename=$(basename $i) + version=$(echo $basename | sed -e "s,^[^0-9]*-,,g") +@@ -159,6 +168,8 @@ + "initrd-${version}" "initramfs-${version}.img" \ + "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ + "initrd-${alt_version}" "initramfs-${alt_version}.img" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}" \ + "initramfs-genkernel-${version}" \ + "initramfs-genkernel-${alt_version}"; do + if test -e "${dirname}/${i}" ; then +diff -ru tboot-1.8.2.orig/tboot/20_linux_xen_tboot tboot-1.8.2/tboot/20_linux_xen_tboot +--- tboot-1.8.2.orig/tboot/20_linux_xen_tboot 2014-08-02 00:18:58.397147454 +0400 ++++ tboot-1.8.2/tboot/20_linux_xen_tboot 2014-08-02 00:21:12.840438230 +0400 +@@ -147,6 +147,16 @@ + if [ "x${linux_list}" = "x" ] ; then + exit 0 + fi ++ ++machine=`uname -m` ++case "$machine" in ++ i?86) GENKERNEL_ARCH="x86" ;; ++ mips|mips64) GENKERNEL_ARCH="mips" ;; ++ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; ++ arm*) GENKERNEL_ARCH="arm" ;; ++ *) GENKERNEL_ARCH="$machine" ;; ++esac ++ + xen_list=`for i in /boot/xen*; do + if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi + done` +@@ -188,6 +198,8 @@ + for i in "initrd.img-${version}" "initrd-${version}.img" \ + "initrd-${version}" "initrd.img-${alt_version}" \ + "initrd-${alt_version}.img" "initrd-${alt_version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}" \ + "initramfs-genkernel-${version}" \ + "initramfs-genkernel-${alt_version}" ; do + if test -e "${dirname}/${i}" ; then diff --git a/sys-boot/tboot/files/tboot-1.8.2-stack-check-no.patch b/sys-boot/tboot/files/tboot-1.8.2-stack-check-no.patch new file mode 100644 index 000000000000..5d2ea6296343 --- /dev/null +++ b/sys-boot/tboot/files/tboot-1.8.2-stack-check-no.patch @@ -0,0 +1,11 @@ +diff -ur tboot-1.8.2.orig/tboot/Config.mk tboot-1.8.2/tboot/Config.mk +--- tboot-1.8.2.orig/tboot/Config.mk 2014-07-28 12:24:21.000000000 +0400 ++++ tboot-1.8.2/tboot/Config.mk 2015-05-05 02:14:26.333222301 +0400 +@@ -30,6 +30,7 @@ + CFLAGS += $(call cc-option,$(CC),-nopie,) + CFLAGS += $(call cc-option,$(CC),-fno-stack-protector,) + CFLAGS += $(call cc-option,$(CC),-fno-stack-protector-all,) ++CFLAGS += $(call cc-option,$(CC),-fstack-check=no,) + + # changeset variable for banner + CFLAGS += -DTBOOT_CHANGESET=\""$(shell ((hg parents --template "{isodate|isodate} {rev}:{node|short}" >/dev/null && hg parents --template "{isodate|isodate} {rev}:{node|short}") || echo "2014-07-28 12:00 +0800 1.8.2") 2>/dev/null)"\" diff --git a/sys-boot/tboot/metadata.xml b/sys-boot/tboot/metadata.xml new file mode 100644 index 000000000000..51ab1be5c3d8 --- /dev/null +++ b/sys-boot/tboot/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>perfinion@gentoo.org</email> + <name>Jason Zaman</name> + </maintainer> + + <longdescription lang="en"> + A pre-kernel/VMM module that uses Intel(R) Trusted Execution Technology to perform a measured and verified launch of an OS kernel/VMM. + </longdescription> +</pkgmetadata> diff --git a/sys-boot/tboot/tboot-1.8.3.ebuild b/sys-boot/tboot/tboot-1.8.3.ebuild new file mode 100644 index 000000000000..1a00cfc87a89 --- /dev/null +++ b/sys-boot/tboot/tboot-1.8.3.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-boot/tboot/tboot-1.8.3.ebuild,v 1.1 2015/05/07 19:41:35 perfinion Exp $ + +EAPI=5 + +inherit flag-o-matic mount-boot + +DESCRIPTION="A module that uses Intel(R) Trusted Execution Technology to perform a measured and verified boot" +HOMEPAGE="http://sourceforge.net/projects/tboot/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~x86 -*" +IUSE="custom-cflags" + +RESTRICT="test" # test is restricted because it requires patching the kernel src + +DEPEND="app-crypt/trousers +app-crypt/tpm-tools" + +RDEPEND="${DEPEND} +sys-boot/grub:2" + +DOCS=(README COPYING CHANGELOG) + +src_prepare() { + epatch "${FILESDIR}/tboot-1.8.2-genkernel_arch.patch" + epatch "${FILESDIR}/tboot-1.8.2-stack-check-no.patch" # breaks with ssp + epatch "${FILESDIR}/tboot-1.8.2-disable-pcid.patch" # PaX enables pcid + + sed -i 's/ -Werror//g' Config.mk || die + sed -i 's/^INSTALL_STRIP = -s$//' Config.mk || die # QA Errors + + epatch_user +} + +src_compile() { + use custom-cflags && export TBOOT_CFLAGS=${CFLAGS} || unset CCASFLAGS CFLAGS CPPFLAGS LDFLAGS + + if use amd64; then + MAKEARGS="TARGET_ARCH=x86_64" + else + MAKEARGS="TARGET_ARCH=i686" + fi + + emake debug=y ${MAKEARGS} build +} + +src_install() { + emake DISTDIR="${D}" install + + dodoc "${DOCS[@]}" + dodoc docs/*.txt lcptools/*.{txt,pdf} || die "docs failed" + + cd "${D}" + mkdir -p usr/lib/tboot/ || die + mv boot usr/lib/tboot/ || die +} + +pkg_postinst() { + mount-boot_mount_boot_partition + + cp ${ROOT%/}/usr/lib/tboot/boot/* ${ROOT%/}/boot/ + + mount-boot_pkg_postinst + + ewarn "Please remember to download the SINIT AC Module relevant" + ewarn "for your platform from:" + ewarn "http://software.intel.com/en-us/articles/intel-trusted-execution-technology/" +} |