[DISTRO] Add security packagegroup
This adds the generic support for TPM into the Clea OS Embedded distro.
Only the tpm-related packages will be installed. For specific needs, the customer will need to add additional packages on their side:
e.g. for OpenSSL:
CORE_IMAGE_EXTRA_INSTALL += " \
tpm2-openssl \
libtss2-tcti-device \
"Or should we include them into the packagegroup as well?
On the Machine side, tpm or tpm2 needs to be added to MACHINE_FATURES: meta-seco-mtk!123 (486646a7)
Tested with OpenSSL on E58:
root@seco-genio700-e58:~# openssl list -providers -provider tpm2 -verbose
Providers:
tpm2
name: TPM 2.0 Provider
version: 1.1.0
status: active
build info: 1.1.0
gettable provider parameters:
name: pointer to a UTF8 encoded string (arbitrary size)
version: pointer to a UTF8 encoded string (arbitrary size)
buildinfo: pointer to a UTF8 encoded string (arbitrary size)
status: integer (arbitrary size)
root@seco-genio700-e58:~# openssl genpkey -provider tpm2 -algorithm RSA -out testkey.priv && cat testkey.priv
Warning: generating random key material may take a long time
if the system has a poor entropy source
-----BEGIN TSS2 PRIVATE KEY-----
MIICEgYGZ4EFCgEDoAMBAQECBEAAAAEEggEYARYAAQALAAYAcgAAABAAEAgAAAAA
AAEAudt5ZjjsUqm0Jdy3+sEtxcyQtZm3NrH/+c/ct9I4AjPjIxOfAgaSdAcxQMME
Ku1hlV3NS/cOJtjwaEiP8T0p8FCk6zMc66ly9KWnYw5H5we5pwRbvtWB9dcx4US2
ajZqQgpTJIjfWVzt/c7Uq1roZYA1tKqtoqPgNYTPNWkWeYc7fkOSGQRgefrdwaUR
BfTsgl2CATJ9+IMf09+3YIhNXNtqSJnu8nz0UIDuhLrH63TqfgNGKGCt3LVuD3lB
5HH+FLa6Iz/t78AhrDA1gamhvKFW6ZdC2VaRFfQAAmLsmvMm+VHK4/tnAvMy7kXe
GRxvVhWWg5HuZ9RTyKJOhABPewSB4ADeACBcFpX3l+SLfXixPTDj1dL7B9zaHssh
HWSBKjChriaAzgAQHip9195+4esfwetPBibZUxifWuoNDj8lzp26ODa0x5S3QFd5
M56gdajOz/Yi969gPVdIXrZDns16B902iiFpEvKow3fs43++5g3brvda1iAEXuHC
WMJ2fWydRV5F1u3kh3IsD+1NFEBTVVpYo6jbkHhFIs0uBQ3X2Wd9eiVvfEYzZXem
CA7qGU1NFzXIzotdTcdOhLQOwvtaplyW/U17re6WSxwBFg+Ij04AZKjhjuP1kuB8
bOUknYig
-----END TSS2 PRIVATE KEY-----Edited by Oleksii Kutuzov