diff --git a/pkgs/tools/security/tboot/default.nix b/pkgs/tools/security/tboot/default.nix index bf13fe7822e..9c5d44c6d60 100644 --- a/pkgs/tools/security/tboot/default.nix +++ b/pkgs/tools/security/tboot/default.nix @@ -1,27 +1,23 @@ -{ lib, stdenv, fetchurl, trousers, openssl, zlib }: +{ lib, stdenv, fetchurl, openssl, perl, trousers, zlib }: stdenv.mkDerivation rec { pname = "tboot"; - version = "1.9.8"; + version = "1.10.1"; src = fetchurl { url = "mirror://sourceforge/tboot/${pname}-${version}.tar.gz"; - sha256 = "06f0ggl6vrb5ghklblvh2ixgmmjv31rkp1vfj9qm497iqwq9ac00"; + sha256 = "18bnkwnlk16cc20nysqfcjx006idi7jmmhahk8vk09w458bhaajg"; }; - patches = [ ./tboot-add-well-known-secret-option-to-lcp_writepol.patch ]; - - buildInputs = [ trousers openssl zlib ]; + buildInputs = [ openssl trousers zlib ]; enableParallelBuilding = true; - hardeningDisable = [ "pic" "stackprotector" ]; + preConfigure = '' + substituteInPlace tboot/Makefile --replace /usr/bin/perl ${perl}/bin/perl - NIX_CFLAGS_COMPILE = [ "-Wno-error=address-of-packed-member" ]; - - configurePhase = '' - for a in lcptools utils tb_polgen; do - substituteInPlace $a/Makefile --replace /usr/sbin /sbin + for a in lcptools-v2 tb_polgen utils; do + substituteInPlace "$a/Makefile" --replace /usr/sbin /sbin done substituteInPlace docs/Makefile --replace /usr/share /share ''; @@ -31,6 +27,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "A pre-kernel/VMM module that uses Intel(R) TXT to perform a measured and verified launch of an OS kernel/VMM"; homepage = "https://sourceforge.net/projects/tboot/"; + changelog = "https://sourceforge.net/p/tboot/code/ci/v${version}/tree/CHANGELOG"; license = licenses.bsd3; maintainers = with maintainers; [ ak ]; platforms = [ "x86_64-linux" "i686-linux" ]; diff --git a/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch b/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch deleted file mode 100644 index a16ba9f4fba..00000000000 --- a/pkgs/tools/security/tboot/tboot-add-well-known-secret-option-to-lcp_writepol.patch +++ /dev/null @@ -1,50 +0,0 @@ -diff -urp tboot-1.8.0.orig/lcptools/writepol.c tboot-1.8.0/lcptools/writepol.c ---- tboot-1.8.0.orig/lcptools/writepol.c 2014-01-30 10:34:57.000000000 +0100 -+++ tboot-1.8.0/lcptools/writepol.c 2014-02-12 01:48:51.523581057 +0100 -@@ -40,6 +40,7 @@ - #include - #include - #include -+#include - - #define PRINT printf - #include "../include/uuid.h" -@@ -51,14 +52,15 @@ static uint32_t index_value = 0; - static char *file_arg=NULL; - static uint32_t fLeng; - static unsigned char *policy_data = NULL; --static char *password = NULL; -+static const char *password = NULL; - static uint32_t passwd_length = 0; -+static const char well_known_secret[] = TSS_WELL_KNOWN_SECRET; - static int help_input = 0; - static unsigned char empty_pol_data[] = {0}; - --static const char *short_option = "ehi:f:p:"; -+static const char *short_option = "ehi:f:p:Z"; - static const char *usage_string = "lcp_writepol -i index_value " -- "[-f policy_file] [-e] [-p passwd] [-h]"; -+ "[-f policy_file] [-e] [-p passwd|-Z] [-h]"; - - static const char *option_strings[] = { - "-i index value: uint32/string.\n" -@@ -67,6 +69,7 @@ static const char *option_strings[] = { - "\tINDEX_AUX:0x50000002 or \"aux\"\n", - "-f file_name: string. File name of the policy data is stored. \n", - "-p password: string. \n", -+ "-Z use well known secret as password. \n", - "-e write 0 length data to the index.\n" - "\tIt will be used for some special index.\n" - "\tFor example, the index with permission WRITEDEFINE.\n", -@@ -119,6 +122,11 @@ parse_cmdline(int argc, const char * arg - fLeng = 0; - break; - -+ case 'Z': -+ password = well_known_secret; -+ passwd_length = sizeof(well_known_secret); -+ break; -+ - case 'h': - help_input = 1; - break;