5 files changed, 199 insertions, 0 deletions

diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..92400be0a261
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,29 @@
+pkgbase = android-armv7a-eabi-tpm2-tss
+	pkgdesc = Implementation of the TCG Trusted Platform Module 2.0 Software Stack (TSS2) (Android armv7a-eabi)
+	pkgver = 4.0.1
+	pkgrel = 1
+	url = https://github.com/tpm2-software/tpm2-tss
+	arch = any
+	license = BSD
+	makedepends = android-configure
+	makedepends = android-armv7a-eabi-cmocka
+	makedepends = android-armv7a-eabi-libtpms
+	depends = android-armv7a-eabi-curl
+	depends = android-armv7a-eabi-json-c
+	depends = android-armv7a-eabi-openssl
+	options = !strip
+	options = !buildflags
+	options = staticlibs
+	options = !emptydirs
+	source = https://github.com/tpm2-software/tpm2-tss/releases/download/4.0.1/tpm2-tss-4.0.1.tar.gz
+	source = https://github.com/tpm2-software/tpm2-tss/releases/download/4.0.1/tpm2-tss-4.0.1.tar.gz.asc
+	source = https://raw.githubusercontent.com/tpm2-software/tpm2-tss/e237e4d33cbf280292a480edd8ad061dcd3a37a2/lib/tss2-tcti-libtpms.map
+	source = https://github.com/tpm2-software/tpm2-tss/commit/218c0da8.patch
+	validpgpkeys = D6B4D8BAC7E0CC97DCD4AC7272E88B53F7A95D84
+	validpgpkeys = 5B482B8E3E19DA7C978E1D016DE2E9078E1F50C1
+	md5sums = fff676c669519097906bd8ce28fc4238
+	md5sums = SKIP
+	md5sums = 3c8004f1845db070fd289491aa05ed14
+	md5sums = 8175e80c5175290f56ec81dcfe67866a
+
+pkgname = android-armv7a-eabi-tpm2-tss
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000000..b5b03b115225
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,6 @@
+pkg
+src
+*.tar.xz
+*.tar.gz
+*.tar.bz2
+*.asc
diff --git a/218c0da8.patch b/218c0da8.patch
new file mode 100644
index 000000000000..085aa75d25d0
--- /dev/null
+++ b/218c0da8.patch
@@ -0,0 +1,88 @@
+From 218c0da8d9f675766b1de502a52e23a3aa52648e Mon Sep 17 00:00:00 2001
+From: Juergen Repp <juergen_repp@web.de>
+Date: Wed, 22 Mar 2023 10:54:59 +0100
+Subject: [PATCH] FAPI: Skip test fapi-fix-provisioning-with template if no
+ certificate is available.
+
+If the configure option --enable-self-generated-certificate is not used this
+test can't be executed because no certificate will be stored in NV ram. The
+test will be skipped if no certificate is available.
+Fixes: #2558
+
+Signed-off-by: Juergen Repp <juergen_repp@web.de>
+---
+ .../fapi-provisioning-with-template.int.c     | 40 ++++++++++++++++++-
+ 1 file changed, 39 insertions(+), 1 deletion(-)
+
+diff --git a/test/integration/fapi-provisioning-with-template.int.c b/test/integration/fapi-provisioning-with-template.int.c
+index 54c724f5d..74184cdc8 100644
+--- a/test/integration/fapi-provisioning-with-template.int.c
++++ b/test/integration/fapi-provisioning-with-template.int.c
+@@ -4,6 +4,8 @@
+ #endif
+ 
+ #include <stdlib.h>
++#include <stdio.h>
++#include <unistd.h>
+ 
+ #include "tss2_esys.h"
+ #include "tss2_fapi.h"
+@@ -31,6 +33,39 @@
+  * @retval EXIT_SKIP
+  *
+  */
++static bool
++fapi_ek_certless()
++{
++    FILE *stream = NULL;
++    long config_size;
++    char *config = NULL;
++    char *fapi_config_file = getenv("TSS2_FAPICONF");
++
++    stream = fopen(fapi_config_file, "r");
++    if (!stream) {
++        LOG_ERROR("File %s does not exist", fapi_config_file);
++        return NULL;
++    }
++    fseek(stream, 0L, SEEK_END);
++    config_size = ftell(stream);
++    fclose(stream);
++    config = malloc(config_size + 1);
++    stream = fopen(fapi_config_file, "r");
++    ssize_t ret = read(fileno(stream), config, config_size);
++    if (ret != config_size) {
++        LOG_ERROR("IO error %s.", fapi_config_file);
++        return NULL;
++    }
++    config[config_size] = '\0';
++    if (strstr(config, "\"ek_cert_less\": \"yes\"") == NULL) {
++        SAFE_FREE(config);
++        return false;
++    } else {
++        SAFE_FREE(config);
++        return true;
++    }
++}
++
+ int
+ test_fapi_provision_template(FAPI_CONTEXT *context)
+ {
+@@ -151,6 +186,9 @@ test_fapi_provision_template(FAPI_CONTEXT *context)
+     TPM2B_AUTH auth = { .size = 0, .buffer = {} };
+     TPM2B_MAX_NV_BUFFER nv_data;
+ 
++    if (fapi_ek_certless())
++        return EXIT_SKIP;
++
+     if (strcmp(FAPI_PROFILE, "P_ECC") == 0) {
+         nv_template_idx = ecc_nv_template_idx;
+         nv_nonce_idx = ecc_nv_nonce_idx;
+@@ -169,7 +207,7 @@ test_fapi_provision_template(FAPI_CONTEXT *context)
+     r = Esys_Initialize(&esys_ctx, tcti, NULL);
+     goto_if_error(r, "Error Esys_Initialize", error);
+ 
+-     /*
++    /*
+      * Store template (marshaled TPMT_PUBLIC) in NV ram.
+      */
+     r = Tss2_MU_TPMT_PUBLIC_Marshal(&in_public, &nv_data.buffer[0],
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..d525fdd95c46
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,69 @@
+# Maintainer: Gonzalo Exequiel Pedone <hipersayan DOT x AT gmail DOT com>
+# Contributor: Jonas Witschel <diabonas@archlinux.org>
+# Contributor: Bruno Pagani <archange@archlinux.org>
+
+_android_arch=armv7a-eabi
+
+pkgname=android-${_android_arch}-tpm2-tss
+pkgver=4.0.1
+pkgrel=1
+arch=('any')
+pkgdesc="Implementation of the TCG Trusted Platform Module 2.0 Software Stack (TSS2) (Android ${_android_arch})"
+url='https://github.com/tpm2-software/tpm2-tss'
+license=('BSD')
+depends=("android-${_android_arch}-curl"
+         "android-${_android_arch}-json-c"
+         "android-${_android_arch}-openssl")
+makedepends=('android-configure'
+             "android-${_android_arch}-cmocka"
+             "android-${_android_arch}-libtpms")
+options=(!strip !buildflags staticlibs !emptydirs)
+source=("$url/releases/download/$pkgver/tpm2-tss-$pkgver.tar.gz"{,.asc}
+        'https://raw.githubusercontent.com/tpm2-software/tpm2-tss/e237e4d33cbf280292a480edd8ad061dcd3a37a2/lib/tss2-tcti-libtpms.map'
+        'https://github.com/tpm2-software/tpm2-tss/commit/218c0da8.patch')
+md5sums=('fff676c669519097906bd8ce28fc4238'
+         'SKIP'
+         '3c8004f1845db070fd289491aa05ed14'
+         '8175e80c5175290f56ec81dcfe67866a')
+validpgpkeys=('D6B4D8BAC7E0CC97DCD4AC7272E88B53F7A95D84'  # Andreas Fuchs <andreas.fuchs@sit.fraunhofer.de>
+              '5B482B8E3E19DA7C978E1D016DE2E9078E1F50C1') # William Roberts (Bill Roberts) <william.c.roberts@intel.com>
+
+prepare() {
+    cd "$srcdir/tpm2-tss-$pkgver"
+
+    # Add file missing from release tarball (https://github.com/tpm2-software/tpm2-tss/issues/2313)
+    cp -f "$srcdir/tss2-tcti-libtpms.map" lib
+    patch -p1 -i ../218c0da8.patch # Fix tests
+}
+
+build() {
+    cd "$srcdir/tpm2-tss-$pkgver"
+    source android-env ${_android_arch}
+
+    android-${_android_arch}-configure \
+        --sysconfdir="${ANDROID_PREFIX_ETC}" \
+        --localstatedir="${ANDROID_PREFIX}/var" \
+        --with-runstatedir="/run" \
+        --with-sysusersdir="${ANDROID_PREFIX_LIB}/sysusers.d" \
+        --with-tmpfilesdir="${ANDROID_PREFIX_LIB}/tmpfiles.d" \
+        --with-udevrulesprefix=60- \
+        --enable-unit \
+        --disable-doxygen-doc \
+        --enable-doxygen-dot=no \
+        --disable-doxygen-man \
+        --disable-doxygen-rtf \
+        --disable-doxygen-html \
+        --enable-fapi=no \
+        --enable-policy=no
+    make $MAKEFLAGS
+}
+
+package() {
+    cd "$srcdir/tpm2-tss-$pkgver"
+    source android-env ${_android_arch}
+
+    make DESTDIR="$pkgdir" install
+    rm -rf  "$pkgdir/${ANDROID_PREFIX_SHARE}"
+    ${ANDROID_STRIP} -g --strip-unneeded "${pkgdir}"/${ANDROID_PREFIX_LIB}/*.so
+    ${ANDROID_STRIP} -g "$pkgdir"/${ANDROID_PREFIX_LIB}/*.a
+}
diff --git a/tss2-tcti-libtpms.map b/tss2-tcti-libtpms.map
new file mode 100644
index 000000000000..ba62e1f785ca
--- /dev/null
+++ b/tss2-tcti-libtpms.map
@@ -0,0 +1,7 @@
+{
+    global:
+        Tss2_Tcti_Info;
+        Tss2_Tcti_Libtpms_Init;
+    local:
+        *;
+};