Re: [Buildroot] [PATCH v2 1/2] package/tpm2-tss: bump version to 4.1.3

From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: abelino <abelino.romo@gmail.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH v2 1/2] package/tpm2-tss: bump version to 4.1.3
Date: Thu, 28 Nov 2024 21:25:56 +0100	[thread overview]
Message-ID: <20241128212556.3de4e671@windsurf> (raw)
In-Reply-To: <20241127052541.3689574-1-abelino.romo@gmail.com>

Hello,

Thanks for your patch! See some comments below.

On Tue, 26 Nov 2024 21:25:41 -0800
abelino <abelino.romo@gmail.com> wrote:

> On v3.2.2, testing with an Infineon SLB9673 resulted in the following
> error when attempting to read from a previously written NV index.
> Upgrading to the latest release, v4.1.3, resolves the issue:
> 
> ```shell
> ~# tpm2_nvread 0x1900001
> WARN: Reading full size of the NV index
> ERROR:esys:../tpm2-tss-3.2.2/src/tss2-esys/esys_iutil.c:1096:esys_GetResourceObject() Error: Esys handle does not exist (70018).
> ERROR: Esys_SequenceComplete(0x70018) - esapi:The ESYS_TR resource object is bad
> ERROR: Failed to get shandle
> ERROR: Failed to read NVRAM area at index 0x1900001
> ERROR: Unable to run tpm2_nvread
> ```
> 
> Between v3.2.2 and v4.1.3, the most notable update is v4.1.0 [1], which
> includes a fix for CVE-2024-29040, along with 40+ bug fixes and 10+ new
> features. Bumping to v4.1.3 adds access to these improvements and
> addresses the NV index read issue.
> 
> [1] https://github.com/tpm2-software/tpm2-tss/releases/tag/4.1.0
> 
> Signed-off-by: abelino <abelino.romo@gmail.com>

Could you please Signed-off-by with a real name, and proper
capitalization, i.e probably:

	Abelino Romo <abelino.romo@gmail.com>

 ?

> Changes v1 -> v2:
>   - Update `TPM2_TSS_SITE` to use `$(call github,...)` but required additional
>     changes to properly bootstrap `configure`. The previous URL downloaded
>     the release artifact which is bootstraped ahead of time, while the tagged
>     source archive does not contain a `VERSION` and `configure` file.
>     (suggested by Vincent Jardin)

In fact this suggestion from Vincent was not correct. This project
provides automatically generated tarballs *and* manually uploaded
tarballs, and the original package as well as your v1 was using the
manually uploaded tarball, which is good. We should keep doing that.

> diff --git a/package/tpm2-tss/0001-Prepare-bootstrap-file.patch b/package/tpm2-tss/0001-Prepare-bootstrap-file.patch
> new file mode 100644
> index 0000000000..81ee3b6266
> --- /dev/null
> +++ b/package/tpm2-tss/0001-Prepare-bootstrap-file.patch
> @@ -0,0 +1,44 @@
> +From a0a6c030edf233316b9acc56224bfc0d8f637308 Mon Sep 17 00:00:00 2001
> +From: abelino <abelino.romo@gmail.com>
> +Date: Tue, 26 Nov 2024 16:49:14 -0800
> +Subject: [PATCH] Prepare bootstrap file
> +
> +The bootstrap script uses git to create a VERSION file and we do not
> +have access to any git history when pulling the tarball from GitHub's
> +Archive. Therefore, we move the responsibility of generating the
> +VERSION file and autoreconf'ing from the bootstrap script and off to
> +this package's makefile.
> +
> +Signed-off-by: abelino <abelino.romo@gmail.com>

All patches should be submitted upstream (and have an Upstream: tag
pointing to the URL of the upstream submission). But I believe if you
use the release tarball this patch is no longer needed?

Best regards,

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot