From: Baruch Siach via buildroot <buildroot@buildroot.org>
To: Lars Wikman <lars@underjord.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH v3] package/wpa_supplicant: add Smart card option
Date: Mon, 09 Sep 2024 10:46:53 +0300 [thread overview]
Message-ID: <875xr56zgy.fsf@tarshish> (raw)
In-Reply-To: <CADqW+qk-VLMa2m510NvmTZv927DWyt8dgD6ir55ZHeHtS8AzKg@mail.gmail.com> (Lars Wikman's message of "Mon, 9 Sep 2024 09:18:39 +0200")
Hi Lars,
On Mon, Sep 09 2024, Lars Wikman wrote:
> I submitted a v3 which I see in patchwork but I don't see it in my
> sent email so I'm uncertain about whether it reached the list okay.
>
> Link in patchwork: https://patchwork.ozlabs.org/project/buildroot/patch/20240903100952.3789698-1-lars@underjord.io/
Patches are tracked on patchwork. If your patch is there, maintainers
will get to it sooner or later.
Your patch is also on the list archive:
https://lore.kernel.org/all/20240903100952.3789698-1-lars@underjord.io/
So all looks OK.
baruch
> On Tue, Sep 3, 2024 at 12:09 PM Lars Wikman <lars@underjord.io> wrote:
>
> CONFIG_SMARTCARD was unconditionally disabled which has meant that
> even if OpenSSL is compiled with engine support and the supplicant
> is configured to use an engine it would warn that it was compiled
> without engine support.
>
> This mechanism is used to enable the more secure forms of 802.1x
> networking authentication such as EAP-TLS with hardware-delegated
> cryptography and private keys protected in hardware.
>
> It is still disabled by default in case there was an original reason.
>
> Enabling the option will allow delegating private key access to TPM2,
> ARM TrustZone and other specialized secure hardware for establishing
> a network connection.
>
> Signed-off-by: Lars Wikman <lars@underjord.io>
>
> ---
> Changes v1 -> v2:
> - Change option name to focus on smartcard (suggested by Sergey)
> Changes v2 -> v3:
> - Change setting disabled to match convention (suggested by Baruch)
>
> Signed-off-by: Lars Wikman <lars@underjord.io>
> ---
> package/wpa_supplicant/Config.in | 6 ++++++
> package/wpa_supplicant/wpa_supplicant.mk⚠️ | 9 ++++++---
> 2 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/package/wpa_supplicant/Config.in b/package/wpa_supplicant/Config.in
> index 92953f69f0..2aee108fc1 100644
> --- a/package/wpa_supplicant/Config.in
> +++ b/package/wpa_supplicant/Config.in
> @@ -175,4 +175,10 @@ config BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION
> help
> Add introspection support for the DBus control interface.
>
> +config BR2_PACKAGE_WPA_SUPPLICANT_SMARTCARD
> + bool "Smartcard support"
> + help
> + Enable the smart card support. Required for OpenSSL engines
> + to work using PKCS11 and 802.1x
> +
> endif
> diff --git a/package/wpa_supplicant/wpa_supplicant.mk⚠️ b/package/wpa_supplicant/wpa_supplicant.mk⚠️
> index 984959f679..6199e584d0 100644
> --- a/package/wpa_supplicant/wpa_supplicant.mk⚠️
> +++ b/package/wpa_supplicant/wpa_supplicant.mk⚠️
> @@ -24,9 +24,6 @@ WPA_SUPPLICANT_CONFIG_ENABLE = \
> CONFIG_INTERNAL_LIBTOMMATH \
> CONFIG_MATCH_IFACE
>
> -WPA_SUPPLICANT_CONFIG_DISABLE = \
> - CONFIG_SMARTCARD
> -
> # libnl-3 needs -lm (for rint) and -lpthread if linking statically
> # And library order matters hence stick -lnl-3 first since it's appended
> # in the wpa_supplicant Makefiles as in LIBS+=-lnl-3 ... thus failing
> @@ -180,6 +177,12 @@ WPA_SUPPLICANT_DEPENDENCIES += readline
> WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_READLINE
> endif
>
> +ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_SMARTCARD),y)
> +WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_SMARTCARD
> +else
> +WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_SMARTCARD
> +endif
> +
> ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_CTRL_IFACE),y)
> define WPA_SUPPLICANT_ENABLE_CTRL_IFACE
> sed -i '/ctrl_interface/s/^#//g' $(TARGET_DIR)/etc/wpa_supplicant.conf
> --
> 2.34.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2024-09-09 7:47 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-03 10:09 [Buildroot] [PATCH v3] package/wpa_supplicant: add Smart card option Lars Wikman
2024-09-09 7:18 ` Lars Wikman
2024-09-09 7:46 ` Baruch Siach via buildroot [this message]
2024-09-09 7:51 ` Lars Wikman
2024-10-29 22:06 ` Thomas Petazzoni via buildroot
2024-10-30 6:13 ` Lars Wikman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875xr56zgy.fsf@tarshish \
--to=buildroot@buildroot.org \
--cc=baruch@tkos.co.il \
--cc=geomatsi@gmail.com \
--cc=lars@underjord.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.