commit: fe309af9221c3c29bdfbed8914135583a55f3d38
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sat Aug 9 14:58:58 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Sat Aug 9 14:58:58 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=fe309af9
sys-boot/tboot: initial commit
Package-Manager: portage-2.2.11-r1
---
sys-boot/tboot/files/1.8.2-genkernel_arch.patch | 57 +++++++++++++++++++++
sys-boot/tboot/metadata.xml | 13 +++++
sys-boot/tboot/tboot-1.8.2.ebuild | 66 +++++++++++++++++++++++++
3 files changed, 136 insertions(+)
diff --git a/sys-boot/tboot/files/1.8.2-genkernel_arch.patch
b/sys-boot/tboot/files/1.8.2-genkernel_arch.patch
new file mode 100644
index 0000000..7fdcad6
--- /dev/null
+++ b/sys-boot/tboot/files/1.8.2-genkernel_arch.patch
@@ -0,0 +1,57 @@
+diff -ru tboot-1.8.2.orig/tboot/20_linux_tboot tboot-1.8.2/tboot/20_linux_tboot
+--- tboot-1.8.2.orig/tboot/20_linux_tboot 2014-08-02 00:18:58.397147454
+0400
++++ tboot-1.8.2/tboot/20_linux_tboot 2014-08-02 00:20:09.766700748 +0400
+@@ -121,6 +121,15 @@
+ EOF
+ }
+
++machine=`uname -m`
++case "$machine" in
++ i?86) GENKERNEL_ARCH="x86" ;;
++ mips|mips64) GENKERNEL_ARCH="mips" ;;
++ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
++ arm*) GENKERNEL_ARCH="arm" ;;
++ *) GENKERNEL_ARCH="$machine" ;;
++esac
++
+ linux_list=`for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* ; do
+ basename=$(basename $i)
+ version=$(echo $basename | sed -e "s,^[^0-9]*-,,g")
+@@ -159,6 +168,8 @@
+ "initrd-${version}" "initramfs-${version}.img" \
+ "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
+ "initrd-${alt_version}" "initramfs-${alt_version}.img" \
++ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
++ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}" \
+ "initramfs-genkernel-${version}" \
+ "initramfs-genkernel-${alt_version}"; do
+ if test -e "${dirname}/${i}" ; then
+diff -ru tboot-1.8.2.orig/tboot/20_linux_xen_tboot
tboot-1.8.2/tboot/20_linux_xen_tboot
+--- tboot-1.8.2.orig/tboot/20_linux_xen_tboot 2014-08-02 00:18:58.397147454
+0400
++++ tboot-1.8.2/tboot/20_linux_xen_tboot 2014-08-02 00:21:12.840438230
+0400
+@@ -147,6 +147,16 @@
+ if [ "x${linux_list}" = "x" ] ; then
+ exit 0
+ fi
++
++machine=`uname -m`
++case "$machine" in
++ i?86) GENKERNEL_ARCH="x86" ;;
++ mips|mips64) GENKERNEL_ARCH="mips" ;;
++ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
++ arm*) GENKERNEL_ARCH="arm" ;;
++ *) GENKERNEL_ARCH="$machine" ;;
++esac
++
+ xen_list=`for i in /boot/xen*; do
+ if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi
+ done`
+@@ -188,6 +198,8 @@
+ for i in "initrd.img-${version}" "initrd-${version}.img" \
+ "initrd-${version}" "initrd.img-${alt_version}" \
+ "initrd-${alt_version}.img" "initrd-${alt_version}" \
++ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
++ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}" \
+ "initramfs-genkernel-${version}" \
+ "initramfs-genkernel-${alt_version}" ; do
+ if test -e "${dirname}/${i}" ; then
diff --git a/sys-boot/tboot/metadata.xml b/sys-boot/tboot/metadata.xml
new file mode 100644
index 0000000..690f61c
--- /dev/null
+++ b/sys-boot/tboot/metadata.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+ <herd>hardened</herd>
+ <maintainer>
+ <email>[email protected]</email>
+ <name>Jason Zaman</name>
+ </maintainer>
+
+ <longdescription lang="en">
+ A pre-kernel/VMM module that uses Intel(R) Trusted Execution Technology
to perform a measured and verified launch of an OS kernel/VMM.
+ </longdescription>
+</pkgmetadata>
diff --git a/sys-boot/tboot/tboot-1.8.2.ebuild
b/sys-boot/tboot/tboot-1.8.2.ebuild
new file mode 100644
index 0000000..5ec44e0
--- /dev/null
+++ b/sys-boot/tboot/tboot-1.8.2.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI=5
+
+inherit flag-o-matic mount-boot
+
+DESCRIPTION="A module that uses Intel(R) Trusted Execution Technology to
perform a measured and verified boot"
+HOMEPAGE="http://sourceforge.net/projects/tboot/";
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86 -*"
+IUSE="custom-cflags"
+
+RESTRICT="test" # test is restricted because it requires patching the kernel
src
+
+DEPEND="app-crypt/trousers sys-boot/grub:2"
+RDEPEND="${DEPEND}"
+DOCS=(README COPYING CHANGELOG)
+
+src_prepare() {
+ epatch "${FILESDIR}/1.8.2-genkernel_arch.patch"
+
+ epatch_user
+
+ sed -i 's/ -Werror//g' Config.mk
+ sed -i 's/^INSTALL_STRIP = -s$//' Config.mk
+}
+
+src_compile() {
+ use custom-cflags && export TBOOT_CFLAGS=${CFLAGS} || unset CCASFLAGS
CFLAGS CPPFLAGS LDFLAGS
+
+ if use amd64; then
+ MAKEARGS="TARGET_ARCH=x86_64"
+ else
+ MAKEARGS="TARGET_ARCH=i686"
+ fi
+
+ emake ${MAKEARGS} build
+}
+
+src_install() {
+ emake DISTDIR="${D}" install
+
+ dodoc "${DOCS[@]}"
+ dodoc docs/*.txt lcptools/*.{txt,pdf} || die "docs failed"
+
+ cd "${D}"
+ mkdir -p usr/lib/tboot/ || die
+ mv boot usr/lib/tboot/ || die
+}
+
+pkg_postinst() {
+ mount-boot_mount_boot_partition
+
+ cp ${ROOT%/}/usr/lib/tboot/boot/* ${ROOT%/}/boot/
+
+ mount-boot_pkg_postinst
+
+ ewarn "Please remember to download the SINIT AC Module relevant"
+ ewarn "for your platform from:"
+ ewarn
"http://software.intel.com/en-us/articles/intel-trusted-execution-technology/";
+}
