tpm2-pkcs11: allow fapi support to be disabled
This commit is contained in:
Gary Guo
parent
6037b4dfcf
commit
9aa795690a
2 changed files with 61 additions and 1 deletions
|
|
@ -2,6 +2,7 @@
|
|||
, pkg-config, autoreconfHook, autoconf-archive, makeWrapper, patchelf
|
||||
, tpm2-tss, tpm2-tools, opensc, openssl, sqlite, python3, glibc, libyaml
|
||||
, abrmdSupport ? true, tpm2-abrmd ? null
|
||||
, fapiSupport ? true
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
|
|
@ -15,7 +16,10 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "sha256-SoHtgZRIYNJg4/w1MIocZAM26mkrM+UOQ+RKCh6nwCk=";
|
||||
};
|
||||
|
||||
patches = [ ./version.patch ];
|
||||
patches = [
|
||||
./version.patch
|
||||
./graceful-fapi-fail.patch
|
||||
];
|
||||
|
||||
# The preConfigure phase doesn't seem to be working here
|
||||
# ./bootstrap MUST be executed as the first step, before all
|
||||
|
|
@ -25,6 +29,11 @@ stdenv.mkDerivation rec {
|
|||
./bootstrap
|
||||
'';
|
||||
|
||||
configureFlags = lib.optionals (!fapiSupport) [
|
||||
# Note: this will be renamed to with-fapi in next release.
|
||||
"--enable-fapi=no"
|
||||
];
|
||||
|
||||
nativeBuildInputs = [
|
||||
pkg-config autoreconfHook autoconf-archive makeWrapper patchelf
|
||||
];
|
||||
|
|
|
|||
51
pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch
Normal file
51
pkgs/misc/tpm2-pkcs11/graceful-fapi-fail.patch
Normal file
|
|
@ -0,0 +1,51 @@
|
|||
From 2e3e3c0b0f4e0c19e411fd46358930bf158ad3f5 Mon Sep 17 00:00:00 2001
|
||||
From: Jonathan McDowell <noodles@earth.li>
|
||||
Date: Wed, 1 Feb 2023 09:29:58 +0000
|
||||
Subject: [PATCH] Gracefully fail FAPI init when it's not compiled in
|
||||
|
||||
Instead of emitting:
|
||||
|
||||
WARNING: Getting tokens from fapi backend failed.
|
||||
|
||||
errors when FAPI support is not compiled in gracefully fail the FAPI
|
||||
init and don't log any warnings. We'll still produce a message
|
||||
indicating this is what's happened in verbose mode, but normal operation
|
||||
no longer gets an unnecessary message.
|
||||
|
||||
Fixes #792
|
||||
|
||||
Signed-off-by: Jonathan McDowell <noodles@earth.li>
|
||||
---
|
||||
src/lib/backend.c | 4 +++-
|
||||
src/lib/backend_fapi.c | 3 ++-
|
||||
2 files changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/lib/backend.c b/src/lib/backend.c
|
||||
index ca5e2ccf..128f58b9 100644
|
||||
--- a/src/lib/backend.c
|
||||
+++ b/src/lib/backend.c
|
||||
@@ -53,7 +53,9 @@ CK_RV backend_init(void) {
|
||||
LOGE(msg);
|
||||
return rv;
|
||||
}
|
||||
- LOGW(msg);
|
||||
+ if (rv != CKR_FUNCTION_NOT_SUPPORTED) {
|
||||
+ LOGW(msg);
|
||||
+ }
|
||||
} else {
|
||||
fapi_init = true;
|
||||
}
|
||||
diff --git a/src/lib/backend_fapi.c b/src/lib/backend_fapi.c
|
||||
index fe594f0e..3a203632 100644
|
||||
--- a/src/lib/backend_fapi.c
|
||||
+++ b/src/lib/backend_fapi.c
|
||||
@@ -977,7 +977,8 @@ CK_RV backend_fapi_token_changeauth(token *tok, bool user, twist toldpin, twist
|
||||
|
||||
CK_RV backend_fapi_init(void) {
|
||||
|
||||
- return CKR_OK;
|
||||
+ LOGV("FAPI not enabled, failing init");
|
||||
+ return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
CK_RV backend_fapi_destroy(void) {
|
||||
Loading…
Reference in a new issue