From 448a820219d6ec81fcf066e3073981c889713040 Mon Sep 17 00:00:00 2001
From: Jason Zaman <perfinion@gentoo.org>
Date: Thu, 7 May 2015 19:41:35 +0000
Subject: Initial commit of tboot

(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 0x7EF137EC935B0EAF)
---
 sys-boot/tboot/ChangeLog                           | 12 ++++
 .../tboot/files/tboot-1.8.2-disable-pcid.patch     | 26 ++++++++
 .../tboot/files/tboot-1.8.2-genkernel_arch.patch   | 57 +++++++++++++++++
 .../tboot/files/tboot-1.8.2-stack-check-no.patch   | 11 ++++
 sys-boot/tboot/metadata.xml                        | 12 ++++
 sys-boot/tboot/tboot-1.8.3.ebuild                  | 72 ++++++++++++++++++++++
 6 files changed, 190 insertions(+)
 create mode 100644 sys-boot/tboot/ChangeLog
 create mode 100644 sys-boot/tboot/files/tboot-1.8.2-disable-pcid.patch
 create mode 100644 sys-boot/tboot/files/tboot-1.8.2-genkernel_arch.patch
 create mode 100644 sys-boot/tboot/files/tboot-1.8.2-stack-check-no.patch
 create mode 100644 sys-boot/tboot/metadata.xml
 create mode 100644 sys-boot/tboot/tboot-1.8.3.ebuild

(limited to 'sys-boot')

diff --git a/sys-boot/tboot/ChangeLog b/sys-boot/tboot/ChangeLog
new file mode 100644
index 000000000000..983b45b6cdfa
--- /dev/null
+++ b/sys-boot/tboot/ChangeLog
@@ -0,0 +1,12 @@
+# ChangeLog for sys-boot/tboot
+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-boot/tboot/ChangeLog,v 1.1 2015/05/07 19:41:35 perfinion Exp $
+
+*tboot-1.8.3 (07 May 2015)
+
+  07 May 2015; Jason Zaman <perfinion@gentoo.org> +tboot-1.8.3.ebuild,
+  +files/tboot-1.8.2-disable-pcid.patch,
+  +files/tboot-1.8.2-genkernel_arch.patch,
+  +files/tboot-1.8.2-stack-check-no.patch, +metadata.xml:
+  Initial commit of tboot
+
diff --git a/sys-boot/tboot/files/tboot-1.8.2-disable-pcid.patch b/sys-boot/tboot/files/tboot-1.8.2-disable-pcid.patch
new file mode 100644
index 000000000000..383338e69933
--- /dev/null
+++ b/sys-boot/tboot/files/tboot-1.8.2-disable-pcid.patch
@@ -0,0 +1,26 @@
+diff -ur tboot-1.8.2.orig/tboot/common/shutdown.S tboot-1.8.2/tboot/common/shutdown.S
+--- tboot-1.8.2.orig/tboot/common/shutdown.S	2014-07-28 12:24:22.000000000 +0400
++++ tboot-1.8.2/tboot/common/shutdown.S	2015-05-07 03:05:47.300985413 +0400
+@@ -34,6 +34,11 @@
+  */
+ 
+ compat_mode_entry:
++	/* Disable PCID */
++        movl %cr4, %eax
++        andl $~CR4_PCIDE, %eax
++        movl %eax, %cr4
++
+ 	/* Disable paging and therefore leave 64 bit mode. */
+         movl %cr0, %eax
+         andl $~CR0_PG, %eax
+diff -ur tboot-1.8.2.orig/tboot/include/processor.h tboot-1.8.2/tboot/include/processor.h
+--- tboot-1.8.2.orig/tboot/include/processor.h	2014-07-28 12:24:22.000000000 +0400
++++ tboot-1.8.2/tboot/include/processor.h	2015-05-07 03:04:58.721244858 +0400
+@@ -92,6 +92,7 @@
+ #define CR4_XMM 0x00000400 /* enable SIMD/MMX2 to use except 16 */
+ #define CR4_VMXE 0x00002000/* enable VMX */
+ #define CR4_SMXE 0x00004000/* enable SMX */
++#define CR4_PCIDE 0x00020000/* enable PCID */
+ 
+ #ifndef __ASSEMBLY__
+ 
diff --git a/sys-boot/tboot/files/tboot-1.8.2-genkernel_arch.patch b/sys-boot/tboot/files/tboot-1.8.2-genkernel_arch.patch
new file mode 100644
index 000000000000..7fdcad652e03
--- /dev/null
+++ b/sys-boot/tboot/files/tboot-1.8.2-genkernel_arch.patch
@@ -0,0 +1,57 @@
+diff -ru tboot-1.8.2.orig/tboot/20_linux_tboot tboot-1.8.2/tboot/20_linux_tboot
+--- tboot-1.8.2.orig/tboot/20_linux_tboot	2014-08-02 00:18:58.397147454 +0400
++++ tboot-1.8.2/tboot/20_linux_tboot	2014-08-02 00:20:09.766700748 +0400
+@@ -121,6 +121,15 @@
+ EOF
+ }
+ 
++machine=`uname -m`
++case "$machine" in
++    i?86) GENKERNEL_ARCH="x86" ;;
++    mips|mips64) GENKERNEL_ARCH="mips" ;;
++    mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
++    arm*) GENKERNEL_ARCH="arm" ;;
++    *) GENKERNEL_ARCH="$machine" ;;
++esac
++
+ linux_list=`for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* ; do
+     	basename=$(basename $i)
+ 	version=$(echo $basename | sed -e "s,^[^0-9]*-,,g")
+@@ -159,6 +168,8 @@
+ 		 "initrd-${version}" "initramfs-${version}.img" \
+ 		 "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
+ 		 "initrd-${alt_version}" "initramfs-${alt_version}.img" \
++		 "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
++		 "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}" \
+ 		 "initramfs-genkernel-${version}" \
+ 		 "initramfs-genkernel-${alt_version}"; do
+ 	    if test -e "${dirname}/${i}" ; then
+diff -ru tboot-1.8.2.orig/tboot/20_linux_xen_tboot tboot-1.8.2/tboot/20_linux_xen_tboot
+--- tboot-1.8.2.orig/tboot/20_linux_xen_tboot	2014-08-02 00:18:58.397147454 +0400
++++ tboot-1.8.2/tboot/20_linux_xen_tboot	2014-08-02 00:21:12.840438230 +0400
+@@ -147,6 +147,16 @@
+ if [ "x${linux_list}" = "x" ] ; then
+     exit 0
+ fi
++
++machine=`uname -m`
++case "$machine" in
++    i?86) GENKERNEL_ARCH="x86" ;;
++    mips|mips64) GENKERNEL_ARCH="mips" ;;
++    mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
++    arm*) GENKERNEL_ARCH="arm" ;;
++    *) GENKERNEL_ARCH="$machine" ;;
++esac
++
+ xen_list=`for i in /boot/xen*; do
+         if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi
+       done`
+@@ -188,6 +198,8 @@
+             for i in "initrd.img-${version}" "initrd-${version}.img" \
+                 "initrd-${version}" "initrd.img-${alt_version}" \
+                 "initrd-${alt_version}.img" "initrd-${alt_version}" \
++                "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
++                "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}" \
+                 "initramfs-genkernel-${version}" \
+                 "initramfs-genkernel-${alt_version}" ; do
+                 if test -e "${dirname}/${i}" ; then
diff --git a/sys-boot/tboot/files/tboot-1.8.2-stack-check-no.patch b/sys-boot/tboot/files/tboot-1.8.2-stack-check-no.patch
new file mode 100644
index 000000000000..5d2ea6296343
--- /dev/null
+++ b/sys-boot/tboot/files/tboot-1.8.2-stack-check-no.patch
@@ -0,0 +1,11 @@
+diff -ur tboot-1.8.2.orig/tboot/Config.mk tboot-1.8.2/tboot/Config.mk
+--- tboot-1.8.2.orig/tboot/Config.mk	2014-07-28 12:24:21.000000000 +0400
++++ tboot-1.8.2/tboot/Config.mk	2015-05-05 02:14:26.333222301 +0400
+@@ -30,6 +30,7 @@
+ CFLAGS		+= $(call cc-option,$(CC),-nopie,)
+ CFLAGS		+= $(call cc-option,$(CC),-fno-stack-protector,)
+ CFLAGS		+= $(call cc-option,$(CC),-fno-stack-protector-all,)
++CFLAGS		+= $(call cc-option,$(CC),-fstack-check=no,)
+ 
+ # changeset variable for banner
+ CFLAGS		+= -DTBOOT_CHANGESET=\""$(shell ((hg parents --template "{isodate|isodate} {rev}:{node|short}" >/dev/null && hg parents --template "{isodate|isodate} {rev}:{node|short}") || echo "2014-07-28 12:00 +0800 1.8.2") 2>/dev/null)"\"
diff --git a/sys-boot/tboot/metadata.xml b/sys-boot/tboot/metadata.xml
new file mode 100644
index 000000000000..51ab1be5c3d8
--- /dev/null
+++ b/sys-boot/tboot/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer>
+		<email>perfinion@gentoo.org</email>
+		<name>Jason Zaman</name>
+	</maintainer>
+
+	<longdescription lang="en">
+	A pre-kernel/VMM module that uses Intel(R) Trusted Execution Technology to perform a measured and verified launch of an OS kernel/VMM.
+	</longdescription>
+</pkgmetadata>
diff --git a/sys-boot/tboot/tboot-1.8.3.ebuild b/sys-boot/tboot/tboot-1.8.3.ebuild
new file mode 100644
index 000000000000..1a00cfc87a89
--- /dev/null
+++ b/sys-boot/tboot/tboot-1.8.3.ebuild
@@ -0,0 +1,72 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-boot/tboot/tboot-1.8.3.ebuild,v 1.1 2015/05/07 19:41:35 perfinion Exp $
+
+EAPI=5
+
+inherit flag-o-matic mount-boot
+
+DESCRIPTION="A module that uses Intel(R) Trusted Execution Technology to perform a measured and verified boot"
+HOMEPAGE="http://sourceforge.net/projects/tboot/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86 -*"
+IUSE="custom-cflags"
+
+RESTRICT="test" # test is restricted because it requires patching the kernel src
+
+DEPEND="app-crypt/trousers
+app-crypt/tpm-tools"
+
+RDEPEND="${DEPEND}
+sys-boot/grub:2"
+
+DOCS=(README COPYING CHANGELOG)
+
+src_prepare() {
+	epatch "${FILESDIR}/tboot-1.8.2-genkernel_arch.patch"
+	epatch "${FILESDIR}/tboot-1.8.2-stack-check-no.patch" # breaks with ssp
+	epatch "${FILESDIR}/tboot-1.8.2-disable-pcid.patch" # PaX enables pcid
+
+	sed -i 's/ -Werror//g' Config.mk || die
+	sed -i 's/^INSTALL_STRIP = -s$//' Config.mk || die # QA Errors
+
+	epatch_user
+}
+
+src_compile() {
+	use custom-cflags && export TBOOT_CFLAGS=${CFLAGS} || unset CCASFLAGS CFLAGS CPPFLAGS LDFLAGS
+
+	if use amd64; then
+		MAKEARGS="TARGET_ARCH=x86_64"
+	else
+		MAKEARGS="TARGET_ARCH=i686"
+	fi
+
+	emake debug=y ${MAKEARGS} build
+}
+
+src_install() {
+	emake DISTDIR="${D}" install
+
+	dodoc "${DOCS[@]}"
+	dodoc docs/*.txt lcptools/*.{txt,pdf} || die "docs failed"
+
+	cd "${D}"
+	mkdir -p usr/lib/tboot/ || die
+	mv boot usr/lib/tboot/ || die
+}
+
+pkg_postinst() {
+	mount-boot_mount_boot_partition
+
+	cp ${ROOT%/}/usr/lib/tboot/boot/* ${ROOT%/}/boot/
+
+	mount-boot_pkg_postinst
+
+	ewarn "Please remember to download the SINIT AC Module relevant"
+	ewarn "for your platform from:"
+	ewarn "http://software.intel.com/en-us/articles/intel-trusted-execution-technology/"
+}
-- 
cgit v1.2.3-65-gdbad