ubuntu-22.04: replace swtpm with tpm_server

In multi-stage encrypt/decrypt, like pkcs11-crypt tests, the CI was failing. I was able to debug this and swtpm and the current time is failing as the last block coming back of plaintext is wrong. My guess is some bug between it and this version of openssl 3.0. To save time, the simple fix is to just use tpm_server, so do that, but don't add it do modules as we don't want to re-trigger building of all images. Signed-off-by: William Roberts <[email protected]>
tpm2-software · Feb 28, 2023 · 9031e40 · 9031e40
1 parent 3fc8d18
commit 9031e40
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/ubuntu-22.04.docker.m4 b/ubuntu-22.04.docker.m4
@@ -62,8 +62,20 @@ RUN apt-get update && \
 
 include(`pip3.m4')
 
+ARG ibmtpm_name=ibmtpm1682
+RUN cd /tmp \
+        && wget $WGET_EXTRA_FLAGS -L "https://downloads.sourceforge.net/project/ibmswtpm2/$ibmtpm_name.tar.gz" \
+        && sha256sum $ibmtpm_name.tar.gz | grep ^3cb642f871a17b23d50b046e5f95f449c2287415fc1e7aeb4bdbb8920dbcb38f \
+        && mkdir -p $ibmtpm_name \
+        && tar xv --no-same-owner -f $ibmtpm_name.tar.gz -C $ibmtpm_name \
+        && rm $ibmtpm_name.tar.gz \
+        && cd $ibmtpm_name/src \
+        && sed -i 's/-DTPM_NUVOTON/-DTPM_NUVOTON $(CFLAGS)/' makefile \
+        && CFLAGS="-DNV_MEMORY_SIZE=32768 -DMIN_EVICT_OBJECTS=7" make -j$(nproc) \
+        && cp tpm_server /usr/local/bin \
+        && rm -fr /tmp/$ibmtpm_name
+
 include(`autoconf.m4')
-include(`swtpm.m4')
 include(`junit.m4')
 
 WORKDIR /