Accepting request 477882 from home:michael-chang:devel:tpm

- TPM Support (FATE#315831) * 0001-tpm-Core-TPM-support.patch * 0002-tpm-Measure-kernel-initrd.patch * 0003-tpm-Add-BIOS-boot-measurement.patch * 0004-tpm-Rework-linux-command.patch * 0005-tpm-Rework-linux16-command.patch * 0006-tpm-Measure-kernel-and-initrd-on-BIOS-systems.patch * 0007-tpm-Measure-the-kernel-commandline.patch * 0008-tpm-Measure-commands.patch * 0009-tpm-Measure-multiboot-images-and-modules.patch * 0010-tpm-Fix-boot-when-there-s-no-TPM.patch * 0011-tpm-Fix-build-error.patch * 0012-tpm-Build-tpm-as-module.patch - grub2.spec : Add grub-tpm.efi for Secure Boot OBS-URL: https://build.opensuse.org/request/show/477882 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=263
2017-03-09 06:19:36 +00:00
parent 2f69638ea4
commit 8e26f638e0
14 changed files with 2124 additions and 2 deletions
--- a/grub2.spec
+++ b/grub2.spec
@@ -249,6 +249,19 @@ Patch286:       0007-efinet-Setting-network-from-UEFI-device-path.patch
 Patch287:       0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch
 # Fix GOP BLT support (FATE#322332)
 Patch311:       grub2-efi-gop-add-blt.patch
+# TPM Support (FATE#315831)
+Patch400:       0001-tpm-Core-TPM-support.patch
+Patch401:       0002-tpm-Measure-kernel-initrd.patch
+Patch402:       0003-tpm-Add-BIOS-boot-measurement.patch
+Patch403:       0004-tpm-Rework-linux-command.patch
+Patch404:       0005-tpm-Rework-linux16-command.patch
+Patch405:       0006-tpm-Measure-kernel-and-initrd-on-BIOS-systems.patch
+Patch406:       0007-tpm-Measure-the-kernel-commandline.patch
+Patch407:       0008-tpm-Measure-commands.patch
+Patch408:       0009-tpm-Measure-multiboot-images-and-modules.patch
+Patch409:       0010-tpm-Fix-boot-when-there-s-no-TPM.patch
+Patch410:       0011-tpm-Fix-build-error.patch
+Patch411:       0012-tpm-Build-tpm-as-module.patch

 Requires:       gettext-runtime
 %if 0%{?suse_version} >= 1140
@@ -490,6 +503,18 @@ swap partition while in resuming
 %patch286 -p1
 %patch287 -p1
 %patch311 -p1
+%patch400 -p1
+%patch401 -p1
+%patch402 -p1
+%patch403 -p1
+%patch404 -p1
+%patch405 -p1
+%patch406 -p1
+%patch407 -p1
+%patch408 -p1
+%patch409 -p1
+%patch410 -p1
+%patch411 -p1

 # This simplifies patch handling without need to use git to create patch
 # that renames file
@@ -600,6 +625,8 @@ CD_MODULES="${CD_MODULES} linux"
 GRUB_MODULES="${CD_MODULES} ${FS_MODULES} ${PXE_MODULES} ${CRYPTO_MODULES} mdraid09 mdraid1x lvm serial"
 ./grub-mkimage -O %{grubefiarch} -o grub.efi --prefix= \
 		-d grub-core ${GRUB_MODULES}
+./grub-mkimage -O %{grubefiarch} -o grub-tpm.efi --prefix= \
+		-d grub-core ${GRUB_MODULES} tpm
 #./grub-mkimage -O %{grubefiarch} -o grub.efi -d grub-core part_gpt hfsplus fat \
 #        ext2 btrfs normal chain boot configfile linux appleldr minicmd \
 #        loadbios reboot halt search font gfxterm
@@ -673,7 +700,7 @@ cd ..
 cd build-efi
 make DESTDIR=$RPM_BUILD_ROOT install

-install -m 644 grub.efi $RPM_BUILD_ROOT%{_libdir}/%{name}/%{grubefiarch}/.
+install -m 644 grub.efi grub-tpm.efi $RPM_BUILD_ROOT%{_libdir}/%{name}/%{grubefiarch}/.

 # Create grub.efi link to system efi directory
 # This is for tools like kiwi not fiddling with the path
@@ -687,7 +714,7 @@ ln -sf ../../../%{_libdir}/%{name}/%{grubefiarch}/grub.efi $RPM_BUILD_ROOT%{syse

 %ifarch x86_64
 %if 0%{?suse_version} >= 1230 || 0%{?suse_version} == 1110
-export BRP_PESIGN_FILES="%{_libdir}/%{name}/%{grubefiarch}/grub.efi"
+export BRP_PESIGN_FILES="%{_libdir}/%{name}/%{grubefiarch}/grub.efi %{_libdir}/%{name}/%{grubefiarch}/grub-tpm.efi"
 install -m 444 grub.der $RPM_BUILD_ROOT%{sysefidir}/
 %endif
 %endif
@@ -1077,6 +1104,7 @@ fi
 %defattr(-,root,root,-)
 %dir %{_libdir}/%{name}/%{grubefiarch}
 %{_libdir}/%{name}/%{grubefiarch}/grub.efi
+%{_libdir}/%{name}/%{grubefiarch}/grub-tpm.efi
 %{_libdir}/%{name}/%{grubefiarch}/*.img
 %{_libdir}/%{name}/%{grubefiarch}/*.lst
 %{_libdir}/%{name}/%{grubefiarch}/*.mod