Merge pull request #206 from ionut-arm/cross

Add cross-compilation example to nightly
parallaxsecond · Mar 17, 2021 · 6ce6ac8 · 6ce6ac8
2 parents cf0e60e + 477274d
commit 6ce6ac8
Show file tree

Hide file tree

Showing 9 changed files with 35,471 additions and 51 deletions.
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -41,13 +41,15 @@ jobs:
         run: cargo audit
 
   coverage:
-    name: Calculate code coverage
+    name: Calculate code coverage and cross compile
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
       - name: Build the container
         run: docker build -t ubuntucontainer tss-esapi/tests/ --file tss-esapi/tests/Dockerfile-ubuntu
-      - name: Run the container
+      - name: Run the code coverage script
         run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi --security-opt seccomp=unconfined ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/coverage.sh
       - name: Collect coverage results
         run: bash <(curl -s https://codecov.io/bash)
+      - name: Run the cross-compilation script
+        run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/cross-compile.sh
diff --git a/tss-esapi-sys/README.md b/tss-esapi-sys/README.md
@@ -38,4 +38,22 @@ NOTE: Only a limited set of bindings are committed and their target triplet
 is included in the name of the file - if the triplet you require is not
 available, feel free to raise a Pull Request to add it or to use build-time
 generation of bindings. All the committed bindings **MUST** be generated from
-the library version found under the `vendor` submodule.
+the library version found under the `vendor` submodule.
+
+## Cross compiling
+
+Cross-compilation can be done as long as you have on your build system the TSS 
+libraries compiled for your target system of choice. We rely on `pkg-config` to
+identify the libraries which we link against. Installing `tpm2-tss` does yield
+`.pc` files which can be used for this purpose, but depending on the exact build
+environment setup, the configuration and compilation of `tpm2-tss` could require
+some special tailoring.
+
+We include cross-compilation builds as a nightly check in Github Actions - you
+can find them [here](../tss-esapi/tests/cross-compile.sh) as an example of the
+steps needed. You can find more information on using `pkg-config` when cross-compiling
+[here](https://github.com/parallaxsecond/rust-tss-esapi/issues/204). Our wrapper
+script around `pkg-config` can be seen [here](../tss-esapi/tests/pkg-config).
+
+Be advised that in some cases the linker used might need to be set manually in
+`.cargo/config`.
diff --git a/tss-esapi-sys/src/bindings/aarch64-unknown-linux-gnu.rs b/tss-esapi-sys/src/bindings/aarch64-unknown-linux-gnu.rs
diff --git a/tss-esapi-sys/src/bindings/armv7-unknown-linux-gnueabi.rs b/tss-esapi-sys/src/bindings/armv7-unknown-linux-gnueabi.rs
diff --git a/tss-esapi-sys/src/bindings/x86_64-unknown-linux-gnu.rs b/tss-esapi-sys/src/bindings/x86_64-unknown-linux-gnu.rs
@@ -112,30 +112,6 @@ pub const TSS2_BASE_RC_BAD_TR: u32 = 24;
 pub const TSS2_BASE_RC_MULTIPLE_DECRYPT_SESSIONS: u32 = 25;
 pub const TSS2_BASE_RC_MULTIPLE_ENCRYPT_SESSIONS: u32 = 26;
 pub const TSS2_BASE_RC_RSP_AUTH_FAILED: u32 = 27;
-pub const TSS2_BASE_RC_NO_CONFIG: u32 = 28;
-pub const TSS2_BASE_RC_BAD_PATH: u32 = 29;
-pub const TSS2_BASE_RC_NOT_DELETABLE: u32 = 30;
-pub const TSS2_BASE_RC_PATH_ALREADY_EXISTS: u32 = 31;
-pub const TSS2_BASE_RC_KEY_NOT_FOUND: u32 = 32;
-pub const TSS2_BASE_RC_SIGNATURE_VERIFICATION_FAILED: u32 = 33;
-pub const TSS2_BASE_RC_HASH_MISMATCH: u32 = 34;
-pub const TSS2_BASE_RC_KEY_NOT_DUPLICABLE: u32 = 35;
-pub const TSS2_BASE_RC_PATH_NOT_FOUND: u32 = 36;
-pub const TSS2_BASE_RC_NO_CERT: u32 = 37;
-pub const TSS2_BASE_RC_NO_PCR: u32 = 38;
-pub const TSS2_BASE_RC_PCR_NOT_RESETTABLE: u32 = 39;
-pub const TSS2_BASE_RC_BAD_TEMPLATE: u32 = 40;
-pub const TSS2_BASE_RC_AUTHORIZATION_FAILED: u32 = 41;
-pub const TSS2_BASE_RC_AUTHORIZATION_UNKNOWN: u32 = 42;
-pub const TSS2_BASE_RC_NV_NOT_READABLE: u32 = 43;
-pub const TSS2_BASE_RC_NV_TOO_SMALL: u32 = 44;
-pub const TSS2_BASE_RC_NV_NOT_WRITEABLE: u32 = 45;
-pub const TSS2_BASE_RC_POLICY_UNKNOWN: u32 = 46;
-pub const TSS2_BASE_RC_NV_WRONG_TYPE: u32 = 47;
-pub const TSS2_BASE_RC_NAME_ALREADY_EXISTS: u32 = 48;
-pub const TSS2_BASE_RC_NO_TPM: u32 = 49;
-pub const TSS2_BASE_RC_BAD_KEY: u32 = 50;
-pub const TSS2_BASE_RC_NO_HANDLE: u32 = 51;
 pub const TSS2_LAYER_IMPLEMENTATION_SPECIFIC_OFFSET: u32 = 63488;
 pub const TSS2_LEVEL_IMPLEMENTATION_SPECIFIC_SHIFT: u32 = 11;
 pub const TPM2_MAX_COMMAND_SIZE: u32 = 4096;
@@ -442,7 +418,7 @@ pub const _SYS_SELECT_H: u32 = 1;
 pub const __FD_ZERO_STOS: &'static [u8; 6usize] = b"stosq\0";
 pub const __sigset_t_defined: u32 = 1;
 pub const __timeval_defined: u32 = 1;
-pub const __timespec_defined: u32 = 1;
+pub const _STRUCT_TIMESPEC: u32 = 1;
 pub const FD_SETSIZE: u32 = 1024;
 pub const _SYS_SYSMACROS_H: u32 = 1;
 pub const _BITS_SYSMACROS_H: u32 = 1;
@@ -3306,13 +3282,13 @@ impl Default for TPMS_AUTH_RESPONSE {
 }
 pub type TPMI_AES_KEY_BITS = TPM2_KEY_BITS;
 pub type TPMI_SM4_KEY_BITS = TPM2_KEY_BITS;
-pub type TPMI_CAMELLIA_KEY_BITS = TPM2_KEY_BITS;
+pub type TPMI_TPM2_CAMELLIA_KEY_BITS = TPM2_KEY_BITS;
 #[repr(C)]
 #[derive(Copy, Clone)]
 pub union TPMU_SYM_KEY_BITS {
     pub aes: TPMI_AES_KEY_BITS,
     pub sm4: TPMI_SM4_KEY_BITS,
-    pub camellia: TPMI_CAMELLIA_KEY_BITS,
+    pub camellia: TPMI_TPM2_CAMELLIA_KEY_BITS,
     pub sym: TPM2_KEY_BITS,
     pub exclusiveOr: TPMI_ALG_HASH,
     _bindgen_union_align: u16,
@@ -10262,20 +10238,6 @@ extern "C" {
         nonceTPM: *mut *mut TPM2B_NONCE,
     ) -> TSS2_RC;
 }
-extern "C" {
-    pub fn Esys_TR_GetTpmHandle(
-        esys_context: *mut ESYS_CONTEXT,
-        esys_handle: ESYS_TR,
-        tpm_handle: *mut TPM2_HANDLE,
-    ) -> TSS2_RC;
-}
-extern "C" {
-    pub fn Esys_TRSess_GetAuthRequired(
-        esys_context: *mut ESYS_CONTEXT,
-        esys_handle: ESYS_TR,
-        auth_needed: *mut TPMI_YES_NO,
-    ) -> TSS2_RC;
-}
 extern "C" {
     pub fn Esys_Startup(esysContext: *mut ESYS_CONTEXT, startupType: TPM2_SU) -> TSS2_RC;
 }
@@ -13321,12 +13283,6 @@ extern "C" {
 extern "C" {
     pub fn Esys_Free(__ptr: *mut ::std::os::raw::c_void);
 }
-extern "C" {
-    pub fn Esys_GetSysContext(
-        esys_context: *mut ESYS_CONTEXT,
-        sys_context: *mut *mut TSS2_SYS_CONTEXT,
-    ) -> TSS2_RC;
-}
 pub type __gwchar_t = ::std::os::raw::c_int;
 #[repr(C)]
 #[derive(Debug, Default, Copy, Clone)]

diff --git a/tss-esapi-sys/src/lib.rs b/tss-esapi-sys/src/lib.rs
@@ -27,6 +27,26 @@ include!(concat!(
     "/src/bindings/x86_64-unknown-linux-gnu.rs"
 ));
 
+#[cfg(all(
+    not(feature = "generate-bindings"),
+    target_arch = "aarch64",
+    target_os = "linux"
+))]
+include!(concat!(
+    env!("CARGO_MANIFEST_DIR"),
+    "/src/bindings/aarch64-unknown-linux-gnu.rs"
+));
+
+#[cfg(all(
+    not(feature = "generate-bindings"),
+    target_arch = "armv7",
+    target_os = "linux"
+))]
+include!(concat!(
+    env!("CARGO_MANIFEST_DIR"),
+    "/src/bindings/armv7-unknown-linux-gnueabi.rs"
+));
+
 // If the "generate-bindings" feature is on, use the generated bindings.
 #[cfg(feature = "generate-bindings")]
 include!(concat!(env!("OUT_DIR"), "/tss_esapi_bindings.rs"));
diff --git a/tss-esapi/README.md b/tss-esapi/README.md
@@ -24,4 +24,8 @@ Our end-goal is to achieve a fully Rust-native interface that offers strong safe
 
 ## Versioning
 
-The `tss-esapi` crate is still under development and thus the interface is not stable (despite the version number). As a rule of thumb, all versions marked `alpha` are expected to be short-lived and superseded by a better, more complete interface that relies on breaking changes.
+The `tss-esapi` crate is still under development and thus the interface is not stable (despite the version number). As a rule of thumb, all versions marked `alpha` are expected to be short-lived and superseded by a better, more complete interface that relies on breaking changes.
+
+## Cross compiling
+
+For more information on cross-compiling the `tss-esapi` crate, please see the README of the `tss-esapi-sys` crate.
diff --git a/tss-esapi/tests/cross-compile.sh b/tss-esapi/tests/cross-compile.sh
@@ -0,0 +1,83 @@
+#!/usr/bin/env bash
+
+# Copyright 2021 Contributors to the Parsec project.
+# SPDX-License-Identifier: Apache-2.0
+
+# Cross compile the `tss-esapi` crate (and its dependencies) for Armv7 and Aarch64
+# In order to cross-compile the TSS library we need to also cross-compile OpenSSL
+
+set -euf -o pipefail
+
+OPENSSL_VERSION="OpenSSL_1_1_1j"
+
+cross-compile-openssl() {
+    # Prepare directory for cross-compiled OpenSSL files
+    mkdir -p /tmp/openssl-$1
+    export INSTALL_DIR=/tmp/openssl-$1
+
+    pushd /tmp/openssl
+    # Compile and copy files over
+    ./Configure $2 shared --prefix=$INSTALL_DIR --openssldir=$INSTALL_DIR/openssl --cross-compile-prefix=$1-
+    make clean
+    make depend
+    make -j$(nproc)
+    make install
+    popd
+
+    export INSTALL_DIR=
+}
+
+cross-compile-tpm2-tss() {
+    # Prepare directory for cross-compiled TSS lib
+    # `DESTDIR` is used in `make install` below to set the root of the installation paths.
+    # The `./configure` script accepts a `--prefix` input variable which sets the same root,
+    # but also adds it to the paths in `.pc` files used by `pkg-config`. This prevents the 
+    # use of `PKG_CONFIG_SYSROOT_DIR`.
+    mkdir -p /tmp/tpm2-tss-$1
+    export DESTDIR=/tmp/tpm2-tss-$1
+    # Set sysroot to be used by the `pkg-config` wrapper
+    export SYSROOT=/tmp/tpm2-tss-$1
+
+    pushd /tpm2-tss
+    # Compile and copy files over
+    ./configure --build=x86_64-pc-linux-gnu --host=$1 --target=$1 CC=$1-gcc \
+        LIBCRYPTO_CFLAGS="-I/tmp/openssl-$1/include" LIBCRYPTO_LIBS="-L/tmp/openssl-$1/lib -lcrypto"
+    make clean
+    make -j$(nproc)
+    make install
+    popd
+
+    export DESTDIR=
+}
+
+# Download cross-compilers
+apt update
+apt install -y gcc-multilib
+apt install -y gcc-arm-linux-gnueabi
+apt install -y gcc-aarch64-linux-gnu
+
+# Download OpenSSL source code
+pushd /tmp
+git clone https://github.com/openssl/openssl.git --branch $OPENSSL_VERSION
+popd
+
+# Allow the `pkg-config` crate to cross-compile
+export PKG_CONFIG_ALLOW_CROSS=1
+# Make the `pkg-config` crate use our wrapper
+export PKG_CONFIG=$(pwd)/tests/pkg-config
+
+# Compile OpenSSL and TSS stack for aarch64-unknown-linux-gnu
+cross-compile-openssl aarch64-linux-gnu linux-generic64
+cross-compile-tpm2-tss aarch64-linux-gnu
+
+rustup target add aarch64-unknown-linux-gnu
+cargo build --features generate-bindings --target aarch64-unknown-linux-gnu
+cargo build --target aarch64-unknown-linux-gnu
+
+# Compile OpenSSL and TSS stack for armv7-unknown-linux-gnueabi
+cross-compile-openssl arm-linux-gnueabi linux-generic32
+cross-compile-tpm2-tss arm-linux-gnueabi
+
+rustup target add armv7-unknown-linux-gnueabi
+cargo build --features generate-bindings --target armv7-unknown-linux-gnueabi
+cargo build --target armv7-unknown-linux-gnueabi
diff --git a/tss-esapi/tests/pkg-config b/tss-esapi/tests/pkg-config
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+export PKG_CONFIG_PATH=
+export PKG_CONFIG_LIBDIR=${SYSROOT}/usr/lib/pkgconfig:${SYSROOT}/usr/share/pkgconfig:$(SYSROOT)/usr/local/lib/pkgconfig
+export PKG_CONFIG_SYSROOT_DIR=${SYSROOT}
+
+exec pkg-config "$@"