Added more detailed steps and fixed wolftpm needing to be enabled in wolfssl

recipes-examples/wolftpm/README.md

@@ -8,20 +8,58 @@ The recipes for these applications are located at:
 ```
 meta-wolfssl/recipes-examples/wolftpm/wolftpm-examples.bb
 meta-wolfssl/recipes-examples/wolftpm/wolftpm-wrap-test.bb
+meta-wolfssl/recipes-examples/wolftpm/wolfssl_%.bbappend
 ```
 
-You'll need to compile wolfTPM and the examples. This can be done with
+You'll need to compile wolfTPM, wolfTPM wrap test example, and wolfSSL with
-these commands in the build directory:
+wolfTPM support. This can be done with these commands in the build directory:
 ```
+bitbake wolfssl
 bitbake wolftpm
-bitbake wolftpm-examples
+bitbake wolftpm-wrap-test
 ```
 
-To install these applications into your image, you will need to edit your
+Adding Layers
-"build/conf/local.conf" file and add the following:
+-------------
+
+Besides adding meta-wolfssl to your bblayers.conf file, you will need to
+add the following layers to your bblayers.conf file and clone
+them into the poky directory. (Note: You need to have the same Yocto version
+for all layers.)
 
 ```bash
-# Install necessary packages
+git clone https://github.com/openembedded/meta-openembedded.git -b <YOCTO-VERSION>
+git clone https://github.com/ni/meta-security.git -b <YOCTO-VERSION>
+```
+
+Add the following layers to your bblayers.conf file:
+```bash
+BBLAYERS ?= " \
+  /path/to/yocto/poky/meta-wolfssl \
+  /path/to/yocto/poky/meta-security \
+  /path/to/yocto/poky/meta-security/meta-tpm \
+  /path/to/yocto/poky/meta-openembedded/meta-oe \
+  /path/to/yocto/poky/meta-openembedded/meta-python \`
+  "
+```
+
+System Requirements
+-------------------
+
+For Ubuntu/Debian systems, install the following packages:
+```bash
+sudo apt-get install python3-git python3-jinja2 python3-setuptools \
+    swtpm swtpm-tools tpm2-tools git socat build-essential
+```
+
+Image Install Configuration
+---------------------------
+
+To install these applications into your image, you will need to edit your
+`build/conf/local.conf` file and add the following:
+
+```bash
+# Add TPM packages
 IMAGE_INSTALL:append = " \
     tpm2-tools \
     tpm2-tss \
@@ -34,24 +72,27 @@ IMAGE_INSTALL:append = " \
     wolftpm-wrap-test \
 "
 
+# Set the image link name
 IMAGE_LINK_NAME = "core-image-minimal-qemux86-64"
 # Enable security features
 DISTRO_FEATURES:append = " security"
 # Enable TPM support
 DISTRO_FEATURES:append = " tpm tpm2"
-# If you want all security modules, you can also add
-DISTRO_FEATURES:append = " pam apparmor smack"
 # Enable kernel TPM support
 KERNEL_FEATURES:append = " features/tpm/tpm.scc"
 # Machine features
 MACHINE_FEATURES:append = " tpm tpm2"
 ```
 
+WolfTPM Configuration
+---------------------
+
 To add wolfTPM configurations you can add configurations to the
-EXTRA_OECONF variable. For example you can enable debug logging like
+EXTRA_OECONF variable. We need to have --enable-devtpm for the TPM
-this:
+simulator to work. You can enable debug logging and other configurations
+like this:
 ```
-EXTRA_OECONF += "--enable-debug"
+EXTRA_OECONF += "--enable-devtpm --enable-debug"
 ```
 
 Testing with QEMU and TPM Simulator
@@ -100,7 +141,7 @@ sudo chmod -R 755 /tmp/mytpm1
 sudo chmod 777 /tmp/mytpm1/swtpm-sock
 ```
 
-7. Start QEMU (in terminal 3):
+7. Start and run the QEMU (in terminal 3):
 ```
 cd ~/poky/build
 runqemu qemux86-64 nographic core-image-minimal \
@@ -115,6 +156,39 @@ cd /usr/bin
 ./wolftpm-wrap-test
 ```
 
+You should see the following output:
+```
+root@qemux86-64:/usr/bin# ./wolftpm-wrap-test
+TPM2 Demo for Wrapper API's
+Mfg IBM (0), Vendor SW   TPM, Fw 8217.4131 (0x163636), FIPS 140-2 0, CC-EAL4 0
+Found 2 persistent handles
+Created new RSA Primary Storage Key at 0x81000200
+Creating a loaded new TPM 2.0 key Test Passed
+RSA Sign/Verify using RSA PKCSv1.5 (SSA) padding
+RSA Sign/Verify using RSA PSS padding
+RSA Encrypt/Decrypt Test Passed
+RSA Encrypt/Decrypt OAEP Test Passed
+RSA Encrypt/Decrypt RSAES Test Passed
+RSA Key 0x80000001 Exported to wolf RsaKey
+wolf RsaKey loaded into TPM: Handle 0x80000000
+RSA Private Key Loaded into TPM: Handle 0x80000001
+Created new ECC Primary Storage Key at 0x81000201
+ECC Sign/Verify Passed
+ECC DH Test Passed
+ECC Verify Test Passed
+ECC Key 0x80000001 Exported to wolf ecc_key
+wolf ecc_key loaded into TPM: Handle 0x80000000
+ECC Private Key Loaded into TPM: Handle 0x80000001
+NV Test (with auth) on index 0x1800201 with 1024 bytes passed
+NV Test on index 0x1800200 with 1024 bytes passed
+Hash SHA256 test success
+HMAC SHA256 test success
+Encrypt/Decrypt (known key) test success
+Encrypt/Decrypt test success
+PCR Test pass
+root@qemux86-64:/usr/bin#
+```
+
 Refer to the [wolfTPM Examples README](https://github.com/wolfSSL/wolfTPM/blob/master/examples/README.md) for more information on the examples directory.
 
 Refer to the [meta-wolfssl README](https://github.com/wolfSSL/meta-wolfssl/blob/master/README.md) for more information on setting up your layer.

recipes-examples/wolftpm/wolfssl_%.bbappend

@@ -0,0 +1,4 @@
+# wolfssl_%.bbappend
+
+# Enables wolfTPM support in wolfSSL
+EXTRA_OECONF += "--enable-wolftpm"

recipes-examples/wolftpm/wolftpm_%.bbappend

@@ -4,12 +4,10 @@ WOLFTPM_TEST = "wrap_test"
 WOLFTPM_TEST_YOCTO = "wolftpm-wrap-test"
 WOLFTPM_INSTALL_DIR = "${D}${bindir}"
 
-# Configurations
+# Configurations (--enable-devtpm is required for the TPM simulator to work)
 EXTRA_OECONF += "--enable-devtpm"
 
 python () {
-    # Current Configurations
-    bb.note("Current EXTRA_OECONF: %s" % d.getVar('EXTRA_OECONF'))
     # Get the environment variables WOLFTPM_TEST_DIR, WOLFTPM_TEST,
     # WOLFTPM_TEST_YOCTO, and WOLFTPM_INSTALL_DIR
     wolftpm_test_dir = d.getVar('WOLFTPM_TEST_DIR', True)