From 792e53c4a11bf052610fc7fd671f166c1109ec5f Mon Sep 17 00:00:00 2001
From: Aidan Garske <aidan@wolfssl.com>
Date: Thu, 27 Mar 2025 15:55:54 -0700
Subject: [PATCH] Added steps to use tpm simulator with qemu and yocto linux

---
 README.md                                   |  40 -------
 recipes-examples/wolftpm/README.md          | 120 ++++++++++++++++++++
 recipes-examples/wolftpm/wolftpm_%.bbappend |  10 +-
 3 files changed, 128 insertions(+), 42 deletions(-)
 create mode 100644 recipes-examples/wolftpm/README.md

diff --git a/README.md b/README.md
index d967ea3..0f333cb 100644
--- a/README.md
+++ b/README.md
@@ -242,46 +242,6 @@ When your image builds, these will be installed to the '/usr/bin' system
 directory. When inside your executing image, you can run them from the
 terminal.
 
-wolfTPM Example Application Recipes
------------------------------------
-
-wolfTPM example `wrap_test` is included in this layer.
-
-The recipes for this applications are located at:
-```
-meta-wolfssl/recipes-examples/wolftpm/wolftpm-wrap-test.bb
-```
-
-You'll need to compile wolTPM and the example wrap_test. This can be done
-with these commands in the build directory:
-
-```
-$ bitbake wolftpm
-$ bitbake wolftpm-wrap-test
-```
-
-To install this applications into your image, you will need to edit your
-`build/conf/local.conf` file and add `wolftpm` and `wolftpm-wrap-test` to
-your "IMAGE_INSTALL" variable like so:
-
-- For Dunfell and newer versions of Yocto
-```
-IMAGE_INSTALL:append = " wolftpm wolftpm-wrap-test"
-```
-
-- For versions of Yocto older than Dunfell
-```
-IMAGE_INSTALL_append = " wolftpm wolftpm-wrap-test"
-```
-
-When your image builds, this will be installed to the `/usr/bin` system
-directory. When inside your executing image, you can run them from the
-terminal like so:
-
-```
-./wolftpm-wrap-test
-```
-
 Excluding Recipe from Build
 ---------------------------
 
diff --git a/recipes-examples/wolftpm/README.md b/recipes-examples/wolftpm/README.md
new file mode 100644
index 0000000..7a4552c
--- /dev/null
+++ b/recipes-examples/wolftpm/README.md
@@ -0,0 +1,120 @@
+wolfTPM Examples and Testing
+============================
+
+wolfTPM wrap_test example is included in this layer, which demonstrates
+the TPM wrapper API functionality.
+
+The recipes for these applications are located at:
+```
+meta-wolfssl/recipes-examples/wolftpm/wolftpm-examples.bb
+meta-wolfssl/recipes-examples/wolftpm/wolftpm-wrap-test.bb
+```
+
+You'll need to compile wolfTPM and the examples. This can be done with
+these commands in the build directory:
+```
+bitbake wolftpm
+bitbake wolftpm-examples
+```
+
+To install these applications into your image, you will need to edit your
+"build/conf/local.conf" file and add the following:
+
+```bash
+# Install necessary packages
+IMAGE_INSTALL:append = " \
+    tpm2-tools \
+    tpm2-tss \
+    libtss2 \
+    libtss2-mu \
+    libtss2-tcti-device \
+    libtss2-tcti-mssim \
+    wolfssl \
+    wolftpm \
+    wolftpm-wrap-test \
+"
+
+IMAGE_LINK_NAME = "core-image-minimal-qemux86-64"
+# Enable security features
+DISTRO_FEATURES:append = " security"
+# Enable TPM support
+DISTRO_FEATURES:append = " tpm tpm2"
+# If you want all security modules, you can also add
+DISTRO_FEATURES:append = " pam apparmor smack"
+# Enable kernel TPM support
+KERNEL_FEATURES:append = " features/tpm/tpm.scc"
+# Machine features
+MACHINE_FEATURES:append = " tpm tpm2"
+```
+
+To add wolfTPM configurations you can add configurations to the
+EXTRA_OECONF variable. For example you can enable debug logging like
+this:
+```
+EXTRA_OECONF += "--enable-debug"
+```
+
+Testing with QEMU and TPM Simulator
+-----------------------------------
+
+1. Compile your target image
+```
+bitbake core-image-minimal
+```
+
+2. Clean up any existing TPM state:
+```
+sudo killall swtpm 2>/dev/null
+sudo rm -rf /tmp/mytpm1
+```
+
+3. Create directory and set permissions:
+```
+sudo mkdir -p /tmp/mytpm1
+sudo chown -R $(whoami):$(whoami) /tmp/mytpm1
+chmod 755 /tmp/mytpm1
+```
+
+4. Start the TPM simulator (in terminal 1):
+```
+sudo swtpm socket --tpmstate dir=/tmp/mytpm1 \
+    --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
+    --log level=20 \
+    --tpm2
+```
+
+5. Initialize the TPM (in terminal 2):
+```
+sudo swtpm_setup --tpmstate /tmp/mytpm1 \
+    --createek \
+    --create-ek-cert \
+    --create-platform-cert \
+    --lock-nvram \
+    --tpm2
+```
+
+6. Fix permissions for QEMU access:
+```
+sudo chown -R $(whoami):$(whoami) /tmp/mytpm1
+sudo chmod -R 755 /tmp/mytpm1
+sudo chmod 777 /tmp/mytpm1/swtpm-sock
+```
+
+7. Start QEMU (in terminal 3):
+```
+cd ~/poky/build
+runqemu qemux86-64 nographic core-image-minimal \
+    qemuparams="-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
+    -tpmdev emulator,id=tpm0,chardev=chrtpm \
+    -device tpm-tis,tpmdev=tpm0"
+```
+
+8. Run the wolfTPM wrap test
+```
+cd /usr/bin
+./wolftpm-wrap-test
+```
+
+Refer to the [wolfTPM Examples README](https://github.com/wolfSSL/wolfTPM/blob/master/examples/README.md) for more information on the examples directory.
+
+Refer to the [meta-wolfssl README](https://github.com/wolfSSL/meta-wolfssl/blob/master/README.md) for more information on setting up your layer.
diff --git a/recipes-examples/wolftpm/wolftpm_%.bbappend b/recipes-examples/wolftpm/wolftpm_%.bbappend
index 556a1ae..e988433 100644
--- a/recipes-examples/wolftpm/wolftpm_%.bbappend
+++ b/recipes-examples/wolftpm/wolftpm_%.bbappend
@@ -4,9 +4,14 @@ WOLFTPM_TEST = "wrap_test"
 WOLFTPM_TEST_YOCTO = "wolftpm-wrap-test"
 WOLFTPM_INSTALL_DIR = "${D}${bindir}"
 
+# Configurations
+EXTRA_OECONF += "--enable-devtpm"
+
 python () {
+    # Current Configurations
+    bb.note("Current EXTRA_OECONF: %s" % d.getVar('EXTRA_OECONF'))
     # Get the environment variables WOLFTPM_TEST_DIR, WOLFTPM_TEST,
-    #   WOLFTPM_TEST_YOCTO, and WOLFTPM_INSTALL_DIR
+    # WOLFTPM_TEST_YOCTO, and WOLFTPM_INSTALL_DIR
     wolftpm_test_dir = d.getVar('WOLFTPM_TEST_DIR', True)
     wolftpm_test = d.getVar('WOLFTPM_TEST', True)
     wolftpm_test_yocto = d.getVar('WOLFTPM_TEST_YOCTO', True)
@@ -14,7 +19,8 @@ python () {
 
     bbnote = 'bbnote "Installing wolfTPM wrap_test"\n'
     installDir = 'install -m 0755 -d "%s"\n' % (wolftpm_install_dir)
-    cpWrapTest = 'cp "%s/%s" "%s/%s"\n' % (wolftpm_test_dir, wolftpm_test, wolftpm_install_dir, wolftpm_test_yocto)
+    cpWrapTest = 'cp "%s/%s" "%s/%s"\n' % (wolftpm_test_dir, wolftpm_test,
+        wolftpm_install_dir, wolftpm_test_yocto)
 
     d.appendVar('do_install', bbnote)
     d.appendVar('do_install', installDir)