4 # The Initial Developer of the Original Code is International
5 # Business Machines Corporation. Portions created by IBM
6 # Corporation are Copyright (C) 2014 International Business
7 # Machines Corporation. All Rights Reserved.
9 # This program is free software; you can redistribute it and/or modify
10 # it under the terms of the Common Public License as published by
11 # IBM Corporation; either version 1 of the License, or (at your option)
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # Common Public License for more details.
19 # You should have received a copy of the Common Public License
20 # along with this program; if not, a copy can be viewed at
21 # http://www.opensource.org/licenses/cpl1.0.php.
23 # This file is derived from tpm-tool's configure.in.
26 AC_INIT([swtpm],[0.7.0])
28 AC_CONFIG_SRCDIR(Makefile.am)
29 AC_CONFIG_HEADERS([config.h])
31 SWTPM_VER_MAJOR=`echo $PACKAGE_VERSION | cut -d "." -f1`
32 SWTPM_VER_MINOR=`echo $PACKAGE_VERSION | cut -d "." -f2`
33 SWTPM_VER_MICRO=`echo $PACKAGE_VERSION | cut -d "." -f3`
35 AC_SUBST([SWTPM_VER_MAJOR])
36 AC_SUBST([SWTPM_VER_MINOR])
37 AC_SUBST([SWTPM_VER_MICRO])
39 dnl Check for programs
45 AC_CONFIG_MACRO_DIR([m4])
48 AM_INIT_AUTOMAKE([foreign 1.6])
49 AM_SILENT_RULES([yes])
52 AC_MSG_CHECKING([for debug-enabled build])
53 AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug],[create a debug build]),
54 [if test "$enableval" = "yes"; then
64 # If the user has not set CFLAGS, do something appropriate
65 test_CFLAGS=${CFLAGS+set}
66 if test "$test_CFLAGS" != set; then
67 if test "$DEBUG" = "yes"; then
68 CFLAGS="-O0 -g -DDEBUG"
72 elif test "$DEBUG" = "yes"; then
73 CFLAGS="$CFLAGS -O0 -g -DDEBUG"
85 AC_ARG_WITH([selinux],
86 AS_HELP_STRING([--with-selinux],
87 [add SELinux policy extensions @<:@default=check@:>@]))
88 m4_divert_text([DEFAULTS], [with_selinux=check])
90 dnl Check for SELinux policy support
92 if test "$with_selinux" != "no"; then
93 if test "$with_selinux" = "check" || test "$with_selinux" = "yes"; then
94 if ! test -f /usr/share/selinux/devel/Makefile; then
95 if test "$with_selinux" = "yes"; then
96 AC_MSG_ERROR("Is selinux-policy-devel installed?")
101 AC_PATH_PROG([SEMODULE], semodule)
102 if test "x$SEMODULE" = "x"; then
103 if test "$with_selinux" = "yes"; then
104 AC_MSG_ERROR("Is selinux-policy-devel installed?")
109 if test "$with_selinux" = "check"; then
114 AM_CONDITIONAL([WITH_SELINUX], [test "x$with_selinux" = "xyes"])
116 if test "$prefix" = "/usr" && test "$sysconfdir" = '${prefix}/etc'; then
119 if test "$prefix" = "" && test "$datarootdir" = '${prefix}/share'; then
120 datarootdir="/usr/share"
122 if test "$prefix" = "/usr" && test "$localstatedir" = '${prefix}/var'; then
125 if test "x$prefix" = "xNONE"; then
128 if test "x$exec_prefix" = "xNONE"; then
131 SYSCONFDIR=`eval echo $sysconfdir`
132 DATAROOTDIR=`eval echo $datarootdir`
133 LOCALSTATEDIR=`eval echo $localstatedir`
134 BINDIR=`eval echo $bindir`
135 AC_SUBST([SYSCONFDIR])
136 AC_SUBST([DATAROOTDIR])
137 AC_SUBST([LOCALSTATEDIR])
142 AC_ARG_WITH([openssl],
143 [AS_HELP_STRING([--with-openssl],
144 [build with openssl library])],
151 [AES_set_encrypt_key],
153 AC_MSG_ERROR(Faulty openssl crypto library))
154 AC_CHECK_HEADERS([openssl/aes.h],[],
155 AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?))
156 AC_MSG_RESULT([Building with openssl crypto library])
157 LIBCRYPTO_LIBS=$(pkg-config --libs libcrypto)
158 AC_SUBST([LIBCRYPTO_LIBS])
162 LIBTASN1_LIBS=$(pkg-config --libs libtasn1)
163 if test $? -ne 0; then
164 AC_MSG_ERROR("Is libtasn1-devel installed? -- could not get libs for libtasn1")
166 AC_SUBST([LIBTASN1_LIBS])
172 AC_MSG_ERROR("no libtpms.pc found; please set PKG_CONFIG_PATH to the directory where libtpms.pc is located")
174 LDFLAGS="$LDFLAGS $LIBTPMS_LIBS"
175 CFLAGS="$CFLAGS $LIBTPMS_CFLAGS"
177 TPMLIB_ChooseTPMVersion,[true],
178 AC_MSG_ERROR("libtpms 0.6 or later is required")
180 AC_SUBST([LIBTPMS_LIBS])
182 AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
183 AC_SUBST([LIBRT_LIBS])
185 AC_PATH_PROG([TCSD], tcsd)
186 if test "x$TCSD" = "x"; then
188 AC_MSG_WARN([tcsd could not be found; typically need it for tss user account and tests])
192 AM_CONDITIONAL([HAVE_TCSD], test "$have_tcsd" != "no")
194 dnl We either need netstat (more common across systems) or 'ss' for test cases
195 AC_PATH_PROG([NETSTAT], [netstat])
196 if test "x$NETSTAT" = "x"; then
197 AC_PATH_PROG([SS], [ss])
198 if test "x$SS" = "x"; then
199 AC_MSG_ERROR(['netstat' and 'ss' tools are missing for tests: net-tools OR iproute/iproute2 package])
203 AC_MSG_CHECKING([for whether to build with CUSE interface])
205 AS_HELP_STRING([--with-cuse],[build with CUSE interface]),
210 if test "$with_cuse" != "no"; then
211 LIBFUSE_CFLAGS=$(pkg-config fuse --cflags 2>/dev/null)
212 if test $? -ne 0; then
213 if test "$with_cuse" = "yes"; then
214 AC_MSG_ERROR("Is fuse-devel installed? -- could not get cflags for libfuse")
223 JSON_GLIB_CFLAGS=$(pkg-config --cflags json-glib-1.0)
224 if test $? -ne 0; then
225 AC_MSG_ERROR("Is libjson-glib-dev/json-glib-devel installed? -- could not get cflags")
227 AC_SUBST([JSON_GLIB_CFLAGS])
229 JSON_GLIB_LIBS=$(pkg-config --libs json-glib-1.0)
230 if test $? -ne 0; then
231 AC_MSG_ERROR("Is libjson-glib-dev/json-glib-devel installed? -- could not get libs")
233 AC_SUBST([JSON_GLIB_LIBS])
235 GLIB_CFLAGS=$(pkg-config --cflags glib-2.0)
236 if test $? -ne 0; then
237 AC_MSG_ERROR("Is libglib-2.0-dev/glib2-devel installed? -- could not get cflags")
239 AC_SUBST([GLIB_CFLAGS])
241 GLIB_LIBS=$(pkg-config --libs glib-2.0)
242 if test $? -ne 0; then
243 AC_MSG_ERROR("Is libglib-2.0-dev/glib2-devel installed? -- could not get libs")
245 AC_SUBST([GLIB_LIBS])
247 dnl with_cuse is now yes or no
248 if test "$with_cuse" != "no"; then
249 LIBFUSE_LIBS=$(pkg-config fuse --libs)
250 if test $? -ne 0; then
251 AC_MSG_ERROR("Is fuse-devel installed? -- could not get libs for libfuse")
253 AC_SUBST([LIBFUSE_CFLAGS])
254 AC_SUBST([LIBFUSE_LIBS])
255 AC_DEFINE_UNQUOTED([WITH_CUSE], 1,
256 [whether to build with CUSE interface])
258 GTHREAD_LIBS=$(pkg-config --libs gthread-2.0)
259 if test $? -ne 0; then
260 AC_MSG_ERROR("Is glib-2.0 installed? -- could not get libs for gthread-2.0")
262 AC_SUBST([GTHREAD_LIBS])
264 AM_CONDITIONAL([WITH_CUSE],[test "$with_cuse" = "yes"])
265 AC_MSG_RESULT($with_cuse)
267 AC_MSG_CHECKING([for whether to build with chardev interface])
271 AC_DEFINE_UNQUOTED([WITH_CHARDEV], 1,
272 [whether to build with chardev interface])
277 AM_CONDITIONAL([WITH_CHARDEV],[test "$with_chardev" = "yes"])
278 AC_MSG_RESULT($with_cuse)
280 AC_ARG_WITH([gnutls],
281 AS_HELP_STRING([--with-gnutls],[build with gnutls library]),
286 if test "x$with_gnutls" != "xno"; then
287 GNUTLS_LDFLAGS=$(pkg-config --libs gnutls)
288 if test $? -ne 0; then
289 if test "x$with_gnutls" = "xyes"; then
290 AC_MSG_ERROR("Is gnutls installed? -- could not get libs for gnutls")
297 if test "x$with_gnutls" != "xno"; then
298 AC_PATH_PROG([GNUTLS_CERTTOOL], certtool)
299 if test "x$GNUTLS_CERTTOOL" = "x"; then
300 if test "x$with_gnutls" = "xyes"; then
301 AC_MSG_ERROR("Could not find certtool. Is gnutls-utils/gnutls-bin installed?")
306 dnl certtool changed how it takes private key passwords
307 dnl 3.3.29 is too old (RHEL 7); we need at least gnutls 3.4.0
308 AC_MSG_CHECKING([for gnutls 3.4.0 or later])
309 $(pkg-config gnutls --atleast-version=3.4.0)
310 if test $? -ne 0; then
311 AC_MSG_ERROR([gnutls 3.4.0 is required])
316 if test "x$with_gnutls" != "xno"; then
317 ORIG_CFLAGS="$CFLAGS"
318 GNUTLS_CFLAGS=$(pkg-config gnutls --cflags)
319 CFLAGS="$CFLAGS $GNUTLS_CFLAGS $GNUTLS_LDFLAGS"
320 AC_CHECK_LIB([gnutls], [gnutls_load_file], [
323 [if test "x$with_gnutls" = "xyes"; then
324 AC_MSG_ERROR([GNUTLS >= 3.1.0 library not found: libgnutls.so])
328 CFLAGS="$ORIG_CFLAGS"
331 if test "x$with_gnutls" != "xno"; then
332 ORIG_CFLAGS="$CFLAGS"
333 CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
334 AC_CHECK_HEADER(gnutls/abstract.h, [], \
335 [if test "x$with_gnutls" = "xyes"; then
336 AC_MSG_ERROR([GNUTLS >= 3.1.0 library header not found: gnutls/abstract.h])
340 CFLAGS="$ORIG_CFLAGS"
343 if test "x$with_gnutls" != "xno"; then
346 AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" = "xyes"])
347 AC_SUBST([GNUTLS_LIBS])
349 DEFAULT_PCR_BANKS="sha256"
350 AC_ARG_ENABLE([default-pcr-banks],
352 [--enable-default-pcr-banks=list of PCR banks],
353 [Have swtpm_setup activate the given PCR banks by default;
360 if test "x$enable_default_pcr_banks" != "x"; then
361 DEFAULT_PCR_BANKS="$enable_default_pcr_banks"
363 AC_MSG_CHECKING([which PCR banks to activate by default])
364 if $srcdir/scripts/test_pcr_bank_list $DEFAULT_PCR_BANKS; then
365 AC_MSG_RESULT([$DEFAULT_PCR_BANKS])
367 AC_MSG_ERROR([$DEFAULT_PCR_BANKS is an invalid list of PCR banks])
369 AC_SUBST([DEFAULT_PCR_BANKS])
371 AC_PATH_PROG([EXPECT], expect)
372 if test "x$EXPECT" = "x"; then
373 AC_MSG_ERROR([expect is required: expect package])
376 AC_PATH_PROG([GAWK], gawk)
377 if test "x$GAWK" = "x"; then
378 AC_MSG_ERROR([gawk is required: gawk package])
381 AC_PATH_PROG([SOCAT], socat)
382 if test "x$SOCAT" = "x"; then
383 AC_MSG_ERROR([socat is required: socat package])
386 AC_PATH_PROG([BASE64], base64)
387 if test "x$BASE64" = "x"; then
388 AC_MSG_ERROR([base64 is required: base64 package])
391 AC_PATH_PROG([CP], cp)
392 if test "x$CP" = "x"; then
393 AC_MSG_ERROR([cp is required])
396 AM_PATH_PYTHON([3.3])
398 AC_ARG_ENABLE([hardening],
399 AS_HELP_STRING([--disable-hardening], [Disable hardening flags]))
401 if test "x$enable_hardening" != "xno"; then
402 TMP="$($CC -fstack-protector-strong $srcdir/include/swtpm/tpm_ioctl.h 2>&1)"
403 if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then
404 HARDENING_CFLAGS="-fstack-protector -Wstack-protector"
406 HARDENING_CFLAGS="-fstack-protector-strong -Wstack-protector"
409 dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
410 TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')"
411 TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')"
412 if test -z "$TMP1" && test -n "$TMP2"; then
413 HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2"
415 dnl Check linker for 'relro' and 'now'
416 save_CFLAGS="$CFLAGS"
417 CFLAGS="-Wl,-z,relro -Werror"
418 AC_MSG_CHECKING([whether linker supports -Wl,-z,relro])
420 [AC_LANG_SOURCE([[int main() { return 0; }]])],
421 [HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,relro"
425 CFLAGS="-Wl,-z,now -Werror"
426 AC_MSG_CHECKING([whether linker supports -Wl,-z,now])
428 [AC_LANG_SOURCE([[int main() { return 0; }]])],
429 [HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,now"
433 CFLAGS="$save_CFLAGS"
434 AC_SUBST([HARDENING_CFLAGS])
435 AC_SUBST([HARDENING_LDFLAGS])
438 AC_ARG_ENABLE([test-coverage],
439 AS_HELP_STRING([--enable-test-coverage], [Enable test coverage flags]))
441 if test "x$enable_test_coverage" = "xyes"; then
442 COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage"
443 COVERAGE_LDFLAGS="-fprofile-arcs"
446 AC_ARG_ENABLE([sanitizers],
447 AS_HELP_STRING([--enable-sanitizers], [Enable address/undefined sanitizers]))
449 if test "x$enable_sanitizers" = "xyes"; then
450 save_CFLAGS="$CFLAGS"
451 CFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer"
452 AC_MSG_CHECKING([whether linker supports sanitizer])
454 [AC_LANG_SOURCE([[int main() { return 0; }]])],
455 [SANITIZER_CFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer"
456 SANITIZER_LDFLAGS="-fsanitize=address,undefined"
460 CFLAGS="$save_CFLAGS"
463 AC_ARG_WITH([tss-user],
464 AS_HELP_STRING([--with-tss-user=TSS_USER],[The tss user to use]),
465 [TSS_USER="$withval"],
469 AC_ARG_WITH([tss-group],
470 AS_HELP_STRING([--with-tss-group=TSS_GROUP],[The tss group to use]),
471 [TSS_GROUP="$withval"],
477 AC_MSG_CHECKING([whether TSS_USER $TSS_USER is available])
478 if ! test $(id -u $TSS_USER); then
479 AC_MSG_ERROR(["$TSS_USER is not available"])
483 AC_MSG_CHECKING([whether TSS_GROUP $TSS_GROUP is available])
484 if ! test $(id -g $TSS_GROUP); then
485 AC_MSG_ERROR(["$TSS_GROUP is not available"])
493 AC_SUBST([TSS_GROUP])
495 CFLAGS="$CFLAGS -Wreturn-type -Wsign-compare -Wswitch-enum"
496 CFLAGS="$CFLAGS -Wmissing-prototypes -Wall -Werror"
497 CFLAGS="$CFLAGS -Wformat -Wformat-security"
498 CFLAGS="$CFLAGS $GNUTLS_CFLAGS $COVERAGE_CFLAGS $SANITIZER_CFLAGS"
500 LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS $SANITIZER_LDFLAGS"
502 dnl Simulate the following for systems with pkg-config < 0.28:
503 dnl PKG_CHECK_VAR([libtpms_cryptolib], [libtpms], [cryptolib],
504 dnl [], AC_MSG_ERROR([Could not determine libtpms crypto library.]))
507 AC_MSG_CHECKING([Checking the crypto library libtpms is linked to])
508 libtpms_cryptolib=`$PKG_CONFIG --variable cryptolib libtpms`
509 if test "x$libtpms_cryptolib" = "x"; then
510 AC_MSG_WARN([Could not determine the crypto library libtpms is using, assuming ${cryptolib}])
511 libtpms_cryptolib=${cryptolib}
513 AC_MSG_RESULT($libtpms_cryptolib)
515 if test "$libtpms_cryptolib" != "$cryptolib"; then
516 echo "libtpms is using $libtpms_cryptolib; we have to use the same"
517 if test "$cryptolib" = "openssl"; then
518 AC_MSG_ERROR([do not use --with-openssl])
520 AC_MSG_ERROR([use --with-openssl])
528 AC_DEFINE_UNQUOTED([WITH_VTPM_PROXY], 1,
529 [whether to build in vTPM proxy support (Linux only)])
534 CFLAGS="$CFLAGS -D__USE_LINUX_IOCTL_DEFS"
537 dnl Seccomp profile using -lseccomp (Linux only)
540 with_seccomp_default=yes
543 with_seccomp_default=no
547 AC_MSG_CHECKING([for whether to build with seccomp profile])
548 AC_ARG_WITH([seccomp],
549 AS_HELP_STRING([--with-seccomp],[build with seccomp profile]),
550 AC_MSG_RESULT([$with_seccomp]),
551 [with_seccomp=$with_seccomp_default]
552 AC_MSG_RESULT([$with_seccomp])
555 if test "$with_seccomp" != "no"; then
556 LIBSECCOMP_CFLAGS=$(pkg-config libseccomp --cflags 2>/dev/null)
557 if test $? -ne 0; then
558 AC_MSG_ERROR("Is libseccomp-devel installed? -- could not get cflags for libseccomp")
562 LIBSECCOMP_LIBS=$(pkg-config --libs libseccomp)
563 AC_SUBST([LIBSECCOMP_LIBS])
564 AC_SUBST([LIBSECCOMP_CFLAGS])
565 AC_DEFINE_UNQUOTED([WITH_SECCOMP], 1,
566 [whether to build in seccomp profile (Linux only)])
570 MY_LDFLAGS="$LDFLAGS"
571 AC_SUBST([MY_CFLAGS])
572 AC_SUBST([MY_LDFLAGS])
574 AC_CONFIG_FILES([Makefile \
575 debian/swtpm-tools.postinst \
578 samples/swtpm-localca.conf \
579 samples/swtpm-create-user-config-files \
580 samples/swtpm_setup.conf \
583 include/swtpm/Makefile \
586 src/selinux/Makefile \
588 src/swtpm_bios/Makefile \
589 src/swtpm_cert/Makefile \
590 src/swtpm_ioctl/Makefile \
591 src/swtpm_localca/Makefile \
592 src/swtpm_localca/swtpm_localca_conf.h \
593 src/swtpm_setup/Makefile \
594 src/swtpm_setup/swtpm_setup_conf.h \
602 AC_CONFIG_FILES([samples/swtpm-localca],
603 [chmod 755 samples/swtpm-localca])
607 printf "with_gnutls : %5s (no = swtpm_cert will NOT be built)\n" $with_gnutls
608 printf "with_selinux : %5s (no = SELinux policy extensions will NOT be built)\n" $with_selinux
609 printf "with_cuse : %5s (no = no CUSE interface)\n" $with_cuse
610 printf "with_chardev : %5s (no = no chardev interface)\n" $with_chardev
611 printf "with_vtpm_proxy : %5s (no = no vtpm proxy support; Linux only)\n" $with_vtpm_proxy
612 printf "with_seccomp : %5s (no = no seccomp profile; Linux only)\n" $with_seccomp
614 printf "active PCR banks : %s\n" $DEFAULT_PCR_BANKS
616 echo "Version to build : $PACKAGE_VERSION"
617 echo "Crypto library : $cryptolib"
619 echo " MY_CFLAGS = $MY_CFLAGS"
620 echo " HARDENING_CFLAGS = $HARDENING_CFLAGS"
621 echo "HARDENING_LDFLAGS = $HARDENING_LDFLAGS"
622 echo " MY_LDFLAGS = $MY_LDFLAGS"
623 echo " LIBSECCOMP_LIBS = $LIBSECCOMP_LIBS"
624 echo " JSON_GLIB_CFLAGS = $JSON_GLIB_CFLAGS"
625 echo " JSON_GLIB_LIBS = $JSON_GLIB_LIBS"
626 echo " GLIB_CFLAGS = $GLIB_CFLAGS"
627 echo " GLIB_LIBS = $GLIB_LIBS"
629 echo "TSS_USER=$TSS_USER"
630 echo "TSS_GROUP=$TSS_GROUP"