[gentoo-commits] repo/gentoo:master commit in: app-crypt/ima-evm-utils/, app-crypt/ima-evm-utils/files/

[gentoo-commits] repo/gentoo:master commit in: app-crypt/ima-evm-utils/, app-crypt/ima-evm-utils/files/

[Sven Vermeulen]

commit:     faa1e1acf25bdf284b0e5dbce8081c40933cb32f
Author:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 27 17:03:39 2018 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Mon Aug 27 17:05:50 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=faa1e1ac

app-crypt/ima-evm-utils: Use sys/xattr instead of attr/xattr

The xattr syscalls are provided by glibc, so there is no need to depend
on libattr (and the ebuild didn't anyway).

This fixes Gentoo bug #649790.

Reported-by: Toralf Forster <toralf <AT> gentoo.org>
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
Package-Manager: Portage-2.3.40, Repoman-2.3.9

 ...ls-1.1-configure-use-sys-xattr-bug-649790.patch | 41 ++++++++++++++++++++++
 app-crypt/ima-evm-utils/ima-evm-utils-1.1.ebuild   |  4 +++
 2 files changed, 45 insertions(+)

diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.1-configure-use-sys-xattr-bug-649790.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.1-configure-use-sys-xattr-bug-649790.patch
new file mode 100644
index 00000000000..1a8a327ba87
--- /dev/null
+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.1-configure-use-sys-xattr-bug-649790.patch
@@ -0,0 +1,41 @@
+From 18566f4cd3601109fe0e64d1230e9afa4813bc54 Mon Sep 17 00:00:00 2001
+From: Lars Wendler <polynomial-c@gentoo.org>
+Date: Tue, 15 May 2018 13:23:55 +0200
+Subject: [PATCH] attr/xattr.h is deprecated. Use sys/xattr.h instead
+
+See also:
+http://git.savannah.nongnu.org/cgit/attr.git/commit/?id=7921157890d07858d092f4003ca4c6bae9fd2c38
+---
+ configure.ac | 2 +-
+ src/evmctl.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 0497eb7..1f017e2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -30,7 +30,7 @@ AC_SUBST(OPENSSL_LIBS)
+ AC_CHECK_HEADER(unistd.h)
+ AC_CHECK_HEADERS(openssl/conf.h)
+ 
+-AC_CHECK_HEADERS(attr/xattr.h, , [AC_MSG_ERROR([attr/xattr.h header not found. You need the libattr development package.])])
++AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found.])])
+ AC_CHECK_HEADERS(keyutils.h, , [AC_MSG_ERROR([keyutils.h header not found. You need the libkeyutils development package.])])
+ 
+ #debug support - yes for a while
+diff --git a/src/evmctl.c b/src/evmctl.c
+index 2ffee78..3fbcd33 100644
+--- a/src/evmctl.c
++++ b/src/evmctl.c
+@@ -49,7 +49,7 @@
+ #include <stdint.h>
+ #include <string.h>
+ #include <dirent.h>
+-#include <attr/xattr.h>
++#include <sys/xattr.h>
+ #include <linux/xattr.h>
+ #include <getopt.h>
+ #include <keyutils.h>
+-- 
+2.17.0
+

diff --git a/app-crypt/ima-evm-utils/ima-evm-utils-1.1.ebuild b/app-crypt/ima-evm-utils/ima-evm-utils-1.1.ebuild
index 9ca9b52abd8..35ae3638a98 100644
--- a/app-crypt/ima-evm-utils/ima-evm-utils-1.1.ebuild
+++ b/app-crypt/ima-evm-utils/ima-evm-utils-1.1.ebuild
@@ -22,6 +22,10 @@ SLOT="0"
 KEYWORDS="~amd64 ~x86"
 IUSE="debug"
 
+PATCHES=(
+	"${FILESDIR}/${PN}-1.1-configure-use-sys-xattr-bug-649790.patch"
+)
+
 src_prepare() {
 	default
 

[gentoo-commits] repo/gentoo:master commit in: app-crypt/ima-evm-utils/, app-crypt/ima-evm-utils/files/

[Sam James]

commit:     2c38515f011fb75697dae1d7456be62f8cf9b73e
Author:     Christopher Byrne <salah.coronya <AT> gmail <DOT> com>
AuthorDate: Sat Nov  6 20:58:58 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Feb 26 02:40:52 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c38515f

app-crypt/ima-evm-utils: Bump to 1.4

Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Christopher Byrne <salah.coronya <AT> gmail.com>
Closes: https://bugs.gentoo.org/822165
Closes: https://github.com/gentoo/gentoo/pull/22850
Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/ima-evm-utils/Manifest                   |   1 +
 ...nfigure-remove-automagic-TSS-dependencies.patch |  39 ++++
 ...Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch |  84 ++++++++
 ...-evm-utils-1.4-test-remove-boot_aggregate.patch | 216 +++++++++++++++++++++
 app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild   |  52 +++++
 app-crypt/ima-evm-utils/metadata.xml               |   3 +
 6 files changed, 395 insertions(+)

diff --git a/app-crypt/ima-evm-utils/Manifest b/app-crypt/ima-evm-utils/Manifest
index 02f3d5d79e9d..3485816848d5 100644
--- a/app-crypt/ima-evm-utils/Manifest
+++ b/app-crypt/ima-evm-utils/Manifest
@@ -1,2 +1,3 @@
 DIST ima-evm-utils-1.1.tar.gz 37825 BLAKE2B 469f5bbc194f3fcc8996f252d01745c0d8d4d4f63476174622ea4569c97978db478bd522ae4672819c5ef995f2bb524eb857e5bf5c303131959f2f5cb9c2ebcc SHA512 fc7efc890812233db888eef210dc4357bee838b56fd95efd9a9e141d684b0b354670a3c053dd93a94a1402dd826074d4a83a4637c8e6c1d90ead3132354a5776
 DIST ima-evm-utils-1.3.2.tar.gz 100373 BLAKE2B 04717a934795f7e2a351b1f59388d2d429e00a8a18c57c0eb258bb81bc329342cb9971fa2b4493f7b492f07961ec794a0549fd2d0984381492dcab474915a0d6 SHA512 af96935f953fbec8cdd40ba1a24001fae916633df03f9dee1e96775baec0ffea21a7a13798b3e3c3f375fd493a65fe65b5357887890b46cac0c4dcca5a5b79db
+DIST ima-evm-utils-1.4.tar.gz 110104 BLAKE2B 12e09162e0d5e689132dde6b814ceeb8001a0379e8edb89b9aeb87c8e9f6e21fdd554e6626d1496b82cc77213fdf08b26bcc0be77140d7d598589a482940a321 SHA512 2fdf41470d88608162a084c4877ba17d531941b744bcb44dd4913e48ab2c2d131e0af3e3ead74c18748a5d46aced51213ebd7c13a5ee19050c28d54a26c011a3

diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-configure-remove-automagic-TSS-dependencies.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-configure-remove-automagic-TSS-dependencies.patch
new file mode 100644
index 000000000000..a5fb28a291fb
--- /dev/null
+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-configure-remove-automagic-TSS-dependencies.patch
@@ -0,0 +1,39 @@
+From 911cef2b984a947b1020bdcf87d1573600ea754d Mon Sep 17 00:00:00 2001
+From: Christopher Byrne <salah.coronya@gmail.com>
+Date: Fri, 5 Nov 2021 21:31:10 -0500
+Subject: [PATCH] configure.ac: Remove automagic dependencies on the TSS stacks
+
+Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
+---
+ configure.ac | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 1a0f093..c05b72d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -31,12 +31,18 @@ AC_CHECK_HEADER(unistd.h)
+ AC_CHECK_HEADERS(openssl/conf.h)
+ 
+ # Intel TSS
+-AC_CHECK_LIB([tss2-esys], [Esys_Free])
+-AC_CHECK_LIB([tss2-rc], [Tss2_RC_Decode])
++AC_ARG_WITH([pcrtss], AS_HELP_STRING([--with-pcrtss], [Build with Intel TSS library (default: disabled)]))
++AS_IF([test "x$with_pcrtss" = "xyes"], [
++  AC_CHECK_LIB([tss2-esys], [Esys_Free])
++  AC_CHECK_LIB([tss2-rc], [Tss2_RC_Decode])
++])
+ AM_CONDITIONAL([USE_PCRTSS], [test "x$ac_cv_lib_tss2_esys_Esys_Free" = "xyes"])
+ 
+ # IBM TSS include files
+-AC_CHECK_HEADER(ibmtss/tss.h, [], [], [[#define TPM_POSIX]])
++AC_ARG_WITH([ibmtss], AS_HELP_STRING([--with-ibmtss], [Build with IBM TSS library (default: disabled)]))
++AS_IF([test "x$with_ibmtss" = "xyes"], [
++  AC_CHECK_HEADER(ibmtss/tss.h, [], [], [[#define TPM_POSIX]])
++])
+ AM_CONDITIONAL([USE_IBMTSS], [test "x$ac_cv_header_ibmtss_tss_h" = "xyes"])
+ 
+ AC_CHECK_HEADERS(sys/xattr.h, , [AC_MSG_ERROR([sys/xattr.h header not found. You need the c-library development package.])])
+-- 
+2.32.0
+

diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch
new file mode 100644
index 000000000000..41dd2cd6fb0c
--- /dev/null
+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch
@@ -0,0 +1,84 @@
+From 5be7797f96db606c16701b6cb7e218a487c4cf4a Mon Sep 17 00:00:00 2001
+From: Christopher Byrne <salah.coronya@gmail.com>
+Date: Sat, 6 Nov 2021 15:36:48 -0500
+Subject: [PATCH] test: Rename bash variable WORKDIR to MYWORKDIR
+
+Gentoo Portage ALSO uses the variable WORKDIR, and this results in
+Portage deleting the entire tree if the tests are run under it
+
+Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
+---
+ tests/functions.sh     | 12 ++++++------
+ tests/sign_verify.test |  6 +++---
+ 2 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/tests/functions.sh b/tests/functions.sh
+index 8f6f02d..eb6b34a 100755
+--- a/tests/functions.sh
++++ b/tests/functions.sh
+@@ -250,8 +250,8 @@ _enable_gost_engine() {
+ # Show test stats and exit into automake test system
+ # with proper exit code (same as ours). Do cleanups.
+ _report_exit_and_cleanup() {
+-  if [ -n "${WORKDIR}" ]; then
+-    rm -rf "${WORKDIR}"
++  if [ -n "${MYWORKDIR}" ]; then
++    rm -rf "${MYWORKDIR}"
+   fi
+ 
+   if [ $testsfail -gt 0 ]; then
+@@ -277,19 +277,19 @@ _report_exit_and_cleanup() {
+ }
+ 
+ # Setup SoftHSM for local testing by calling the softhsm_setup script.
+-# Use the provided workdir as the directory where SoftHSM will store its state
++# Use the provided myworkdir as the directory where SoftHSM will store its state
+ # into.
+ # Upon successfully setting up SoftHSM, this function sets the global variables
+ # OPENSSL_ENGINE and OPENSSL_KEYFORM so that the openssl command line tool can
+ # use SoftHSM. Also the PKCS11_KEYURI global variable is set to the test key's
+ # pkcs11 URI.
+ _softhsm_setup() {
+-  local workdir="$1"
++  local myworkdir="$1"
+ 
+   local msg
+ 
+-  export SOFTHSM_SETUP_CONFIGDIR="${workdir}/softhsm"
+-  export SOFTHSM2_CONF="${workdir}/softhsm/softhsm2.conf"
++  export SOFTHSM_SETUP_CONFIGDIR="${myworkdir}/softhsm"
++  export SOFTHSM2_CONF="${myworkdir}/softhsm/softhsm2.conf"
+ 
+   mkdir -p "${SOFTHSM_SETUP_CONFIGDIR}"
+ 
+diff --git a/tests/sign_verify.test b/tests/sign_verify.test
+index c56290a..b619c22 100755
+--- a/tests/sign_verify.test
++++ b/tests/sign_verify.test
+@@ -29,7 +29,7 @@ fi
+ ./gen-keys.sh >/dev/null 2>&1
+ 
+ trap _report_exit_and_cleanup EXIT
+-WORKDIR=$(mktemp -d)
++MYWORKDIR=$(mktemp -d)
+ set -f # disable globbing
+ 
+ # Determine keyid from a cert
+@@ -426,7 +426,7 @@ expect_fail \
+   check_sign TYPE=ima KEY=gost2012_256-B ALG=md_gost12_512 PREFIX=0x0302 OPTS=
+ 
+ # Test signing with key described by pkcs11 URI
+-_softhsm_setup "${WORKDIR}"
++_softhsm_setup "${MYWORKDIR}"
+ if [ -n "${PKCS11_KEYURI}" ]; then
+   expect_pass check_sign FILE=pkcs11test TYPE=ima KEY=${PKCS11_KEYURI} ALG=sha256 PREFIX=0x030204aabbccdd0100 OPTS=--keyid=aabbccdd
+   expect_pass check_sign FILE=pkcs11test TYPE=ima KEY=${PKCS11_KEYURI} ALG=sha1   PREFIX=0x030202aabbccdd0100 OPTS=--keyid=aabbccdd
+@@ -436,4 +436,4 @@ else
+   expect_pass __skip
+   expect_pass __skip
+ fi
+-_softhsm_teardown "${WORKDIR}"
++_softhsm_teardown "${MYWORKDIR}"
+-- 
+2.32.0
+

diff --git a/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-remove-boot_aggregate.patch b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-remove-boot_aggregate.patch
new file mode 100644
index 000000000000..701a81614f78
--- /dev/null
+++ b/app-crypt/ima-evm-utils/files/ima-evm-utils-1.4-test-remove-boot_aggregate.patch
@@ -0,0 +1,216 @@
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index ff928e1..029f2ff 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -1,7 +1,7 @@
+ check_SCRIPTS =
+ TESTS = $(check_SCRIPTS)
+ 
+-check_SCRIPTS += ima_hash.test sign_verify.test boot_aggregate.test
++check_SCRIPTS += ima_hash.test sign_verify.test
+ 
+ clean-local:
+ 	-rm -f *.txt *.out *.sig *.sig2
+diff --git a/tests/boot_aggregate.test b/tests/boot_aggregate.test
+deleted file mode 100755
+index d711566..0000000
+--- a/tests/boot_aggregate.test
++++ /dev/null
+@@ -1,197 +0,0 @@
+-#!/bin/bash
+-
+-#
+-# Calculate the boot_aggregate for each TPM bank, verifying that the
+-# boot_aggregate in the IMA measurement list matches one of them.
+-#
+-# A software TPM may be used to verify the boot_aggregate.  If a
+-# software TPM is not already running on the system, this test
+-# starts one and initializes the TPM PCR banks by walking the sample
+-# binary_bios_measurements event log, included in this directory, and
+-# extending the TPM PCRs.  The associated ascii_runtime_measurements
+-# for verifying the calculated boot_aggregate is included in this
+-# directory as well.
+-
+-trap cleanup SIGINT SIGTERM EXIT
+-
+-# Base VERBOSE on the environment variable, if set.
+-VERBOSE="${VERBOSE:-0}"
+-
+-cd "$(dirname "$0")"
+-export PATH=../src:$PATH
+-export LD_LIBRARY_PATH=$LD_LIBRARY_PATH
+-. ./functions.sh
+-_require evmctl
+-TSSDIR="$(dirname -- "$(which tssstartup)")"
+-PCRFILE="/sys/class/tpm/tpm0/device/pcrs"
+-MISC_PCRFILE="/sys/class/misc/tpm0/device/pcrs"
+-
+-# Only stop this test's software TPM
+-cleanup() {
+-	if [ -n "${SWTPM_PID}" ]; then
+-		kill -SIGTERM "${SWTPM_PID}"
+-	elif [ -n "${TPMSERVER_PID}" ]; then
+-		"${TSSDIR}/tsstpmcmd" -stop
+-	fi
+-}
+-
+-# Try to start a software TPM if needed.
+-swtpm_start() {
+-	local tpm_server swtpm
+-
+-	tpm_server="$(which tpm_server)"
+-	swtpm="$(which swtpm)"
+-	if [ -z "${tpm_server}" ] && [ -z "${swtpm}" ]; then
+-		echo "${CYAN}SKIP: Software TPM (tpm_server and swtpm) not found${NORM}"
+-		return "$SKIP"
+-	fi
+-
+-	if [ -n "${swtpm}" ]; then
+-		pgrep swtpm
+-		if [ $? -eq 0 ]; then
+-			echo "INFO: Software TPM (swtpm) already running"
+-			return 114
+-		else
+-			echo "INFO: Starting software TPM: ${swtpm}"
+-			mkdir -p ./myvtpm
+-			${swtpm} socket --tpmstate dir=./myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init > /dev/null 2>&1 &
+-			SWTPM_PID=$!
+-		fi
+-	elif [ -n "${tpm_server}" ]; then
+-		# tpm_server uses the Microsoft simulator encapsulated packet format
+-		export TPM_SERVER_TYPE="mssim"
+-		pgrep tpm_server
+-		if [ $? -eq 0 ]; then
+-			echo "INFO: Software TPM (tpm_server) already running"
+-			return 114
+-		else
+-			echo "INFO: Starting software TPM: ${tpm_server}"
+-			${tpm_server} > /dev/null 2>&1 &
+-			TPMSERVER_PID=$!
+-		fi
+-	fi
+-	return 0
+-}
+-
+-# Initialize the software TPM using the sample binary_bios_measurements log.
+-swtpm_init() {
+-	if [ ! -f "${TSSDIR}/tssstartup" ] || [ ! -f "${TSSDIR}/tsseventextend" ]; then
+-		echo "${CYAN}SKIP: tssstartup and tsseventextend needed for test${NORM}"
+-		return "$SKIP"
+-	fi
+-
+-	echo "INFO: Sending software TPM startup"
+-	"${TSSDIR}/tssstartup"
+-	if [ $? -ne 0 ]; then
+-		echo "INFO: Retry sending software TPM startup"
+-		sleep 1
+-		"${TSSDIR}/tssstartup"
+-	fi
+-
+-	if [ $? -ne 0 ]; then
+-		echo "INFO: Software TPM startup failed"
+-		return "$SKIP"
+-	fi
+-
+-	echo "INFO: Walking ${BINARY_BIOS_MEASUREMENTS} initializing the software TPM"
+-#	$(${TSSDIR}/tsseventextend -tpm -if "${BINARY_BIOS_MEASUREMENTS}" -v) 2>&1 > /dev/null
+-	"${TSSDIR}/tsseventextend" -tpm -if "${BINARY_BIOS_MEASUREMENTS}" -v > /dev/null 2>&1
+-}
+-
+-# In VERBOSE mode, display the calculated TPM PCRs for the different banks.
+-display_pcrs() {
+-	local PCRMAX=9
+-	local banks=("sha1" "sha256")
+-	local i;
+-
+-	for bank in "${banks[@]}"; do
+-		echo "INFO: Displaying ${bank} TPM bank (PCRs 0 - 9)"
+-		for i in $(seq 0 $PCRMAX); do
+-			rc=0
+-			pcr=$("${TSSDIR}/tsspcrread" -halg "${bank}" -ha "${i}" -ns)
+-			if [ $rc -ne 0 ]; then
+-				echo "INFO: tsspcrread failed: $pcr"
+-				break
+-			fi
+-			echo "$i: $pcr"
+-		done
+-	done
+-}
+-
+-# The first entry in the IMA measurement list is the "boot_aggregate".
+-# For each kexec, an additional "boot_aggregate" will appear in the
+-# measurement list, assuming the previous measurement list is carried
+-# across the kexec.
+-#
+-# Verify that the last "boot_aggregate" record in the IMA measurement
+-# list matches.
+-check() {
+-	echo "INFO: Calculating the boot_aggregate (PCRs 0 - 9) for multiple banks"
+-	bootaggr=$(evmctl ima_boot_aggregate)
+-	if [ $? -ne 0 ]; then
+-		echo "${CYAN}SKIP: evmctl ima_boot_aggregate: $bootaggr${NORM}"
+-		exit "$SKIP"
+-	fi
+-
+-	boot_aggr=( $bootaggr )
+-
+-	echo "INFO: Searching for the boot_aggregate in ${ASCII_RUNTIME_MEASUREMENTS}"
+-	for hash in "${boot_aggr[@]}"; do
+-		if [ "$VERBOSE" != "0" ]; then
+-			echo "$hash"
+-		fi
+-		if grep -e " boot_aggregate$" -e " boot_aggregate.$" "${ASCII_RUNTIME_MEASUREMENTS}" | tail -n 1 | grep -q "${hash}"; then
+-			echo "${GREEN}SUCCESS: boot_aggregate ${hash} found${NORM}"
+-			return "$OK"
+-		fi
+-	done
+-	echo "${RED}FAILURE: boot_aggregate not found${NORM}"
+-	echo "$bootaggr"
+-	return "$FAIL"
+-}
+-
+-if [ "$(id -u)" = 0 ] && [ -c "/dev/tpm0" ]; then
+-	ASCII_RUNTIME_MEASUREMENTS="/sys/kernel/security/ima/ascii_runtime_measurements"
+-	if [ ! -d "/sys/kernel/security/ima" ]; then
+-		echo "${CYAN}SKIP: CONFIG_IMA not enabled${NORM}"
+-		exit "$SKIP"
+-	fi
+-else
+-	BINARY_BIOS_MEASUREMENTS="./sample-binary_bios_measurements-pcrs-8-9"
+-	ASCII_RUNTIME_MEASUREMENTS="./sample-ascii_runtime_measurements-pcrs-8-9"
+-	export TPM_INTERFACE_TYPE="socsim"
+-	export TPM_COMMAND_PORT=2321
+-	export TPM_PLATFORM_PORT=2322
+-	export TPM_SERVER_NAME="localhost"
+-
+-	# swtpm uses the raw, unencapsulated packet format
+-	export TPM_SERVER_TYPE="raw"
+-fi
+-
+-# Start and initialize a software TPM as needed
+-if [ "$(id -u)" != 0 ] || [ ! -c "/dev/tpm0" ]; then
+-	if [ -f "$PCRFILE" ] || [ -f "$MISC_PCRFILE" ]; then
+-		echo "${CYAN}SKIP: system has discrete TPM 1.2, sample TPM 2.0 event log test not supported.${NORM}"
+-		exit "$SKIP"
+-	fi
+-
+-	swtpm_start
+-	error=$?
+-	if [ $error -eq "$SKIP" ]; then
+-		echo "skip: swtpm not installed"
+-		exit "$SKIP"
+-	fi
+-
+-	if [ $error -eq 0 ]; then
+-		swtpm_init
+-		if [ $? -eq "$SKIP" ]; then
+-			echo "testing boot_aggregate without entries"
+-			exit "$SKIP"
+-		fi
+-	fi
+-	if [ "$VERBOSE" != "0" ]; then
+-		display_pcrs
+-	fi
+-fi
+-
+-expect_pass check

diff --git a/app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild b/app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild
new file mode 100644
index 000000000000..8a6872dda3e1
--- /dev/null
+++ b/app-crypt/ima-evm-utils/ima-evm-utils-1.4.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools
+
+DESCRIPTION="Supporting tools for IMA and EVM"
+HOMEPAGE="http://linux-ima.sourceforge.net"
+SRC_URI="https://download.sourceforge.net/linux-ima/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug test tpm"
+
+RDEPEND="
+	dev-libs/openssl:0=
+	sys-apps/keyutils:=
+	tpm? ( app-crypt/tpm2-tss )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	app-text/asciidoc
+	app-text/docbook-xsl-stylesheets
+	dev-libs/libxslt
+	test? ( app-editors/vim-core )"
+
+RESTRICT="!test? ( test )"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-1.4-configure-remove-automagic-TSS-dependencies.patch"
+	"${FILESDIR}/${PN}-1.4-test-Rename-bash-variable-WORKDIR-to-MYWORKDIR.patch"
+	"${FILESDIR}/${PN}-1.4-test-remove-boot_aggregate.patch"
+	)
+
+src_prepare() {
+	default
+
+	sed -i '/^MANPAGE_DOCBOOK_XSL/s:/usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl:/usr/share/sgml/docbook/xsl-stylesheets/manpages/docbook.xsl:' Makefile.am || die
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		$(use_enable debug) \
+		$(use_with tpm pcrtss)
+}
+
+src_install() {
+	default
+	find "${ED}" -name '*.la' -delete || die
+}

diff --git a/app-crypt/ima-evm-utils/metadata.xml b/app-crypt/ima-evm-utils/metadata.xml
index 1beb74ffb739..06e244511370 100644
--- a/app-crypt/ima-evm-utils/metadata.xml
+++ b/app-crypt/ima-evm-utils/metadata.xml
@@ -8,4 +8,7 @@
 	<upstream>
 		<remote-id type="sourceforge">linux-ima</remote-id>
 	</upstream>
+	<use>
+		<flag name="tpm">Enable TPM support</flag>
+	</use>	
 </pkgmetadata>