third_party: add boringssl, libtpms, swtpm
This isn't yet used, but will soon be used as the main swtpm
implementation (instead of whatever is provided by the ambient
environment and/or sandbox).
Change-Id: I8c8cc7fd7841f10e14d6390595805a8b905d4f4e
Reviewed-on: https://review.monogon.dev/c/monogon/+/3127
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI
diff --git a/third_party/libtpms/patches/0001-boringssl-compat-new-SHA-types.patch b/third_party/libtpms/patches/0001-boringssl-compat-new-SHA-types.patch
new file mode 100644
index 0000000..b4d25f4
--- /dev/null
+++ b/third_party/libtpms/patches/0001-boringssl-compat-new-SHA-types.patch
@@ -0,0 +1,57 @@
+From 51935c4f084265833951e5439b682913bfbac03a Mon Sep 17 00:00:00 2001
+From: Serge Bazanski <serge@monogon.tech>
+Date: Tue, 4 Jun 2024 12:58:10 +0200
+Subject: [PATCH 1/6] boringssl compat: new SHA types
+
+See: https://github.com/google/boringssl/commit/51011b4a262046a3d9a2eb5690e54af80377f15a
+---
+ src/tpm2/NVMarshal.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/src/tpm2/NVMarshal.c b/src/tpm2/NVMarshal.c
+index a4a9498..6d42a97 100644
+--- a/src/tpm2/NVMarshal.c
++++ b/src/tpm2/NVMarshal.c
+@@ -58,6 +58,9 @@
+ #define TPM_HAVE_TPM2_DECLARATIONS
+ #include "tpm_library_intern.h"
+
++#define SHA_LONG uint32_t
++#define SHA_LONG64 uint64_t
++
+ /*
+ * The TPM2 maintains a pcrAllocated shadow variable; the current active one is
+ * in gp.pcrAllocated and the one to be active after reboot is in NVRAM. So,
+@@ -1943,9 +1946,9 @@ tpmHashStateSHA512_Marshal(SHA512_CTX *data, BYTE **buffer, INT32 *size,
+ written += SHA_LONG64_Marshal(&data->Nl, buffer, size);
+ written += SHA_LONG64_Marshal(&data->Nh, buffer, size);
+
+- array_size = sizeof(data->u.p);
++ array_size = sizeof(data->p);
+ written += UINT16_Marshal(&array_size, buffer, size);
+- written += Array_Marshal(&data->u.p[0], array_size, buffer, size);
++ written += Array_Marshal(&data->p[0], array_size, buffer, size);
+
+ written += UINT32_Marshal(&data->num, buffer, size);
+ written += UINT32_Marshal(&data->md_len, buffer, size);
+@@ -2005,14 +2008,14 @@ tpmHashStateSHA512_Unmarshal(SHA512_CTX *data, BYTE **buffer, INT32 *size,
+ rc = UINT16_Unmarshal(&array_size, buffer, size);
+ }
+ if (rc == TPM_RC_SUCCESS &&
+- array_size != sizeof(data->u.p)) {
++ array_size != sizeof(data->p)) {
+ TPMLIB_LogTPM2Error("HASH_STATE_SHA512: Bad array size for u.p; "
+ "expected %zu, got %u\n",
+- sizeof(data->u.p), array_size);
++ sizeof(data->p), array_size);
+ rc = TPM_RC_BAD_PARAMETER;
+ }
+ if (rc == TPM_RC_SUCCESS) {
+- rc = Array_Unmarshal(&data->u.p[0], array_size, buffer, size);
++ rc = Array_Unmarshal(&data->p[0], array_size, buffer, size);
+ }
+ if (rc == TPM_RC_SUCCESS) {
+ rc = UINT32_Unmarshal(&data->num, buffer, size);
+--
+2.42.0
+
diff --git a/third_party/libtpms/patches/0002-boringssl-compat-removed-const_DES_cblock.patch b/third_party/libtpms/patches/0002-boringssl-compat-removed-const_DES_cblock.patch
new file mode 100644
index 0000000..555ded5
--- /dev/null
+++ b/third_party/libtpms/patches/0002-boringssl-compat-removed-const_DES_cblock.patch
@@ -0,0 +1,54 @@
+From 42c0bd4522b06361bdbbb1fec182bdc363db9982 Mon Sep 17 00:00:00 2001
+From: Serge Bazanski <serge@monogon.tech>
+Date: Tue, 4 Jun 2024 12:58:37 +0200
+Subject: [PATCH 2/6] boringssl compat: removed const_DES_cblock
+
+This was some kind of hack for GCC 2.8.1 that never made it into
+BoringSSL.
+---
+ src/tpm2/crypto/openssl/TpmToOsslDesSupport.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/tpm2/crypto/openssl/TpmToOsslDesSupport.c b/src/tpm2/crypto/openssl/TpmToOsslDesSupport.c
+index d27aad2..9f972d6 100644
+--- a/src/tpm2/crypto/openssl/TpmToOsslDesSupport.c
++++ b/src/tpm2/crypto/openssl/TpmToOsslDesSupport.c
+@@ -78,14 +78,14 @@ TDES_set_encrypt_key(
+ tpmKeyScheduleTDES *keySchedule
+ )
+ {
+- DES_set_key_unchecked((const_DES_cblock *)key, &keySchedule[0]);
+- DES_set_key_unchecked((const_DES_cblock *)&key[8], &keySchedule[1]);
++ DES_set_key_unchecked((const DES_cblock *)key, &keySchedule[0]);
++ DES_set_key_unchecked((const DES_cblock *)&key[8], &keySchedule[1]);
+ // If is two-key, copy the schedule for K1 into K3, otherwise, compute the
+ // the schedule for K3
+ if(keySizeInBits == 128)
+ keySchedule[2] = keySchedule[0];
+ else
+- DES_set_key_unchecked((const_DES_cblock *)&key[16],
++ DES_set_key_unchecked((const DES_cblock *)&key[16],
+ &keySchedule[2]);
+ }
+ /* B.2.3.1.3.2. TDES_encyrpt() */
+@@ -97,7 +97,7 @@ void TDES_encrypt(
+ tpmKeyScheduleTDES *ks
+ )
+ {
+- DES_ecb3_encrypt((const_DES_cblock *)in, (DES_cblock *)out,
++ DES_ecb3_encrypt((const DES_cblock *)in, (DES_cblock *)out,
+ &ks[0], &ks[1], &ks[2],
+ DES_ENCRYPT);
+ }
+@@ -111,7 +111,7 @@ void TDES_decrypt(
+ tpmKeyScheduleTDES *ks
+ )
+ {
+- DES_ecb3_encrypt((const_DES_cblock *)in, (DES_cblock *)out,
++ DES_ecb3_encrypt((const DES_cblock *)in, (DES_cblock *)out,
+ &ks[0], &ks[1], &ks[2],
+ DES_DECRYPT);
+ }
+--
+2.42.0
+
diff --git a/third_party/libtpms/patches/0003-boringssl-compat-removed-EC_POINTs_mul.patch b/third_party/libtpms/patches/0003-boringssl-compat-removed-EC_POINTs_mul.patch
new file mode 100644
index 0000000..8b5669a
--- /dev/null
+++ b/third_party/libtpms/patches/0003-boringssl-compat-removed-EC_POINTs_mul.patch
@@ -0,0 +1,42 @@
+From 2cd6a191b0940d03d557941eda3395bdafbdb662 Mon Sep 17 00:00:00 2001
+From: Serge Bazanski <serge@monogon.tech>
+Date: Tue, 4 Jun 2024 12:59:11 +0200
+Subject: [PATCH 3/6] boringssl compat: removed EC_POINTs_mul
+
+This was deprecated in OpenSSL 3.0, we just need to 'fix' the ifdef
+guard to use the undeprecated APIs.
+---
+ src/tpm2/crypto/openssl/BnToOsslMath.c | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+diff --git a/src/tpm2/crypto/openssl/BnToOsslMath.c b/src/tpm2/crypto/openssl/BnToOsslMath.c
+index 1b9fb81..7d13ce8 100644
+--- a/src/tpm2/crypto/openssl/BnToOsslMath.c
++++ b/src/tpm2/crypto/openssl/BnToOsslMath.c
+@@ -622,7 +622,6 @@ LIB_EXPORT BOOL BnEccModMult2(bigPoint R, // OUT: computed point
+ EC_POINT_mul(E->G, pR, bnD, pQ, bnU, E->CTX);
+ else
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EC_POINT *pR1 = EC_POINT_new(E->G);
+ EC_POINT *pR2 = EC_POINT_new(E->G);
+ int OK;
+@@ -635,15 +634,6 @@ LIB_EXPORT BOOL BnEccModMult2(bigPoint R, // OUT: computed point
+
+ EC_POINT_clear_free(pR1);
+ EC_POINT_clear_free(pR2);
+-#else
+- const EC_POINT* points[2];
+- const BIGNUM* scalars[2];
+- points[0] = pS;
+- points[1] = pQ;
+- scalars[0] = bnD;
+- scalars[1] = bnU;
+- EC_POINTs_mul(E->G, pR, NULL, 2, points, scalars, E->CTX);
+-#endif
+ }
+ PointFromOssl(R, pR, E);
+ EC_POINT_clear_free(pR); // libtpms changed
+--
+2.42.0
+
diff --git a/third_party/libtpms/patches/0004-boringssl-compat-removed-camellia-support.patch b/third_party/libtpms/patches/0004-boringssl-compat-removed-camellia-support.patch
new file mode 100644
index 0000000..231d1d5
--- /dev/null
+++ b/third_party/libtpms/patches/0004-boringssl-compat-removed-camellia-support.patch
@@ -0,0 +1,33 @@
+From 00f0c95d643bc714f3361fa4f10dee3bf9f9384e Mon Sep 17 00:00:00 2001
+From: Serge Bazanski <serge@monogon.tech>
+Date: Tue, 4 Jun 2024 12:59:30 +0200
+Subject: [PATCH 4/6] boringssl compat: removed camellia support
+
+BoringSSL removed Camellia support out of principle, we don't care for
+it either and the TPM spec doesn't mandate it.
+---
+ src/tpm2/TpmProfile_Common.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/tpm2/TpmProfile_Common.h b/src/tpm2/TpmProfile_Common.h
+index a4bf462..78842a6 100644
+--- a/src/tpm2/TpmProfile_Common.h
++++ b/src/tpm2/TpmProfile_Common.h
+@@ -133,11 +133,11 @@
+
+ #define SM4_128 (NO * ALG_SM4)
+
+-#define ALG_CAMELLIA ALG_YES
++#define ALG_CAMELLIA ALG_NO
+
+-#define CAMELLIA_128 (YES * ALG_CAMELLIA)
++#define CAMELLIA_128 (NO * ALG_CAMELLIA)
+ #define CAMELLIA_192 (NO * ALG_CAMELLIA)
+-#define CAMELLIA_256 (YES * ALG_CAMELLIA)
++#define CAMELLIA_256 (NO * ALG_CAMELLIA)
+
+ #define ALG_TDES ALG_YES /* libtpms enabled */
+
+--
+2.42.0
+
diff --git a/third_party/libtpms/patches/0005-boringssl-compat-remove-constant-time-flags-UNSAFE.patch b/third_party/libtpms/patches/0005-boringssl-compat-remove-constant-time-flags-UNSAFE.patch
new file mode 100644
index 0000000..795ee1e
--- /dev/null
+++ b/third_party/libtpms/patches/0005-boringssl-compat-remove-constant-time-flags-UNSAFE.patch
@@ -0,0 +1,176 @@
+From 98df8cd09ec7a5b91f05c665529ed6f579f231d9 Mon Sep 17 00:00:00 2001
+From: Serge Bazanski <serge@monogon.tech>
+Date: Tue, 4 Jun 2024 13:53:48 +0200
+Subject: [PATCH 5/6] boringssl compat: remove constant time flags (UNSAFE)
+
+OpenSSL has a quirky little API to mark bignums as 'secret' ie.
+'constant time' which is supposed to influence operations performed on
+them to be constant time.
+
+This API was tricky to use and caused security issues, so it was removed
+by BoringSSL.
+
+https://github.com/google/boringssl/commit/0a211dfe91588d2986a8735e1969dd9202a8b025
+
+Ideally we would replace all relevent BN_mod_exp calls with
+constant-time versions, but that's not trivial to do: the constant time
+versions of modular exponentiation and multiplicative inverse operations
+rely on Montgomery modular multiplication which seems to reduce the
+domain of the exponent to |0, N>. Unfortunately libtpms has plenty of
+eg. ModExp operations that work on exponents outside this range. OpenSSL
+seems to not have applied the constant time request to BN_mod_exp if
+that was the case, but BoringSSL refuses to perform constant time
+operations then.
+
+As I'm not a cryptographer and not able to fix this properly (or even
+fully reason about this), I'm just adding a big fat warning to be shown
+whenever potentially unsafe operations are now performed.
+---
+ src/monogon_unsafe.c | 28 ++++++++++++++++++++++++++
+ src/tpm2/crypto/openssl/BnToOsslMath.c | 10 +++++----
+ src/tpm2/crypto/openssl/ExpDCache.c | 5 +++--
+ 3 files changed, 37 insertions(+), 6 deletions(-)
+ create mode 100644 src/monogon_unsafe.c
+
+diff --git a/src/monogon_unsafe.c b/src/monogon_unsafe.c
+new file mode 100644
+index 0000000..abaef79
+--- /dev/null
++++ b/src/monogon_unsafe.c
+@@ -0,0 +1,28 @@
++#include <stdio.h>
++#include <stdlib.h>
++
++// This library was built against BoringSSL without the BN constant time API,
++// thus all cryptographic operations are performed timing-unsafe which might
++// lead to side channel leaks. This is fine for Monogon's usecase (swtpm in
++// tests) but this code must not end up being used to secure any real systems.
++//
++// Note: I am not sure this code was safe from side channels in the first
++// place. See RsaPrivateKeyOp and compare with BoringSSL's
++// rsa_default_private_transform implementation... ~q3k
++
++static int _warned = 0;
++
++void monogon_warn_unsafe_library(void)
++{
++ if (getenv("MONOGON_LIBTPMS_ACKNOWLEDGE_UNSAFE") != NULL) {
++ return;
++ }
++ if (_warned) {
++ return;
++ }
++ _warned = 1;
++ fprintf(stderr, "--------------------------------------------------------------------------------\n");
++ fprintf(stderr, "WARNING: This fork of libtpms/swtpm contains UNSAFE cryptographic operations and\n");
++ fprintf(stderr, " MUST NOT be used to secure sensitive data.\n");
++ fprintf(stderr, "--------------------------------------------------------------------------------\n");
++}
+diff --git a/src/tpm2/crypto/openssl/BnToOsslMath.c b/src/tpm2/crypto/openssl/BnToOsslMath.c
+index 7d13ce8..54d5916 100644
+--- a/src/tpm2/crypto/openssl/BnToOsslMath.c
++++ b/src/tpm2/crypto/openssl/BnToOsslMath.c
+@@ -83,6 +83,8 @@
+ //#include "Tpm.h"
+ #include "BnOssl.h"
+
++extern void monogon_warn_unsafe_library();
++
+ #ifdef MATH_LIB_OSSL
+ # include "BnToOsslMath_fp.h"
+
+@@ -133,6 +135,7 @@ BOOL OsslToTpmBn(bigNum bn, const BIGNUM* osslBn) // libtpms: added 'const'
+ // function prototype. Instead, use BnNewVariable().
+ BIGNUM* BigInitialized(BIGNUM* toInit, bigConst initializer)
+ {
++ monogon_warn_unsafe_library();
+ #if 1 // libtpms: added begin
+ BIGNUM *_toInit;
+ unsigned char buffer[LARGEST_NUMBER + 1];
+@@ -147,7 +150,6 @@ BIGNUM* BigInitialized(BIGNUM* toInit, bigConst initializer)
+ #if 1 // libtpms: added begin
+ BnToBytes(initializer, buffer, &buffer_len); /* TPM to bin */
+ _toInit = BN_bin2bn(buffer, buffer_len, NULL); /* bin to ossl */
+- BN_set_flags(_toInit, BN_FLG_CONSTTIME);
+ BN_copy(toInit, _toInit);
+ BN_clear_free(_toInit);
+ #else // libtpms: added end
+@@ -355,13 +357,13 @@ LIB_EXPORT BOOL BnGcd(bigNum gcd, // OUT: the common divisor
+ bigConst number2 // IN:
+ )
+ {
++ monogon_warn_unsafe_library();
+ OSSL_ENTER();
+ BIGNUM* bnGcd = BN_NEW();
+ BOOL OK = TRUE;
+ BIG_INITIALIZED(bn1, number1);
+ BIG_INITIALIZED(bn2, number2);
+ //
+- BN_set_flags(bn1, BN_FLG_CONSTTIME); // number1 is secret prime number
+ GOTO_ERROR_UNLESS(BN_gcd(bnGcd, bn1, bn2, CTX));
+ GOTO_ERROR_UNLESS(OsslToTpmBn(gcd, bnGcd));
+ goto Exit;
+@@ -387,6 +389,7 @@ LIB_EXPORT BOOL BnModExp(bigNum result, // OUT: the result
+ bigConst modulus // IN:
+ )
+ {
++ monogon_warn_unsafe_library();
+ OSSL_ENTER();
+ BIGNUM* bnResult = BN_NEW();
+ BOOL OK = TRUE;
+@@ -394,7 +397,6 @@ LIB_EXPORT BOOL BnModExp(bigNum result, // OUT: the result
+ BIG_INITIALIZED(bnE, exponent);
+ BIG_INITIALIZED(bnM, modulus);
+ //
+- BN_set_flags(bnE, BN_FLG_CONSTTIME); // exponent may be private
+ GOTO_ERROR_UNLESS(BN_mod_exp(bnResult, bnN, bnE, bnM, CTX));
+ GOTO_ERROR_UNLESS(OsslToTpmBn(result, bnResult));
+ goto Exit;
+@@ -416,13 +418,13 @@ LIB_EXPORT BOOL BnModExp(bigNum result, // OUT: the result
+ // FALSE(0) failure in operation
+ LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, bigConst modulus)
+ {
++ monogon_warn_unsafe_library();
+ OSSL_ENTER();
+ BIGNUM* bnResult = BN_NEW();
+ BOOL OK = TRUE;
+ BIG_INITIALIZED(bnN, number);
+ BIG_INITIALIZED(bnM, modulus);
+ //
+- BN_set_flags(bnN, BN_FLG_CONSTTIME); // number may be private
+ GOTO_ERROR_UNLESS(BN_mod_inverse(bnResult, bnN, bnM, CTX) != NULL);
+ GOTO_ERROR_UNLESS(OsslToTpmBn(result, bnResult));
+ goto Exit;
+diff --git a/src/tpm2/crypto/openssl/ExpDCache.c b/src/tpm2/crypto/openssl/ExpDCache.c
+index 5aeaf14..133e9ed 100644
+--- a/src/tpm2/crypto/openssl/ExpDCache.c
++++ b/src/tpm2/crypto/openssl/ExpDCache.c
+@@ -61,6 +61,8 @@
+ #include "Tpm.h"
+ #include "ExpDCache_fp.h"
+
++extern void monogon_warn_unsafe_library(void);
++
+ /* Implement a cache for the private exponent D so it doesn't need to be
+ * recalculated every time from P, Q, E and N (modulus). The cache has a
+ * number of entries that cache D and use P, Q, and E for lookup.
+@@ -169,6 +171,7 @@ BIGNUM *ExpDCacheFind(const BIGNUM *P, const BIGNUM *N, const BIGNUM *E, BIGNUM
+ unsigned myage;
+ BIGNUM *D;
+
++ monogon_warn_unsafe_library();
+ for (i = 0; i < ARRAY_SIZE(ExpDCache); i++) {
+ if (BN_cmp(ExpDCache[i].P, P) == 0 && BN_cmp(ExpDCache[i].N, N) == 0 &&
+ BN_cmp(ExpDCache[i].E, E) == 0) {
+@@ -190,8 +193,6 @@ BIGNUM *ExpDCacheFind(const BIGNUM *P, const BIGNUM *N, const BIGNUM *E, BIGNUM
+ *Q = NULL;
+ return NULL;
+ }
+- BN_set_flags(*Q, BN_FLG_CONSTTIME);
+- BN_set_flags(D, BN_FLG_CONSTTIME);
+ return D;
+ }
+ }
+--
+2.42.0
+
diff --git a/third_party/libtpms/patches/0006-bazel-support-implement.patch b/third_party/libtpms/patches/0006-bazel-support-implement.patch
new file mode 100644
index 0000000..8152a55
--- /dev/null
+++ b/third_party/libtpms/patches/0006-bazel-support-implement.patch
@@ -0,0 +1,106 @@
+From fa72e847a7fb503daa25b5007edb28483a0f6e42 Mon Sep 17 00:00:00 2001
+From: Serge Bazanski <serge@monogon.tech>
+Date: Tue, 4 Jun 2024 14:31:54 +0200
+Subject: [PATCH 6/6] bazel support: implement
+
+---
+ BUILD.bazel | 45 ++++++++++++++++++++++++++++++++++++++++
+ WORKSPACE | 0
+ include/libtpms/config.h | 3 +++
+ src/tpm_library.c | 1 +
+ src/tpm_tpm2_interface.c | 1 +
+ 5 files changed, 50 insertions(+)
+ create mode 100644 BUILD.bazel
+ create mode 100644 WORKSPACE
+ create mode 100644 include/libtpms/config.h
+
+diff --git a/BUILD.bazel b/BUILD.bazel
+new file mode 100644
+index 0000000..591942d
+--- /dev/null
++++ b/BUILD.bazel
+@@ -0,0 +1,45 @@
++cc_library(
++ name = "libtpms_tpm2",
++ includes = [
++ "include",
++ ],
++ copts = [
++ "-Iexternal/libtpms/include/libtpms",
++ "-Iexternal/libtpms/src",
++ "-Iexternal/libtpms/src/tpm2",
++ "-Iexternal/libtpms/src/tpm2/crypto",
++ "-Iexternal/libtpms/src/tpm2/crypto/openssl",
++ ],
++ defines = [
++ "TPM_LIBTPMS_CALLBACKS",
++ "TPM_NV_DISK",
++ ],
++ deps = [
++ "@boringssl//:ssl",
++ ],
++ textual_hdrs = [
++ "src/tpm2/EccConstantData.inl",
++ ],
++ srcs = glob([
++ "include/config.h",
++ "include/libtpms/*.h",
++
++ "src/*.h",
++ "src/*.c",
++
++ "src/tpm2/*.h",
++ "src/tpm2/*.c",
++
++ "src/tpm2/crypto/*.h",
++ "src/tpm2/crypto/openssl/*.h",
++ "src/tpm2/crypto/openssl/*.c",
++
++ "src/monogon_unsafe.c",
++ ], [
++ # No TPM1.2 support.
++ "src/tpm_tpm12*",
++ ]),
++ visibility = [
++ "//visibility:public",
++ ],
++)
+diff --git a/WORKSPACE b/WORKSPACE
+new file mode 100644
+index 0000000..e69de29
+diff --git a/include/libtpms/config.h b/include/libtpms/config.h
+new file mode 100644
+index 0000000..bb4316e
+--- /dev/null
++++ b/include/libtpms/config.h
+@@ -0,0 +1,3 @@
++#pragma once
++
++#define WITH_TPM2 1
+diff --git a/src/tpm_library.c b/src/tpm_library.c
+index 20153b7..a3c5694 100644
+--- a/src/tpm_library.c
++++ b/src/tpm_library.c
+@@ -63,6 +63,7 @@
+ #include "tpm_debug.h"
+ #include "tpm_error.h"
+ #include "tpm_library.h"
++#include "tpm_library_conf.h"
+ #include "tpm_library_intern.h"
+ #include "tpm_nvfilename.h"
+ #include "tpm_tis.h"
+diff --git a/src/tpm_tpm2_interface.c b/src/tpm_tpm2_interface.c
+index 4570d78..7e51b5e 100644
+--- a/src/tpm_tpm2_interface.c
++++ b/src/tpm_tpm2_interface.c
+@@ -65,6 +65,7 @@
+ #include "tpm_nvfile.h" // TPM_NVRAM_Loaddata()
+ #include "tpm_error.h"
+ #include "tpm_library_intern.h"
++#include "tpm_library_conf.h"
+ #include "tpm_nvfilename.h"
+
+ extern BOOL g_inFailureMode;
+--
+2.42.0
+
diff --git a/third_party/libtpms/patches/BUILD.bazel b/third_party/libtpms/patches/BUILD.bazel
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/third_party/libtpms/patches/BUILD.bazel