# SPDX-License-Identifier: BSD-2-Clause
# Copyright (c) 2015 - 2020 Intel Corporation
# Copyright (c) 2018 - 2020 Fraunhofer SIT sponsored by Infineon Technologies AG
# All rights reserved.

AC_INIT([tpm2-tss],
        [m4_esyscmd_s([cat ./VERSION])],
        [https://github.com/tpm2-software/tpm2-tss/issues],
        [],
        [https://github.com/tpm2-software/tpm2-tss])
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE([foreign
                  subdir-objects])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) #Backward compatible setting of "silent-rules"

AC_CONFIG_HEADERS([config.h])

AC_CONFIG_FILES([Makefile Doxyfile lib/tss2-sys.pc lib/tss2-esys.pc lib/tss2-mu.pc lib/tss2-tcti-device.pc lib/tss2-tcti-mssim.pc lib/tss2-tcti-swtpm.pc lib/tss2-tcti-pcap.pc lib/tss2-tcti-libtpms.pc lib/tss2-rc.pc lib/tss2-tctildr.pc lib/tss2-fapi.pc lib/tss2-tcti-cmd.pc lib/tss2-policy.pc lib/tss2-tcti-spi-helper.pc lib/tss2-tcti-spi-ltt2go.pc lib/tss2-tcti-spidev.pc lib/tss2-tcti-spi-ftdi.pc lib/tss2-tcti-i2c-helper.pc lib/tss2-tcti-i2c-ftdi.pc])

# propagate configure arguments to distcheck
AC_SUBST([DISTCHECK_CONFIGURE_FLAGS],[$ac_configure_args])

AC_CANONICAL_HOST

AX_IS_RELEASE(dash-version)
AX_CHECK_ENABLE_DEBUG([info])

AC_PROG_CC
AC_PROG_CXX
AC_PROG_LN_S
AC_USE_SYSTEM_EXTENSIONS
AC_C_BIGENDIAN
LT_INIT()
LT_LIB_DLLOAD
PKG_INSTALLDIR()

# Check OS and set library and compile flags accordingly
case "${host_os}" in
    *nto-qnx*)
        HOSTOS='QNX'
        ADD_COMPILER_FLAG([-D_QNX_SOURCE])
        LIBSOCKET_LDFLAGS="-lsocket"
        ;;
    *bsd* | *BSD*)
        HOSTOS='BSD'
        LIBSOCKET_LDFLAGS=""
        ;;
    *)
        #Assume linux
        HOSTOS='Linux'
        LIBSOCKET_LDFLAGS=""
        ;;
esac
AC_SUBST([LIBSOCKET_LDFLAGS])
AC_SUBST([HOSTOS])

AM_CONDITIONAL(HOSTOS_LINUX, [test x"$HOSTOS" = xLinux])

IMA_MEASUREMENTS="/sys/kernel/security/ima/binary_runtime_measurements"

AS_IF([ test -e "$IMA_MEASUREMENTS"], [imameasurements_std="$IMA_MEASUREMENTS" ],
      [imameasurements_std="/dev/null" ] )
AC_SUBST(imameasurements_std)

AC_ARG_WITH([imameasurements],
            [AS_HELP_STRING([--with-imameasurements=<file>],
                            [sets file with the IMA measurements")])],,
            [with_imameasurements=$imameasurements_std])
AC_SUBST(imameasurements, $with_imameasurements)

SYSTEM_MEASUREMENTS="/sys/kernel/security/tpm0/binary_bios_measurements"

AS_IF([test -e "$SYSTEM_MEASUREMENTS"], [sysmeasurements_std="$SYSTEM_MEASUREMENTS" ],
      [sysmeasurements_std="/dev/null" ] )
AC_SUBST(sysmeasurements_std)


AC_ARG_WITH([sysmeasurements],
            [AS_HELP_STRING([--with-sysmeasurements=<file>],
                            [sets file with the binary bios measurements")])],,
            [with_sysmeasurements=$sysmeasurements_std])
AC_SUBST(sysmeasurements, $with_sysmeasurements)

# runstatedir is only defined in the yet unreleased Autoconf 2.70
AC_ARG_WITH([runstatedir],
            AS_HELP_STRING([--with-runstatedir=<dir>],
                           [replacement for --runstatedir in Autoconf <2.70]),
            [runstatedir="$withval"])
AS_IF([test -z "$runstatedir"], [runstatedir="${localstatedir}/run"])
AC_SUBST([runstatedir])

AX_RECURSIVE_EVAL([$sysconfdir], [SYSCONFDIR])
AC_DEFINE_UNQUOTED([SYSCONFDIR], ["$SYSCONFDIR"], [System config dir])

AC_ARG_WITH([userstatedir],
            [AS_HELP_STRING([--with-userstatedir=<dir>],
                            [sets the relative path in the user's home (default is ".local/share")])],,
            [with_userstatedir=.local/share])
AC_SUBST(userstatedir, $with_userstatedir)

AC_ARG_WITH([sysusersdir],
            [AS_HELP_STRING([--with-sysusersdir=<dir>],
                            [sets the sysusers.d directory (default is "${sysconfdir}/sysusers.d")])],,
            [with_sysusersdir="${sysconfdir}/sysusers.d"])
AC_SUBST(sysusersdir, $with_sysusersdir)

AC_ARG_WITH([tmpfilesdir],
            [AS_HELP_STRING([--with-tmpfilesdir=<dir>],
                            [sets the tmpfiles.d directory (default is "${sysconfdir}/tmpfiles.d")])],,
            [with_tmpfilesdir="${sysconfdir}/tmpfiles.d"])
AC_SUBST(tmpfilesdir, $with_tmpfilesdir)

AC_ARG_ENABLE([unit],
            [AS_HELP_STRING([--enable-unit],
                            [build cmocka unit tests])],,
            [enable_unit=no])
m4_define([cmocka_min_version], [1.0])
m4_define([cmocka_err], [Unit test enabled, but cmocka missing or version requirements not met. cmocka version must be >= cmocka_min_version])
AS_IF([test "x$enable_unit" != xno],
      [PKG_CHECK_MODULES([CMOCKA],
                         [cmocka >= cmocka_min_version],,
                         [AC_MSG_ERROR([cmocka_err])])])
AM_CONDITIONAL([UNIT], [test "x$enable_unit" != xno])
AS_IF([test "x$enable_unit" != xno],
    [AC_DEFINE(UNIT, 1, [Enable for UNIT testing])])

AC_ARG_ENABLE([esys],
            [AS_HELP_STRING([--disable-esys],
                            [don't build the esys layer])],,
            [enable_esys=yes])

AM_CONDITIONAL(ESYS, test "x$enable_esys" = "xyes")

AC_CHECK_FUNC([strndup],[],[AC_MSG_ERROR([strndup function not found])])
AC_CHECK_FUNCS([reallocarray])
AC_ARG_ENABLE([fapi],
            [AS_HELP_STRING([--enable-fapi],
                            [build the fapi layer (default is yes)])],
            [enable_fapi=$enableval],
            [enable_fapi=yes])

AM_CONDITIONAL(FAPI, test "x$enable_fapi" = "xyes")


AC_ARG_ENABLE([fapi-async-tests],
    AS_HELP_STRING([--enable-fapi-async-tests],
               [Force fapi to spin asynchronously. (NOT FOR PRODUCTION!)]),,
    [enable_fapi_async_tests=no])
AS_IF([test "x$enable_fapi_async_tests" = "xyes"],
    [AC_DEFINE([TEST_FAPI_ASYNC], [1], [FAPI forced async spinning])])
AS_IF([test "x$enable_fapi_async_tests" = "xyes"],
    [AC_MSG_WARN("FAPI compiled with asynchronous spinning testing. NOT FOR PRODUCTION!")])

AC_ARG_ENABLE([policy],
            [AS_HELP_STRING([--disable-policy],
                            [build the tss2-policy library (default is yes)])],
            [enable_policy=$enableval],
            [enable_policy=yes])

AM_CONDITIONAL(POLICY, test "x$enable_policy" = "xyes")

AC_ARG_WITH([crypto],
            [AS_HELP_STRING([--with-crypto={ossl,mbed,none}],
                            [sets the ESYS crypto backend (default is OpenSSL)])],,
            [with_crypto=ossl])

AM_CONDITIONAL(ESYS_OSSL, test "x$with_crypto" = "xossl")
AM_CONDITIONAL(ESYS_MBED, test "x$with_crypto" = "xmbed")

AC_ARG_ENABLE([vendor],
            [AS_HELP_STRING([--enable-vendor],
                            [build vendor specific extensions (default is yes)])],
            [enable_vendor=$enableval],
            [enable_vendor=yes])

AM_CONDITIONAL(VENDOR, test "x$enable_vendor" = "xyes")
# Negative logic since code by default should build with vendor extensions
# we don't want to require folks to have to pass a define to enable vendor
# extensions in the header files, only to remove them.
AS_IF([test "x$enable_vendor" != "xyes"],
    [AC_DEFINE([DISABLE_VENDOR], [1], [Disable Vendor Extensions])])


m4_define([ossl_min_version], [1.1.0])
m4_define([ossl_err], [OpenSSL libcrypto is missing or version requirements not met. OpenSSL version must be >= ossl_min_version])
AS_IF([test "x$enable_esys" = xyes],
      [AS_IF([test "x$with_crypto" = xossl], [
           PKG_CHECK_MODULES([CRYPTO],
                             [libcrypto >= ossl_min_version],,
                             [AC_MSG_ERROR([ossl_err])])
           AC_DEFINE([OSSL], [1], [OpenSSL cryptographic backend])
           AC_CHECK_LIB(crypto,[EVP_sm3], [
               AC_DEFINE([HAVE_EVP_SM3], [1], [Support EVP_sm3 in openssl])],
                [])
           AC_CHECK_LIB(crypto, [EVP_sm4_cfb128], [
               AC_DEFINE([HAVE_EVP_SM4_CFB], [1], [Support EVP_sm4_cfb in openssl])],
                [])
           TSS2_ESYS_CFLAGS_CRYPTO="$CRYPTO_CFLAGS"
           TSS2_ESYS_LDFLAGS_CRYPTO="$CRYPTO_LIBS"
       ], [test "x$with_crypto" = xmbed], [
           AC_CHECK_HEADER(mbedtls/md.h, [], [AC_MSG_ERROR([Missing required mbedTLS library])])
           AC_DEFINE([MBED], [1], [mbedTLS cryptographic backend])
           TSS2_ESYS_CFLAGS_CRYPTO="$LIBMBED_CFLAGS"
           TSS2_ESYS_LDFLAGS_CRYPTO="-lmbedcrypto"
       ], [test "x$with_crypto" = xnone], [
           AC_MSG_NOTICE([No crypto backend selected! Users must set crypto functions!])
       ], [AC_MSG_ERROR([Bad value for --with-crypto $with_crypto])])])
AC_SUBST([TSS2_ESYS_CFLAGS_CRYPTO])
AC_SUBST([TSS2_ESYS_LDFLAGS_CRYPTO])

AS_IF([test "x$enable_fapi" != xno && test "x$enable_esys" = "xno"],
    [AC_MSG_ERROR([ESYS has to be enabled to compile FAPI.])])

AS_IF([test "x$enable_fapi" != xno && test "x$with_crypto" != "xossl"],
    [AC_MSG_ERROR([FAPI has to be compiled with OpenSSL])])

AS_IF([test "x$enable_policy" != xno && test "x$with_crypto" != "xossl"],
    [AC_MSG_ERROR([libpolicy has to be compiled with OpenSSL])])

AS_IF([test "x$enable_fapi" = xyes -o "x$enable_policy" = xyes ],
      [PKG_CHECK_MODULES([JSONC], [json-c >= 0.13])])

AS_IF([test "x$enable_fapi" = xyes ],
      [PKG_CHECK_MODULES([CURL], [libcurl])])
AC_CHECK_LIB([curl], [curl_url_strerror], [AC_DEFINE([HAVE_CURL_URL_STRERROR],[1], [If lib curl has curl_url_strerror function])])

AS_IF([test "x$enable_fapi" = xyes -o "x$enable_policy" = xyes ],
      [PKG_CHECK_MODULES([UUID], [uuid])])

AC_ARG_ENABLE([util-io],
              [AS_HELP_STRING([--disable-util-io],
              [don't build the util-io])],,
              [enable_util_io=yes])

AM_CONDITIONAL(ENABLE_UTIL_IO, test "x$enable_util_io" = "xyes")

AC_ARG_WITH([tctidefaultmodule],
            [AS_HELP_STRING([--with-tctidefaultmodule],
[The default TCTI module for ESYS. (Default: libtss2-tcti-default.so)])],
            [AC_DEFINE_UNQUOTED([ESYS_TCTI_DEFAULT_MODULE],
                                ["$with_tctidefaultmodule"],
                                ["The default TCTI library file"])],
	    [with_tctidefaultmodule=libtss2-tcti-default.so])

AC_ARG_WITH([tctidefaultconfig],
            [AS_HELP_STRING([--with-tctidefaultconfig],
                            [The default tcti module's configuration.])],
            [AC_DEFINE_UNQUOTED([ESYS_TCTI_DEFAULT_CONFIG],
                                ["$with_tctidefaultconfig"],
                                ["The default TCTIs configuration string"])])

AC_ARG_ENABLE([tcti-device],
            [AS_HELP_STRING([--disable-tcti-device],
                            [don't build the tcti-device module])],,
            [enable_tcti_device=yes])
AM_CONDITIONAL([ENABLE_TCTI_DEVICE], [test "x$enable_tcti_device" != xno])
AS_IF([test "x$enable_tcti_device" = "xyes"],
	[AC_DEFINE([TCTI_DEVICE],[1], [TCTI FOR DEV TPM])])

AC_ARG_ENABLE([tcti-mssim],
            [AS_HELP_STRING([--disable-tcti-mssim],
                            [don't build the tcti-mssim module])],,
            [enable_tcti_mssim=yes])
AM_CONDITIONAL([ENABLE_TCTI_MSSIM], [test "x$enable_tcti_mssim" != xno])
AS_IF([test "x$enable_tcti_mssim" = "xyes"],
	[AC_DEFINE([TCTI_MSSIM],[1], [TCTI FOR MS SIMULATOR])])

AC_ARG_ENABLE([tcti-swtpm],
            [AS_HELP_STRING([--disable-tcti-swtpm],
                            [don't build the tcti-swtpm module])],,
            [enable_tcti_swtpm=yes])
AM_CONDITIONAL([ENABLE_TCTI_SWTPM], [test "x$enable_tcti_swtpm" != xno])
AS_IF([test "x$enable_tcti_swtpm" = "xyes"], [AC_DEFINE([TCTI_SWTPM],[1], [TCTI FOR SWTPM])])

AC_ARG_ENABLE([tcti-pcap],
            [AS_HELP_STRING([--disable-tcti-pcap],
                            [don't build the tcti-pcap module])],,
            [enable_tcti_pcap=yes])
AM_CONDITIONAL([ENABLE_TCTI_PCAP], [test "x$enable_tcti_pcap" != xno])

AC_ARG_ENABLE([tcti-libtpms],
            [AS_HELP_STRING([--disable-tcti-libtpms],
                            [don't build the tcti-libtpms module])],
            [AS_IF([test "x$enable_tcti_libtpms" = "xyes"],
                   [AC_CHECK_HEADER(libtpms/tpm_library.h, [], [AC_MSG_ERROR([library libtpms missing])])])],
            [AC_CHECK_HEADER(libtpms/tpm_library.h, [enable_tcti_libtpms=yes],
                                                    [enable_tcti_libtpms=no]
                                                    [AC_MSG_WARN([library libtpms missing])])])
AM_CONDITIONAL([ENABLE_TCTI_LIBTPMS], [test "x$enable_tcti_libtpms" != xno])

AC_ARG_ENABLE([tcti-cmd],
            [AS_HELP_STRING([--disable-tcti-cmd],
                            [don't build the tcti-cmd module])],,
            [enable_tcti_cmd=yes])

AM_CONDITIONAL([ENABLE_TCTI_CMD], [test "x$enable_tcti_cmd" != xno])
AS_IF([test "x$enable_tcti_cmd" = "xyes"],
	[AC_DEFINE([TCTI_CMD],[1], [TCTI FOR COMMAND BASED ACCESS TO TPM2 DEVICE])])

AC_ARG_ENABLE([tcti-spi-helper],
            [AS_HELP_STRING([--disable-tcti-spi-helper],
                            [don't build the tcti-spi-helper module])],,
            [enable_tcti_spi_helper=yes])

AM_CONDITIONAL([ENABLE_TCTI_SPI_HELPER], [test "x$enable_tcti_spi_helper" != xno])
AS_IF([test "x$enable_tcti_spi_helper" = "xyes"],
	[AC_DEFINE([TCTI_SPI_HELPER],[1], [TCTI HELPER FOR SPI BASED ACCESS TO TPM2 DEVICE])])

AC_ARG_ENABLE([tcti-spi-ltt2go],
            [AS_HELP_STRING([--disable-tcti-spi-ltt2go],
                            [don't build the tcti-spi-ltt2go module])],
            [AS_IF([test "x$enable_tcti_spi_ltt2go" = "xyes"],
                   [PKG_CHECK_MODULES([LIBUSB], [libusb-1.0],
                        [AC_CHECK_HEADER(libusb-1.0/libusb.h,
                                [enable_tcti_spi_ltt2go=yes],
                                [enable_tcti_spi_ltt2go=no] [AC_MSG_ERROR([libusb-1.0 library header is missing.])])],
                        [enable_tcti_spi_ltt2go=no] [AC_MSG_ERROR([libusb-1.0 library is missing.])])],
                   [AS_IF([test "x$enable_tcti_spi_ltt2go" = "xno"],
                          [enable_tcti_spi_ltt2go=no])])],
            [PKG_CHECK_MODULES([LIBUSB], [libusb-1.0],
                   [AC_CHECK_HEADER(libusb-1.0/libusb.h,
                         [enable_tcti_spi_ltt2go=yes],
                         [enable_tcti_spi_ltt2go=no])],
                   [enable_tcti_spi_ltt2go=no])])


AM_CONDITIONAL([ENABLE_TCTI_SPI_LTT2GO], [test "x$enable_tcti_spi_ltt2go" != xno])

AS_IF([test "x$enable_tcti_spi_ltt2go" = "xyes"],
    AC_DEFINE([TCTI_SPI_LTT2GO],[1], [TCTI FOR USB BASED ACCESS TO LETSTRUST-TPM2GO]))

AC_ARG_ENABLE([tcti-spidev],
            [AS_HELP_STRING([--disable-tcti-spidev],
                            [don't build the tcti-spidev module; Default: Auto])],,
            [enable_tcti_spidev=auto])
AS_IF([test "x$enable_tcti_spidev" = "xauto"],
    AC_CHECK_HEADER(linux/ioctl.h,
        [enable_tcti_spidev=yes],
        [enable_tcti_spidev=no]))
AM_CONDITIONAL([ENABLE_TCTI_SPIDEV], [test "x$enable_tcti_spidev" != xno])
AS_IF([test "x$enable_tcti_spidev" = "xyes"],
    AC_DEFINE([TCTI_SPIDEV],[1], [TCTI FOR SPIDEV BASED ACCESS TO TPM]))

PKG_CHECK_MODULES([LIBFTDI],
                  [libftdi],
                  [AC_DEFINE(LIBFTDI_VERSION, [0], [libftdi version 0.x])]
                  [have_libftdi=yes],
                  [PKG_CHECK_MODULES([LIBFTDI],
                                     [libftdi1],
                                     [AC_DEFINE(LIBFTDI_VERSION, [1], [libftdi version 1.x])]
                                     [have_libftdi=yes],
                                     [have_libftdi=no])])

AC_ARG_ENABLE([tcti-spi-ftdi],
              [AS_HELP_STRING([--disable-tcti-spi-ftdi],
                              [don't build the tcti-spi-ftdi module])],
              [AS_IF([test "x$enable_tcti_spi_ftdi" = "xyes"],
                     [AS_IF([test "x$have_libftdi" != "xyes"],
                            [AC_MSG_ERROR([libftdi/libftdi1 library is missing.])])])],
              [AS_IF([test "x$have_libftdi" = "xyes"],
                     [enable_tcti_spi_ftdi=yes],
                     [enable_tcti_spi_ftdi=no])])

AM_CONDITIONAL([ENABLE_TCTI_SPI_FTDI], [test "x$enable_tcti_spi_ftdi" != xno])

AS_IF([test "x$enable_tcti_spi_ftdi" = "xyes"],
    AC_DEFINE([TCTI_SPI_FTDI],[1], [TCTI FOR USB BASED ACCESS TO SPI BASED TPM OVER THE FTDI MPSSE USB TO SPI BRIDGE]))

AC_ARG_ENABLE([tcti-i2c-helper],
            [AS_HELP_STRING([--disable-tcti-i2c-helper],
                            [don't build the tcti-i2c-helper module])],,
            [enable_tcti_i2c_helper=yes])

AM_CONDITIONAL([ENABLE_TCTI_I2C_HELPER], [test "x$enable_tcti_i2c_helper" != xno])
AS_IF([test "x$enable_tcti_i2c_helper" = "xyes"],
	[AC_DEFINE([TCTI_I2C_HELPER],[1], [TCTI HELPER FOR I2C BASED ACCESS TO TPM2 DEVICE])])

AC_ARG_ENABLE([tcti-i2c-ftdi],
              [AS_HELP_STRING([--disable-tcti-i2c-ftdi],
                              [don't build the tcti-i2c-ftdi module])],
              [AS_IF([test "x$enable_tcti_i2c_ftdi" = "xyes"],
                     [AS_IF([test "x$have_libftdi" != "xyes"],
                            [AC_MSG_ERROR([libftdi/libftdi1 library is missing.])])])],
              [AS_IF([test "x$have_libftdi" = "xyes"],
                     [enable_tcti_i2c_ftdi=yes],
                     [enable_tcti_i2c_ftdi=no])])

AM_CONDITIONAL([ENABLE_TCTI_I2C_FTDI], [test "x$enable_tcti_i2c_ftdi" != xno])

AS_IF([test "x$enable_tcti_i2c_ftdi" = "xyes"],
    AC_DEFINE([TCTI_I2C_FTDI],[1], [TCTI FOR USB BASED ACCESS TO I2C BASED TPM OVER THE FTDI MPSSE USB TO I2C BRIDGE]))

AC_ARG_ENABLE([tcti-fuzzing],
            [AS_HELP_STRING([--enable-tcti-fuzzing],
                            [build the tcti-fuzzing module])],,
            [enable_tcti_fuzzing=no])
AM_CONDITIONAL([ENABLE_TCTI_FUZZING], [test "x$enable_tcti_fuzzing" != xno])
AS_IF([test "x$enable_tcti_fuzzing" = "xyes"],
	[AC_DEFINE([TCTI_FUZZING],[1], [TCTI FOR FUZZING])])

AC_ARG_ENABLE([nodl],
              [AS_HELP_STRING([--enable-nodl],
                              [link against TCTIs directly, do not use dlopen])],
              [],
              [enable_nodl=no])
AM_CONDITIONAL([NO_DL], [test "x$enable_nodl" = "xyes"])
AS_IF([test "x$enable_nodl" = "xyes"],
      [AC_DEFINE([NO_DL],[1], [disable use of dlopen])])

#
# udev
#
AC_ARG_WITH([udevrulesdir],
            [AS_HELP_STRING([--with-udevrulesdir=DIR],[udev rules directory])],,
            [with_udevrulesdir=${libdir}/udev/rules.d])
AX_NORMALIZE_PATH([with_udevrulesdir])
AC_SUBST([udevrulesdir], [$with_udevrulesdir])
AC_ARG_WITH([udevrulesprefix],
            [AS_HELP_STRING([--with-udevrulesprefix=XY],[prefix for udev rules file])],
            [AC_SUBST([udevrulesprefix],[$with_udevrulesprefix])])
AM_CONDITIONAL(WITH_UDEVRULESPREFIX, [test -n "$with_udevrulesprefix"])

dnl ---------  Physical TPM device for testing -----------------------

AC_ARG_WITH([device],
            [AS_HELP_STRING([--with-device=<device>],[TPM device for testing])],
            [with_device_set=yes],
            [with_device_set=no])

AC_ARG_WITH([devicetests],
            [AS_HELP_STRING([--with-devicetests=<case>],[Comma-separated values of possible tests: destructive,mandatory,optional] default is mandatory)],
            [AS_IF([test "x" =  x$(echo $with_devicetests | sed 's/destructive//g'  | sed 's/mandatory//g'  | sed 's/optional//g' | sed 's/,//g') ],
                   [AC_MSG_RESULT([success])
                    with_devicetests_set=yes],
                   [AC_MSG_ERROR([Illegal test type for device tests.])])],
            [with_devicetests="mandatory"])

if echo $with_devicetests | grep destructive > /dev/null; then
    enable_device_destructive="yes"
fi
AM_CONDITIONAL([DEVICEDESTRUCTIVE],[test "x$enable_device_destructive" = "xyes"])

if echo $with_devicetests | grep optional > /dev/null; then
    enable_device_optional="yes"
fi
AM_CONDITIONAL([DEVICEOPTIONAL],[test "x$enable_device_optional" = "xyes"])

if echo $with_devicetests | grep mandatory > /dev/null; then
    enable_device_mandatory="yes"
fi
AM_CONDITIONAL([DEVICEMANDATORY],[test "x$enable_device_mandatory" = "xyes"])

#
# enable integration tests and check for simulator binary
#

AC_ARG_WITH([integrationtcti],
            [AS_HELP_STRING([--with-integrationtcti=<tcti>],[TCTI used for testing])],
            [AS_IF([test x"$with_device_set" = "xyes"],
                   [AC_MSG_ERROR([with-device defines already the used TCTI"])],
                   [AS_IF([test "xdevice:" = x$(echo $with_integrationtcti | sed 's/\(device:\).*/\1/') ],
                          [ with_device=$(echo $with_integrationtcti | sed 's/^device\://')
                            with_device_set=yes
                            integration_tcti=$with_integrationtcti],
                          [ integration_tcti=$with_integrationtcti])])],
            [integration_tcti=none])

AM_CONDITIONAL([TESTDEVICE],[test "x$with_device_set" = xyes])

AS_IF([test "xyes" = x"$with_device_set"],
      [ AS_IF([test -w "$with_device" && test -r "$with_device"],
            [AC_MSG_RESULT([success])
                     AX_NORMALIZE_PATH([with_device])
                     w th_device_set=yes],
            [AC_MSG_ERROR([TPM device provided does not exist or is not writable])]) ])

AC_ARG_ENABLE([integration],
    [AS_HELP_STRING([--enable-integration],
        [build and execute integration tests])],,
    [enable_integration=no])
AS_IF([test "x$enable_integration" = "xyes"],
     [AS_IF([test "$HOSTOS" = "Linux"],
           [ERROR_IF_NO_PROG([ss])],
           [ERROR_IF_NO_PROG([sockstat])])
       ERROR_IF_NO_PROG([echo])
       ERROR_IF_NO_PROG([kill])
       ERROR_IF_NO_PROG([stdbuf])
       ERROR_IF_NO_PROG([sleep])
       ERROR_IF_NO_PROG([cat])
       ERROR_IF_NO_PROG([realpath])
       ERROR_IF_NO_PROG([dirname])
       ERROR_IF_NO_PROG([basename])
       ERROR_IF_NO_PROG([mktemp])
       ERROR_IF_NO_PROG([od])
       ERROR_IF_NO_PROG([awk])
       ERROR_IF_NO_PROG([expr])
       ERROR_IF_NO_PROG([grep])
       ERROR_IF_NO_PROG([env])
       ERROR_IF_NO_PROG([rm])
       AS_IF([test "x$with_crypto" != xossl || test "x$enable_esys" != xyes],
           [PKG_CHECK_MODULES([CRYPTO],[libcrypto])])
       AC_CHECK_HEADER(uthash.h, [], [AC_MSG_ERROR([Can not find uthash.h. Please install uthash-dev])])

       # choose tcti for testing and look for TPM simulator binary
       AS_IF([test "x$with_device_set" = xyes],
             [# use device if --with-device was passed
              integration_tcti=device:$with_device
              AC_MSG_WARN([Using physical TPM for integration testing])])
       AS_IF([test "x$integration_tcti" = "xnone" && test "x$enable_tcti_swtpm" != xyes && test "x$enable_tcti_mssim" != xyes],
             [AC_MSG_ERROR([No suitable TCTI for testing enabled. Please use option --enable-tcti-swtpm (recommended) or --enable-tcti-mssim (fallback) to enable a suitable TCTI or disable testing with --disable-integration.])])
       AS_IF([test "x$integration_tcti" = "xnone" && test "x$enable_tcti_swtpm" = "xyes"],
             [# check for swtpm binary
              AC_CHECK_PROG([result_swtpm], [swtpm], [yes], [no])
              AS_IF([test "x$result_swtpm" = "xyes"],
                    [integration_tcti=swtpm],
                    [AC_MSG_WARN([Executable swtpm not found in PATH.])])])
       AS_IF([test "x$integration_tcti" = "xnone" && test "x$enable_tcti_mssim" = "xyes"],
             [# check for mssim binary
              AC_MSG_NOTICE([Falling back to testing with tcti-mssim.])
              AC_CHECK_PROG([result_tpm_server], [tpm_server], [yes], [no])
              AS_IF([test "x$result_tpm_server" = "xyes"],
                    [integration_tcti=mssim
                     AC_DEFINE([INTEGRATION_TCTI_MSSIM], [1], [use mssim TCTI for integration tests])],
                    [AC_MSG_WARN([Executable tpm_server not found in PATH (fallback)])])])
       AS_IF([test "x$integration_tcti" = "xnone"],
             [AC_MSG_ERROR([No simulator executable found in PATH for testing TCTI.])])
       AC_SUBST([INTEGRATION_TCTI], [$integration_tcti])
       AC_SUBST([ENABLE_INTEGRATION], [$enable_integration])])
AM_CONDITIONAL([ENABLE_INTEGRATION],[test "x$enable_integration" = "xyes"])
#
# sanitizer compiler flags
#
AC_ARG_WITH([sanitizer],
            [AS_HELP_STRING([--with-sanitizer={none,address,undefined}],
                            [build with the given sanitizer])],,
            [with_sanitizer=none])
AS_CASE(["x$with_sanitizer"],
        ["xnone"],
        [],
        ["xaddress"],
        [
            SANITIZER_CFLAGS="-fsanitize=address -fno-omit-frame-pointer"
            SANITIZER_LDFLAGS="-lasan"
        ],
        ["xundefined"],
        [
            SANITIZER_CFLAGS="-fsanitize=undefined"
            SANITIZER_LDFLAGS="-lubsan"
        ],
        ["xundefined,address"],
        [
            SANITIZER_CFLAGS="-fsanitize=undefined,address -fno-omit-frame-pointer"
            SANITIZER_LDFLAGS="-lasan -lubsan"
        ],
        [AC_MSG_ERROR([Bad value for --with-sanitizer])])
AC_SUBST([SANITIZER_CFLAGS])
AC_SUBST([SANITIZER_LDFLAGS])
#
# fuzz testing
#
AC_ARG_WITH([fuzzing],
            [AS_HELP_STRING([--with-fuzzing={none,libfuzzer,ossfuzz}],
                            [fuzzing to build with (default is none)])],,
            [with_fuzzing=none])
AS_CASE(["x$with_fuzzing"],
        ["xnone"],
        [],
        ["xlibfuzzer"],
        [ADD_FUZZING_FLAG([-fsanitize=fuzzer])],
        ["xossfuzz"],
        [AS_IF([test "x$LIB_FUZZING_ENGINE" = "x"],
               [AC_MSG_ERROR([OSS Fuzz testing requires LIB_FUZZING_ENGINE environment variable be set])])
         ADD_FUZZING_FLAG([-lFuzzingEngine])],
        [AC_MSG_ERROR([Bad value for --with-fuzzing])])
AM_CONDITIONAL([ENABLE_FUZZING],[test "x$with_fuzzing" != "xnone"])
AS_IF([test "x$with_fuzzing" != "xnone"],
      [AS_IF([test "x$enable_tcti_fuzzing" = xno],
             [AC_MSG_ERROR([Fuzz tests can not be enabled without the TCTI_FUZZING module])])
       AS_IF([test "x$GEN_FUZZ" != "x1"],
             [AC_MSG_ERROR([Fuzz tests can not be enabled without "GEN_FUZZ=1" variable])])])

AX_VALGRIND_CHECK

gl_LD_VERSION_SCRIPT

AC_ARG_ENABLE([log-file],
            [AS_HELP_STRING([--disable-log-file],
                            [write logging to stderr only])],,
            [enable_log_file=yes])
AS_IF([test "x$enable_log_file" != xno],
	[AC_DEFINE([LOG_FILE_ENABLED],[1], [Support for writing to a log file is enabled])])

AC_ARG_WITH([maxloglevel],
            [AS_HELP_STRING([--with-maxloglevel={none,error,warning,info,debug,trace}],
                            [sets the maximum log level (default is trace)])],,
            [with_maxloglevel=trace])
AS_CASE(["x$with_maxloglevel"],
        ["xnone"],
        [AC_DEFINE_UNQUOTED([MAXLOGLEVEL], [0], ["Logging disabled"])],
        ["xerror"],
        [AC_DEFINE_UNQUOTED([MAXLOGLEVEL], [2], ["Error log level"])],
        ["xwarning"],
        [AC_DEFINE_UNQUOTED([MAXLOGLEVEL], [3], ["Warning log level"])],
        ["xinfo"],
        [AC_DEFINE_UNQUOTED([MAXLOGLEVEL], [4], ["Info log level"])],
        ["xdebug"],
        [AC_DEFINE_UNQUOTED([MAXLOGLEVEL], [5], ["Debug log level"])],
        ["xtrace"],
        [AC_DEFINE_UNQUOTED([MAXLOGLEVEL], [6], ["Trace log level"])],
        [AC_MSG_ERROR([Bad value for --with-maxloglevel])])

AC_ARG_ENABLE([defaultflags],
              [AS_HELP_STRING([--disable-defaultflags],
                              [Disable default preprocessor, compiler, and linker flags.])],,
              [enable_defaultflags=yes])
AS_IF([test "x$enable_defaultflags" = "xyes"],
      [
      AS_IF([test "x$enable_debug" = "xno"],
            [ADD_COMPILER_FLAG([-O2])
             AX_ADD_FORTIFY_SOURCE])
      ADD_COMPILER_FLAG([-std=c99])
      ADD_COMPILER_FLAG([-Wall])
      ADD_COMPILER_FLAG([-Wextra])
      ADD_COMPILER_FLAG([-Wformat-security])
      AS_IF([test "x$ax_is_release" = "xno"],
          [ADD_COMPILER_FLAG([-Werror])])
      ADD_COMPILER_FLAG([-fstack-protector-all])
      ADD_COMPILER_FLAG([-fpic])
      ADD_COMPILER_FLAG([-fPIC])
      # work around GCC bug #53119
      #   https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53119
      ADD_COMPILER_FLAG([-Wno-missing-braces])
      ADD_COMPILER_FLAG([-Wstrict-overflow=5])
      ADD_LINK_FLAG([-Wl,--no-undefined])
      ADD_LINK_FLAG([-Wl,-z,noexecstack])
      ADD_LINK_FLAG([-Wl,-z,now])
      ADD_LINK_FLAG([-Wl,-z,relro])
      ])

AC_ARG_ENABLE([weakcrypto],
    [AS_HELP_STRING([--disable-weakcrypto],
	           [Disable crypto algorithms considered weak])],,
    [enable_weakcrypto=no])
AS_IF([test "x$enable_weakcrypto" = "xyes"],
	[AC_DEFINE([DISABLE_WEAK_CRYPTO],[1],[DISABLE WEAK CRYPTO ALGORITHMS])])

AC_ARG_ENABLE([self-generated-certificate],
            [AS_HELP_STRING([--enable-self-generated-certificate],
                            [Alllow usage of self generated root certifcate])],,
            [enable_self_generated_certificate=no])
AS_IF([test "x$enable_self_generated_certificate" = xyes],
	[AC_DEFINE([SELF_GENERATED_CERTIFICATE], [1], [Allow usage of self generated root certificate])],
	[AS_IF([test "x$integration_tcti" != "xdevice"], [AC_DEFINE([FAPI_TEST_EK_CERT_LESS], [1], [Perform integration tests without EK certificate verification])])])

AM_CONDITIONAL([INIT_CA], [test "x$enable_self_generated_certificate" = xyes])

AS_IF([test "x$enable_integration" = "xyes" && test "x$enable_self_generated_certificate" != "xyes" && test "x$integration_tcti" != "xdevice"],
      [AC_MSG_WARN([Running integration tests without EK certificate verification, use --enable-self-generated-certificate for full test coverage])])

# Check for systemd helper tools used by make install
AC_CHECK_PROG(systemd_sysusers, systemd-sysusers, yes)
AM_CONDITIONAL([SYSD_SYSUSERS], [test "x$systemd_sysusers" = "xyes" && test "x$sysusersdir" != "xno"])
AC_CHECK_PROG(systemd_tmpfiles, systemd-tmpfiles, yes)
AM_CONDITIONAL([SYSD_TMPFILES], [test "x$systemd_tmpfiles" = "xyes" && test "x$tmpfilesdir" != "xno"])

# Check all tools used by make install
AS_IF([test "$HOSTOS" = "Linux" && test "x$systemd_sysusers" != "xyes"],
    [ AC_CHECK_PROG(useradd, useradd, yes)
      AC_CHECK_PROG(groupadd, groupadd, yes)
      AC_CHECK_PROG(adduser, adduser, yes)
      AC_CHECK_PROG(addgroup, addgroup, yes)
      AS_IF([test "x$addgroup" != "xyes" && test "x$groupadd" != "xyes" ],
         [AC_MSG_ERROR([addgroup or groupadd are needed.])])
      AS_IF([test "x$adduser" != "xyes" && test "x$useradd" != "xyes" ],
         [AC_MSG_ERROR([adduser or useradd are needed.])])])

AC_SUBST([PATH])

dnl --------- Doxy Gen -----------------------
DX_DOXYGEN_FEATURE(ON)
DX_DOT_FEATURE(OFF)
DX_HTML_FEATURE(ON)
DX_CHM_FEATURE(OFF)
DX_CHI_FEATURE(OFF)
DX_MAN_FEATURE(ON)
DX_RTF_FEATURE(ON)
DX_XML_FEATURE(OFF)
DX_PDF_FEATURE(OFF)
DX_PS_FEATURE(OFF)
DX_INIT_DOXYGEN($PACKAGE_NAME, [Doxyfile], [doxygen-doc])

AM_CONDITIONAL(DOXYMAN, [test $DX_FLAG_doc -eq 1])
AS_IF([test $DX_FLAG_doc -ne 1],
	[AS_IF([test "x$enable_doxygen_doc" = xyes],
                     [ERROR_IF_NO_PROG([doxygen])])])

AX_CODE_COVERAGE
m4_ifdef([_AX_CODE_COVERAGE_RULES],
         [AM_CONDITIONAL(AUTOCONF_CODE_COVERAGE_2019_01_06, [true])],
         [AM_CONDITIONAL(AUTOCONF_CODE_COVERAGE_2019_01_06, [false])])
AX_ADD_AM_MACRO_STATIC([])

AM_COND_IF([ENABLE_TCTI_DEVICE], [],
           [AM_COND_IF([ENABLE_TCTI_MSSIM], [],
                       [AM_COND_IF([ENABLE_TCTI_SWTPM], [],
                                   [AM_COND_IF([ENABLE_TCTI_FUZZING], [],
                                               [AC_MSG_WARN("No build-in TCTI module enabled")])])])])

AM_COND_IF([ENABLE_TCTI_FUZZING], [
            AM_COND_IF([ENABLE_TCTI_DEVICE],
                       AC_MSG_ERROR([Fuzzing TCTI is meant to be built as the only TCTI: use --disable-tcti-device --disable-tcti-mssim --disable-tcti-swtpm]))
            AM_COND_IF([ENABLE_TCTI_MSSIM],
                       AC_MSG_ERROR([Fuzzing TCTI is meant to be built as the only TCTI: use --disable-tcti-device --disable-tcti-mssim --disable-tcti-swtpm]))
            AM_COND_IF([ENABLE_TCTI_SWTPM],
                       AC_MSG_ERROR([Fuzzing TCTI is meant to be built as the only TCTI: use --disable-tcti-device --disable-tcti-mssim --disable-tcti-swtpm]))
            AS_CASE([$CC],
                    [*clang*], [AC_MSG_NOTICE("Building fuzzing tests with $CC")],
                    [AC_MSG_ERROR("Fuzzing TCTI can only be used with clang")])
            ], [])

AC_ARG_WITH([default-test-fapi-profile],
            [AS_HELP_STRING([--with-default-test-fapi-profile=PROFILE],
                            [sets the default FAPI profile used in tests])],,
            [with_default_test_fapi_profile=P_ECC])
AC_DEFINE_UNQUOTED([DEFAULT_TEST_FAPI_PROFILE], ["$with_default_test_fapi_profile"], [Default FAPI profile used for testing])

AC_OUTPUT

AC_MSG_RESULT([
    $PACKAGE_NAME $VERSION
    esys:               $enable_esys
    fapi:               $enable_fapi
    policy:             $enable_policy
    tctidefaultmodule:  $with_tctidefaultmodule
    tctidefaultconfig:  $with_tctidefaultconfig
    unit:               $enable_unit
    integration:        $enable_integration
    testing backend:    $integration_tcti
    fapi test profile:  $with_default_test_fapi_profile
    fuzzing:            $with_fuzzing
    debug:              $enable_debug
    maxloglevel:        $with_maxloglevel
    doxygen:            $DX_FLAG_doc $enable_doxygen_doc
    crypto backend:     $with_crypto
    sysconfdir:         $sysconfdir
    localstatedir:      $localstatedir
    runstatedir:        $runstatedir
    sysusersdir:        $sysusersdir
    tmpfilesdir:        $tmpfilesdir
    userstatedir:       [\$HOME/]$with_userstatedir
    sysmeasurements:    $sysmeasurements
    imameasurements:    $imameasurements
    tcti_spi_ltt2go      $enable_tcti_spi_ltt2go
    tcti_spidev         $enable_tcti_spidev
    tcti_spi_ftdi       $enable_tcti_spi_ftdi
    tcti_i2c_ftdi       $enable_tcti_i2c_ftdi
])