tboot-20170711_1.9.8-lp152.5.9.1 RPM for x86_64

From OpenSuSE Leap 15.2 updates for x86_64

Trusted Boot (tboot) is a pre-kernel/VMM module that uses Intel
Trusted Execution Technology (Intel(R) TXT) to perform a measured and
verified launch of an OS kernel/VMM.

Provides

• tboot
• tboot(x86-64)

Requires

• /bin/sh
• /bin/sh
• /bin/sh
• /bin/sh
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.7)(64bit)
• libcrypto.so.1.1()(64bit)
• libcrypto.so.1.1(OPENSSL_1_1_0)(64bit)
• libtspi.so.1()(64bit)
• libz.so.1()(64bit)
• perl-Bootloader
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsXz) <= 5.2-1

License

BSD-3-Clause

Changelog

* Mon Feb 08 2021 Matthias Gerstner <matthias.gerstner@suse.com>
  - backport further patches to fix boot issues in UEFI mode on some newer
    machines / firmwares (bsc#1180756):
    - tboot-Add-more-mbi-validation.patch
    - tboot-Add-support-for-EFI-memory-map-parse-modification.patch
    - tboot-Configure-IOMMU-before-executing-GETSEC-SENTER.patch
    - tboot-Do-not-try-to-read-EFI-mem-map-when-booted-with-mult.patch
    - tboot-Release-localities-in-S3-flow-for-CRB-interface.patch
    - tboot-Unmask-NMI-after-returning-from-SINIT.patch
    it is not fully clear which of the patches are strictly necessary to fix the
    individual boot issues. None of the patches should introduce any negative
    effects, however.
* Wed Feb 03 2021 Matthias Gerstner <matthias.gerstner@suse.com>
  - add tboot-fix-memmap1-boot-issues.patch: fix boot issues in legacy mode on
    some machines when using grub2 multiboot(1) directive (bsc#1180756)
* Fri Nov 13 2020 Matthias Gerstner <matthias.gerstner@suse.com>
  - add tboot-grub2-refuse-secure-boot.patch: don't generate tboot menu entries
    in grub when the system is running with UEFI Secure Boot (bsc#1175114). This
    prevents hard to understand error messages when trying to boot tboot in this
    context.
* Mon Sep 28 2020 matthias.gerstner@suse.com
  - add tboot-support-sinit-padding.patch: support padding in SINIT modules.
    This should fix tboot issues on platform coming with preloaded SINIT modules
    with padding (bsc#1176378).
* Mon Dec 16 2019 matthias.gerstner@suse.com
  - add zlib-devel build dependency to fix openSUSE Leap 15.2 build error
    (shared codestream with SLE-15-SP2).
* Wed Oct 24 2018 matthias.gerstner@suse.com
  - update to new upstream release 1.9.8 (FATE#324359):
    - Skip tboot launch error index read/write when ignore prev err option is true
    - s3-fix: fix a stack overflow caused by enlarged tb_hash_t union
    - S3 fix: revert the mis-changed type casting in changeset 522:8e881a07c059
    - S3-fix: Adding option save_vtd=true to opt-in the vtd table restore
  - rebased patches to match new upstream version
* Fri Sep 07 2018 Jan Engelhardt <jengelh@inai.de>
  - Use noun phrase in summary.
* Mon Sep 03 2018 matthias.gerstner@suse.com
  - package new upstream tarball for 1.9.7. It seems the tarball was replaced
    upstream without notice, because some version numbers have not been
    incremented.
  - tboot-grub2-fix-menu-in-xen-host-server.patch: rebased
  - tboot-grub2-fix-xen-submenu-name.patch: rebased
* Fri Aug 31 2018 matthias.gerstner@suse.com
  - update to upstream version 1.9.7. This in mainly a bugfix release:
      Fix a lot of issues in tools reported by klocwork scan.
      Fix a lot of issues in tboot module reported by klocwork scan.
      Remove a redundant tboot option
      Fix indent in heap.c
      Fix 4 issues along with extpol=agile option
      Mitigations for tpm interposer attacks
      Add an option in tboot to force SINIT to use the legacy TPM2 log format.
      Add support for appending to a TPM2 TCG style event log.
      Ensure tboot log is available even when measured launch is skipped.
      Add centos7 instructions for Use in EFI boot mode.
      Fix memory leak and invalid reads and writes issues.
      Fix TPM 1.2 locality selection issue.
      Fix a null pointer dereference bug when Intel TXT is disabled.
      Optimize tboot docs installation.
      Fix security vulnerabilities rooted in tpm_if structure and g_tpm variable.
      The size field of the MB2 tag is the size of the tag header + the size
      Fix openssl-1.0.2 double frees
      Make policy element stm_elt use unique type name
      lcptools-v2 utilities fixes
      port to openssl-1.1.0
      Reset debug PCR16 to zero.
      Fix a logical error in function bool evtlog_append(...).
  - removed tboot-CVE-2017-16837.patch: now contained in tarball
  - removed tboot-openssl-1-1-0.patch: now contained in tarball
  - removed tboot-signature-segfault.patch: now contained in tarball
  - removed tboot-ssl-broken.patch: now contained in tarball
* Thu Mar 15 2018 matthias.gerstner@suse.com
  - tboot-signature-segfault.patch: Intermediate patch necessary for
    tboot-ssl-broken.patch. Upstream tried to fix OpenSSL issues here, but
    failed to do so.
  - tboot-ssl-broken.patch: Fixed memory corruption when using OpenSSL
    functionality like in lcp2_crtpollist (bnc#1083693). Fix has not yet been
    commented on by upstream (posted on tboot-devel mailing list).
* Wed Feb 21 2018 matthias.gerstner@suse.com
  - Also cover cleanup of bootloader configuration after package removal.
    (bnc#1078262)
* Mon Feb 12 2018 matthias.gerstner@suse.com
  - tboot-distributor.patch: don't add GNU/Linux to grub menu entries. SUSE's
    grub2 itself doesn't do it as well. (bnc#1078262)
  - perform update of bootloader configuration after installation via
    %posttrans. (bnc#1078262)
* Thu Nov 16 2017 matthias.gerstner@suse.com
  - tboot-CVE-2017-16837.patch: fix a major security issue in tboot. tboot
    failed to validate a number of immutable function pointers, which could
    allow an attacker to bypass the chain of trust and execute arbitrary code
    (bnc#1068390, CVE-2017-16837).
* Thu Nov 09 2017 matthias.gerstner@suse.com
  - tboot-openssl-1-1-0.patch: make package compatible with OpenSSL 1.1.0.
    There's no upstream release containing this patch yet. The patch builds
    against OpenSSL 1.0.x as well. This is for SLE-15 support (bnc#1067229).
* Tue Jul 18 2017 matthias.gerstner@suse.com
  update to new upstream version 1.9.6:
  - removed following patches, because they're now included upstream:
    * reproducible.patch
    * tboot-grub2-suse.patch
    * tboot-gcc7.patch
  - Changes in this version:
    * GCC7 fix, adds generic FALLTHROUGH notations to avoid warnings appearing on GCC7
    * Ensure Tboot never overwrites modules in the process of moving them.
    * Add support to x2APIC, which uses 32 bit APIC ID.
    * Fix S3 secrets sealing/unsealing failures
    * Support OpenSSL 1.1.0+ for ECDSA signature verification.
    * Support OpenSSL 1.1.0+ for RSA key manipulation.
    * Adds additional checks to prevent the kernel image from being overwritten.
    * Added TCG TPM event log support.
    * Pass through the EFI memory map that's provided by grub2.
    * Fix a null pointer dereference bug when Intel TXT is disabled in BIOS.
    * Adjust KERNEL_CMDLINE_OFFSET from 0x9000 to 0x8D00.
    * Bounds checking on the kernel_cmdline string.
* Sun Jun 04 2017 meissner@suse.com
  - tboot-gcc7.patch: fix some gcc7 warnings that lead to errors. (bsc#1041264)
* Sun Apr 30 2017 bwiedemann@suse.com
  - Add reproducible.patch to call gzip -n to make build fully reproducible
* Fri Feb 10 2017 jengelh@inai.de
  - Trim filler words from description; use modern macros over
    shell vars.
* Wed Feb 08 2017 meissner@suse.com
  - Updated to 20161216: v1.9.5 (FATE#321510)
    + Add 2nd generation of LCP creation tool source codes for TPM 2.0 platforms.
    + Add user guide for 2nd generation LCP creation tool
    + Provide workaround for Intel PTT(Platform Trust Technology) & Linux PTT driver.
    + Add new fields in Linux kernel header struct to accommodate Linux kernel new capabilities.
    + Fix a pointer dereference regression in the tboot native Linux loader which manifests itself as a system reset.
    + Fix the issue of overwriting tboot when the loaded elf kernel is located below tboot.
    + Add support to release TPM localities when tboot exits to linux kernel.
    + Fix the evtlog dump function for tpm2 case.
    + Initiaize kernel header comdline buffer before copying kernel cmdline arguments to the buffer to avoid random
    + data at end of the original cmdline contents.
    + Move tpm_detect() to an earlier stage so as to get tpm interface initialized before checking TXT platform capabilities.
* Wed Jun 22 2016 mchang@suse.com
  - Fix wrong pvops kernel config matching (bsc#981948)
    * modified tboot-grub2-fix-menu-in-xen-host-server.patch
* Wed Jun 01 2016 meissner@suse.com
  - tboot-grub2-suse.patch: fixed bad if/elif
* Thu May 19 2016 meissner@suse.com
  - Updated to 1.9.4/20160518 (FATE#320665)
    Added TPM 2.0 CRB support
    Increased BSP and AP stacks to avoid stack overflow
    Added an ACPI_RSDP structure g_rsdp in tboot to avoid potential memory overwritten issue on TPM 2.0 UEFI platforms
    Added support to both Intel TPM nv index set and TCG TPM nv index set
    grub2: tboot doesn't skip first argument any more
    grub2: sanitize whitespace in command lines
    grub2: Allow addition of policy data in grub.cfg
    grub2 support: allow the user to customize the command line
    Mitigated S3 resume delay by adjusting LZ_MAX_OFFSET to 5000 in lz.c.
    Added SGX TPM  nv index support
    Add 64 bit ELF object support
    Gentoo Hardened, which uses the GRSecurity and PaX patch sets
    Disable -fstack-check in CFLAG for compatibility with Gentoo Linux.
    Enhanced tboot compatiblity running on non-Intel TXT platform with a fix of is_launched()
    LCP documentation improvements
  - tboot-grub2-suse.patch: refreshed
  - tboot-grub2-fix-xen-submenu-name.patch: refreshed
  - tboot-fix-stackoverflow.patch: upstream in 1.9.4
* Wed Apr 06 2016 meissner@suse.com
  - tboot-fix-stackoverflow.patch: fix a excessive stack usage pattern
    that could lead to resets/crashes (bsc#967441)
* Fri May 08 2015 meissner@suse.com
  - Updated to 1.8.3/20140728 FATE#318542
    * Added verified launch control policy user guide
    * Fixed a bug about var MTRR settings to follow the rule that each VAR MTRR base must be a multiple of that MTRR's size.
    * Access tpm sts reg with 3-byte width in v1.2 case and 4-byte width in v2.0 case
    * Bugfix: lcp2_mlehash get wrong hash if the cmdline string length > 7
    * Optimized tboot log processing flow to avoid log buffer overflow by adopting lz Compress/Uncompress algorithms
    * Added SGX support for Skylake platform
    * tpm2: use the primary object in NULL Hierarchy instead of Platform Hierarchy for seal/unseal usage
    * Fixed a bug for lcp2_mlehash tool
    * Fixed system hang issue caused by TXT disable, TPM disable or SINIT ACM not correctly provided in EFI booting mode
    * Fixed bug for wrong assumption on the way how GRUB2 load modules
    * Fixed MB2 tags mess issue caused by moving shorter module cmdline to head
    * Fixed compile issue when debug=y
  - fixes a boot issue on Skylake (bsc#964408)
  - refreshed tboot-grub2-fix-xen-submenu-name.patch

Files

/boot/tboot-syms
/boot/tboot.gz
/etc/grub.d
/etc/grub.d/20_linux_tboot
/etc/grub.d/20_linux_xen_tboot
/usr/sbin/acminfo
/usr/sbin/lcp2_crtpol
/usr/sbin/lcp2_crtpolelt
/usr/sbin/lcp2_crtpollist
/usr/sbin/lcp2_mlehash
/usr/sbin/lcp_crtpconf
/usr/sbin/lcp_crtpol
/usr/sbin/lcp_crtpol2
/usr/sbin/lcp_crtpolelt
/usr/sbin/lcp_crtpollist
/usr/sbin/lcp_mlehash
/usr/sbin/lcp_readpol
/usr/sbin/lcp_writepol
/usr/sbin/parse_err
/usr/sbin/tb_polgen
/usr/sbin/tpmnv_defindex
/usr/sbin/tpmnv_getcap
/usr/sbin/tpmnv_lock
/usr/sbin/tpmnv_relindex
/usr/sbin/txt-stat
/usr/share/doc/packages/tboot
/usr/share/doc/packages/tboot/COPYING
/usr/share/doc/packages/tboot/Linux_LCP_Tools_User_Manual.pdf
/usr/share/doc/packages/tboot/Makefile
/usr/share/doc/packages/tboot/README
/usr/share/doc/packages/tboot/lcptools2.txt
/usr/share/doc/packages/tboot/man
/usr/share/doc/packages/tboot/man/acminfo.8
/usr/share/doc/packages/tboot/man/lcp_crtpconf.8
/usr/share/doc/packages/tboot/man/lcp_crtpol.8
/usr/share/doc/packages/tboot/man/lcp_crtpol2.8
/usr/share/doc/packages/tboot/man/lcp_crtpolelt.8
/usr/share/doc/packages/tboot/man/lcp_crtpollist.8
/usr/share/doc/packages/tboot/man/lcp_mlehash.8
/usr/share/doc/packages/tboot/man/lcp_readpol.8
/usr/share/doc/packages/tboot/man/lcp_writepol.8
/usr/share/doc/packages/tboot/man/tb_polgen.8
/usr/share/doc/packages/tboot/man/txt-stat.8
/usr/share/doc/packages/tboot/policy_v1.txt
/usr/share/doc/packages/tboot/policy_v2.txt
/usr/share/doc/packages/tboot/txt-info.txt
/usr/share/doc/packages/tboot/vlp.txt
/usr/share/man/man8/acminfo.8.gz
/usr/share/man/man8/lcp_crtpconf.8.gz
/usr/share/man/man8/lcp_crtpol.8.gz
/usr/share/man/man8/lcp_crtpol2.8.gz
/usr/share/man/man8/lcp_crtpolelt.8.gz
/usr/share/man/man8/lcp_crtpollist.8.gz
/usr/share/man/man8/lcp_mlehash.8.gz
/usr/share/man/man8/lcp_readpol.8.gz
/usr/share/man/man8/lcp_writepol.8.gz
/usr/share/man/man8/tb_polgen.8.gz
/usr/share/man/man8/txt-stat.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Apr 9 12:00:11 2024