Revisions of tboot
Dominique Leuenberger (dimstar_suse)
accepted
request 578146
from
Matthias Gerstner (mgerstner)
(revision 30)
- tboot-distributor.patch: don't add GNU/Linux to grub menu entries. SUSE's grub2 itself doesn't do it as well. (bnc#1078262) - perform update of bootloader configuration after installation via %posttrans. (bnc#1078262)
Dominique Leuenberger (dimstar_suse)
accepted
request 542218
from
Matthias Gerstner (mgerstner)
(revision 29)
- tboot-CVE-2017-16837.patch: fix a major security issue in tboot. tboot failed to validate a number of immutable function pointers, which could allow an attacker to bypass the chain of trust and execute arbitrary code (bnc#1068390, CVE-2017-16837).
Dominique Leuenberger (dimstar_suse)
accepted
request 540236
from
Matthias Gerstner (mgerstner)
(revision 28)
- tboot-openssl-1-1-0.patch: make package compatible with OpenSSL 1.1.0. There's no upstream release containing this patch yet. The patch builds against OpenSSL 1.0.x as well. This is for SLE-15 support (bnc#1067229).
Dominique Leuenberger (dimstar_suse)
accepted
request 511178
from
Matthias Gerstner (mgerstner)
(revision 27)
update to new upstream version 1.9.6: - removed following patches, because they're now included upstream: * reproducible.patch * tboot-grub2-suse.patch * tboot-gcc7.patch - Changes in this version: * GCC7 fix, adds generic FALLTHROUGH notations to avoid warnings appearing on GCC7 * Ensure Tboot never overwrites modules in the process of moving them. * Add support to x2APIC, which uses 32 bit APIC ID. * Fix S3 secrets sealing/unsealing failures * Support OpenSSL 1.1.0+ for ECDSA signature verification. * Support OpenSSL 1.1.0+ for RSA key manipulation. * Adds additional checks to prevent the kernel image from being overwritten. * Added TCG TPM event log support. * Pass through the EFI memory map that's provided by grub2. * Fix a null pointer dereference bug when Intel TXT is disabled in BIOS. * Adjust KERNEL_CMDLINE_OFFSET from 0x9000 to 0x8D00. * Bounds checking on the kernel_cmdline string.
Dominique Leuenberger (dimstar_suse)
accepted
request 500930
from
Marcus Meissner (msmeissn)
(revision 26)
- tboot-gcc7.patch: fix some gcc7 warnings that lead to errors. (bsc#1041264) - fixes a boot issue on Skylake (bsc#964408) (forwarded request 500929 from msmeissn)
Dominique Leuenberger (dimstar_suse)
accepted
request 492191
from
Marcus Meissner (msmeissn)
(revision 25)
Add reproducible.patch to call gzip -n to make build fully reproducible (forwarded request 492188 from bmwiedemann)
Dominique Leuenberger (dimstar_suse)
accepted
request 456116
from
Marcus Meissner (msmeissn)
(revision 24)
- Trim filler words from description; use modern macros over shell vars. (forwarded request 456106 from jengelh)
Dominique Leuenberger (dimstar_suse)
accepted
request 455509
from
Marcus Meissner (msmeissn)
(revision 23)
- Updated to 20161216: v1.9.5 (FATE#321510) + Add 2nd generation of LCP creation tool source codes for TPM 2.0 platforms. + Add user guide for 2nd generation LCP creation tool + Provide workaround for Intel PTT(Platform Trust Technology) & Linux PTT driver. + Add new fields in Linux kernel header struct to accommodate Linux kernel new capabilities. + Fix a pointer dereference regression in the tboot native Linux loader which manifests itself as a system reset. + Fix the issue of overwriting tboot when the loaded elf kernel is located below tboot. + Add support to release TPM localities when tboot exits to linux kernel. + Fix the evtlog dump function for tpm2 case. + Initiaize kernel header comdline buffer before copying kernel cmdline arguments to the buffer to avoid random + data at end of the original cmdline contents. + Move tpm_detect() to an earlier stage so as to get tpm interface initialized before checking TXT platform capabilities.
Dominique Leuenberger (dimstar_suse)
accepted
request 405019
from
Marcus Meissner (msmeissn)
(revision 22)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 396765
from
Marcus Meissner (msmeissn)
(revision 21)
- Updated to 1.9.4/20160518 (FATE#320665) Added TPM 2.0 CRB support Increased BSP and AP stacks to avoid stack overflow Added an ACPI_RSDP structure g_rsdp in tboot to avoid potential memory overwritten issue on TPM 2.0 UEFI platforms Added support to both Intel TPM nv index set and TCG TPM nv index set grub2: tboot doesn't skip first argument any more grub2: sanitize whitespace in command lines grub2: Allow addition of policy data in grub.cfg grub2 support: allow the user to customize the command line Mitigated S3 resume delay by adjusting LZ_MAX_OFFSET to 5000 in lz.c. Added SGX TPM nv index support Add 64 bit ELF object support Gentoo Hardened, which uses the GRSecurity and PaX patch sets Disable -fstack-check in CFLAG for compatibility with Gentoo Linux. Enhanced tboot compatiblity running on non-Intel TXT platform with a fix of is_launched() LCP documentation improvements - tboot-grub2-suse.patch: refreshed - tboot-grub2-fix-xen-submenu-name.patch: refreshed - tboot-fix-stackoverflow.patch: upstream in 1.9.4 - tboot-fix-stackoverflow.patch: fix a excessive stack usage pattern that could lead to resets/crashes (bsc#967441) - Updated to 1.8.3/20140728 FATE#318542
Stephan Kulow (coolo)
accepted
request 307319
from
Factory Maintainer (factory-maintainer)
(revision 20)
Automatic submission by obs-autosubmit
Adrian Schröter (adrianSuSE)
committed
(revision 19)
Split 13.2 from Factory
Stephan Kulow (coolo)
accepted
request 242740
from
Marcus Meissner (msmeissn)
(revision 18)
- updated to 1.8.2/20140728 Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF Kernels fix werror in 32 bit build environment - tboot-fix.patch: removed, fixed differently upstream.
Stephan Kulow (coolo)
accepted
request 234703
from
Marcus Meissner (msmeissn)
(revision 17)
- updated to 1.8.1/20140516 Fix build error "may be used uninitialized" Reset eventlog when S3 Update tboot version to 1.8.1 in grub title Fix grub cfg file generation scripts for SLES12 Fix seal failure issue tpm2 lcptools Restore local apic base for AP Fix typo in hash_alg_to_string() Change to create primary object only once Add prepare_tpm call in S3 path to ensure locality 0 was released before senter Fix possible dead loop in print_bios_data when bios_data version 4 Fix possible null pointer dereference in loader.c Fix possible null pointer dereference in tpm_12.c and tpm_20.c Avoid buffer overrun when append tpm12 eventlog Fix possible NULL pointer dereference Fix one event log issue caused by wrong append and print operation Fix error "unsupported hash alg" for agile extend policy Fix warning "ACM info_table version mismatch" Update the tpm family detection with a general way Fix a lcp tools issue caused by redefining TB_HALG_SHA1 from 0 to 4 Assign g_tpm a value for no tpm case to avoid NULL checks Fix crash when TPM is missing Fix infinite loop in determine_multiboot_type() Fix typo in tpm20_init() and remove unused variable Allow the to-be-measured nv to be protected by AUTHWRITE Check cpu vendor id to avoid unexpected behavior in non-intel cpu Change to detect TPM family only once Fix some typos caused by copy-paste - removed tboot-cs381.patch: upstream
Stephan Kulow (coolo)
accepted
request 232175
from
Marcus Meissner (msmeissn)
(revision 16)
- tboot-cs381.patch: generate tboot entries correctly, from Intel. bnc#875581 (forwarded request 232174 from msmeissn)
Stephan Kulow (coolo)
accepted
request 223109
from
Marcus Meissner (msmeissn)
(revision 15)
- fixed path for /usr/share/grub2/grub-mkconfig_lib in our grub2 snippets. (bnc#864633) (forwarded request 223108 from msmeissn)
Stephan Kulow (coolo)
accepted
request 220446
from
Marcus Meissner (msmeissn)
(revision 14)
- updated to 1.8.0/20130705 Update README for TPM2 support tpm2 support Adding sha256 algorithm implementation Update README for TPM NV measuring Update README for EFI support Fix typo in tboot/Makefile Increase the supported maximum number of cpus from 256 to 512 Extend tboot policy supporting measuring TPM NV EFI support via multiboot2 changes Fix typo in common/hash.c Fix verification for extended data elements in txt heap
Adrian Schröter (adrianSuSE)
committed
(revision 13)
Split 13.1 from Factory
Tomáš Chvátal (scarabeus_factory)
accepted
request 186376
from
Marcus Meissner (msmeissn)
(revision 12)
- updated to 1.7.4/20130705 Fix possible empty submenu block in generated grub.cfg Add a call_racm=check option for easy RACM launch result check Fix type check for revocation ACM.
Adrian Schröter (adrianSuSE)
committed
(revision 11)
Split 12.3 from Factory
Displaying revisions 21 - 40 of 50