openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File tboot.changes of Package tboot

-------------------------------------------------------------------
Thu Sep 13 13:08:04 UTC 2018 - matthias.gerstner@suse.com

- take over version bump from SLE-12-SP4 to fix customer issues with tboot in
  conjunction with tpm 2.0 devices (bsc#1103182, bsc#1108184). tboot 1.9.7
  mostly contains bugfixes and no incompatibilities should be included.

-------------------------------------------------------------------
Tue Sep  4 14:38:08 UTC 2018 - matthias.gerstner@suse.com

- update to tboot-1.9.7 (FATE#325138, FATE#324718). This is mainly a bugfix
  release:
        - Fix a lot of issues in tools reported by klocwork scan.
        - Fix a lot of issues in tboot module reported by klocwork scan.
        - Remove a redundant tboot option
        - Fix indent in heap.c
        - Fix 4 issues along with extpol=agile option
        - Mitigations for tpm interposer attacks
        - Add an option in tboot to force SINIT to use the legacy TPM2 log format.
        - Add support for appending to a TPM2 TCG style event log.
        - Ensure tboot log is available even when measured launch is skipped.
        - Add centos7 instructions for Use in EFI boot mode.
        - Fix memory leak and invalid reads and writes issues.
        - Fix TPM 1.2 locality selection issue.
        - Fix a null pointer dereference bug when Intel TXT is disabled.
        - Optimize tboot docs installation.
        - Fix security vulnerabilities rooted in tpm_if structure and g_tpm variable.
        - The size field of the MB2 tag is the size of the tag header + the size
        - Fix openssl-1.0.2 double frees
        - Make policy element stm_elt use unique type name
        - lcptools-v2 utilities fixes
        - port to openssl-1.1.0
        - Reset debug PCR16 to zero.
        - Fix a logical error in function bool evtlog_append(...).
- removed tboot-CVE-2017-16837.patch: now contained in tarball
- removed tboot-apic.patch: now contained in tarball
- removed tboot-grub2-suse.patch: now contained in tarball
- added tboot-distributor.patch: don't add GNU/Linux to grub menu entries. SUSE's
  grub2 itself doesn't do it as well. (bnc#1078262)

-------------------------------------------------------------------
Thu Nov 16 13:14:23 UTC 2017 - matthias.gerstner@suse.com

- tboot-CVE-2017-16837.patch: fix a major security issue in tboot. tboot
  failed to validate a number of immutable function pointers, which could
  allow an attacker to bypass the chain of trust and execute arbitrary code
  (bnc#1068390, CVE-2017-16837).

-------------------------------------------------------------------
Fri Sep 22 09:00:08 UTC 2017 - matthias.gerstner@suse.com

- tboot-apic.patch: Fixed failed trusted boot on some systems like Intel Xeon
  "Purley 8s" processors. The following error message showed: "TBOOT:
  wait-for-sipi loop timed-out". Booting continued but "TXT measured launch"
  was wrongly reported as FALSE. (bnc#1057555)

-------------------------------------------------------------------
Tue Jun 21 10:14:44 UTC 2016 - mchang@suse.com

- Fix wrong pvops kernel config matching (bsc#981948) 
  * modified tboot-grub2-fix-menu-in-xen-host-server.patch

-------------------------------------------------------------------
Thu Jun  2 08:25:29 UTC 2016 - meissner@suse.com

- tboot-grub2-suse.patch: replace if/elif to avoid syntax error (FATE#320665)

-------------------------------------------------------------------
Thu May 19 10:35:27 UTC 2016 - meissner@suse.com

- Updated to 1.9.4/20160518 (FATE#320665)
  Added TPM 2.0 CRB support
  Increased BSP and AP stacks to avoid stack overflow 
  Added an ACPI_RSDP structure g_rsdp in tboot to avoid potential memory overwritten issue on TPM 2.0 UEFI platforms
  Added support to both Intel TPM nv index set and TCG TPM nv index set
  grub2: tboot doesn't skip first argument any more
  grub2: sanitize whitespace in command lines        
  grub2: Allow addition of policy data in grub.cfg
  grub2 support: allow the user to customize the command line
  Mitigated S3 resume delay by adjusting LZ_MAX_OFFSET to 5000 in lz.c.        
  Added SGX TPM  nv index support
  Add 64 bit ELF object support
  Gentoo Hardened, which uses the GRSecurity and PaX patch sets
  Disable -fstack-check in CFLAG for compatibility with Gentoo Linux.
  Enhanced tboot compatiblity running on non-Intel TXT platform with a fix of is_launched()
  LCP documentation improvements
- tboot-grub2-suse.patch: refreshed
- tboot-grub2-fix-xen-submenu-name.patch: refreshed
- tboot-fix-stackoverflow.patch: upstream in 1.9.4

-------------------------------------------------------------------
Wed Apr  6 09:41:06 UTC 2016 - meissner@suse.com

- tboot-fix-stackoverflow.patch: fix a excessive stack usage pattern
  that could lead to resets/crashes (bsc#967441)

-------------------------------------------------------------------
Fri May  8 12:08:52 UTC 2015 - meissner@suse.com

- Updated to 1.8.3/20140728 FATE#318542 bsc#964408
  * Added verified launch control policy user guide
  * Fixed a bug about var MTRR settings to follow the rule that each VAR MTRR base must be a multiple of that MTRR's size.
  * Access tpm sts reg with 3-byte width in v1.2 case and 4-byte width in v2.0 case
  * Bugfix: lcp2_mlehash get wrong hash if the cmdline string length > 7
  * Optimized tboot log processing flow to avoid log buffer overflow by adopting lz Compress/Uncompress algorithms
  * Added SGX support for Skylake platform
  * tpm2: use the primary object in NULL Hierarchy instead of Platform Hierarchy for seal/unseal usage
  * Fixed a bug for lcp2_mlehash tool
  * Fixed system hang issue caused by TXT disable, TPM disable or SINIT ACM not correctly provided in EFI booting mode
  * Fixed bug for wrong assumption on the way how GRUB2 load modules
  * Fixed MB2 tags mess issue caused by moving shorter module cmdline to head
  * Fixed compile issue when debug=y

- refreshed tboot-grub2-fix-xen-submenu-name.patch

-------------------------------------------------------------------
Mon Jul 28 12:14:12 UTC 2014 - meissner@suse.com

- updated to 1.8.2/20140728
  Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF Kernels
  fix werror in 32 bit build environment
- tboot-fix.patch: removed, fixed differently upstream.

-------------------------------------------------------------------
Mon May 19 11:11:10 UTC 2014 - meissner@suse.com

- updated to 1.8.1/20140516
  Fix build error "may be used uninitialized"
  Reset eventlog when S3
  Update tboot version to 1.8.1 in grub title
  Fix grub cfg file generation scripts for SLES12
  Fix seal failure issue
  tpm2 lcptools
  Restore local apic base for AP
  Fix typo in hash_alg_to_string()
  Change to create primary object only once
  Add prepare_tpm call in S3 path to ensure locality 0 was released before senter
  Fix possible dead loop in print_bios_data when bios_data version 4
  Fix possible null pointer dereference in loader.c
  Fix possible null pointer dereference in tpm_12.c and tpm_20.c
  Avoid buffer overrun when append tpm12 eventlog
  Fix possible NULL pointer dereference
  Fix one event log issue caused by wrong append and print operation
  Fix error "unsupported hash alg" for agile extend policy
  Fix warning "ACM info_table version mismatch"
  Update the tpm family detection with a general way
  Fix a lcp tools issue caused by redefining TB_HALG_SHA1 from 0 to 4
  Assign g_tpm a value for no tpm case to avoid NULL checks
  Fix crash when TPM is missing
  Fix infinite loop in determine_multiboot_type()
  Fix typo in tpm20_init() and remove unused variable
  Allow the to-be-measured nv to be protected by AUTHWRITE
  Check cpu vendor id to avoid unexpected behavior in non-intel cpu
  Change to detect TPM family only once
  Fix some typos caused by copy-paste

- removed tboot-cs381.patch: upstream

-------------------------------------------------------------------
Fri May 16 06:10:17 UTC 2014 - mchang@suse.com

- fix grub2 boot menu after installing lots of kernels (bnc#865815)
- add tboot-grub2-fix-menu-in-xen-host-server.patch
- add tboot-grub2-fix-xen-submenu-name.patch

-------------------------------------------------------------------
Wed Apr 30 08:42:27 UTC 2014 - meissner@suse.com

- tboot-cs381.patch: generate tboot entries correctly, from Intel.
  bnc#875581

-------------------------------------------------------------------
Wed Feb 19 16:05:10 UTC 2014 - meissner@suse.com

- fixed path for /usr/share/grub2/grub-mkconfig_lib in our grub2
  snippets. (bnc#864633)

-------------------------------------------------------------------
Thu Jan 30 21:59:46 UTC 2014 - meissner@suse.com

- updated to 1.8.0/20130705
  Update README for TPM2 support
  tpm2 support
  Adding sha256 algorithm implementation
  Update README for TPM NV measuring
  Update README for EFI support
  Fix typo in tboot/Makefile
  Increase the supported maximum number of cpus from 256 to 512
  Extend tboot policy supporting measuring TPM NV
  EFI support via multiboot2 changes
  Fix typo in common/hash.c
  Fix verification for extended data elements in txt heap

-------------------------------------------------------------------
Thu Aug  8 11:56:45 UTC 2013 - meissner@suse.com

- updated to 1.7.4/20130705
  Fix possible empty submenu block in generated grub.cfg
  Add a call_racm=check option for easy RACM launch result check
  Fix type check for revocation ACM.

-------------------------------------------------------------------
Tue Jan  8 15:26:59 UTC 2013 - meissner@suse.com

- updated to 1.7.3/20121228
  Update README with updated code repository url.
  Fix grub2 scripts to be compatible with more distros.
  Update README for RACM launch support
  Add a new option "call_racm=true|false" for revocation acm(RACM) launch
  Fix potential buffer overrun & memory leak in crtpconf.c
  Fix a potential buffer overrun in lcptools/lock.c
  Print cmdline in multi-lines
  Optional print TXT.ERRORCODE under level error or info
  Fix side effects of tboot log level macros in tools
  Update readme for the new detail log level
  Classify all logs into different log levels
  Add detail log level and the macros defined for log level
  Fix acmod_error_t type to correctly align all bits in 4bytes

-------------------------------------------------------------------
Wed Oct 10 15:31:57 UTC 2012 - meissner@suse.com

- updated to 1.7.2/20120929
  Add Makefile for docs to install man pages.
  Add man pages for tools
  Add grub-mkconfig helper scripts for tboot case in GRUB2
  Fix for deb build in ubuntu
  Fix S3 issue brought by c/s 308
  Fix a S4 hang issue and a potential shutdown reset issue
  Fix build with new zlib 1.2.7.
  Initialize event log when S3
  Update README to change upstream repo url from bughost.org to sf.net.

- updated to 1.7.1/20120427
  Fix cmdline size in tb_polgen
  Add description for option min_ram in README.
  new tboot cmdline option "min_ram=0xXXXXXX"
  Update test-patches/tpm-test.patch to fit in latest code.
- zlib patch upstreamed.
- spec file adjustments
- tboot-fix.patch: fixed printf type mismatch

-------------------------------------------------------------------
Thu May 31 13:20:57 CEST 2012 - meissner@suse.de

- adjust to changed zlib api

-------------------------------------------------------------------
Wed Apr 25 23:16:20 CEST 2012 - meissner@suse.de

- reenable exclusivearch to avoid building it on ppc and arm.

-------------------------------------------------------------------
Tue Feb 28 14:03:52 UTC 2012 - meissner@suse.com

- updated to 1.7.0
        Print version number while changeset info unavailable
        Document DA changes in README
        Add event log for PCR extends in tboot
        Follow details / authorities PCR mapping style in tboot
        Support details / authorities PCR mapping
        Support TPM event log
        fix build issue for txt-stat in 64 bit environment.
        update README for mwait AP wakeup mechanism
        tboot: provide a new AP wakeup way for OS/VMM - mwait then memory write
        Original txt-stat.c doesn't display TXT heap info by default. Add
            command line options to display help info and optionally enable
            displaying heap info.
        Fix a shutdown issue on heavily throttled large server
        Adjust mle_hdr.{mle|cmdline}_{start|end}_off according to CS285,286
            changes to give lcp_mlehash correct info to produce hash value.
        Fix boot issue caused by including mle page table into tboot memory
        Fix for possible overwritting to mle page table by GRUB2
        Add PAGE_UP() fn that rounds things up/donw to a page.
        Update get_mbi_mem_end() with a accurate, safer calculating way
        ACPI fix and sanity check
        Add some sanity check before using mods_count in a count-down loop
        TPM: add waiting on expect==0 before issue tpmGo
        txt-stat: Don't show heap info by default.
        Exchange definitions for TBOOT_BASE_ADDR & TBOOT_START
        Add const qualifier for suibable parms of all possible fns.
        fix possible mbi overwrite issue for Linux with grub2
        enhance print_mbi() to print more mbi info for debug purpose
        Fix for GRUB2 loading elf image such as Xen.
        Move apply_policy() call into txt_post_launch()
        Don't zap s3_key in tboot shared page if sealing failed due to tpm
            unowned
        Update the explanation of signed lists to make it clearer.
        tboot: add a fall back for reboot via keyboard reset vector
        tboot: revise README to explain how to configure GRUB2 config file for
            tboot
        tboot: rewrite acpi reg access fns to refer to bit_width instead of
            access_width
        tboot: change reboot mechanism to use keyboard reset vector
        tboot: handle mis-programmed TXT config regs and TXT heap gracefully
        tboot: add warning when TPM timeout values are wrong
        all PM1_CNT accesses should be 16bit.
        Enlarge NR_CPUS from 64 to 256
        Add support for SBIOS policy element type (LCP_SBIOS_ELEMENT) to
            lcp_crtpolelt
        Fix processor id list matching between platform and acmod
        Make lcp_crtpollist support empty lists (i.e. with no elements)
        print a bit more error reasons in txt-stat
        Fix segmentation fault in txt-stat on some systems

-------------------------------------------------------------------
Thu Jan 12 11:31:12 UTC 2012 - coolo@suse.com

- change license to be in spdx.org format

-------------------------------------------------------------------
Tue May 24 14:48:45 UTC 2011 - idonmez@novell.com

- Update to changeset 261 
    + gcc 4.6 fixes
    + Fix segmentation fault in txt-stat on some systems
    + Add support for TXT heap extended data elements and BiosData version 4
    + Add support for AC Module chipset info table version 4 (ProcessorIDList)
    + Removed no_usb command line parameter and SMI disabling
    + Support MAXPHYADDR > 36b

-------------------------------------------------------------------
Wed Apr 27 18:38:23 CEST 2011 - meissner@suse.de

- initial import of current intel trusted boot loader

Places

File tboot.changes of Package tboot

Places