| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: tboot | Distribution: openSUSE Tumbleweed |
| Version: 20210614_1.11.1 | Vendor: openSUSE |
| Release: 1.9 | Build date: Fri Feb 2 21:52:13 2024 |
| Group: Productivity/Security | Build host: i04-ch4b |
| Size: 797055 | Source RPM: tboot-20210614_1.11.1-1.9.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://sourceforge.net/projects/tboot/ | |
| Summary: Program for performing a verified launch using Intel TXT | |
Trusted Boot (tboot) is a pre-kernel/VMM module that uses Intel Trusted Execution Technology (Intel(R) TXT) to perform a measured and verified launch of an OS kernel/VMM.
BSD-3-Clause
* Mon Feb 06 2023 Matthias Gerstner <matthias.gerstner@suse.com>
- required update due to openSSL 3.0 deprecation errors in current version
- updated to v1.11.1 / 20230125:
20230125: v1.11.1
- Revert log memory range extension (caused memory overlaps and boot failures)
20221223: v1.11.0
- Fixed TPM handling to flush objects after integrity measurement (Intel PTT limitations)
- Exteded low memory range for logs (HCC CPUs had issue with not enough memory)
- "agile" removed from PCR Extend policy options (requested deprecation)
- Added handling for flexible ACM Info Table format
- lcptools: CPPFLAGS use by environment in build
- lcptools: removed __DATE__ refs to make build reproducible
- Only platform-matchin SINIT modules can be selected
- txt-acminfo: Map TXT heap using mmap
- Typo fix in man page
20220304: v1.10.5
- Fixed mlehash.c to bring back functionality and make it GCC12 compliant
- Reverted change for replacing EFI memory to bring back Tboot in-memory logs
20220224: v1.10.4
- Fix hash printing for SHA384, SHA512 and SM3
- Touch ups for GCC12
- Set GDT to map CS and DS to 4GB before jumping to Linux
- make efi_memmap_reserve handle gaps like e820_protect_region
- Ensure that growth of Multiboot tags does not go beyond original area
- Replace EFI memory map in Multiboot2 info
- Fix endianness of pcr_info->pcr_selection.size_of_select
- Don't ignore locality in PCR file
- Fix composite hashing algorithm for PCONF elements to match lcptools-1
20211210: v1.10.3
- Add UNI-VGA license information
- Remove poly1305 object files on clean
- Support higher resolution monitors
- Use SHA256 as default hashing algorithm in lcp2_mlehash and tb_polgen
- Add OpenSSL 3.0.0 support in lcptools-v2
- Increase number of supported CPUs to 1024 to accomodate for larger units
- tboot-grub2-fix-menu-in-xen-host-server.patch: refreshed to match new
upstream version.
- tboot-grub2-fix-xen-submenu-name.patch: refreshed to match new upstream
version.
* Fri Jun 11 2021 Marcus Meissner <meissner@suse.com>
- updated to v1.10.2 / 20210614
Fix ACM chipset/processor list validation
Check for client/server match when selecting SINIT
Fix issues when building with GCC11
Default to D/A mapping when TPM1.2 and CBnT platform
- updated to 1.10.1 / 20210330
- Indicate to SINIT that CBnT is supported by TBOOT
- lcptools: Fix issues from static code analysis
* Tue Jan 19 2021 Matthias Gerstner <matthias.gerstner@suse.com>
- release 1.10.0 ramifications:
- README is now README.md
- acminfo and parse_err now are called txt-acminfo and txt-parse_err
- lcptools are deprecated (tpm 1.2, TrouSerS dependency) and are no longer
packaged.
- no longer needs TrouSerS dependency due to deprecation
* Tue Jan 19 2021 Matthias Gerstner <matthias.gerstner@suse.com>
- tboot-grub2-fix-menu-in-xen-host-server.patch: refreshed to match new
upstream version.
- tboot-grub2-fix-xen-submenu-name.patch: refreshed to match new upstream
version.
* Tue Jan 19 2021 Matthias Gerstner <matthias.gerstner@suse.com>
- update to new upstream release 1.10.0:
- Rename TXT related tools to have 'txt-' prefix
- Clarify license issues
- Fix issues reported by Coverity Scan
- Ensure txt-acminfo does not print false information if msr is not loaded
- Fix issue with multiboot(1) booting - infinite loop during boot
- Fix issue with TPM1.2 - invalid default policy
- Unmask NMI# after returning from SINIT
- Update GRUB scripts to use multiboot2 only
- Enable VGA logging for EFI platforms
- Add warning when using SHA1 as hashing algorithm
- Add Doxygen documentation
- Replace VMAC with Poly1305
- Validate TPM NV index attributes
- Move old lcptool to deprecated folder and exclude from build
- TrouSerS is not longer required to build
- lcptools-v2: meet requirements from MLE DG rev16
- lcptools-v2: Implement SM2 signing and SM2 signature verification
- lcptools-v2: Set aux_hash_alg_mask to 0 when policy version != 0x300
- dropped tboot-Unmask-NMI-after-returning-from-SINIT.patch (upstream)
* Thu Nov 12 2020 Matthias Gerstner <matthias.gerstner@suse.com>
- add tboot-grub2-refuse-secure-boot.patch: don't generate tboot menu entries
in grub when the system is running with UEFI Secure Boot (bsc#1175114). This
prevents hard to understand error messages when trying to boot tboot in this
context.
* Mon Sep 28 2020 matthias.gerstner@suse.com
- update to new upstream release 1.9.12:
- changes from 1.9.12:
- Release localities in S3 flow for CRB interface
- Config.mk, safestringlib/makefile : allow tool overrides
- safestringlib: fix warnings with GCC 6.4.0
- Strip executable file before generating tboot.gz
- Add support for EFI memory map parse/modification
- Add SHA384 and SHA512 digest algorithms
- lcptools-v2: add pconf2 policy element support
- tb_polgen: Add SHA384 and SHA512 support
- Disable GCC9 address-of-packed-member warning
- Fix warnings after "Avoid unsafe functions" scan
- Use SHA256 as default hashing algorithm
- changes from 1.9.11:
- tb_polgen: Add support for SHA256
- Configure IOMMU before executing GETSEC[SENTER]
- SINIT ACM can have padding, handle that when checking size
- disable-address-of-packed-member-warning.patch: now contained upstream
- tboot-grub2-fix-xen-submenu-name.patch: refreshed
- dropped tboot-Release-localities-in-S3-flow-for-CRB-interface.patch (upstream)
- dropped tboot-Configure-IOMMU-before-executing-GETSEC-SENTER.patch (upstream)
- dropped tboot-Do-not-try-to-read-EFI-mem-map-when-booted-with-mult.patch (upstream)
- dropped tboot-Release-localities-in-S3-flow-for-CRB-interface.patch (upstream)
- dropped tboot-support-sinit-padding.patch (upstream)
- dropped tboot-Add-support-for-EFI-memory-map-parse-modification.patch
- dropped tboot-fix-memmap1-boot-issues.patch
- dropped tboot-Add-more-mbi-validation.patch
* Fri Jul 12 2019 Martin Liška <mliska@suse.cz>
- Disable LTO in more elegant way (boo#1141323).
* Thu Jul 11 2019 mgerstner <matthias.gerstner@suse.com>
- explicitly disable gcc9 link time optimization to fix the build and avoid
trouble in low level tboot code.
* Tue May 28 2019 mgerstner <matthias.gerstner@suse.com>
- add disable-address-of-packed-member-warning.patch: taken over patch found
in the Fedora package to disable a new gcc-9 warning that breaks the build.
/boot/tboot-syms /boot/tboot.gz /etc/grub.d /etc/grub.d/20_linux_tboot /etc/grub.d/20_linux_xen_tboot /usr/sbin/lcp2_crtpol /usr/sbin/lcp2_crtpolelt /usr/sbin/lcp2_crtpollist /usr/sbin/lcp2_mlehash /usr/sbin/tb_polgen /usr/sbin/txt-acminfo /usr/sbin/txt-parse_err /usr/sbin/txt-stat /usr/share/doc/packages/tboot /usr/share/doc/packages/tboot/COPYING /usr/share/doc/packages/tboot/Makefile /usr/share/doc/packages/tboot/README.md /usr/share/doc/packages/tboot/howto_use.md /usr/share/doc/packages/tboot/lcptools.txt /usr/share/doc/packages/tboot/man /usr/share/doc/packages/tboot/man/lcp2_crtpol.8 /usr/share/doc/packages/tboot/man/lcp2_crtpolelt.8 /usr/share/doc/packages/tboot/man/lcp2_crtpollist.8 /usr/share/doc/packages/tboot/man/lcp2_mlehash.8 /usr/share/doc/packages/tboot/man/tb_polgen.8 /usr/share/doc/packages/tboot/man/txt-acminfo.8 /usr/share/doc/packages/tboot/man/txt-parse_err.8 /usr/share/doc/packages/tboot/man/txt-stat.8 /usr/share/doc/packages/tboot/policy_v1.txt /usr/share/doc/packages/tboot/policy_v2.txt /usr/share/doc/packages/tboot/tboot_flow.md /usr/share/doc/packages/tboot/txt-info.txt /usr/share/doc/packages/tboot/vlp.txt /usr/share/man/man8/lcp2_crtpol.8.gz /usr/share/man/man8/lcp2_crtpolelt.8.gz /usr/share/man/man8/lcp2_crtpollist.8.gz /usr/share/man/man8/lcp2_mlehash.8.gz /usr/share/man/man8/tb_polgen.8.gz /usr/share/man/man8/txt-acminfo.8.gz /usr/share/man/man8/txt-parse_err.8.gz /usr/share/man/man8/txt-stat.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Apr 9 21:38:35 2024