Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: tpm2.0-abrmd | Distribution: SUSE Linux Framework One |
Version: 3.0.0 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: slfo.1.2.3 | Build date: Thu Aug 1 11:46:26 2024 |
Group: Productivity/Security | Build host: reproducible |
Size: 167955 | Source RPM: tpm2.0-abrmd-3.0.0-slfo.1.2.3.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://github.com/tpm2-software/tpm2-abrmd | |
Summary: Intel's TCG Software Stack Access Broker & Resource Manager for TPM 2.0 chips |
The tpm2.0-abrmd package provides the TPM2 Access Broker & Resource Manager. This is a daemon service that coordinates requests to the TPM2 chip via Intel's TPM 2.0 software stack.
BSD-2-Clause
* Thu Aug 01 2024 jsegitz@suse.com - Update harden_tpm2-abrmd.service.patch to contain necessary SELinux changes (bsc#1209831) * Tue May 23 2023 aplanas@suse.com - Cover ALP via the %{suse_version} macro * Thu Dec 08 2022 aplanas@suse.com - Version 3.0.0 + Fixed * A bug in special command processing in TPM2_GetCapability when an audit session is in use cuased tpm2-abrmd to abort. + Added * New SELinux interfaces for communication with keylime + Changed * DBUS permissions in tpm2-abrmd.conf to match the in-kernel RM, ie /dev/tpmrm0, permissions. Now users MUST be in the tss group to send to tpm2-abrmd over DBUS. - Drop dbus-access.patch (merged in PR#805) * Fri Jul 08 2022 aplanas@suse.com - Version 2.4.1 + Added Contributor Covenant Code of Conduct. + Fixed * superflous warning messages about tcti status. WARNING **: 11:00:56.205: tcti_conf before: "(null)" WARNING **: 11:00:56.205: tcti_conf after: "mssim" * GCC 11 build error: error: argument 2 of __atomic_load’ discards 'volatile' qualifier * Initialize gerror pointer variable to NULL to fix use of unitialized memory and segfault. * Updated missing defaults in manpage. * Port CI to composite actions in tpm2-software/ci. + Removed Dependency on 'which' utility in configure.ac. ubuntu-16.04 from CI. * Mon Apr 04 2022 matthias.gerstner@suse.com - dbus-access.patch: restrict D-Bus access to tpm2-abrmd to members of the tss group (bsc#1197532). This prevents arbitrary users from meddling with TPM state and thus potential denial-of-service vectors. * Wed Dec 08 2021 aplanas@suse.com - Version 2.4.0 + remover syslog deprecation warning (bsc#1185154) + cover update to 2.3.3 (jsc#SLE-17366) + contains reload fix (bsc#1166936) + fix tcti loading using short / long names (bsc#1159176) * Mon Nov 29 2021 aplanas@suse.com - Warp selinux into a bcond * Thu Nov 25 2021 jsegitz@suse.com - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_tpm2-abrmd.service.patch * Sat Jul 17 2021 gmbr3@opensuse.org - Move selinux devel file to devel subpackage * Wed Jul 14 2021 gmbr3@opensuse.org - Update to version 2.4.0: - Service start depends on systemd device unit: dev-tpm0.device. - Numerous memory leaks. - udev settle service deprecation warnings. - StandardOutput=syslog deprecation warnings. - Add selinux module files - Move dbus files out of /etc * Wed Jun 09 2021 aplanas@suse.com - Requires libtss2-tcti-{device0,tabrmd0} (bsc#1187077). In MicroOS systems the recommendations are not installed, making the service fail to initialize: Failed to instantiate TCTI * Thu Oct 22 2020 matthias.gerstner@suse.com - update to version 2.3.3: - changes in version 2.3.1: - Fixed handle resource leak exhausting TPM resources. - changes in version 2.3.2: - Added cirrus CI specific config files to enable FreeBSD builds. - Changed test scripts to be more portable. - Changed include header paths specific to FreeBSD. - changes in version 2.3.1: - Provide meaningful exit codes on initialization failures. - Prevent systemd from starting the daemon before udev changes ownership of the TPM device node. - Prevent systemd from starting the daemon if there is no TPM device node. - Prevent systemd from restarting the daemon if it fails. - Add SELinux policy to allow daemon to resolve names. - Add SELinux policy boolean (disabled by default) to allow daemon to connect to all unreserved ports. * Wed Dec 11 2019 matthias.gerstner@suse.com - update to version 2.3.0: - changes in version 2.3.0: - Add '--enable-debug' flag to configure script to simplify debug builds. This relies on the AX_CHECK_ENABLE_DEBUG autoconf archive macro. - Replaced custom dynamic TCTI loading code with libtss2-tctildr from upstream tpm2-tss repo. (requires tpm2-0-tss version 2.3.0) - Explicitly set '-O2' optimization when using FORTIFY_SOURCE as required. - changes in version 2.2.0: - New configuration option `--disable-defaultflags/ added. This is for use for packaging for targets that do not support the default compilation / linking flags. - Use private dependencies properly in pkg-config metadata for TCTI. - Refactor daemon main module to enable better handling of error conditions and enable more thorough unit testing. - Updated dependencies to ensure compatibility with pkg-config fixes in tpm2-tss. - Fixed bug causing TCTI to block when used by libtss2-sys built with partial reads enabled. - Removed unnecessary libs / flags for pthreads in the TCTI pkg-config. - Output from configure script now accurately describes the state of the flags that govern the integration tests. - drop fix_dlopen.patch: no longer necessary since abrmd not uses the tctildr shared library. This one hopefully now does the right thing. * Mon Aug 26 2019 matthias.gerstner@suse.com - update to version 2.1.1: - changes in version 2.1.1: - Unit tests accessing dbus have been fixed to use mock functions. Unit tests no longer depend on dbus. - Race condition between client connections and dbus proxy object creation by registering bus name after instantiation of the proxy object. * Fri Apr 26 2019 mvetter@suse.com - bsc#1130588: Require shadow instead of old pwdutils * Wed Mar 06 2019 matthias.gerstner@suse.com - update to version 2.1.0: - changes in version 2.1.0: - `-Wstrict-overflow=5` now used in default CFLAGS. - Handling of `TPM2_RC_CONTEXT_GAP` on behalf of users. - Convert `TPM2_PT_CONTEXT_GAP_MAX` response from lower layer to `UINT32_MAX` - travis-ci now uses 'xenial' builder - Significant refactoring of TCTI handling code. - `--install` added to ACLOCAL_AMFLAGS to install aclocal required macros instead of using the default symlinks - Launch `dbus-run-session` in the automake test environment to automagically set up a dbus session bus instance when one isn't present. - Bug caused by unloading of `libtss2-tcti-tabrmd.so` on dlclose. GLib does not support reloading a second time. - Bug causing `-fstack-protector-all` to be used on systems with core libraries (i.e. libc) that do not support it. This caused failures at link-time. - Unnecessary symbols from libtest utility library no longer included in TCTI library. - changes in version 2.0.3: - Update build to account for upstream change to glib '.pc' files described in: https://gitlab.gnome.org/GNOME/glib/issues/1521 - added _service file for syncing with upstream tags * Thu Oct 25 2018 matthias.gerstner@suse.com - add a Requires towards tpm2-0-tss, because that main package holds the udev rules and logic for setting up the tss user. Without this the daemon can't start up correctly. * Tue Oct 23 2018 matthias.gerstner@suse.com - fix broken build due to newer glib dependency that reports a full path for gdbus-codegen, breaking the configure check. * Wed Sep 26 2018 matthias.gerstner@suse.com - update to version 2.0.2 (FATE#326270): - --enable-integration option to configure script now works as documented. - Format specifier with wrong size in util module. - Initialize TCTI context to 0 before setting values. This will cause all members that aren't explicitly initialized by be 0. * Tue Sep 18 2018 matthias.gerstner@suse.com - add recommends to the tcti-device and tcti-abrmd. Otherwise they're not installed right away, rendering the abrmd quite unusable. * Fri Aug 10 2018 matthias.gerstner@suse.com - Update to version 2.0.1: * SessionList: Fix Connection object reference leak. * source/sink: Organize ControlMessage processing. * CommandSource: Replace 'connection-removed' signal with ControlMessage. * SessionList: Remove all locking. * ConnectionManager: Remove 'connection-removed' signal. * ci: Build 'check' target when CC is gcc. * build: Fix bad URLs in configure script. * CHANGELOG.md: Add version number and date for 2.0.1 release. * Replace references to drand48_r family of functions for portability * Fix for type-punned pointer reported in newer compilers that enforce strict aliasing * Tue Jul 03 2018 matthias.gerstner@suse.com - Trying to fix build on older distros that fail because of a missing or broken autoconf valgrind detection macro. Removing autoreconf to hopefully fix this. * Mon Jul 02 2018 matthias.gerstner@suse.com - add fix_dlopen.patch: fixes an issue with dlopen()'ing the tcti-device library from tpm2-0-tss. See https://github.com/tpm2-software/tpm2-abrmd/issues/486. * Fri Jun 29 2018 matthias.gerstner@suse.com - update to major version 2.0.0: - support_dbus_activation.diff: removed, is not contained upstream - the tpm2 stack introduces an incompatible ABI to the previous version with this update. There is no compatibility layer, libraries have new names etc. - upstream changelog: [#]# 2.0.0 - 2018-06-22 [#]## Added - Integration test script and build support to execute integration tests against a physical TPM2 device on the build platform. - Implementation of dynamic TCTI initialization mechanism. - configure option `--enable-integration` to enable integration tests. The simulator executable must be on PATH. - Support for version 2.0 of tpm2-tss libraries. [#]## Changed - 'max-transient-objects' command line option renamted to 'max-transients'. - Added -Wextra for more strict checks at compile time. - Install location of headers to $(includedir)/tss2. [#]## Fixed - Added missing checks for NULL parameters identified by the check-build. - Bug in session continuation logic. - Off by one error in HandleMap. - Memory leak and uninitialized variable issues in unit tests. [#]## Removed - Command line option --fail-on-loaded-trans. - udev rules for TPM device node. This now lives in the tpm2-tss repo. - Remove legacy TCTI initialization functions. - configure option `--with-simulatorbin`. [#]# 1.3.1 - 2018-03-18 [#]## Fixed - Distribute systemd preset template instead of the generated file. [#]# 1.3.0 - 2018-03-02 [#]## Added - New configure option (--test-hwtpm) to run integration tests against a physical TPM2 device on the build platform. - Install systemd service file to allow on-demand systemd unit activation. [#]## Changed - Converted some inappropriate uses of g_error to critical / warning instead. - Removed use of gen_require from SELinux policy, use dbus_stub instead. - udev rules now give tss group read / write access to the TPM device node. - udev rules now give tss user and group read / write access to kernel RM node. [#]## Fixed - Memory leak on an error path in the AccessBroker. * Thu Feb 22 2018 matthias.gerstner@suse.com - update to upstream version 1.2.0: - Limit maximum number of active sessions per connection with '--max-sessions'. - Flush all transient objects and sessions on daemon start with '--flush-all'. - Allow passing of sessions across connections with ContextSave / Load. - Unref the GUnixFDList returned by GIO / dbus in the TCTI init function. This fixes a memory leak in the TCTI library. - correctly trigger udev to update /dev/tpm* permissions after package installation. (bnc#1078687) - prepared support_dbus_activation.diff patch which adds D-Bus activation, but can't use it yet due to rpmlint * Wed Nov 15 2017 matthias.gerstner@suse.com - fix_service_paths.diff: fixed broken systemd service unit (bnc#1066123). the service unit file in the upstream distribution tarball is already configured and looks for binaries and configuration files in the /usr/local prefix which is wrong. * Fri Sep 01 2017 matthias.gerstner@suse.com - package version symlink correctly, belongs into the lib package itself, not the -devel. * Wed Aug 30 2017 matthias.gerstner@suse.com - update to upstream version 1.1.1 which fixes some local denial-of-service security issues among other things: - Replace use of sigaction with g_unix_signal_* stuff from glib. - Rewrite of INSTALL.md including info on custom configure script options. - Default value for --with-simulatorbin configure option has been removed. New default behavior is to disable integration tests. - CommandSource will no longer reject commands without parameters. - Unit tests updated to use cmocka v1.0.0 API. - Integration tests now run daemon under valgrind memcheck and fail when errors are found. - CommandSource now tracks max FD in set of client FDs to prevent unnecessary iterations over FD_SETSIZE fds. - no longer call bootstrap and switch to the release upstream tarball which has now been fixed to contain all necessary files * Thu Jul 20 2017 matthias.gerstner@suse.com - first version of the new arbmd resource manager from Intel's tpm2 stack. This will replace the old resourcemgr previously shipped with the tpm2-0-tss package.
/usr/lib/systemd/system/tpm2-abrmd.service /usr/sbin/rctpm2-abrmd /usr/sbin/tpm2-abrmd /usr/share/dbus-1/system-services/com.intel.tss2.Tabrmd.service /usr/share/dbus-1/system.d/tpm2-abrmd.conf /usr/share/doc/packages/tpm2.0-abrmd /usr/share/doc/packages/tpm2.0-abrmd/CHANGELOG.md /usr/share/doc/packages/tpm2.0-abrmd/CONTRIBUTING.md /usr/share/doc/packages/tpm2.0-abrmd/INSTALL.md /usr/share/doc/packages/tpm2.0-abrmd/README.SUSE /usr/share/doc/packages/tpm2.0-abrmd/README.md /usr/share/licenses/tpm2.0-abrmd /usr/share/licenses/tpm2.0-abrmd/LICENSE /usr/share/man/man7/tss2-tcti-tabrmd.7.gz /usr/share/man/man8/tpm2-abrmd.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Nov 12 00:02:43 2024