Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

tboot-20210614_1.11.4-1.1 RPM for i586

From OpenSuSE Ports Tumbleweed for i586

Name: tboot Distribution: openSUSE Tumbleweed
Version: 20210614_1.11.4 Vendor: openSUSE
Release: 1.1 Build date: Mon Jun 17 15:09:34 2024
Group: Productivity/Security Build host: reproducible
Size: 797035 Source RPM: tboot-20210614_1.11.4-1.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://sourceforge.net/projects/tboot/
Summary: Program for performing a verified launch using Intel TXT
 
Trusted Boot (tboot) is a pre-kernel/VMM module that uses Intel
Trusted Execution Technology (Intel(R) TXT) to perform a measured and
verified launch of an OS kernel/VMM.

Provides

Requires

License

BSD-3-Clause

Changelog

* Mon Jun 17 2024 Matthias Gerstner <matthias.gerstner@suse.com>
  - add tboot.rpmlintrc: suppress warning about missing %check section. There's
    no testsuite for tboot.
  - mark grub.d snippets as %config (noreplace) to satisfy rpmlint warning
    (the grub2 package itself marks its snippets this way, so it seems to be
    common standard to do so).
  - update to v1.11.4:
    * v1.11.4
      Increase the TBOOT log size from 32 KB to 64 KB. For some Intel server
      platforms, it was noticed that TBOOT_SERIAL_LOG memory section was too
      small to hold all of the print logs, produced by TBOOT. Due to this
      reason TBOOT log section memory size had to be increase to 64KB.
    * v1.11.3
      Fix the hanging TBOOT issue, which appeared during the RLPs wakeup process
      on the Intel's multisocket platform. This problem appeared during the AP
      stacks allocations for these RLPs. TBOOT allocated memory for them depending
      on the woken-up CPUs X2 APIC values. When some of them exceeded the NR_CPUS (1024),
      then the RLP wakeup process execution halted. For the current moment,
      the maximal X2 APID value was increased from 1024 to 8192. This kind of
      solution fixed the given problem.
    * v1.11.2
      Fix the RAM memory allocation algorithm for the initrd.
* Mon Feb 06 2023 Matthias Gerstner <matthias.gerstner@suse.com>
  - required update due to openSSL 3.0 deprecation errors in current version
  - updated to v1.11.1 / 20230125:
      20230125: v1.11.1
    - Revert log memory range extension (caused memory overlaps and boot failures)
      20221223: v1.11.0
    - Fixed TPM handling to flush objects after integrity measurement (Intel PTT limitations)
    - Exteded low memory range for logs (HCC CPUs had issue with not enough memory)
    - "agile" removed from PCR Extend policy options (requested deprecation)
    - Added handling for flexible ACM Info Table format
    - lcptools: CPPFLAGS use by environment in build
    - lcptools: removed __DATE__ refs to make build reproducible
    - Only platform-matchin SINIT modules can be selected
    - txt-acminfo: Map TXT heap using mmap
    - Typo fix in man page
      20220304: v1.10.5
    - Fixed mlehash.c to bring back functionality and make it GCC12 compliant
    - Reverted change for replacing EFI memory to bring back Tboot in-memory logs
      20220224: v1.10.4
    - Fix hash printing for SHA384, SHA512 and SM3
    - Touch ups for GCC12
    - Set GDT to map CS and DS to 4GB before jumping to Linux
    - make efi_memmap_reserve handle gaps like e820_protect_region
    - Ensure that growth of Multiboot tags does not go beyond original area
    - Replace EFI memory map in Multiboot2 info
    - Fix endianness of pcr_info->pcr_selection.size_of_select
    - Don't ignore locality in PCR file
    - Fix composite hashing algorithm for PCONF elements to match lcptools-1
      20211210: v1.10.3
    - Add UNI-VGA license information
    - Remove poly1305 object files on clean
    - Support higher resolution monitors
    - Use SHA256 as default hashing algorithm in lcp2_mlehash and tb_polgen
    - Add OpenSSL 3.0.0 support in lcptools-v2
    - Increase number of supported CPUs to 1024 to accomodate for larger units
  - tboot-grub2-fix-menu-in-xen-host-server.patch: refreshed to match new
    upstream version.
  - tboot-grub2-fix-xen-submenu-name.patch: refreshed to match new upstream
    version.
* Fri Jun 11 2021 Marcus Meissner <meissner@suse.com>
  - updated to v1.10.2 / 20210614
      Fix ACM chipset/processor list validation
      Check for client/server match when selecting SINIT
      Fix issues when building with GCC11
      Default to D/A mapping when TPM1.2 and CBnT platform
  - updated to 1.10.1 / 20210330
    - Indicate to SINIT that CBnT is supported by TBOOT
    - lcptools: Fix issues from static code analysis
* Tue Jan 19 2021 Matthias Gerstner <matthias.gerstner@suse.com>
  - release 1.10.0 ramifications:
    - README is now README.md
    - acminfo and parse_err now are called txt-acminfo and txt-parse_err
    - lcptools are deprecated (tpm 1.2, TrouSerS dependency) and are no longer
      packaged.
    - no longer needs TrouSerS dependency due to deprecation
* Tue Jan 19 2021 Matthias Gerstner <matthias.gerstner@suse.com>
  - tboot-grub2-fix-menu-in-xen-host-server.patch: refreshed to match new
    upstream version.
  - tboot-grub2-fix-xen-submenu-name.patch: refreshed to match new upstream
    version.
* Tue Jan 19 2021 Matthias Gerstner <matthias.gerstner@suse.com>
  - update to new upstream release 1.10.0:
    - Rename TXT related tools to have 'txt-' prefix
    - Clarify license issues
    - Fix issues reported by Coverity Scan
    - Ensure txt-acminfo does not print false information if msr is not loaded
    - Fix issue with multiboot(1) booting - infinite loop during boot
    - Fix issue with TPM1.2 - invalid default policy
    - Unmask NMI# after returning from SINIT
    - Update GRUB scripts to use multiboot2 only
    - Enable VGA logging for EFI platforms
    - Add warning when using SHA1 as hashing algorithm
    - Add Doxygen documentation
    - Replace VMAC with Poly1305
    - Validate TPM NV index attributes
    - Move old lcptool to deprecated folder and exclude from build
    - TrouSerS is not longer required to build
    - lcptools-v2: meet requirements from MLE DG rev16
    - lcptools-v2: Implement SM2 signing and SM2 signature verification
    - lcptools-v2: Set aux_hash_alg_mask to 0 when policy version != 0x300
  - dropped tboot-Unmask-NMI-after-returning-from-SINIT.patch (upstream)
* Thu Nov 12 2020 Matthias Gerstner <matthias.gerstner@suse.com>
  - add tboot-grub2-refuse-secure-boot.patch: don't generate tboot menu entries
    in grub when the system is running with UEFI Secure Boot (bsc#1175114). This
    prevents hard to understand error messages when trying to boot tboot in this
    context.
* Mon Sep 28 2020 matthias.gerstner@suse.com
  - update to new upstream release 1.9.12:
    - changes from 1.9.12:
    - Release localities in S3 flow for CRB interface
    - Config.mk, safestringlib/makefile : allow tool overrides
    - safestringlib: fix warnings with GCC 6.4.0
    - Strip executable file before generating tboot.gz
    - Add support for EFI memory map parse/modification
    - Add SHA384 and SHA512 digest algorithms
    - lcptools-v2: add pconf2 policy element support
    - tb_polgen: Add SHA384 and SHA512 support
    - Disable GCC9 address-of-packed-member warning
    - Fix warnings after "Avoid unsafe functions" scan
    - Use SHA256 as default hashing algorithm
    - changes from 1.9.11:
    - tb_polgen: Add support for SHA256
    - Configure IOMMU before executing GETSEC[SENTER]
    - SINIT ACM can have padding, handle that when checking size
    - disable-address-of-packed-member-warning.patch: now contained upstream
    - tboot-grub2-fix-xen-submenu-name.patch: refreshed
  - dropped tboot-Release-localities-in-S3-flow-for-CRB-interface.patch (upstream)
  - dropped tboot-Configure-IOMMU-before-executing-GETSEC-SENTER.patch (upstream)
  - dropped tboot-Do-not-try-to-read-EFI-mem-map-when-booted-with-mult.patch (upstream)
  - dropped tboot-Release-localities-in-S3-flow-for-CRB-interface.patch (upstream)
  - dropped tboot-support-sinit-padding.patch (upstream)
  - dropped tboot-Add-support-for-EFI-memory-map-parse-modification.patch
  - dropped tboot-fix-memmap1-boot-issues.patch
  - dropped tboot-Add-more-mbi-validation.patch
* Fri Jul 12 2019 Martin Liška <mliska@suse.cz>
  - Disable LTO in more elegant way (boo#1141323).
* Thu Jul 11 2019 mgerstner <matthias.gerstner@suse.com>
  - explicitly disable gcc9 link time optimization to fix the build and avoid
    trouble in low level tboot code.

Files

/boot/tboot-syms
/boot/tboot.gz
/etc/grub.d
/etc/grub.d/20_linux_tboot
/etc/grub.d/20_linux_xen_tboot
/usr/sbin/lcp2_crtpol
/usr/sbin/lcp2_crtpolelt
/usr/sbin/lcp2_crtpollist
/usr/sbin/lcp2_mlehash
/usr/sbin/tb_polgen
/usr/sbin/txt-acminfo
/usr/sbin/txt-parse_err
/usr/sbin/txt-stat
/usr/share/doc/packages/tboot
/usr/share/doc/packages/tboot/COPYING
/usr/share/doc/packages/tboot/Makefile
/usr/share/doc/packages/tboot/README.md
/usr/share/doc/packages/tboot/howto_use.md
/usr/share/doc/packages/tboot/lcptools.txt
/usr/share/doc/packages/tboot/man
/usr/share/doc/packages/tboot/man/lcp2_crtpol.8
/usr/share/doc/packages/tboot/man/lcp2_crtpolelt.8
/usr/share/doc/packages/tboot/man/lcp2_crtpollist.8
/usr/share/doc/packages/tboot/man/lcp2_mlehash.8
/usr/share/doc/packages/tboot/man/tb_polgen.8
/usr/share/doc/packages/tboot/man/txt-acminfo.8
/usr/share/doc/packages/tboot/man/txt-parse_err.8
/usr/share/doc/packages/tboot/man/txt-stat.8
/usr/share/doc/packages/tboot/policy_v1.txt
/usr/share/doc/packages/tboot/policy_v2.txt
/usr/share/doc/packages/tboot/tboot_flow.md
/usr/share/doc/packages/tboot/txt-info.txt
/usr/share/doc/packages/tboot/vlp.txt
/usr/share/man/man8/lcp2_crtpol.8.gz
/usr/share/man/man8/lcp2_crtpolelt.8.gz
/usr/share/man/man8/lcp2_crtpollist.8.gz
/usr/share/man/man8/lcp2_mlehash.8.gz
/usr/share/man/man8/tb_polgen.8.gz
/usr/share/man/man8/txt-acminfo.8.gz
/usr/share/man/man8/txt-parse_err.8.gz
/usr/share/man/man8/txt-stat.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Jun 24 23:42:21 2024