Revisions of ima-evm-utils
buildservice-autocommit
accepted
request 1135992
from
Marcus Meissner (msmeissn)
(revision 57)
Marcus Meissner (msmeissn)
(revision 57)
baserev update by copy to link target
Marcus Meissner (msmeissn)
accepted
request 1133396
from
Frederic Crozat (fcrozat)
(revision 56)
- Update download url.
buildservice-autocommit
accepted
request 1070713
from
Marcus Meissner (msmeissn)
(revision 55)
Marcus Meissner (msmeissn)
(revision 55)
baserev update by copy to link target
Marcus Meissner (msmeissn)
accepted
request 1070704
from
Petr Vorel (pevik)
(revision 54)
- Update to version 1.5 * CI changes: * New: UML kernel testing environment * Support for running specific test(s) * Update distros * Update software release versions * New features: * Signing fs-verity signatures * Reading TPM 2.0 PCRs via sysfs interface * New tests: * Missing IMA mmapped file measurements * Overlapping IMA policy rules * EVM portable signatures * fs-verity file measurements in the IMA measurement list * Build and library changes: * OpenSSL 3.0 version related changes * New configuration options: --disable-engine, --enable-sigv1 * Deprecate IMA signature v1 format * Misc bug fixes and code cleanup: * memory leaks, bounds checking, use after free * Fix and update test output * Add missing sanity checks * Documentation: * Store the sourceforge ima-evm-utils wiki for historical purposes. - Upstream bumped soname to 4.0.0 - Add BuildRequires: e2fsprogs util-linux (required by tests, which are mandatory) - /usr/sbin to PATH (0001-fsverity.test-Add-usr-sbin-into-PATH.patch, sent to upstream ML)
buildservice-autocommit
accepted
request 972600
from
Marcus Meissner (msmeissn)
(revision 53)
Marcus Meissner (msmeissn)
(revision 53)
baserev update by copy to link target
Petr Vorel (pevik)
accepted
request 929570
from
Petr Vorel (pevik)
(revision 51)
- Update to version 1.4 * Elliptic curve support and tests * PKCS11 support and tests * Ability to manually specify the keyid included in the IMA xattr * Improve IMA measurement list per TPM bank verification * Linking with IBM TSS * Set default hash algorithm in package configuration * (Minimal) support and test EVM portable signatures * CI testing: * Refresh and include new distros * Podman support * GitHub Actions * Limit "sudo" usage * Misc bug fixes and code cleanup * Fix static analysis bug reports, memory leaks * Remove experimental code that was never upstreamed in the kernel * Use unsigned variable, remove unused variables, etc - Upstream bumped soname to 3.0.0
buildservice-autocommit
accepted
request 844713
from
Petr Vorel (pevik)
(revision 50)
Petr Vorel (pevik)
(revision 50)
baserev update by copy to link target
Petr Vorel (pevik)
accepted
request 844712
from
Petr Vorel (pevik)
(revision 49)
- Update to version 1.3.2 * Bugfixes: importing keys * NEW: Docker based travis distro testing * Travis bugfixes, code cleanup, software version update, and script removal * Initial travis testing - Remove 0001-help-Add-missing-new-line-for-ignore-violations.patch (patch from this release) - Add make check + dependencies (getfattr => attr, xxd => vim)
buildservice-autocommit
accepted
request 838990
from
Petr Vorel (pevik)
(revision 48)
Petr Vorel (pevik)
(revision 48)
baserev update by copy to link target
Petr Vorel (pevik)
accepted
request 838988
from
Petr Vorel (pevik)
(revision 47)
- Fix missing new line in help (0001-help-Add-missing-new-line-for-ignore-violations.patch)
buildservice-autocommit
accepted
request 826695
from
Petr Vorel (pevik)
(revision 46)
Petr Vorel (pevik)
(revision 46)
baserev update by copy to link target
Petr Vorel (pevik)
accepted
request 826694
from
Petr Vorel (pevik)
(revision 45)
- Update to version 1.3.1
* "--pcrs" support for per crypto algorithm
* Drop/rename "ima_measurement" options
* Moved this summary from "Changelog" to "NEWS", removing
requirement for GNU empty files
* Distro build fixes
* Remove 0001-pcr_tss-Fix-compilation-for-old-compilers.patch (from this
release)
buildservice-autocommit
accepted
request 822318
from
Petr Vorel (pevik)
(revision 44)
Petr Vorel (pevik)
(revision 44)
baserev update by copy to link target
Petr Vorel (pevik)
accepted
request 822317
from
Petr Vorel (pevik)
(revision 43)
- Use %autosetup -p1
Petr Vorel (pevik)
accepted
request 822243
from
Petr Vorel (pevik)
(revision 42)
- Remove suse_version check for tpm2-0-tss-devel as the package is available for back as far as SLE 12 SP2 and respective openSUSE versions (also check was wrong, should have been 1500).
Marcus Meissner (msmeissn)
accepted
request 822221
from
Petr Vorel (pevik)
(revision 41)
- Fixes from previous SR (reported by fvogt): * Move ibmtss runtime dependency to evmctl package * Remove dependencies to devel package (should not be needed)
Marcus Meissner (msmeissn)
accepted
request 822216
from
Petr Vorel (pevik)
(revision 40)
- Update to version 1.3
version 1.3 new features:
* NEW ima-evm-utils regression test infrastructure with two initial
tests:
- ima_hash.test: calculate/verify different crypto hash algorithms
- sign_verify.test: EVM and IMA sign/verify signature tests
* TPM 2.0 support
- Calculate the new per TPM 2.0 bank template data digest
- Support original padding the SHA1 template data digest
- Compare ALL the re-calculated TPM 2.0 bank PCRs against the
TPM 2.0 bank PCR values
- Calculate the per TPM bank "boot_aggregate" values, including
PCRs 8 & 9 in calculation
- Support reading the per TPM 2.0 Bank PCRs using Intel's TSS
- boot_aggregate.test: compare the calculated "boot_aggregate"
values with the "boot_aggregate" value included in the IMA
measurement.
* TPM 1.2 support
- Additionally support reading the TPM 1.2 PCRs from a supplied file
("--pcrs" option)
* Based on original IMA LTP and standalone version support
- Calculate the TPM 1.2 "boot_aggregate" based on the exported
TPM 1.2 BIOS event log.
- In addition to verifying the IMA measurement list against the
the TPM PCRs, verify the IMA template data digest against the
template data. (Based on LTP "--verify" option.)
- Ignore file measurement violations while verifying the IMA
measurment list. (Based on LTP "--validate" option.)
- Verify the file data signature included in the measurement list
based on the file hash also included in the measurement list
buildservice-autocommit
accepted
request 722572
from
Marcus Meissner (msmeissn)
(revision 39)
Marcus Meissner (msmeissn)
(revision 39)
baserev update by copy to link target
Marcus Meissner (msmeissn)
accepted
request 719901
from
Petr Vorel (pevik)
(revision 38)
- Update to version 1.2.1 (included changes of unreleased v1.2) version 1.2 new features: * Generate EVM signatures based on the specified hash algorithm * include "security.apparmor" in EVM signature * Add support for writing & verifying "user.xxxx" xattrs for testing * Support Strebog/Gost hash functions * Add OpenSSL engine support * Use of EVP_PKEY OpenSSL API to generate/verify v2 signatures * Support verifying multiple signatures at once * Support new template "buf" field and warn about other unknown fields * Improve OpenSSL error reporting * Support reading TPM 2.0 PCRs using tsspcrread Bug fixes and code cleanup: * Update manpage stylesheet detection * Fix xattr.h include file * On error when reading TPM PCRs, don't log gargabe * Properly return keyid string to calc_keyid_v1/v2 callers, caused by limiting keyid output to verbose mode * Fix hash buffer overflow caused by EVM support for larger hashes, defined MAX_DIGEST_SIZE and MAX_SIGNATURE_SIZE, and added "asserts". * Linked with libcrypto instead of OpenSSL * Updated Autotools, replacing INCLUDES with AM_CPPFLAGS * Include new "hash-info.gen" in tar * Log the hash algorithm, not just the hash value * Fixed memory leaks in: EV_MD_CTX, init_public_keys * Fixed other warnings/bugs discovered by clang, coverity * Remove indirect calls in verify_hash() to improve code readability * Don't fallback to using sha1 * Namespace some too generic object names * Make functions/arrays static if possible
Displaying revisions 1 - 20 of 57
