Revisions of tpm2.0-tools
buildservice-autocommit
accepted
request 1135462
from
Factory Maintainer (factory-maintainer)
(revision 107)
Factory Maintainer (factory-maintainer)
(revision 107)
baserev update by copy to link target
Alberto Planas Dominguez (aplanas)
accepted
request 1134440
from
Alberto Planas Dominguez (aplanas)
(revision 106)
- Update to version 5.6
+ tpm2_eventlog:
* add H-CRTM event support
* add support of efivar versions less than 38
* Add support to check for efivar/efivar.h manually
* Minor formatting fixes
* tpm2_eventlog: add support for replay with different
StartupLocality
* Fix pcr extension for EV_NO_ACTION
* Extend test of yaml string representation
* Use helper for printing a string dump
* Fix upper bound on unique data size
* Fix YAML string formatting
+ tpm2_policy:
* Add support for parsing forward seal TPM values
* Use forward seal values in creating policies
* Move dgst_size in evaluate_populate_pcr_digests()
* Allow more than 8 PCRs for sealing
* Move dgst_size in evaluate_populate_pcr_digests
* Allow more than 8 PCRs for sealing
* Make __wrap_Esys_PCR_Read() more dynamic to enable testing more
PCRs
+ tpm2_encryptdecrypt: Fix pkcs7 padding stripping
+ tpm2_duplicate:
* Support -a option for attributes
* Add --key-algorithm option
+ tpm2_encodeobject: Use the correct -O option instead of -C
+ tpm2_unseal: Add qualifier static to enhance the privacy of unseal
function
+ tpm2_sign:
* Remove -m option which was added mistakenly
* Revert sm2 sign and verifysignature
+ tpm2_createek:
* Correct man page example
* Fix usage of nonce
* Fix integrating nonce
+ tpm2_clear: add more details about the action
+ tpm2_startauthsession: allow the file attribute for policy
authorization.
+ tpm2_getekcertificate: Add AMD EK support
+ tpm2_ecdhzgen: Add public-key parameter
+ tpm2_nvreadpublic: Prevent free of unallocated pointers on failure
+ Bug-fixes:
* The readthedocs build failed with module 'jinja2' has no
attribute 'contextfilter' a requirement file was added to fix
this problem
* An error caused by the flags -flto -_FORTIFY_SOURCE=3 in kdfa
implementation. This error can be avoided by switching off the
optimization with pragma
* Changed wrong function name of "Esys_Load" to "Esys_Load"
* Function names beginning with Esys_ are wrongly written as Eys_
* Reading and writing a serialized persistent ESYS_TR handles
* cirrus-ci update image-family to freebsd-13-2 from 13-1
+ misc:
* Change the default Python version to Python3 in the helper's
code
* Skip test which uses the sign operator for comparison in
abrmd_policynv.sh
* tools/tr_encode: Add a tool that can encode serialized ESYS_TR
for persistent handles from the TPM2B_PUBLIC and the raw
persistent TPM2_HANDLE
* Add safe directory in config
buildservice-autocommit
accepted
request 1087676
from
Alberto Planas Dominguez (aplanas)
(revision 105)
Alberto Planas Dominguez (aplanas)
(revision 105)
baserev update by copy to link target
Alberto Planas Dominguez (aplanas)
accepted
request 1087675
from
Alberto Planas Dominguez (aplanas)
(revision 104)
- Disable tests. Some tests randomly fails, maybe dependening on the OBS worker assigned during the build (not confirmed)
buildservice-autocommit
accepted
request 1066202
from
Alberto Planas Dominguez (aplanas)
(revision 103)
Alberto Planas Dominguez (aplanas)
(revision 103)
baserev update by copy to link target
Alberto Planas Dominguez (aplanas)
accepted
request 1066201
from
Alberto Planas Dominguez (aplanas)
(revision 102)
Drop extra line
Alberto Planas Dominguez (aplanas)
accepted
request 1066188
from
Alberto Planas Dominguez (aplanas)
(revision 101)
- Update to version 5.5
+ Added:
* tpm2_createek: SM2 EK Support
* misc: SM2 support to internal OSSL format key routines. Fixes
--format flags for conversions.
+ Fixed:
* echo_tcti.py: set to use python3 named executable in shebang.
- Drop already merged patches
+ fix_bogus_warning.patch
+ echo_tcti_call_python3_binary.patch
buildservice-autocommit
accepted
request 1055808
from
Alberto Planas Dominguez (aplanas)
(revision 100)
Alberto Planas Dominguez (aplanas)
(revision 100)
baserev update by copy to link target
Alberto Planas Dominguez (aplanas)
accepted
request 1055806
from
Alberto Planas Dominguez (aplanas)
(revision 99)
- Re-disable tests in PPC, PPC64 and S390X and reference issues about endianness unsafe API
buildservice-autocommit
accepted
request 1041885
from
Alberto Planas Dominguez (aplanas)
(revision 98)
Alberto Planas Dominguez (aplanas)
(revision 98)
baserev update by copy to link target
Alberto Planas Dominguez (aplanas)
accepted
request 1041884
from
Alberto Planas Dominguez (aplanas)
(revision 97)
- Update to version 5.4
Alberto Planas Dominguez (aplanas)
accepted
request 1041869
from
Alberto Planas Dominguez (aplanas)
(revision 96)
- Update to version 5.4
+ Added:
* tpm2_policyrestart: Added option --cphash to output the cpHash
for the command PM2_CC_PolicyRestart.
* tpm2_policynvwritten: Added option --cphash to output the cpHash
for the command TPM2_CC_PolicyNvWritten.
* tpm2_policylocality: Added option --cphash to output the cpHash
for the command TPM2_CC_PolicyLocality.
* tpm2_policycountertimer: Added option --cphash to output the
cpHash for the command TPM2_CC_PolicyCounterTimer.
* tpm2_policycommandcode: Added option --cphash to output the
cpHash for the command TPM2_CC_PolicyCommandCode.
* tpm2_policypassword: Added option --cphash to output the cpHash
for the command TPM2_CC_PolicyPassword.
* tpm2_policyauthvalue: Added option --cphash to output the cpHash
for the command TPM2_CC_PolicyAuthValue.
* tpm2_policyauthorize: Added option --cphash to output the cpHash
for the command TPM2_CC_PolicyAuthorize.
* tpm2_print: Support printing serialized ESYS_TR's
* tpm2_create: Add a clarifying message to usage of -c when
TPM2_CreateLoaded is not supported.
* tpm2_getcap: Add support for vendor agnostic
capabilites. Requires tpm2-tss version 4.0 and higher to enable.
* Add a script, check_endorsement_cert.sh, to validate the
endorsement certificate chain. It takes two inputs - A
TPM2B_PUBLIC format EKpublic and a PEM format EKcertificate
specified in that order as arguments.
- Update to version 5.3
+ Features:
* lib/tpm2_tool.c: add --help=no-man for tpm2 option. Prior to
this change the tool parsed no-man as an unrecognized option and
errored out. Now it lists all the available tool options.
* tpm2_encodeobject: New tool to encode TPM2 object. It takes
public and private portions of an object and encode them in a
combined PEM form called tssprivkey used by tpm2-tss-engine and
other applications.
* Support alternative ECC curves for which default EK templates
exist (NIST_P256, NIST_P384, NIST_P521, and SM2_P256).
* tools/misc/tpm2_checkquote: add sm2 verification of signature.
* crypto: support the TPM2_ECC_SM2_P256 curveID.
* fapi: add new command to enable the use of fapi objects for tpm2
tools. The new command tss2_gettpm2object was added. With this
command context files which can be used for tpm2 tool commands
can be created.
* Support for sign and verify with sm2 algorithms.
* tools/tpm2_startauthsession: add sym-algorithm argument for
supported symmetric algorithm.
* Attestation (certify, command audit, sessionaudit and quote):
add scheme argument for supported signature schemes. This also
enable support for SM signing.
* tpm2_flushcontext: support all options at a time. Support the
-t/-l/-s options all at once so folks don't have to call it
multiple times.
* tools/tpm2_nvread: add human readable output for NV content
Enable parsing and YAML-style output for the different NV index
types.
* New event types in tpm2_eventlog:
EV_EFI_PLATFORM_FIRMWARE_BLOB2, EV_EFI_HANDOFF_TABLES2,
EV_EFI_VARIABLE_BOOT2
* VERSION: add version file - Generate the version file with
bootstrap and include in the DIST tarball so endusers can call
autoreconf on a dist tarball which doesn't have git. This
alleviates git describe errors on release tarballs in the
autoreconf case.
* import: support restricted parents - Support a restricted parent
with an aes128cfb symmetric parameter.
* tpm2_load - Added capability to load pem files in
TSS2-Private-Key format for interoperability with
tpm2-tss-engine, tpm2-openssl provider tpm2-pkcs11, and
tpm2-pytss.
* tpm2_print - Added capability to parse out and print the public
portion of a TSS Private Key in the PEM format with the arg
option TSSPRIVKEY_OBJ.
* tpm2_loadexternal: Added support to tpm2_loadexternal for
parsing and loading the public portion of a TSS2 Privkey PEM
file. The path to the PEM file must be specified using the -r
option while skipping the -G option for key type.
* Support added for calculating cpHash, rpHash, sessions for
parameter encryption and auditing in: tpm2_nvwrite,
tpm2_nvcertify, tpm2_nvincrement, tpm2_nvwritelock,
tpm2_nvreadlock, tpm2_nvundefine and tpm2_nvreadpublic.
* Support added for calculating cpHash in: tpm2_clear,
tpm2_dictionarylockout, tpm2_clearcontrol, tpm2_sign,
tpm2_setprimarypolicy, tpm2_setclock, tpm2_rsadecrypt,
tpm2_duplicate, tpm2_clockrateadjust, tpm2_createprimary,
tpm2_quote, tpm2_policysecret, tpm2_policynv,
tpm2_policyauthorizenv, tpm2_import, tpm2_hmac,
tpm2_hierarchycontrol, tpm2_load, tpm2_gettime,
tpm2_evictcontrol, tpm2_encryptdecrypt, tpm2_getpolicydigest,
tpm2_loadexternal, tpm2_commit, tpm2_ecdhkeygen, tpm2_ecdhzgen,
tpm2_ecephemeral, tpm2_geteccparameters, tpm2_flushcontext,
tpm2_pcrallocate, tpm2_pcrevent, tpm2_pcrreset, tpm2_pcrread.
* Support for using tcti=none for cpHash calculations to avoid
invoking checks for active TPM in: tpm2_nvreadpublic,
tpm2_nvundefine, tpm2_nvreadlock, tpm2_nvwritelock,
tpm2_nvincrement, tpm2_nvcertify, tpm2_nvdefine, tpm2_nvwrite.
+ Known issue:
* FAPI tools will not work on 32bit user-static qemu on 64bit host
because readdir returns NULL. Follow the issue on
https://gitlab.com/qemu-project/qemu/-/issues/263
+ Bug fixes:
* tools/tpm2_pcrreset.c: fix build errors in 32bit systems.
* Fix tssprivkey formatted PEM generation and load errors on 32
bit systems.
* CI: Add testing of 32bit systems with multiarch/qemu-user-static
containers.
* tools/tpm2_evictcontrol: fix for calls to Esys_TR_Close on bad
handles.
* tools/tpm2_nvextend: fix for ESYS_TR handle not being used in
calculating the object name.
* tools/tpm2_nvwrite, tools/tpm2_nvread: Policy authorization must
be re-instantiated on each iteration of the read/ write when
size exceeds the allowed operating size
(TPM2_PT_NV_BUFFER_MAX). However, information on the compounded
policies cannot be retrieved from the only policy digest read
from the session and hence the session cannot be
re-instantiated. To avoid this scenario only a single iteration
is allowed when policy authorization is in use.
* Fix argument parsing in tpm2_policylocality to fix an issue
causing almost always to generate PolicyLocality(0). There was a
logical inversion that caused almost any argument (including
invalid ones) to be interpreted as zero, except “zero" would be
interpreted as one.
* test/fapi/fapi-quote-verify.sh Fix check of qualifying
data. Because of a bug in Fapi_VerifyQuote the qualifying data
was not checked correctly. Errors that were not recognized
before occur now. The order of the tests was cleaned up and for
every quote and verify quote now the correct combination of the
qualifying data and quote info containing the nonce is used.
* tpm2_nvdefine: set TPMA_NV_PLATFORMCREATE when authenticating
with the platform hierarchy.
* tools/tpm2_getekcertificate: fixed the url link to
ekop.intel.com. There were two places where the fix was needed:
o In the tool source code where a forward slash was always
appended irrespective of it already being part of the link
specified by the user and
o In the integration test where curl tests the link to the
ekop.intel.com backend. It now requires the full link to
include the base64 encoded ek pub hash.
* tools/tpm2_tool.c: Fix an issue where LOG_WARN is always
displayed Despite setting the 'quiet' flag with -Q.
* fapi: fix usage of parameter pcrLog for tss2_quote. pcrLog is an
optional parameter. If pcrLog is not used as parameter currently
the pcr log is still calculated in Fapi_Quote. To avoid this
calculation a NULL pointer will be passed to Fapi_Quote if the
parameter pcrLog is not passed. So tss2_quote can be executed
for a user which has no access rights to the files with the
system measurements.
* import: fix bug on using scheme wherein if scheme is specified
in the template, the openssl load functions clobber the scheme
value and set it to TPM2_ALG_NULL.
* tools/tpm2_sign and tpm2_verifysignature: fix sm2 sign and
verifysignature bugs : (1.) sm2 sign could not get output
signature. (2.) sm2 verify tss format signature failed.
* lib/tpm2.c: added workaround for a system api bug where in the
flush handle is erroneously placed in the handle area instead of
the parameter area.
* nvreadpublic: drop ntoh on attributes The attributes get
marshalled to correct endianess by libmu and don’t need to be
changed again.
* Removing unused '-i' option from tpm2_print
* tpm2_policyor: fix unallocated policy list The TPML_DIGEST
policy list was calloc'd for some reason, however it could just
be statically allocated in the context. The side effect is that
when no options or arguments were given a NPD occured when
checking the count of the policy list.
* tools/tpm2_certify: fix man page for short options and add tests
The short options for the signing-key-auth and
certified-key-auth were swapped. The case fix in the man page
makes it less intuitive but have to go through with the change
so that we don't break any existing scripts. This change does
not affect the long options. Tests have been added to ensure the
functionality.
+ CI:
* ci: add ubuntu-22.04. This also requires the min tpm2-tss
version to be at 3.2.0 to support the openSSL major version 3.
* cirrus.yml: update freebsd version to 13.1
* .ci/download-deps.sh: update tpm2-abrmd dependency version to
2.4.1
- Drop 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch
(merged)
- Drop add_missing_shut_down_call_on_cleanup.patch (merged)
- Drop fix_check_of_qualifying_data.patch (merged)
buildservice-autocommit
accepted
request 989125
from
Alberto Planas Dominguez (aplanas)
(revision 95)
Alberto Planas Dominguez (aplanas)
(revision 95)
baserev update by copy to link target
Alberto Planas Dominguez (aplanas)
accepted
request 989124
from
Alberto Planas Dominguez (aplanas)
(revision 94)
- Disable tests in some architectures (ppc, ppc64, s390x)
Alberto Planas Dominguez (aplanas)
accepted
request 989000
from
Alberto Planas Dominguez (aplanas)
(revision 93)
- Add patch to fix leakage of TPM simulator process add_missing_shut_down_call_on_cleanup.patch - Add patch to fix fapi-quote-verify[_ecc].sh test fix_check_of_qualifying_data.patch - Enable test execution by default
buildservice-autocommit
accepted
request 987921
from
Alberto Planas Dominguez (aplanas)
(revision 92)
Alberto Planas Dominguez (aplanas)
(revision 92)
baserev update by copy to link target
Alberto Planas Dominguez (aplanas)
accepted
request 987920
from
Alberto Planas Dominguez (aplanas)
(revision 91)
- Add missing dependencies for testing.
Alberto Planas Dominguez (aplanas)
accepted
request 987892
from
Alberto Planas Dominguez (aplanas)
(revision 90)
Run tests sequentially
Alberto Planas Dominguez (aplanas)
accepted
request 987873
from
Alberto Planas Dominguez (aplanas)
(revision 89)
Alberto Planas Dominguez (aplanas)
accepted
request 987836
from
Alberto Planas Dominguez (aplanas)
(revision 88)
- Add missing dependencies for testing, and enable test bcond (bsc#1188085) - Add patch to properly skip getekcertificate if curl is missing 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch
Displaying revisions 1 - 20 of 107
