keylime

Author	SHA1	Message	Date
Anderson Toshiyuki Sasaki	7b863e83f7	Fix malformed TPM certificates workaround Restore the possibility of using an alternative certificate verification script to verify the EK certificate. Resolves: RHEL-111244 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2025-08-26 17:04:49 +02:00
Sergio Correia	302e60d9ff	Fix for revocation notifier not closing TLS session correctly Resolves: RHEL-109656 Signed-off-by: Sergio Correia <scorreia@redhat.com>	2025-08-18 12:26:23 +00:00
Sergio Correia	f280e120cd	Support vendor_db: follow-up fix Fix spec file to indicate correct ticket issue, RHEL-80455. Related: RHEL-80455 Signed-off-by: Sergio Correia <scorreia@redhat.com>	2025-08-13 09:59:22 +01:00
Sergio Correia	957c21f40b	Support vendor_db as logged by newer shim versions Resolves: RHEL-8045 Signed-off-by: Sergio Correia <scorreia@redhat.com>	2025-08-12 10:01:36 +01:00
Anderson Toshiyuki Sasaki	1f0f824cc1	Fix DB connection leaks Resolves: RHEL-108263 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2025-08-08 17:48:22 +02:00
Sergio Correia	7b334ee7fa	Fix tmpfiles.d configuration related to the cert store Resolves: RHEL-104572 Signed-off-by: Sergio Correia <scorreia@redhat.com>	2025-07-24 09:13:50 +01:00
Sergio Correia	cf0b35b740	Populate cert_store_dir with tpmfiles.d The TPM cert store is now deployed to /usr/share/keylime/tpm_cert_store and we use tpmfiles.d to sync the content there to place where Keylime will read the certificates from, /var/lib/keylime/tpm_cert_store. Resolves: RHEL-76926 Signed-off-by: Sergio Correia <scorreia@redhat.com>	2025-07-10 05:54:03 -03:00
Sergio Correia	1cce18a56d	Use tmpfiles.d for permissions in /var/lib/keylime and /etc/keylime Resolves: RHEL-77144 Signed-off-by: Sergio Correia <scorreia@redhat.com>	2025-07-10 05:52:36 -03:00
Patrik Koncity	a6d3821304	Use the newest keylime-selinux release New version of keylime-selinux dropping keylime_var_log_t label. Resolves: RHEL-388	2025-07-09 11:24:14 +02:00
Anderson Toshiyuki Sasaki	b9a54fe4c6	Avoid changing the ownership of /var/log/keylime Resolves: RHEL-388 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2025-06-20 12:02:08 +02:00
Sergio Correia	b074d86f1c	Revert changes to default server_key_password for verifier/registrar Resolves: RHEL-93678 Signed-off-by: Sergio Correia <scorreia@redhat.com>	2025-06-04 06:40:42 +00:00
Sergio Correia	3cdf1fe060	Update to 7.12.1 Resolves: RHEL-78418 Signed-off-by: Sergio Correia <scorreia@redhat.com>	2025-06-04 06:40:21 +00:00
Sergio Correia	5d41ae0699	Use TLS on revocation notification webhook - Include system installed CA certificates when verifying webhook server certificate - Include the CA certificates added via configuration file option 'trusted_server_ca' Resolves: RHEL-78057 Resolves: RHEL-78313 Resolves: RHEL-78316 Signed-off-by: Sergio Correia <scorreia@redhat.com>	2025-02-07 10:18:07 +00:00
Sergio Correia	8d907c5ddf	Backport keylime-policy tool Resolves: RHEL-75797 Signed-off-by: Sergio Correia <scorreia@redhat.com>	2025-01-23 10:48:12 +00:00
Sergio Correia	2aacf0c394	Backport fix for CVE-2023-3674 Resolves: RHEL-21013	2024-01-19 09:45:48 +00:00
Anderson Toshiyuki Sasaki	ff4acbb939	Set generator and timestamp in create_policy.py Related: RHEL-11866 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2023-10-17 13:47:05 +02:00
Anderson Toshiyuki Sasaki	fe555461ae	Suppress unnecessary error message Related: RHEL-11866 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2023-10-09 17:14:40 +02:00
Anderson Toshiyuki Sasaki	3da6d75ef3	Restore create allowlist script Resolves: RHEL-11866 Resolves: RHEL-11867 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2023-10-06 17:24:40 +02:00
Sergio Correia	fc3ab656ed	Rebuild for properly tagging the resulting build Resolves: RHEL-1898	2023-09-06 14:39:27 +01:00
Sergio Correia	e2f9c60fc2	Add missing dependencies python3-jinja2 and util-linux Resolves: RHEL-1898	2023-09-01 14:48:17 +01:00
Anderson Toshiyuki Sasaki	86a18d1bb4	Automatically update agent API version Resolves: RHEL-1518 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2023-08-28 22:55:42 +02:00
Sergio Correia	2c457d5430	Fix registrar is subject to a DoS against SSL (CVE-2023-38200) Resolves: rhbz#2222694	2023-08-28 14:27:44 +01:00
Anderson Toshiyuki Sasaki	6ac5a8f8e6	Fix challenge-protocol bypass during agent registration (CVE-2023-38201) Resolves: rhbz#2222695 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2023-08-25 18:28:17 +02:00
Sergio Correia	d9401cfa43	Update test plan to fix rpmverify test	2023-08-25 09:05:52 +01:00
Sergio Correia	606d9c0c62	Follow-up fix for files updated in %post scriptlets Update spec file to use %verify(not md5 size mode mtime) for files updated in %post scriptlets. Resolves: RHEL-475	2023-08-25 09:05:48 +01:00
Karel Srot	873def54c4	tests: Add rpmverify test Related: RHEL-475	2023-08-22 17:10:56 +02:00
Sergio Correia	bb2aac1ec0	Fix Keylime configuration upgrades issues introduced in last rebase - Fix Keylime configuration upgrades issues introduced in last rebase Resolves: RHEL-475 - Handle session close using a session manager Resolves: RHEL-1252 - Add ignores for EV_PLATFORM_CONFIG_FLAGS Resolves: RHEL-947	2023-08-17 11:42:24 +01:00
Karel Srot	70baae46da	tests: Add package update testplan Related: RHEL-475	2023-08-17 12:38:45 +02:00
Patrik Koncity	931f17ab63	Add dynamic ref branching for e2e test plan	2023-08-11 14:20:21 +02:00
Patrik Koncity	92ac23c8bc	Prepare build for new keylime-selinux policy release	2023-08-08 16:25:29 +02:00
Sergio Correia	306aeaf2ab	tests: update tests to run in test plan	2023-07-31 08:36:03 +01:00
Sergio Correia	4dba8b49a7	Update to 7.3.0 Resolves: RHEL-475	2023-07-28 14:14:46 +01:00
Karel Srot	d04c383743	Enable CI with e2e tests Resolves: RHEL-296	2023-03-13 14:36:20 +01:00
Sergio Correia	7842bcd0bc	Backport upstream PR#1240 - logging: remove option to log into separate file Resolves: rhbz#2154584 - keylime verifier is not logging to /var/log/keylime	2023-01-16 07:53:36 -03:00
Sergio Correia	bf9cfcee94	- Remove leftover policy file Related: rhbz#2152135	2022-12-13 16:02:22 -03:00
Patrik Koncity	12403b5c1c	Use source file for keylime selinux from upstream. Download keylime selinux upstream as tarball file and build it. Resolves: rhbz#2152135	2022-12-13 16:28:16 +01:00
Sergio Correia	6c01a5e3ec	Update to 6.5.2 Resolves: CVE-2022-3500 Resolves: rhbz#2138167 - agent fails IMA attestation when one scripts is executed quickly after the other Resolves: rhbz#2140670 - Segmentation fault in /usr/share/keylime/create_mb_refstate script Resolves: rhbz#142009 - Registrar may crash during EK validation when require_ek_cert is enabled	2022-11-29 17:26:15 +01:00
Sergio Correia	346f3201ee	Update to 6.5.0 Resolves: rhbz#2120686 - Keylime configuration is too complex	2022-09-21 13:59:21 -03:00
Sergio Correia	d27537fb46	Update to 6.4.3 Resolves: rhbz#2121044 - Error parsing EK ASN.1 certificate of Nuvoton HW TPM	2022-08-27 02:54:43 +00:00
Patrik Koncity	59b5fc166b	Update keylime selinux policy	2022-08-26 22:48:19 +02:00
Patrik Koncity	ba67a34300	Update keylime selinux policy Resolves: rhbz#2121058	2022-08-26 19:16:50 +02:00
Patrik Koncity	f33189eab3	Update selinux policy and add misssing rules Resolves: rhbz#2121058	2022-08-26 12:47:27 +02:00
Patrik Koncity	97e752b0b6	Add keylime-selinux policy Update .spec file to build keylime-selinux subpackage. Resolves: rhbz#2121058	2022-08-25 19:45:42 -03:00
Sergio Correia	3fa30ae884	Fix typo in test name in gating.yaml swtMp -> swtpm	2022-07-27 08:31:02 -03:00
Karel Srot	e0f54f007e	Fix typo in gating.yaml Signed-off-by: Karel Srot <ksrot@redhat.com>	2022-07-12 07:47:17 +02:00
Sergio Correia	9017e1e7ec	Fix efivar-libs dependency Related: rhbz#2082989	2022-07-11 09:02:05 -03:00
Sergio Correia	9865b69545	Update to 6.4.2 Related: rhbz#2082989	2022-07-07 15:51:07 -03:00
Sergio Correia	b19c921a82	Add keylime to RHEL-9 Resolves: rhbz#2082989	2022-06-24 14:43:37 -03:00
Release Configuration Management	9c72dfea97	New branch setup	2022-06-07 14:39:21 +00:00

49 Commits