From 29ef403e243bbecc0d2d90a70b38022af9c012b4 Mon Sep 17 00:00:00 2001
From: Tony Camuso <tcamuso@redhat.com>
Date: Fri, 19 Sep 2025 14:58:56 -0400
Subject: [PATCH] Update to v1.11.10 and bump nvr to tboot-1.11.10-1

Added tboot-disa-ibt.patch (see RHEL-109479)

Resolves: RHEL-99209

Signed-off-by: Tony Camuso <tcamuso@redhat.com>
---
 sources              |  3 +--
 tboot-disa-ibt.patch | 12 ++++++++++++
 tboot.spec           |  8 +++++++-
 3 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 tboot-disa-ibt.patch

diff --git a/sources b/sources
index 3151f10..a4251ba 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-SHA512 (tboot-1.11.3.tar.gz) = 777026cdfb31041dd7d9dd4d208c888e6fe8259171d1340ea7936f22053362ac1ec64017319626dbcb6a9a1283c8819c9a8fe1107b9b2f3898380fd0abcc047b
-SHA512 (tboot-1.11.9.tar.gz) = d737ad08df22f3b017e213ea67d9c1f2012e5b47a990e5c3e9e454f85d7c06c3f8a4701b6c350ccece0c947447ab7fde9c0b2ed08beb51603b83e5d03f712401
+SHA512 (tboot-1.11.10.tar.gz) = f59e948e36ec122f93e32b3c754c206b241d4ee55209ccb952f8742f9912b66d6365de5df6e31944ac75191a54c7252f39a29df861daa4a1f51a1999fcc7d846
diff --git a/tboot-disa-ibt.patch b/tboot-disa-ibt.patch
new file mode 100644
index 0000000..7fe6689
--- /dev/null
+++ b/tboot-disa-ibt.patch
@@ -0,0 +1,12 @@
+diff -r 5220085b54dd tboot/20_linux_tboot
+--- a/tboot/20_linux_tboot	Thu Apr 17 08:33:41 2025 -0400
++++ b/tboot/20_linux_tboot	Thu Aug 21 09:23:08 2025 -0400
+@@ -44,7 +44,7 @@
+ # Command line for tboot itself
+ : ${GRUB_CMDLINE_TBOOT='logging=serial,memory,vga'}
+ # Linux kernel parameters to append for tboot
+-: ${GRUB_CMDLINE_LINUX_TBOOT='intel_iommu=on'}
++: ${GRUB_CMDLINE_LINUX_TBOOT='intel_iommu=on ibt=off'}
+ # Base name of LCP policy data file for list policy
+ : ${GRUB_TBOOT_POLICY_DATA=''}
+ # List of SINIT modules to use, glob patterns are supported
diff --git a/tboot.spec b/tboot.spec
index f74b29b..333843d 100644
--- a/tboot.spec
+++ b/tboot.spec
@@ -1,6 +1,6 @@
 Summary:       Performs a verified launch using Intel TXT
 Name:          tboot
-Version:       1.11.9
+Version:       1.11.10
 Release:       1%{?dist}
 Epoch:         1
 
@@ -9,6 +9,7 @@ URL:           http://sourceforge.net/projects/tboot/
 Source0:       http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Patch0: tboot-gcc14.patch
 Patch1: tboot-no-engine.patch
+Patch2: tboot-disa-ibt.patch
 
 BuildRequires: make
 BuildRequires: gcc
@@ -98,6 +99,11 @@ grub2-mkconfig -o /etc/grub2.cfg
 /boot/tboot-syms
 
 %changelog
+* Tue Sep 16 2025 Tony Camuso <tcamuso@redhat.com> - 1:1.11.10-1
+- Update to latest upstream
+  Add tboot-disa-ibt.patch (see https://issues.redhat.com/browse/RHEL-109479)
+  Resolves: RHEL-99209
+
 * Thu Dec 12 2024 Tony Camuso <tcamuso@redhat.com> - 1:1.11.9-1
 - Update to latest upstream.
   Resolves: RHEL-71190