From 32ca641a6aec3d90eafd6afd04a2d6b4c0fc50dc Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 7 Dec 2021 14:25:59 -0500 Subject: [PATCH] import tboot-1.10.2-6.el9 --- ...-sha256-as-default-hashing-algorithm.patch | 58 +++++++++++++++++++ SPECS/tboot.spec | 7 ++- 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0003-Use-sha256-as-default-hashing-algorithm.patch diff --git a/SOURCES/0003-Use-sha256-as-default-hashing-algorithm.patch b/SOURCES/0003-Use-sha256-as-default-hashing-algorithm.patch new file mode 100644 index 0000000..e0d4c76 --- /dev/null +++ b/SOURCES/0003-Use-sha256-as-default-hashing-algorithm.patch @@ -0,0 +1,58 @@ +# HG changeset patch +# User Lukasz Hawrylko +# Date 1631717614 -7200 +# Wed Sep 15 16:53:34 2021 +0200 +# Node ID 5bf5c12411d3a4a7e0a552203b40bfe59d5c7789 +# Parent 4cdcf97e4723647b6fac761565c0be13f7e31009 +Use sha256 as default hashing algorithm in lcp2_mlehash and tb_polgen + +Signed-off-by: Lukasz Hawrylko + +diff -r 4cdcf97e4723 -r 5bf5c12411d3 docs/man/tb_polgen.8 +--- a/docs/man/tb_polgen.8 Thu Aug 26 14:12:44 2021 +0200 ++++ b/docs/man/tb_polgen.8 Wed Sep 15 16:53:34 2021 +0200 +@@ -21,6 +21,9 @@ + \fR[\fB\-\-ctrl \fIpolicy-control-value\fR] + The default value 1 is to extend policy into PCR 17. + .TP ++\fR[\fB\-\-alg \fIsha1 \fR|\fI sha256 \fR|\fI sha384 \fR|\fI sha512\fR] ++Policy hashing algorithm. ++.TP + \fIpolicy-file\fR + .RE + .TP +diff -r 4cdcf97e4723 -r 5bf5c12411d3 lcptools-v2/mlehash.c +--- a/lcptools-v2/mlehash.c Thu Aug 26 14:12:44 2021 +0200 ++++ b/lcptools-v2/mlehash.c Wed Sep 15 16:53:34 2021 +0200 +@@ -70,8 +70,8 @@ + + + bool verbose = false; +-char alg_name[32] = "sha1"; +-uint16_t alg_type = TPM_ALG_SHA1; ++char alg_name[32] = "sha256"; ++uint16_t alg_type = TPM_ALG_SHA256; + + static struct option long_opts[] = + { +diff -r 4cdcf97e4723 -r 5bf5c12411d3 tb_polgen/param.c +--- a/tb_polgen/param.c Thu Aug 26 14:12:44 2021 +0200 ++++ b/tb_polgen/param.c Wed Sep 15 16:53:34 2021 +0200 +@@ -51,7 +51,7 @@ + + static const char *help[] = { + "tb_polgen --create --type nonfatal|continue|halt\n", +- " [--alg sha1 (default)|sha256|sha384|sha512]\n", ++ " [--alg sha1|sha256 (default)|sha384|sha512]\n", + " [--ctrl ]\n", + " [--verbose]\n", + " \n", +@@ -330,7 +330,7 @@ + params->cmd = POLGEN_CMD_NONE; + params->mod_num = -1; + params->pcr = -1; +- params->hash_alg = TB_HALG_SHA1; ++ params->hash_alg = TB_HALG_SHA256; + params->policy_type = -1; + params->policy_control = TB_POLCTL_EXTEND_PCR17; + params->hash_type = -1; diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec index aa67255..efaff33 100644 --- a/SPECS/tboot.spec +++ b/SPECS/tboot.spec @@ -1,7 +1,7 @@ Summary: Performs a verified launch using Intel TXT Name: tboot Version: 1.10.2 -Release: 5%{?dist} +Release: 6%{?dist} Epoch: 1 License: BSD @@ -10,6 +10,7 @@ Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar. Patch0: 0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch Patch1: 0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch +Patch2: 0003-Use-sha256-as-default-hashing-algorithm.patch BuildRequires: make BuildRequires: gcc @@ -58,6 +59,10 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install /boot/tboot-syms %changelog +* Thu Sep 30 2021 Tony Camuso - 1:1.10.2-6 +- Use sha256 as default hashing algorithm + Resolves: rhbz#1935448 + * Tue Aug 10 2021 Mohan Boddu - 1:1.10.2-5 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688