import tboot-1.10.2-6.el9

This commit is contained in:
CentOS Sources 2021-12-07 14:25:59 -05:00 committed by Stepan Oksanichenko
parent 49555800f0
commit 32ca641a6a
2 changed files with 64 additions and 1 deletions

View File

@ -0,0 +1,58 @@
# HG changeset patch
# User Lukasz Hawrylko <lukasz.hawrylko@intel.com>
# Date 1631717614 -7200
# Wed Sep 15 16:53:34 2021 +0200
# Node ID 5bf5c12411d3a4a7e0a552203b40bfe59d5c7789
# Parent 4cdcf97e4723647b6fac761565c0be13f7e31009
Use sha256 as default hashing algorithm in lcp2_mlehash and tb_polgen
Signed-off-by: Lukasz Hawrylko <lukasz.hawrylko@intel.com>
diff -r 4cdcf97e4723 -r 5bf5c12411d3 docs/man/tb_polgen.8
--- a/docs/man/tb_polgen.8 Thu Aug 26 14:12:44 2021 +0200
+++ b/docs/man/tb_polgen.8 Wed Sep 15 16:53:34 2021 +0200
@@ -21,6 +21,9 @@
\fR[\fB\-\-ctrl \fIpolicy-control-value\fR]
The default value 1 is to extend policy into PCR 17.
.TP
+\fR[\fB\-\-alg \fIsha1 \fR|\fI sha256 \fR|\fI sha384 \fR|\fI sha512\fR]
+Policy hashing algorithm.
+.TP
\fIpolicy-file\fR
.RE
.TP
diff -r 4cdcf97e4723 -r 5bf5c12411d3 lcptools-v2/mlehash.c
--- a/lcptools-v2/mlehash.c Thu Aug 26 14:12:44 2021 +0200
+++ b/lcptools-v2/mlehash.c Wed Sep 15 16:53:34 2021 +0200
@@ -70,8 +70,8 @@
bool verbose = false;
-char alg_name[32] = "sha1";
-uint16_t alg_type = TPM_ALG_SHA1;
+char alg_name[32] = "sha256";
+uint16_t alg_type = TPM_ALG_SHA256;
static struct option long_opts[] =
{
diff -r 4cdcf97e4723 -r 5bf5c12411d3 tb_polgen/param.c
--- a/tb_polgen/param.c Thu Aug 26 14:12:44 2021 +0200
+++ b/tb_polgen/param.c Wed Sep 15 16:53:34 2021 +0200
@@ -51,7 +51,7 @@
static const char *help[] = {
"tb_polgen --create --type nonfatal|continue|halt\n",
- " [--alg sha1 (default)|sha256|sha384|sha512]\n",
+ " [--alg sha1|sha256 (default)|sha384|sha512]\n",
" [--ctrl <policy control value>]\n",
" [--verbose]\n",
" <policy file name>\n",
@@ -330,7 +330,7 @@
params->cmd = POLGEN_CMD_NONE;
params->mod_num = -1;
params->pcr = -1;
- params->hash_alg = TB_HALG_SHA1;
+ params->hash_alg = TB_HALG_SHA256;
params->policy_type = -1;
params->policy_control = TB_POLCTL_EXTEND_PCR17;
params->hash_type = -1;

View File

@ -1,7 +1,7 @@
Summary: Performs a verified launch using Intel TXT Summary: Performs a verified launch using Intel TXT
Name: tboot Name: tboot
Version: 1.10.2 Version: 1.10.2
Release: 5%{?dist} Release: 6%{?dist}
Epoch: 1 Epoch: 1
License: BSD License: BSD
@ -10,6 +10,7 @@ Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.
Patch0: 0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch Patch0: 0001-Add-Wno-error-deprecated-declarations-to-Config.mk.patch
Patch1: 0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch Patch1: 0002-lcputils.c-remove-call-to-EVP_PKEY_set_alias_type.patch
Patch2: 0003-Use-sha256-as-default-hashing-algorithm.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
@ -58,6 +59,10 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install
/boot/tboot-syms /boot/tboot-syms
%changelog %changelog
* Thu Sep 30 2021 Tony Camuso <tcamuso@redhat.com> - 1:1.10.2-6
- Use sha256 as default hashing algorithm
Resolves: rhbz#1935448
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.10.2-5 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.10.2-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688 Related: rhbz#1991688