From b3b6ee921e7146e97cd436b22659a706d57d494a Mon Sep 17 00:00:00 2001 From: eabdullin Date: Fri, 4 Oct 2024 11:32:28 +0000 Subject: [PATCH] Import from CS git --- .gitignore | 2 +- .tboot.metadata | 2 +- ...-fix-typo-in-lcp2_crtpollist-manpage.patch | 20 --- .../0002-check-for-client-server-match.patch | 133 ------------------ SPECS/tboot.spec | 19 ++- 5 files changed, 16 insertions(+), 160 deletions(-) delete mode 100644 SOURCES/0001-fix-typo-in-lcp2_crtpollist-manpage.patch delete mode 100644 SOURCES/0002-check-for-client-server-match.patch diff --git a/.gitignore b/.gitignore index fc61607..59eae9a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/tboot-1.10.5.tar.gz +SOURCES/tboot-1.11.3.tar.gz diff --git a/.tboot.metadata b/.tboot.metadata index 7a9d72e..44cef68 100644 --- a/.tboot.metadata +++ b/.tboot.metadata @@ -1 +1 @@ -687bb5c0453b0256d64c8b1aa538a49703f9737a SOURCES/tboot-1.10.5.tar.gz +ea8af2a58cc0a1a5339478aef0f89fda100f7d1c SOURCES/tboot-1.11.3.tar.gz diff --git a/SOURCES/0001-fix-typo-in-lcp2_crtpollist-manpage.patch b/SOURCES/0001-fix-typo-in-lcp2_crtpollist-manpage.patch deleted file mode 100644 index 1f8a20b..0000000 --- a/SOURCES/0001-fix-typo-in-lcp2_crtpollist-manpage.patch +++ /dev/null @@ -1,20 +0,0 @@ -# HG changeset patch -# User Pawel Randzio -# Date 1646837604 -3600 -# Wed Mar 09 15:53:24 2022 +0100 -# Node ID 9cda8c127b0a7bb11561befbaa9ecf1130763fcf -# Parent 5941842afb661f0e78085cb1317781d362583a38 -Fixed a typo in man page for lcp2_crtpollist - -diff -r 5941842afb66 -r 9cda8c127b0a docs/man/lcp2_crtpollist.8 ---- a/docs/man/lcp2_crtpollist.8 Fri Mar 04 11:14:35 2022 +0100 -+++ b/docs/man/lcp2_crtpollist.8 Wed Mar 09 15:53:24 2022 +0100 -@@ -36,7 +36,7 @@ - support rsapss and ecdsa. - .TP \w'\fB--hashalg\ \fI\fP'u+1n - \fB--hashalg\ \fI\fP --Hash algorightm used for signing a list. Lists version 0x100 only support SHA1. -+Hash algorithm used for signing a list. Lists version 0x100 only support SHA1. - .TP - \fB--pub\ \fIfile\fP - Public key to use, must be in PEM format. diff --git a/SOURCES/0002-check-for-client-server-match.patch b/SOURCES/0002-check-for-client-server-match.patch deleted file mode 100644 index db71d65..0000000 --- a/SOURCES/0002-check-for-client-server-match.patch +++ /dev/null @@ -1,133 +0,0 @@ -# HG changeset patch -# User Timo Lindfors -# Date 1646900891 -7200 -# Thu Mar 10 10:28:11 2022 +0200 -# Node ID 9c625ab2035bae1fc38787025f74d2937600223b -# Parent 9cda8c127b0a7bb11561befbaa9ecf1130763fcf -txt-acminfo: Map TXT heap using mmap -Without this patch - -txt-acminfo 5th_gen_i5_i7_SINIT_79.BIN - -segfaults. This issue was introduced in - -o changeset: 627:d8a8e17f6d41 -| user: Lukasz Hawrylko -| date: Thu May 13 16:04:27 2021 +0200 -| summary: Check for client/server match when selecting SINIT - -Signed-off-by: Timo Lindfors - -diff -r 9cda8c127b0a -r 9c625ab2035b tboot/common/loader.c ---- a/tboot/common/loader.c Wed Mar 09 15:53:24 2022 +0100 -+++ b/tboot/common/loader.c Thu Mar 10 10:28:11 2022 +0200 -@@ -1792,7 +1792,7 @@ - void *base2 = (void *)m->mod_start; - uint32_t size2 = m->mod_end - (unsigned long)(base2); - if ( is_racm_acmod(base2, size2, false) && -- does_acmod_match_platform((acm_hdr_t *)base2) ) { -+ does_acmod_match_platform((acm_hdr_t *)base2, NULL) ) { - if ( base != NULL ) - *base = base2; - if ( size != NULL ) -@@ -1837,7 +1837,7 @@ - void *base2 = (void *)m->mod_start; - uint32_t size2 = m->mod_end - (unsigned long)(base2); - if ( is_sinit_acmod(base2, size2, false) && -- does_acmod_match_platform((acm_hdr_t *)base2) ) { -+ does_acmod_match_platform((acm_hdr_t *)base2, NULL) ) { - if ( base != NULL ) - *base = base2; - if ( size != NULL ) -diff -r 9cda8c127b0a -r 9c625ab2035b tboot/include/txt/acmod.h ---- a/tboot/include/txt/acmod.h Wed Mar 09 15:53:24 2022 +0100 -+++ b/tboot/include/txt/acmod.h Thu Mar 10 10:28:11 2022 +0200 -@@ -37,6 +37,8 @@ - #ifndef __TXT_ACMOD_H__ - #define __TXT_ACMOD_H__ - -+typedef void txt_heap_t; -+ - /* - * authenticated code (AC) module header (ver 0.0) - */ -@@ -179,7 +181,7 @@ - extern acm_hdr_t *copy_racm(const acm_hdr_t *racm); - extern bool verify_racm(const acm_hdr_t *acm_hdr); - extern bool is_sinit_acmod(const void *acmod_base, uint32_t acmod_size, bool quiet); --extern bool does_acmod_match_platform(const acm_hdr_t* hdr); -+extern bool does_acmod_match_platform(const acm_hdr_t* hdr, const txt_heap_t* txt_heap); - extern acm_hdr_t *copy_sinit(const acm_hdr_t *sinit); - extern bool verify_acmod(const acm_hdr_t *acm_hdr); - extern uint32_t get_supported_os_sinit_data_ver(const acm_hdr_t* hdr); -diff -r 9cda8c127b0a -r 9c625ab2035b tboot/txt/acmod.c ---- a/tboot/txt/acmod.c Wed Mar 09 15:53:24 2022 +0100 -+++ b/tboot/txt/acmod.c Thu Mar 10 10:28:11 2022 +0200 -@@ -576,7 +576,7 @@ - return true; - } - --bool does_acmod_match_platform(const acm_hdr_t* hdr) -+bool does_acmod_match_platform(const acm_hdr_t* hdr, const txt_heap_t *txt_heap) - { - /* used to ensure we don't print chipset/proc info for each module */ - static bool printed_host_info; -@@ -587,7 +587,8 @@ - return false; - - /* verify client/server platform match */ -- txt_heap_t *txt_heap = get_txt_heap(); -+ if (txt_heap == NULL) -+ txt_heap = get_txt_heap(); - bios_data_t *bios_data = get_bios_data_start(txt_heap); - if (info_table->version >= 5 && bios_data->version >= 6) { - uint32_t bios_type = bios_data->flags.bits.mle.platform_type; -@@ -713,7 +714,7 @@ - - /* is it a valid SINIT module? */ - if ( !is_sinit_acmod(sinit_region_base, bios_data->bios_sinit_size, false) || -- !does_acmod_match_platform((acm_hdr_t *)sinit_region_base) ) -+ !does_acmod_match_platform((acm_hdr_t *)sinit_region_base, NULL) ) - return NULL; - - return (acm_hdr_t *)sinit_region_base; -diff -r 9cda8c127b0a -r 9c625ab2035b utils/txt-acminfo.c ---- a/utils/txt-acminfo.c Wed Mar 09 15:53:24 2022 +0100 -+++ b/utils/txt-acminfo.c Thu Mar 10 10:28:11 2022 +0200 -@@ -203,15 +203,31 @@ - close(fd_mem); - return false; - } -- else { -- if ( does_acmod_match_platform(hdr) ) -- printf("ACM matches platform\n"); -- else -- printf("ACM does not match platform\n"); - -+ uint64_t txt_heap_size = *(volatile uint64_t *)(pub_config_base + TXTCR_HEAP_SIZE); -+ if (txt_heap_size == 0) { -+ printf("ERROR: No TXT heap is available\n"); - munmap(pub_config_base, TXT_CONFIG_REGS_SIZE); -+ close(fd_mem); -+ return false; - } - -+ uint64_t txt_heap_base = *(volatile uint64_t *)(pub_config_base + TXTCR_HEAP_BASE); -+ txt_heap_t *txt_heap = mmap(NULL, txt_heap_size, PROT_READ, MAP_PRIVATE, -+ fd_mem, txt_heap_base); -+ if ( txt_heap == MAP_FAILED ) { -+ printf("ERROR: cannot map TXT heap by mmap()\n"); -+ munmap(pub_config_base, TXT_CONFIG_REGS_SIZE); -+ close(fd_mem); -+ return false; -+ } -+ if ( does_acmod_match_platform(hdr, txt_heap) ) -+ printf("ACM matches platform\n"); -+ else -+ printf("ACM does not match platform\n"); -+ -+ munmap(txt_heap, txt_heap_size); -+ munmap(pub_config_base, TXT_CONFIG_REGS_SIZE); - close(fd_mem); - return true; - } diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec index cdaa802..d8295eb 100644 --- a/SPECS/tboot.spec +++ b/SPECS/tboot.spec @@ -1,16 +1,13 @@ Summary: Performs a verified launch using Intel TXT Name: tboot -Version: 1.10.5 -Release: 2%{?dist} +Version: 1.11.3 +Release: 1%{?dist} Epoch: 1 License: BSD URL: http://sourceforge.net/projects/tboot/ Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz -Patch01: 0001-fix-typo-in-lcp2_crtpollist-manpage.patch -Patch02: 0002-check-for-client-server-match.patch - BuildRequires: make BuildRequires: gcc BuildRequires: perl @@ -95,6 +92,18 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install /boot/tboot-syms %changelog +* Thu Apr 25 2024 Tony Camuso - 1:1.11.3-1 + Rebase to upstream 1.11.3 and bump the NVR. + Resolves: RHEL-34941 + +* Wed Nov 08 2023 Tony Camuso - 1:1.11.1-2 +- Rebase to upstream 1.11.2 and bump the NVR. + Resolves: RHEL-16022 + +* Wed Apr 12 2023 Tony Camuso - 1:1.11.1-1 +- Backport upstream fixes and updates. + Resolves: rhbz#2186308 + * Thu Aug 18 2022 Tony Camuso - 1:1.10.5-2 - The install scriptlet in %post was choosing the first grub.cfg file it encountered, which was /boot/efi/EFI/redhat/grub.cfg.