diff --git a/.gitignore b/.gitignore index c962910..9d88577 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/tpm2-tools-4.1.1.tar.gz +tpm2-tools-5.7.tar.gz diff --git a/.tpm2-tools.metadata b/.tpm2-tools.metadata deleted file mode 100644 index 7f48009..0000000 --- a/.tpm2-tools.metadata +++ /dev/null @@ -1 +0,0 @@ -d097d321237983435f05c974533ad90e6f20acef SOURCES/tpm2-tools-4.1.1.tar.gz diff --git a/SOURCES/0001-Fix-ESYS_TR-hierarchy-transition.patch b/SOURCES/0001-Fix-ESYS_TR-hierarchy-transition.patch deleted file mode 100644 index ff6b2cb..0000000 --- a/SOURCES/0001-Fix-ESYS_TR-hierarchy-transition.patch +++ /dev/null @@ -1,80 +0,0 @@ -From e607f78a054acfdbe119499c3608bdb2a44423d9 Mon Sep 17 00:00:00 2001 -From: Andreas Fuchs -Date: Thu, 7 May 2020 11:51:17 +0200 -Subject: [PATCH] Fix ESYS_TR hierarchy transition - -Fix those cases of TPM2_RH_ to ESYS_TR_RH_ translations that were missed in -780800c0be69a49b9097f8eae653cdb0623d2100 - -Signed-off-by: Andreas Fuchs ---- - lib/tpm2.c | 20 ++++++++++++++------ - 1 file changed, 14 insertions(+), 6 deletions(-) - -diff --git a/lib/tpm2.c b/lib/tpm2.c -index e7ff77047bef..909a4422339d 100644 ---- a/lib/tpm2.c -+++ b/lib/tpm2.c -@@ -656,6 +656,12 @@ uint32_t fix_esys_hierarchy(TPMI_RH_HIERARCHY hierarchy) - { - #if defined(ESYS_3_0) - switch (hierarchy) { -+ case ESYS_TR_RH_NULL: -+ case ESYS_TR_RH_OWNER: -+ case ESYS_TR_RH_ENDORSEMENT: -+ case ESYS_TR_RH_PLATFORM: -+ case ESYS_TR_RH_PLATFORM_NV: -+ return hierarchy; - case TPM2_RH_NULL: - return ESYS_TR_RH_NULL; - case TPM2_RH_OWNER: -@@ -664,14 +670,16 @@ uint32_t fix_esys_hierarchy(TPMI_RH_HIERARCHY hierarchy) - return ESYS_TR_RH_ENDORSEMENT; - case TPM2_RH_PLATFORM: - return ESYS_TR_RH_PLATFORM; -+ case TPM2_RH_PLATFORM_NV: -+ return ESYS_TR_RH_PLATFORM_NV; - default: -- return TSS2_ESYS_RC_BAD_VALUE; -+ LOG_ERR("An unknown hierarchy handle was passed: 0x%08x", hierarchy); -+ return 0xffffffff; - } - #elif defined(ESYS_2_3) - return hierarchy; - #else -- UNUSED(hierarchy); -- return TSS2_ESYS_RC_BAD_VALUE; -+#error "Need to define either ESYS_3_0 or ESYS_2_3" - #endif - } - -@@ -1154,7 +1162,7 @@ tool_rc tpm2_hierarchycontrol(ESYS_CONTEXT *esys_context, - } - - TSS2_RC rval = Esys_HierarchyControl(esys_context, auth_hierarchy->tr_handle, -- shandle, ESYS_TR_NONE, ESYS_TR_NONE, enable, state); -+ shandle, ESYS_TR_NONE, ESYS_TR_NONE, fix_esys_hierarchy(enable), state); - if (rval != TPM2_RC_SUCCESS && rval != TPM2_RC_INITIALIZE) { - LOG_PERR(Esys_HierarchyControl, rval); - return tool_rc_from_tpm(rval); -@@ -1251,7 +1259,7 @@ tool_rc tpm2_hmac_sequencecomplete(ESYS_CONTEXT *esys_context, - - TPM2_RC rval = Esys_SequenceComplete(esys_context, sequence_handle, - hmac_key_obj_shandle, ESYS_TR_NONE, ESYS_TR_NONE, input_buffer, -- TPM2_RH_NULL, result, validation); -+ fix_esys_hierarchy(TPM2_RH_NULL), result, validation); - if (rval != TSS2_RC_SUCCESS) { - LOG_PERR(Esys_HMAC, rval); - return tool_rc_from_tpm(rval); -@@ -1907,7 +1915,7 @@ tool_rc tpm2_loadexternal(ESYS_CONTEXT *ectx, const TPM2B_SENSITIVE *private, - - TSS2_RC rval = Esys_LoadExternal(ectx, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, -- private, public, hierarchy, -+ private, public, fix_esys_hierarchy(hierarchy), - object_handle); - if (rval != TSS2_RC_SUCCESS) { - LOG_PERR(Esys_LoadExternal, rval); --- -2.27.0 - diff --git a/SOURCES/0001-Refactor-fix_esys_hierarchies.patch b/SOURCES/0001-Refactor-fix_esys_hierarchies.patch deleted file mode 100644 index 9e76674..0000000 --- a/SOURCES/0001-Refactor-fix_esys_hierarchies.patch +++ /dev/null @@ -1,211 +0,0 @@ -From 2e7839b905f7a493f739d36e3e550e0cee30049e Mon Sep 17 00:00:00 2001 -From: Andreas Fuchs -Date: Thu, 7 May 2020 19:12:36 +0200 -Subject: [PATCH] Refactor fix_esys_hierarchies() - -Refactor fix_esys_hierarchies() to return an actual TSS2_RC return code -and have an output parameter. - -Signed-off-by: Andreas Fuchs ---- - lib/tpm2.c | 88 +++++++++++++++++++++++++++++---------- - lib/tpm2.h | 2 +- - tools/tpm2_loadexternal.c | 9 +++- - 3 files changed, 75 insertions(+), 24 deletions(-) - -diff --git a/lib/tpm2.c b/lib/tpm2.c -index 909a4422339d..744fed8c529f 100644 ---- a/lib/tpm2.c -+++ b/lib/tpm2.c -@@ -645,39 +645,51 @@ tool_rc tpm2_evictcontrol(ESYS_CONTEXT *esys_context, - } - - /* This function addresses ESAPI change that changes parameter type from -- * Esys_TR to TPMI_RH_HIERARCHY and breaks backwards compatibility. -+ * Esys_TR to TPMI_RH_HIERARCHY or TPMI_RH_ENABLES and breaks backwards -+ * compatibility. - * To keep the tools parameters consistent after v4.0 release we need to - * map the values to appropriate type based on the version of the ESYS API. - * Note: the mapping is based on the ESYS version recognized at compile time. - * The TSS change can be found here: - * https://github.com/tpm2-software/tpm2-tss/pull/1531 - */ --uint32_t fix_esys_hierarchy(TPMI_RH_HIERARCHY hierarchy) -+TSS2_RC fix_esys_hierarchy(uint32_t in, uint32_t *out) - { - #if defined(ESYS_3_0) -- switch (hierarchy) { -+ switch (in) { - case ESYS_TR_RH_NULL: -+ /* FALLTHRU */ - case ESYS_TR_RH_OWNER: -+ /* FALLTHRU */ - case ESYS_TR_RH_ENDORSEMENT: -+ /* FALLTHRU */ - case ESYS_TR_RH_PLATFORM: -+ /* FALLTHRU */ - case ESYS_TR_RH_PLATFORM_NV: -- return hierarchy; -+ *out = in; -+ return TSS2_RC_SUCCESS; - case TPM2_RH_NULL: -- return ESYS_TR_RH_NULL; -+ *out = ESYS_TR_RH_NULL; -+ return TSS2_RC_SUCCESS; - case TPM2_RH_OWNER: -- return ESYS_TR_RH_OWNER; -+ *out = ESYS_TR_RH_OWNER; -+ return TSS2_RC_SUCCESS; - case TPM2_RH_ENDORSEMENT: -- return ESYS_TR_RH_ENDORSEMENT; -+ *out = ESYS_TR_RH_ENDORSEMENT; -+ return TSS2_RC_SUCCESS; - case TPM2_RH_PLATFORM: -- return ESYS_TR_RH_PLATFORM; -+ *out = ESYS_TR_RH_PLATFORM; -+ return TSS2_RC_SUCCESS; - case TPM2_RH_PLATFORM_NV: -- return ESYS_TR_RH_PLATFORM_NV; -+ *out = ESYS_TR_RH_PLATFORM_NV; -+ return TSS2_RC_SUCCESS; - default: -- LOG_ERR("An unknown hierarchy handle was passed: 0x%08x", hierarchy); -- return 0xffffffff; -+ LOG_ERR("An unknown hierarchy handle was passed: 0x%08x", in); -+ return TSS2_ESYS_RC_BAD_VALUE; - } - #elif defined(ESYS_2_3) -- return hierarchy; -+ *out = in; -+ return TSS2_RC_SUCCESS; - #else - #error "Need to define either ESYS_3_0 or ESYS_2_3" - #endif -@@ -688,8 +700,14 @@ tool_rc tpm2_hash(ESYS_CONTEXT *esys_context, ESYS_TR shandle1, ESYS_TR shandle2 - TPMI_RH_HIERARCHY hierarchy, TPM2B_DIGEST **out_hash, - TPMT_TK_HASHCHECK **validation) { - -- TSS2_RC rval = Esys_Hash(esys_context, shandle1, shandle2, shandle3, data, -- hash_alg, fix_esys_hierarchy(hierarchy), out_hash, validation); -+ TSS2_RC rval = fix_esys_hierarchy(hierarchy, &hierarchy); -+ if (rval != TSS2_RC_SUCCESS) { -+ LOG_ERR("Unknown hierarchy"); -+ return tool_rc_from_tpm(rval); -+ } -+ -+ rval = Esys_Hash(esys_context, shandle1, shandle2, shandle3, data, -+ hash_alg, hierarchy, out_hash, validation); - if (rval != TSS2_RC_SUCCESS) { - LOG_PERR(Esys_Hash, rval); - return tool_rc_from_tpm(rval); -@@ -729,9 +747,15 @@ tool_rc tpm2_sequence_complete(ESYS_CONTEXT *esys_context, - TPMI_RH_HIERARCHY hierarchy, TPM2B_DIGEST **result, - TPMT_TK_HASHCHECK **validation) { - -- TSS2_RC rval = Esys_SequenceComplete(esys_context, sequence_handle, -+ TSS2_RC rval = fix_esys_hierarchy(hierarchy, &hierarchy); -+ if (rval != TSS2_RC_SUCCESS) { -+ LOG_ERR("Unknown hierarchy"); -+ return tool_rc_from_tpm(rval); -+ } -+ -+ rval = Esys_SequenceComplete(esys_context, sequence_handle, - ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, buffer, -- fix_esys_hierarchy(hierarchy), result, validation); -+ hierarchy, result, validation); - if (rval != TSS2_RC_SUCCESS) { - LOG_PERR(Esys_SequenceComplete, rval); - return tool_rc_from_tpm(rval); -@@ -1161,8 +1185,14 @@ tool_rc tpm2_hierarchycontrol(ESYS_CONTEXT *esys_context, - return rc; - } - -- TSS2_RC rval = Esys_HierarchyControl(esys_context, auth_hierarchy->tr_handle, -- shandle, ESYS_TR_NONE, ESYS_TR_NONE, fix_esys_hierarchy(enable), state); -+ TSS2_RC rval = fix_esys_hierarchy(enable, &enable); -+ if (rval != TSS2_RC_SUCCESS) { -+ LOG_ERR("Unknown hierarchy"); -+ return tool_rc_from_tpm(rval); -+ } -+ -+ rval = Esys_HierarchyControl(esys_context, auth_hierarchy->tr_handle, -+ shandle, ESYS_TR_NONE, ESYS_TR_NONE, enable, state); - if (rval != TPM2_RC_SUCCESS && rval != TPM2_RC_INITIALIZE) { - LOG_PERR(Esys_HierarchyControl, rval); - return tool_rc_from_tpm(rval); -@@ -1257,9 +1287,17 @@ tool_rc tpm2_hmac_sequencecomplete(ESYS_CONTEXT *esys_context, - return rc; - } - -- TPM2_RC rval = Esys_SequenceComplete(esys_context, sequence_handle, -+ uint32_t hierarchy; -+ -+ TSS2_RC rval = fix_esys_hierarchy(TPM2_RH_NULL, &hierarchy); -+ if (rval != TSS2_RC_SUCCESS) { -+ LOG_ERR("Unknown hierarchy"); -+ return tool_rc_from_tpm(rval); -+ } -+ -+ rval = Esys_SequenceComplete(esys_context, sequence_handle, - hmac_key_obj_shandle, ESYS_TR_NONE, ESYS_TR_NONE, input_buffer, -- fix_esys_hierarchy(TPM2_RH_NULL), result, validation); -+ hierarchy, result, validation); - if (rval != TSS2_RC_SUCCESS) { - LOG_PERR(Esys_HMAC, rval); - return tool_rc_from_tpm(rval); -@@ -1913,9 +1951,15 @@ tool_rc tpm2_loadexternal(ESYS_CONTEXT *ectx, const TPM2B_SENSITIVE *private, - const TPM2B_PUBLIC *public, TPMI_RH_HIERARCHY hierarchy, - ESYS_TR *object_handle) { - -- TSS2_RC rval = Esys_LoadExternal(ectx, -+ TSS2_RC rval = fix_esys_hierarchy(hierarchy, &hierarchy); -+ if (rval != TSS2_RC_SUCCESS) { -+ LOG_ERR("Unknown hierarchy"); -+ return tool_rc_from_tpm(rval); -+ } -+ -+ rval = Esys_LoadExternal(ectx, - ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, -- private, public, fix_esys_hierarchy(hierarchy), -+ private, public, hierarchy, - object_handle); - if (rval != TSS2_RC_SUCCESS) { - LOG_PERR(Esys_LoadExternal, rval); -diff --git a/lib/tpm2.h b/lib/tpm2.h -index a37e05606c7a..2e4ae5e7dddc 100644 ---- a/lib/tpm2.h -+++ b/lib/tpm2.h -@@ -389,7 +389,7 @@ tool_rc tpm2_policy_nv_written(ESYS_CONTEXT *esys_context, - ESYS_TR policy_session, ESYS_TR shandle1, ESYS_TR shandle2, - ESYS_TR shandle3, TPMI_YES_NO written_set); - --uint32_t fix_esys_hierarchy(TPMI_RH_HIERARCHY hierarchy); -+TSS2_RC fix_esys_hierarchy(uint32_t in, uint32_t *out); - - tool_rc tpm2_certifycreation(ESYS_CONTEXT *esys_context, - tpm2_loaded_object *signingkey_obj, tpm2_loaded_object *certifiedkey_obj, -diff --git a/tools/tpm2_loadexternal.c b/tools/tpm2_loadexternal.c -index 70fb72877aae..4127ca1b524b 100644 ---- a/tools/tpm2_loadexternal.c -+++ b/tools/tpm2_loadexternal.c -@@ -48,9 +48,16 @@ static tpm_loadexternal_ctx ctx = { - static tool_rc load_external(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *pub, - TPM2B_SENSITIVE *priv, bool has_priv, TPM2B_NAME **name) { - -+ uint32_t hierarchy; -+ TSS2_RC rval = fix_esys_hierarchy(ctx.hierarchy_value, &hierarchy); -+ if (rval != TSS2_RC_SUCCESS) { -+ LOG_ERR("Unknown hierarchy"); -+ return tool_rc_from_tpm(rval); -+ } -+ - tool_rc rc = tpm2_loadexternal(ectx, - has_priv ? priv : NULL, pub, -- fix_esys_hierarchy(ctx.hierarchy_value), &ctx.handle); -+ hierarchy, &ctx.handle); - if (rc != tool_rc_success) { - return rc; - } --- -2.27.0 - diff --git a/SOURCES/0001-lib-files-fix-an-error-message-in-files_load_-name.patch b/SOURCES/0001-lib-files-fix-an-error-message-in-files_load_-name.patch deleted file mode 100644 index 0e0ccb2..0000000 --- a/SOURCES/0001-lib-files-fix-an-error-message-in-files_load_-name.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 012249ad9d06d7534a94690a33638691f5104839 Mon Sep 17 00:00:00 2001 -From: Radoslav Gerganov -Date: Wed, 26 Feb 2020 10:40:26 +0200 -Subject: [PATCH] lib/files: fix an error message in files_load_##name - -Signed-off-by: Radoslav Gerganov ---- - lib/files.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/files.c b/lib/files.c -index a6beea5b8ff2..ef2170b079e1 100644 ---- a/lib/files.c -+++ b/lib/files.c -@@ -687,7 +687,7 @@ tool_rc files_save_ESYS_TR(ESYS_CONTEXT *ectx, ESYS_TR handle, const char *path) - size_t offset = 0; \ - TSS2_RC rc = Tss2_MU_##type##_Unmarshal(buffer, size, &offset, name); \ - if (rc != TSS2_RC_SUCCESS) { \ -- LOG_ERR("Error serializing "str(name)" structure: 0x%x", rc); \ -+ LOG_ERR("Error deserializing "str(name)" structure: 0x%x", rc); \ - LOG_ERR("The input file needs to be a valid "xstr(type)" data structure"); \ - return false; \ - } \ --- -2.31.0 - diff --git a/SOURCES/0001-lib-files.c-Fix-an-issue-where-execution-could-not-r.patch b/SOURCES/0001-lib-files.c-Fix-an-issue-where-execution-could-not-r.patch deleted file mode 100644 index 2039f11..0000000 --- a/SOURCES/0001-lib-files.c-Fix-an-issue-where-execution-could-not-r.patch +++ /dev/null @@ -1,42 +0,0 @@ -From a20415d6f1d3fa09300ff1181646fe7e1785fd15 Mon Sep 17 00:00:00 2001 -From: Imran Desai -Date: Sun, 29 Mar 2020 10:14:28 -0700 -Subject: [PATCH] lib/files.c: Fix an issue where execution could not reach - function return - -Signed-off-by: Imran Desai ---- - lib/files.c | 8 +++----- - 1 file changed, 3 insertions(+), 5 deletions(-) - -diff --git a/lib/files.c b/lib/files.c -index ef2170b079e1..501f88d11b48 100644 ---- a/lib/files.c -+++ b/lib/files.c -@@ -607,9 +607,7 @@ bool files_load_bytes_from_buffer_or_file_or_stdin(const char *input_buffer, - return true; - } - --// printf("Reading file: %s\n", path); --// printf("size: %u\n", *size); -- -+ bool retval = true; - /* Read from stdin */ - if (!input_buffer && !path) { - UINT16 read_bytes = 0; -@@ -640,10 +638,10 @@ bool files_load_bytes_from_buffer_or_file_or_stdin(const char *input_buffer, - return true; - } - } else if (path) { -- return files_load_bytes_from_path(path, buf, size); -+ retval = files_load_bytes_from_path(path, buf, size); - } - -- return false; -+ return retval; - } - - tool_rc files_save_ESYS_TR(ESYS_CONTEXT *ectx, ESYS_TR handle, const char *path) { --- -2.31.0 - diff --git a/SOURCES/0001-tools-tpm2_nvcertify.c-Fix-incompatible-pointer-cast.patch b/SOURCES/0001-tools-tpm2_nvcertify.c-Fix-incompatible-pointer-cast.patch deleted file mode 100644 index 509e6dc..0000000 --- a/SOURCES/0001-tools-tpm2_nvcertify.c-Fix-incompatible-pointer-cast.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 77d4592e3eec9ec2c7932586f41f925b43ecc5ba Mon Sep 17 00:00:00 2001 -From: Imran Desai -Date: Sun, 29 Mar 2020 10:22:42 -0700 -Subject: [PATCH] tools/tpm2_nvcertify.c: Fix incompatible pointer cast that - may cause memory leak - -Pointer "&ctx.size" and "&ctx.offset" points to an object whose effective type is -"unsigned short" (16 bits, unsigned) but is dereferenced as a wider -"unsigned int" (32 bits, unsigned). This may lead to memory corruption. - -Signed-off-by: Imran Desai ---- - tools/tpm2_nvcertify.c | 17 +++++++++++++++-- - 1 file changed, 15 insertions(+), 2 deletions(-) - -diff --git a/tools/tpm2_nvcertify.c b/tools/tpm2_nvcertify.c -index b49f38dbff20..414cbea85574 100644 ---- a/tools/tpm2_nvcertify.c -+++ b/tools/tpm2_nvcertify.c -@@ -80,6 +80,7 @@ static bool set_signature_format(char *value) { - static bool on_option(char key, char *value) { - - bool result = true; -+ uint32_t input_value; - - switch (key) { - case 'C': -@@ -110,18 +111,30 @@ static bool on_option(char key, char *value) { - ctx.policy_qualifier_arg = value; - break; - case 0: -- result = tpm2_util_string_to_uint32(value, (uint32_t*)&ctx.size); -+ result = tpm2_util_string_to_uint32(value, &input_value); - if (!result) { - LOG_ERR("Could not convert size to number, got: \"%s\"", value); - return false; - } -+ if (input_value > UINT16_MAX) { -+ LOG_ERR("Specified size is larger than that allowed by command"); -+ return false; -+ } else { -+ ctx.size = input_value; -+ } - break; - case 1: -- result = tpm2_util_string_to_uint32(value, (uint32_t*)&ctx.offset); -+ result = tpm2_util_string_to_uint32(value, &input_value); - if (!result) { - LOG_ERR("Could not convert offset to number, got: \"%s\"", value); - return false; - } -+ if (input_value > UINT16_MAX) { -+ LOG_ERR("Specified offset is larger than that allowed by command"); -+ return false; -+ } else { -+ ctx.offset = input_value; -+ } - break; - case 2: - ctx.certify_info_path = value; --- -2.31.0 - diff --git a/SOURCES/0001-tools-tpm2_nvreadpublic-Fix-resource-leak.patch b/SOURCES/0001-tools-tpm2_nvreadpublic-Fix-resource-leak.patch deleted file mode 100644 index 7d53c71..0000000 --- a/SOURCES/0001-tools-tpm2_nvreadpublic-Fix-resource-leak.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 023ec5c0eafe8dfb5b71e400cb0c2c337fb8c108 Mon Sep 17 00:00:00 2001 -From: Imran Desai -Date: Sun, 29 Mar 2020 10:49:12 -0700 -Subject: [PATCH] tools/tpm2_nvreadpublic: Fix resource leak - -Signed-off-by: Imran Desai ---- - tools/tpm2_nvreadpublic.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/tools/tpm2_nvreadpublic.c b/tools/tpm2_nvreadpublic.c -index 7f8e46cbf863..eca1fd715a79 100644 ---- a/tools/tpm2_nvreadpublic.c -+++ b/tools/tpm2_nvreadpublic.c -@@ -41,6 +41,7 @@ static tool_rc print_nv_public(ESYS_CONTEXT *context, TPMI_RH_NV_INDEX index, TP - rc = tpm2_tr_get_name(context, tr_handle, - &name); - if (rc != tool_rc_success) { -+ free(attrs); - return rc; - } - --- -2.31.0 - diff --git a/SOURCES/0001-tpm2_alg_util.c-fix-a-bug-where-the-string-rsa3072-w.patch b/SOURCES/0001-tpm2_alg_util.c-fix-a-bug-where-the-string-rsa3072-w.patch deleted file mode 100644 index 2869652..0000000 --- a/SOURCES/0001-tpm2_alg_util.c-fix-a-bug-where-the-string-rsa3072-w.patch +++ /dev/null @@ -1,28 +0,0 @@ -From c28932caef2036039901a91cf55eb7ff093c70f5 Mon Sep 17 00:00:00 2001 -From: Imran Desai -Date: Fri, 24 Jan 2020 15:53:39 -0700 -Subject: [PATCH] tpm2_alg_util.c: fix a bug where the string rsa3072 wasnt - being parsed - -Signed-off-by: Imran Desai ---- - lib/tpm2_alg_util.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/tpm2_alg_util.c b/lib/tpm2_alg_util.c -index b83c387a05bd..fcad480e0c3d 100644 ---- a/lib/tpm2_alg_util.c -+++ b/lib/tpm2_alg_util.c -@@ -301,6 +301,9 @@ static alg_parser_rc handle_rsa(const char *ext, TPM2B_PUBLIC *public) { - } else if (!strncmp(ext, "4096", 4)) { - r->keyBits = 4096; - ext += 4; -+ } else if (!strncmp(ext, "3072", 4)) { -+ r->keyBits = 3072; -+ ext += 4; - } else { - r->keyBits = 2048; - } --- -2.27.0 - diff --git a/SOURCES/0001-tpm2_create.c-Fix-an-issue-where-userwithauth-attr-c.patch b/SOURCES/0001-tpm2_create.c-Fix-an-issue-where-userwithauth-attr-c.patch deleted file mode 100644 index fbc402e..0000000 --- a/SOURCES/0001-tpm2_create.c-Fix-an-issue-where-userwithauth-attr-c.patch +++ /dev/null @@ -1,186 +0,0 @@ -From 696a17861c38b38fb2acf888119d918eb9c12329 Mon Sep 17 00:00:00 2001 -From: Imran Desai -Date: Thu, 21 May 2020 11:31:43 -0700 -Subject: [PATCH] tpm2_create.c: Fix an issue where userwithauth attr cleared - if policy specified - -Fixes #2037 - -Signed-off-by: Imran Desai ---- - man/tpm2_create.1.md | 9 +++- - test/integration/tests/import_tpm.sh | 78 +++++++++++++++++----------- - tools/tpm2_create.c | 10 ++-- - 3 files changed, 60 insertions(+), 37 deletions(-) - -diff --git a/man/tpm2_create.1.md b/man/tpm2_create.1.md -index e8e5eaac49c3..9a7ba33e6017 100644 ---- a/man/tpm2_create.1.md -+++ b/man/tpm2_create.1.md -@@ -13,7 +13,7 @@ - **tpm2_create**(1) - Create a child object. The object can either be a key or - a sealing object. A sealing object allows to seal user data to the TPM, with a - maximum size of 256 bytes. Additionally it will load the created object if the --**-o** is specified. -+**-c** is specified. - - # OPTIONS - -@@ -55,6 +55,13 @@ These options for creating the TPM entity: - and unsealing. I.e. one cannot use an object for sealing and cryptography - operations. - -+ When **-L** is specified for adding policy based authorization information -+ AND no string password is specified, the attribute `TPMA_OBJECT_USERWITHAUTH` -+ is cleared unless an explicit choice is made by setting of the attribute -+ with **-a** option. This prevents creation of objects with inadvertant auth -+ model where in user intended to enforce a policy but inadvertantly created -+ an object with empty auth which can be used instead of policy authorization. -+ - * **-i**, **\--sealing-input**=_FILE_ or _STDIN_: - - The data file to be sealed, optional. If file is -, read from stdin. -diff --git a/test/integration/tests/import_tpm.sh b/test/integration/tests/import_tpm.sh -index ff48185aba70..3d1e10820844 100755 ---- a/test/integration/tests/import_tpm.sh -+++ b/test/integration/tests/import_tpm.sh -@@ -54,8 +54,13 @@ load_new_parent() { - create_load_duplicatee() { - # Create the key we want to duplicate - create_policy dpolicy.dat TPM2_CC_Duplicate -- tpm2_create -Q -C primary.ctx -g sha256 -G $1 -p foo -r key.prv -u key.pub \ -- -L dpolicy.dat -a "sensitivedataorigin|decrypt|userwithauth" -+ if [ -z "$2" ];then -+ tpm2_create -Q -C primary.ctx -g sha256 -G $1 -r key.prv \ -+ -u key.pub -L dpolicy.dat -a "sensitivedataorigin|decrypt|userwithauth" -+ else -+ tpm2_create -Q -C primary.ctx -g sha256 -G $1 -p "$2" -r key.prv \ -+ -u key.pub -L dpolicy.dat -a "sensitivedataorigin|decrypt|userwithauth" -+ fi - # Load the key - tpm2_load -Q -C primary.ctx -r key.prv -u key.pub -c key.ctx - # Extract the public part for import later -@@ -113,34 +118,45 @@ for dup_key_type in aes rsa ecc; do - done - done - --# Part 2 : --# Create a rsa key (Kd) --# Encrypt a message using Kd --# Duplicate Kd --# Import & Load Kd --# Decrypt the message and verify --tpm2_createprimary -Q -C o -g sha256 -G rsa -c primary.ctx --# New parent ... --create_load_new_parent --# Key to be duplicated --create_load_duplicatee rsa --# Encrypt a secret message --echo "Mary had a little lamb ..." > plain.txt --tpm2_rsaencrypt -Q -c key.ctx -o cipher.txt plain.txt --# Duplicate the key --do_duplication null --# Remove, we're done with it --rm new_parent.ctx --# Load the full thing this time --load_new_parent --# Import & load the duplicate --do_import_load null --# Decrypt the secret message using duplicated key --tpm2_rsadecrypt -Q -p foo -c dup.ctx -o recovered.txt cipher.txt --# Check we got it right ... --diff recovered.txt plain.txt --# Cleanup --rm plain.txt recovered.txt cipher.txt --cleanup "no-shut-down" -+test_key_usage() { -+ # Part 2 : -+ # Create a rsa key (Kd) -+ # Encrypt a message using Kd -+ # Duplicate Kd -+ # Import & Load Kd -+ # Decrypt the message and verify -+ tpm2_createprimary -Q -C o -g sha256 -G rsa -c primary.ctx -+ # New parent ... -+ create_load_new_parent -+ # Key to be duplicated -+ create_load_duplicatee rsa "$1" -+ # Encrypt a secret message -+ echo "Mary had a little lamb ..." > plain.txt -+ tpm2_rsaencrypt -Q -c key.ctx -o cipher.txt plain.txt -+ # Duplicate the key -+ do_duplication null -+ # Remove, we're done with it -+ rm new_parent.ctx -+ # Load the full thing this time -+ load_new_parent -+ # Import & load the duplicate -+ do_import_load null -+ # Decrypt the secret message using duplicated key -+ if [ -z "$1" ];then -+ tpm2_rsadecrypt -Q -c dup.ctx -o recovered.txt cipher.txt -+ else -+ tpm2_rsadecrypt -Q -p "$1" -c dup.ctx -o recovered.txt cipher.txt -+ fi -+ # Check we got it right ... -+ diff recovered.txt plain.txt -+ # Cleanup -+ rm plain.txt recovered.txt cipher.txt -+ cleanup "no-shut-down" -+} -+ -+#Test key with password -+test_key_usage foo -+#Test key without password -+test_key_usage - - exit 0 -diff --git a/tools/tpm2_create.c b/tools/tpm2_create.c -index 941b77655f55..8e92cc747e17 100644 ---- a/tools/tpm2_create.c -+++ b/tools/tpm2_create.c -@@ -47,7 +47,7 @@ struct tpm_create_ctx { - TPML_PCR_SELECTION creation_pcr; - - struct { -- UINT8 b :1; -+ UINT8 a :1; - UINT8 i :1; - UINT8 L :1; - UINT8 u :1; -@@ -224,7 +224,7 @@ static bool on_option(char key, char *value) { - break; - case 'a': - ctx.object.attrs = value; -- ctx.flags.b = 1; -+ ctx.flags.a = 1; - break; - case 'i': - ctx.object.sealed_data = strcmp("-", value) ? value : NULL; -@@ -346,12 +346,12 @@ tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { - - ctx.object.alg = "keyedhash"; - -- if (!ctx.flags.b) { -+ if (!ctx.flags.a) { - attrs &= ~TPMA_OBJECT_SIGN_ENCRYPT; - attrs &= ~TPMA_OBJECT_DECRYPT; - attrs &= ~TPMA_OBJECT_SENSITIVEDATAORIGIN; - } -- } else if (!ctx.flags.b && !strncmp("hmac", ctx.object.alg, 4)) { -+ } else if (!ctx.flags.a && !strncmp("hmac", ctx.object.alg, 4)) { - attrs &= ~TPMA_OBJECT_DECRYPT; - } - -@@ -362,7 +362,7 @@ tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) { - return tool_rc_general_error; - } - -- if (ctx.flags.L && !ctx.object.auth_str) { -+ if (!ctx.flags.a && ctx.flags.L && !ctx.object.auth_str) { - ctx.object.public.publicArea.objectAttributes &= - ~TPMA_OBJECT_USERWITHAUTH; - } --- -2.27.0 - diff --git a/SOURCES/0001-tpm2_getekcertificate-add-default-web-address.patch b/SOURCES/0001-tpm2_getekcertificate-add-default-web-address.patch deleted file mode 100644 index 0183c76..0000000 --- a/SOURCES/0001-tpm2_getekcertificate-add-default-web-address.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 8c72f7402d8977807f531b08976760d62676cf8a Mon Sep 17 00:00:00 2001 -From: Imran Desai -Date: Thu, 23 Jan 2020 11:21:58 -0700 -Subject: [PATCH] tpm2_getekcertificate: add default web address - -Currently only Intel (R) PTT certificates are hosted online. -A default web address pointing to the endorsement key certificate -hosting will help reduce user input. - -Signed-off-by: Imran Desai ---- - test/integration/tests/getekcertificate.sh | 6 ++---- - tools/tpm2_getekcertificate.c | 1 + - 2 files changed, 3 insertions(+), 4 deletions(-) - -diff --git a/test/integration/tests/getekcertificate.sh b/test/integration/tests/getekcertificate.sh -index 33f4f8b2e4c0..e8c521756d2a 100755 ---- a/test/integration/tests/getekcertificate.sh -+++ b/test/integration/tests/getekcertificate.sh -@@ -38,12 +38,10 @@ else - fi - fi - --tpm2_getekcertificate -u test_ek.pub -x -X -o ECcert.bin \ --https://ekop.intel.com/ekcertservice/ -+tpm2_getekcertificate -u test_ek.pub -x -X -o ECcert.bin - - # Test that stdoutput is the same --tpm2_getekcertificate -u test_ek.pub -x https://ekop.intel.com/ekcertservice/ \ ---X > ECcert2.bin -+tpm2_getekcertificate -u test_ek.pub -x -X > ECcert2.bin - - # stdout file should match -E file. - cmp ECcert.bin ECcert2.bin -diff --git a/tools/tpm2_getekcertificate.c b/tools/tpm2_getekcertificate.c -index 233d04d8b3d7..6a8fe894bb1c 100644 ---- a/tools/tpm2_getekcertificate.c -+++ b/tools/tpm2_getekcertificate.c -@@ -32,6 +32,7 @@ struct tpm_getekcertificate_ctx { - - static tpm_getekcertificate_ctx ctx = { - .is_tpm2_device_active = true, -+ .ek_server_addr = "https://ekop.intel.com/ekcertservice/", - }; - - static unsigned char *hash_ek_public(void) { --- -2.31.0 - diff --git a/SOURCES/0001-tpm2_hierarchycontrol-Fixed-bug-where-hierarchycontr.patch b/SOURCES/0001-tpm2_hierarchycontrol-Fixed-bug-where-hierarchycontr.patch deleted file mode 100644 index 0d4b89b..0000000 --- a/SOURCES/0001-tpm2_hierarchycontrol-Fixed-bug-where-hierarchycontr.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 334b4c739fa575fb4ea58f92df6de87c38e59e15 Mon Sep 17 00:00:00 2001 -From: Imran Desai -Date: Thu, 23 Jan 2020 08:06:56 -0700 -Subject: [PATCH] tpm2_hierarchycontrol: Fixed bug where hierarchycontrol - operation failed silently - -Fixes #1841 - -Signed-off-by: Imran Desai ---- - tools/tpm2_hierarchycontrol.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/tools/tpm2_hierarchycontrol.c b/tools/tpm2_hierarchycontrol.c -index 0baf2ca487d3..7e9e2c657544 100644 ---- a/tools/tpm2_hierarchycontrol.c -+++ b/tools/tpm2_hierarchycontrol.c -@@ -32,8 +32,14 @@ static tool_rc hierarchycontrol(ESYS_CONTEXT *ectx) { - ctx.enable == TPM2_RH_ENDORSEMENT ? "ehEnable" : "phEnableNV", - ctx.state ? "SET" : "CLEAR"); - -- return tpm2_hierarchycontrol(ectx, &ctx.auth_hierarchy.object, ctx.enable, -- ctx.state); -+ tool_rc rc = tpm2_hierarchycontrol(ectx, &ctx.auth_hierarchy.object, -+ ctx.enable, ctx.state); -+ -+ if (rc != tool_rc_success) { -+ LOG_ERR("Failed hierarchycontrol operation."); -+ } -+ -+ return rc; - } - - bool on_arg(int argc, char **argv) { --- -2.27.0 - diff --git a/SOURCES/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch b/SOURCES/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch deleted file mode 100644 index 53814a4..0000000 --- a/SOURCES/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch +++ /dev/null @@ -1,46 +0,0 @@ -From c069e4f179d5e6653a84fb236816c375dca82515 Mon Sep 17 00:00:00 2001 -From: William Roberts -Date: Fri, 21 May 2021 12:22:31 -0500 -Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565 - -tpm2_import used a fixed AES key for the inner wrapper, which means that -a MITM attack would be able to unwrap the imported key. Even the -use of an encrypted session will not prevent this. The TPM only -encrypts the first parameter which is the fixed symmetric key. - -To fix this, ensure the key size is 16 bytes or bigger and use -OpenSSL to generate a secure random AES key. - -Fixes: #2738 - -Signed-off-by: William Roberts ---- - tools/tpm2_import.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c -index cfb6f207ba9c..f44326c87e7e 100644 ---- a/tools/tpm2_import.c -+++ b/tools/tpm2_import.c -@@ -118,7 +118,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub, - TPM2B_DATA enc_sensitive_key = { - .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8 - }; -- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size); -+ -+ if(enc_sensitive_key.size < 16) { -+ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size); -+ return tool_rc_general_error; -+ } -+ -+ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size); -+ if (ossl_rc != 1) { -+ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL)); -+ return tool_rc_general_error; -+ } - - /* - * Calculate the object name. --- -2.31.0 - diff --git a/SOURCES/0001-tpm2_nvdefine.c-Fixed-error-reporting-message.patch b/SOURCES/0001-tpm2_nvdefine.c-Fixed-error-reporting-message.patch deleted file mode 100644 index da77107..0000000 --- a/SOURCES/0001-tpm2_nvdefine.c-Fixed-error-reporting-message.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 652322f7278ec8c384fde9ec2204b06d084a24e4 Mon Sep 17 00:00:00 2001 -From: Imran Desai -Date: Thu, 23 Jan 2020 07:54:58 -0700 -Subject: [PATCH] tpm2_nvdefine.c: Fixed error reporting message - -Fixes #1861 - -NV define failure error message had the wording to suggest NV index -was successfully defined. - -Signed-off-by: Imran Desai ---- - tools/tpm2_nvdefine.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tools/tpm2_nvdefine.c b/tools/tpm2_nvdefine.c -index cb2949c4dddc..71203cb6c80d 100644 ---- a/tools/tpm2_nvdefine.c -+++ b/tools/tpm2_nvdefine.c -@@ -65,7 +65,7 @@ static tool_rc nv_space_define(ESYS_CONTEXT *ectx) { - tool_rc rc = tpm2_nv_definespace(ectx, &ctx.auth_hierarchy.object, - &ctx.nv_auth, &public_info); - if (rc != tool_rc_success) { -- LOG_INFO("Success to define NV area at index 0x%x.", ctx.nv_index); -+ LOG_ERR("Failed to create NV index 0x%x.", ctx.nv_index); - return rc; - } - --- -2.27.0 - diff --git a/SOURCES/0001-tpm2_policy.c-restrict-policy-digest-size.patch b/SOURCES/0001-tpm2_policy.c-restrict-policy-digest-size.patch deleted file mode 100644 index c481309..0000000 --- a/SOURCES/0001-tpm2_policy.c-restrict-policy-digest-size.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e556da0a2099573f82391c16477fba08584a7a12 Mon Sep 17 00:00:00 2001 -From: Imran Desai -Date: Tue, 10 Mar 2020 09:15:55 -0700 -Subject: [PATCH] tpm2_policy.c: restrict policy digest size - -Fixes #1916 - -Signed-off-by: Imran Desai ---- - lib/tpm2_policy.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/tpm2_policy.c b/lib/tpm2_policy.c -index 6c352b2b41ae..01387ba01645 100644 ---- a/lib/tpm2_policy.c -+++ b/lib/tpm2_policy.c -@@ -163,7 +163,7 @@ tool_rc tpm2_policy_build_policyauthorize(ESYS_CONTEXT *ectx, - bool result = true; - TPM2B_DIGEST approved_policy = { .size = 0 }; - if (policy_digest_path) { -- approved_policy.size = UINT16_MAX; -+ approved_policy.size = sizeof(TPMU_HA); - result = files_load_bytes_from_path(policy_digest_path, - approved_policy.buffer, &approved_policy.size); - } --- -2.31.0 - diff --git a/SOURCES/0001-tpm2_policycountertimer-Fix-an-issue-where-operandB-.patch b/SOURCES/0001-tpm2_policycountertimer-Fix-an-issue-where-operandB-.patch deleted file mode 100644 index ea4bab1..0000000 --- a/SOURCES/0001-tpm2_policycountertimer-Fix-an-issue-where-operandB-.patch +++ /dev/null @@ -1,30 +0,0 @@ -From cab7b3edcc6a44aece0642c0c2621a4bb70d449b Mon Sep 17 00:00:00 2001 -From: Imran Desai -Date: Tue, 10 Mar 2020 18:19:04 -0700 -Subject: [PATCH] tpm2_policycountertimer: Fix an issue where operandB array - was reversed - -Signed-off-by: Imran Desai ---- - tools/tpm2_policycountertimer.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/tools/tpm2_policycountertimer.c b/tools/tpm2_policycountertimer.c -index 1c72d525dab7..170a544f2203 100644 ---- a/tools/tpm2_policycountertimer.c -+++ b/tools/tpm2_policycountertimer.c -@@ -81,7 +81,10 @@ static bool convert_keyvalue_to_operand_buffer(const char *value, - } - - ctx.operand_b.size = size; -- memcpy(ctx.operand_b.buffer, &data.b, size); -+ size_t i = 0; -+ for (i = 0; i < size; i++) { -+ ctx.operand_b.buffer[i] = *(&data.b + size - i - 1); -+ } - - return true; - } --- -2.31.0 - diff --git a/SOURCES/0001-tpm2_policyor-Silent-failure-bug-fix-for-invalid-uns.patch b/SOURCES/0001-tpm2_policyor-Silent-failure-bug-fix-for-invalid-uns.patch deleted file mode 100644 index c6a5e86..0000000 --- a/SOURCES/0001-tpm2_policyor-Silent-failure-bug-fix-for-invalid-uns.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 44d0d2d17dc693e029e0557ec985c9b68c3efeb5 Mon Sep 17 00:00:00 2001 -From: Imran Desai -Date: Wed, 22 Jan 2020 14:15:48 -0700 -Subject: [PATCH] tpm2_policyor: Silent failure bug fix for invalid/unspecified - policy digest alg - -Signed-off-by: Imran Desai ---- - lib/tpm2_policy.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/tpm2_policy.c b/lib/tpm2_policy.c -index 3d9b5491f9ce..8460bd1d9ae9 100644 ---- a/lib/tpm2_policy.c -+++ b/lib/tpm2_policy.c -@@ -588,6 +588,7 @@ bool tpm2_policy_parse_policy_list(char *str, TPML_DIGEST *policy_list) { - hash = tpm2_alg_util_from_optarg(subtoken, - tpm2_alg_util_flags_hash); - if (hash == TPM2_ALG_ERROR) { -+ LOG_ERR("Invalid/ Unspecified policy digest algorithm."); - return false; - } - } --- -2.27.0 - diff --git a/SPECS/tpm2-tools.spec b/SPECS/tpm2-tools.spec deleted file mode 100644 index 65f2e6f..0000000 --- a/SPECS/tpm2-tools.spec +++ /dev/null @@ -1,227 +0,0 @@ -Name: tpm2-tools -Version: 4.1.1 -Release: 5%{?dist} -Summary: A TPM2.0 testing tool build upon TPM2.0-TSS - -License: BSD -URL: https://github.com/tpm2-software/tpm2-tools -Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/%{name}-%{version}.tar.gz -Patch0: 0001-tpm2_hierarchycontrol-Fixed-bug-where-hierarchycontr.patch -Patch1: 0001-tpm2_nvdefine.c-Fixed-error-reporting-message.patch -Patch2: 0001-tpm2_policyor-Silent-failure-bug-fix-for-invalid-uns.patch -Patch3: 0001-tpm2_alg_util.c-fix-a-bug-where-the-string-rsa3072-w.patch -Patch4: 0001-Fix-ESYS_TR-hierarchy-transition.patch -Patch5: 0001-Refactor-fix_esys_hierarchies.patch -Patch6: 0001-tpm2_create.c-Fix-an-issue-where-userwithauth-attr-c.patch -Patch7: 0001-tpm2_getekcertificate-add-default-web-address.patch -Patch8: 0001-lib-files-fix-an-error-message-in-files_load_-name.patch -Patch9: 0001-tpm2_policy.c-restrict-policy-digest-size.patch -Patch10: 0001-tpm2_policycountertimer-Fix-an-issue-where-operandB-.patch -Patch11: 0001-tools-tpm2_nvcertify.c-Fix-incompatible-pointer-cast.patch -Patch12: 0001-tools-tpm2_nvreadpublic-Fix-resource-leak.patch -Patch13: 0001-lib-files.c-Fix-an-issue-where-execution-could-not-r.patch -Patch14: 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch - -BuildRequires: gcc-c++ -BuildRequires: libtool -BuildRequires: autoconf-archive -BuildRequires: pandoc -BuildRequires: pkgconfig(cmocka) -BuildRequires: pkgconfig(libcurl) -BuildRequires: pkgconfig(openssl) -# tpm2-tss-devel provides tss2-mu/sys/esys package config -BuildRequires: pkgconfig(tss2-mu) -BuildRequires: pkgconfig(tss2-sys) -BuildRequires: pkgconfig(tss2-esys) - -# tpm2-tools is heavily depending on TPM2.0-TSS project, matched tss is required -Requires: tpm2-tss%{?_isa} >= 2.3.2-1%{?dist} - -# tpm2-tools project changed the install path for binaries and man page section -Obsoletes: tpm2-tools <= 2.1.1-2 - -%description -tpm2-tools is a batch of testing tools for tpm2.0. It is based on tpm2-tss. - -%prep -%autosetup -p1 -n %{name}-%{version} - -%build -%configure --prefix=/usr --disable-static --disable-silent-rules -%make_build - -%install -%make_install - -%files -%doc README.md CHANGELOG.md -%license LICENSE -%{_bindir}/tpm2_* -%{_datadir}/bash-completion/completions/tpm2* -%{_mandir}/man1/tpm2_*.1.gz - -%changelog -* Mon Aug 09 2021 Jerry Snitselaar - 4.1.1-5 -- Bump nvr to trigger osci. -resolves: rhbz#1965981 - -* Tue Jun 01 2021 Jerry Snitselaar - 4.1.1-4 -- Fix CVE-2021-3565 -resolves: rhbz#1965981 - -* Fri May 14 2021 Jerry Snitselaar - 4.1.1-3 -- Fix resource leak. -- Fix to restrict policy digest size. -- Fix incompatible pointer cast. -- Fix error message in files_load_##name -- Fix issue where execution couldn't reach function return. -resolves: rhbz#1920821 - -* Mon Nov 16 2020 Jerry Snitselaar - 4.1.1-2 -- Fix ESYS_TR hierarchy transition. -- Refactor fix_esys_hierarchies to return actual TSS2_RC return code. -- tpm2_alg_util.c: fix a bug where the string rsa3072 wasn't being parsed. -- tpm2_create.c: Fix an issue where userwithauth attr cleared if policy specified. -- tpm2_hierarchycontrol: Fix bug where hierarchycontrol operation failed silently. -- tpm2_nvdefine.c: Fix error reporting message. -- tpm2_policyor: Fix silent failure for invalid/unspecified policy digest alg. -resolves: rhbz#1854774 - -* Wed Apr 29 2020 Jerry Snitselaar - 4.1.1-1 -- Update to 4.1.1 release -resolves: rhbz#1789682 - -* Tue Oct 22 2019 Jerry Snitselaar - 3.2.1-1 -- Update to 3.2.1 release -resolves: rhbz#1725714 - -* Tue May 28 2019 Jerry Snitselaar - 3.1.4-5 -- Another dependency needed for CI gating -resolves: rhbz#1682417 - -* Tue May 28 2019 Jerry Snitselaar - 3.1.4-4 -- Fix CI dependency -resolves: rhbz#1682417 - -* Tue May 28 2019 Jerry Snitselaar - 3.1.4-3 -- Add CI gating test -resolves: rhbz#1682417 - -* Tue May 14 2019 Jerry Snitselaar - 3.1.4-2 -- Add initial CI gating support -resolves: rhbz#1682417 - -* Tue Apr 30 2019 Jerry Snitselaar - 3.1.4-1 -- Rebase to 3.1.4 release. -resolves: rhbz#1664498 - -* Thu Nov 08 2018 Jerry Snitselaar - 3.1.1-4 -- lib/tpm2_options: restore TCTI configuration environment variables -- tpm2_getcap: restore tool output to print properties with TPM_PT prefix -resolves: rhbz#1648001 - -* Sat Jul 14 2018 Javier Martinez Canillas - - 3.1.1-3 -- Revert backward incompatible change that removes default object attributes - -* Sat Jul 14 2018 Fedora Release Engineering - 3.1.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Thu Jul 12 2018 Yunying Sun - 3.1.1-1 -- Update to 3.1.1 release - -* Thu Jul 5 2018 Yunying Sun - 3.1.0-1 -- Update Requires version of tpm2-tss to 2.0.0 -- Remove BuildRequires for tcti-abrmd since it is optional -- Remove BuildRequires for tcti-{device,mssim} as it is now dynamically loaded -- Update to 3.1.0 release - -* Mon Apr 30 2018 Javier Martinez Canillas - 3.0.4-1 -- Update URLs to point to the new project location -- Update to 3.0.4 release - -* Wed Feb 21 2018 Javier Martinez Canillas - 3.0.3-3 -- Remove ExclusiveArch: x86_64 directive - -* Fri Feb 09 2018 Fedora Release Engineering - 3.0.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Tue Jan 16 2018 Javier Martinez Canillas - 3.0.3-1 -- Update to 3.0.3 release - -* Mon Dec 18 2017 Javier Martinez Canillas - 3.0.2-1 -- Update to 3.0.2 release - -* Tue Dec 12 2017 Javier Martinez Canillas - 3.0.1-1 -- Update to 3.0.1 release (RHBZ#1512743) -- Download the generated tarball provided instead of the source code tarball - -* Fri Dec 08 2017 Javier Martinez Canillas - 3.0-1 -- Update to 3.0 release - -* Wed Nov 29 2017 Javier Martinez Canillas - 3.0-0.1.rc1 -- Update to 3.0 release candidate 1 -- Update URLs to point to the new project location -- Make the package to obsolete version 2.1.1 - -* Wed Nov 01 2017 Javier Martinez Canillas - 2.1.1-1 -- Rename remaining tpm2.0-tools prefixes to tpm2-tools -- Remove global pkg_prefix since now the upstream repo and package names match -- Remove downstream patches since now these are in the latest upstream release -- Update to 2.1.1 release (RHBZ#1504438) - -* Thu Oct 19 2017 Jerry Snitselaar - 2.1.0-7 -- Clean up potential memleak (RHBZ#1503959) - -* Thu Oct 05 2017 Javier Martinez Canillas - 2.1.0-6 -- Add tpm2-abrmd-devel BuildRequires so tools have abrmd support (RHBZ#1498909) - -* Fri Aug 18 2017 Javier Martinez Canillas - 2.1.0-5 -- Remove unneeded source tarballs (RHBZ#1482830) - -* Tue Aug 15 2017 Sun Yunying - 2.1.0-4 -- Add patch to fix build error when openssl-devel is installed(RHBZ#1481236) - -* Thu Aug 03 2017 Fedora Release Engineering - 2.1.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Mon Jul 31 2017 Sun Yunying - 2.1.0-2 -- Add patch to fix gcc7 complaining about implicit-fallthrough cases - -* Fri Jul 28 2017 Sun Yunying - 2.1.0-1 -- Update to latest upstream release 2.1.0 - -* Fri Jul 28 2017 Sun Yunying - 1.1.0-9 -- Update Requires dependency so that tpm2-tss update won't break tpm2-tools - -* Thu Jul 27 2017 Fedora Release Engineering - 1.1.0-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Wed May 10 2017 Sun Yunying - 1.1.0-7 -- Only update release version to make fedpkg build works for f26 - -* Wed Mar 1 2017 Sun Yunying - 1.1.0-6 -- Update tpm2-tss version to 1.0-3 to fix broken dependency on f26 - -* Sat Feb 11 2017 Fedora Release Engineering - 1.1.0-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Fri Jan 20 2017 Sun Yunying - 1.1.0-4 -- Dependency check failed for Requires again, here to fix this -- Update release version and changelog - -* Thu Jan 19 2017 Sun Yunying - 1.1.0-3 -- Change spec file permission to 644 to avoid rpmlint complain -- Update Requires to fix dependency check error reported in Bodhi -- Remove tpm2-tss-devel version in BuildRequires comment -- Update release version and changelog - -* Wed Dec 21 2016 Sun Yunying - 1.1.0-2 -- Remove pkg_version to avoid dupliate use of version -- Remove redundant BuildRequires for autoconf/automake/pkgconfig -- Add comments for BuildRequires of sapi/tcti-device/tcti-socket -- Use ExclusiveArch instead of ExcludeArch -- Requires tpm2-tss version updated to 1.0-2 -- Updated release version and changelog - -* Fri Dec 2 2016 Sun Yunying - 1.1.0-1 -- Initial version of the package diff --git a/sources b/sources new file mode 100644 index 0000000..946a104 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (tpm2-tools-5.7.tar.gz) = 629b0b1826815877f452935285f7b3fe0f32bd24fe9130eb169a2dc9b7b254a737797043af9eea68be706b87c32ab2b7189151360c9c00bc5c31dce62a799670 diff --git a/tpm2-tools.spec b/tpm2-tools.spec new file mode 100644 index 0000000..652b666 --- /dev/null +++ b/tpm2-tools.spec @@ -0,0 +1,312 @@ +#global candidate rc1 + +Name: tpm2-tools +Version: 5.7 +Release: 2%{?candidate:.%{candidate}}%{?dist} +Summary: A bunch of TPM testing toolS build upon tpm2-tss + +License: BSD-3-Clause +URL: https://github.com/tpm2-software/tpm2-tools +Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}%{?candidate:-%{candidate}}/%{name}-%{version}%{?candidate:-%{candidate}}.tar.gz + +BuildRequires: make +BuildRequires: gcc-c++ +BuildRequires: libtool +BuildRequires: autoconf-archive +%if ! 0%{?rhel} +BuildRequires: pandoc +%endif +BuildRequires: pkgconfig(cmocka) +BuildRequires: pkgconfig(libcurl) +BuildRequires: pkgconfig(openssl) +# tpm2-tss-devel provides tss2-mu/sys/esys package config +BuildRequires: pkgconfig(tss2-mu) >= 3.1.0 +BuildRequires: pkgconfig(tss2-sys) >= 3.1.0 +BuildRequires: pkgconfig(tss2-esys) >= 3.1.0 +BuildRequires: pkgconfig(uuid) + +# tpm2-tools is heavily depending on TPM2.0-TSS project, matched tss is required +Requires: tpm2-tss%{?_isa} >= 3.1.0 + +%description +tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss. + +%prep +%autosetup -p1 -n %{name}-%{version}%{?candidate:-%{candidate}} + +%build +%configure --prefix=/usr --disable-static --disable-silent-rules +%make_build + +%install +%make_install + +%files +%license docs/LICENSE +%doc docs/README.md docs/CHANGELOG.md +%{_bindir}/tpm2 +%{_bindir}/tpm2_* +%{_bindir}/tss2 +%{_bindir}/tss2_* +%{_datadir}/bash-completion/completions/tpm2* +%{_datadir}/bash-completion/completions/tss2* +%{_mandir}/man1/tpm2_*.1.gz +%{_mandir}/man1/tpm2.1.gz +%{_mandir}/man1/tss2_*.1.gz + +%changelog +* Wed May 22 2024 Štěpán Horáček - 5.7-2 +- Rebuild for gating + Resolves: RHEL-23199 + +* Tue May 14 2024 Štěpán Horáček - 5.7-1 +- Update to 5.7 + Resolves: RHEL-23199 + +* Sat Jan 27 2024 Fedora Release Engineering - 5.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Nov 12 2023 Peter Robinson - 5.6-1 +- Update to 5.6 + +* Tue Sep 26 2023 Štěpán Horáček - 5.5-5 +- Migrate license to SPDX + +* Sat Jul 22 2023 Fedora Release Engineering - 5.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Mon Apr 17 2023 Anderson Toshiyuki Sasaki - 5.5-3 +- Disable compiler optimization to fix LTO + FORTIFY_SOURCE=3 issue + Resolves rhbz#2171376 + +* Tue Feb 21 2023 Yaakov Selkowitz - 5.5-2 +- Disable manpage regeneration in RHEL/ELN builds + +* Thu Feb 16 2023 Peter Robinson - 5.5-1 +- Update to 5.5 + +* Sat Jan 21 2023 Fedora Release Engineering - 5.5-0.2.rc1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Dec 19 2022 Peter Robinson - 5.5-0.1.rc1 +- Update to 5.5-RC1 +- Enable LTO (RHBZ#1986628) + +* Thu Dec 08 2022 Peter Robinson - 5.4-1 +- Update to 5.4 + +* Wed Sep 28 2022 Peter Robinson - 5.3-1 +- Update to 5.3 + +* Sat Jul 23 2022 Fedora Release Engineering - 5.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat Jan 22 2022 Fedora Release Engineering - 5.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Sat Oct 02 2021 Peter Robinson - 5.2-1 +- Update to 5.2 + +* Tue Sep 14 2021 Sahana Prasad - 5.1.1-3 +- Rebuilt with OpenSSL 3.0.0 + +* Fri Jul 23 2021 Fedora Release Engineering - 5.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon Jun 21 2021 Peter Robinson - 5.1.1-1 +- Update to 5.1.1 +- Fixes CVE-2021-3565 (rhbz 1964428) + +* Tue May 25 2021 Peter Robinson - 5.1-1 +- Update to 5.1 + +* Wed Jan 27 2021 Fedora Release Engineering - 5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Nov 23 2020 Peter Robinson - 5.0-1 +- Update tp tpm2-tools 5.0 + +* Sat Aug 29 2020 Peter Robinson - 4.3.0-1 +- Update to 4.3.0 + +* Mon Aug 10 2020 Peter Robinson - 4.2.1-4 +- Rebuild for tpm2-tss 3.0 + +* Wed Jul 29 2020 Fedora Release Engineering - 4.2.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jun 30 2020 Jeff Law - 4.2.1-2 +- Disable LTO due to latent uninitialized variable exposed by LTO + +* Wed May 27 2020 Peter Robinson - 4.2.1-1 +- Update to 4.2.1 + +* Tue Apr 14 2020 Peter Robinson - 4.2-1 +- Update to 4.2 + +* Fri Jan 31 2020 Fedora Release Engineering - 4.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Nov 28 2019 Yunying Sun - 4.1-1 +- Update to 4.1 release + +* Tue Oct 29 2019 Yunying Sun - 4.0.1-1 +- Update to 4.0.1 release + +* Tue Sep 10 2019 Peter Robinson 4.0-1 +- Update to 4.0 + +* Fri Sep 6 2019 Javier Martinez Canillas 4.0-0.4-rc2 +- Use a release tarball instead of a source code tarball + +* Fri Sep 6 2019 Peter Robinson 4.0-0.3-rc2 +- Update to 4.0 RC2 + +* Tue Aug 27 2019 Peter Robinson 4.0-0.2-rc1 +- Update to 4.0 RC1 + +* Tue Aug 20 2019 Peter Robinson 4.0-0.1-rc0 +- Update to 4.0 RC0 + +* Thu Aug 1 2019 Peter Robinson 3.2.0-3 +- Fix for crash for max PCRs available + +* Sat Jul 27 2019 Fedora Release Engineering - 3.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Jun 21 2019 Yunying Sun - 3.2.0-1 +- Update to 3.2.0 release +- Removed patches since all have been included in 3.2.0 release + +* Fri May 10 2019 Javier Martinez Canillas - 3.1.4-2 +- Allow tpm2_makecredential to run without a TPM (jetwhiz) +- Add tpm2_pcrreset and tpm2_checkquote tools (jetwhiz) + +* Fri Mar 15 2019 Yunying Sun - 3.1.4-1 +- Update to 3.1.4 release +- Removed the 4 patches since all have been included in 3.1.4 release + +* Sun Feb 03 2019 Fedora Release Engineering - 3.1.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 7 2019 Javier Martinez Canillas - 3.1.3-3 +- Fix broken -T option when passing additional arguments + +* Mon Jan 7 2019 Javier Martinez Canillas - 3.1.3-2 +- Fix broken -T option and a couple of minor fixes +- Add pandoc BuildRequires + +* Wed Nov 7 2018 Yunying Sun - 3.1.3-1 +- Update to 3.1.3 release + +* Wed Sep 12 2018 Javier Martinez Canillas - 3.1.2-1 +- Update to 3.1.2 release +- Restore TCTI configuration environment for tools +- Restore tpm2_getcap tool properties output + Resolves: rhbz#1625647 + +* Sat Jul 14 2018 Javier Martinez Canillas - 3.1.1-3 +- Revert backward incompatible change that removes default object attributes + +* Sat Jul 14 2018 Fedora Release Engineering - 3.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Jul 12 2018 Yunying Sun - 3.1.1-1 +- Update to 3.1.1 release + +* Thu Jul 5 2018 Yunying Sun - 3.1.0-1 +- Update Requires version of tpm2-tss to 2.0.0 +- Remove BuildRequires for tcti-abrmd since it is optional +- Remove BuildRequires for tcti-{device,mssim} as it is now dynamically loaded +- Update to 3.1.0 release + +* Mon Apr 30 2018 Javier Martinez Canillas - 3.0.4-1 +- Update URLs to point to the new project location +- Update to 3.0.4 release + +* Wed Feb 21 2018 Javier Martinez Canillas - 3.0.3-3 +- Remove ExclusiveArch: x86_64 directive + +* Fri Feb 09 2018 Fedora Release Engineering - 3.0.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Jan 16 2018 Javier Martinez Canillas - 3.0.3-1 +- Update to 3.0.3 release + +* Mon Dec 18 2017 Javier Martinez Canillas - 3.0.2-1 +- Update to 3.0.2 release + +* Tue Dec 12 2017 Javier Martinez Canillas - 3.0.1-1 +- Update to 3.0.1 release (RHBZ#1512743) +- Download the generated tarball provided instead of the source code tarball + +* Fri Dec 08 2017 Javier Martinez Canillas - 3.0-1 +- Update to 3.0 release + +* Wed Nov 29 2017 Javier Martinez Canillas - 3.0-0.1.rc1 +- Update to 3.0 release candidate 1 +- Update URLs to point to the new project location +- Make the package to obsolete version 2.1.1 + +* Wed Nov 01 2017 Javier Martinez Canillas - 2.1.1-1 +- Rename remaining tpm2.0-tools prefixes to tpm2-tools +- Remove global pkg_prefix since now the upstream repo and package names match +- Remove downstream patches since now these are in the latest upstream release +- Update to 2.1.1 release (RHBZ#1504438) + +* Thu Oct 19 2017 Jerry Snitselaar - 2.1.0-7 +- Clean up potential memleak (RHBZ#1503959) + +* Thu Oct 05 2017 Javier Martinez Canillas - 2.1.0-6 +- Add tpm2-abrmd-devel BuildRequires so tools have abrmd support (RHBZ#1498909) + +* Fri Aug 18 2017 Javier Martinez Canillas - 2.1.0-5 +- Remove unneeded source tarballs (RHBZ#1482830) + +* Tue Aug 15 2017 Sun Yunying - 2.1.0-4 +- Add patch to fix build error when openssl-devel is installed(RHBZ#1481236) + +* Thu Aug 03 2017 Fedora Release Engineering - 2.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Mon Jul 31 2017 Sun Yunying - 2.1.0-2 +- Add patch to fix gcc7 complaining about implicit-fallthrough cases + +* Fri Jul 28 2017 Sun Yunying - 2.1.0-1 +- Update to latest upstream release 2.1.0 + +* Fri Jul 28 2017 Sun Yunying - 1.1.0-9 +- Update Requires dependency so that tpm2-tss update won't break tpm2-tools + +* Thu Jul 27 2017 Fedora Release Engineering - 1.1.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed May 10 2017 Sun Yunying - 1.1.0-7 +- Only update release version to make fedpkg build works for f26 + +* Wed Mar 1 2017 Sun Yunying - 1.1.0-6 +- Update tpm2-tss version to 1.0-3 to fix broken dependency on f26 + +* Sat Feb 11 2017 Fedora Release Engineering - 1.1.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 20 2017 Sun Yunying - 1.1.0-4 +- Dependency check failed for Requires again, here to fix this +- Update release version and changelog + +* Thu Jan 19 2017 Sun Yunying - 1.1.0-3 +- Change spec file permission to 644 to avoid rpmlint complain +- Update Requires to fix dependency check error reported in Bodhi +- Remove tpm2-tss-devel version in BuildRequires comment +- Update release version and changelog + +* Wed Dec 21 2016 Sun Yunying - 1.1.0-2 +- Remove pkg_version to avoid dupliate use of version +- Remove redundant BuildRequires for autoconf/automake/pkgconfig +- Add comments for BuildRequires of sapi/tcti-device/tcti-socket +- Use ExclusiveArch instead of ExcludeArch +- Requires tpm2-tss version updated to 1.0-2 +- Updated release version and changelog + +* Fri Dec 2 2016 Sun Yunying - 1.1.0-1 +- Initial version of the package