Compare commits
1 Commits
Author | SHA1 | Date | |
---|---|---|---|
ffdfe39f8c |
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/tpm2-tools-4.1.1.tar.gz
|
tpm2-tools-5.7.tar.gz
|
||||||
|
@ -1 +0,0 @@
|
|||||||
d097d321237983435f05c974533ad90e6f20acef SOURCES/tpm2-tools-4.1.1.tar.gz
|
|
@ -1,80 +0,0 @@
|
|||||||
From e607f78a054acfdbe119499c3608bdb2a44423d9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Fuchs <andreas.fuchs@sit.fraunhofer.de>
|
|
||||||
Date: Thu, 7 May 2020 11:51:17 +0200
|
|
||||||
Subject: [PATCH] Fix ESYS_TR hierarchy transition
|
|
||||||
|
|
||||||
Fix those cases of TPM2_RH_ to ESYS_TR_RH_ translations that were missed in
|
|
||||||
780800c0be69a49b9097f8eae653cdb0623d2100
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Fuchs <andreas.fuchs@sit.fraunhofer.de>
|
|
||||||
---
|
|
||||||
lib/tpm2.c | 20 ++++++++++++++------
|
|
||||||
1 file changed, 14 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/tpm2.c b/lib/tpm2.c
|
|
||||||
index e7ff77047bef..909a4422339d 100644
|
|
||||||
--- a/lib/tpm2.c
|
|
||||||
+++ b/lib/tpm2.c
|
|
||||||
@@ -656,6 +656,12 @@ uint32_t fix_esys_hierarchy(TPMI_RH_HIERARCHY hierarchy)
|
|
||||||
{
|
|
||||||
#if defined(ESYS_3_0)
|
|
||||||
switch (hierarchy) {
|
|
||||||
+ case ESYS_TR_RH_NULL:
|
|
||||||
+ case ESYS_TR_RH_OWNER:
|
|
||||||
+ case ESYS_TR_RH_ENDORSEMENT:
|
|
||||||
+ case ESYS_TR_RH_PLATFORM:
|
|
||||||
+ case ESYS_TR_RH_PLATFORM_NV:
|
|
||||||
+ return hierarchy;
|
|
||||||
case TPM2_RH_NULL:
|
|
||||||
return ESYS_TR_RH_NULL;
|
|
||||||
case TPM2_RH_OWNER:
|
|
||||||
@@ -664,14 +670,16 @@ uint32_t fix_esys_hierarchy(TPMI_RH_HIERARCHY hierarchy)
|
|
||||||
return ESYS_TR_RH_ENDORSEMENT;
|
|
||||||
case TPM2_RH_PLATFORM:
|
|
||||||
return ESYS_TR_RH_PLATFORM;
|
|
||||||
+ case TPM2_RH_PLATFORM_NV:
|
|
||||||
+ return ESYS_TR_RH_PLATFORM_NV;
|
|
||||||
default:
|
|
||||||
- return TSS2_ESYS_RC_BAD_VALUE;
|
|
||||||
+ LOG_ERR("An unknown hierarchy handle was passed: 0x%08x", hierarchy);
|
|
||||||
+ return 0xffffffff;
|
|
||||||
}
|
|
||||||
#elif defined(ESYS_2_3)
|
|
||||||
return hierarchy;
|
|
||||||
#else
|
|
||||||
- UNUSED(hierarchy);
|
|
||||||
- return TSS2_ESYS_RC_BAD_VALUE;
|
|
||||||
+#error "Need to define either ESYS_3_0 or ESYS_2_3"
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1154,7 +1162,7 @@ tool_rc tpm2_hierarchycontrol(ESYS_CONTEXT *esys_context,
|
|
||||||
}
|
|
||||||
|
|
||||||
TSS2_RC rval = Esys_HierarchyControl(esys_context, auth_hierarchy->tr_handle,
|
|
||||||
- shandle, ESYS_TR_NONE, ESYS_TR_NONE, enable, state);
|
|
||||||
+ shandle, ESYS_TR_NONE, ESYS_TR_NONE, fix_esys_hierarchy(enable), state);
|
|
||||||
if (rval != TPM2_RC_SUCCESS && rval != TPM2_RC_INITIALIZE) {
|
|
||||||
LOG_PERR(Esys_HierarchyControl, rval);
|
|
||||||
return tool_rc_from_tpm(rval);
|
|
||||||
@@ -1251,7 +1259,7 @@ tool_rc tpm2_hmac_sequencecomplete(ESYS_CONTEXT *esys_context,
|
|
||||||
|
|
||||||
TPM2_RC rval = Esys_SequenceComplete(esys_context, sequence_handle,
|
|
||||||
hmac_key_obj_shandle, ESYS_TR_NONE, ESYS_TR_NONE, input_buffer,
|
|
||||||
- TPM2_RH_NULL, result, validation);
|
|
||||||
+ fix_esys_hierarchy(TPM2_RH_NULL), result, validation);
|
|
||||||
if (rval != TSS2_RC_SUCCESS) {
|
|
||||||
LOG_PERR(Esys_HMAC, rval);
|
|
||||||
return tool_rc_from_tpm(rval);
|
|
||||||
@@ -1907,7 +1915,7 @@ tool_rc tpm2_loadexternal(ESYS_CONTEXT *ectx, const TPM2B_SENSITIVE *private,
|
|
||||||
|
|
||||||
TSS2_RC rval = Esys_LoadExternal(ectx,
|
|
||||||
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
|
|
||||||
- private, public, hierarchy,
|
|
||||||
+ private, public, fix_esys_hierarchy(hierarchy),
|
|
||||||
object_handle);
|
|
||||||
if (rval != TSS2_RC_SUCCESS) {
|
|
||||||
LOG_PERR(Esys_LoadExternal, rval);
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
@ -1,211 +0,0 @@
|
|||||||
From 2e7839b905f7a493f739d36e3e550e0cee30049e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Fuchs <andreas.fuchs@sit.fraunhofer.de>
|
|
||||||
Date: Thu, 7 May 2020 19:12:36 +0200
|
|
||||||
Subject: [PATCH] Refactor fix_esys_hierarchies()
|
|
||||||
|
|
||||||
Refactor fix_esys_hierarchies() to return an actual TSS2_RC return code
|
|
||||||
and have an output parameter.
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Fuchs <andreas.fuchs@sit.fraunhofer.de>
|
|
||||||
---
|
|
||||||
lib/tpm2.c | 88 +++++++++++++++++++++++++++++----------
|
|
||||||
lib/tpm2.h | 2 +-
|
|
||||||
tools/tpm2_loadexternal.c | 9 +++-
|
|
||||||
3 files changed, 75 insertions(+), 24 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/tpm2.c b/lib/tpm2.c
|
|
||||||
index 909a4422339d..744fed8c529f 100644
|
|
||||||
--- a/lib/tpm2.c
|
|
||||||
+++ b/lib/tpm2.c
|
|
||||||
@@ -645,39 +645,51 @@ tool_rc tpm2_evictcontrol(ESYS_CONTEXT *esys_context,
|
|
||||||
}
|
|
||||||
|
|
||||||
/* This function addresses ESAPI change that changes parameter type from
|
|
||||||
- * Esys_TR to TPMI_RH_HIERARCHY and breaks backwards compatibility.
|
|
||||||
+ * Esys_TR to TPMI_RH_HIERARCHY or TPMI_RH_ENABLES and breaks backwards
|
|
||||||
+ * compatibility.
|
|
||||||
* To keep the tools parameters consistent after v4.0 release we need to
|
|
||||||
* map the values to appropriate type based on the version of the ESYS API.
|
|
||||||
* Note: the mapping is based on the ESYS version recognized at compile time.
|
|
||||||
* The TSS change can be found here:
|
|
||||||
* https://github.com/tpm2-software/tpm2-tss/pull/1531
|
|
||||||
*/
|
|
||||||
-uint32_t fix_esys_hierarchy(TPMI_RH_HIERARCHY hierarchy)
|
|
||||||
+TSS2_RC fix_esys_hierarchy(uint32_t in, uint32_t *out)
|
|
||||||
{
|
|
||||||
#if defined(ESYS_3_0)
|
|
||||||
- switch (hierarchy) {
|
|
||||||
+ switch (in) {
|
|
||||||
case ESYS_TR_RH_NULL:
|
|
||||||
+ /* FALLTHRU */
|
|
||||||
case ESYS_TR_RH_OWNER:
|
|
||||||
+ /* FALLTHRU */
|
|
||||||
case ESYS_TR_RH_ENDORSEMENT:
|
|
||||||
+ /* FALLTHRU */
|
|
||||||
case ESYS_TR_RH_PLATFORM:
|
|
||||||
+ /* FALLTHRU */
|
|
||||||
case ESYS_TR_RH_PLATFORM_NV:
|
|
||||||
- return hierarchy;
|
|
||||||
+ *out = in;
|
|
||||||
+ return TSS2_RC_SUCCESS;
|
|
||||||
case TPM2_RH_NULL:
|
|
||||||
- return ESYS_TR_RH_NULL;
|
|
||||||
+ *out = ESYS_TR_RH_NULL;
|
|
||||||
+ return TSS2_RC_SUCCESS;
|
|
||||||
case TPM2_RH_OWNER:
|
|
||||||
- return ESYS_TR_RH_OWNER;
|
|
||||||
+ *out = ESYS_TR_RH_OWNER;
|
|
||||||
+ return TSS2_RC_SUCCESS;
|
|
||||||
case TPM2_RH_ENDORSEMENT:
|
|
||||||
- return ESYS_TR_RH_ENDORSEMENT;
|
|
||||||
+ *out = ESYS_TR_RH_ENDORSEMENT;
|
|
||||||
+ return TSS2_RC_SUCCESS;
|
|
||||||
case TPM2_RH_PLATFORM:
|
|
||||||
- return ESYS_TR_RH_PLATFORM;
|
|
||||||
+ *out = ESYS_TR_RH_PLATFORM;
|
|
||||||
+ return TSS2_RC_SUCCESS;
|
|
||||||
case TPM2_RH_PLATFORM_NV:
|
|
||||||
- return ESYS_TR_RH_PLATFORM_NV;
|
|
||||||
+ *out = ESYS_TR_RH_PLATFORM_NV;
|
|
||||||
+ return TSS2_RC_SUCCESS;
|
|
||||||
default:
|
|
||||||
- LOG_ERR("An unknown hierarchy handle was passed: 0x%08x", hierarchy);
|
|
||||||
- return 0xffffffff;
|
|
||||||
+ LOG_ERR("An unknown hierarchy handle was passed: 0x%08x", in);
|
|
||||||
+ return TSS2_ESYS_RC_BAD_VALUE;
|
|
||||||
}
|
|
||||||
#elif defined(ESYS_2_3)
|
|
||||||
- return hierarchy;
|
|
||||||
+ *out = in;
|
|
||||||
+ return TSS2_RC_SUCCESS;
|
|
||||||
#else
|
|
||||||
#error "Need to define either ESYS_3_0 or ESYS_2_3"
|
|
||||||
#endif
|
|
||||||
@@ -688,8 +700,14 @@ tool_rc tpm2_hash(ESYS_CONTEXT *esys_context, ESYS_TR shandle1, ESYS_TR shandle2
|
|
||||||
TPMI_RH_HIERARCHY hierarchy, TPM2B_DIGEST **out_hash,
|
|
||||||
TPMT_TK_HASHCHECK **validation) {
|
|
||||||
|
|
||||||
- TSS2_RC rval = Esys_Hash(esys_context, shandle1, shandle2, shandle3, data,
|
|
||||||
- hash_alg, fix_esys_hierarchy(hierarchy), out_hash, validation);
|
|
||||||
+ TSS2_RC rval = fix_esys_hierarchy(hierarchy, &hierarchy);
|
|
||||||
+ if (rval != TSS2_RC_SUCCESS) {
|
|
||||||
+ LOG_ERR("Unknown hierarchy");
|
|
||||||
+ return tool_rc_from_tpm(rval);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rval = Esys_Hash(esys_context, shandle1, shandle2, shandle3, data,
|
|
||||||
+ hash_alg, hierarchy, out_hash, validation);
|
|
||||||
if (rval != TSS2_RC_SUCCESS) {
|
|
||||||
LOG_PERR(Esys_Hash, rval);
|
|
||||||
return tool_rc_from_tpm(rval);
|
|
||||||
@@ -729,9 +747,15 @@ tool_rc tpm2_sequence_complete(ESYS_CONTEXT *esys_context,
|
|
||||||
TPMI_RH_HIERARCHY hierarchy, TPM2B_DIGEST **result,
|
|
||||||
TPMT_TK_HASHCHECK **validation) {
|
|
||||||
|
|
||||||
- TSS2_RC rval = Esys_SequenceComplete(esys_context, sequence_handle,
|
|
||||||
+ TSS2_RC rval = fix_esys_hierarchy(hierarchy, &hierarchy);
|
|
||||||
+ if (rval != TSS2_RC_SUCCESS) {
|
|
||||||
+ LOG_ERR("Unknown hierarchy");
|
|
||||||
+ return tool_rc_from_tpm(rval);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rval = Esys_SequenceComplete(esys_context, sequence_handle,
|
|
||||||
ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, buffer,
|
|
||||||
- fix_esys_hierarchy(hierarchy), result, validation);
|
|
||||||
+ hierarchy, result, validation);
|
|
||||||
if (rval != TSS2_RC_SUCCESS) {
|
|
||||||
LOG_PERR(Esys_SequenceComplete, rval);
|
|
||||||
return tool_rc_from_tpm(rval);
|
|
||||||
@@ -1161,8 +1185,14 @@ tool_rc tpm2_hierarchycontrol(ESYS_CONTEXT *esys_context,
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
- TSS2_RC rval = Esys_HierarchyControl(esys_context, auth_hierarchy->tr_handle,
|
|
||||||
- shandle, ESYS_TR_NONE, ESYS_TR_NONE, fix_esys_hierarchy(enable), state);
|
|
||||||
+ TSS2_RC rval = fix_esys_hierarchy(enable, &enable);
|
|
||||||
+ if (rval != TSS2_RC_SUCCESS) {
|
|
||||||
+ LOG_ERR("Unknown hierarchy");
|
|
||||||
+ return tool_rc_from_tpm(rval);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rval = Esys_HierarchyControl(esys_context, auth_hierarchy->tr_handle,
|
|
||||||
+ shandle, ESYS_TR_NONE, ESYS_TR_NONE, enable, state);
|
|
||||||
if (rval != TPM2_RC_SUCCESS && rval != TPM2_RC_INITIALIZE) {
|
|
||||||
LOG_PERR(Esys_HierarchyControl, rval);
|
|
||||||
return tool_rc_from_tpm(rval);
|
|
||||||
@@ -1257,9 +1287,17 @@ tool_rc tpm2_hmac_sequencecomplete(ESYS_CONTEXT *esys_context,
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
- TPM2_RC rval = Esys_SequenceComplete(esys_context, sequence_handle,
|
|
||||||
+ uint32_t hierarchy;
|
|
||||||
+
|
|
||||||
+ TSS2_RC rval = fix_esys_hierarchy(TPM2_RH_NULL, &hierarchy);
|
|
||||||
+ if (rval != TSS2_RC_SUCCESS) {
|
|
||||||
+ LOG_ERR("Unknown hierarchy");
|
|
||||||
+ return tool_rc_from_tpm(rval);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rval = Esys_SequenceComplete(esys_context, sequence_handle,
|
|
||||||
hmac_key_obj_shandle, ESYS_TR_NONE, ESYS_TR_NONE, input_buffer,
|
|
||||||
- fix_esys_hierarchy(TPM2_RH_NULL), result, validation);
|
|
||||||
+ hierarchy, result, validation);
|
|
||||||
if (rval != TSS2_RC_SUCCESS) {
|
|
||||||
LOG_PERR(Esys_HMAC, rval);
|
|
||||||
return tool_rc_from_tpm(rval);
|
|
||||||
@@ -1913,9 +1951,15 @@ tool_rc tpm2_loadexternal(ESYS_CONTEXT *ectx, const TPM2B_SENSITIVE *private,
|
|
||||||
const TPM2B_PUBLIC *public, TPMI_RH_HIERARCHY hierarchy,
|
|
||||||
ESYS_TR *object_handle) {
|
|
||||||
|
|
||||||
- TSS2_RC rval = Esys_LoadExternal(ectx,
|
|
||||||
+ TSS2_RC rval = fix_esys_hierarchy(hierarchy, &hierarchy);
|
|
||||||
+ if (rval != TSS2_RC_SUCCESS) {
|
|
||||||
+ LOG_ERR("Unknown hierarchy");
|
|
||||||
+ return tool_rc_from_tpm(rval);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rval = Esys_LoadExternal(ectx,
|
|
||||||
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
|
|
||||||
- private, public, fix_esys_hierarchy(hierarchy),
|
|
||||||
+ private, public, hierarchy,
|
|
||||||
object_handle);
|
|
||||||
if (rval != TSS2_RC_SUCCESS) {
|
|
||||||
LOG_PERR(Esys_LoadExternal, rval);
|
|
||||||
diff --git a/lib/tpm2.h b/lib/tpm2.h
|
|
||||||
index a37e05606c7a..2e4ae5e7dddc 100644
|
|
||||||
--- a/lib/tpm2.h
|
|
||||||
+++ b/lib/tpm2.h
|
|
||||||
@@ -389,7 +389,7 @@ tool_rc tpm2_policy_nv_written(ESYS_CONTEXT *esys_context,
|
|
||||||
ESYS_TR policy_session, ESYS_TR shandle1, ESYS_TR shandle2,
|
|
||||||
ESYS_TR shandle3, TPMI_YES_NO written_set);
|
|
||||||
|
|
||||||
-uint32_t fix_esys_hierarchy(TPMI_RH_HIERARCHY hierarchy);
|
|
||||||
+TSS2_RC fix_esys_hierarchy(uint32_t in, uint32_t *out);
|
|
||||||
|
|
||||||
tool_rc tpm2_certifycreation(ESYS_CONTEXT *esys_context,
|
|
||||||
tpm2_loaded_object *signingkey_obj, tpm2_loaded_object *certifiedkey_obj,
|
|
||||||
diff --git a/tools/tpm2_loadexternal.c b/tools/tpm2_loadexternal.c
|
|
||||||
index 70fb72877aae..4127ca1b524b 100644
|
|
||||||
--- a/tools/tpm2_loadexternal.c
|
|
||||||
+++ b/tools/tpm2_loadexternal.c
|
|
||||||
@@ -48,9 +48,16 @@ static tpm_loadexternal_ctx ctx = {
|
|
||||||
static tool_rc load_external(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *pub,
|
|
||||||
TPM2B_SENSITIVE *priv, bool has_priv, TPM2B_NAME **name) {
|
|
||||||
|
|
||||||
+ uint32_t hierarchy;
|
|
||||||
+ TSS2_RC rval = fix_esys_hierarchy(ctx.hierarchy_value, &hierarchy);
|
|
||||||
+ if (rval != TSS2_RC_SUCCESS) {
|
|
||||||
+ LOG_ERR("Unknown hierarchy");
|
|
||||||
+ return tool_rc_from_tpm(rval);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
tool_rc rc = tpm2_loadexternal(ectx,
|
|
||||||
has_priv ? priv : NULL, pub,
|
|
||||||
- fix_esys_hierarchy(ctx.hierarchy_value), &ctx.handle);
|
|
||||||
+ hierarchy, &ctx.handle);
|
|
||||||
if (rc != tool_rc_success) {
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From 012249ad9d06d7534a94690a33638691f5104839 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Radoslav Gerganov <rgerganov@vmware.com>
|
|
||||||
Date: Wed, 26 Feb 2020 10:40:26 +0200
|
|
||||||
Subject: [PATCH] lib/files: fix an error message in files_load_##name
|
|
||||||
|
|
||||||
Signed-off-by: Radoslav Gerganov <rgerganov@vmware.com>
|
|
||||||
---
|
|
||||||
lib/files.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/files.c b/lib/files.c
|
|
||||||
index a6beea5b8ff2..ef2170b079e1 100644
|
|
||||||
--- a/lib/files.c
|
|
||||||
+++ b/lib/files.c
|
|
||||||
@@ -687,7 +687,7 @@ tool_rc files_save_ESYS_TR(ESYS_CONTEXT *ectx, ESYS_TR handle, const char *path)
|
|
||||||
size_t offset = 0; \
|
|
||||||
TSS2_RC rc = Tss2_MU_##type##_Unmarshal(buffer, size, &offset, name); \
|
|
||||||
if (rc != TSS2_RC_SUCCESS) { \
|
|
||||||
- LOG_ERR("Error serializing "str(name)" structure: 0x%x", rc); \
|
|
||||||
+ LOG_ERR("Error deserializing "str(name)" structure: 0x%x", rc); \
|
|
||||||
LOG_ERR("The input file needs to be a valid "xstr(type)" data structure"); \
|
|
||||||
return false; \
|
|
||||||
} \
|
|
||||||
--
|
|
||||||
2.31.0
|
|
||||||
|
|
@ -1,42 +0,0 @@
|
|||||||
From a20415d6f1d3fa09300ff1181646fe7e1785fd15 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Imran Desai <imran.desai@intel.com>
|
|
||||||
Date: Sun, 29 Mar 2020 10:14:28 -0700
|
|
||||||
Subject: [PATCH] lib/files.c: Fix an issue where execution could not reach
|
|
||||||
function return
|
|
||||||
|
|
||||||
Signed-off-by: Imran Desai <imran.desai@intel.com>
|
|
||||||
---
|
|
||||||
lib/files.c | 8 +++-----
|
|
||||||
1 file changed, 3 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/files.c b/lib/files.c
|
|
||||||
index ef2170b079e1..501f88d11b48 100644
|
|
||||||
--- a/lib/files.c
|
|
||||||
+++ b/lib/files.c
|
|
||||||
@@ -607,9 +607,7 @@ bool files_load_bytes_from_buffer_or_file_or_stdin(const char *input_buffer,
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
-// printf("Reading file: %s\n", path);
|
|
||||||
-// printf("size: %u\n", *size);
|
|
||||||
-
|
|
||||||
+ bool retval = true;
|
|
||||||
/* Read from stdin */
|
|
||||||
if (!input_buffer && !path) {
|
|
||||||
UINT16 read_bytes = 0;
|
|
||||||
@@ -640,10 +638,10 @@ bool files_load_bytes_from_buffer_or_file_or_stdin(const char *input_buffer,
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
} else if (path) {
|
|
||||||
- return files_load_bytes_from_path(path, buf, size);
|
|
||||||
+ retval = files_load_bytes_from_path(path, buf, size);
|
|
||||||
}
|
|
||||||
|
|
||||||
- return false;
|
|
||||||
+ return retval;
|
|
||||||
}
|
|
||||||
|
|
||||||
tool_rc files_save_ESYS_TR(ESYS_CONTEXT *ectx, ESYS_TR handle, const char *path) {
|
|
||||||
--
|
|
||||||
2.31.0
|
|
||||||
|
|
@ -1,63 +0,0 @@
|
|||||||
From 77d4592e3eec9ec2c7932586f41f925b43ecc5ba Mon Sep 17 00:00:00 2001
|
|
||||||
From: Imran Desai <imran.desai@intel.com>
|
|
||||||
Date: Sun, 29 Mar 2020 10:22:42 -0700
|
|
||||||
Subject: [PATCH] tools/tpm2_nvcertify.c: Fix incompatible pointer cast that
|
|
||||||
may cause memory leak
|
|
||||||
|
|
||||||
Pointer "&ctx.size" and "&ctx.offset" points to an object whose effective type is
|
|
||||||
"unsigned short" (16 bits, unsigned) but is dereferenced as a wider
|
|
||||||
"unsigned int" (32 bits, unsigned). This may lead to memory corruption.
|
|
||||||
|
|
||||||
Signed-off-by: Imran Desai <imran.desai@intel.com>
|
|
||||||
---
|
|
||||||
tools/tpm2_nvcertify.c | 17 +++++++++++++++--
|
|
||||||
1 file changed, 15 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tools/tpm2_nvcertify.c b/tools/tpm2_nvcertify.c
|
|
||||||
index b49f38dbff20..414cbea85574 100644
|
|
||||||
--- a/tools/tpm2_nvcertify.c
|
|
||||||
+++ b/tools/tpm2_nvcertify.c
|
|
||||||
@@ -80,6 +80,7 @@ static bool set_signature_format(char *value) {
|
|
||||||
static bool on_option(char key, char *value) {
|
|
||||||
|
|
||||||
bool result = true;
|
|
||||||
+ uint32_t input_value;
|
|
||||||
|
|
||||||
switch (key) {
|
|
||||||
case 'C':
|
|
||||||
@@ -110,18 +111,30 @@ static bool on_option(char key, char *value) {
|
|
||||||
ctx.policy_qualifier_arg = value;
|
|
||||||
break;
|
|
||||||
case 0:
|
|
||||||
- result = tpm2_util_string_to_uint32(value, (uint32_t*)&ctx.size);
|
|
||||||
+ result = tpm2_util_string_to_uint32(value, &input_value);
|
|
||||||
if (!result) {
|
|
||||||
LOG_ERR("Could not convert size to number, got: \"%s\"", value);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
+ if (input_value > UINT16_MAX) {
|
|
||||||
+ LOG_ERR("Specified size is larger than that allowed by command");
|
|
||||||
+ return false;
|
|
||||||
+ } else {
|
|
||||||
+ ctx.size = input_value;
|
|
||||||
+ }
|
|
||||||
break;
|
|
||||||
case 1:
|
|
||||||
- result = tpm2_util_string_to_uint32(value, (uint32_t*)&ctx.offset);
|
|
||||||
+ result = tpm2_util_string_to_uint32(value, &input_value);
|
|
||||||
if (!result) {
|
|
||||||
LOG_ERR("Could not convert offset to number, got: \"%s\"", value);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
+ if (input_value > UINT16_MAX) {
|
|
||||||
+ LOG_ERR("Specified offset is larger than that allowed by command");
|
|
||||||
+ return false;
|
|
||||||
+ } else {
|
|
||||||
+ ctx.offset = input_value;
|
|
||||||
+ }
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
ctx.certify_info_path = value;
|
|
||||||
--
|
|
||||||
2.31.0
|
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
From 023ec5c0eafe8dfb5b71e400cb0c2c337fb8c108 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Imran Desai <imran.desai@intel.com>
|
|
||||||
Date: Sun, 29 Mar 2020 10:49:12 -0700
|
|
||||||
Subject: [PATCH] tools/tpm2_nvreadpublic: Fix resource leak
|
|
||||||
|
|
||||||
Signed-off-by: Imran Desai <imran.desai@intel.com>
|
|
||||||
---
|
|
||||||
tools/tpm2_nvreadpublic.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/tools/tpm2_nvreadpublic.c b/tools/tpm2_nvreadpublic.c
|
|
||||||
index 7f8e46cbf863..eca1fd715a79 100644
|
|
||||||
--- a/tools/tpm2_nvreadpublic.c
|
|
||||||
+++ b/tools/tpm2_nvreadpublic.c
|
|
||||||
@@ -41,6 +41,7 @@ static tool_rc print_nv_public(ESYS_CONTEXT *context, TPMI_RH_NV_INDEX index, TP
|
|
||||||
rc = tpm2_tr_get_name(context, tr_handle,
|
|
||||||
&name);
|
|
||||||
if (rc != tool_rc_success) {
|
|
||||||
+ free(attrs);
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.31.0
|
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
From c28932caef2036039901a91cf55eb7ff093c70f5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Imran Desai <imran.desai@intel.com>
|
|
||||||
Date: Fri, 24 Jan 2020 15:53:39 -0700
|
|
||||||
Subject: [PATCH] tpm2_alg_util.c: fix a bug where the string rsa3072 wasnt
|
|
||||||
being parsed
|
|
||||||
|
|
||||||
Signed-off-by: Imran Desai <imran.desai@intel.com>
|
|
||||||
---
|
|
||||||
lib/tpm2_alg_util.c | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/lib/tpm2_alg_util.c b/lib/tpm2_alg_util.c
|
|
||||||
index b83c387a05bd..fcad480e0c3d 100644
|
|
||||||
--- a/lib/tpm2_alg_util.c
|
|
||||||
+++ b/lib/tpm2_alg_util.c
|
|
||||||
@@ -301,6 +301,9 @@ static alg_parser_rc handle_rsa(const char *ext, TPM2B_PUBLIC *public) {
|
|
||||||
} else if (!strncmp(ext, "4096", 4)) {
|
|
||||||
r->keyBits = 4096;
|
|
||||||
ext += 4;
|
|
||||||
+ } else if (!strncmp(ext, "3072", 4)) {
|
|
||||||
+ r->keyBits = 3072;
|
|
||||||
+ ext += 4;
|
|
||||||
} else {
|
|
||||||
r->keyBits = 2048;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
@ -1,186 +0,0 @@
|
|||||||
From 696a17861c38b38fb2acf888119d918eb9c12329 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Imran Desai <imran.desai@intel.com>
|
|
||||||
Date: Thu, 21 May 2020 11:31:43 -0700
|
|
||||||
Subject: [PATCH] tpm2_create.c: Fix an issue where userwithauth attr cleared
|
|
||||||
if policy specified
|
|
||||||
|
|
||||||
Fixes #2037
|
|
||||||
|
|
||||||
Signed-off-by: Imran Desai <imran.desai@intel.com>
|
|
||||||
---
|
|
||||||
man/tpm2_create.1.md | 9 +++-
|
|
||||||
test/integration/tests/import_tpm.sh | 78 +++++++++++++++++-----------
|
|
||||||
tools/tpm2_create.c | 10 ++--
|
|
||||||
3 files changed, 60 insertions(+), 37 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/man/tpm2_create.1.md b/man/tpm2_create.1.md
|
|
||||||
index e8e5eaac49c3..9a7ba33e6017 100644
|
|
||||||
--- a/man/tpm2_create.1.md
|
|
||||||
+++ b/man/tpm2_create.1.md
|
|
||||||
@@ -13,7 +13,7 @@
|
|
||||||
**tpm2_create**(1) - Create a child object. The object can either be a key or
|
|
||||||
a sealing object. A sealing object allows to seal user data to the TPM, with a
|
|
||||||
maximum size of 256 bytes. Additionally it will load the created object if the
|
|
||||||
-**-o** is specified.
|
|
||||||
+**-c** is specified.
|
|
||||||
|
|
||||||
# OPTIONS
|
|
||||||
|
|
||||||
@@ -55,6 +55,13 @@ These options for creating the TPM entity:
|
|
||||||
and unsealing. I.e. one cannot use an object for sealing and cryptography
|
|
||||||
operations.
|
|
||||||
|
|
||||||
+ When **-L** is specified for adding policy based authorization information
|
|
||||||
+ AND no string password is specified, the attribute `TPMA_OBJECT_USERWITHAUTH`
|
|
||||||
+ is cleared unless an explicit choice is made by setting of the attribute
|
|
||||||
+ with **-a** option. This prevents creation of objects with inadvertant auth
|
|
||||||
+ model where in user intended to enforce a policy but inadvertantly created
|
|
||||||
+ an object with empty auth which can be used instead of policy authorization.
|
|
||||||
+
|
|
||||||
* **-i**, **\--sealing-input**=_FILE_ or _STDIN_:
|
|
||||||
|
|
||||||
The data file to be sealed, optional. If file is -, read from stdin.
|
|
||||||
diff --git a/test/integration/tests/import_tpm.sh b/test/integration/tests/import_tpm.sh
|
|
||||||
index ff48185aba70..3d1e10820844 100755
|
|
||||||
--- a/test/integration/tests/import_tpm.sh
|
|
||||||
+++ b/test/integration/tests/import_tpm.sh
|
|
||||||
@@ -54,8 +54,13 @@ load_new_parent() {
|
|
||||||
create_load_duplicatee() {
|
|
||||||
# Create the key we want to duplicate
|
|
||||||
create_policy dpolicy.dat TPM2_CC_Duplicate
|
|
||||||
- tpm2_create -Q -C primary.ctx -g sha256 -G $1 -p foo -r key.prv -u key.pub \
|
|
||||||
- -L dpolicy.dat -a "sensitivedataorigin|decrypt|userwithauth"
|
|
||||||
+ if [ -z "$2" ];then
|
|
||||||
+ tpm2_create -Q -C primary.ctx -g sha256 -G $1 -r key.prv \
|
|
||||||
+ -u key.pub -L dpolicy.dat -a "sensitivedataorigin|decrypt|userwithauth"
|
|
||||||
+ else
|
|
||||||
+ tpm2_create -Q -C primary.ctx -g sha256 -G $1 -p "$2" -r key.prv \
|
|
||||||
+ -u key.pub -L dpolicy.dat -a "sensitivedataorigin|decrypt|userwithauth"
|
|
||||||
+ fi
|
|
||||||
# Load the key
|
|
||||||
tpm2_load -Q -C primary.ctx -r key.prv -u key.pub -c key.ctx
|
|
||||||
# Extract the public part for import later
|
|
||||||
@@ -113,34 +118,45 @@ for dup_key_type in aes rsa ecc; do
|
|
||||||
done
|
|
||||||
done
|
|
||||||
|
|
||||||
-# Part 2 :
|
|
||||||
-# Create a rsa key (Kd)
|
|
||||||
-# Encrypt a message using Kd
|
|
||||||
-# Duplicate Kd
|
|
||||||
-# Import & Load Kd
|
|
||||||
-# Decrypt the message and verify
|
|
||||||
-tpm2_createprimary -Q -C o -g sha256 -G rsa -c primary.ctx
|
|
||||||
-# New parent ...
|
|
||||||
-create_load_new_parent
|
|
||||||
-# Key to be duplicated
|
|
||||||
-create_load_duplicatee rsa
|
|
||||||
-# Encrypt a secret message
|
|
||||||
-echo "Mary had a little lamb ..." > plain.txt
|
|
||||||
-tpm2_rsaencrypt -Q -c key.ctx -o cipher.txt plain.txt
|
|
||||||
-# Duplicate the key
|
|
||||||
-do_duplication null
|
|
||||||
-# Remove, we're done with it
|
|
||||||
-rm new_parent.ctx
|
|
||||||
-# Load the full thing this time
|
|
||||||
-load_new_parent
|
|
||||||
-# Import & load the duplicate
|
|
||||||
-do_import_load null
|
|
||||||
-# Decrypt the secret message using duplicated key
|
|
||||||
-tpm2_rsadecrypt -Q -p foo -c dup.ctx -o recovered.txt cipher.txt
|
|
||||||
-# Check we got it right ...
|
|
||||||
-diff recovered.txt plain.txt
|
|
||||||
-# Cleanup
|
|
||||||
-rm plain.txt recovered.txt cipher.txt
|
|
||||||
-cleanup "no-shut-down"
|
|
||||||
+test_key_usage() {
|
|
||||||
+ # Part 2 :
|
|
||||||
+ # Create a rsa key (Kd)
|
|
||||||
+ # Encrypt a message using Kd
|
|
||||||
+ # Duplicate Kd
|
|
||||||
+ # Import & Load Kd
|
|
||||||
+ # Decrypt the message and verify
|
|
||||||
+ tpm2_createprimary -Q -C o -g sha256 -G rsa -c primary.ctx
|
|
||||||
+ # New parent ...
|
|
||||||
+ create_load_new_parent
|
|
||||||
+ # Key to be duplicated
|
|
||||||
+ create_load_duplicatee rsa "$1"
|
|
||||||
+ # Encrypt a secret message
|
|
||||||
+ echo "Mary had a little lamb ..." > plain.txt
|
|
||||||
+ tpm2_rsaencrypt -Q -c key.ctx -o cipher.txt plain.txt
|
|
||||||
+ # Duplicate the key
|
|
||||||
+ do_duplication null
|
|
||||||
+ # Remove, we're done with it
|
|
||||||
+ rm new_parent.ctx
|
|
||||||
+ # Load the full thing this time
|
|
||||||
+ load_new_parent
|
|
||||||
+ # Import & load the duplicate
|
|
||||||
+ do_import_load null
|
|
||||||
+ # Decrypt the secret message using duplicated key
|
|
||||||
+ if [ -z "$1" ];then
|
|
||||||
+ tpm2_rsadecrypt -Q -c dup.ctx -o recovered.txt cipher.txt
|
|
||||||
+ else
|
|
||||||
+ tpm2_rsadecrypt -Q -p "$1" -c dup.ctx -o recovered.txt cipher.txt
|
|
||||||
+ fi
|
|
||||||
+ # Check we got it right ...
|
|
||||||
+ diff recovered.txt plain.txt
|
|
||||||
+ # Cleanup
|
|
||||||
+ rm plain.txt recovered.txt cipher.txt
|
|
||||||
+ cleanup "no-shut-down"
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#Test key with password
|
|
||||||
+test_key_usage foo
|
|
||||||
+#Test key without password
|
|
||||||
+test_key_usage
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
diff --git a/tools/tpm2_create.c b/tools/tpm2_create.c
|
|
||||||
index 941b77655f55..8e92cc747e17 100644
|
|
||||||
--- a/tools/tpm2_create.c
|
|
||||||
+++ b/tools/tpm2_create.c
|
|
||||||
@@ -47,7 +47,7 @@ struct tpm_create_ctx {
|
|
||||||
TPML_PCR_SELECTION creation_pcr;
|
|
||||||
|
|
||||||
struct {
|
|
||||||
- UINT8 b :1;
|
|
||||||
+ UINT8 a :1;
|
|
||||||
UINT8 i :1;
|
|
||||||
UINT8 L :1;
|
|
||||||
UINT8 u :1;
|
|
||||||
@@ -224,7 +224,7 @@ static bool on_option(char key, char *value) {
|
|
||||||
break;
|
|
||||||
case 'a':
|
|
||||||
ctx.object.attrs = value;
|
|
||||||
- ctx.flags.b = 1;
|
|
||||||
+ ctx.flags.a = 1;
|
|
||||||
break;
|
|
||||||
case 'i':
|
|
||||||
ctx.object.sealed_data = strcmp("-", value) ? value : NULL;
|
|
||||||
@@ -346,12 +346,12 @@ tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) {
|
|
||||||
|
|
||||||
ctx.object.alg = "keyedhash";
|
|
||||||
|
|
||||||
- if (!ctx.flags.b) {
|
|
||||||
+ if (!ctx.flags.a) {
|
|
||||||
attrs &= ~TPMA_OBJECT_SIGN_ENCRYPT;
|
|
||||||
attrs &= ~TPMA_OBJECT_DECRYPT;
|
|
||||||
attrs &= ~TPMA_OBJECT_SENSITIVEDATAORIGIN;
|
|
||||||
}
|
|
||||||
- } else if (!ctx.flags.b && !strncmp("hmac", ctx.object.alg, 4)) {
|
|
||||||
+ } else if (!ctx.flags.a && !strncmp("hmac", ctx.object.alg, 4)) {
|
|
||||||
attrs &= ~TPMA_OBJECT_DECRYPT;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -362,7 +362,7 @@ tool_rc tpm2_tool_onrun(ESYS_CONTEXT *ectx, tpm2_option_flags flags) {
|
|
||||||
return tool_rc_general_error;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (ctx.flags.L && !ctx.object.auth_str) {
|
|
||||||
+ if (!ctx.flags.a && ctx.flags.L && !ctx.object.auth_str) {
|
|
||||||
ctx.object.public.publicArea.objectAttributes &=
|
|
||||||
~TPMA_OBJECT_USERWITHAUTH;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
@ -1,49 +0,0 @@
|
|||||||
From 8c72f7402d8977807f531b08976760d62676cf8a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Imran Desai <imran.desai@intel.com>
|
|
||||||
Date: Thu, 23 Jan 2020 11:21:58 -0700
|
|
||||||
Subject: [PATCH] tpm2_getekcertificate: add default web address
|
|
||||||
|
|
||||||
Currently only Intel (R) PTT certificates are hosted online.
|
|
||||||
A default web address pointing to the endorsement key certificate
|
|
||||||
hosting will help reduce user input.
|
|
||||||
|
|
||||||
Signed-off-by: Imran Desai <imran.desai@intel.com>
|
|
||||||
---
|
|
||||||
test/integration/tests/getekcertificate.sh | 6 ++----
|
|
||||||
tools/tpm2_getekcertificate.c | 1 +
|
|
||||||
2 files changed, 3 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/test/integration/tests/getekcertificate.sh b/test/integration/tests/getekcertificate.sh
|
|
||||||
index 33f4f8b2e4c0..e8c521756d2a 100755
|
|
||||||
--- a/test/integration/tests/getekcertificate.sh
|
|
||||||
+++ b/test/integration/tests/getekcertificate.sh
|
|
||||||
@@ -38,12 +38,10 @@ else
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
-tpm2_getekcertificate -u test_ek.pub -x -X -o ECcert.bin \
|
|
||||||
-https://ekop.intel.com/ekcertservice/
|
|
||||||
+tpm2_getekcertificate -u test_ek.pub -x -X -o ECcert.bin
|
|
||||||
|
|
||||||
# Test that stdoutput is the same
|
|
||||||
-tpm2_getekcertificate -u test_ek.pub -x https://ekop.intel.com/ekcertservice/ \
|
|
||||||
--X > ECcert2.bin
|
|
||||||
+tpm2_getekcertificate -u test_ek.pub -x -X > ECcert2.bin
|
|
||||||
|
|
||||||
# stdout file should match -E file.
|
|
||||||
cmp ECcert.bin ECcert2.bin
|
|
||||||
diff --git a/tools/tpm2_getekcertificate.c b/tools/tpm2_getekcertificate.c
|
|
||||||
index 233d04d8b3d7..6a8fe894bb1c 100644
|
|
||||||
--- a/tools/tpm2_getekcertificate.c
|
|
||||||
+++ b/tools/tpm2_getekcertificate.c
|
|
||||||
@@ -32,6 +32,7 @@ struct tpm_getekcertificate_ctx {
|
|
||||||
|
|
||||||
static tpm_getekcertificate_ctx ctx = {
|
|
||||||
.is_tpm2_device_active = true,
|
|
||||||
+ .ek_server_addr = "https://ekop.intel.com/ekcertservice/",
|
|
||||||
};
|
|
||||||
|
|
||||||
static unsigned char *hash_ek_public(void) {
|
|
||||||
--
|
|
||||||
2.31.0
|
|
||||||
|
|
@ -1,37 +0,0 @@
|
|||||||
From 334b4c739fa575fb4ea58f92df6de87c38e59e15 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Imran Desai <imran.desai@intel.com>
|
|
||||||
Date: Thu, 23 Jan 2020 08:06:56 -0700
|
|
||||||
Subject: [PATCH] tpm2_hierarchycontrol: Fixed bug where hierarchycontrol
|
|
||||||
operation failed silently
|
|
||||||
|
|
||||||
Fixes #1841
|
|
||||||
|
|
||||||
Signed-off-by: Imran Desai <imran.desai@intel.com>
|
|
||||||
---
|
|
||||||
tools/tpm2_hierarchycontrol.c | 10 ++++++++--
|
|
||||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tools/tpm2_hierarchycontrol.c b/tools/tpm2_hierarchycontrol.c
|
|
||||||
index 0baf2ca487d3..7e9e2c657544 100644
|
|
||||||
--- a/tools/tpm2_hierarchycontrol.c
|
|
||||||
+++ b/tools/tpm2_hierarchycontrol.c
|
|
||||||
@@ -32,8 +32,14 @@ static tool_rc hierarchycontrol(ESYS_CONTEXT *ectx) {
|
|
||||||
ctx.enable == TPM2_RH_ENDORSEMENT ? "ehEnable" : "phEnableNV",
|
|
||||||
ctx.state ? "SET" : "CLEAR");
|
|
||||||
|
|
||||||
- return tpm2_hierarchycontrol(ectx, &ctx.auth_hierarchy.object, ctx.enable,
|
|
||||||
- ctx.state);
|
|
||||||
+ tool_rc rc = tpm2_hierarchycontrol(ectx, &ctx.auth_hierarchy.object,
|
|
||||||
+ ctx.enable, ctx.state);
|
|
||||||
+
|
|
||||||
+ if (rc != tool_rc_success) {
|
|
||||||
+ LOG_ERR("Failed hierarchycontrol operation.");
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
bool on_arg(int argc, char **argv) {
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
@ -1,46 +0,0 @@
|
|||||||
From c069e4f179d5e6653a84fb236816c375dca82515 Mon Sep 17 00:00:00 2001
|
|
||||||
From: William Roberts <william.c.roberts@intel.com>
|
|
||||||
Date: Fri, 21 May 2021 12:22:31 -0500
|
|
||||||
Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
|
|
||||||
|
|
||||||
tpm2_import used a fixed AES key for the inner wrapper, which means that
|
|
||||||
a MITM attack would be able to unwrap the imported key. Even the
|
|
||||||
use of an encrypted session will not prevent this. The TPM only
|
|
||||||
encrypts the first parameter which is the fixed symmetric key.
|
|
||||||
|
|
||||||
To fix this, ensure the key size is 16 bytes or bigger and use
|
|
||||||
OpenSSL to generate a secure random AES key.
|
|
||||||
|
|
||||||
Fixes: #2738
|
|
||||||
|
|
||||||
Signed-off-by: William Roberts <william.c.roberts@intel.com>
|
|
||||||
---
|
|
||||||
tools/tpm2_import.c | 12 +++++++++++-
|
|
||||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
|
|
||||||
index cfb6f207ba9c..f44326c87e7e 100644
|
|
||||||
--- a/tools/tpm2_import.c
|
|
||||||
+++ b/tools/tpm2_import.c
|
|
||||||
@@ -118,7 +118,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
|
|
||||||
TPM2B_DATA enc_sensitive_key = {
|
|
||||||
.size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
|
|
||||||
};
|
|
||||||
- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
|
|
||||||
+
|
|
||||||
+ if(enc_sensitive_key.size < 16) {
|
|
||||||
+ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
|
|
||||||
+ return tool_rc_general_error;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
|
|
||||||
+ if (ossl_rc != 1) {
|
|
||||||
+ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
|
|
||||||
+ return tool_rc_general_error;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Calculate the object name.
|
|
||||||
--
|
|
||||||
2.31.0
|
|
||||||
|
|
@ -1,31 +0,0 @@
|
|||||||
From 652322f7278ec8c384fde9ec2204b06d084a24e4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Imran Desai <imran.desai@intel.com>
|
|
||||||
Date: Thu, 23 Jan 2020 07:54:58 -0700
|
|
||||||
Subject: [PATCH] tpm2_nvdefine.c: Fixed error reporting message
|
|
||||||
|
|
||||||
Fixes #1861
|
|
||||||
|
|
||||||
NV define failure error message had the wording to suggest NV index
|
|
||||||
was successfully defined.
|
|
||||||
|
|
||||||
Signed-off-by: Imran Desai <imran.desai@intel.com>
|
|
||||||
---
|
|
||||||
tools/tpm2_nvdefine.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/tools/tpm2_nvdefine.c b/tools/tpm2_nvdefine.c
|
|
||||||
index cb2949c4dddc..71203cb6c80d 100644
|
|
||||||
--- a/tools/tpm2_nvdefine.c
|
|
||||||
+++ b/tools/tpm2_nvdefine.c
|
|
||||||
@@ -65,7 +65,7 @@ static tool_rc nv_space_define(ESYS_CONTEXT *ectx) {
|
|
||||||
tool_rc rc = tpm2_nv_definespace(ectx, &ctx.auth_hierarchy.object,
|
|
||||||
&ctx.nv_auth, &public_info);
|
|
||||||
if (rc != tool_rc_success) {
|
|
||||||
- LOG_INFO("Success to define NV area at index 0x%x.", ctx.nv_index);
|
|
||||||
+ LOG_ERR("Failed to create NV index 0x%x.", ctx.nv_index);
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
From e556da0a2099573f82391c16477fba08584a7a12 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Imran Desai <imran.desai@intel.com>
|
|
||||||
Date: Tue, 10 Mar 2020 09:15:55 -0700
|
|
||||||
Subject: [PATCH] tpm2_policy.c: restrict policy digest size
|
|
||||||
|
|
||||||
Fixes #1916
|
|
||||||
|
|
||||||
Signed-off-by: Imran Desai <imran.desai@intel.com>
|
|
||||||
---
|
|
||||||
lib/tpm2_policy.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/tpm2_policy.c b/lib/tpm2_policy.c
|
|
||||||
index 6c352b2b41ae..01387ba01645 100644
|
|
||||||
--- a/lib/tpm2_policy.c
|
|
||||||
+++ b/lib/tpm2_policy.c
|
|
||||||
@@ -163,7 +163,7 @@ tool_rc tpm2_policy_build_policyauthorize(ESYS_CONTEXT *ectx,
|
|
||||||
bool result = true;
|
|
||||||
TPM2B_DIGEST approved_policy = { .size = 0 };
|
|
||||||
if (policy_digest_path) {
|
|
||||||
- approved_policy.size = UINT16_MAX;
|
|
||||||
+ approved_policy.size = sizeof(TPMU_HA);
|
|
||||||
result = files_load_bytes_from_path(policy_digest_path,
|
|
||||||
approved_policy.buffer, &approved_policy.size);
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.31.0
|
|
||||||
|
|
@ -1,30 +0,0 @@
|
|||||||
From cab7b3edcc6a44aece0642c0c2621a4bb70d449b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Imran Desai <imran.desai@intel.com>
|
|
||||||
Date: Tue, 10 Mar 2020 18:19:04 -0700
|
|
||||||
Subject: [PATCH] tpm2_policycountertimer: Fix an issue where operandB array
|
|
||||||
was reversed
|
|
||||||
|
|
||||||
Signed-off-by: Imran Desai <imran.desai@intel.com>
|
|
||||||
---
|
|
||||||
tools/tpm2_policycountertimer.c | 5 ++++-
|
|
||||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/tools/tpm2_policycountertimer.c b/tools/tpm2_policycountertimer.c
|
|
||||||
index 1c72d525dab7..170a544f2203 100644
|
|
||||||
--- a/tools/tpm2_policycountertimer.c
|
|
||||||
+++ b/tools/tpm2_policycountertimer.c
|
|
||||||
@@ -81,7 +81,10 @@ static bool convert_keyvalue_to_operand_buffer(const char *value,
|
|
||||||
}
|
|
||||||
|
|
||||||
ctx.operand_b.size = size;
|
|
||||||
- memcpy(ctx.operand_b.buffer, &data.b, size);
|
|
||||||
+ size_t i = 0;
|
|
||||||
+ for (i = 0; i < size; i++) {
|
|
||||||
+ ctx.operand_b.buffer[i] = *(&data.b + size - i - 1);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.31.0
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
From 44d0d2d17dc693e029e0557ec985c9b68c3efeb5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Imran Desai <imran.desai@intel.com>
|
|
||||||
Date: Wed, 22 Jan 2020 14:15:48 -0700
|
|
||||||
Subject: [PATCH] tpm2_policyor: Silent failure bug fix for invalid/unspecified
|
|
||||||
policy digest alg
|
|
||||||
|
|
||||||
Signed-off-by: Imran Desai <imran.desai@intel.com>
|
|
||||||
---
|
|
||||||
lib/tpm2_policy.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/lib/tpm2_policy.c b/lib/tpm2_policy.c
|
|
||||||
index 3d9b5491f9ce..8460bd1d9ae9 100644
|
|
||||||
--- a/lib/tpm2_policy.c
|
|
||||||
+++ b/lib/tpm2_policy.c
|
|
||||||
@@ -588,6 +588,7 @@ bool tpm2_policy_parse_policy_list(char *str, TPML_DIGEST *policy_list) {
|
|
||||||
hash = tpm2_alg_util_from_optarg(subtoken,
|
|
||||||
tpm2_alg_util_flags_hash);
|
|
||||||
if (hash == TPM2_ALG_ERROR) {
|
|
||||||
+ LOG_ERR("Invalid/ Unspecified policy digest algorithm.");
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.27.0
|
|
||||||
|
|
@ -1,227 +0,0 @@
|
|||||||
Name: tpm2-tools
|
|
||||||
Version: 4.1.1
|
|
||||||
Release: 5%{?dist}
|
|
||||||
Summary: A TPM2.0 testing tool build upon TPM2.0-TSS
|
|
||||||
|
|
||||||
License: BSD
|
|
||||||
URL: https://github.com/tpm2-software/tpm2-tools
|
|
||||||
Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/%{name}-%{version}.tar.gz
|
|
||||||
Patch0: 0001-tpm2_hierarchycontrol-Fixed-bug-where-hierarchycontr.patch
|
|
||||||
Patch1: 0001-tpm2_nvdefine.c-Fixed-error-reporting-message.patch
|
|
||||||
Patch2: 0001-tpm2_policyor-Silent-failure-bug-fix-for-invalid-uns.patch
|
|
||||||
Patch3: 0001-tpm2_alg_util.c-fix-a-bug-where-the-string-rsa3072-w.patch
|
|
||||||
Patch4: 0001-Fix-ESYS_TR-hierarchy-transition.patch
|
|
||||||
Patch5: 0001-Refactor-fix_esys_hierarchies.patch
|
|
||||||
Patch6: 0001-tpm2_create.c-Fix-an-issue-where-userwithauth-attr-c.patch
|
|
||||||
Patch7: 0001-tpm2_getekcertificate-add-default-web-address.patch
|
|
||||||
Patch8: 0001-lib-files-fix-an-error-message-in-files_load_-name.patch
|
|
||||||
Patch9: 0001-tpm2_policy.c-restrict-policy-digest-size.patch
|
|
||||||
Patch10: 0001-tpm2_policycountertimer-Fix-an-issue-where-operandB-.patch
|
|
||||||
Patch11: 0001-tools-tpm2_nvcertify.c-Fix-incompatible-pointer-cast.patch
|
|
||||||
Patch12: 0001-tools-tpm2_nvreadpublic-Fix-resource-leak.patch
|
|
||||||
Patch13: 0001-lib-files.c-Fix-an-issue-where-execution-could-not-r.patch
|
|
||||||
Patch14: 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
|
|
||||||
|
|
||||||
BuildRequires: gcc-c++
|
|
||||||
BuildRequires: libtool
|
|
||||||
BuildRequires: autoconf-archive
|
|
||||||
BuildRequires: pandoc
|
|
||||||
BuildRequires: pkgconfig(cmocka)
|
|
||||||
BuildRequires: pkgconfig(libcurl)
|
|
||||||
BuildRequires: pkgconfig(openssl)
|
|
||||||
# tpm2-tss-devel provides tss2-mu/sys/esys package config
|
|
||||||
BuildRequires: pkgconfig(tss2-mu)
|
|
||||||
BuildRequires: pkgconfig(tss2-sys)
|
|
||||||
BuildRequires: pkgconfig(tss2-esys)
|
|
||||||
|
|
||||||
# tpm2-tools is heavily depending on TPM2.0-TSS project, matched tss is required
|
|
||||||
Requires: tpm2-tss%{?_isa} >= 2.3.2-1%{?dist}
|
|
||||||
|
|
||||||
# tpm2-tools project changed the install path for binaries and man page section
|
|
||||||
Obsoletes: tpm2-tools <= 2.1.1-2
|
|
||||||
|
|
||||||
%description
|
|
||||||
tpm2-tools is a batch of testing tools for tpm2.0. It is based on tpm2-tss.
|
|
||||||
|
|
||||||
%prep
|
|
||||||
%autosetup -p1 -n %{name}-%{version}
|
|
||||||
|
|
||||||
%build
|
|
||||||
%configure --prefix=/usr --disable-static --disable-silent-rules
|
|
||||||
%make_build
|
|
||||||
|
|
||||||
%install
|
|
||||||
%make_install
|
|
||||||
|
|
||||||
%files
|
|
||||||
%doc README.md CHANGELOG.md
|
|
||||||
%license LICENSE
|
|
||||||
%{_bindir}/tpm2_*
|
|
||||||
%{_datadir}/bash-completion/completions/tpm2*
|
|
||||||
%{_mandir}/man1/tpm2_*.1.gz
|
|
||||||
|
|
||||||
%changelog
|
|
||||||
* Mon Aug 09 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 4.1.1-5
|
|
||||||
- Bump nvr to trigger osci.
|
|
||||||
resolves: rhbz#1965981
|
|
||||||
|
|
||||||
* Tue Jun 01 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 4.1.1-4
|
|
||||||
- Fix CVE-2021-3565
|
|
||||||
resolves: rhbz#1965981
|
|
||||||
|
|
||||||
* Fri May 14 2021 Jerry Snitselaar <jsnitsel@redhat.com> - 4.1.1-3
|
|
||||||
- Fix resource leak.
|
|
||||||
- Fix to restrict policy digest size.
|
|
||||||
- Fix incompatible pointer cast.
|
|
||||||
- Fix error message in files_load_##name
|
|
||||||
- Fix issue where execution couldn't reach function return.
|
|
||||||
resolves: rhbz#1920821
|
|
||||||
|
|
||||||
* Mon Nov 16 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 4.1.1-2
|
|
||||||
- Fix ESYS_TR hierarchy transition.
|
|
||||||
- Refactor fix_esys_hierarchies to return actual TSS2_RC return code.
|
|
||||||
- tpm2_alg_util.c: fix a bug where the string rsa3072 wasn't being parsed.
|
|
||||||
- tpm2_create.c: Fix an issue where userwithauth attr cleared if policy specified.
|
|
||||||
- tpm2_hierarchycontrol: Fix bug where hierarchycontrol operation failed silently.
|
|
||||||
- tpm2_nvdefine.c: Fix error reporting message.
|
|
||||||
- tpm2_policyor: Fix silent failure for invalid/unspecified policy digest alg.
|
|
||||||
resolves: rhbz#1854774
|
|
||||||
|
|
||||||
* Wed Apr 29 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 4.1.1-1
|
|
||||||
- Update to 4.1.1 release
|
|
||||||
resolves: rhbz#1789682
|
|
||||||
|
|
||||||
* Tue Oct 22 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 3.2.1-1
|
|
||||||
- Update to 3.2.1 release
|
|
||||||
resolves: rhbz#1725714
|
|
||||||
|
|
||||||
* Tue May 28 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 3.1.4-5
|
|
||||||
- Another dependency needed for CI gating
|
|
||||||
resolves: rhbz#1682417
|
|
||||||
|
|
||||||
* Tue May 28 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 3.1.4-4
|
|
||||||
- Fix CI dependency
|
|
||||||
resolves: rhbz#1682417
|
|
||||||
|
|
||||||
* Tue May 28 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 3.1.4-3
|
|
||||||
- Add CI gating test
|
|
||||||
resolves: rhbz#1682417
|
|
||||||
|
|
||||||
* Tue May 14 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 3.1.4-2
|
|
||||||
- Add initial CI gating support
|
|
||||||
resolves: rhbz#1682417
|
|
||||||
|
|
||||||
* Tue Apr 30 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 3.1.4-1
|
|
||||||
- Rebase to 3.1.4 release.
|
|
||||||
resolves: rhbz#1664498
|
|
||||||
|
|
||||||
* Thu Nov 08 2018 Jerry Snitselaar <jsnitsel@redhat.com> - 3.1.1-4
|
|
||||||
- lib/tpm2_options: restore TCTI configuration environment variables
|
|
||||||
- tpm2_getcap: restore tool output to print properties with TPM_PT prefix
|
|
||||||
resolves: rhbz#1648001
|
|
||||||
|
|
||||||
* Sat Jul 14 2018 Javier Martinez Canillas <javierm@redhat.com> - - 3.1.1-3
|
|
||||||
- Revert backward incompatible change that removes default object attributes
|
|
||||||
|
|
||||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.1-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
||||||
|
|
||||||
* Thu Jul 12 2018 Yunying Sun <yunying.sun@intel.com> - 3.1.1-1
|
|
||||||
- Update to 3.1.1 release
|
|
||||||
|
|
||||||
* Thu Jul 5 2018 Yunying Sun <yunying.sun@intel.com> - 3.1.0-1
|
|
||||||
- Update Requires version of tpm2-tss to 2.0.0
|
|
||||||
- Remove BuildRequires for tcti-abrmd since it is optional
|
|
||||||
- Remove BuildRequires for tcti-{device,mssim} as it is now dynamically loaded
|
|
||||||
- Update to 3.1.0 release
|
|
||||||
|
|
||||||
* Mon Apr 30 2018 Javier Martinez Canillas <javierm@redhat.com> - 3.0.4-1
|
|
||||||
- Update URLs to point to the new project location
|
|
||||||
- Update to 3.0.4 release
|
|
||||||
|
|
||||||
* Wed Feb 21 2018 Javier Martinez Canillas <javierm@redhat.com> - 3.0.3-3
|
|
||||||
- Remove ExclusiveArch: x86_64 directive
|
|
||||||
|
|
||||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.3-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jan 16 2018 Javier Martinez Canillas <javierm@redhat.com> - 3.0.3-1
|
|
||||||
- Update to 3.0.3 release
|
|
||||||
|
|
||||||
* Mon Dec 18 2017 Javier Martinez Canillas <javierm@redhat.com> - 3.0.2-1
|
|
||||||
- Update to 3.0.2 release
|
|
||||||
|
|
||||||
* Tue Dec 12 2017 Javier Martinez Canillas <javierm@redhat.com> - 3.0.1-1
|
|
||||||
- Update to 3.0.1 release (RHBZ#1512743)
|
|
||||||
- Download the generated tarball provided instead of the source code tarball
|
|
||||||
|
|
||||||
* Fri Dec 08 2017 Javier Martinez Canillas <javierm@redhat.com> - 3.0-1
|
|
||||||
- Update to 3.0 release
|
|
||||||
|
|
||||||
* Wed Nov 29 2017 Javier Martinez Canillas <javierm@redhat.com> - 3.0-0.1.rc1
|
|
||||||
- Update to 3.0 release candidate 1
|
|
||||||
- Update URLs to point to the new project location
|
|
||||||
- Make the package to obsolete version 2.1.1
|
|
||||||
|
|
||||||
* Wed Nov 01 2017 Javier Martinez Canillas <javierm@redhat.com> - 2.1.1-1
|
|
||||||
- Rename remaining tpm2.0-tools prefixes to tpm2-tools
|
|
||||||
- Remove global pkg_prefix since now the upstream repo and package names match
|
|
||||||
- Remove downstream patches since now these are in the latest upstream release
|
|
||||||
- Update to 2.1.1 release (RHBZ#1504438)
|
|
||||||
|
|
||||||
* Thu Oct 19 2017 Jerry Snitselaar <jsnitsel@redhat.com> - 2.1.0-7
|
|
||||||
- Clean up potential memleak (RHBZ#1503959)
|
|
||||||
|
|
||||||
* Thu Oct 05 2017 Javier Martinez Canillas <javierm@redhat.com> - 2.1.0-6
|
|
||||||
- Add tpm2-abrmd-devel BuildRequires so tools have abrmd support (RHBZ#1498909)
|
|
||||||
|
|
||||||
* Fri Aug 18 2017 Javier Martinez Canillas <javierm@redhat.com> - 2.1.0-5
|
|
||||||
- Remove unneeded source tarballs (RHBZ#1482830)
|
|
||||||
|
|
||||||
* Tue Aug 15 2017 Sun Yunying <yunying.sun@intel.com> - 2.1.0-4
|
|
||||||
- Add patch to fix build error when openssl-devel is installed(RHBZ#1481236)
|
|
||||||
|
|
||||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-3
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Jul 31 2017 Sun Yunying <yunying.sun@intel.com> - 2.1.0-2
|
|
||||||
- Add patch to fix gcc7 complaining about implicit-fallthrough cases
|
|
||||||
|
|
||||||
* Fri Jul 28 2017 Sun Yunying <yunying.sun@intel.com> - 2.1.0-1
|
|
||||||
- Update to latest upstream release 2.1.0
|
|
||||||
|
|
||||||
* Fri Jul 28 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-9
|
|
||||||
- Update Requires dependency so that tpm2-tss update won't break tpm2-tools
|
|
||||||
|
|
||||||
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-8
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed May 10 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-7
|
|
||||||
- Only update release version to make fedpkg build works for f26
|
|
||||||
|
|
||||||
* Wed Mar 1 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-6
|
|
||||||
- Update tpm2-tss version to 1.0-3 to fix broken dependency on f26
|
|
||||||
|
|
||||||
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-5
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Jan 20 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-4
|
|
||||||
- Dependency check failed for Requires again, here to fix this
|
|
||||||
- Update release version and changelog
|
|
||||||
|
|
||||||
* Thu Jan 19 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-3
|
|
||||||
- Change spec file permission to 644 to avoid rpmlint complain
|
|
||||||
- Update Requires to fix dependency check error reported in Bodhi
|
|
||||||
- Remove tpm2-tss-devel version in BuildRequires comment
|
|
||||||
- Update release version and changelog
|
|
||||||
|
|
||||||
* Wed Dec 21 2016 Sun Yunying <yunying.sun@intel.com> - 1.1.0-2
|
|
||||||
- Remove pkg_version to avoid dupliate use of version
|
|
||||||
- Remove redundant BuildRequires for autoconf/automake/pkgconfig
|
|
||||||
- Add comments for BuildRequires of sapi/tcti-device/tcti-socket
|
|
||||||
- Use ExclusiveArch instead of ExcludeArch
|
|
||||||
- Requires tpm2-tss version updated to 1.0-2
|
|
||||||
- Updated release version and changelog
|
|
||||||
|
|
||||||
* Fri Dec 2 2016 Sun Yunying <yunying.sun@intel.com> - 1.1.0-1
|
|
||||||
- Initial version of the package
|
|
1
sources
Normal file
1
sources
Normal file
@ -0,0 +1 @@
|
|||||||
|
SHA512 (tpm2-tools-5.7.tar.gz) = 629b0b1826815877f452935285f7b3fe0f32bd24fe9130eb169a2dc9b7b254a737797043af9eea68be706b87c32ab2b7189151360c9c00bc5c31dce62a799670
|
312
tpm2-tools.spec
Normal file
312
tpm2-tools.spec
Normal file
@ -0,0 +1,312 @@
|
|||||||
|
#global candidate rc1
|
||||||
|
|
||||||
|
Name: tpm2-tools
|
||||||
|
Version: 5.7
|
||||||
|
Release: 2%{?candidate:.%{candidate}}%{?dist}
|
||||||
|
Summary: A bunch of TPM testing toolS build upon tpm2-tss
|
||||||
|
|
||||||
|
License: BSD-3-Clause
|
||||||
|
URL: https://github.com/tpm2-software/tpm2-tools
|
||||||
|
Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}%{?candidate:-%{candidate}}/%{name}-%{version}%{?candidate:-%{candidate}}.tar.gz
|
||||||
|
|
||||||
|
BuildRequires: make
|
||||||
|
BuildRequires: gcc-c++
|
||||||
|
BuildRequires: libtool
|
||||||
|
BuildRequires: autoconf-archive
|
||||||
|
%if ! 0%{?rhel}
|
||||||
|
BuildRequires: pandoc
|
||||||
|
%endif
|
||||||
|
BuildRequires: pkgconfig(cmocka)
|
||||||
|
BuildRequires: pkgconfig(libcurl)
|
||||||
|
BuildRequires: pkgconfig(openssl)
|
||||||
|
# tpm2-tss-devel provides tss2-mu/sys/esys package config
|
||||||
|
BuildRequires: pkgconfig(tss2-mu) >= 3.1.0
|
||||||
|
BuildRequires: pkgconfig(tss2-sys) >= 3.1.0
|
||||||
|
BuildRequires: pkgconfig(tss2-esys) >= 3.1.0
|
||||||
|
BuildRequires: pkgconfig(uuid)
|
||||||
|
|
||||||
|
# tpm2-tools is heavily depending on TPM2.0-TSS project, matched tss is required
|
||||||
|
Requires: tpm2-tss%{?_isa} >= 3.1.0
|
||||||
|
|
||||||
|
%description
|
||||||
|
tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p1 -n %{name}-%{version}%{?candidate:-%{candidate}}
|
||||||
|
|
||||||
|
%build
|
||||||
|
%configure --prefix=/usr --disable-static --disable-silent-rules
|
||||||
|
%make_build
|
||||||
|
|
||||||
|
%install
|
||||||
|
%make_install
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license docs/LICENSE
|
||||||
|
%doc docs/README.md docs/CHANGELOG.md
|
||||||
|
%{_bindir}/tpm2
|
||||||
|
%{_bindir}/tpm2_*
|
||||||
|
%{_bindir}/tss2
|
||||||
|
%{_bindir}/tss2_*
|
||||||
|
%{_datadir}/bash-completion/completions/tpm2*
|
||||||
|
%{_datadir}/bash-completion/completions/tss2*
|
||||||
|
%{_mandir}/man1/tpm2_*.1.gz
|
||||||
|
%{_mandir}/man1/tpm2.1.gz
|
||||||
|
%{_mandir}/man1/tss2_*.1.gz
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Wed May 22 2024 Štěpán Horáček <shoracek@redhat.com> - 5.7-2
|
||||||
|
- Rebuild for gating
|
||||||
|
Resolves: RHEL-23199
|
||||||
|
|
||||||
|
* Tue May 14 2024 Štěpán Horáček <shoracek@redhat.com> - 5.7-1
|
||||||
|
- Update to 5.7
|
||||||
|
Resolves: RHEL-23199
|
||||||
|
|
||||||
|
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.6-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Nov 12 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 5.6-1
|
||||||
|
- Update to 5.6
|
||||||
|
|
||||||
|
* Tue Sep 26 2023 Štěpán Horáček <shoracek@redhat.com> - 5.5-5
|
||||||
|
- Migrate license to SPDX
|
||||||
|
|
||||||
|
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.5-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Apr 17 2023 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 5.5-3
|
||||||
|
- Disable compiler optimization to fix LTO + FORTIFY_SOURCE=3 issue
|
||||||
|
Resolves rhbz#2171376
|
||||||
|
|
||||||
|
* Tue Feb 21 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 5.5-2
|
||||||
|
- Disable manpage regeneration in RHEL/ELN builds
|
||||||
|
|
||||||
|
* Thu Feb 16 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 5.5-1
|
||||||
|
- Update to 5.5
|
||||||
|
|
||||||
|
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.5-0.2.rc1
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Dec 19 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 5.5-0.1.rc1
|
||||||
|
- Update to 5.5-RC1
|
||||||
|
- Enable LTO (RHBZ#1986628)
|
||||||
|
|
||||||
|
* Thu Dec 08 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 5.4-1
|
||||||
|
- Update to 5.4
|
||||||
|
|
||||||
|
* Wed Sep 28 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 5.3-1
|
||||||
|
- Update to 5.3
|
||||||
|
|
||||||
|
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.2-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.2-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Oct 02 2021 Peter Robinson <pbrobinson@fedoraproject.org> - 5.2-1
|
||||||
|
- Update to 5.2
|
||||||
|
|
||||||
|
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 5.1.1-3
|
||||||
|
- Rebuilt with OpenSSL 3.0.0
|
||||||
|
|
||||||
|
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jun 21 2021 Peter Robinson <pbrobinson@fedoraproject.org> - 5.1.1-1
|
||||||
|
- Update to 5.1.1
|
||||||
|
- Fixes CVE-2021-3565 (rhbz 1964428)
|
||||||
|
|
||||||
|
* Tue May 25 2021 Peter Robinson <pbrobinson@fedoraproject.org> - 5.1-1
|
||||||
|
- Update to 5.1
|
||||||
|
|
||||||
|
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Nov 23 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 5.0-1
|
||||||
|
- Update tp tpm2-tools 5.0
|
||||||
|
|
||||||
|
* Sat Aug 29 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 4.3.0-1
|
||||||
|
- Update to 4.3.0
|
||||||
|
|
||||||
|
* Mon Aug 10 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 4.2.1-4
|
||||||
|
- Rebuild for tpm2-tss 3.0
|
||||||
|
|
||||||
|
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.1-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jun 30 2020 Jeff Law <law@redhat.com> - 4.2.1-2
|
||||||
|
- Disable LTO due to latent uninitialized variable exposed by LTO
|
||||||
|
|
||||||
|
* Wed May 27 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 4.2.1-1
|
||||||
|
- Update to 4.2.1
|
||||||
|
|
||||||
|
* Tue Apr 14 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 4.2-1
|
||||||
|
- Update to 4.2
|
||||||
|
|
||||||
|
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Nov 28 2019 Yunying Sun <yunying.sun@intel.com> - 4.1-1
|
||||||
|
- Update to 4.1 release
|
||||||
|
|
||||||
|
* Tue Oct 29 2019 Yunying Sun <yunying.sun@intel.com> - 4.0.1-1
|
||||||
|
- Update to 4.0.1 release
|
||||||
|
|
||||||
|
* Tue Sep 10 2019 Peter Robinson <pbrobinson@fedoraproject.org> 4.0-1
|
||||||
|
- Update to 4.0
|
||||||
|
|
||||||
|
* Fri Sep 6 2019 Javier Martinez Canillas <javierm@redhat.com> 4.0-0.4-rc2
|
||||||
|
- Use a release tarball instead of a source code tarball
|
||||||
|
|
||||||
|
* Fri Sep 6 2019 Peter Robinson <pbrobinson@fedoraproject.org> 4.0-0.3-rc2
|
||||||
|
- Update to 4.0 RC2
|
||||||
|
|
||||||
|
* Tue Aug 27 2019 Peter Robinson <pbrobinson@fedoraproject.org> 4.0-0.2-rc1
|
||||||
|
- Update to 4.0 RC1
|
||||||
|
|
||||||
|
* Tue Aug 20 2019 Peter Robinson <pbrobinson@fedoraproject.org> 4.0-0.1-rc0
|
||||||
|
- Update to 4.0 RC0
|
||||||
|
|
||||||
|
* Thu Aug 1 2019 Peter Robinson <pbrobinson@fedoraproject.org> 3.2.0-3
|
||||||
|
- Fix for crash for max PCRs available
|
||||||
|
|
||||||
|
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jun 21 2019 Yunying Sun <yunying.sun@intel.com> - 3.2.0-1
|
||||||
|
- Update to 3.2.0 release
|
||||||
|
- Removed patches since all have been included in 3.2.0 release
|
||||||
|
|
||||||
|
* Fri May 10 2019 Javier Martinez Canillas <javierm@redhat.com> - 3.1.4-2
|
||||||
|
- Allow tpm2_makecredential to run without a TPM (jetwhiz)
|
||||||
|
- Add tpm2_pcrreset and tpm2_checkquote tools (jetwhiz)
|
||||||
|
|
||||||
|
* Fri Mar 15 2019 Yunying Sun <yunying.sun@intel.com> - 3.1.4-1
|
||||||
|
- Update to 3.1.4 release
|
||||||
|
- Removed the 4 patches since all have been included in 3.1.4 release
|
||||||
|
|
||||||
|
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.3-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jan 7 2019 Javier Martinez Canillas <javierm@redhat.com> - 3.1.3-3
|
||||||
|
- Fix broken -T option when passing additional arguments
|
||||||
|
|
||||||
|
* Mon Jan 7 2019 Javier Martinez Canillas <javierm@redhat.com> - 3.1.3-2
|
||||||
|
- Fix broken -T option and a couple of minor fixes
|
||||||
|
- Add pandoc BuildRequires
|
||||||
|
|
||||||
|
* Wed Nov 7 2018 Yunying Sun <yunying.sun@intel.com> - 3.1.3-1
|
||||||
|
- Update to 3.1.3 release
|
||||||
|
|
||||||
|
* Wed Sep 12 2018 Javier Martinez Canillas <javierm@redhat.com> - 3.1.2-1
|
||||||
|
- Update to 3.1.2 release
|
||||||
|
- Restore TCTI configuration environment for tools
|
||||||
|
- Restore tpm2_getcap tool properties output
|
||||||
|
Resolves: rhbz#1625647
|
||||||
|
|
||||||
|
* Sat Jul 14 2018 Javier Martinez Canillas <javierm@redhat.com> - 3.1.1-3
|
||||||
|
- Revert backward incompatible change that removes default object attributes
|
||||||
|
|
||||||
|
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.1-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jul 12 2018 Yunying Sun <yunying.sun@intel.com> - 3.1.1-1
|
||||||
|
- Update to 3.1.1 release
|
||||||
|
|
||||||
|
* Thu Jul 5 2018 Yunying Sun <yunying.sun@intel.com> - 3.1.0-1
|
||||||
|
- Update Requires version of tpm2-tss to 2.0.0
|
||||||
|
- Remove BuildRequires for tcti-abrmd since it is optional
|
||||||
|
- Remove BuildRequires for tcti-{device,mssim} as it is now dynamically loaded
|
||||||
|
- Update to 3.1.0 release
|
||||||
|
|
||||||
|
* Mon Apr 30 2018 Javier Martinez Canillas <javierm@redhat.com> - 3.0.4-1
|
||||||
|
- Update URLs to point to the new project location
|
||||||
|
- Update to 3.0.4 release
|
||||||
|
|
||||||
|
* Wed Feb 21 2018 Javier Martinez Canillas <javierm@redhat.com> - 3.0.3-3
|
||||||
|
- Remove ExclusiveArch: x86_64 directive
|
||||||
|
|
||||||
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.3-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jan 16 2018 Javier Martinez Canillas <javierm@redhat.com> - 3.0.3-1
|
||||||
|
- Update to 3.0.3 release
|
||||||
|
|
||||||
|
* Mon Dec 18 2017 Javier Martinez Canillas <javierm@redhat.com> - 3.0.2-1
|
||||||
|
- Update to 3.0.2 release
|
||||||
|
|
||||||
|
* Tue Dec 12 2017 Javier Martinez Canillas <javierm@redhat.com> - 3.0.1-1
|
||||||
|
- Update to 3.0.1 release (RHBZ#1512743)
|
||||||
|
- Download the generated tarball provided instead of the source code tarball
|
||||||
|
|
||||||
|
* Fri Dec 08 2017 Javier Martinez Canillas <javierm@redhat.com> - 3.0-1
|
||||||
|
- Update to 3.0 release
|
||||||
|
|
||||||
|
* Wed Nov 29 2017 Javier Martinez Canillas <javierm@redhat.com> - 3.0-0.1.rc1
|
||||||
|
- Update to 3.0 release candidate 1
|
||||||
|
- Update URLs to point to the new project location
|
||||||
|
- Make the package to obsolete version 2.1.1
|
||||||
|
|
||||||
|
* Wed Nov 01 2017 Javier Martinez Canillas <javierm@redhat.com> - 2.1.1-1
|
||||||
|
- Rename remaining tpm2.0-tools prefixes to tpm2-tools
|
||||||
|
- Remove global pkg_prefix since now the upstream repo and package names match
|
||||||
|
- Remove downstream patches since now these are in the latest upstream release
|
||||||
|
- Update to 2.1.1 release (RHBZ#1504438)
|
||||||
|
|
||||||
|
* Thu Oct 19 2017 Jerry Snitselaar <jsnitsel@redhat.com> - 2.1.0-7
|
||||||
|
- Clean up potential memleak (RHBZ#1503959)
|
||||||
|
|
||||||
|
* Thu Oct 05 2017 Javier Martinez Canillas <javierm@redhat.com> - 2.1.0-6
|
||||||
|
- Add tpm2-abrmd-devel BuildRequires so tools have abrmd support (RHBZ#1498909)
|
||||||
|
|
||||||
|
* Fri Aug 18 2017 Javier Martinez Canillas <javierm@redhat.com> - 2.1.0-5
|
||||||
|
- Remove unneeded source tarballs (RHBZ#1482830)
|
||||||
|
|
||||||
|
* Tue Aug 15 2017 Sun Yunying <yunying.sun@intel.com> - 2.1.0-4
|
||||||
|
- Add patch to fix build error when openssl-devel is installed(RHBZ#1481236)
|
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 31 2017 Sun Yunying <yunying.sun@intel.com> - 2.1.0-2
|
||||||
|
- Add patch to fix gcc7 complaining about implicit-fallthrough cases
|
||||||
|
|
||||||
|
* Fri Jul 28 2017 Sun Yunying <yunying.sun@intel.com> - 2.1.0-1
|
||||||
|
- Update to latest upstream release 2.1.0
|
||||||
|
|
||||||
|
* Fri Jul 28 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-9
|
||||||
|
- Update Requires dependency so that tpm2-tss update won't break tpm2-tools
|
||||||
|
|
||||||
|
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-8
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed May 10 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-7
|
||||||
|
- Only update release version to make fedpkg build works for f26
|
||||||
|
|
||||||
|
* Wed Mar 1 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-6
|
||||||
|
- Update tpm2-tss version to 1.0-3 to fix broken dependency on f26
|
||||||
|
|
||||||
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-5
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jan 20 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-4
|
||||||
|
- Dependency check failed for Requires again, here to fix this
|
||||||
|
- Update release version and changelog
|
||||||
|
|
||||||
|
* Thu Jan 19 2017 Sun Yunying <yunying.sun@intel.com> - 1.1.0-3
|
||||||
|
- Change spec file permission to 644 to avoid rpmlint complain
|
||||||
|
- Update Requires to fix dependency check error reported in Bodhi
|
||||||
|
- Remove tpm2-tss-devel version in BuildRequires comment
|
||||||
|
- Update release version and changelog
|
||||||
|
|
||||||
|
* Wed Dec 21 2016 Sun Yunying <yunying.sun@intel.com> - 1.1.0-2
|
||||||
|
- Remove pkg_version to avoid dupliate use of version
|
||||||
|
- Remove redundant BuildRequires for autoconf/automake/pkgconfig
|
||||||
|
- Add comments for BuildRequires of sapi/tcti-device/tcti-socket
|
||||||
|
- Use ExclusiveArch instead of ExcludeArch
|
||||||
|
- Requires tpm2-tss version updated to 1.0-2
|
||||||
|
- Updated release version and changelog
|
||||||
|
|
||||||
|
* Fri Dec 2 2016 Sun Yunying <yunying.sun@intel.com> - 1.1.0-1
|
||||||
|
- Initial version of the package
|
Loading…
Reference in New Issue
Block a user