+ Merge of pending patches into the project
+ No new feature since last release
- Change source to the openSUSE project
- Remove patches (merged)
+ fix-bsc1230316-make-pcr4-hard-requirement.patch
+ fix-bsc1230316-predict-sbatlevelrt.patch
+ fix-bsc1230316-predict-sbatlevelrt-sb-off.patch
+ fix_efi_measure_and_shim.patch
+ fix-event-reshash-for-cryptouuid.patch
+ fix_grub_bls_cmdline.patch
+ fix_grub_bls_entry.patch
+ fix_loader_conf.patch
+ fix-testcase-empty-efi-variables.patch
+ support-ecc-srk.patch
- Add fix-bsc1230316-predict-sbatlevelrt-sb-off.patch to fix the
prediction of SbatLevelRT when Secure Boot is disabled
(bsc#1230316)
- Add fix-bsc1230316-make-pcr4-hard-requirement.patch to make PCR4
a hard requirement for SbatLevelRT prediction (bsc#1230316)
- Add fix-bsc1230316-predict-sbatlevelrt.patch to predict
SbatLevelRT for the next boot (bsc#1230316)
- Update the License tag to GPL-2.0-or-later to match the license
declaration in the source files
- Add fix-event-reshash-for-cryptouuid.patch to detect the crypto
device with the 'cryptouuid' prefix
- Add support-ecc-srk.patch to support ECC SRK
- Add fix-testcase-empty-efi-variables.patch to fix the testcase
playback on empty EFI variables
- Add fix_grub_bls_cmdline.patch to include the measurements of the
cmdline and the linux and initrd grub commands
- Add fix_grub_bls_entry.patch to measure boot entries in GRUB BLS
- Remove fix_efi_measure.patch
- Add fix_efi_measure_and_shim.patch (bsc#1219807)
- Add fix_loader_conf.patch to measure the systemd-boot loader.conf file
- Add fix_efi_measure.patch to fix the measurement of EFI binaries
- Update to 0.5.4
- Improve systemd-boot support
- Add --boot-entry for systemd-boot
- Manpage fixes
- Fix PCR index in JSON file
- Fix GrubPcrSnapshot parsing
- Drop upstreamed patches: boot_entry.patch and fix_pcr_index.patch
- Update to 0.5.3
- Improve documentation
- Detect key format store via extension
- Replace --key-format and --policy-format options with a single
--target-platform option
- The json file can contain multiple predictions
- Remove fix_rsa.patch as is already upstream
- Add boot_entry.patch to add new parameter to point to a new systemd
boot entry
- Add fix_pcr_index.patch to fix the PCR index number in the JSON file
- Add fix_rsa.patch to support the export in PEM format of the public
key
- FAPI is not present until tpm2-tss >= 2.4.0. Express that in the
BuildRequirement
- Update to 0.5.2
- Support EV_EVENT_TAG events from the kernel (PCR9 for the cmdline
and the kernel)
- Fix cmdline measurements
- Update to 0.5.1
- Measure the kernel as an EFI binary (PCR4)
- Update to 0.5.0
- Support systemd-cryptenroll JSON files
- Generate RSA keys in more scenarios
- Select RSA key size
- Drop systemd-boot.patch (already present in upstream)
- Add systemd-boot.patch to support systemd-cryptenroll JSON files
- Add libtss2-tcti-device0 as the default TCTI interface to avoid
the following error:
Esys_Initialize() Initialize default tcti. ErrorCode (0x000a000a)
- Added a _service file
- BuildRequire libopenssl-devel rather than openssl
- Updated to version 0.4.6:
- recognize SOURCE_DATE_EPOCH for reproducible builds
- Remove authorized policy file from the unseal action
- Unseal the data without calling __pcr_policy_make()
- Skip the variable event with 0 length (#26)
- Add the new parameter: policy-name (#27)
- Skip the leading operators when matching grub2 commands (#28)
- microconf change: force rebuilding the sed script
- Update to version 0.4.5
- update manpage to reflect added support of unseal w/ tpm2.0 key
format
- Implement unseal for TPM 2.0 Key File
- Update manpage to describe the new key-format switch
- Add TPM 2.0 Key File support to 'seal-secret' and 'sign'
- Add comment to SRK template regarding NODA flag.
- pcr-oracle.8: add a section on pcr policy sealing
- Add self-test subcommand to pcr-oracle
- Rename __tss_check_error -> tss_check_error
- Moved two tss related functions to a file of their own
- Add test-pcr.sh script
- Use the same SRK template as the one in grub2
- Implement seal/unseal using a regular PCR policy
- When displaying the DevicePath, print ACPI PNP ids
- Handle failure to read EFI variables more gracefully
- Gracefully handle AUTHORITY events for eg driver BSAs that
reside in ROM
- efi-variable rehash: break out the code to detect how the
firmware hashed the event
- build with optflags, remove unneeded clean section, macro bindir
- Updated to version 0.4.2
- Fix project URL
- add --rsa-generate-key option
- Updated to version 0.4.1:
- disable debug messages from authenticode PECOFF parser
- add --tpm-eventlog option
- add manpage
- Updated to version 0.4:
- drop the dependency on tss2 fapi
- introduce authorized policies
- Establish pcr-oracle as standalone package, apart from fde-tools
OBS-URL: https://build.opensuse.org/package/show/Base:System/pcr-oracle?expand=0&rev=44
- Update to 0.5.5
- Remove patches (merged)
+ fix-bsc1230316-make-pcr4-hard-requirement.patch
+ fix-bsc1230316-predict-sbatlevelrt.patch
+ fix-bsc1230316-predict-sbatlevelrt-sb-off.patch
+ fix_efi_measure_and_shim.patch
+ fix-event-reshash-for-cryptouuid.patch
+ fix_grub_bls_cmdline.patch
+ fix_grub_bls_entry.patch
+ fix_loader_conf.patch
+ fix-testcase-empty-efi-variables.patch
+ support-ecc-srk.patch
- Add fix-bsc1230316-predict-sbatlevelrt-sb-off.patch to fix the
prediction of SbatLevelRT when Secure Boot is disabled
(bsc#1230316)
- Add fix-bsc1230316-make-pcr4-hard-requirement.patch to make PCR4
a hard requirement for SbatLevelRT prediction (bsc#1230316)
- Add fix-bsc1230316-predict-sbatlevelrt.patch to predict
SbatLevelRT for the next boot (bsc#1230316)
- Update the License tag to GPL-2.0-or-later to match the license
declaration in the source files
- Add fix-event-reshash-for-cryptouuid.patch to detect the crypto
device with the 'cryptouuid' prefix
- Add support-ecc-srk.patch to support ECC SRK
- Add fix-testcase-empty-efi-variables.patch to fix the testcase
playback on empty EFI variables
- Add fix_grub_bls_cmdline.patch to include the measurements of the
cmdline and the linux and initrd grub commands
- Add fix_grub_bls_entry.patch to measure boot entries in GRUB BLS
- Remove fix_efi_measure.patch
- Add fix_efi_measure_and_shim.patch (bsc#1219807)
- Add fix_loader_conf.patch to measure the systemd-boot loader.conf file
- Add fix_efi_measure.patch to fix the measurement of EFI binaries
- Update to 0.5.4
- Improve systemd-boot support
- Add --boot-entry for systemd-boot
- Manpage fixes
- Fix PCR index in JSON file
- Fix GrubPcrSnapshot parsing
- Drop upstreamed patches: boot_entry.patch and fix_pcr_index.patch
- Update to 0.5.3
- Improve documentation
- Detect key format store via extension
- Replace --key-format and --policy-format options with a single
--target-platform option
- The json file can contain multiple predictions
- Remove fix_rsa.patch as is already upstream
- Add boot_entry.patch to add new parameter to point to a new systemd
boot entry
- Add fix_pcr_index.patch to fix the PCR index number in the JSON file
- Add fix_rsa.patch to support the export in PEM format of the public
key
- FAPI is not present until tpm2-tss >= 2.4.0. Express that in the
BuildRequirement
- Update to 0.5.2
- Support EV_EVENT_TAG events from the kernel (PCR9 for the cmdline
and the kernel)
- Fix cmdline measurements
- Update to 0.5.1
- Measure the kernel as an EFI binary (PCR4)
- Update to 0.5.0
- Support systemd-cryptenroll JSON files
- Generate RSA keys in more scenarios
- Select RSA key size
- Drop systemd-boot.patch (already present in upstream)
- Add systemd-boot.patch to support systemd-cryptenroll JSON files
- Add libtss2-tcti-device0 as the default TCTI interface to avoid
the following error:
Esys_Initialize() Initialize default tcti. ErrorCode (0x000a000a)
- Added a _service file
- BuildRequire libopenssl-devel rather than openssl
- Updated to version 0.4.6:
- recognize SOURCE_DATE_EPOCH for reproducible builds
- Remove authorized policy file from the unseal action
- Unseal the data without calling __pcr_policy_make()
- Skip the variable event with 0 length (#26)
- Add the new parameter: policy-name (#27)
- Skip the leading operators when matching grub2 commands (#28)
- microconf change: force rebuilding the sed script
- Update to version 0.4.5
- update manpage to reflect added support of unseal w/ tpm2.0 key
format
- Implement unseal for TPM 2.0 Key File
- Update manpage to describe the new key-format switch
- Add TPM 2.0 Key File support to 'seal-secret' and 'sign'
- Add comment to SRK template regarding NODA flag.
- pcr-oracle.8: add a section on pcr policy sealing
- Add self-test subcommand to pcr-oracle
- Rename __tss_check_error -> tss_check_error
- Moved two tss related functions to a file of their own
- Add test-pcr.sh script
- Use the same SRK template as the one in grub2
- Implement seal/unseal using a regular PCR policy
- When displaying the DevicePath, print ACPI PNP ids
- Handle failure to read EFI variables more gracefully
- Gracefully handle AUTHORITY events for eg driver BSAs that
reside in ROM
- efi-variable rehash: break out the code to detect how the
firmware hashed the event
- build with optflags, remove unneeded clean section, macro bindir
- Updated to version 0.4.2
- Fix project URL
- add --rsa-generate-key option
- Updated to version 0.4.1:
- disable debug messages from authenticode PECOFF parser
- add --tpm-eventlog option
- add manpage
- Updated to version 0.4:
- drop the dependency on tss2 fapi
- introduce authorized policies
- Establish pcr-oracle as standalone package, apart from fde-tools
OBS-URL: https://build.opensuse.org/package/show/Base:System/pcr-oracle?expand=0&rev=43
- Update to 0.5.3
- Improve documentation
- Detect key format store via extension
- Replace --key-format and --policy-format options with a single
--target-platform option
- The json file can contain multiple predictions
- Remove fix_rsa.patch as is already upstream
- Add boot_entry.patch to add new parameter to point to a new systemd
boot entry
- Add fix_pcr_index.patch to fix the PCR index number in the JSON file
OBS-URL: https://build.opensuse.org/request/show/1130043
OBS-URL: https://build.opensuse.org/package/show/Base:System/pcr-oracle?expand=0&rev=17
- Add fix_rsa.patch to support the export in PEM format of the public
key
- FAPI is not present until tpm2-tss >= 2.4.0. Express that in the
BuildRequirement
- Update to 0.5.2
- Support EV_EVENT_TAG events from the kernel (PCR9 for the cmdline
and the kernel)
- Fix cmdline measurements
- Update to 0.5.1
- Measure the kernel as an EFI binary (PCR4)
- Update to 0.5.0
- Support systemd-cryptenroll JSON files
- Generate RSA keys in more scenarios
- Select RSA key size
- Drop systemd-boot.patch (already present in upstream)
OBS-URL: https://build.opensuse.org/request/show/1127659
OBS-URL: https://build.opensuse.org/package/show/Base:System/pcr-oracle?expand=0&rev=15
- Added a _service file
- BuildRequire libopenssl-devel rather than openssl
- Updated to version 0.4.6:
- recognize SOURCE_DATE_EPOCH for reproducible builds
- Remove authorized policy file from the unseal action
- Unseal the data without calling __pcr_policy_make()
- Skip the variable event with 0 length (#26)
- Add the new parameter: policy-name (#27)
- Skip the leading operators when matching grub2 commands (#28)
- microconf change: force rebuilding the sed script
OBS-URL: https://build.opensuse.org/request/show/1096688
OBS-URL: https://build.opensuse.org/package/show/Base:System/pcr-oracle?expand=0&rev=9
