anag_factory
804cc746de
- add tboot-grub2-fix-version-find-latest.diff: grub2-mkconfig no longer works
with the tboot drop-in configuration files, because they rely on the no
longer available "find_version_latest" (bsc#1266833). This patch provides
drop-in replacements of that function based on the recommended
"version_sort()" helper function.
- update to version v1.11.12:
Fix lcptools-v2 compilation error, caused by incorrect size of
digest buffer allocation. The size of the digest buffer should be
SHA1_DIGEST_SIZE, not sizeof(tb_hash_t).
Fix SGX status verification. TBOOT used improper method of the SGX
status verification. Added proper SGX status verification by checking
both CPUID and MSR_IA32_FEATURE_CONTROL[bit 18]. If SGX is not
enabled, TBOOT will print error message and return without doing the
SVN check.
Secure pointer to the TBOOT Log base from unauthorized DMA access.
Defined new functions in tboot.h to return the base address of the
TBOOT Log and validate its UUID, ensuring proper initialization.
Provide DMA protection for global variable holding the number of e820
entries. Defined a secure global pointer in OsMleData structure,
protected from unauthorized DMA access, with verification procedure
called before e820 map copying and TXT heap initialization.
- update to version v1.11.11:
Provide new cmdline option - "force_pmrs", which disabled TPR
configuration and support both for TBOOT and SINIT ACM. TBOOT sets
PMRs for SINIT ACM as it's default memory protection mechanism.
Disable Intel CET technology, during TBOOT shutdown execution.
- drop tboot-fix-alloc-size-warning.patch: now contained upstream.
- drop tboot-cet.patch: now contained upstream.
OBS-URL: https://build.opensuse.org/request/show/1361572
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tboot?expand=0&rev=54