pool/tpm2.0-abrmd
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
70 Commits 1 Branch 0 Tags 742 KiB
Diff 100%
8ad3f04a3a
Go to file
Dominique Leuenberger 8ad3f04a3a Accepting request 966798 from security 
- dbus-access.patch: restrict D-Bus access to tpm2-abrmd to members of the tss
  group (bsc#1197532). This prevents arbitrary users from meddling with TPM
  state and thus potential denial-of-service vectors.

OBS-URL: https://build.opensuse.org/request/show/966798
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-abrmd?expand=0&rev=22
2022-04-05 17:55:07 +00:00
.gitattributes Accepting request 514156 from home:mgerstner:branches:security 2017-08-03 08:13:01 +00:00
.gitignore Accepting request 514156 from home:mgerstner:branches:security 2017-08-03 08:13:01 +00:00
dbus-access.patch - restrict D-Bus access to tpm2-abrmd to members of the tss group 2022-04-04 10:57:16 +00:00
harden_tpm2-abrmd.service.patch Accepting request 933795 from home:jsegitz:branches:systemdhardening:security 2021-11-30 09:31:21 +00:00
README.SUSE - restrict D-Bus access to tpm2-abrmd to members of the tss group 2022-04-04 10:57:16 +00:00
tpm2-abrmd-2.4.0.tar.gz Accepting request 906496 from home:gmbr3:Active 2021-07-16 08:20:11 +00:00
tpm2.0-abrmd.changes - dbus-access.patch: restrict D-Bus access to tpm2-abrmd to members of the tss 2022-04-04 11:06:24 +00:00
tpm2.0-abrmd.rpmlintrc - Update to version 2.0.1: 2018-08-10 10:31:50 +00:00
tpm2.0-abrmd.spec - restrict D-Bus access to tpm2-abrmd to members of the tss group 2022-04-04 10:57:16 +00:00

README.SUSE 

The tpm2-abrmd by upstream default allows every local users in the system to
access the TPM chip and modify its settings (bsc#1197532). Upstream suggests
to use the TPM's internal security features (e.g. password protection) to
prevent local users from manipulating the chip without authorization. Still
the default behaviour that every user in the system can access TPM features
without any authentication could come as a surprise to end users and system
integrators alike.

For this reason on SUSE only members of the 'tss' group are allowed to access
the tpm2-abrmd D-Bus interface, thereby mirroring the access permissions of
the /dev/tpm0 and /dev/tpmrm0 character devices.