Alberto Planas Dominguez
8e63387014
- Version 3.0.0
+ Fixed
* A bug in special command processing in TPM2_GetCapability when
an audit session is in use cuased tpm2-abrmd to abort.
+ Added
* New SELinux interfaces for communication with keylime
+ Changed
* DBUS permissions in tpm2-abrmd.conf to match the in-kernel RM,
ie /dev/tpmrm0, permissions. Now users MUST be in the tss group
to send to tpm2-abrmd over DBUS.
- Drop dbus-access.patch (merged in PR#805)
OBS-URL: https://build.opensuse.org/request/show/1041872
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=71
|
||
|---|---|---|
| .gitattributes | ||
| .gitignore | ||
| harden_tpm2-abrmd.service.patch | ||
| README.SUSE | ||
| tpm2-abrmd-3.0.0.tar.gz | ||
| tpm2-abrmd-3.0.0.tar.gz.asc | ||
| tpm2-abrmd.keyring | ||
| tpm2.0-abrmd.changes | ||
| tpm2.0-abrmd.rpmlintrc | ||
| tpm2.0-abrmd.spec | ||
The tpm2-abrmd by upstream default allows every local users in the system to access the TPM chip and modify its settings (bsc#1197532). Upstream suggests to use the TPM's internal security features (e.g. password protection) to prevent local users from manipulating the chip without authorization. Still the default behaviour that every user in the system can access TPM features without any authentication could come as a surprise to end users and system integrators alike. For this reason on SUSE only members of the 'tss' group are allowed to access the tpm2-abrmd D-Bus interface, thereby mirroring the access permissions of the /dev/tpm0 and /dev/tpmrm0 character devices.