forked from pool/tboot
update to new upstream version 1.9.6:
- removed following patches, because they're now included upstream:
* tboot-grub2-fix-menu-in-xen-host-server.patch
* tboot-grub2-fix-xen-submenu-name.patch
* tboot-grub2-suse.patch
- Changes in this version:
* GCC7 fix, adds generic FALLTHROUGH notations to avoid warnings appearing on GCC7
* Ensure Tboot never overwrites modules in the process of moving them.
* Add support to x2APIC, which uses 32 bit APIC ID.
* Fix S3 secrets sealing/unsealing failures
* Support OpenSSL 1.1.0+ for ECDSA signature verification.
* Support OpenSSL 1.1.0+ for RSA key manipulation.
* Adds additional checks to prevent the kernel image from being overwritten.
* Added TCG TPM event log support.
* Pass through the EFI memory map that's provided by grub2.
* Fix a null pointer dereference bug when Intel TXT is disabled in BIOS.
* Adjust KERNEL_CMDLINE_OFFSET from 0x9000 to 0x8D00.
* Bounds checking on the kernel_cmdline string.
OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=64
This commit is contained in:
Git OBS Bridge
parent
b3b59d9789
commit
b9b173fea3
@ -1,13 +0,0 @@
|
||||
Index: tboot-1.9.5/tboot/Makefile
|
||||
===================================================================
|
||||
--- tboot-1.9.5.orig/tboot/Makefile
|
||||
+++ tboot-1.9.5/tboot/Makefile
|
||||
@@ -32,7 +32,7 @@ OBJS := $(obj-y)
|
||||
TARGET_LDS := $(CURDIR)/common/tboot.lds
|
||||
|
||||
$(TARGET).gz : $(TARGET)
|
||||
- gzip -f -9 < $< > $@
|
||||
+ gzip -n -f -9 < $< > $@
|
||||
|
||||
$(TARGET) : $(OBJS) $(TARGET_LDS)
|
||||
$(LD) $(LDFLAGS) -T $(TARGET_LDS) -N $(OBJS) -o $(@D)/.$(@F).0
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c7032e367ac0129493c9bb1fcd1437f400ff5533c970119ddce281ff4d58a13f
|
||||
size 685460
|
||||
3
tboot-1.9.6.tar.gz
Normal file
3
tboot-1.9.6.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1b55eed6ca8196b2a003936594248a242888ac34ff970eda651e7660c4772a39
|
||||
size 693564
|
||||
@ -1,86 +0,0 @@
|
||||
Index: tboot-1.9.5/tboot/common/tboot.c
|
||||
===================================================================
|
||||
--- tboot-1.9.5.orig/tboot/common/tboot.c
|
||||
+++ tboot-1.9.5/tboot/common/tboot.c
|
||||
@@ -501,11 +501,13 @@ static void shutdown_system(uint32_t shu
|
||||
/* write our S3 resume vector to ACPI resume addr */
|
||||
set_s3_resume_vector(&_tboot_shared.acpi_sinfo, TBOOT_S3_WAKEUP_ADDR);
|
||||
/* fall through for rest of Sx handling */
|
||||
+ /* FALLTHROUGH */
|
||||
case TB_SHUTDOWN_S4:
|
||||
case TB_SHUTDOWN_S5:
|
||||
machine_sleep(&_tboot_shared.acpi_sinfo);
|
||||
/* if machine_sleep() fails, fall through to reset */
|
||||
|
||||
+ /* FALLTHROUGH */
|
||||
case TB_SHUTDOWN_REBOOT:
|
||||
if ( txt_is_powercycle_required() ) {
|
||||
/* powercycle by writing 0x0a+0x0e to port 0xcf9 */
|
||||
@@ -524,6 +526,7 @@ static void shutdown_system(uint32_t shu
|
||||
outb(0xcf9, 0x06);
|
||||
}
|
||||
|
||||
+ /* FALLTHROUGH */
|
||||
case TB_SHUTDOWN_HALT:
|
||||
default:
|
||||
while ( true )
|
||||
Index: tboot-1.9.5/tboot/common/vsprintf.c
|
||||
===================================================================
|
||||
--- tboot-1.9.5.orig/tboot/common/vsprintf.c
|
||||
+++ tboot-1.9.5/tboot/common/vsprintf.c
|
||||
@@ -404,6 +404,7 @@ handle_width:
|
||||
case 'p':
|
||||
mods.flag |= PREFIX; /* print prefix 0x for %p */
|
||||
mods.flag_long = LONG;
|
||||
+ /* FALLTHROUGH */
|
||||
case 'x':
|
||||
mods.base = 16;
|
||||
buf_pos = write_number_to_buffer(buf, size, buf_pos, mods);
|
||||
Index: tboot-1.9.5/tboot/common/tpm.c
|
||||
===================================================================
|
||||
--- tboot-1.9.5.orig/tboot/common/tpm.c
|
||||
+++ tboot-1.9.5/tboot/common/tpm.c
|
||||
@@ -117,14 +117,14 @@ static bool tpm_send_cmd_ready_status_cr
|
||||
#endif
|
||||
|
||||
if ( reg_ctrl_sts.tpmidle== 1) {
|
||||
- reg_ctrl_request._raw[0] = 0;
|
||||
+ memset(®_ctrl_request,0,sizeof(reg_ctrl_request));
|
||||
reg_ctrl_request.cmdReady = 1;
|
||||
write_tpm_reg(locality, TPM_CRB_CTRL_REQ, ®_ctrl_request);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
- reg_ctrl_request._raw[0] = 0;
|
||||
+ memset(®_ctrl_request,0,sizeof(reg_ctrl_request));
|
||||
reg_ctrl_request.goIdle = 1;
|
||||
write_tpm_reg(locality, TPM_CRB_CTRL_REQ, ®_ctrl_request);
|
||||
|
||||
@@ -158,7 +158,7 @@ static bool tpm_send_cmd_ready_status_cr
|
||||
printk(TBOOT_INFO"2. reg_ctrl_sts.tpmsts: 0x%x\n", reg_ctrl_sts.tpmsts);
|
||||
#endif
|
||||
|
||||
- reg_ctrl_request._raw[0] = 0;
|
||||
+ memset(®_ctrl_request,0,sizeof(reg_ctrl_request));
|
||||
reg_ctrl_request.cmdReady = 1;
|
||||
write_tpm_reg(locality, TPM_CRB_CTRL_REQ, ®_ctrl_request);
|
||||
|
||||
@@ -724,7 +724,7 @@ bool tpm_relinquish_locality_crb(uint32_
|
||||
if ( reg_loc_state.loc_assigned == 0 ) return true;
|
||||
|
||||
/* make inactive by writing a 1 */
|
||||
- reg_loc_ctrl._raw[0] = 0;
|
||||
+ memset(®_loc_ctrl,0,sizeof(reg_loc_ctrl));
|
||||
reg_loc_ctrl.relinquish = 1;
|
||||
write_tpm_reg(locality, TPM_REG_LOC_CTRL, ®_loc_ctrl);
|
||||
|
||||
@@ -778,7 +778,7 @@ bool tpm_request_locality_crb(uint32_t l
|
||||
tpm_reg_loc_state_t reg_loc_state;
|
||||
tpm_reg_loc_ctrl_t reg_loc_ctrl;
|
||||
/* request access to the TPM from locality N */
|
||||
- reg_loc_ctrl._raw[0] = 0;
|
||||
+ memset(®_loc_ctrl,0,sizeof(reg_loc_ctrl));
|
||||
reg_loc_ctrl.requestAccess = 1;
|
||||
write_tpm_reg(locality, TPM_REG_LOC_CTRL, ®_loc_ctrl);
|
||||
|
||||
@ -23,10 +23,10 @@ v3:
|
||||
References: bnc#865815
|
||||
Porting to tboot in order to fix duplicated xen entries
|
||||
|
||||
Index: tboot-1.9.4/tboot/20_linux_tboot
|
||||
Index: tboot-1.9.6/tboot/20_linux_tboot
|
||||
===================================================================
|
||||
--- tboot-1.9.4.orig/tboot/20_linux_tboot
|
||||
+++ tboot-1.9.4/tboot/20_linux_tboot
|
||||
--- tboot-1.9.6.orig/tboot/20_linux_tboot
|
||||
+++ tboot-1.9.6/tboot/20_linux_tboot
|
||||
@@ -225,6 +225,49 @@ while [ "x${tboot_list}" != "x" ] && [ "
|
||||
break
|
||||
fi
|
||||
@ -77,10 +77,10 @@ Index: tboot-1.9.4/tboot/20_linux_tboot
|
||||
if test -n "${initrd}" ; then
|
||||
echo "Found initrd image: ${dirname}/${initrd}" >&2
|
||||
else
|
||||
Index: tboot-1.9.4/tboot/20_linux_xen_tboot
|
||||
Index: tboot-1.9.6/tboot/20_linux_xen_tboot
|
||||
===================================================================
|
||||
--- tboot-1.9.4.orig/tboot/20_linux_xen_tboot
|
||||
+++ tboot-1.9.4/tboot/20_linux_xen_tboot
|
||||
--- tboot-1.9.6.orig/tboot/20_linux_xen_tboot
|
||||
+++ tboot-1.9.6/tboot/20_linux_xen_tboot
|
||||
@@ -52,6 +52,12 @@ fi
|
||||
export TEXTDOMAIN=grub
|
||||
export TEXTDOMAINDIR=${prefix}/share/locale
|
||||
|
||||
@ -4,13 +4,13 @@ Subject: fix xen submenu name to show tboot version
|
||||
References: bnc#865815
|
||||
Patch-Mainline: no
|
||||
|
||||
Index: tboot-1.9.5/tboot/20_linux_xen_tboot
|
||||
Index: tboot-1.9.6/tboot/20_linux_xen_tboot
|
||||
===================================================================
|
||||
--- tboot-1.9.5.orig/tboot/20_linux_xen_tboot
|
||||
+++ tboot-1.9.5/tboot/20_linux_xen_tboot
|
||||
--- tboot-1.9.6.orig/tboot/20_linux_xen_tboot
|
||||
+++ tboot-1.9.6/tboot/20_linux_xen_tboot
|
||||
@@ -232,7 +232,7 @@ while [ "x${xen_list}" != "x" ] ; do
|
||||
rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname`
|
||||
tboot_version="1.9.5"
|
||||
tboot_version="1.9.6"
|
||||
list="${linux_list}"
|
||||
- echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
|
||||
+ echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"
|
||||
|
||||
@ -1,26 +0,0 @@
|
||||
Index: tboot-1.9.4/tboot/20_linux_tboot
|
||||
===================================================================
|
||||
--- tboot-1.9.4.orig/tboot/20_linux_tboot
|
||||
+++ tboot-1.9.4/tboot/20_linux_tboot
|
||||
@@ -24,6 +24,8 @@ libdir=${exec_prefix}/lib
|
||||
sysconfdir=/etc
|
||||
if test -e /usr/share/grub/grub-mkconfig_lib; then
|
||||
. /usr/share/grub/grub-mkconfig_lib
|
||||
+elif test -e /usr/share/grub2/grub-mkconfig_lib; then
|
||||
+ . /usr/share/grub2/grub-mkconfig_lib
|
||||
elif test -e ${libdir}/grub/grub-mkconfig_lib; then
|
||||
. ${libdir}/grub/grub-mkconfig_lib
|
||||
fi
|
||||
Index: tboot-1.9.4/tboot/20_linux_xen_tboot
|
||||
===================================================================
|
||||
--- tboot-1.9.4.orig/tboot/20_linux_xen_tboot
|
||||
+++ tboot-1.9.4/tboot/20_linux_xen_tboot
|
||||
@@ -24,6 +24,8 @@ libdir=${exec_prefix}/lib
|
||||
sysconfdir=/etc
|
||||
if test -e /usr/share/grub/grub-mkconfig_lib; then
|
||||
. /usr/share/grub/grub-mkconfig_lib
|
||||
+elif test -e /usr/share/grub2/grub-mkconfig_lib; then
|
||||
+ . /usr/share/grub2/grub-mkconfig_lib
|
||||
elif test -e ${libdir}/grub/grub-mkconfig_lib; then
|
||||
. ${libdir}/grub/grub-mkconfig_lib
|
||||
fi
|
||||
@ -1,3 +1,27 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 18 11:10:29 UTC 2017 - matthias.gerstner@suse.com
|
||||
|
||||
update to new upstream version 1.9.6:
|
||||
|
||||
- removed following patches, because they're now included upstream:
|
||||
* tboot-grub2-fix-menu-in-xen-host-server.patch
|
||||
* tboot-grub2-fix-xen-submenu-name.patch
|
||||
* tboot-grub2-suse.patch
|
||||
|
||||
- Changes in this version:
|
||||
* GCC7 fix, adds generic FALLTHROUGH notations to avoid warnings appearing on GCC7
|
||||
* Ensure Tboot never overwrites modules in the process of moving them.
|
||||
* Add support to x2APIC, which uses 32 bit APIC ID.
|
||||
* Fix S3 secrets sealing/unsealing failures
|
||||
* Support OpenSSL 1.1.0+ for ECDSA signature verification.
|
||||
* Support OpenSSL 1.1.0+ for RSA key manipulation.
|
||||
* Adds additional checks to prevent the kernel image from being overwritten.
|
||||
* Added TCG TPM event log support.
|
||||
* Pass through the EFI memory map that's provided by grub2.
|
||||
* Fix a null pointer dereference bug when Intel TXT is disabled in BIOS.
|
||||
* Adjust KERNEL_CMDLINE_OFFSET from 0x9000 to 0x8D00.
|
||||
* Bounds checking on the kernel_cmdline string.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Jun 4 08:43:14 UTC 2017 - meissner@suse.com
|
||||
|
||||
|
||||
10
tboot.spec
10
tboot.spec
@ -17,20 +17,17 @@
|
||||
|
||||
|
||||
Name: tboot
|
||||
%define ver 1.9.5
|
||||
Version: 20160518_1.9.4
|
||||
%define ver 1.9.6
|
||||
Version: 20170711_1.9.6
|
||||
Release: 0
|
||||
Summary: Performs a verified launch using Intel(R) TXT
|
||||
License: BSD-3-Clause
|
||||
Group: Productivity/Security
|
||||
Url: http://sourceforge.net/projects/tboot/
|
||||
Source0: http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
|
||||
Patch1: tboot-grub2-suse.patch
|
||||
Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch
|
||||
Patch4: tboot-grub2-fix-xen-submenu-name.patch
|
||||
# PATCH-FIX-UPSTREAM -- https://sourceforge.net/p/tboot/code/merge-requests/1/
|
||||
Patch5: reproducible.patch
|
||||
Patch6: tboot-gcc7.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: trousers-devel
|
||||
@ -43,11 +40,8 @@ verified launch of an OS kernel/VMM.
|
||||
|
||||
%prep
|
||||
%setup -q -n %name-%ver
|
||||
%patch1 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
|
||||
%build
|
||||
export CFLAGS="%{optflags}"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user