- required update due to openSSL 3.0 deprecation errors in current version

- updated to v1.11.1 / 20230125:
      20230125: v1.11.1
      - Revert log memory range extension (caused memory overlaps and boot failures)
      20221223: v1.11.0
      - Fixed TPM handling to flush objects after integrity measurement (Intel PTT limitations)
      - Exteded low memory range for logs (HCC CPUs had issue with not enough memory)
      - "agile" removed from PCR Extend policy options (requested deprecation)
      - Added handling for flexible ACM Info Table format
      - lcptools: CPPFLAGS use by environment in build
      - lcptools: removed __DATE__ refs to make build reproducible
      - Only platform-matchin SINIT modules can be selected
      - txt-acminfo: Map TXT heap using mmap
      - Typo fix in man page
      20220304: v1.10.5
      - Fixed mlehash.c to bring back functionality and make it GCC12 compliant
      - Reverted change for replacing EFI memory to bring back Tboot in-memory logs
      20220224: v1.10.4
      - Fix hash printing for SHA384, SHA512 and SM3
      - Touch ups for GCC12
      - Set GDT to map CS and DS to 4GB before jumping to Linux
      - make efi_memmap_reserve handle gaps like e820_protect_region
      - Ensure that growth of Multiboot tags does not go beyond original area
      - Replace EFI memory map in Multiboot2 info
      - Fix endianness of pcr_info->pcr_selection.size_of_select
      -  Don't ignore locality in PCR file
      - Fix composite hashing algorithm for PCONF elements to match lcptools-1
      20211210: v1.10.3
      - Add UNI-VGA license information
      - Remove poly1305 object files on clean

OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=112

tboot-1.10.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2e179ca3b50b83cee56c2f2a5e4096c06dd1f2388f7508339c390f04fcbab111
-size 8325837

tboot-grub2-fix-menu-in-xen-host-server.patch

@@ -23,11 +23,11 @@ v3:
 References: bnc#865815
 Porting to tboot in order to fix duplicated xen entries
 
-Index: tboot-1.10.0/tboot/20_linux_tboot
+Index: tboot-1.11.1/tboot/20_linux_tboot
 ===================================================================
---- tboot-1.10.0.orig/tboot/20_linux_tboot
-+++ tboot-1.10.0/tboot/20_linux_tboot
-@@ -205,6 +205,49 @@ while [ "x${tboot_list}" != "x" ] && [ "
+--- tboot-1.11.1.orig/tboot/20_linux_tboot
++++ tboot-1.11.1/tboot/20_linux_tboot
+@@ -219,6 +219,49 @@ while [ "x${tboot_list}" != "x" ] && [ "
  		break
  	    fi
  	done
@@ -77,11 +77,11 @@ Index: tboot-1.10.0/tboot/20_linux_tboot
  	if test -n "${initrd}" ; then
  	    echo "Found initrd image: ${dirname}/${initrd}" >&2
  	else
-Index: tboot-1.10.0/tboot/20_linux_xen_tboot
+Index: tboot-1.11.1/tboot/20_linux_xen_tboot
 ===================================================================
---- tboot-1.10.0.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.10.0/tboot/20_linux_xen_tboot
-@@ -52,6 +52,12 @@ fi
+--- tboot-1.11.1.orig/tboot/20_linux_xen_tboot
++++ tboot-1.11.1/tboot/20_linux_xen_tboot
+@@ -58,6 +58,12 @@ fi
  export TEXTDOMAIN=grub
  export TEXTDOMAINDIR=${prefix}/share/locale
  
@@ -94,7 +94,7 @@ Index: tboot-1.10.0/tboot/20_linux_xen_tboot
  CLASS="--class gnu-linux --class gnu --class os --class xen"
  
  if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
-@@ -185,9 +191,17 @@ linux_list=`for i in /boot/vmlinu[xz]-*
+@@ -191,9 +197,17 @@ linux_list=`for i in /boot/vmlinu[xz]-*
  if [ "x${linux_list}" = "x" ] ; then
      exit 0
  fi

tboot-grub2-fix-xen-submenu-name.patch

@@ -4,13 +4,13 @@ Subject: fix xen submenu name to show tboot version
 References: bnc#865815
 Patch-Mainline: no
 
-Index: tboot-1.10.2/tboot/20_linux_xen_tboot
+Index: tboot-1.11.1/tboot/20_linux_xen_tboot
 ===================================================================
---- tboot-1.10.2.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.10.2/tboot/20_linux_xen_tboot
-@@ -232,7 +232,7 @@ while [ "x${xen_list}" != "x" ] ; do
+--- tboot-1.11.1.orig/tboot/20_linux_xen_tboot
++++ tboot-1.11.1/tboot/20_linux_xen_tboot
+@@ -246,7 +246,7 @@ while [ "x${xen_list}" != "x" ] ; do
          rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname`
-         tboot_version="1.10.2"
+         tboot_version="1.11.1"
          list="${linux_list}"
 -        echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
 +        echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"

tboot.changes

@@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Mon Feb  6 10:52:29 UTC 2023 - Matthias Gerstner <matthias.gerstner@suse.com>
+
+- required update due to openSSL 3.0 deprecation errors in current version
+- updated to v1.11.1 / 20230125:
+      20230125: v1.11.1
+      - Revert log memory range extension (caused memory overlaps and boot failures)
+      20221223: v1.11.0
+      - Fixed TPM handling to flush objects after integrity measurement (Intel PTT limitations)
+      - Exteded low memory range for logs (HCC CPUs had issue with not enough memory)
+      - "agile" removed from PCR Extend policy options (requested deprecation)
+      - Added handling for flexible ACM Info Table format
+      - lcptools: CPPFLAGS use by environment in build
+      - lcptools: removed __DATE__ refs to make build reproducible
+      - Only platform-matchin SINIT modules can be selected
+      - txt-acminfo: Map TXT heap using mmap
+      - Typo fix in man page
+      20220304: v1.10.5
+      - Fixed mlehash.c to bring back functionality and make it GCC12 compliant
+      - Reverted change for replacing EFI memory to bring back Tboot in-memory logs
+      20220224: v1.10.4
+      - Fix hash printing for SHA384, SHA512 and SM3
+      - Touch ups for GCC12
+      - Set GDT to map CS and DS to 4GB before jumping to Linux
+      - make efi_memmap_reserve handle gaps like e820_protect_region
+      - Ensure that growth of Multiboot tags does not go beyond original area
+      - Replace EFI memory map in Multiboot2 info
+      - Fix endianness of pcr_info->pcr_selection.size_of_select
+      -  Don't ignore locality in PCR file
+      - Fix composite hashing algorithm for PCONF elements to match lcptools-1
+      20211210: v1.10.3
+      - Add UNI-VGA license information
+      - Remove poly1305 object files on clean
+      - Support higher resolution monitors
+      - Use SHA256 as default hashing algorithm in lcp2_mlehash and tb_polgen
+      - Add OpenSSL 3.0.0 support in lcptools-v2
+      - Increase number of supported CPUs to 1024 to accomodate for larger units
+- tboot-grub2-fix-menu-in-xen-host-server.patch: refreshed to match new
+  upstream version.
+- tboot-grub2-fix-xen-submenu-name.patch: refreshed to match new upstream
+  version.
+
 -------------------------------------------------------------------
 Fri Jun 11 07:29:02 UTC 2021 - Marcus Meissner <meissner@suse.com>
 

tboot.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package tboot
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           tboot
-%define ver 1.10.2
+%define ver 1.11.1
 Version:        20210614_%{ver}
 Release:        0
 Summary:        Program for performing a verified launch using Intel TXT
@@ -83,14 +83,14 @@ make debug=y install DISTDIR="%{buildroot}" MANPATH="%{buildroot}/%{_mandir}"
 %{_sysconfdir}/grub.d/20_linux_xen_tboot
 
 %post
-%if 0%{?update_bootloader_check_type_reinit_post:1} 
+%if 0%{?update_bootloader_check_type_reinit_post:1}
 %update_bootloader_check_type_reinit_post grub2 grub2-efi
 %else
 /sbin/update-bootloader --reinit || true
 %endif
 
 %postun
-%if 0%{?update_bootloader_check_type_reinit_post:1} 
+%if 0%{?update_bootloader_check_type_reinit_post:1}
 # there is no clean solution for refresh during package removal at the moment.
 # %%posttrans is not executed during package removal.
 %update_bootloader_check_type_reinit_post grub2 grub2-efi