- Updated to 1.9.4/20160518 (FATE#320665)

Added TPM 2.0 CRB support
  Increased BSP and AP stacks to avoid stack overflow 
  Added an ACPI_RSDP structure g_rsdp in tboot to avoid potential memory overwritten issue on TPM 2.0 UEFI platforms
  Added support to both Intel TPM nv index set and TCG TPM nv index set
  grub2: tboot doesn't skip first argument any more
  grub2: sanitize whitespace in command lines        
  grub2: Allow addition of policy data in grub.cfg
  grub2 support: allow the user to customize the command line
  Mitigated S3 resume delay by adjusting LZ_MAX_OFFSET to 5000 in lz.c.        
  Added SGX TPM  nv index support
  Add 64 bit ELF object support
  Gentoo Hardened, which uses the GRSecurity and PaX patch sets
  Disable -fstack-check in CFLAG for compatibility with Gentoo Linux.
  Enhanced tboot compatiblity running on non-Intel TXT platform with a fix of is_launched()
  LCP documentation improvements
- tboot-grub2-suse.patch: refreshed
- tboot-grub2-fix-xen-submenu-name.patch: refreshed

OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=46

tboot-1.9.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7167e5615def4ac0f25b2f9139b3d361a0a20d91386d80b1d865107b3f552f39
+size 2107175

tboot-grub2-fix-xen-submenu-name.patch

@@ -4,13 +4,13 @@ Subject: fix xen submenu name to show tboot version
 References: bnc#865815
 Patch-Mainline: no
 
-Index: tboot-1.8.3/tboot/20_linux_xen_tboot
+Index: tboot-1.9.4/tboot/20_linux_xen_tboot
 ===================================================================
---- tboot-1.8.3.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.8.3/tboot/20_linux_xen_tboot
-@@ -187,7 +187,7 @@ while [ "x${xen_list}" != "x" ] ; do
+--- tboot-1.9.4.orig/tboot/20_linux_xen_tboot
++++ tboot-1.9.4/tboot/20_linux_xen_tboot
+@@ -232,7 +232,7 @@ while [ "x${xen_list}" != "x" ] ; do
          rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname`
-         tboot_version="1.8.3"
+         tboot_version="1.9.4"
          list="${linux_list}"
 -        echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
 +        echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"

tboot-grub2-suse.patch

@@ -1,28 +1,24 @@
-Index: tboot-1.8.0/tboot/20_linux_tboot
+Index: tboot-1.9.4/tboot/20_linux_tboot
 ===================================================================
---- tboot-1.8.0.orig/tboot/20_linux_tboot
-+++ tboot-1.8.0/tboot/20_linux_tboot
-@@ -21,8 +21,8 @@ prefix=/usr
- exec_prefix=${prefix}
- bindir=${exec_prefix}/bin
- libdir=${exec_prefix}/lib
--if test -e /usr/share/grub/grub-mkconfig_lib; then
--  . /usr/share/grub/grub-mkconfig_lib
-+if test -e /usr/share/grub2/grub-mkconfig_lib; then
-+  . /usr/share/grub2/grub-mkconfig_lib
- elif test -e ${libdir}/grub/grub-mkconfig_lib; then
-   . ${libdir}/grub/grub-mkconfig_lib
- fi
-Index: tboot-1.8.0/tboot/20_linux_xen_tboot
-===================================================================
---- tboot-1.8.0.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.8.0/tboot/20_linux_xen_tboot
-@@ -21,8 +21,8 @@ prefix=/usr
- exec_prefix=${prefix}
- bindir=${exec_prefix}/bin
- libdir=${exec_prefix}/lib
--if test -e /usr/share/grub/grub-mkconfig_lib; then
--  . /usr/share/grub/grub-mkconfig_lib
+--- tboot-1.9.4.orig/tboot/20_linux_tboot
++++ tboot-1.9.4/tboot/20_linux_tboot
+@@ -24,6 +24,8 @@ libdir=${exec_prefix}/lib
+ sysconfdir=/etc
+ if test -e /usr/share/grub/grub-mkconfig_lib; then
+   . /usr/share/grub/grub-mkconfig_lib
++elif test -e /usr/share/grub2/grub-mkconfig_lib; then
++  . /usr/share/grub2/grub-mkconfig_lib
+ elif test -e ${libdir}/grub/grub-mkconfig_lib; then
+   . ${libdir}/grub/grub-mkconfig_lib
+ fi
+Index: tboot-1.9.4/tboot/20_linux_xen_tboot
+===================================================================
+--- tboot-1.9.4.orig/tboot/20_linux_xen_tboot
++++ tboot-1.9.4/tboot/20_linux_xen_tboot
+@@ -24,6 +24,8 @@ libdir=${exec_prefix}/lib
+ sysconfdir=/etc
+ if test -e /usr/share/grub/grub-mkconfig_lib; then
+   . /usr/share/grub/grub-mkconfig_lib
 +if test -e /usr/share/grub2/grub-mkconfig_lib; then
 +  . /usr/share/grub2/grub-mkconfig_lib
  elif test -e ${libdir}/grub/grub-mkconfig_lib; then

tboot.changes

@@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Thu May 19 10:35:27 UTC 2016 - meissner@suse.com
+
+- Updated to 1.9.4/20160518 (FATE#320665)
+  Added TPM 2.0 CRB support
+  Increased BSP and AP stacks to avoid stack overflow 
+  Added an ACPI_RSDP structure g_rsdp in tboot to avoid potential memory overwritten issue on TPM 2.0 UEFI platforms
+  Added support to both Intel TPM nv index set and TCG TPM nv index set
+  grub2: tboot doesn't skip first argument any more
+  grub2: sanitize whitespace in command lines        
+  grub2: Allow addition of policy data in grub.cfg
+  grub2 support: allow the user to customize the command line
+  Mitigated S3 resume delay by adjusting LZ_MAX_OFFSET to 5000 in lz.c.        
+  Added SGX TPM  nv index support
+  Add 64 bit ELF object support
+  Gentoo Hardened, which uses the GRSecurity and PaX patch sets
+  Disable -fstack-check in CFLAG for compatibility with Gentoo Linux.
+  Enhanced tboot compatiblity running on non-Intel TXT platform with a fix of is_launched()
+  LCP documentation improvements
+- tboot-grub2-suse.patch: refreshed
+- tboot-grub2-fix-xen-submenu-name.patch: refreshed
+
 -------------------------------------------------------------------
 Fri May  8 12:08:52 UTC 2015 - meissner@suse.com
 

tboot.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package tboot
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,8 +17,8 @@
 
 
 Name:           tboot
-%define ver 1.8.3
-Version:        20140728_1.8.3
+%define ver 1.9.4
+Version:        20160518_1.9.4
 Release:        0
 Summary:        Performs a verified launch using Intel(R) TXT
 License:        BSD-3-Clause