- updated to v1.11.1 / 20230125:
20230125: v1.11.1
- Revert log memory range extension (caused memory overlaps and boot failures)
20221223: v1.11.0
- Fixed TPM handling to flush objects after integrity measurement (Intel PTT limitations)
- Exteded low memory range for logs (HCC CPUs had issue with not enough memory)
- "agile" removed from PCR Extend policy options (requested deprecation)
- Added handling for flexible ACM Info Table format
- lcptools: CPPFLAGS use by environment in build
- lcptools: removed __DATE__ refs to make build reproducible
- Only platform-matchin SINIT modules can be selected
- txt-acminfo: Map TXT heap using mmap
- Typo fix in man page
20220304: v1.10.5
- Fixed mlehash.c to bring back functionality and make it GCC12 compliant
- Reverted change for replacing EFI memory to bring back Tboot in-memory logs
20220224: v1.10.4
- Fix hash printing for SHA384, SHA512 and SM3
- Touch ups for GCC12
- Set GDT to map CS and DS to 4GB before jumping to Linux
- make efi_memmap_reserve handle gaps like e820_protect_region
- Ensure that growth of Multiboot tags does not go beyond original area
- Replace EFI memory map in Multiboot2 info
- Fix endianness of pcr_info->pcr_selection.size_of_select
- Don't ignore locality in PCR file
- Fix composite hashing algorithm for PCONF elements to match lcptools-1
20211210: v1.10.3
- Add UNI-VGA license information
- Remove poly1305 object files on clean
OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=112
- Skip tboot launch error index read/write when ignore prev err option is true
- s3-fix: fix a stack overflow caused by enlarged tb_hash_t union
- S3 fix: revert the mis-changed type casting in changeset 522:8e881a07c059
- S3-fix: Adding option save_vtd=true to opt-in the vtd table restore
- rebased patches to match new upstream version
OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=85
- removed following patches, because they're now included upstream:
* tboot-grub2-fix-menu-in-xen-host-server.patch
* tboot-grub2-fix-xen-submenu-name.patch
* tboot-grub2-suse.patch
- Changes in this version:
* GCC7 fix, adds generic FALLTHROUGH notations to avoid warnings appearing on GCC7
* Ensure Tboot never overwrites modules in the process of moving them.
* Add support to x2APIC, which uses 32 bit APIC ID.
* Fix S3 secrets sealing/unsealing failures
* Support OpenSSL 1.1.0+ for ECDSA signature verification.
* Support OpenSSL 1.1.0+ for RSA key manipulation.
* Adds additional checks to prevent the kernel image from being overwritten.
* Added TCG TPM event log support.
* Pass through the EFI memory map that's provided by grub2.
* Fix a null pointer dereference bug when Intel TXT is disabled in BIOS.
* Adjust KERNEL_CMDLINE_OFFSET from 0x9000 to 0x8D00.
* Bounds checking on the kernel_cmdline string.
OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=64
