forked from pool/tboot
Matthias Gerstner
0fc84d36ec
Fix a lot of issues in tools reported by klocwork scan.
Fix a lot of issues in tboot module reported by klocwork scan.
Remove a redundant tboot option
Fix indent in heap.c
Fix 4 issues along with extpol=agile option
Mitigations for tpm interposer attacks
Add an option in tboot to force SINIT to use the legacy TPM2 log format.
Add support for appending to a TPM2 TCG style event log.
Ensure tboot log is available even when measured launch is skipped.
Add centos7 instructions for Use in EFI boot mode.
Fix memory leak and invalid reads and writes issues.
Fix TPM 1.2 locality selection issue.
Fix a null pointer dereference bug when Intel TXT is disabled.
Optimize tboot docs installation.
Fix security vulnerabilities rooted in tpm_if structure and g_tpm variable.
The size field of the MB2 tag is the size of the tag header + the size
Fix openssl-1.0.2 double frees
Make policy element stm_elt use unique type name
lcptools-v2 utilities fixes
port to openssl-1.1.0
Reset debug PCR16 to zero.
Fix a logical error in function bool evtlog_append(...).
- removed tboot-CVE-2017-16837.patch: now contained in tarball
- removed tboot-openssl-1-1-0.patch: now contained in tarball
- removed tboot-signature-segfault.patch: now contained in tarball
- removed tboot-ssl-broken.patch: now contained in tarball
OBS-URL: https://build.opensuse.org/package/show/security/tboot?expand=0&rev=78
116 lines
3.3 KiB
RPMSpec
116 lines
3.3 KiB
RPMSpec
#
|
|
# spec file for package tboot
|
|
#
|
|
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
Name: tboot
|
|
%define ver 1.9.7
|
|
Version: 20170711_%{ver}
|
|
Release: 0
|
|
Summary: Performs a verified launch using Intel(R) TXT
|
|
License: BSD-3-Clause
|
|
Group: Productivity/Security
|
|
Url: http://sourceforge.net/projects/tboot/
|
|
Source0: http://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
|
|
Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch
|
|
Patch4: tboot-grub2-fix-xen-submenu-name.patch
|
|
Patch7: tboot-distributor.patch
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
ExclusiveArch: %{ix86} x86_64
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: trousers-devel
|
|
|
|
%if 0%{?suse_version} > 1320
|
|
BuildRequires: update-bootloader-rpm-macros
|
|
%endif
|
|
|
|
%if 0%{?update_bootloader_requires:1}
|
|
%update_bootloader_requires
|
|
%else
|
|
Requires: perl-Bootloader
|
|
%endif
|
|
|
|
%description
|
|
Trusted Boot (tboot) is a pre-kernel/VMM module that uses Intel(R)
|
|
Trusted Execution Technology (Intel(R) TXT) to perform a measured and
|
|
verified launch of an OS kernel/VMM.
|
|
|
|
%prep
|
|
%setup -q -n %name-%ver
|
|
%patch3 -p1
|
|
%patch4 -p1
|
|
%patch7 -p1
|
|
|
|
%build
|
|
export CFLAGS="%{optflags}"
|
|
export TBOOT_CFLAGS="$CFLAGS"
|
|
make debug=y %{?_smp_mflags}
|
|
|
|
%install
|
|
make debug=y install DISTDIR="%{buildroot}" MANPATH="%{buildroot}/%{_mandir}"
|
|
|
|
%files
|
|
%defattr(-,root,root,-)
|
|
%doc README COPYING docs/* lcptools/lcptools2.txt lcptools/Linux_LCP_Tools_User_Manual.pdf
|
|
%{_sbindir}/acminfo
|
|
%{_sbindir}/lcp_crtpconf
|
|
%{_sbindir}/lcp_crtpol
|
|
%{_sbindir}/lcp_crtpol2
|
|
%{_sbindir}/lcp_crtpolelt
|
|
%{_sbindir}/lcp_crtpollist
|
|
%{_sbindir}/lcp_mlehash
|
|
%{_sbindir}/lcp_readpol
|
|
%{_sbindir}/lcp_writepol
|
|
%{_sbindir}/parse_err
|
|
%{_sbindir}/tb_polgen
|
|
%{_sbindir}/tpmnv_defindex
|
|
%{_sbindir}/tpmnv_getcap
|
|
%{_sbindir}/tpmnv_lock
|
|
%{_sbindir}/tpmnv_relindex
|
|
%{_sbindir}/txt-stat
|
|
%{_sbindir}/lcp2_crtpol
|
|
%{_sbindir}/lcp2_crtpolelt
|
|
%{_sbindir}/lcp2_crtpollist
|
|
%{_sbindir}/lcp2_mlehash
|
|
/boot/tboot.gz
|
|
/boot/tboot-syms
|
|
%{_mandir}/man8/*
|
|
%dir %{_sysconfdir}/grub.d/
|
|
%{_sysconfdir}/grub.d/20_linux_tboot
|
|
%{_sysconfdir}/grub.d/20_linux_xen_tboot
|
|
|
|
%post
|
|
%if 0%{?update_bootloader_check_type_reinit_post:1}
|
|
%update_bootloader_check_type_reinit_post grub2 grub2-efi
|
|
%else
|
|
/sbin/update-bootloader --reinit || true
|
|
%endif
|
|
|
|
%postun
|
|
%if 0%{?update_bootloader_check_type_reinit_post:1}
|
|
# there is no clean solution for refresh during package removal at the moment.
|
|
# %%posttrans is not executed during package removal.
|
|
%update_bootloader_check_type_reinit_post grub2 grub2-efi
|
|
%update_bootloader_posttrans
|
|
%else
|
|
/sbin/update-bootloader --reinit || true
|
|
%endif
|
|
|
|
%posttrans
|
|
%{?update_bootloader_posttrans}
|
|
|
|
%changelog
|