forked from pool/tpm2.0-abrmd
Alberto Planas Dominguez
892426b7ff
- Version 2.4.1
+ Added
Contributor Covenant Code of Conduct.
+ Fixed
* superflous warning messages about tcti status.
WARNING **: 11:00:56.205: tcti_conf before: "(null)"
WARNING **: 11:00:56.205: tcti_conf after: "mssim"
* GCC 11 build error: error: argument 2 of __atomic_load’ discards
'volatile' qualifier
* Initialize gerror pointer variable to NULL to fix use of
unitialized memory and segfault.
* Updated missing defaults in manpage.
* Port CI to composite actions in tpm2-software/ci.
+ Removed
Dependency on 'which' utility in configure.ac.
ubuntu-16.04 from CI.
OBS-URL: https://build.opensuse.org/request/show/987866
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-abrmd?expand=0&rev=68
The tpm2-abrmd by upstream default allows every local users in the system to access the TPM chip and modify its settings (bsc#1197532). Upstream suggests to use the TPM's internal security features (e.g. password protection) to prevent local users from manipulating the chip without authorization. Still the default behaviour that every user in the system can access TPM features without any authentication could come as a surprise to end users and system integrators alike. For this reason on SUSE only members of the 'tss' group are allowed to access the tpm2-abrmd D-Bus interface, thereby mirroring the access permissions of the /dev/tpm0 and /dev/tpmrm0 character devices.