2019-12-11 13:45:49 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Dec 11 12:35:52 UTC 2019 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- update to major version 4.1:
|
|
|
|
- changes in version 4.1:
|
|
|
|
* tpm2_certifycreation: New tool enabling command TPM2_CertifyCreation.
|
|
|
|
|
|
|
|
* tpm2_checkquote:
|
|
|
|
- Fix YAML output bug.
|
|
|
|
- -g option for specifying hash algorithm is optional and defaults to
|
|
|
|
sha256.
|
|
|
|
|
|
|
|
* tpm2_changeeps: A new tool for changing the Endorsement hierarchy
|
|
|
|
primary seed.
|
|
|
|
|
|
|
|
* tpm2_changepps: A new tool for changing the Platform hierarchy primary seed.
|
|
|
|
|
|
|
|
* tpm2_clockrateadjust: Add a new tool for modifying the period on the TPM.
|
|
|
|
|
|
|
|
* tpm2_create: Add tool options for specifying output data for use in
|
|
|
|
certification
|
|
|
|
- --creation-data to save the creation data
|
|
|
|
- --creation-ticket or -t to save the creation ticket
|
|
|
|
- --creation-hash or -d to save the creation hash
|
|
|
|
- --template-data for saving the template data of the key
|
|
|
|
- --outside-info or -q for specifying unique data to include in creation data.
|
|
|
|
- --pcr-list or -l Add option to specify pcr list to add to creation data.
|
|
|
|
|
|
|
|
* tpm2_createprimary: Add tool options for specifying output data for use
|
|
|
|
in certification
|
|
|
|
- --creation-data to save the creation data
|
|
|
|
- --creation-ticket or -t to save the creation ticket
|
|
|
|
- --creation-hash or -d to save the creation hash
|
|
|
|
- --template-data for saving the template data of the key
|
|
|
|
- --outside-info or -q for specifying unique data to include in creation data.
|
|
|
|
- --pcr-list or -l Add option to specify pcr list to add to creation data.
|
|
|
|
|
|
|
|
* tpm2_evictcontrol:
|
|
|
|
- Fix bug in automatic persistent handle selection when
|
|
|
|
hierarchy is platform.
|
|
|
|
- Fix bug in YAML key action where action was wrong when using ESYS_TR.
|
|
|
|
|
|
|
|
* tpm2_getcap: clean up remanenats of -c option in manpages and tool output.
|
|
|
|
|
|
|
|
* tpm2_gettime: Add a new tool for retrieving a signed timestamp from a TPM.
|
|
|
|
|
|
|
|
* tpm2_nvcertify: Add a new tool for certifying the contents of an NV index.
|
|
|
|
|
|
|
|
* tpm2_nvdefine:
|
|
|
|
- Support default set of attributes so -a is not mandatory.
|
|
|
|
- Support searching for free index if an index isn't specified.
|
|
|
|
|
|
|
|
* tpm2_nvextend: Add a new tool for extending an NV index similair to a PCR.
|
|
|
|
|
|
|
|
* tpm2_nvreadpublic:
|
|
|
|
- Support specifying nv index to read public data from as argument.
|
|
|
|
|
|
|
|
* tpm2_nvsetbits: Add a new tool for setting the values of PCR with type
|
|
|
|
"bits".
|
|
|
|
|
|
|
|
* tpm2_nvundefine: Add support for deleting NV indices with attribute
|
|
|
|
`TPMA_NV_POLICY_DELETE` set using NV Undefine Special command.
|
|
|
|
|
|
|
|
* tpm2_nvwritelock: Add a new tool for setting a write lock on an NV index
|
|
|
|
or globally locking nv indices with TPMA_NV_GLOBALLOCK.
|
|
|
|
|
|
|
|
* tpm2_policyauthorizenv: New tool enabling signed, revocable policies.
|
|
|
|
|
|
|
|
* tpm2_policyauthvalue: New tool enabling authorization to be bound to the
|
|
|
|
authorization of another object.
|
|
|
|
|
|
|
|
* tpm2_policycountertimer: Add a new tool for enabling policy bound to TPM
|
|
|
|
clock or timer values.
|
|
|
|
|
|
|
|
* tpm2_policynamehash: Add a new tool for specifying policy based on object
|
|
|
|
name.
|
|
|
|
|
|
|
|
* tpm2_policynv: Add a new tool for specifying policy based on NV contents.
|
|
|
|
|
|
|
|
* tpm2_nvwritten: Add a new tool for specifying policy based on whether or not
|
|
|
|
an NV index was written to.
|
|
|
|
|
|
|
|
* tpm2_policysecret: Add tool options for specifying
|
|
|
|
- --expiration or -t
|
|
|
|
- --ticket
|
|
|
|
- --timeout
|
|
|
|
- --nonce-tpm or -x
|
|
|
|
- --qualification or -q
|
|
|
|
|
|
|
|
* tpm2_policysigned: New tool enabling policy command TPM2_PolicySigned.
|
|
|
|
|
|
|
|
* tpm2_policytemplate: New tool enabling policy command TPM2_PolicyTemplate.
|
|
|
|
|
|
|
|
* tpm2_policyticket: New tool enabling policy command TPM2_PolicyTicket.
|
|
|
|
|
|
|
|
* tpm2_readclock: Add a new tool for reading the TPM clock.
|
|
|
|
|
|
|
|
* tpm2_setclock: Add a new tool for setting the TPM clock.
|
|
|
|
|
|
|
|
* tpm2_setprimarypolicy: New tool setting policy on hierarchies.
|
|
|
|
|
|
|
|
* tpm2_shutdown: Add a new tool for issuing a TPM shutdown command.
|
|
|
|
|
|
|
|
* misc:
|
|
|
|
- Support "tpmt" as a public key output format that only saves the TPMT
|
|
|
|
structure.
|
|
|
|
- Qualifying data or extra data in many tools can be hex array string or
|
|
|
|
binary file.
|
|
|
|
- Add support for specifying NV index type when specifying NV attributes.
|
|
|
|
- Support added for tools to run on FreeBSD.
|
|
|
|
- Skip and notify of action that man pages will not install if the package
|
|
|
|
pandoc is missing.
|
|
|
|
- Fix precedence issue with bitwise operator order int tpm2_getcap
|
|
|
|
- travis: bump abrmd version 2.3.0
|
|
|
|
- tpm2_util.c: Fix an issue int variable size was checked against uint
|
|
|
|
- pcr.c: Fix buffer length issue to support all defined hash algorithm
|
|
|
|
|
|
|
|
- changes in version 4.0.1:
|
|
|
|
|
|
|
|
* tpm2_checkquote: Fix YAML output bug.
|
|
|
|
|
|
|
|
- changes in version 4.0:
|
|
|
|
|
|
|
|
* tpm2_activatecredential:
|
|
|
|
- --context is now --credentialedkey-context.
|
|
|
|
- --key-context is now --credentialkey-context.
|
|
|
|
- --Password is now --credentialedkey-auth.
|
|
|
|
- --endorse-passwd is now --credentialkey-auth.
|
|
|
|
- --in-file is now --credential-secret.
|
|
|
|
- --out-file is now --certinfo-data.
|
|
|
|
- -f becomes -i.
|
|
|
|
- -k becomes -C.
|
|
|
|
- -e becomes -E.
|
|
|
|
|
|
|
|
* tpm2_certify:
|
|
|
|
- --halg is now --hash-algorithm.
|
|
|
|
- --obj-context is now --certifiedkey-context.
|
|
|
|
- --key-context is now --signingkey-context.
|
|
|
|
- --pwdo is now --certifiedkey-auth.
|
|
|
|
- --pwdk is now --signingkey-auth.
|
|
|
|
- -a becomes -o.
|
|
|
|
- -k becomes -p.
|
|
|
|
- -c becomes -C.
|
|
|
|
- -k becomes -K.
|
|
|
|
|
|
|
|
* tpm2_changeauth:
|
|
|
|
- New tool for changing the authorization values of:
|
|
|
|
- Hierarchies
|
|
|
|
- NV
|
|
|
|
- Objects
|
|
|
|
- Replaces tpm2_takeownership with more generic functionality.
|
|
|
|
|
|
|
|
* tpm2_checkquote:
|
|
|
|
- --halg is now --hash-algorithm.
|
|
|
|
- --pcr-input-file is now --pcr.
|
|
|
|
- --pubfile is now --public.
|
|
|
|
- --qualify-data is now --qualification.
|
|
|
|
- -f becomes -F.
|
|
|
|
- -F becomes -f.
|
|
|
|
- -G becomes -g.
|
|
|
|
|
|
|
|
* tpm2_clear:
|
|
|
|
- --lockout-passwd is now --auth-lockout.
|
|
|
|
|
|
|
|
* tpm2_clearcontrol:
|
|
|
|
- New tool for enabling or disabling tpm2_clear commands.
|
|
|
|
|
|
|
|
* tpm2_create
|
|
|
|
- --object-attributes is now --attributes.
|
|
|
|
- --pwdp is now --parent-auth.
|
|
|
|
- --pwdo is now --key-auth.
|
|
|
|
- --in-file is now --sealing-input.
|
|
|
|
- --policy-file is now --policy.
|
|
|
|
- --pubfile is now --public.
|
|
|
|
- --privfile is now --private.
|
|
|
|
- --out-context is now --key-context.
|
|
|
|
- --halg is now --hash-algorithm.
|
|
|
|
- --kalg is now --key-algorithm.
|
|
|
|
- -o becomes -c.
|
|
|
|
- -K becomes -p.
|
|
|
|
- -A becomes -b.
|
|
|
|
- -I becomes -i.
|
|
|
|
- -g becomes an optional option.
|
|
|
|
- -G becomes an optional option.
|
|
|
|
- Supports TPM command CreateLoaded via -c.
|
|
|
|
|
|
|
|
* tpm2_createak:
|
|
|
|
- Renamed from tpm2_getpubak
|
|
|
|
|
|
|
|
* tpm2_createek:
|
|
|
|
- renamed from tpm2_getpubek
|
|
|
|
|
|
|
|
* tpm2_createpolicy:
|
|
|
|
- --out-policy-file is now --policy.
|
|
|
|
- --policy-digest-alg is now --policy-algorithm.
|
|
|
|
- --auth-policy-session is now --policy-session.
|
|
|
|
- -L becomes -l.
|
|
|
|
- -F becomes -f.
|
|
|
|
- -f becomes -o.
|
|
|
|
- Removed option --set-list with short option -L.
|
|
|
|
- Removed option --pcr-input-file with short option -F.
|
|
|
|
- Pcr policy options replaced with pcr password mini language.
|
|
|
|
- Removed short option a for specifying auth session. Use long option --policy-session.
|
|
|
|
- Removed short option -P for specifying pcr policy. Use long option --policy-pcr.
|
|
|
|
|
|
|
|
* tpm2_createprimary:
|
|
|
|
- --object-attributes is now --attributes.
|
|
|
|
- -o is now -c
|
|
|
|
- --pwdp is now --hierarchy-auth.
|
|
|
|
- --pwdk is now --key-auth.
|
|
|
|
- --halg is now --hash-algorithm.
|
|
|
|
- --kalg is now --key-algorithm.
|
|
|
|
- --context-object is now --key-context.
|
|
|
|
- --policy-file is now --policy.
|
|
|
|
- support for unique field when creating objects via -u
|
|
|
|
- saves a context file for the generated primary's handle to disk via -c.
|
|
|
|
- -A becomes -a.
|
|
|
|
- -K becomes -p.
|
|
|
|
- -H becomes -C.
|
|
|
|
- -g becomes optional.
|
|
|
|
- -G becomes optional.
|
|
|
|
|
|
|
|
* tpm2_dictionarylockout:
|
|
|
|
- --lockout-passwd is now --auth.
|
|
|
|
- -P becomes -p.
|
|
|
|
|
|
|
|
* tpm2_duplicate:
|
|
|
|
- New tool for duplicating TPM objects.
|
|
|
|
|
|
|
|
* tpm2_encryptdecrypt:
|
|
|
|
- --pwdk is now --auth.
|
|
|
|
- --out-file is now --output.
|
|
|
|
- -D becomes -d.
|
|
|
|
- -I becomes an argument.
|
|
|
|
- -P becomes -p.
|
|
|
|
- Support IVs via -t or --iv.
|
|
|
|
- Support modes via -G.
|
|
|
|
- Support padding via -e or --pad.
|
|
|
|
- Supports input and output to stdin and stdout respectively.
|
|
|
|
|
|
|
|
* tpm2_evictcontrol:
|
|
|
|
- --auth is now --hierarchy.
|
|
|
|
- --context is now --object-context.
|
|
|
|
- --pwda is now --auth.
|
|
|
|
- --persistent with short option -S is now an argument.
|
|
|
|
- -A becomes -C.
|
|
|
|
- Added option --output -o to serialize handle to disk.
|
|
|
|
- Removed option --handle with short option -H.
|
|
|
|
- Raw object-handles and object-contexts are commonly handled with object
|
|
|
|
handling logic.
|
|
|
|
- Removed option --input-session-handle with short option -i.
|
|
|
|
- Authorization session is now part of password mini language.
|
|
|
|
|
|
|
|
* tpm2_getcap:
|
|
|
|
- -c becomes an argument.
|
|
|
|
- Most instances of value replaced with raw in YAML output.
|
|
|
|
- TPM2_PT_MANUFACTURER displays string value and raw value.
|
|
|
|
- Supports --pcr option for listing hash algorithms and bank numbers.
|
|
|
|
|
|
|
|
* tpm2_getekcertificate:
|
|
|
|
- Renamed from tpm2_getmanufec
|
|
|
|
|
|
|
|
* tpm2_getmanufec:
|
|
|
|
- Renamed the tool to tpm2_getekcertificate.
|
|
|
|
- Removed ek key creation and management logic.
|
|
|
|
- Added option for getting ek cert for offline platform via -x.
|
|
|
|
- Support for ECC keys.
|
|
|
|
- --ec-cert is now --ek-certificate,
|
|
|
|
- --untrusted is now --allow-unverified,
|
|
|
|
- --output is now --ek-public,
|
|
|
|
- -U is now -X.
|
|
|
|
- -O is now -x.
|
|
|
|
- -f becomes -o.
|
|
|
|
- Removed option -P or --endorse-passwd.
|
|
|
|
- Removed option -p or --ek-passwd.
|
|
|
|
- Removed option -w or --owner-passwd.
|
|
|
|
- Removed option -H or --persistent-handle.
|
|
|
|
- Removed option -G or --key-algorithm.
|
|
|
|
- Removed option -N or --non-persistent.
|
|
|
|
- Removed option -O or --offline.
|
|
|
|
|
|
|
|
* tpm2_getpubak:
|
|
|
|
- renamed to tpm2_createak.
|
|
|
|
- -f becomes -p and -f is used for format of public key output.
|
|
|
|
- --auth-endorse is now --eh-auth.
|
|
|
|
- --auth-ak is now --ak-auth.
|
|
|
|
- --halg is now --hash-algorithm.
|
|
|
|
- --kalg is now --key-algorithm.
|
|
|
|
- -e becomes -P.
|
|
|
|
- -P becomes -p.
|
|
|
|
- -D becomes -g.
|
|
|
|
- -p becomes -u.
|
|
|
|
- --context becomes --ak-context.
|
|
|
|
- --algorithm becomes --kalg.
|
|
|
|
- --digest-alg becomes --halg.
|
|
|
|
- --privfile becomes --private.
|
|
|
|
- remove -k persistant option. Use tpm2_evictcontrol.
|
|
|
|
- Fix -o option to -w.
|
|
|
|
- now saves a context file for the generated primary's handle to disk.
|
|
|
|
- -E becomes -e.
|
|
|
|
- -g changes to -G.
|
|
|
|
- support for non-persistent AK generation.
|
|
|
|
|
|
|
|
* tpm2_getpubek:
|
|
|
|
- renamed to tpm2_createek
|
|
|
|
- --endorse-passwd is now --eh-auth.
|
|
|
|
- --owner-passwd is now --owner-auth.
|
|
|
|
- --ek-passwd is now --ek-auth.
|
|
|
|
- --file is now --public.
|
|
|
|
- --context is now --ek-context.
|
|
|
|
- --algorithm is now --key-algorithm.
|
|
|
|
- -e is now -P.
|
|
|
|
- -P is now -p.
|
|
|
|
- -p is now -u.
|
|
|
|
- -o is now -w.
|
|
|
|
- -g is now -G.
|
|
|
|
- Support for saving a context file for the generated primary keys handle
|
|
|
|
to disk.
|
|
|
|
- support for non-persistent EK generation.
|
|
|
|
- -f is now -p.
|
|
|
|
- -f support for format of public key output.
|
|
|
|
|
|
|
|
* tpm2_getrandom:
|
|
|
|
- change default output to binary.
|
|
|
|
- add --hex option for output to hex format.
|
|
|
|
- --out-file is now --output.
|
|
|
|
- bound input request on max hash size per spec, allow -f to override this.
|
|
|
|
|
|
|
|
* tpm_gettestresult:
|
|
|
|
- new tool for getting test results.
|
|
|
|
|
|
|
|
* tpm2_hash:
|
|
|
|
- add --hex for specifying hex output.
|
|
|
|
- default output of hash to stdout.
|
|
|
|
- default output of hash as binary.
|
|
|
|
- remove output of ticket to stdout.
|
|
|
|
- --halg is now --hash-algorithm.
|
|
|
|
- --out-file is now --output.
|
|
|
|
- -a is now -C.
|
|
|
|
- -H is now -a.
|
|
|
|
|
|
|
|
* tpm2_hmac:
|
|
|
|
- add -t option for specifying ticket result.
|
|
|
|
- --out-file is now --output.
|
|
|
|
- --auth-key is now --auth.
|
|
|
|
---algorithm is now --hash-algorithm.
|
|
|
|
- --pwdk is now --auth-key.
|
|
|
|
- -C is now -c.
|
|
|
|
- -P is now -p.
|
|
|
|
|
|
|
|
* tpm2_hierarchycontrol:
|
|
|
|
- new tool added for enabling or disabling the use
|
|
|
|
of a hierarchy and its associated NV storage.
|
|
|
|
|
|
|
|
* tpm2_import:
|
|
|
|
- --object-attributes is now --attributes.
|
|
|
|
- --auth-parent is now --parent-auth.
|
|
|
|
- --auth-key is now --key-auth.
|
|
|
|
- --algorithm is now --key-algorithm.
|
|
|
|
- --in-file is now --input.
|
|
|
|
- --parent-key is now --parent-context.
|
|
|
|
- --privfile is now --private.
|
|
|
|
- --pubfile is now --public.
|
|
|
|
- --halg is now --hash-algorithm.
|
|
|
|
- --policy-file is now --policy.
|
|
|
|
- --sym-alg-file is now --encryption-key.
|
|
|
|
- -A is now -b.
|
|
|
|
- -k is now -i.
|
|
|
|
- support OSSL style -passin argument as --passin for PEM file passwords.
|
|
|
|
- support additional import key types:
|
|
|
|
- RSA1024/2048.
|
|
|
|
- AES128/192/256.
|
|
|
|
- -q changes to -u to align with tpm2_loads public/private output arguments.
|
|
|
|
- Supports setting object name algorithm via -g.
|
|
|
|
- support specifying parent key with a context file.
|
|
|
|
- --parent-key-handle/-H becomes --parent-key/-C
|
|
|
|
- Parent public data option is optional and changes from `-K` to `-U`.
|
|
|
|
- Supports importing external RSA 2048 keys via pem files.
|
|
|
|
- Supports ECC Parent keys.
|
|
|
|
|
|
|
|
* tpm2_incrementalselftest:
|
|
|
|
- Add tool to test support of specific algorithms.
|
|
|
|
|
|
|
|
* tpm2_listpersistent:
|
|
|
|
- deleted as tpm2_getcap and tpm2_readpublic can be used instead.
|
|
|
|
|
|
|
|
* tpm2_load:
|
|
|
|
- -o is now -c.
|
|
|
|
- --context-parent is now --parent-context.
|
|
|
|
- --auth-parent is now --auth.
|
|
|
|
- --pubfile is now --public.
|
|
|
|
- --privfile is now --private.
|
|
|
|
- --out-context is now --key-context.
|
|
|
|
- now saves a context file for the generated primary's handle to disk.
|
|
|
|
- Option `--pwdp` changes to `--auth-parent`.
|
|
|
|
|
|
|
|
* tpm2_loadexternal:
|
|
|
|
- --object-attributes is now --attributes.
|
|
|
|
- -o is now -c
|
|
|
|
- --key-alg is now --key-algorithm.
|
|
|
|
- --pubfile is now --public.
|
|
|
|
- --privfile is now --private.
|
|
|
|
- --auth-key is now --auth.
|
|
|
|
- --policy-file is now --policy.
|
|
|
|
- --halg is now --hash-algorithm.
|
|
|
|
- --out-context is now --key-context.
|
|
|
|
- Remove unused -P option.
|
|
|
|
- -H is now -a.
|
|
|
|
- Fix -A option to -b for attributes.
|
|
|
|
- now saves a context file for the generated primary's handle to disk.
|
|
|
|
- support OSSL style -passin argument as --passin for PEM file passwords.
|
|
|
|
- name output to file and stdout. Changes YAML stdout output.
|
|
|
|
- ECC Public and Private PEM support.
|
|
|
|
- AES Public and Private "raw file" support.
|
|
|
|
- RSA Public and Private PEM support.
|
|
|
|
- Object Attribute support.
|
|
|
|
- Object authorization support.
|
|
|
|
- Default hierarchy changes to the *null* hierarchy.
|
|
|
|
|
|
|
|
* tpm2_makecredential:
|
|
|
|
- --out-file is now --credential-blob
|
|
|
|
- --enckey is now --encryption-key.
|
|
|
|
- Option `--sec` changes to `--secret`.
|
|
|
|
|
|
|
|
* tpm2_nvdefine:
|
|
|
|
- --handle-passwd is now --hierarchy-auth.
|
|
|
|
- --index-passwd is now --index-auth.
|
|
|
|
- --policy-file is now --policy.
|
|
|
|
- --auth-handle is now --hierarchy.
|
|
|
|
- -a becomes -C.
|
|
|
|
- -t becomes -a.
|
|
|
|
- -I becomes -p.
|
|
|
|
- Removed option --index with short option -x. It is now an argument.
|
|
|
|
- Removed option --input-session-handle with short option -S.
|
|
|
|
- Authorization session is now part of password mini language.
|
|
|
|
|
|
|
|
* tpm2_nvincrement:
|
|
|
|
- New tool to increment value of a Non-Volatile (NV) index setup as a
|
|
|
|
counter.
|
|
|
|
|
|
|
|
* tpm2_nvlist:
|
|
|
|
- tpm2_nvlist is now tpm2_nvreadpublic.
|
|
|
|
|
|
|
|
* tpm2_nvread:
|
|
|
|
- --handle-passwd is now --auth.
|
|
|
|
- --auth-handle is now --hierarchy.
|
|
|
|
- -a becomes -C.
|
|
|
|
- Removed option --index with short option -x. It is now an argument.
|
|
|
|
- Removed short option -o for specifying offset. Use long option --offset.
|
|
|
|
- Removed option --input-session-handle with short option -S.
|
|
|
|
- Authorization session is now part of password mini language.
|
|
|
|
- Removed option --set-list with short option -L.
|
|
|
|
- Removed option --pcr-input-file with short option -F.
|
|
|
|
- Pcr policy options replaced with pcr password mini language.
|
|
|
|
- fix a buffer overflow.
|
|
|
|
|
|
|
|
* tpm2_nvreadlock:
|
|
|
|
- --handle-passwd is now --auth.
|
|
|
|
- --auth-handle is now --hierarchy.
|
|
|
|
- -a becomes -C.
|
|
|
|
- Removed option --index with short option -x. It is now an argument.
|
|
|
|
- Removed option --input-session-handle with short option -S.
|
|
|
|
- Authorization session is now part of password mini language.
|
|
|
|
|
|
|
|
* tpm2_nvwrite:
|
|
|
|
- --handle-passwd is now --auth.
|
|
|
|
- --auth-handle is now --hierarchy.
|
|
|
|
- -a becomes -C.
|
|
|
|
- Removed option --index with short option -x. It is now an argument.
|
|
|
|
- Removed short option -o for specifying offset. Use long option --offset.
|
|
|
|
- Removed option --input-session-handle with short option -S.
|
|
|
|
- Authorization session is now part of password mini language.
|
|
|
|
- Removed option --set-list with short option -L.
|
|
|
|
- Removed option --pcr-input-file with short option -F.
|
|
|
|
- Pcr policy options replaced with pcr password mini language.
|
|
|
|
|
|
|
|
* tpm2_nvrelease:
|
|
|
|
- --handle-passwd is now --auth.
|
|
|
|
- --auth-handle is now --hierarchy.
|
|
|
|
- -a becomes -C.
|
|
|
|
- Removed option --index with short option -x. It is now an argument.
|
|
|
|
- Removed option --input-session-handle with short option -S.
|
|
|
|
- Authorization session is now part of password mini language.
|
|
|
|
|
|
|
|
* tpm2_nvundefine:
|
|
|
|
- Renamed from tpm2_nvrelease.
|
|
|
|
|
|
|
|
* tpm2_pcrallocate:
|
|
|
|
- New tool for changing the allocated PCRs of a TPM.
|
|
|
|
|
|
|
|
* tpm2_pcrevent:
|
|
|
|
- --password is now --auth.
|
|
|
|
- Removed option --pcr-index with short option -i.
|
|
|
|
- PCR index is now specified as an argument.
|
|
|
|
- Removed option --input-session-handle with short option -S.
|
|
|
|
- Authorization session is now part of password mini language.
|
|
|
|
|
|
|
|
* tpm2_pcrlist:
|
|
|
|
- -gls options go away with -g and -l becoming a single argument.
|
|
|
|
|
|
|
|
* tpm2_pcrread:
|
|
|
|
- Renamed from tpm2_pcrlist.
|
|
|
|
|
|
|
|
* tpm2_print:
|
|
|
|
- New tool that decodes a TPM data structure and prints enclosed elements
|
|
|
|
to stdout as YAML.
|
|
|
|
|
|
|
|
* tpm2_policyauthorize:
|
|
|
|
- New tool that allows for policies to change by associating the policy to
|
|
|
|
a signing authority essentially allowing the auth policy to change.
|
|
|
|
|
|
|
|
* tpm2_policycommandcode:
|
|
|
|
- New tool to restricts TPM object authorization to specific TPM commands.
|
|
|
|
|
|
|
|
* tpm2_policyduplicationselect:
|
|
|
|
- New tool for creating a policy to restrict duplication to a new parent
|
|
|
|
and or duplicable object.
|
|
|
|
|
|
|
|
* tpm2_policylocality:
|
|
|
|
- New tool for creating a policy restricted to a locality.
|
|
|
|
|
|
|
|
* tpm2_policypcr:
|
|
|
|
- New tool to generate a pcr policy event that bounds auth to specific PCR
|
|
|
|
values in user defined pcr banks and indices.
|
|
|
|
|
|
|
|
* tpm2_policyor:
|
|
|
|
- New tool to compound multiple policies in a logical OR fashion to allow
|
|
|
|
multiple auth methods using a policy session.
|
|
|
|
|
|
|
|
* tpm2_policypassword:
|
|
|
|
- New tool to mandate specifying of the object password in clear using a
|
|
|
|
policy session.
|
|
|
|
|
|
|
|
* tpm2_policysecret:
|
|
|
|
- New tool to associate auth of a reference object as the auth of the new
|
|
|
|
object using a policy session.
|
|
|
|
|
|
|
|
* tpm2_quote:
|
|
|
|
- --ak-context is now --key-context.
|
|
|
|
- --ak-password is now --auth.
|
|
|
|
- --sel-list is now --pcr-list.
|
|
|
|
- --qualify-data is now --qualification-data.
|
|
|
|
- --pcrs is now --pcr.
|
|
|
|
- --sig-hash-algorithm is now --hash-algorithm.
|
|
|
|
- -P becomes -p
|
|
|
|
- -L becomes -l.
|
|
|
|
- -p becomes -o.
|
|
|
|
- -G becomes -g.
|
|
|
|
- -g becomes optional.
|
|
|
|
- Removed option --id-list with short option -l.
|
|
|
|
- Removed option --ak-handle with short option -k.
|
|
|
|
- Raw object-handles and object-contexts are commonly handled with object
|
|
|
|
handling logic.
|
|
|
|
|
|
|
|
* tpm2_readpublic:
|
|
|
|
- --opu is now --output.
|
|
|
|
- --context-object is now --object-context.
|
|
|
|
- Removed option --object with short option -H.
|
|
|
|
- Raw object-handles and object-contexts are commonly handled with object
|
|
|
|
handling logic.
|
|
|
|
- Added --serialized-handle for saving serialized ESYS_TR handle to disk.
|
|
|
|
- Added --name with short option -n for saving the binary name.
|
|
|
|
- Supports ECC pem and der file generation.
|
|
|
|
|
|
|
|
* tpm2_rsadecrypt:
|
|
|
|
- --pwdk is now --auth.
|
|
|
|
- --out-file is now --output.
|
|
|
|
- -P becomes -p.
|
|
|
|
- Added --label with short option -l for specifying label.
|
|
|
|
- Added --scheme with short option -s for specifying encryption scheme.
|
|
|
|
- Removed option -I or in-file input option and make argument.
|
|
|
|
- Removed option --key-handle with short option -k.
|
|
|
|
- Raw object-handles and object-contexts are commonly handled with object
|
|
|
|
handling logic.
|
|
|
|
- Removed option --input-session-handle with short option -S.
|
|
|
|
- Authorization session is now part of password mini language.
|
|
|
|
|
|
|
|
* tpm2_rsaencrypt:
|
|
|
|
- --out-file is now --output.
|
|
|
|
- Added --scheme with short option -s for specifying encryption scheme.
|
|
|
|
- Added --label with -l for specifying label.
|
|
|
|
- Removed option --key-handle with short option -k.
|
|
|
|
- Raw object-handles and object-contexts are commonly handled with object
|
|
|
|
handling logic.
|
|
|
|
- make output binary either stdout or file based on -o.
|
|
|
|
|
|
|
|
* tpm2_selftest:
|
|
|
|
- New tool for invoking tpm selftest.
|
|
|
|
|
|
|
|
* tpm2_send:
|
|
|
|
- --out-file is now --output.
|
|
|
|
|
|
|
|
* tpm2_sign:
|
|
|
|
- --pwdk is now --auth.
|
|
|
|
- --halg is now --hash-algorithm.
|
|
|
|
- --sig is now --signature.
|
|
|
|
- -P becomes -p.
|
|
|
|
- -s becomes -o.
|
|
|
|
- Added --digest with short option -d.
|
|
|
|
- Added --scheme with short option -s.
|
|
|
|
- Supports rsapss.
|
|
|
|
- Removed option --key-handle with short option -k.
|
|
|
|
- Raw object-handles and object-contexts are commonly handled with object
|
|
|
|
handling logic.
|
|
|
|
- Removed option --msg with short option -m.
|
|
|
|
- Make -d toggle if input is a digest.
|
|
|
|
- Removed option --input-session-handle with short option -S.
|
|
|
|
- Authorization session is now part of password mini language.
|
|
|
|
- Supports signing a pre-computed hash via -d.
|
|
|
|
|
|
|
|
* tpm2_startauthsession:
|
|
|
|
- New tool to start/save a trial-policy-session (default) or policy-
|
|
|
|
authorization-session with command line option --policy-session.
|
|
|
|
|
|
|
|
* tpm2_stirrandom:
|
|
|
|
- new command for injecting entropy into the TPM.
|
|
|
|
|
|
|
|
* tpm2_takeownership:
|
|
|
|
- split into tpm2_clear and tpm2_changeauth
|
|
|
|
|
|
|
|
* tpm2_testparms:
|
|
|
|
- new tool for querying tpm for supported algorithms.
|
|
|
|
|
|
|
|
* tpm2_unseal:
|
|
|
|
- --pwdk is now --auth.
|
|
|
|
- --outfile is now --output.
|
|
|
|
- --item-context is now --object-context.
|
|
|
|
- -P becomes -p
|
|
|
|
- Removed option --item with short option -H.
|
|
|
|
- Raw object-handles and object-contexts are commonly handled with object
|
|
|
|
handling logic.
|
|
|
|
- Removed option --input-session-handle with short option -S.
|
|
|
|
- Authorization session is now part of password mini language.
|
|
|
|
- Removed option --set-list with short option -L.
|
|
|
|
- Removed option --pcr-input-file with short option -F.
|
|
|
|
- Pcr policy options replaced with pcr password mini language.
|
|
|
|
|
|
|
|
|
|
|
|
* tpm2_verifysignature:
|
|
|
|
- --halg is now --hash-algorithm.
|
|
|
|
- --msg is now --message.
|
|
|
|
- --sig is now --signature.
|
|
|
|
- -D becomes -d.
|
|
|
|
- -t becomes optional.
|
|
|
|
- Issue warning when ticket is specified for a NULL hierarchy.
|
|
|
|
- Added option --format with short option -f.
|
|
|
|
- Removed option --raw with short option -r.
|
|
|
|
- Removed option --key-handle with short option -k.
|
|
|
|
- Raw object-handles and object-contexts are commonly handled with object
|
|
|
|
handling logic.
|
|
|
|
- Support routines for OpenSSL compatible format of public keys (PEM, DER) and
|
|
|
|
plain signature data without TSS specific headers.
|
|
|
|
|
|
|
|
* misc:
|
|
|
|
- cmac algorithm support.
|
|
|
|
- Add support for reading authorisation passwords from a file.
|
|
|
|
- Ported all tools from SAPI to ESAPI.
|
|
|
|
- Load TCTI's by SONAME, not raw .so file.
|
|
|
|
- system tests are now run with make check when --enable-unit is used in configure.
|
|
|
|
- Libre SSL builds fixed.
|
|
|
|
- Dynamic TCTIS. Support for pluggable TCTI modules via the -T or --tcti
|
|
|
|
options.
|
|
|
|
- test: system testing scripts moved into subordinate test directory.
|
|
|
|
- configure: enable code coverage option.
|
|
|
|
- env: add TPM2TOOLS_ENABLE_ERRATA to control the -Z or errata option.
|
|
|
|
affects all tools.
|
|
|
|
- Fix parsing bug in PCR mini-language.
|
|
|
|
- Fix misspelling of TPM2_PT_HR constants which effects tpm2_getcap output.
|
|
|
|
- configure option --with-bashcompdir for specifying bash completion
|
|
|
|
directory.
|
|
|
|
|
|
|
|
- changes in version 3.2.1:
|
|
|
|
|
|
|
|
* Fix invalid memcpy when extracting ECDSA plain signatures.
|
|
|
|
* Fix resource leak on FILE * in hashing routine.
|
|
|
|
* Correct PCR logic to prevent memory corruption bug.
|
|
|
|
* Errata handler fix.
|
|
|
|
|
|
|
|
- changes in version 3.2.0:
|
|
|
|
|
|
|
|
* fix configure bug for linking against libmu.
|
|
|
|
* tpm2_changeauth: Support changing platform hierarchy auth.
|
|
|
|
* tpm2_flushcontext: Introduce new tool for flushing handles from the TPM.
|
|
|
|
* tpm2_checkquote: Introduce new tool for checking validity of quotes.
|
|
|
|
* tpm2_quote: Add ability to output PCR values for quotes.
|
|
|
|
* tpm2_makecredential: add support for executing tool off-TPM.
|
|
|
|
* tpm2_pcrreset: introduce new tool for resetting PCRs.
|
|
|
|
* tpm2_quote: Fix AK auth password not being used.
|
|
|
|
|
2019-08-26 09:43:27 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Aug 26 07:42:52 UTC 2019 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- update to minor version 3.1.4:
|
|
|
|
* Fix various man pages
|
|
|
|
* tpm2_getmanufec: fix OSSL build warnings
|
|
|
|
* Fix broken -T option
|
|
|
|
* Various build compatibility fixes
|
|
|
|
* Fix some unit tests
|
|
|
|
* Update build for recent autoconf-archive versions
|
|
|
|
* Install m4 files
|
|
|
|
|
2019-03-06 11:49:41 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Mar 6 10:44:52 UTC 2019 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- update to minor version 3.1.3:
|
|
|
|
- Restore support for the TPM2TOOLS_* env vars for TCTI configuration, in
|
|
|
|
addition to supporting the new unified TPM2TOOLS_ENV_TCTI
|
|
|
|
- Fix tpm2_getcap to print properties with the TPM_PT prefix, rather than
|
|
|
|
TPM2_PT
|
|
|
|
- Make test_tpm2_activecredential Python 3 compatible
|
|
|
|
- Fix tpm2_takeownership to only attempt to change the specified hierarchies
|
|
|
|
- use a _service file to sync with upstream tags
|
|
|
|
|
2018-09-26 18:05:23 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Sep 26 16:02:46 UTC 2018 - matthias.gerstner@suse.com
|
|
|
|
|
2019-01-14 15:23:36 +01:00
|
|
|
- update to minor version 3.1.2 (FATE#326270):
|
2018-09-26 18:05:23 +02:00
|
|
|
- Revert the change to use user supplied object attributes exclusively. This
|
|
|
|
is an inappropriate behavioural change for a MINOR version number
|
|
|
|
increment.
|
|
|
|
- Fix inclusion of object attribute specifiers section in tpm2_create and
|
|
|
|
tpm2_createprimary man pages.
|
|
|
|
- Use better object attribute defaults for authentication, preventing an
|
|
|
|
empty password being used for authentication when a policy is set.
|
|
|
|
|
2018-08-22 11:07:13 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Aug 22 09:05:14 UTC 2018 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- update to minor version 3.1.1:
|
|
|
|
- Allow man page installation without pandoc being available
|
|
|
|
|
2018-06-29 16:14:45 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Jun 29 12:03:48 UTC 2018 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- update to major version 3.1.0:
|
|
|
|
- the tpm2 stack introduces an incompatible ABI to the previous version with
|
|
|
|
this update. There is no compatibility layer, libraries have new names
|
|
|
|
- install-man.patch: dropped, because we don't really need it
|
|
|
|
- tpm2.0-tools-fix-hardening.patch: contained in upstream tarball now
|
|
|
|
s etc.
|
|
|
|
- upstream changelog:
|
|
|
|
* tpm2_unseal: -P becomes -p
|
|
|
|
* tpm2_sign: -P becomes -p
|
|
|
|
* tpm2_nvreadlock: long form for -P is now --auth-hierarchy
|
|
|
|
* tpm2_rsadecrypt: -P becomes -p
|
|
|
|
* tpm2_nvrelease: long-form of -P becomes --auth-hierarchy
|
|
|
|
* tpm2_nvdefine: -I becomes -p
|
|
|
|
* tpm2_encryptdecrypt: -P becomes -p
|
|
|
|
* tpm2_dictionarylockout: -P becomes -p
|
|
|
|
* tpm2_createprimary: -K becomes -p
|
|
|
|
* tpm2_createak: -E becomes -e
|
|
|
|
* tpm2_certify: -k becomes -p
|
|
|
|
* tpm2_hash: -g changes to -G
|
|
|
|
* tpm2_encryptdecrypt: Support IVs via -i and algorithm modes via -G.
|
|
|
|
* tpm2_hmac: drop -g, just use the algorithm associated with the object.
|
|
|
|
* tpm2_getmanufec: -g changes to -G
|
|
|
|
* tpm2_createek: -g changes to -G
|
|
|
|
* tpm2_createak: -g changes to -G
|
|
|
|
* tpm2_verifysignature: -g becomes -G
|
|
|
|
* tpm2_sign: -g becomes -G
|
|
|
|
* tpm2_import: support specifying parent key with a context file,
|
|
|
|
--parent-key-handle/-H becomes --parent-key/-C
|
|
|
|
* tpm2_nvwrite and tpm2_nvread: when -P is "index" -a is optional and defaults to
|
|
|
|
the NV_INDEX value passed to -x.
|
|
|
|
* Load TCTI's by SONAME, not raw .so file
|
|
|
|
* tpm2_activatecredential: -e becomes -E
|
|
|
|
* tpm2_activatecredential: -e becomes -E
|
|
|
|
* tpm2_certify: -c and -C are swapped, -k becomes -K
|
|
|
|
* tpm2_createprimary: -K becomes -k
|
|
|
|
* tpm2_encryptdecrypt: supports input and output to stdin and stdout respectively.
|
|
|
|
* tpm2_create: -g/-G become optional options.
|
|
|
|
* tpm2_createprimary: -g/-G become optional options.
|
|
|
|
* tpm2_verifysignature - Option `-r` changes to `-f` and supports signature format "rsa".
|
|
|
|
* tpm2_import - Parent public data option, `-K` is optional.
|
|
|
|
* tpm2_import - Supports importing external RSA 2048 keys via pem files.
|
|
|
|
* tpm2_pcrlist: Option `--algorithm` changes to `--halg`, which is in line with other tools.
|
|
|
|
* tpm2_verifysignature: Option `-r` and `--raw` have been removed. This were unused within the tool.
|
|
|
|
* tpm2_hmac: Option `--algorithm` changes to `--halg`, which is in line with the manpage.
|
|
|
|
* tpm2_makecredential: Option `--sec` changes to `--secret`.
|
|
|
|
* tpm2_activatecredential: Option `--Password` changes to `--auth-key`.
|
|
|
|
* system tests are now run with make check when --enable-unit is used in configure.
|
|
|
|
* tpm2_unseal: Option `--pwdk` changes to `--auth-key`.
|
|
|
|
* tpm2_sign: Option `--pwdk` changes to `--auth-key`.
|
|
|
|
* tpm2_rsadecrypt: Option `--pwdk` changes to `--auth-key`.
|
|
|
|
* tpm2_quote: Option `--ak-passwd` changes to `--auth-ak`
|
|
|
|
* tpm2_pcrevent: Option `--passwd` changes to `--auth-pcr`
|
|
|
|
* tpm2_nvwrite: Options `--authhandle` and `--handle-passwd`
|
|
|
|
changes to `--hierarchy` and `--auth-hierarchy` respectively.
|
|
|
|
* tpm2_nvread: Options `--authhandle` and `--handle-passwd`
|
|
|
|
changes to `--hierarchy` and `--auth-hierarchy` respectively.
|
|
|
|
* tpm2_nvdefine: Options `--authhandle`, `--handle-passwd` and `--index-passwd`
|
|
|
|
changes to `--hierarchy`, `--auth-hierarchy` and `--auth-index`
|
|
|
|
respectively.
|
|
|
|
* tpm2_loadexternal: `-H` changes to `-a` for specifying hierarchy.
|
|
|
|
* tpm2_load: Option `--pwdp` changes to `--auth-parent`.
|
|
|
|
* tpm2_hmac: Option `--pwdk` changes to `--auth-key`.
|
|
|
|
* tpm2_hash: `-H` changes to `-a` for specifying hierarchy.
|
|
|
|
* tpm2_getmanufec: Options `--owner-passwd`, `--endorse-passwd`
|
|
|
|
* and `--ek-passwd`change to `--auth-owner`, `--auth-endorse`
|
|
|
|
and `--auth-ek` respectively.
|
|
|
|
* tpm2_evictcontrol: Option group `-A` and `--auth` changes to `-a` and `--hierarchy`
|
|
|
|
Option `--pwda` changes to `--auth-hierarchy`
|
|
|
|
* tpm2_encryptdecrypt: Option `--pwdk` changes to `--auth-key`.
|
|
|
|
* tpm2_dictionarylockout: Option `--lockout-passwd` changes to `--auth-lockout`
|
|
|
|
* tpm2_createprimary: Options `--pwdp` and `--pwdk` change to
|
|
|
|
`--auth-hierarchy` and `--auth-object` respectively.
|
|
|
|
* tpm2_createek: Options `--owner-passwd`, `--endorse-passwd`
|
|
|
|
* and `--ek-passwd`change to `--auth-owner`, `--auth-endorse`
|
|
|
|
and `--auth-ek` respectively.
|
|
|
|
* tpm2_createak: Options `--owner-passwd`, `--endorse-passwd`
|
|
|
|
* and `--ak-passwd`change to `--auth-owner`, `--auth-endorse`
|
|
|
|
and `--auth-ak` respectively.
|
|
|
|
* tpm2_create: Options `--pwdo` and `--pwdk` change to `--auth-object` and
|
|
|
|
`--auth-key` respectively.
|
|
|
|
* tpm2_clearlock: Option `--lockout-passwd` changes to `--auth-lockout`
|
|
|
|
* tpm2_clear: Option `--lockout-passwd` changes to `--auth-lockout`
|
|
|
|
* tpm2_changeauth: Options, `--old-owner-passwd`, `--old-endorse-passwd`,
|
|
|
|
and `--old-lockout-passwd` go to `--old-auth-owner`, `--old-auth-endorse`,
|
|
|
|
and `--old-auth-lockout` respectively.
|
|
|
|
* tpm2_certify: Options `--pwdo` and `--pwdk` change to `--auth-object` and
|
|
|
|
`--auth-key` respectively.
|
|
|
|
* tpm2_createprimary: `-H` changes to `-a` for specifying hierarchy.
|
|
|
|
* tpm2_createak: support for non-persistent AK generation.
|
|
|
|
* tpm2_createek: support for non-persistent EK generation.
|
|
|
|
* tpm2_getpubak renamed to tpm2_createak, -f becomes -p and -f is used for format of public key
|
|
|
|
output.
|
|
|
|
* tpm2_getpubek renamed to tpm2_createek, -f becomes -p and -f is used for format of public key
|
|
|
|
output.
|
|
|
|
* Libre SSL builds fixed.
|
|
|
|
* Dynamic TCTIS. Support for pluggable TCTI modules via the -T or --tcti options.
|
|
|
|
* tpm2_sign: supports signing a pre-computed hash via -D
|
|
|
|
* tpm2_clearlock: tool added
|
|
|
|
* test: system testing scripts moved into subordinate test directory.
|
|
|
|
* fix a buffer overflow in nvread/write tools.
|
|
|
|
* configure: enable code coverage option.
|
|
|
|
* tpm2_takeownership: split into tpm2_clear and tpm2_changeauth
|
|
|
|
* env: add TPM2TOOLS_ENABLE_ERRATA to control the -Z or errata option.
|
|
|
|
|
2018-06-05 11:56:06 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jun 5 09:55:43 UTC 2018 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- fix build after adding install-man.patch: autoreconf is needed again (sigh!)
|
|
|
|
|
2018-05-02 14:11:07 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed May 2 12:09:22 UTC 2018 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- install-man.patch: even after update to 3.0.4 the man pages are not
|
|
|
|
installed correctly. This patch fixes it locally.
|
|
|
|
|
2018-05-02 13:07:16 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed May 2 11:02:07 UTC 2018 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- update to version 3.0.4:
|
|
|
|
- Fix save and load for TPM2B_PRIVATE object.
|
|
|
|
- Use a default buffer size for tpm2_nv{read,write} if the TPM reports a 0 size.
|
|
|
|
- Fix --verbose and --version options crossover.
|
|
|
|
- Generate man pages from markdown and include them in the distribution tarball.
|
|
|
|
- Print usage summary if tools are executed with no options or man page can't be displayed.
|
|
|
|
- man pages will be shipped for SLE version now, too (pandoc dependency was removed)
|
|
|
|
|
2018-03-07 16:44:46 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Mar 7 15:44:14 UTC 2018 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- disable pandoc for all but openSUSE, since pandoc never was on SLE
|
|
|
|
|
2018-03-07 15:45:11 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Mar 7 14:29:10 UTC 2018 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- disable pandoc/man pages generation on SLE-15, because pandoc is not
|
|
|
|
available there (and adding it would require two dozen additional haskell
|
|
|
|
packages)
|
|
|
|
|
2018-02-22 12:21:56 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Feb 22 11:08:19 UTC 2018 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- update to version 3.0.3:
|
|
|
|
- various changes in tool options
|
|
|
|
- man pages are now in section 1 (formerly in section 8)
|
|
|
|
- tools are now installed in /usr/bin (formerly /usr/sbin)
|
|
|
|
|
2017-11-09 15:39:53 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Nov 9 11:00:33 UTC 2017 - vcizek@suse.com
|
|
|
|
|
|
|
|
- update to version 2.1.1
|
|
|
|
* Potential memory leak fix when tcti/sapi initialization fails.
|
|
|
|
* tpm2_listpcrs: use TPM2_GetCapability to determine PCRs to read
|
|
|
|
* listpcrs: remove one redundant call to tpm get cap
|
|
|
|
* listpcrs: fix for unsupported/disabled alg in -L
|
|
|
|
* build: use supported comment to suppress GCC7 fallthrough warning
|
|
|
|
* kdfa: allow to build with OpenSSL 1.1.x (bsc#1067392)
|
|
|
|
- drop patches (upstream)
|
|
|
|
* 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch
|
|
|
|
* tpm2.0-tools-fix-gcc7.patch
|
|
|
|
|
2017-08-21 18:23:48 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Aug 21 14:32:13 UTC 2017 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- update to version 2.1.0:
|
|
|
|
- dropped 0002-kdfa-use-openssl-for-hmac-not-tpm.patch, was backported
|
|
|
|
upstream in commit 788a17abbe0000c560935ef9f31c9a6892d9ea33
|
|
|
|
- this version now can interact with the new resource manager tpm2.0-abrmd
|
|
|
|
- Upstream changes:
|
|
|
|
* Fix readx and writex on multiple EINTR returns.
|
|
|
|
* Add support for the tabrmd TCTI. This is the new default.
|
|
|
|
* Change default socket port from 2323 (the old resourcemgr) to 2321
|
|
|
|
(default simulator port).
|
|
|
|
* Cherry-pick fix for CVE-2017-7524.
|
|
|
|
* Fix tpm2_listpcr command line option handling.
|
|
|
|
* Fix tpm2_getmanufec memory issues.
|
|
|
|
|
2017-08-03 10:12:24 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Jul 20 13:50:28 UTC 2017 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- added the new abrmd package to recommends, because the tools will otherwise
|
|
|
|
not function
|
|
|
|
|
2017-06-29 11:49:42 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Jun 29 09:45:45 UTC 2017 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- 0002-kdfa-use-openssl-for-hmac-not-tpm.patch: fixed unexpected leak of
|
|
|
|
cleartext password into the tpm when generating an HMAC in the context of
|
2017-06-29 12:25:50 +02:00
|
|
|
tpm_kdfa() (key derivation function) (bnc#1046402, CVE-2017-7524)
|
2017-06-29 11:49:42 +02:00
|
|
|
|
2017-06-20 10:42:38 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jun 20 08:35:29 UTC 2017 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- 0001-tpm2_listpcrs-use-TPM2_GetCapability-to-determine-PC.patch: fixed
|
|
|
|
tpm2_listpcrs aborting saying "too much pcrs to get!" (bnc#1044419)
|
|
|
|
|
2017-06-02 09:17:27 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Jun 2 07:16:45 UTC 2017 - meissner@suse.com
|
|
|
|
|
|
|
|
- tpm2.0-tools-fix-hardening.patch: do not disable fortify,
|
|
|
|
do not use -Wstack-protector as it warns also for non-utilized
|
|
|
|
functions and then -Werror fails.
|
2017-06-02 09:38:55 +02:00
|
|
|
- tpm2.0-tools-fix-gcc7.patch: fixed gcc7 case fallthrough errors
|
2017-06-02 09:17:27 +02:00
|
|
|
|
2017-05-10 13:58:47 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed May 10 11:52:40 UTC 2017 - matthias.gerstner@suse.com
|
|
|
|
|
|
|
|
- Major update to 2.0.0
|
|
|
|
- dropped fixes.patch, now part of the upstream version
|
|
|
|
- a set of man pages have been added to the package
|
|
|
|
- Upstream changes:
|
|
|
|
* Tracked on the milestone: https://github.com/01org/tpm2.0-tools/milestone/2
|
|
|
|
* Reworked all the tools to support configurable TCTIs, based on build time
|
|
|
|
configuration, one can specify the tcti via the --tcti (-T) option to all
|
|
|
|
tools.
|
|
|
|
* tpm2_getrandom interface made -s a positional argument.
|
|
|
|
* Numerous bug fixes.
|
|
|
|
|
2017-03-06 17:23:28 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Mar 6 16:23:15 UTC 2017 - meissner@suse.com
|
|
|
|
|
|
|
|
- buildrequire pkgconfig
|
|
|
|
|
2017-03-01 17:18:06 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Mar 1 15:33:46 UTC 2017 - meissner@suse.com
|
|
|
|
|
2017-03-03 16:04:36 +01:00
|
|
|
- Updated to 1.1.0 / 016-11-04 (FATE#321509)
|
2017-03-01 17:18:06 +01:00
|
|
|
- Added
|
|
|
|
* travis ci support.
|
|
|
|
* Allow for unit tests to be enabled selectively.
|
|
|
|
* tpm2_rc_decode tool: Decode TPM_RC error codes.
|
|
|
|
* Android Make file
|
|
|
|
* tpm2_listpersistent: list all persistent objects
|
|
|
|
* test scripts for tpm2-tools
|
|
|
|
* tpm2_nvreadlock
|
|
|
|
* tpm2_getmanufec: retrieve EC from tpm manufacturer server.
|
|
|
|
* Copy 'common' and 'sample' code from the TPM2.0-TSS repo.
|
|
|
|
|
|
|
|
- Modified
|
|
|
|
* tpm2_takeownership: update option -c to use lockout password to clear.
|
|
|
|
* tpm2_listpcrs: add options -L and -s, rewrite to increase performance.
|
|
|
|
* tpm2_quote: added -L option to support selection of multiple banks.
|
|
|
|
* tpm2_quote: add -q option to get qualifying data.
|
|
|
|
* configure: Use pkg-config to get info about libcurl and libcrypto.
|
|
|
|
* configure: Use pkg-config to locate SAPI and TCTI headers / libraries.
|
|
|
|
* tpm2_x: Add -X option to enable password input in Hex format.
|
|
|
|
* tpm2_nvdefine: Change -X option to -I.
|
|
|
|
* tpm2-nvwrite: fix for unable to write 1024B+ data.
|
|
|
|
* tpm2_getmanufec: Fix base64 encoding.
|
|
|
|
* tpm2_x: fixed a lot of TPM2B failures caused by wrong initialization.
|
|
|
|
* tpm2_getmanufec: let configure handle libs.
|
|
|
|
* tpm2_getmanufec: Convert from dos to unix format.
|
|
|
|
* build: Check for TSS2 library @ configure time.
|
|
|
|
* build: Detect required TSS2 and TCTI headers.
|
|
|
|
* build: Use libtool to build the common library
|
|
|
|
* build: Install all binaries into sbin.
|
|
|
|
* build: Build common sources into library.
|
|
|
|
* build: Move all source files to 'src'.
|
|
|
|
* Makefile.am: Move all build rules into single Makefile.am.
|
|
|
|
* everything: Use new TCTI headers and fixup API calls.
|
|
|
|
* everything: Update source to cope with sapi header cleanup.
|
|
|
|
* tpm2_activatecredential: Updated to support TCG compatible EK
|
|
|
|
* tpm2_getpubak: Updated to use TCG compatible EK
|
|
|
|
* tpm2_getpubek: fix ek creation to follow TCG EK profile spec.
|
|
|
|
|
|
|
|
- Removed
|
|
|
|
* Windows related code
|
|
|
|
* depenedency on the TPM2.0-TSS repo source code
|
|
|
|
|
|
|
|
- 1.0-alpha_0.zip: removed, use tpm2-0-tss directly.
|
|
|
|
- tpm2-install-binaries.patch: not needed anymore.
|
|
|
|
- fixes.patch: fixed random return build errors.
|
|
|
|
|
2016-08-22 14:02:21 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Mon Aug 22 12:02:01 UTC 2016 - meissner@suse.com
|
|
|
|
|
|
|
|
- update description
|
|
|
|
|
2016-03-24 14:51:15 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Mar 24 12:42:04 UTC 2016 - meissner@suse.com
|
|
|
|
|
|
|
|
- initial import of tpm2.0-tools
|
|
|
|
|