- Update to version 5.2:
+ tpm2_nvextend:
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NV_Extend command to the TPM.
+ tpm2_nvread:
* Added option --rphash=FILE to specify ile path to record the
hash of the response parameters. This is commonly termed as
rpHash.
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NVRead command to the TPM.
* Added option -S, --session to specify to specify an auxiliary
session for auditing and or encryption/decryption of the
parameters.
+ tpm2_nvsetbits:
* Added option --rphash=FILE to specify file path to record the
hash of the response parameters. This is commonly termed as
rpHash.
* Added option -S, --session to specify to specify an auxiliary
session for auditing and or encryption/decryption of the
parameters.
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NV_SetBits command to the TPM.
+ tpm2_createprimary:
* Support public-key output at creation time in various public-key
formats.
+ tpm2_create:
* Support public-key output at creation time in various public-key
formats.
+ tpm2_print:
* Support outputing public key in various public key formats over
the default YAML output. Supports taking -u output from
tpm2_create and converting it to a PEM or DER file format.
+ tpm2_import:
* Add support for importing keys with sealed-data-blobs.
+ tpm2_rsaencrypt, tpm2_rsadecrypt:
* Add support for specifying the hash algorithm with oaep.
+ tpm2_pcrread, tpm2_quote:
* Add option -F, --pcrs_format to specify PCR format selection for
the binary blob in the PCR output file. 'values' will output a
binary blob of the PCR values. 'serialized' will output a binary
blob of the PCR values in the form of serialized data structure
in little endian format.
+ tpm2_eventlog:
* Add support for decoding StartupLocality.
* Add support for printing the partition information.
* Add support for reading eventlogs longer than 64kb including
from /sys/kernel/security/tpm0/binary_bios-measurements.
+ tpm2_duplicate:
* Add option -L, --policy to specify an authorization policy to be
associated with the duplicated object.
* Added support for external key duplication without needing the
TCTI.
+ tools:
* Enhance error message on invalid passwords when sessions cannot
be used.
+ lib/tpm2_options:
* Add option to specify fake tcti which is required in cases where
sapi ctx is required to be initialized for retrieving command
parameters without invoking the tcti to talk to the TPM.
+ openssl:
* Dropped support for OpenSSL < 1.1.0
* Add support for OpenSSL 3.0.0
+ Support added to make the repository documentation and man pages
available live on readthedocs.
+ Bug-fixes:
* tpm2_import: Don't allow setting passwords for imported object
with -p option as the tool doesn't modify the TPM2B_SENSITIVE
structure. Added appropriate logging to indicate using
tpm2_changeauth after import.
* lib/tpm2_util.c: The function to calculate pHash algorithm
returned error when input session is a password session and the
only session in the command.
* lib/tpm2_alg_util.c: Fix an error where oaep was parsed under
ECC.
* tpm2_sign: Fix segfaults when tool does not find TPM resources
(TPM or RM).
* tpm2_makecredential: Fix an issue where reading input from stdin
could result in unsupported data size larger than the largest
digest size.
* tpm2_loadexternal: Fix an issue where restricted attribute could
not be set.
* lib/tpm2_nv_util.h: The NV index size is dependent on different
data sets read from the GetCapability structures because there
is a dependency on the NV operation type: Define vs Read vs
Write vs Extend. Fix a sane default in the case where
GetCapability fails or fails to report the specific property/
data set. This is especially true because some properties are
TPM implementation dependent.
* tpm2_createpolicy: Fix an issue where tool exited silently
without reporting an error if wrong pcr string is specified.
* lib/tpm2_alg_util: add error message on public init to prevent
tools from dying silently, add an error message.
* tpm2_import: fix an issue where an imported hmac object scheme
was NULL. While allowed, it was inconsistent with other tools
like tpm2_create which set the scheme as hmac->sha256 when
generating a keyedhash object.
- Drop patches already in upstream:
+ 0001-tpm2_checkquote-fix-uninitialized-variable.patch
+ 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch
+ 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch (forwarded request 926512 from aplanas)
OBS-URL: https://build.opensuse.org/request/show/926522
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=32
- Update to version 5.2:
+ tpm2_nvextend:
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NV_Extend command to the TPM.
+ tpm2_nvread:
* Added option --rphash=FILE to specify ile path to record the
hash of the response parameters. This is commonly termed as
rpHash.
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NVRead command to the TPM.
* Added option -S, --session to specify to specify an auxiliary
session for auditing and or encryption/decryption of the
parameters.
+ tpm2_nvsetbits:
* Added option --rphash=FILE to specify file path to record the
hash of the response parameters. This is commonly termed as
rpHash.
* Added option -S, --session to specify to specify an auxiliary
session for auditing and or encryption/decryption of the
parameters.
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NV_SetBits command to the TPM.
+ tpm2_createprimary:
* Support public-key output at creation time in various public-key
formats.
+ tpm2_create:
* Support public-key output at creation time in various public-key
formats.
+ tpm2_print:
* Support outputing public key in various public key formats over
the default YAML output. Supports taking -u output from
tpm2_create and converting it to a PEM or DER file format.
+ tpm2_import:
* Add support for importing keys with sealed-data-blobs.
+ tpm2_rsaencrypt, tpm2_rsadecrypt:
* Add support for specifying the hash algorithm with oaep.
+ tpm2_pcrread, tpm2_quote:
* Add option -F, --pcrs_format to specify PCR format selection for
the binary blob in the PCR output file. 'values' will output a
binary blob of the PCR values. 'serialized' will output a binary
blob of the PCR values in the form of serialized data structure
in little endian format.
+ tpm2_eventlog:
* Add support for decoding StartupLocality.
* Add support for printing the partition information.
* Add support for reading eventlogs longer than 64kb including
from /sys/kernel/security/tpm0/binary_bios-measurements.
+ tpm2_duplicate:
* Add option -L, --policy to specify an authorization policy to be
associated with the duplicated object.
* Added support for external key duplication without needing the
TCTI.
+ tools:
* Enhance error message on invalid passwords when sessions cannot
be used.
+ lib/tpm2_options:
* Add option to specify fake tcti which is required in cases where
sapi ctx is required to be initialized for retrieving command
parameters without invoking the tcti to talk to the TPM.
+ openssl:
* Dropped support for OpenSSL < 1.1.0
* Add support for OpenSSL 3.0.0
+ Support added to make the repository documentation and man pages
available live on readthedocs.
+ Bug-fixes:
* tpm2_import: Don't allow setting passwords for imported object
with -p option as the tool doesn't modify the TPM2B_SENSITIVE
structure. Added appropriate logging to indicate using
tpm2_changeauth after import.
* lib/tpm2_util.c: The function to calculate pHash algorithm
returned error when input session is a password session and the
only session in the command.
* lib/tpm2_alg_util.c: Fix an error where oaep was parsed under
ECC.
* tpm2_sign: Fix segfaults when tool does not find TPM resources
(TPM or RM).
* tpm2_makecredential: Fix an issue where reading input from stdin
could result in unsupported data size larger than the largest
digest size.
* tpm2_loadexternal: Fix an issue where restricted attribute could
not be set.
* lib/tpm2_nv_util.h: The NV index size is dependent on different
data sets read from the GetCapability structures because there
is a dependency on the NV operation type: Define vs Read vs
Write vs Extend. Fix a sane default in the case where
GetCapability fails or fails to report the specific property/
data set. This is especially true because some properties are
TPM implementation dependent.
* tpm2_createpolicy: Fix an issue where tool exited silently
without reporting an error if wrong pcr string is specified.
* lib/tpm2_alg_util: add error message on public init to prevent
tools from dying silently, add an error message.
* tpm2_import: fix an issue where an imported hmac object scheme
was NULL. While allowed, it was inconsistent with other tools
like tpm2_create which set the scheme as hmac->sha256 when
generating a keyedhash object.
- Drop patches already in upstream:
+ 0001-tpm2_checkquote-fix-uninitialized-variable.patch
+ 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch
+ 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch
OBS-URL: https://build.opensuse.org/request/show/926512
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=84
- update to version 5.1.1:
- tpm2_import: fix fixed AES key CVE-2021-3565
- tpm2_import used a fixed AES key for the inner wrapper, which means that
a MITM attack would be able to unwrap the imported key. To fix this,
ensure the key size is 16 bytes or bigger and use OpenSSL to generate a
secure random AES key.
- Avoid pandoc build dependency, use prebuilt man pages everywhere
- Drop 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch, now upstream
- Drop _service, unused
- Drop unused unzip build dependency
- Drop autoreconfigure call, no longer necessary
- Use %autosetup
- Verify tarball signature
- Build against efivar
- Drop %check section, tests weren't built, so that was a noop (forwarded request 902778 from favogt)
OBS-URL: https://build.opensuse.org/request/show/902783
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=29
- update to version 5.1.1:
- tpm2_import: fix fixed AES key CVE-2021-3565
- tpm2_import used a fixed AES key for the inner wrapper, which means that
a MITM attack would be able to unwrap the imported key. To fix this,
ensure the key size is 16 bytes or bigger and use OpenSSL to generate a
secure random AES key.
- Avoid pandoc build dependency, use prebuilt man pages everywhere
- Drop 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch, now upstream
- Drop _service, unused
- Drop unused unzip build dependency
- Drop autoreconfigure call, no longer necessary
- Use %autosetup
- Verify tarball signature
- Build against efivar
- Drop %check section, tests weren't built, so that was a noop
OBS-URL: https://build.opensuse.org/request/show/902778
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=80
- add 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch: no longer use a
fixed AES key in the context of the tpm2_import command. Fixes CVE-2021-3565
(bsc#1186490).
- drop fix_pie_linking.patch: now contained in upstream tarball
- drop fix_warnings.patch: now contained in upstream tarball
- update to upstream version 5.1:
- Minimum tpm2-tss version dependency bumped to 3.1.0
- Minimum tpm2-abrmd version dependency bumped to 2.4.0
- tss2:
- Support in tools for PolicyRef inclusion in policy search per latest TSS.
- Support to use TPM objects protected by a policy with PolicySigned.
- Enable backward compatibility to old Fapi callback API.
- Fix PCR selection for tss2 quote.
- Support policy signed policies by implementing Fapi_SetSignCB.
- Command/ response parameter support for auditing and pHash policies:
- lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash
- Add support to calculate rphash for tpm2_create, tpm2_activatecredential,
tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps,
tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal
- Add support to calculate cphash for tpm2_changeeps, tpm2_changepps.
- Session-support:
- tpm2_sessionconfig: Add tool to display and configure session attributes.
- tpm2_getrandom: Fix— session input was hardcoded for audit-only
- tpm2_startauthsession: Add option to specify the bind object and its
authorization value.
- tpm2_startauthsession: support for bounded-only session.
- tpm2_startauthsession: support for salted-only session.
- tpm2_startauthsession: add option to specify an hmac session type.
- Add support for specifying non-authorization sessions for audit and
parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend,
OBS-URL: https://build.opensuse.org/request/show/895955
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=24
fixed AES key in the context of the tpm2_import command. Fixes CVE-2021-3565
(bsc#1186490).
- drop fix_pie_linking.patch: now contained in upstream tarball
- drop fix_warnings.patch: now contained in upstream tarball
- update to upstream version 5.1:
- Minimum tpm2-tss version dependency bumped to 3.1.0
- Minimum tpm2-abrmd version dependency bumped to 2.4.0
- tss2:
- Support in tools for PolicyRef inclusion in policy search per latest TSS.
- Support to use TPM objects protected by a policy with PolicySigned.
- Enable backward compatibility to old Fapi callback API.
- Fix PCR selection for tss2 quote.
- Support policy signed policies by implementing Fapi_SetSignCB.
- Command/ response parameter support for auditing and pHash policies:
- lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash
- Add support to calculate rphash for tpm2_create, tpm2_activatecredential,
tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps,
tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal
- Add support to calculate cphash for tpm2_changeeps, tpm2_changepps.
- Session-support:
- tpm2_sessionconfig: Add tool to display and configure session attributes.
- tpm2_getrandom: Fix— session input was hardcoded for audit-only
- tpm2_startauthsession: Add option to specify the bind object and its
authorization value.
- tpm2_startauthsession: support for bounded-only session.
- tpm2_startauthsession: support for salted-only session.
- tpm2_startauthsession: add option to specify an hmac session type.
- Add support for specifying non-authorization sessions for audit and
parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend,
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=70
- add fix_warnings.patch: fixes a couple of build errors resulting from LTO
linking and -Werror.
- add fix_pie_linking.patch: fixes an error in the build system that causes
the tss2 binary to be linked without passed LDFLAGS (like -pie), which
causes the binary not to be position independent.
- update to major version 5.0:
- Non Backwards Compatible Changes
* Default hash algorithm is now sha256. Prior versions claimed sha1, but were
inconsistent in choice. Best practice is to specify the hash algorithm to
avoid surprises.
* tpm2_tools and tss2_tools are now a busybox style commandlet. Ie
tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks
to the old tool names and the tpm2 commandlet will interrogate argv[0] for
the command to run. This will provide backwards compatibility if they are
installed. If you wish to use the old names not installed system wide, set
DESTDIR during install to a separate path and set the proper directory on
PATH.
* tpm2_eventlog's output changed to be YAML compliant. The output before
was intended to be YAML compliant but was never properly checked and
tested.
* umask set to 0117 for all tools.
* tpm2_getekcertificate now outputs the INTC EK certificates in PEM format
by default. In order to output the URL safe variant of base64 encoded
output of the INTC EK certificate use the added option --raw.
- Dependency update
* Update tpm2-tss dependency version to 3.0.1
* Update tpm2-abrmd dependency version to 2.3.3
- New tools and features
* tpm2_zgen2phase: Add new tool to support command TPM2_CC_ZGen_2Phase.
* tpm2_ecdhzgen: Add new tool to support command TPM2_CC_ECDH_ZGen.
OBS-URL: https://build.opensuse.org/request/show/867453
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=22
linking and -Werror.
- update to major version 5.0:
- Non Backwards Compatible Changes
* Default hash algorithm is now sha256. Prior versions claimed sha1, but were
inconsistent in choice. Best practice is to specify the hash algorithm to
avoid surprises.
* tpm2_tools and tss2_tools are now a busybox style commandlet. Ie
tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks
to the old tool names and the tpm2 commandlet will interrogate argv[0] for
the command to run. This will provide backwards compatibility if they are
installed. If you wish to use the old names not installed system wide, set
DESTDIR during install to a separate path and set the proper directory on
PATH.
* tpm2_eventlog's output changed to be YAML compliant. The output before
was intended to be YAML compliant but was never properly checked and
tested.
* umask set to 0117 for all tools.
* tpm2_getekcertificate now outputs the INTC EK certificates in PEM format
by default. In order to output the URL safe variant of base64 encoded
output of the INTC EK certificate use the added option --raw.
- Dependency update
* Update tpm2-tss dependency version to 3.0.1
* Update tpm2-abrmd dependency version to 2.3.3
- New tools and features
* tpm2_zgen2phase: Add new tool to support command TPM2_CC_ZGen_2Phase.
* tpm2_ecdhzgen: Add new tool to support command TPM2_CC_ECDH_ZGen.
* tpm2_ecdhkeygen: Add new tool to support command TPM2_CC_ECDH_KeyGen.
* tpm2_commit: Add new tool to support command TPM2_CC_Commit.
* tpm2_ecephemeral: Add new tool to support command TPM2_CC_EC_Ephemeral.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=63
- update to version 4.3:
- changes in version 4.3:
- tss2_*: Fix double-free errors in commands asking for password authorization
- tss2_*: Fix shorthand command -f that was falsely requiring an argument
- tss2_*: Update tss2_encrypt to the new FAPI interface
- The argument 'policyPath' is removed which was never read anyway
- tss2_*: Remove the additional '\n' that was appended when redirecting to stdout
- tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec
- tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo
- tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout
- tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec
- tss2_*: Add parameter types to all man page
- tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data
- tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output
- tss2_pcrextend: fix extending PCR 0
- tss2_quote: fix unused TSS2_RC in LOG_ERR
- changes in 4.2.1:
- Fix missing handle maps for ESY3 handle breaks. See #1994.
- Bump ESYS minimum dependency version from 2.3.0 to 2.4.0.
- Fix for loop declarations build error.
- changes in 4.2:
- Fix various issues reported by static analysis tools.
- Add integration test for ECC based getekcertificate.
- Fix for issue #1959 where ARM builds were failing.
- Add a check in autotools to add "expect" as a package dependency for fapi tools.
- tpm2_createek: Drop the unused -p or --ek-auth option
- tpm2_policyor: List of policy files should be specified as an argument
- instead of -l option. The -l option is still retained for backwards
- compatibility. See issue#1894.
- tpm2_eventlog: add a tool for parsing and displaying the event log.
OBS-URL: https://build.opensuse.org/request/show/843599
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=21
- changes in version 4.3:
- tss2_*: Fix double-free errors in commands asking for password authorization
- tss2_*: Fix shorthand command -f that was falsely requiring an argument
- tss2_*: Update tss2_encrypt to the new FAPI interface
- The argument 'policyPath' is removed which was never read anyway
- tss2_*: Remove the additional '\n' that was appended when redirecting to stdout
- tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec
- tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo
- tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout
- tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec
- tss2_*: Add parameter types to all man page
- tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data
- tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output
- tss2_pcrextend: fix extending PCR 0
- tss2_quote: fix unused TSS2_RC in LOG_ERR
- changes in 4.2.1:
- Fix missing handle maps for ESY3 handle breaks. See #1994.
- Bump ESYS minimum dependency version from 2.3.0 to 2.4.0.
- Fix for loop declarations build error.
- changes in 4.2:
- Fix various issues reported by static analysis tools.
- Add integration test for ECC based getekcertificate.
- Fix for issue #1959 where ARM builds were failing.
- Add a check in autotools to add "expect" as a package dependency for fapi tools.
- tpm2_createek: Drop the unused -p or --ek-auth option
- tpm2_policyor: List of policy files should be specified as an argument
- instead of -l option. The -l option is still retained for backwards
- compatibility. See issue#1894.
- tpm2_eventlog: add a tool for parsing and displaying the event log.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=58
! please handle this together with sr#755853 for tpm2-0-tss !
- add fix_bad_bufsize.patch: fixes findings from compile time fread() checks
that indicate bad buffer size specification.
- add fix_bogus_warning.patch: fixes `maybe-unitialized` warnings that are
bogus, since the variables in questions will be initialized in any case
later on.
- update to major version 4.1:
- changes in version 4.1:
* tpm2_certifycreation: New tool enabling command TPM2_CertifyCreation.
* tpm2_checkquote:
- Fix YAML output bug.
- -g option for specifying hash algorithm is optional and defaults to
sha256.
* tpm2_changeeps: A new tool for changing the Endorsement hierarchy
primary seed.
* tpm2_changepps: A new tool for changing the Platform hierarchy primary seed.
* tpm2_clockrateadjust: Add a new tool for modifying the period on the TPM.
* tpm2_create: Add tool options for specifying output data for use in
certification
- --creation-data to save the creation data
- --creation-ticket or -t to save the creation ticket
- --creation-hash or -d to save the creation hash
- --template-data for saving the template data of the key
- --outside-info or -q for specifying unique data to include in creation data.
- --pcr-list or -l Add option to specify pcr list to add to creation data.
OBS-URL: https://build.opensuse.org/request/show/755855
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=20
- changes in version 4.1:
* tpm2_certifycreation: New tool enabling command TPM2_CertifyCreation.
* tpm2_checkquote:
- Fix YAML output bug.
- -g option for specifying hash algorithm is optional and defaults to
sha256.
* tpm2_changeeps: A new tool for changing the Endorsement hierarchy
primary seed.
* tpm2_changepps: A new tool for changing the Platform hierarchy primary seed.
* tpm2_clockrateadjust: Add a new tool for modifying the period on the TPM.
* tpm2_create: Add tool options for specifying output data for use in
certification
- --creation-data to save the creation data
- --creation-ticket or -t to save the creation ticket
- --creation-hash or -d to save the creation hash
- --template-data for saving the template data of the key
- --outside-info or -q for specifying unique data to include in creation data.
- --pcr-list or -l Add option to specify pcr list to add to creation data.
* tpm2_createprimary: Add tool options for specifying output data for use
in certification
- --creation-data to save the creation data
- --creation-ticket or -t to save the creation ticket
- --creation-hash or -d to save the creation hash
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=54
- update to minor version 3.1.3:
- Restore support for the TPM2TOOLS_* env vars for TCTI configuration, in
addition to supporting the new unified TPM2TOOLS_ENV_TCTI
- Fix tpm2_getcap to print properties with the TPM_PT prefix, rather than
TPM2_PT
- Make test_tpm2_activecredential Python 3 compatible
- Fix tpm2_takeownership to only attempt to change the specified hierarchies
- use a _service file to sync with upstream tags
OBS-URL: https://build.opensuse.org/request/show/682127
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=18
- Restore support for the TPM2TOOLS_* env vars for TCTI configuration, in
addition to supporting the new unified TPM2TOOLS_ENV_TCTI
- Fix tpm2_getcap to print properties with the TPM_PT prefix, rather than
TPM2_PT
- Make test_tpm2_activecredential Python 3 compatible
- Fix tpm2_takeownership to only attempt to change the specified hierarchies
- use a _service file to sync with upstream tags
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=50
- update to minor version 3.1.2:
- Revert the change to use user supplied object attributes exclusively. This
is an inappropriate behavioural change for a MINOR version number
increment.
- Fix inclusion of object attribute specifiers section in tpm2_create and
tpm2_createprimary man pages.
- Use better object attribute defaults for authentication, preventing an
empty password being used for authentication when a policy is set.
OBS-URL: https://build.opensuse.org/request/show/638482
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=16
- Revert the change to use user supplied object attributes exclusively. This
is an inappropriate behavioural change for a MINOR version number
increment.
- Fix inclusion of object attribute specifiers section in tpm2_create and
tpm2_createprimary man pages.
- Use better object attribute defaults for authentication, preventing an
empty password being used for authentication when a policy is set.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=46
Please handle together with sr#620443, sr#620444, required dependencies.
- update to major version 3.1.0:
- the tpm2 stack introduces an incompatible ABI to the previous version with
this update. There is no compatibility layer, libraries have new names
- install-man.patch: dropped, because we don't really need it
- tpm2.0-tools-fix-hardening.patch: contained in upstream tarball now
s etc.
- upstream changelog:
* tpm2_unseal: -P becomes -p
* tpm2_sign: -P becomes -p
* tpm2_nvreadlock: long form for -P is now --auth-hierarchy
* tpm2_rsadecrypt: -P becomes -p
* tpm2_nvrelease: long-form of -P becomes --auth-hierarchy
* tpm2_nvdefine: -I becomes -p
* tpm2_encryptdecrypt: -P becomes -p
* tpm2_dictionarylockout: -P becomes -p
* tpm2_createprimary: -K becomes -p
* tpm2_createak: -E becomes -e
* tpm2_certify: -k becomes -p
* tpm2_hash: -g changes to -G
* tpm2_encryptdecrypt: Support IVs via -i and algorithm modes via -G.
* tpm2_hmac: drop -g, just use the algorithm associated with the object.
* tpm2_getmanufec: -g changes to -G
* tpm2_createek: -g changes to -G
* tpm2_createak: -g changes to -G
* tpm2_verifysignature: -g becomes -G
* tpm2_sign: -g becomes -G
* tpm2_import: support specifying parent key with a context file,
--parent-key-handle/-H becomes --parent-key/-C
* tpm2_nvwrite and tpm2_nvread: when -P is "index" -a is optional and defaults to
the NV_INDEX value passed to -x.
OBS-URL: https://build.opensuse.org/request/show/620445
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=14
- install-man.patch: even after update to 3.0.4 the man pages are not
installed correctly. This patch fixes it locally.
- update to version 3.0.4:
- Fix save and load for TPM2B_PRIVATE object.
- Use a default buffer size for tpm2_nv{read,write} if the TPM reports a 0 size.
- Fix --verbose and --version options crossover.
- Generate man pages from markdown and include them in the distribution tarball.
- Print usage summary if tools are executed with no options or man page can't be displayed.
- man pages will be shipped for SLE version now, too (pandoc dependency was removed)
OBS-URL: https://build.opensuse.org/request/show/603119
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=12