SHA256
1
0
forked from pool/tpm2.0-tools
Commit Graph

102 Commits

Author SHA256 Message Date
Dominique Leuenberger
0fadaea8ed Accepting request 1041885 from security
OBS-URL: https://build.opensuse.org/request/show/1041885
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=36
2022-12-10 20:17:41 +00:00
54066e63b9 Accepting request 1041884 from home:aplanas:branches:security
- Update to version 5.4

OBS-URL: https://build.opensuse.org/request/show/1041884
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=97
2022-12-09 13:47:38 +00:00
d9a849d22f Accepting request 1041869 from home:aplanas:branches:security
- Update to version 5.4
  + Added:
    * tpm2_policyrestart: Added option --cphash to output the cpHash
      for the command PM2_CC_PolicyRestart.
    * tpm2_policynvwritten: Added option --cphash to output the cpHash
      for the command TPM2_CC_PolicyNvWritten.
    * tpm2_policylocality: Added option --cphash to output the cpHash
      for the command TPM2_CC_PolicyLocality.
    * tpm2_policycountertimer: Added option --cphash to output the
      cpHash for the command TPM2_CC_PolicyCounterTimer.
    * tpm2_policycommandcode: Added option --cphash to output the
      cpHash for the command TPM2_CC_PolicyCommandCode.
    * tpm2_policypassword: Added option --cphash to output the cpHash
      for the command TPM2_CC_PolicyPassword.
    * tpm2_policyauthvalue: Added option --cphash to output the cpHash
      for the command TPM2_CC_PolicyAuthValue.
    * tpm2_policyauthorize: Added option --cphash to output the cpHash
      for the command TPM2_CC_PolicyAuthorize.
    * tpm2_print: Support printing serialized ESYS_TR's
    * tpm2_create: Add a clarifying message to usage of -c when
      TPM2_CreateLoaded is not supported.
    * tpm2_getcap: Add support for vendor agnostic
      capabilites. Requires tpm2-tss version 4.0 and higher to enable.
    * Add a script, check_endorsement_cert.sh, to validate the
      endorsement certificate chain. It takes two inputs - A
      TPM2B_PUBLIC format EKpublic and a PEM format EKcertificate
      specified in that order as arguments.
- Update to version 5.3
  +  Features:
    * lib/tpm2_tool.c: add --help=no-man for tpm2 option. Prior to
      this change the tool parsed no-man as an unrecognized option and
      errored out. Now it lists all the available tool options.
    * tpm2_encodeobject: New tool to encode TPM2 object. It takes
      public and private portions of an object and encode them in a
      combined PEM form called tssprivkey used by tpm2-tss-engine and
      other applications.
    * Support alternative ECC curves for which default EK templates
      exist (NIST_P256, NIST_P384, NIST_P521, and SM2_P256).
    * tools/misc/tpm2_checkquote: add sm2 verification of signature.
    * crypto: support the TPM2_ECC_SM2_P256 curveID.
    * fapi: add new command to enable the use of fapi objects for tpm2
      tools. The new command tss2_gettpm2object was added. With this
      command context files which can be used for tpm2 tool commands
      can be created.
    * Support for sign and verify with sm2 algorithms.
    * tools/tpm2_startauthsession: add sym-algorithm argument for
      supported symmetric algorithm.
    * Attestation (certify, command audit, sessionaudit and quote):
      add scheme argument for supported signature schemes. This also
      enable support for SM signing.
    * tpm2_flushcontext: support all options at a time. Support the
      -t/-l/-s options all at once so folks don't have to call it
      multiple times.
    * tools/tpm2_nvread: add human readable output for NV content
      Enable parsing and YAML-style output for the different NV index
      types.
    * New event types in tpm2_eventlog:
      EV_EFI_PLATFORM_FIRMWARE_BLOB2, EV_EFI_HANDOFF_TABLES2,
      EV_EFI_VARIABLE_BOOT2
    * VERSION: add version file - Generate the version file with
      bootstrap and include in the DIST tarball so endusers can call
      autoreconf on a dist tarball which doesn't have git. This
      alleviates git describe errors on release tarballs in the
      autoreconf case.
    * import: support restricted parents - Support a restricted parent
      with an aes128cfb symmetric parameter.
    * tpm2_load - Added capability to load pem files in
      TSS2-Private-Key format for interoperability with
      tpm2-tss-engine, tpm2-openssl provider tpm2-pkcs11, and
      tpm2-pytss.
    * tpm2_print - Added capability to parse out and print the public
      portion of a TSS Private Key in the PEM format with the arg
      option TSSPRIVKEY_OBJ.
    * tpm2_loadexternal: Added support to tpm2_loadexternal for
      parsing and loading the public portion of a TSS2 Privkey PEM
      file. The path to the PEM file must be specified using the -r
      option while skipping the -G option for key type.
    * Support added for calculating cpHash, rpHash, sessions for
      parameter encryption and auditing in: tpm2_nvwrite,
      tpm2_nvcertify, tpm2_nvincrement, tpm2_nvwritelock,
      tpm2_nvreadlock, tpm2_nvundefine and tpm2_nvreadpublic.
    * Support added for calculating cpHash in: tpm2_clear,
      tpm2_dictionarylockout, tpm2_clearcontrol, tpm2_sign,
      tpm2_setprimarypolicy, tpm2_setclock, tpm2_rsadecrypt,
      tpm2_duplicate, tpm2_clockrateadjust, tpm2_createprimary,
      tpm2_quote, tpm2_policysecret, tpm2_policynv,
      tpm2_policyauthorizenv, tpm2_import, tpm2_hmac,
      tpm2_hierarchycontrol, tpm2_load, tpm2_gettime,
      tpm2_evictcontrol, tpm2_encryptdecrypt, tpm2_getpolicydigest,
      tpm2_loadexternal, tpm2_commit, tpm2_ecdhkeygen, tpm2_ecdhzgen,
      tpm2_ecephemeral, tpm2_geteccparameters, tpm2_flushcontext,
      tpm2_pcrallocate, tpm2_pcrevent, tpm2_pcrreset, tpm2_pcrread.
    * Support for using tcti=none for cpHash calculations to avoid
      invoking checks for active TPM in: tpm2_nvreadpublic,
      tpm2_nvundefine, tpm2_nvreadlock, tpm2_nvwritelock,
      tpm2_nvincrement, tpm2_nvcertify, tpm2_nvdefine, tpm2_nvwrite.
  + Known issue:
    * FAPI tools will not work on 32bit user-static qemu on 64bit host
      because readdir returns NULL. Follow the issue on
      https://gitlab.com/qemu-project/qemu/-/issues/263
  + Bug fixes:
    * tools/tpm2_pcrreset.c: fix build errors in 32bit systems.
    * Fix tssprivkey formatted PEM generation and load errors on 32
      bit systems.
    * CI: Add testing of 32bit systems with multiarch/qemu-user-static
      containers.
    * tools/tpm2_evictcontrol: fix for calls to Esys_TR_Close on bad
      handles.
    * tools/tpm2_nvextend: fix for ESYS_TR handle not being used in
      calculating the object name.
    * tools/tpm2_nvwrite, tools/tpm2_nvread: Policy authorization must
      be re-instantiated on each iteration of the read/ write when
      size exceeds the allowed operating size
      (TPM2_PT_NV_BUFFER_MAX). However, information on the compounded
      policies cannot be retrieved from the only policy digest read
      from the session and hence the session cannot be
      re-instantiated. To avoid this scenario only a single iteration
      is allowed when policy authorization is in use.
    * Fix argument parsing in tpm2_policylocality to fix an issue
      causing almost always to generate PolicyLocality(0). There was a
      logical inversion that caused almost any argument (including
      invalid ones) to be interpreted as zero, except “zero" would be
      interpreted as one.
    * test/fapi/fapi-quote-verify.sh Fix check of qualifying
      data. Because of a bug in Fapi_VerifyQuote the qualifying data
      was not checked correctly. Errors that were not recognized
      before occur now. The order of the tests was cleaned up and for
      every quote and verify quote now the correct combination of the
      qualifying data and quote info containing the nonce is used.
    * tpm2_nvdefine: set TPMA_NV_PLATFORMCREATE when authenticating
      with the platform hierarchy.
    * tools/tpm2_getekcertificate: fixed the url link to
      ekop.intel.com. There were two places where the fix was needed:
      o In the tool source code where a forward slash was always
        appended irrespective of it already being part of the link
        specified by the user and
      o In the integration test where curl tests the link to the
        ekop.intel.com backend. It now requires the full link to
        include the base64 encoded ek pub hash.
    * tools/tpm2_tool.c: Fix an issue where LOG_WARN is always
      displayed Despite setting the 'quiet' flag with -Q.
    * fapi: fix usage of parameter pcrLog for tss2_quote. pcrLog is an
      optional parameter. If pcrLog is not used as parameter currently
      the pcr log is still calculated in Fapi_Quote. To avoid this
      calculation a NULL pointer will be passed to Fapi_Quote if the
      parameter pcrLog is not passed. So tss2_quote can be executed
      for a user which has no access rights to the files with the
      system measurements.
    * import: fix bug on using scheme wherein if scheme is specified
      in the template, the openssl load functions clobber the scheme
      value and set it to TPM2_ALG_NULL.
    * tools/tpm2_sign and tpm2_verifysignature: fix sm2 sign and
      verifysignature bugs : (1.) sm2 sign could not get output
      signature. (2.) sm2 verify tss format signature failed.
    * lib/tpm2.c: added workaround for a system api bug where in the
      flush handle is erroneously placed in the handle area instead of
      the parameter area.
    * nvreadpublic: drop ntoh on attributes The attributes get
      marshalled to correct endianess by libmu and don’t need to be
      changed again.
    * Removing unused '-i' option from tpm2_print
    * tpm2_policyor: fix unallocated policy list The TPML_DIGEST
      policy list was calloc'd for some reason, however it could just
      be statically allocated in the context. The side effect is that
      when no options or arguments were given a NPD occured when
      checking the count of the policy list.
    * tools/tpm2_certify: fix man page for short options and add tests
      The short options for the signing-key-auth and
      certified-key-auth were swapped. The case fix in the man page
      makes it less intuitive but have to go through with the change
      so that we don't break any existing scripts. This change does
      not affect the long options. Tests have been added to ensure the
      functionality.
  + CI:
    * ci: add ubuntu-22.04. This also requires the min tpm2-tss
      version to be at 3.2.0 to support the openSSL major version 3.
    * cirrus.yml: update freebsd version to 13.1
    * .ci/download-deps.sh: update tpm2-abrmd dependency version to
      2.4.1
- Drop 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch
  (merged)
- Drop add_missing_shut_down_call_on_cleanup.patch (merged)
- Drop fix_check_of_qualifying_data.patch (merged)

OBS-URL: https://build.opensuse.org/request/show/1041869
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=96
2022-12-09 13:26:20 +00:00
Dominique Leuenberger
6a84e87ec4 Accepting request 989125 from security
OBS-URL: https://build.opensuse.org/request/show/989125
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=35
2022-07-14 14:33:27 +00:00
cb919fb8ac Accepting request 989124 from home:aplanas:branches:security
- Disable tests in some architectures (ppc, ppc64, s390x)

OBS-URL: https://build.opensuse.org/request/show/989124
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=94
2022-07-14 09:58:27 +00:00
2dec5107b8 Accepting request 989000 from home:aplanas:branches:security
- Add patch to fix leakage of TPM simulator process
  add_missing_shut_down_call_on_cleanup.patch
- Add patch to fix fapi-quote-verify[_ecc].sh test
  fix_check_of_qualifying_data.patch
- Enable test execution by default

OBS-URL: https://build.opensuse.org/request/show/989000
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=93
2022-07-13 12:35:56 +00:00
Dominique Leuenberger
29706ce84b Accepting request 987921 from security
OBS-URL: https://build.opensuse.org/request/show/987921
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=34
2022-07-09 14:59:09 +00:00
d946dab0ca Accepting request 987920 from home:aplanas:branches:security
- Add missing dependencies for testing.

OBS-URL: https://build.opensuse.org/request/show/987920
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=91
2022-07-08 13:36:19 +00:00
f3e46a0f5a Accepting request 987892 from home:aplanas:branches:security
Run tests sequentially

OBS-URL: https://build.opensuse.org/request/show/987892
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=90
2022-07-08 11:40:48 +00:00
45c31e0402 Accepting request 987873 from home:aplanas:branches:security
OBS-URL: https://build.opensuse.org/request/show/987873
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=89
2022-07-08 09:39:21 +00:00
4e86bd2543 Accepting request 987836 from home:aplanas:branches:security
- Add missing dependencies for testing, and enable test bcond
  (bsc#1188085)
- Add patch to properly skip getekcertificate if curl is missing
  0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch

OBS-URL: https://build.opensuse.org/request/show/987836
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=88
2022-07-08 08:32:19 +00:00
9810272594 Accepting request 987481 from home:aplanas:branches:security
- Disable LTO for 5.2, to fix tpm2_makecredential with "-T none"
  (bsc#1201291)

OBS-URL: https://build.opensuse.org/request/show/987481
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=87
2022-07-07 15:38:12 +00:00
Dominique Leuenberger
d005922503 Accepting request 936758 from security
OBS-URL: https://build.opensuse.org/request/show/936758
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=33
2021-12-08 21:08:49 +00:00
f3833fe147 Accepting request 936757 from home:aplanas:branches:security
- The update to 5.2 fill also jsc#SLE-9515 (4.1) and jsc#SLE-17366 (4.3.0)

OBS-URL: https://build.opensuse.org/request/show/936757
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=86
2021-12-08 17:10:00 +00:00
08f6726088 Accepting request 934693 from home:aplanas:branches:security
- Fix python3-PyYAML requirement
- Move the tests inside a bcond.  Disabled by default.

OBS-URL: https://build.opensuse.org/request/show/934693
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=85
2021-12-06 12:27:09 +00:00
Dominique Leuenberger
0cb4095330 Accepting request 926522 from security
- Update to version 5.2:
  + tpm2_nvextend:
    * Added option -n, --name to specify the name of the nvindex in
      hex bytes. This is used when cpHash ought to be calculated
      without dispatching the TPM2_NV_Extend command to the TPM.
  + tpm2_nvread:
    * Added option --rphash=FILE to specify ile path to record the
      hash of the response parameters. This is commonly termed as
      rpHash.
    * Added option -n, --name to specify the name of the nvindex in
      hex bytes. This is used when cpHash ought to be calculated
      without dispatching the TPM2_NVRead command to the TPM.
    * Added option -S, --session to specify to specify an auxiliary
      session for auditing and or encryption/decryption of the
      parameters.
  + tpm2_nvsetbits:
    * Added option --rphash=FILE to specify file path to record the
      hash of the response parameters. This is commonly termed as
      rpHash.
    * Added option -S, --session to specify to specify an auxiliary
      session for auditing and or encryption/decryption of the
      parameters.
    * Added option -n, --name to specify the name of the nvindex in
      hex bytes. This is used when cpHash ought to be calculated
      without dispatching the TPM2_NV_SetBits command to the TPM.
  + tpm2_createprimary:
    * Support public-key output at creation time in various public-key
      formats.
  + tpm2_create:
    * Support public-key output at creation time in various public-key
      formats.
  + tpm2_print:
    * Support outputing public key in various public key formats over
      the default YAML output. Supports taking -u output from
      tpm2_create and converting it to a PEM or DER file format.
  + tpm2_import:
    * Add support for importing keys with sealed-data-blobs.
  + tpm2_rsaencrypt, tpm2_rsadecrypt:
    * Add support for specifying the hash algorithm with oaep.
  + tpm2_pcrread, tpm2_quote:
    * Add option -F, --pcrs_format to specify PCR format selection for
      the binary blob in the PCR output file. 'values' will output a
      binary blob of the PCR values. 'serialized' will output a binary
      blob of the PCR values in the form of serialized data structure
      in little endian format.
  + tpm2_eventlog:
    * Add support for decoding StartupLocality.
    * Add support for printing the partition information.
    * Add support for reading eventlogs longer than 64kb including
      from /sys/kernel/security/tpm0/binary_bios-measurements.
  + tpm2_duplicate:
    * Add option -L, --policy to specify an authorization policy to be
      associated with the duplicated object.
    * Added support for external key duplication without needing the
      TCTI.
  + tools:
    * Enhance error message on invalid passwords when sessions cannot
      be used.
  + lib/tpm2_options:
    * Add option to specify fake tcti which is required in cases where
      sapi ctx is required to be initialized for retrieving command
      parameters without invoking the tcti to talk to the TPM.
  + openssl:
    * Dropped support for OpenSSL < 1.1.0
    * Add support for OpenSSL 3.0.0
  + Support added to make the repository documentation and man pages
    available live on readthedocs.
  + Bug-fixes:
    * tpm2_import: Don't allow setting passwords for imported object
      with -p option as the tool doesn't modify the TPM2B_SENSITIVE
      structure. Added appropriate logging to indicate using
      tpm2_changeauth after import.
    * lib/tpm2_util.c: The function to calculate pHash algorithm
      returned error when input session is a password session and the
      only session in the command.
    * lib/tpm2_alg_util.c: Fix an error where oaep was parsed under
      ECC.
    * tpm2_sign: Fix segfaults when tool does not find TPM resources
      (TPM or RM).
    * tpm2_makecredential: Fix an issue where reading input from stdin
      could result in unsupported data size larger than the largest
      digest size.
    * tpm2_loadexternal: Fix an issue where restricted attribute could
      not be set.
    * lib/tpm2_nv_util.h: The NV index size is dependent on different
      data sets read from the GetCapability structures because there
      is a dependency on the NV operation type: Define vs Read vs
      Write vs Extend. Fix a sane default in the case where
      GetCapability fails or fails to report the specific property/
      data set. This is especially true because some properties are
      TPM implementation dependent.
    * tpm2_createpolicy: Fix an issue where tool exited silently
      without reporting an error if wrong pcr string is specified.
    * lib/tpm2_alg_util: add error message on public init to prevent
      tools from dying silently, add an error message.
    * tpm2_import: fix an issue where an imported hmac object scheme
      was NULL. While allowed, it was inconsistent with other tools
      like tpm2_create which set the scheme as hmac->sha256 when
      generating a keyedhash object.
- Drop patches already in upstream:
  + 0001-tpm2_checkquote-fix-uninitialized-variable.patch
  + 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch
  + 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch (forwarded request 926512 from aplanas)

OBS-URL: https://build.opensuse.org/request/show/926522
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=32
2021-10-22 22:50:23 +00:00
a9b849d596 Accepting request 926512 from home:aplanas:branches:security
- Update to version 5.2:
  + tpm2_nvextend:
    * Added option -n, --name to specify the name of the nvindex in
      hex bytes. This is used when cpHash ought to be calculated
      without dispatching the TPM2_NV_Extend command to the TPM.
  + tpm2_nvread:
    * Added option --rphash=FILE to specify ile path to record the
      hash of the response parameters. This is commonly termed as
      rpHash.
    * Added option -n, --name to specify the name of the nvindex in
      hex bytes. This is used when cpHash ought to be calculated
      without dispatching the TPM2_NVRead command to the TPM.
    * Added option -S, --session to specify to specify an auxiliary
      session for auditing and or encryption/decryption of the
      parameters.
  + tpm2_nvsetbits:
    * Added option --rphash=FILE to specify file path to record the
      hash of the response parameters. This is commonly termed as
      rpHash.
    * Added option -S, --session to specify to specify an auxiliary
      session for auditing and or encryption/decryption of the
      parameters.
    * Added option -n, --name to specify the name of the nvindex in
      hex bytes. This is used when cpHash ought to be calculated
      without dispatching the TPM2_NV_SetBits command to the TPM.
  + tpm2_createprimary:
    * Support public-key output at creation time in various public-key
      formats.
  + tpm2_create:
    * Support public-key output at creation time in various public-key
      formats.
  + tpm2_print:
    * Support outputing public key in various public key formats over
      the default YAML output. Supports taking -u output from
      tpm2_create and converting it to a PEM or DER file format.
  + tpm2_import:
    * Add support for importing keys with sealed-data-blobs.
  + tpm2_rsaencrypt, tpm2_rsadecrypt:
    * Add support for specifying the hash algorithm with oaep.
  + tpm2_pcrread, tpm2_quote:
    * Add option -F, --pcrs_format to specify PCR format selection for
      the binary blob in the PCR output file. 'values' will output a
      binary blob of the PCR values. 'serialized' will output a binary
      blob of the PCR values in the form of serialized data structure
      in little endian format.
  + tpm2_eventlog:
    * Add support for decoding StartupLocality.
    * Add support for printing the partition information.
    * Add support for reading eventlogs longer than 64kb including
      from /sys/kernel/security/tpm0/binary_bios-measurements.
  + tpm2_duplicate:
    * Add option -L, --policy to specify an authorization policy to be
      associated with the duplicated object.
    * Added support for external key duplication without needing the
      TCTI.
  + tools:
    * Enhance error message on invalid passwords when sessions cannot
      be used.
  + lib/tpm2_options:
    * Add option to specify fake tcti which is required in cases where
      sapi ctx is required to be initialized for retrieving command
      parameters without invoking the tcti to talk to the TPM.
  + openssl:
    * Dropped support for OpenSSL < 1.1.0
    * Add support for OpenSSL 3.0.0
  + Support added to make the repository documentation and man pages
    available live on readthedocs.
  + Bug-fixes:
    * tpm2_import: Don't allow setting passwords for imported object
      with -p option as the tool doesn't modify the TPM2B_SENSITIVE
      structure. Added appropriate logging to indicate using
      tpm2_changeauth after import.
    * lib/tpm2_util.c: The function to calculate pHash algorithm
      returned error when input session is a password session and the
      only session in the command.
    * lib/tpm2_alg_util.c: Fix an error where oaep was parsed under
      ECC.
    * tpm2_sign: Fix segfaults when tool does not find TPM resources
      (TPM or RM).
    * tpm2_makecredential: Fix an issue where reading input from stdin
      could result in unsupported data size larger than the largest
      digest size.
    * tpm2_loadexternal: Fix an issue where restricted attribute could
      not be set.
    * lib/tpm2_nv_util.h: The NV index size is dependent on different
      data sets read from the GetCapability structures because there
      is a dependency on the NV operation type: Define vs Read vs
      Write vs Extend. Fix a sane default in the case where
      GetCapability fails or fails to report the specific property/
      data set. This is especially true because some properties are
      TPM implementation dependent.
    * tpm2_createpolicy: Fix an issue where tool exited silently
      without reporting an error if wrong pcr string is specified.
    * lib/tpm2_alg_util: add error message on public init to prevent
      tools from dying silently, add an error message.
    * tpm2_import: fix an issue where an imported hmac object scheme
      was NULL. While allowed, it was inconsistent with other tools
      like tpm2_create which set the scheme as hmac->sha256 when
      generating a keyedhash object.
- Drop patches already in upstream:
  + 0001-tpm2_checkquote-fix-uninitialized-variable.patch
  + 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch
  + 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch

OBS-URL: https://build.opensuse.org/request/show/926512
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=84
2021-10-20 10:13:52 +00:00
Dominique Leuenberger
0f526928e4 Accepting request 909338 from security
- Add 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch to
fix the offset of the read buffer (forwarded request 909201 from aplanas)

OBS-URL: https://build.opensuse.org/request/show/909338
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=31
2021-08-02 10:04:31 +00:00
2daa4759e2 Accepting request 909201 from home:aplanas:branches:security
- Add 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch to
fix the offset of the read buffer

OBS-URL: https://build.opensuse.org/request/show/909201
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=83
2021-07-30 08:12:10 +00:00
Dominique Leuenberger
131a800519 Accepting request 906620 from security
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/906620
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=30
2021-07-18 21:44:47 +00:00
9bf3cf3cac OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=82 2021-07-09 07:27:41 +00:00
64866be1b2 - prepare running the test suite via %check, but leave it commented out,
because it is broken due to LTO linking.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=81
2021-07-08 09:07:44 +00:00
Dominique Leuenberger
f1c0b5d17f Accepting request 902783 from security
- update to version 5.1.1:
  - tpm2_import: fix fixed AES key CVE-2021-3565
    - tpm2_import used a fixed AES key for the inner wrapper, which means that
      a MITM attack would be able to unwrap the imported key. To fix this,
      ensure the key size is 16 bytes or bigger and use OpenSSL to generate a
      secure random AES key.
- Avoid pandoc build dependency, use prebuilt man pages everywhere
- Drop 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch, now upstream
- Drop _service, unused
- Drop unused unzip build dependency
- Drop autoreconfigure call, no longer necessary
- Use %autosetup
- Verify tarball signature
- Build against efivar
- Drop %check section, tests weren't built, so that was a noop (forwarded request 902778 from favogt)

OBS-URL: https://build.opensuse.org/request/show/902783
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=29
2021-06-28 13:33:46 +00:00
30fe5afe17 Accepting request 902778 from home:favogt:branches:security
- update to version 5.1.1:
  - tpm2_import: fix fixed AES key CVE-2021-3565
    - tpm2_import used a fixed AES key for the inner wrapper, which means that
      a MITM attack would be able to unwrap the imported key. To fix this,
      ensure the key size is 16 bytes or bigger and use OpenSSL to generate a
      secure random AES key.
- Avoid pandoc build dependency, use prebuilt man pages everywhere
- Drop 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch, now upstream
- Drop _service, unused
- Drop unused unzip build dependency
- Drop autoreconfigure call, no longer necessary
- Use %autosetup
- Verify tarball signature
- Build against efivar
- Drop %check section, tests weren't built, so that was a noop

OBS-URL: https://build.opensuse.org/request/show/902778
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=80
2021-06-28 09:47:58 +00:00
Dominique Leuenberger
6158f57fbf Accepting request 900775 from security
- Add 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch to fix the
  tpm2_eventlog command (boo#1187360) (forwarded request 900773 from aplanas)

OBS-URL: https://build.opensuse.org/request/show/900775
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=28
2021-06-19 21:04:13 +00:00
45f5061ef4 Accepting request 900773 from home:aplanas:branches:security
- Add 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch to fix the
  tpm2_eventlog command (boo#1187360)

OBS-URL: https://build.opensuse.org/request/show/900773
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=78
2021-06-18 14:57:05 +00:00
Dominique Leuenberger
a84093771b Accepting request 900549 from security
- Add 0001-tpm2_checkquote-fix-uninitialized-variable.patch for a better
  fix of boo#1187316
- Re-enable lto (forwarded request 900548 from aplanas)

OBS-URL: https://build.opensuse.org/request/show/900549
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=27
2021-06-18 08:13:56 +00:00
ce6c7778e0 Accepting request 900548 from home:aplanas:branches:security
- Add 0001-tpm2_checkquote-fix-uninitialized-variable.patch for a better
  fix of boo#1187316
- Re-enable lto

OBS-URL: https://build.opensuse.org/request/show/900548
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=76
2021-06-17 09:37:22 +00:00
Dominique Leuenberger
b042d28e80 Accepting request 900121 from security
- Disable lto to fix tpm2_checkquote error (boo#1187316)
- Update service file to point to the correct revision (forwarded request 900118 from aplanas)

OBS-URL: https://build.opensuse.org/request/show/900121
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=26
2021-06-15 14:38:07 +00:00
6478528698 Accepting request 900118 from home:aplanas:branches:security
- Disable lto to fix tpm2_checkquote error (boo#1187316)
- Update service file to point to the correct revision

OBS-URL: https://build.opensuse.org/request/show/900118
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=74
2021-06-15 09:48:43 +00:00
Dominique Leuenberger
e97ee890ce Accepting request 899908 from security
OBS-URL: https://build.opensuse.org/request/show/899908
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=25
2021-06-14 21:11:13 +00:00
3d2db2a128 Accepting request 898108 from home:dimstar:Factory
- Do not BuildRequire pandoc on ix86 architectures: the haskell
  stack is not supported on intel 32bit archs.

OBS-URL: https://build.opensuse.org/request/show/898108
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=72
2021-06-14 08:57:05 +00:00
Dominique Leuenberger
9751b0d045 Accepting request 895955 from security
- add 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch: no longer use a
  fixed AES key in the context of the tpm2_import command. Fixes CVE-2021-3565
  (bsc#1186490).
- drop fix_pie_linking.patch: now contained in upstream tarball
- drop fix_warnings.patch: now contained in upstream tarball
- update to upstream version 5.1:
  - Minimum tpm2-tss version dependency bumped to 3.1.0
  - Minimum tpm2-abrmd version dependency bumped to 2.4.0
  - tss2:
    - Support in tools for PolicyRef inclusion in policy search per latest TSS.
    - Support to use TPM objects protected by a policy with PolicySigned.
    - Enable backward compatibility to old Fapi callback API.
    - Fix PCR selection for tss2 quote.
    - Support policy signed policies by implementing Fapi_SetSignCB.
  - Command/ response parameter support for auditing and pHash policies:
    - lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash
    - Add support to calculate rphash for tpm2_create, tpm2_activatecredential,
      tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps,
      tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal
    - Add support to calculate cphash for tpm2_changeeps, tpm2_changepps.
  - Session-support:
    - tpm2_sessionconfig: Add tool to display and configure session attributes.
    - tpm2_getrandom: Fix— session input was hardcoded for audit-only
    - tpm2_startauthsession: Add option to specify the bind object  and its
      authorization value.
    - tpm2_startauthsession: support for bounded-only session.
    - tpm2_startauthsession: support for salted-only session.
    - tpm2_startauthsession: add option to specify an hmac session type.
    - Add support for specifying non-authorization sessions for audit and
      parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend,

OBS-URL: https://build.opensuse.org/request/show/895955
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=24
2021-06-01 08:38:02 +00:00
b000df49d3 - add 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch: no longer use a
fixed AES key in the context of the tpm2_import command. Fixes CVE-2021-3565
  (bsc#1186490).
- drop fix_pie_linking.patch: now contained in upstream tarball
- drop fix_warnings.patch: now contained in upstream tarball
- update to upstream version 5.1:
  - Minimum tpm2-tss version dependency bumped to 3.1.0
  - Minimum tpm2-abrmd version dependency bumped to 2.4.0
  - tss2:
    - Support in tools for PolicyRef inclusion in policy search per latest TSS.
    - Support to use TPM objects protected by a policy with PolicySigned.
    - Enable backward compatibility to old Fapi callback API.
    - Fix PCR selection for tss2 quote.
    - Support policy signed policies by implementing Fapi_SetSignCB.
  - Command/ response parameter support for auditing and pHash policies:
    - lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash
    - Add support to calculate rphash for tpm2_create, tpm2_activatecredential,
      tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps,
      tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal
    - Add support to calculate cphash for tpm2_changeeps, tpm2_changepps.
  - Session-support:
    - tpm2_sessionconfig: Add tool to display and configure session attributes.
    - tpm2_getrandom: Fix— session input was hardcoded for audit-only
    - tpm2_startauthsession: Add option to specify the bind object  and its
      authorization value.
    - tpm2_startauthsession: support for bounded-only session.
    - tpm2_startauthsession: support for salted-only session.
    - tpm2_startauthsession: add option to specify an hmac session type.
    - Add support for specifying non-authorization sessions for audit and
      parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend,

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=70
2021-05-28 10:32:05 +00:00
Dominique Leuenberger
b165e43c84 Accepting request 890270 from security
- fix `--version` output of tools. Since now autoreconf is called and
  configure.ac attempts to fetch the version from git (which we don't have
  during building), the version was empty. Fix this by replacing the git
  invocation in configure.ac.

OBS-URL: https://build.opensuse.org/request/show/890270
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=23
2021-05-04 20:01:01 +00:00
d836ba0360 - fix --version output of tools. Since now autoreconf is called and
configure.ac attempts to fetch the version from git (which we don't have
  during building), the version was empty. Fix this by replacing the git
  invocation in configure.ac.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=68
2021-05-04 08:56:15 +00:00
f914fdbf72 explicitly mark %license
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=67
2021-02-02 12:23:20 +00:00
722545cd47 note about download_files magic
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=66
2021-01-29 13:09:40 +00:00
Dominique Leuenberger
bd294f5c13 Accepting request 867453 from security
- add fix_warnings.patch: fixes a couple of build errors resulting from LTO
  linking and -Werror.
- add fix_pie_linking.patch: fixes an error in the build system that causes
  the tss2 binary to be linked without passed LDFLAGS (like -pie), which
  causes the binary not to be position independent.
- update to major version 5.0:
  - Non Backwards Compatible Changes
    * Default hash algorithm is now sha256. Prior versions claimed sha1, but were
      inconsistent in choice. Best practice is to specify the hash algorithm to
      avoid surprises.
    * tpm2_tools and tss2_tools are now a busybox style commandlet. Ie
      tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks
      to the old tool names and the tpm2 commandlet will interrogate argv[0] for
      the command to run. This will provide backwards compatibility if they are
      installed. If you wish to use the old names not installed system wide, set
      DESTDIR during install to a separate path and set the proper directory on
      PATH.
    * tpm2_eventlog's output changed to be YAML compliant. The output before
      was intended to be YAML compliant but was never properly checked and
      tested.
    * umask set to 0117 for all tools.
    * tpm2_getekcertificate now outputs the INTC EK certificates in PEM format
      by default. In order to output the URL safe variant of base64 encoded
      output of the INTC EK certificate use the added option --raw.
  - Dependency update
    * Update tpm2-tss dependency version to 3.0.1
    * Update tpm2-abrmd dependency version to 2.3.3
  - New tools and features
    * tpm2_zgen2phase: Add new tool to support command TPM2_CC_ZGen_2Phase.
    * tpm2_ecdhzgen: Add new tool to support command TPM2_CC_ECDH_ZGen.

OBS-URL: https://build.opensuse.org/request/show/867453
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=22
2021-01-28 20:29:02 +00:00
a5a59f0dae - add fix_pie_linking.patch: fixes an error in the build system that causes
the tss2 binary to be linked without passed LDFLAGS (like -pie), which
  causes the binary not to be position independent.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=64
2021-01-28 11:16:25 +00:00
784ccd7c1d - add fix_warnings.patch: fixes a couple of build errors resulting from LTO
linking and -Werror.
- update to major version 5.0:
  - Non Backwards Compatible Changes
    * Default hash algorithm is now sha256. Prior versions claimed sha1, but were
      inconsistent in choice. Best practice is to specify the hash algorithm to
      avoid surprises.
    * tpm2_tools and tss2_tools are now a busybox style commandlet. Ie
      tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks
      to the old tool names and the tpm2 commandlet will interrogate argv[0] for
      the command to run. This will provide backwards compatibility if they are
      installed. If you wish to use the old names not installed system wide, set
      DESTDIR during install to a separate path and set the proper directory on
      PATH.
    * tpm2_eventlog's output changed to be YAML compliant. The output before
      was intended to be YAML compliant but was never properly checked and
      tested.
    * umask set to 0117 for all tools.
    * tpm2_getekcertificate now outputs the INTC EK certificates in PEM format
      by default. In order to output the URL safe variant of base64 encoded
      output of the INTC EK certificate use the added option --raw.
  - Dependency update
    * Update tpm2-tss dependency version to 3.0.1
    * Update tpm2-abrmd dependency version to 2.3.3
  - New tools and features
    * tpm2_zgen2phase: Add new tool to support command TPM2_CC_ZGen_2Phase.
    * tpm2_ecdhzgen: Add new tool to support command TPM2_CC_ECDH_ZGen.
    * tpm2_ecdhkeygen: Add new tool to support command TPM2_CC_ECDH_KeyGen.
    * tpm2_commit: Add new tool to support command TPM2_CC_Commit.
    * tpm2_ecephemeral: Add new tool to support command TPM2_CC_EC_Ephemeral.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=63
2021-01-28 10:50:59 +00:00
Dominique Leuenberger
143120c460 Accepting request 843599 from security
- update to version 4.3:
  - changes in version 4.3:
    - tss2_*: Fix double-free errors in commands asking for password authorization
    - tss2_*: Fix shorthand command -f that was falsely requiring an argument
    - tss2_*: Update tss2_encrypt to the new FAPI interface
    - The argument 'policyPath' is removed which was never read anyway
    - tss2_*: Remove the additional '\n' that was appended when redirecting to stdout
    - tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec
    - tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo
    - tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout
    - tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec
    - tss2_*: Add parameter types to all man page
    - tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data
    - tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output
    - tss2_pcrextend: fix extending PCR 0
    - tss2_quote: fix unused TSS2_RC in LOG_ERR
  - changes in 4.2.1:
    - Fix missing handle maps for ESY3 handle breaks. See #1994.
    - Bump ESYS minimum dependency version from 2.3.0 to 2.4.0.
    - Fix for loop declarations build error.
  - changes in 4.2:
    - Fix various issues reported by static analysis tools.
    - Add integration test for ECC based getekcertificate.
    - Fix for issue #1959 where ARM builds were failing.
    - Add a check in autotools to add "expect" as a package dependency for fapi tools.
    - tpm2_createek: Drop the unused -p or --ek-auth option
    - tpm2_policyor: List of policy files should be specified as an argument
    - instead of -l option. The -l option is still retained for backwards
    - compatibility. See issue#1894.
    - tpm2_eventlog: add a tool for parsing and displaying the event log.

OBS-URL: https://build.opensuse.org/request/show/843599
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=21
2020-10-28 10:25:39 +00:00
106c7bd534 OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=61 2020-10-22 13:54:22 +00:00
9cd18c2c7f OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=60 2020-10-22 13:44:19 +00:00
58f4c3e7dc OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=59 2020-10-22 13:30:56 +00:00
756009e46c - update to version 4.3:
- changes in version 4.3:
    - tss2_*: Fix double-free errors in commands asking for password authorization
    - tss2_*: Fix shorthand command -f that was falsely requiring an argument
    - tss2_*: Update tss2_encrypt to the new FAPI interface
    - The argument 'policyPath' is removed which was never read anyway
    - tss2_*: Remove the additional '\n' that was appended when redirecting to stdout
    - tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec
    - tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo
    - tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout
    - tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec
    - tss2_*: Add parameter types to all man page
    - tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data
    - tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output
    - tss2_pcrextend: fix extending PCR 0
    - tss2_quote: fix unused TSS2_RC in LOG_ERR
  - changes in 4.2.1:
    - Fix missing handle maps for ESY3 handle breaks. See #1994.
    - Bump ESYS minimum dependency version from 2.3.0 to 2.4.0.
    - Fix for loop declarations build error.
  - changes in 4.2:
    - Fix various issues reported by static analysis tools.
    - Add integration test for ECC based getekcertificate.
    - Fix for issue #1959 where ARM builds were failing.
    - Add a check in autotools to add "expect" as a package dependency for fapi tools.
    - tpm2_createek: Drop the unused -p or --ek-auth option
    - tpm2_policyor: List of policy files should be specified as an argument
    - instead of -l option. The -l option is still retained for backwards
    - compatibility. See issue#1894.
    - tpm2_eventlog: add a tool for parsing and displaying the event log.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=58
2020-10-22 12:14:07 +00:00
Dominique Leuenberger
f15d2d4306 Accepting request 755855 from security
! please handle this together with sr#755853 for tpm2-0-tss !

- add fix_bad_bufsize.patch: fixes findings from compile time fread() checks
  that indicate bad buffer size specification.
- add fix_bogus_warning.patch: fixes `maybe-unitialized` warnings that are
  bogus, since the variables in questions will be initialized in any case
  later on.

- update to major version 4.1:
  - changes in version 4.1:
    * tpm2_certifycreation: New tool enabling command TPM2_CertifyCreation.
    
    * tpm2_checkquote:
       - Fix YAML output bug.
       - -g option for specifying hash algorithm is optional and defaults to
         sha256.
    
    * tpm2_changeeps: A new tool for changing the Endorsement hierarchy
      primary seed.
    
    * tpm2_changepps: A new tool for changing the Platform hierarchy primary seed.
    
    * tpm2_clockrateadjust: Add a new tool for modifying the period on the TPM.
    
    * tpm2_create: Add tool options for specifying output data for use in
      certification
      - --creation-data to save the creation data
      - --creation-ticket or -t to save the creation ticket
      - --creation-hash or -d to save the creation hash
      - --template-data for saving the template data of the key
      - --outside-info or -q for specifying unique data to include in creation data.
      - --pcr-list or -l  Add option to specify pcr list to add to creation data.

OBS-URL: https://build.opensuse.org/request/show/755855
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tpm2.0-tools?expand=0&rev=20
2019-12-18 13:44:47 +00:00
4d75d747d9 correct bogus_warning_patch
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=56
2019-12-11 13:32:27 +00:00
2100671155 - add fix_bad_bufsize.patch: fixes findings from compile time fread() checks
that indicate bad buffer size specification.
- add fix_bogus_warning.patch: fixes `maybe-unitialized` warnings that are
  bogus, since the variables in questions will be initialized in any case
  later on.

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=55
2019-12-11 13:30:50 +00:00
394bb79c04 - update to major version 4.1:
- changes in version 4.1:
    * tpm2_certifycreation: New tool enabling command TPM2_CertifyCreation.
    
    * tpm2_checkquote:
       - Fix YAML output bug.
       - -g option for specifying hash algorithm is optional and defaults to
         sha256.
    
    * tpm2_changeeps: A new tool for changing the Endorsement hierarchy
      primary seed.
    
    * tpm2_changepps: A new tool for changing the Platform hierarchy primary seed.
    
    * tpm2_clockrateadjust: Add a new tool for modifying the period on the TPM.
    
    * tpm2_create: Add tool options for specifying output data for use in
      certification
      - --creation-data to save the creation data
      - --creation-ticket or -t to save the creation ticket
      - --creation-hash or -d to save the creation hash
      - --template-data for saving the template data of the key
      - --outside-info or -q for specifying unique data to include in creation data.
      - --pcr-list or -l  Add option to specify pcr list to add to creation data.
    
    * tpm2_createprimary: Add tool options for specifying output data for use
      in certification
      - --creation-data to save the creation data
      - --creation-ticket or -t to save the creation ticket
      - --creation-hash or -d to save the creation hash

OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=54
2019-12-11 12:45:49 +00:00