linking and -Werror.
- update to major version 5.0:
- Non Backwards Compatible Changes
* Default hash algorithm is now sha256. Prior versions claimed sha1, but were
inconsistent in choice. Best practice is to specify the hash algorithm to
avoid surprises.
* tpm2_tools and tss2_tools are now a busybox style commandlet. Ie
tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks
to the old tool names and the tpm2 commandlet will interrogate argv[0] for
the command to run. This will provide backwards compatibility if they are
installed. If you wish to use the old names not installed system wide, set
DESTDIR during install to a separate path and set the proper directory on
PATH.
* tpm2_eventlog's output changed to be YAML compliant. The output before
was intended to be YAML compliant but was never properly checked and
tested.
* umask set to 0117 for all tools.
* tpm2_getekcertificate now outputs the INTC EK certificates in PEM format
by default. In order to output the URL safe variant of base64 encoded
output of the INTC EK certificate use the added option --raw.
- Dependency update
* Update tpm2-tss dependency version to 3.0.1
* Update tpm2-abrmd dependency version to 2.3.3
- New tools and features
* tpm2_zgen2phase: Add new tool to support command TPM2_CC_ZGen_2Phase.
* tpm2_ecdhzgen: Add new tool to support command TPM2_CC_ECDH_ZGen.
* tpm2_ecdhkeygen: Add new tool to support command TPM2_CC_ECDH_KeyGen.
* tpm2_commit: Add new tool to support command TPM2_CC_Commit.
* tpm2_ecephemeral: Add new tool to support command TPM2_CC_EC_Ephemeral.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=63
- changes in version 4.3:
- tss2_*: Fix double-free errors in commands asking for password authorization
- tss2_*: Fix shorthand command -f that was falsely requiring an argument
- tss2_*: Update tss2_encrypt to the new FAPI interface
- The argument 'policyPath' is removed which was never read anyway
- tss2_*: Remove the additional '\n' that was appended when redirecting to stdout
- tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec
- tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo
- tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout
- tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec
- tss2_*: Add parameter types to all man page
- tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data
- tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output
- tss2_pcrextend: fix extending PCR 0
- tss2_quote: fix unused TSS2_RC in LOG_ERR
- changes in 4.2.1:
- Fix missing handle maps for ESY3 handle breaks. See #1994.
- Bump ESYS minimum dependency version from 2.3.0 to 2.4.0.
- Fix for loop declarations build error.
- changes in 4.2:
- Fix various issues reported by static analysis tools.
- Add integration test for ECC based getekcertificate.
- Fix for issue #1959 where ARM builds were failing.
- Add a check in autotools to add "expect" as a package dependency for fapi tools.
- tpm2_createek: Drop the unused -p or --ek-auth option
- tpm2_policyor: List of policy files should be specified as an argument
- instead of -l option. The -l option is still retained for backwards
- compatibility. See issue#1894.
- tpm2_eventlog: add a tool for parsing and displaying the event log.
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=58
- changes in version 4.1:
* tpm2_certifycreation: New tool enabling command TPM2_CertifyCreation.
* tpm2_checkquote:
- Fix YAML output bug.
- -g option for specifying hash algorithm is optional and defaults to
sha256.
* tpm2_changeeps: A new tool for changing the Endorsement hierarchy
primary seed.
* tpm2_changepps: A new tool for changing the Platform hierarchy primary seed.
* tpm2_clockrateadjust: Add a new tool for modifying the period on the TPM.
* tpm2_create: Add tool options for specifying output data for use in
certification
- --creation-data to save the creation data
- --creation-ticket or -t to save the creation ticket
- --creation-hash or -d to save the creation hash
- --template-data for saving the template data of the key
- --outside-info or -q for specifying unique data to include in creation data.
- --pcr-list or -l Add option to specify pcr list to add to creation data.
* tpm2_createprimary: Add tool options for specifying output data for use
in certification
- --creation-data to save the creation data
- --creation-ticket or -t to save the creation ticket
- --creation-hash or -d to save the creation hash
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=54
- Restore support for the TPM2TOOLS_* env vars for TCTI configuration, in
addition to supporting the new unified TPM2TOOLS_ENV_TCTI
- Fix tpm2_getcap to print properties with the TPM_PT prefix, rather than
TPM2_PT
- Make test_tpm2_activecredential Python 3 compatible
- Fix tpm2_takeownership to only attempt to change the specified hierarchies
- use a _service file to sync with upstream tags
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=50