CHANGES - changes for swtpm version 0.9.0: Note: The SElinux policy for swtpm was completely redone. For systems with an SELinux policy the same policy (>= 40.17) as used in Fedora >= 40 is required due to changes in labels related to libvirt that made the re-development of the SELinux policy necessary. - swtpm: - Use umask() to create/truncated state file rather than fchmod() - Use fchmod to set mode bits provided by user - Replace mkstemp with g_mkstemp_full (Coverity) - fix typo in help message - cuse: Fix Coverity complaints regarding locks - Fix double free in error path - Close fd after main loop - Restore logging to stderr on log open failure - swtpm_setup: - Fail --pcr-banks without --tpm2 - Fail --decryption or --allow-signing without --tpm2 - Initialized @argv in get_swtpm_capabilities() - Flush spk after persisting to create room for another key - Refactor duplicate code into swtpm_tpm2_write_cert_nvram - Move persisting of certificate into tpm2_persist_certificate - Pass key_type to function creating filename for key - Add scheme parameter before curveid to createprimary_ecc - Rename is_ek to preserve for future extension - Mask-out EK and plaform certificate flags and set cert_flags - Move common code into new function read_certificate_file() - Exit with '0' upon --version rather than '1' - Close file descriptors passed to swtpm process on parent side - Make stdout unbuffered - Use medium duration on TSC_PhysicalPresence to avoid timeouts - Add poll() after write() and before read() to detect errors - swtpm_localca: - Add support for up to 20 bytes serial numbers - Introduce --key as more generic alias for --ek - Add missing NULL option to end of array - Make stdout unbuffered - swtpm_cert: - Add support for serial numbers up to 20 bytes long - swtpm_ioctl: - Separate return code from flags - Repeatedly call PTM_GET_INFO for long responses - selinux: - Re-add rule for svirt_tcg_t and user_tmp_t:sock_file (virt-install) - New SELinux policy that requires Fedora 40 or later - tests: - Fixed occurrences of stray '\' before '-' - Rearrange order of test cases to run some also as 'root' - Add tests for command line options and combinations of options - Add softhsm_setup to shellcheck'ed files and fix issues - Add missing 'exit 1' on unexpected file size on --reconfigure - Add test cases for swtpm_cert with max serial number - Fix spelling mistakes - reformat regexs for easier readability and extension - ibmtss2: Add patch to disable x509 test with older libtpms - Upgrade to ibmtss2 v2.0.1 - Fixed several issues detected by shellcheck - build-sys: - Add support for --disable-tests to disable tests - Display GMP_LIBS and GMP_CFLAGS - Only display warning if pkg-config for gmp fails - Add gmp library and devel package as dependency - use PKG_CHECK_MODULES to check libtpms version - rpm: - Add gmp library and devel package as dependency - Split off SELinux files to build an selinux package - debian: - Sync AppArmor profile with what is used by Ubuntu - Add gmp library and devel package as dependency - Allow apparmor access to qemu session bus swtpm files version 0.8.0: - swtpm: - Implement release-lock-outgoing parameter for --migration option - Introduce --migration option and 'incoming' parameter - Implement terminate parameter for ctrl channel loss - Add a chroot option - Introduce disable-auto-shutdown flag for --flags option - If necessary send TPM2_Shutdown() before TPMLIB_Terminate() - Add some more recent syscalls to seccomp profile - Disable OpenSSL FIPS mode to avoid libtpms failures - Avoid locking directory multiple times - Remove support for pre-v0.1 state files without header - Use uint64_t in tlv_data_append() to avoid integer overflows - Use uint64_t to avoid integer wrap-around when adding a uint32_t - Do not chdir(/) when using --daemon - Check header size indicator against expected size (CVE-2022-23645) - Fixes for gcc 12.2.1 -fanalyzer - build-sys: - Fix configure script to support _FORTIFY_SOURCE=3 - Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin) - swtpm-localca: - Re-implement variable resolution for swtpm-localca.conf - Test for available issuercert before creating CA - swtpm_setup: - Configure swtpm to log to stdout/err if needed (glib >=2.74) - tests: - Use ${WORKDIR} in config files to test env. var replacement - Patch IBM TSS2 test suite for OpenSSL 3.x - build-sys: - Add probing for -fstack-protector version 0.7.0: - swtpm: - Support for linear file storage backend (file://) - Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what libtpms supports - Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs - Wipe keys from stack and heap - Many other small changes - Make --daemon not racy - swtpm_setup: - Only activate SHA256 PCR bank, not SHA1 bank anymore by default - Support for linear file storage backend (file://) - Implement option --create-config-files to create config files - Use non-deprecated APIs to contruct RSA key (OSSL 3) - Report stderr as returned by external tool (swtpm-localcal) - Replace '+' and ',' characters in VMId's to make work with common name in X509 subject - Add support for --reconfigure flag to change active PCR banks - swtpm_localca: - Created certificates for CAs and TPM that do not expire - swtpm_cert: - Allow passing -1 for days to get a non-expiring certificate - test: - ASAN-related test changes and skipping of tests if ASAN is used - Fix tests using tpm2-abrmd by preventing concurrency - Skip chardev related tests after checking for chardev support - exit with error code if mktemp fails - OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test - build-sys: - Introduce --enable-sanitizers to configure - Remove check for pip3 that was used by python swtpm_setup - Allow passing of aditional CFLAGS during build version 0.6.0: - swtpm: - Fix --print-capabilities for 'swtpm chardev' - Various cleanups and fixes (coverity) - Addressed potential symlink attack issue (CVE-2020-28407) - swtpm_setup: - Rewritten in 'C'; needs json-glib - Addressed potential symlink attack issue (CVE-2020-28407) - swtpm_ioctl: - Use timeouts for communicating with swtpm (Unix socket) - swtpm-localca: - Rewritten in 'C' - tests: - Use the IBM TSS2 v1.6.0's test suite - Store and also restore the volatile state at every step when running IBM TSS2 test suite - Various cleanup - build-sys: - Add HARDENING_CFLAGS and _LDFLAGS to all C programs version 0.5.0: - swtpm: - Write files atomically using a temp file and then renaming - swtpm_setup: - Removed remaining 'c' wrapper program - Do not truncate logfile when testing write-access (regression) - Remove TPM state file in case error occurred - swtpm-localca: - Rewrite in python - Allow passing pkcs11 PIN using signingkey_password - Allow passing environment variables needed for pkcs11 modules using swtpm-localca.conf and format 'env:VARNAME=VALUE'. - build-sys: - Add python-install and python-uninstall targets - Add configure option to disable installation of Python module - Use -Wl,-z,relro and -Wl,-z,now only when linking (clang) - Use AC_LINK_IFELSE to check whether support for hardening flags version 0.4.0: - swtpm: - Invoke print capabilities after choosing TPM version - Add some recent syscalls to seccomp blacklist - swtpm_cert: - Support --ecc-curveid option to pass curve id - swtpm_setup & related scripts: - Rewrite swtpm_setup.sh in python with TPM 1.2 not requiring tcsd and TPM tools anymore; new dependencies: - python3: pip, cryptography, setuptools dropped dependencies for swtpm_setup: - tcsd, expect, tpm-tools (some still needed for pkcs11 tests) - Added support for RSA 3072 keys (for libtpms-0.8.0) and moved to ECC NIST P384 curve; default RSA key size is still 2048 - Added support for --rsa-keysize option - Extend script to create a CA using a TPM 2 for signing - tests: - Use the IBM TSS2 v1.5.0's test suite - Add test case for loading of an NVRAM completely full with keys - Have softhsm_setup use temporary directory for softhsm config & state - various other improvements - man pages: - Improvements - build-sys: - clang: properly test for linker flag 'now' and 'relro' - Gentoo: explicitly link libswtpm_libtpms with -lcrypto - Ownership of /var/lib/swtpm-localca is now tss:root and mode flags 0750. version 0.3.0: - swtpm: - Support for applying 'TPM Startup' command during initialization - Use writev_full rather than writev; fixes --vtpm-proxy EIO error - Only accept() new client ctrl connection if we have none (bugfix) - swtpm_setup & related scripts: - Support whitespaces in filenames and paths - Do not fail on future PCR banks' hashes - swtpm_cert: - Fix OIDs for TPM 2 platforms data - Option parsing cleanup - Support for passing password in various forms - Use gnutls_x509_crt_get_subject_key_id API call for subj keyId - Support 64bit serial numbers read from command line - swtpm_ioctl: - Block SIGPIPE so we can get EPIPE on write() - swtpm_bios: - Block SIGPIPE so we can get EPIPE on write() - tests: - Increased timeouts and better support for running tests with executables run by valgrind - Allow running tests with choice of seccomp profile option (SWTPM_TEST_SECCOMP_OPT) to enable building for Ubuntu - Various cleanups & fixes - SELinux: - More rules added for support on F30 version 0.2.0: - Linux: swtpm now runs with a seccomp profile (blacklist) if compiled with libseccomp support - Added subpport for passing key and passphrase via file descriptor - TPM 2 commands can now be prefixed by 'the TCG header' and responses will have a 4-byte prefix and 4-byte suffix. - Added --print-capabilities command line option - Proper handling on EINTR on read, poll, and write version 0.1.0: first public release