Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2025-08-22 19:04:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
stable-0.4
swtpm/CHANGES
Stefan Berger 2df14e343b CHANGES: Adjust v0.4.2 release entry 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2020-11-17 15:44:37 -05:00

83 lines
3.2 KiB
Plaintext
Raw Permalink Blame History

CHANGES - changes for swtpm
version 0.4.2:
- swtpm & swtpm_setup:
- Addressed potential symlink attack issue (CVE-2020-28407)
version 0.4.1:
- swtpm_setup:
- Do not hardcode '/etc' but use SYSCONFDIR
- Fix support for -h and -? options
- Add missing .config path when using ${HOME}
- swtpm-localca:
- Apply password for signing key when creating platform cert
- Properly apply passwords for localca signing key
version 0.4.0:
- swtpm:
- Invoke print capabilities after choosing TPM version
- Add some recent syscalls to seccomp blacklist
- swtpm_cert:
- Support --ecc-curveid option to pass curve id
- swtpm_setup & related scripts:
- Rewrite swtpm_setup.sh in python with TPM 1.2 not requiring tcsd
and TPM tools anymore; new dependencies:
- python3: pip, cryptography, setuptools
dropped dependencies for swtpm_setup:
- tcsd, expect, tpm-tools (some still needed for pkcs11 tests)
- Added support for RSA 3072 keys (for libtpms-0.8.0) and moved to
ECC NIST P384 curve; default RSA key size is still 2048
- Added support for --rsa-keysize option
- Extend script to create a CA using a TPM 2 for signing
- tests:
- Use the IBM TSS2 v1.5.0's test suite
- Add test case for loading of an NVRAM completely full with keys
- Have softhsm_setup use temporary directory for softhsm config & state
- various other improvements
- man pages:
- Improvements
- build-sys:
- clang: properly test for linker flag 'now' and 'relro'
- Gentoo: explicitly link libswtpm_libtpms with -lcrypto
- Ownership of /var/lib/swtpm-localca is now tss:root and
mode flags 0750.
version 0.3.0:
- swtpm:
- Support for applying 'TPM Startup' command during initialization
- Use writev_full rather than writev; fixes --vtpm-proxy EIO error
- Only accept() new client ctrl connection if we have none (bugfix)
- swtpm_setup & related scripts:
- Support whitespaces in filenames and paths
- Do not fail on future PCR banks' hashes
- swtpm_cert:
- Fix OIDs for TPM 2 platforms data
- Option parsing cleanup
- Support for passing password in various forms
- Use gnutls_x509_crt_get_subject_key_id API call for subj keyId
- Support 64bit serial numbers read from command line
- swtpm_ioctl:
- Block SIGPIPE so we can get EPIPE on write()
- swtpm_bios:
- Block SIGPIPE so we can get EPIPE on write()
- tests:
- Increased timeouts and better support for running tests with
executables run by valgrind
- Allow running tests with choice of seccomp profile option
(SWTPM_TEST_SECCOMP_OPT) to enable building for Ubuntu
- Various cleanups & fixes
- SELinux:
- More rules added for support on F30
version 0.2.0:
- Linux: swtpm now runs with a seccomp profile (blacklist) if compiled with
libseccomp support
- Added subpport for passing key and passphrase via file descriptor
- TPM 2 commands can now be prefixed by 'the TCG header' and responses will
have a 4-byte prefix and 4-byte suffix.
- Added --print-capabilities command line option
- Proper handling on EINTR on read, poll, and write
version 0.1.0:
first public release
Reference in New Issue View Git Blame Copy Permalink