mirror of
https://github.com/stefanberger/swtpm.git
synced 2025-08-22 19:04:35 +00:00
29d533fbfe
Users should use swtpm >= 0.10.0, since it handles SHA1 signatures better. This version needs users to set OPENSSL_ENABLE_SHA1_SIGNATURES=1 for swtpm to be able to sign a SHA1. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
246 lines
10 KiB
Plaintext
246 lines
10 KiB
Plaintext
CHANGES - changes for swtpm
|
|
|
|
Note: Use swtpm >= 0.10.0 since it handles signing of SHA1 better.
|
|
This version of swtpm requires OPENSSL_ENABLE_SHA1_SIGNATURES=1 env.
|
|
variable to be set to be allowed to sign a SHA1!
|
|
|
|
version 0.9.0:
|
|
Note: The SElinux policy for swtpm was completely redone. For systems
|
|
with an SELinux policy the same policy (>= 40.17) as used in
|
|
Fedora >= 40 is required due to changes in labels related to libvirt
|
|
that made the re-development of the SELinux policy necessary.
|
|
- swtpm:
|
|
- Use umask() to create/truncated state file rather than fchmod()
|
|
- Use fchmod to set mode bits provided by user
|
|
- Replace mkstemp with g_mkstemp_full (Coverity)
|
|
- fix typo in help message
|
|
- cuse: Fix Coverity complaints regarding locks
|
|
- Fix double free in error path
|
|
- Close fd after main loop
|
|
- Restore logging to stderr on log open failure
|
|
- swtpm_setup:
|
|
- Fail --pcr-banks without --tpm2
|
|
- Fail --decryption or --allow-signing without --tpm2
|
|
- Initialized @argv in get_swtpm_capabilities()
|
|
- Flush spk after persisting to create room for another key
|
|
- Refactor duplicate code into swtpm_tpm2_write_cert_nvram
|
|
- Move persisting of certificate into tpm2_persist_certificate
|
|
- Pass key_type to function creating filename for key
|
|
- Add scheme parameter before curveid to createprimary_ecc
|
|
- Rename is_ek to preserve for future extension
|
|
- Mask-out EK and plaform certificate flags and set cert_flags
|
|
- Move common code into new function read_certificate_file()
|
|
- Exit with '0' upon --version rather than '1'
|
|
- Close file descriptors passed to swtpm process on parent side
|
|
- Make stdout unbuffered
|
|
- Use medium duration on TSC_PhysicalPresence to avoid timeouts
|
|
- Add poll() after write() and before read() to detect errors
|
|
- swtpm_localca:
|
|
- Add support for up to 20 bytes serial numbers
|
|
- Introduce --key as more generic alias for --ek
|
|
- Add missing NULL option to end of array
|
|
- Make stdout unbuffered
|
|
- swtpm_cert:
|
|
- Add support for serial numbers up to 20 bytes long
|
|
- swtpm_ioctl:
|
|
- Separate return code from flags
|
|
- Repeatedly call PTM_GET_INFO for long responses
|
|
- selinux:
|
|
- Re-add rule for svirt_tcg_t and user_tmp_t:sock_file (virt-install)
|
|
- New SELinux policy that requires Fedora 40 or later
|
|
- tests:
|
|
- Fixed occurrences of stray '\' before '-'
|
|
- Rearrange order of test cases to run some also as 'root'
|
|
- Add tests for command line options and combinations of options
|
|
- Add softhsm_setup to shellcheck'ed files and fix issues
|
|
- Add missing 'exit 1' on unexpected file size on --reconfigure
|
|
- Add test cases for swtpm_cert with max serial number
|
|
- Fix spelling mistakes
|
|
- reformat regexs for easier readability and extension
|
|
- ibmtss2: Add patch to disable x509 test with older libtpms
|
|
- Upgrade to ibmtss2 v2.0.1
|
|
- Fixed several issues detected by shellcheck
|
|
- build-sys:
|
|
- Add support for --disable-tests to disable tests
|
|
- Display GMP_LIBS and GMP_CFLAGS
|
|
- Only display warning if pkg-config for gmp fails
|
|
- Add gmp library and devel package as dependency
|
|
- use PKG_CHECK_MODULES to check libtpms version
|
|
- rpm:
|
|
- Add gmp library and devel package as dependency
|
|
- Split off SELinux files to build an selinux package
|
|
- debian:
|
|
- Sync AppArmor profile with what is used by Ubuntu
|
|
- Add gmp library and devel package as dependency
|
|
- Allow apparmor access to qemu session bus swtpm files
|
|
|
|
version 0.8.0:
|
|
- swtpm:
|
|
- Implement release-lock-outgoing parameter for --migration option
|
|
- Introduce --migration option and 'incoming' parameter
|
|
- Implement terminate parameter for ctrl channel loss
|
|
- Add a chroot option
|
|
- Introduce disable-auto-shutdown flag for --flags option
|
|
- If necessary send TPM2_Shutdown() before TPMLIB_Terminate()
|
|
- Add some more recent syscalls to seccomp profile
|
|
- Disable OpenSSL FIPS mode to avoid libtpms failures
|
|
- Avoid locking directory multiple times
|
|
- Remove support for pre-v0.1 state files without header
|
|
- Use uint64_t in tlv_data_append() to avoid integer overflows
|
|
- Use uint64_t to avoid integer wrap-around when adding a uint32_t
|
|
- Do not chdir(/) when using --daemon
|
|
- Check header size indicator against expected size (CVE-2022-23645)
|
|
- Fixes for gcc 12.2.1 -fanalyzer
|
|
- build-sys:
|
|
- Fix configure script to support _FORTIFY_SOURCE=3
|
|
- Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin)
|
|
- swtpm-localca:
|
|
- Re-implement variable resolution for swtpm-localca.conf
|
|
- Test for available issuercert before creating CA
|
|
- swtpm_setup:
|
|
- Configure swtpm to log to stdout/err if needed (glib >=2.74)
|
|
- tests:
|
|
- Use ${WORKDIR} in config files to test env. var replacement
|
|
- Patch IBM TSS2 test suite for OpenSSL 3.x
|
|
- build-sys:
|
|
- Add probing for -fstack-protector
|
|
|
|
version 0.7.0:
|
|
- swtpm:
|
|
- Support for linear file storage backend (file://)
|
|
- Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what
|
|
libtpms supports
|
|
- Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs
|
|
- Wipe keys from stack and heap
|
|
- Many other small changes
|
|
- Make --daemon not racy
|
|
- swtpm_setup:
|
|
- Only activate SHA256 PCR bank, not SHA1 bank anymore by default
|
|
- Support for linear file storage backend (file://)
|
|
- Implement option --create-config-files to create config files
|
|
- Use non-deprecated APIs to contruct RSA key (OSSL 3)
|
|
- Report stderr as returned by external tool (swtpm-localcal)
|
|
- Replace '+' and ',' characters in VMId's to make work with
|
|
common name in X509 subject
|
|
- Add support for --reconfigure flag to change active PCR banks
|
|
- swtpm_localca:
|
|
- Created certificates for CAs and TPM that do not expire
|
|
- swtpm_cert:
|
|
- Allow passing -1 for days to get a non-expiring certificate
|
|
- test:
|
|
- ASAN-related test changes and skipping of tests if ASAN is used
|
|
- Fix tests using tpm2-abrmd by preventing concurrency
|
|
- Skip chardev related tests after checking for chardev support
|
|
- exit with error code if mktemp fails
|
|
- OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test
|
|
- build-sys:
|
|
- Introduce --enable-sanitizers to configure
|
|
- Remove check for pip3 that was used by python swtpm_setup
|
|
- Allow passing of aditional CFLAGS during build
|
|
|
|
version 0.6.0:
|
|
- swtpm:
|
|
- Fix --print-capabilities for 'swtpm chardev'
|
|
- Various cleanups and fixes (coverity)
|
|
- Addressed potential symlink attack issue (CVE-2020-28407)
|
|
- swtpm_setup:
|
|
- Rewritten in 'C'; needs json-glib
|
|
- Addressed potential symlink attack issue (CVE-2020-28407)
|
|
- swtpm_ioctl:
|
|
- Use timeouts for communicating with swtpm (Unix socket)
|
|
- swtpm-localca:
|
|
- Rewritten in 'C'
|
|
- tests:
|
|
- Use the IBM TSS2 v1.6.0's test suite
|
|
- Store and also restore the volatile state at every step when running
|
|
IBM TSS2 test suite
|
|
- Various cleanup
|
|
- build-sys:
|
|
- Add HARDENING_CFLAGS and _LDFLAGS to all C programs
|
|
|
|
version 0.5.0:
|
|
- swtpm:
|
|
- Write files atomically using a temp file and then renaming
|
|
- swtpm_setup:
|
|
- Removed remaining 'c' wrapper program
|
|
- Do not truncate logfile when testing write-access (regression)
|
|
- Remove TPM state file in case error occurred
|
|
- swtpm-localca:
|
|
- Rewrite in python
|
|
- Allow passing pkcs11 PIN using signingkey_password
|
|
- Allow passing environment variables needed for pkcs11 modules using
|
|
swtpm-localca.conf and format 'env:VARNAME=VALUE'.
|
|
- build-sys:
|
|
- Add python-install and python-uninstall targets
|
|
- Add configure option to disable installation of Python module
|
|
- Use -Wl,-z,relro and -Wl,-z,now only when linking (clang)
|
|
- Use AC_LINK_IFELSE to check whether support for hardening flags
|
|
|
|
version 0.4.0:
|
|
- swtpm:
|
|
- Invoke print capabilities after choosing TPM version
|
|
- Add some recent syscalls to seccomp blacklist
|
|
- swtpm_cert:
|
|
- Support --ecc-curveid option to pass curve id
|
|
- swtpm_setup & related scripts:
|
|
- Rewrite swtpm_setup.sh in python with TPM 1.2 not requiring tcsd
|
|
and TPM tools anymore; new dependencies:
|
|
- python3: pip, cryptography, setuptools
|
|
dropped dependencies for swtpm_setup:
|
|
- tcsd, expect, tpm-tools (some still needed for pkcs11 tests)
|
|
- Added support for RSA 3072 keys (for libtpms-0.8.0) and moved to
|
|
ECC NIST P384 curve; default RSA key size is still 2048
|
|
- Added support for --rsa-keysize option
|
|
- Extend script to create a CA using a TPM 2 for signing
|
|
- tests:
|
|
- Use the IBM TSS2 v1.5.0's test suite
|
|
- Add test case for loading of an NVRAM completely full with keys
|
|
- Have softhsm_setup use temporary directory for softhsm config & state
|
|
- various other improvements
|
|
- man pages:
|
|
- Improvements
|
|
- build-sys:
|
|
- clang: properly test for linker flag 'now' and 'relro'
|
|
- Gentoo: explicitly link libswtpm_libtpms with -lcrypto
|
|
- Ownership of /var/lib/swtpm-localca is now tss:root and
|
|
mode flags 0750.
|
|
|
|
version 0.3.0:
|
|
- swtpm:
|
|
- Support for applying 'TPM Startup' command during initialization
|
|
- Use writev_full rather than writev; fixes --vtpm-proxy EIO error
|
|
- Only accept() new client ctrl connection if we have none (bugfix)
|
|
- swtpm_setup & related scripts:
|
|
- Support whitespaces in filenames and paths
|
|
- Do not fail on future PCR banks' hashes
|
|
- swtpm_cert:
|
|
- Fix OIDs for TPM 2 platforms data
|
|
- Option parsing cleanup
|
|
- Support for passing password in various forms
|
|
- Use gnutls_x509_crt_get_subject_key_id API call for subj keyId
|
|
- Support 64bit serial numbers read from command line
|
|
- swtpm_ioctl:
|
|
- Block SIGPIPE so we can get EPIPE on write()
|
|
- swtpm_bios:
|
|
- Block SIGPIPE so we can get EPIPE on write()
|
|
- tests:
|
|
- Increased timeouts and better support for running tests with
|
|
executables run by valgrind
|
|
- Allow running tests with choice of seccomp profile option
|
|
(SWTPM_TEST_SECCOMP_OPT) to enable building for Ubuntu
|
|
- Various cleanups & fixes
|
|
- SELinux:
|
|
- More rules added for support on F30
|
|
|
|
version 0.2.0:
|
|
- Linux: swtpm now runs with a seccomp profile (blacklist) if compiled with
|
|
libseccomp support
|
|
- Added subpport for passing key and passphrase via file descriptor
|
|
- TPM 2 commands can now be prefixed by 'the TCG header' and responses will
|
|
have a 4-byte prefix and 4-byte suffix.
|
|
- Added --print-capabilities command line option
|
|
- Proper handling on EINTR on read, poll, and write
|
|
|
|
version 0.1.0:
|
|
first public release
|