Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked in at 2018-10-25 09:11:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tboot"
Thu Oct 25 09:11:30 2018 rev:36 rq:644201 version:20170711_1.9.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2018-09-15 15:41:21.192784743 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2018-10-25 09:11:30.730319613 +0200
@@ -1,0 +2,10 @@
+Wed Oct 24 08:44:04 UTC 2018 - matthias.gerstner@suse.com
+
+- update to new upstream release 1.9.8:
+ - Skip tboot launch error index read/write when ignore prev err option is true
+ - s3-fix: fix a stack overflow caused by enlarged tb_hash_t union
+ - S3 fix: revert the mis-changed type casting in changeset 522:8e881a07c059
+ - S3-fix: Adding option save_vtd=true to opt-in the vtd table restore
+- rebased patches to match new upstream version
+
+-------------------------------------------------------------------
Old:
----
tboot-1.9.7.tar.gz
New:
----
tboot-1.9.8.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tboot.spec ++++++
--- /var/tmp/diff_new_pack.rKPaqF/_old 2018-10-25 09:11:31.150319362 +0200
+++ /var/tmp/diff_new_pack.rKPaqF/_new 2018-10-25 09:11:31.154319359 +0200
@@ -17,7 +17,7 @@
Name: tboot
-%define ver 1.9.7
+%define ver 1.9.8
Version: 20170711_%{ver}
Release: 0
Summary: Program for performing a verified launch using Intel TXT
++++++ tboot-1.9.7.tar.gz -> tboot-1.9.8.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.9.7/.hg_archival.txt new/tboot-1.9.8/.hg_archival.txt
--- old/tboot-1.9.7/.hg_archival.txt 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/.hg_archival.txt 2018-10-18 06:55:47.000000000 +0200
@@ -1,4 +1,5 @@
repo: cedd93279188334eb41d248d5eb70a41a2bc70ca
-node: fa126d410df0916f0bab32a882349eb401597d5f
+node: bde570f28820ea6cfc4a12fecec9f51e867e28ca
branch: default
-tag: v1.9.7
+latesttag: v1.9.8
+latesttagdistance: 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.9.7/.hgtags new/tboot-1.9.8/.hgtags
--- old/tboot-1.9.7/.hgtags 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/.hgtags 2018-10-18 06:55:47.000000000 +0200
@@ -17,3 +17,6 @@
698548a9b9fe6201361d19099100f8eb59fad4f6 v1.9.5
61c17659bb8670e466c3bac8913459848f5f36d5 v1.9.6
11613463d703e203785b2e4dc9447d76530266c4 v1.9.7
+11613463d703e203785b2e4dc9447d76530266c4 v1.9.7
+fa126d410df0916f0bab32a882349eb401597d5f v1.9.7
+dbc7b1d289f848c3d88a9d4694d67fd409f48039 v1.9.8
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.9.7/CHANGELOG new/tboot-1.9.8/CHANGELOG
--- old/tboot-1.9.7/CHANGELOG 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/CHANGELOG 2018-10-18 06:55:47.000000000 +0200
@@ -1,3 +1,8 @@
+20181011: v1.9.8
+ Skip tboot launch error index read/write when ignore prev err option is true
+ s3-fix: fix a stack overflow caused by enlarged tb_hash_t union
+ S3 fix: revert the mis-changed type casting in changeset 522:8e881a07c059
+ S3-fix: Adding option save_vtd=true to opt-in the vtd table restore
20180830: v1.9.7
Fix a lot of issues in tools reported by klocwork scan.
Fix a lot of issues in tboot module reported by klocwork scan.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.9.7/README new/tboot-1.9.8/README
--- old/tboot-1.9.7/README 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/README 2018-10-18 06:55:47.000000000 +0200
@@ -315,6 +315,16 @@
setting provides a way to force use of the legacy log format for TPM 2 systems:
force_tpm2_legacy_log=false|true // defaults to false
+o Opt-in the vtd dmar table save/restore process
+ With recent kernel (4.16.3 in fedora28), the acpi table seems changed by
+ kernel. So function restore_vtd_dmar_table() will not work as expected to
+ find the vtd dmar table and restore it in S3 resume, instead, the system will
+ run into a hang or a reset.
+
+ To solve the S3 issue but still keep vtd dmar table save/restore process for
+ specific case, add below option:
+ save_vtd=false|true // defaults to false
+
PCR Usage:
---------
o Legacy PCR mapping
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.9.7/tboot/20_linux_tboot new/tboot-1.9.8/tboot/20_linux_tboot
--- old/tboot-1.9.7/tboot/20_linux_tboot 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/tboot/20_linux_tboot 2018-10-18 06:55:47.000000000 +0200
@@ -201,7 +201,7 @@
tboot_dirname=`dirname ${current_tboot}`
rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname`
# tboot_version=`echo $tboot_basename | sed -e "s,.gz$,,g;s,^tboot-,,g"`
- tboot_version="1.9.7"
+ tboot_version="1.9.8"
echo "submenu \"tboot ${tboot_version}\" {"
while [ "x$list" != "x" ] ; do
linux=`version_find_latest $list`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.9.7/tboot/20_linux_xen_tboot new/tboot-1.9.8/tboot/20_linux_xen_tboot
--- old/tboot-1.9.7/tboot/20_linux_xen_tboot 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/tboot/20_linux_xen_tboot 2018-10-18 06:55:47.000000000 +0200
@@ -216,7 +216,7 @@
tboot_basename=`basename ${current_tboot}`
tboot_dirname=`dirname ${current_tboot}`
rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname`
- tboot_version="1.9.7"
+ tboot_version="1.9.8"
list="${linux_list}"
echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
while [ "x$list" != "x" ] ; do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.9.7/tboot/Config.mk new/tboot-1.9.8/tboot/Config.mk
--- old/tboot-1.9.7/tboot/Config.mk 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/tboot/Config.mk 2018-10-18 06:55:47.000000000 +0200
@@ -33,7 +33,7 @@
CFLAGS += $(call cc-option,$(CC),-fno-stack-check,)
# changeset variable for banner
-CFLAGS += -DTBOOT_CHANGESET=\""$(shell ((hg parents --template "{isodate|isodate} {rev}:{node|short}" >/dev/null && hg parents --template "{isodate|isodate} {rev}:{node|short}") || echo "2018-08-30 18:00 +0800 1.9.7") 2>/dev/null)"\"
+CFLAGS += -DTBOOT_CHANGESET=\""$(shell ((hg parents --template "{isodate|isodate} {rev}:{node|short}" >/dev/null && hg parents --template "{isodate|isodate} {rev}:{node|short}") || echo "2018-10-18 13:00 +0800 1.9.8") 2>/dev/null)"\"
AFLAGS += -D__ASSEMBLY__
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.9.7/tboot/common/cmdline.c new/tboot-1.9.8/tboot/common/cmdline.c
--- old/tboot-1.9.7/tboot/common/cmdline.c 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/tboot/common/cmdline.c 2018-10-18 06:55:47.000000000 +0200
@@ -86,6 +86,7 @@
{ "extpol", "sha1" }, /*agile|embedded|sha1|sha256|sm3|... */
{ "ignore_prev_err", "true"}, /* true|false */
{ "force_tpm2_legacy_log", "false"}, /* true|false */
+ { "save_vtd", "false"}, /* true|false */
{ NULL, NULL }
};
static char g_tboot_param_values[ARRAY_SIZE(g_tboot_cmdline_options)][MAX_VALUE_LEN];
@@ -552,6 +553,17 @@
return false;
}
+bool get_tboot_save_vtd(void)
+{
+ const char *save_vtd =
+ get_option_val(g_tboot_cmdline_options,
+ g_tboot_param_values,
+ "save_vtd");
+ if ( save_vtd != NULL && strcmp(save_vtd, "true") == 0 )
+ return true;
+ return false;
+}
+
/*
* linux kernel command line parsing
*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.9.7/tboot/common/integrity.c new/tboot-1.9.8/tboot/common/integrity.c
--- old/tboot-1.9.7/tboot/common/integrity.c 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/tboot/common/integrity.c 2018-10-18 06:55:47.000000000 +0200
@@ -141,7 +141,7 @@
{
/* TPM_Seal can only seal small data (like key or hash), so hash data */
struct __packed {
- tb_hash_t data_hash;
+ sha256_hash_t data_hash;
uint8_t secrets[secrets_size];
} blob;
uint32_t err;
@@ -149,7 +149,7 @@
const struct tpm_if_fp *tpm_fp = get_tpm_fp();
memset(&blob, 0, sizeof(blob));
- if ( !hash_buffer(data, data_size, &blob.data_hash, tpm->cur_alg) ) {
+ if ( !hash_buffer(data, data_size, (tb_hash_t *)&blob.data_hash, TB_HALG_SHA256) ) {
printk(TBOOT_ERR"failed to hash data\n");
return false;
}
@@ -169,7 +169,7 @@
{
/* sealed data is hash of state data and optional secret */
struct __packed {
- tb_hash_t data_hash;
+ sha256_hash_t data_hash;
uint8_t secrets[secrets_size];
} blob;
bool err = true;
@@ -186,14 +186,14 @@
goto done;
}
- /* verify that (hash of) current data maches sealed hash */
+ /* verify that (hash of) current data matches sealed hash */
tb_hash_t curr_data_hash;
memset(&curr_data_hash, 0, sizeof(curr_data_hash));
- if ( !hash_buffer(curr_data, curr_data_size, &curr_data_hash, tpm->cur_alg) ) {
+ if ( !hash_buffer(curr_data, curr_data_size, &curr_data_hash, TB_HALG_SHA256) ) {
printk(TBOOT_WARN"failed to hash state data\n");
goto done;
}
- if ( !are_hashes_equal(&blob.data_hash, &curr_data_hash, tpm->cur_alg) ) {
+ if ( !are_hashes_equal((tb_hash_t *)&blob.data_hash, &curr_data_hash, TB_HALG_SHA256) ) {
printk(TBOOT_WARN"sealed hash does not match current hash\n");
goto done;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.9.7/tboot/common/paging.c new/tboot-1.9.8/tboot/common/paging.c
--- old/tboot-1.9.7/tboot/common/paging.c 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/tboot/common/paging.c 2018-10-18 06:55:47.000000000 +0200
@@ -178,8 +178,8 @@
for ( i = 0; i < sizeof(pd_table)/TB_L1_PAGETABLE_ENTRIES; i++ ) {
ppdptre = &pdptr_table[i];
- *ppdptre = MAKE_TB_PDPTE((unsigned long)
- pd_table + i * TB_L1_PAGETABLE_ENTRIES);
+ *ppdptre = MAKE_TB_PDPTE((unsigned long)(
+ pd_table + i * TB_L1_PAGETABLE_ENTRIES));
}
/* map serial log address ~ kernel command address */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.9.7/tboot/common/tb_error.c new/tboot-1.9.8/tboot/common/tb_error.c
--- old/tboot-1.9.7/tboot/common/tb_error.c 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/tboot/common/tb_error.c 2018-10-18 06:55:47.000000000 +0200
@@ -49,6 +49,7 @@
#include