Changelog for tboot-20210614_1.11.1-134.5.x86_64.rpm :

* Mon Feb 06 2023 Matthias Gerstner - required update due to openSSL 3.0 deprecation errors in current version- updated to v1.11.1 / 20230125: 20230125: v1.11.1 - Revert log memory range extension (caused memory overlaps and boot failures) 20221223: v1.11.0 - Fixed TPM handling to flush objects after integrity measurement (Intel PTT limitations) - Exteded low memory range for logs (HCC CPUs had issue with not enough memory) - \"agile\" removed from PCR Extend policy options (requested deprecation) - Added handling for flexible ACM Info Table format - lcptools: CPPFLAGS use by environment in build - lcptools: removed __DATE__ refs to make build reproducible - Only platform-matchin SINIT modules can be selected - txt-acminfo: Map TXT heap using mmap - Typo fix in man page 20220304: v1.10.5 - Fixed mlehash.c to bring back functionality and make it GCC12 compliant - Reverted change for replacing EFI memory to bring back Tboot in-memory logs 20220224: v1.10.4 - Fix hash printing for SHA384, SHA512 and SM3 - Touch ups for GCC12 - Set GDT to map CS and DS to 4GB before jumping to Linux - make efi_memmap_reserve handle gaps like e820_protect_region - Ensure that growth of Multiboot tags does not go beyond original area - Replace EFI memory map in Multiboot2 info - Fix endianness of pcr_info->pcr_selection.size_of_select - Don\'t ignore locality in PCR file - Fix composite hashing algorithm for PCONF elements to match lcptools-1 20211210: v1.10.3 - Add UNI-VGA license information - Remove poly1305 object files on clean - Support higher resolution monitors - Use SHA256 as default hashing algorithm in lcp2_mlehash and tb_polgen - Add OpenSSL 3.0.0 support in lcptools-v2 - Increase number of supported CPUs to 1024 to accomodate for larger units- tboot-grub2-fix-menu-in-xen-host-server.patch: refreshed to match new upstream version.- tboot-grub2-fix-xen-submenu-name.patch: refreshed to match new upstream version.
* Fri Jun 11 2021 Marcus Meissner - updated to v1.10.2 / 20210614 Fix ACM chipset/processor list validation Check for client/server match when selecting SINIT Fix issues when building with GCC11 Default to D/A mapping when TPM1.2 and CBnT platform- updated to 1.10.1 / 20210330 - Indicate to SINIT that CBnT is supported by TBOOT - lcptools: Fix issues from static code analysis
* Tue Jan 19 2021 Matthias Gerstner - release 1.10.0 ramifications: - README is now README.md - acminfo and parse_err now are called txt-acminfo and txt-parse_err - lcptools are deprecated (tpm 1.2, TrouSerS dependency) and are no longer packaged. - no longer needs TrouSerS dependency due to deprecation
* Tue Jan 19 2021 Matthias Gerstner - tboot-grub2-fix-menu-in-xen-host-server.patch: refreshed to match new upstream version.- tboot-grub2-fix-xen-submenu-name.patch: refreshed to match new upstream version.
* Tue Jan 19 2021 Matthias Gerstner - update to new upstream release 1.10.0: - Rename TXT related tools to have \'txt-\' prefix - Clarify license issues - Fix issues reported by Coverity Scan - Ensure txt-acminfo does not print false information if msr is not loaded - Fix issue with multiboot(1) booting - infinite loop during boot - Fix issue with TPM1.2 - invalid default policy - Unmask NMI# after returning from SINIT - Update GRUB scripts to use multiboot2 only - Enable VGA logging for EFI platforms - Add warning when using SHA1 as hashing algorithm - Add Doxygen documentation - Replace VMAC with Poly1305 - Validate TPM NV index attributes - Move old lcptool to deprecated folder and exclude from build - TrouSerS is not longer required to build - lcptools-v2: meet requirements from MLE DG rev16 - lcptools-v2: Implement SM2 signing and SM2 signature verification - lcptools-v2: Set aux_hash_alg_mask to 0 when policy version != 0x300- dropped tboot-Unmask-NMI-after-returning-from-SINIT.patch (upstream)
* Thu Nov 12 2020 Matthias Gerstner - add tboot-grub2-refuse-secure-boot.patch: don\'t generate tboot menu entries in grub when the system is running with UEFI Secure Boot (bsc#1175114). This prevents hard to understand error messages when trying to boot tboot in this context.
* Mon Sep 28 2020 matthias.gerstnerAATTsuse.com- update to new upstream release 1.9.12: - changes from 1.9.12: - Release localities in S3 flow for CRB interface - Config.mk, safestringlib/makefile : allow tool overrides - safestringlib: fix warnings with GCC 6.4.0 - Strip executable file before generating tboot.gz - Add support for EFI memory map parse/modification - Add SHA384 and SHA512 digest algorithms - lcptools-v2: add pconf2 policy element support - tb_polgen: Add SHA384 and SHA512 support - Disable GCC9 address-of-packed-member warning - Fix warnings after \"Avoid unsafe functions\" scan - Use SHA256 as default hashing algorithm - changes from 1.9.11: - tb_polgen: Add support for SHA256 - Configure IOMMU before executing GETSEC[SENTER] - SINIT ACM can have padding, handle that when checking size - disable-address-of-packed-member-warning.patch: now contained upstream - tboot-grub2-fix-xen-submenu-name.patch: refreshed- dropped tboot-Release-localities-in-S3-flow-for-CRB-interface.patch (upstream)- dropped tboot-Configure-IOMMU-before-executing-GETSEC-SENTER.patch (upstream)- dropped tboot-Do-not-try-to-read-EFI-mem-map-when-booted-with-mult.patch (upstream)- dropped tboot-Release-localities-in-S3-flow-for-CRB-interface.patch (upstream)- dropped tboot-support-sinit-padding.patch (upstream)- dropped tboot-Add-support-for-EFI-memory-map-parse-modification.patch- dropped tboot-fix-memmap1-boot-issues.patch- dropped tboot-Add-more-mbi-validation.patch
* Fri Jul 12 2019 Martin Liška - Disable LTO in more elegant way (boo#1141323).
* Thu Jul 11 2019 mgerstner - explicitly disable gcc9 link time optimization to fix the build and avoid trouble in low level tboot code.
* Tue May 28 2019 mgerstner - add disable-address-of-packed-member-warning.patch: taken over patch found in the Fedora package to disable a new gcc-9 warning that breaks the build.