Feature update for tboot

Announcement ID: SUSE-FU-2021:4184-1
Rating: moderate
References:
Affected Products:
  • Basesystem Module 15-SP2
  • Basesystem Module 15-SP3
  • SUSE Linux Enterprise Desktop 15 SP2
  • SUSE Linux Enterprise Desktop 15 SP3
  • SUSE Linux Enterprise High Performance Computing 15 SP2
  • SUSE Linux Enterprise High Performance Computing 15 SP3
  • SUSE Linux Enterprise Real Time 15 SP2
  • SUSE Linux Enterprise Real Time 15 SP3
  • SUSE Linux Enterprise Server 15 SP2
  • SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
  • SUSE Linux Enterprise Server 15 SP3
  • SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
  • SUSE Manager Proxy 4.1
  • SUSE Manager Proxy 4.2
  • SUSE Manager Retail Branch Server 4.1
  • SUSE Manager Retail Branch Server 4.2
  • SUSE Manager Server 4.1
  • SUSE Manager Server 4.2

An update that contains one feature can now be installed.

Description:

This feature update for tboot fixes the following issues:

Update to upstream version 1.10.2 of tboot to sync with SLE-15-SP4 status (jsc#SLE-19516)

  • acminfo and parse_err now are called txt-acminfo and txt-parse_err
  • lcptools are deprecated (tpm 1.2, TrouSerS dependency) and are no longer packaged
  • tpmnv_* binaries are deprecated and no longer packaged
  • lcptools-v2: implement SM2 signing and SM2 signature verification and add pconf2 policy element support
  • Add SHA256, SHA384 and SHA512 support in tb_polgen
  • Add Doxygen documentation
  • Add SHA384 and SHA512 digest algorithms
  • Add support for 64bit framebuffer address
  • Add warning when using SHA1 as hashing algorithm
  • Default to D/A mapping instead of legacy when TPM1.2 and CBnT platform
  • Enable VGA logging for EFI platforms
  • Ensure txt-acminfo does not print false information if msr module is not loaded
  • Fix ACM chipset/processor list validation
  • Fix a harmless overflow caused by wrong loop limits
  • Fix issue with TPM1.2 - invalid default policy
  • Fix issue with multiboot(1) booting - infinite loop during boot
  • Fix warnings after "Avoid unsafe functions" scan
  • Print latest tag in logs
  • README is now README.md
  • Replace VMAC with Poly1305
  • Strip executable file before generating tboot.gz
  • Update GRUB scripts to use multiboot2 only
  • Use SHA256 as default hashing algorithm
  • Validate TPM NV index attributes

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Basesystem Module 15-SP2
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4184=1
  • Basesystem Module 15-SP3
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4184=1

Package List:

  • Basesystem Module 15-SP2 (x86_64)
    • tboot-debuginfo-20170711_1.10.2-15.12.1
    • tboot-20170711_1.10.2-15.12.1
    • tboot-debugsource-20170711_1.10.2-15.12.1
  • Basesystem Module 15-SP3 (x86_64)
    • tboot-debuginfo-20170711_1.10.2-15.12.1
    • tboot-20170711_1.10.2-15.12.1
    • tboot-debugsource-20170711_1.10.2-15.12.1

References: