Feature update for tboot
SUSE Feature Update: Feature update for tboot
The Intel(R) trusted boot component tboot was updated to
1.7.0. (FATE#313333), including the following changes:
* Print version number while changeset info unavailable
* Document DA changes in README
* Add event log for PCR extends in tboot
* Follow details / authorities PCR mapping style in
tboot
* Support details / authorities PCR mapping
* Support TPM event log
* fix build issue for txt-stat in 64 bit environment.
* update README for mwait AP wakeup mechanism
* tboot: provide a new AP wakeup way for OS/VMM - mwait
then memory write
* Original txt-stat.c doesn't display TXT heap info by
default. Add command line options to display help info and
optionally enable displaying heap info.
* Fix a shutdown issue on heavily throttled large server
* Adjust mle_hdr.{mle|cmdline}_{start|end}_off
according to CS285,286 changes to give lcp_mlehash correct
info to produce hash value.
* Fix boot issue caused by including mle page table
into tboot memory
* Fix for possible overwritting to mle page table by
GRUB2
* Add PAGE_UP() fn that rounds things up/donw to a page.
* Update get_mbi_mem_end() with a accurate, safer
calculating way ACPI fix and sanity check
* Add some sanity check before using mods_count in a
count-down loop
* TPM: add waiting on expect==0 before issue tpmGo
* txt-stat: Don't show heap info by default.
* Exchange definitions for TBOOT_BASE_ADDR & TBOOT_START
* Add const qualifier for suibable parms of all
possible fns.
* fix possible mbi overwrite issue for Linux with grub2
* enhance print_mbi() to print more mbi info for debug
purpose
* Fix for GRUB2 loading elf image such as Xen.
* Move apply_policy() call into txt_post_launch()
* Don't zap s3_key in tboot shared page if sealing
failed due to tpm unowned
* Update the explanation of signed lists to make it
clearer.
* tboot: add a fall back for reboot via keyboard reset
vector
* tboot: revise README to explain how to configure
GRUB2 config file for tboot
* tboot: rewrite acpi reg access fns to refer to
bit_width instead of access_width
* tboot: change reboot mechanism to use keyboard reset
vector
* tboot: handle mis-programmed TXT config regs and TXT
heap gracefully
* tboot: add warning when TPM timeout values are wrong
* all PM1_CNT accesses should be 16bit.
* Enlarge NR_CPUS from 64 to 256
* Add support for SBIOS policy element type
(LCP_SBIOS_ELEMENT) to lcp_crtpolelt
* Fix processor id list matching between platform and
acmod
* Make lcp_crtpollist support empty lists (i.e. with no
elements)
* print a bit more error reasons in txt-stat
* Fix segmentation fault in txt-stat on some systems
https://bugzilla.novell.com/757713
http://download.suse.com/patch/finder/?keywords=68904f340444bf1986132dced511c5d2
| Announcement ID: | SUSE-FU-2012:0766-1 |
| Rating: | low |
| References: | #757713 |
| Affected Products: |
An update that has one feature fix can now be installed.
Description:
The Intel(R) trusted boot component tboot was updated to
1.7.0. (FATE#313333), including the following changes:
* Print version number while changeset info unavailable
* Document DA changes in README
* Add event log for PCR extends in tboot
* Follow details / authorities PCR mapping style in
tboot
* Support details / authorities PCR mapping
* Support TPM event log
* fix build issue for txt-stat in 64 bit environment.
* update README for mwait AP wakeup mechanism
* tboot: provide a new AP wakeup way for OS/VMM - mwait
then memory write
* Original txt-stat.c doesn't display TXT heap info by
default. Add command line options to display help info and
optionally enable displaying heap info.
* Fix a shutdown issue on heavily throttled large server
* Adjust mle_hdr.{mle|cmdline}_{start|end}_off
according to CS285,286 changes to give lcp_mlehash correct
info to produce hash value.
* Fix boot issue caused by including mle page table
into tboot memory
* Fix for possible overwritting to mle page table by
GRUB2
* Add PAGE_UP() fn that rounds things up/donw to a page.
* Update get_mbi_mem_end() with a accurate, safer
calculating way ACPI fix and sanity check
* Add some sanity check before using mods_count in a
count-down loop
* TPM: add waiting on expect==0 before issue tpmGo
* txt-stat: Don't show heap info by default.
* Exchange definitions for TBOOT_BASE_ADDR & TBOOT_START
* Add const qualifier for suibable parms of all
possible fns.
* fix possible mbi overwrite issue for Linux with grub2
* enhance print_mbi() to print more mbi info for debug
purpose
* Fix for GRUB2 loading elf image such as Xen.
* Move apply_policy() call into txt_post_launch()
* Don't zap s3_key in tboot shared page if sealing
failed due to tpm unowned
* Update the explanation of signed lists to make it
clearer.
* tboot: add a fall back for reboot via keyboard reset
vector
* tboot: revise README to explain how to configure
GRUB2 config file for tboot
* tboot: rewrite acpi reg access fns to refer to
bit_width instead of access_width
* tboot: change reboot mechanism to use keyboard reset
vector
* tboot: handle mis-programmed TXT config regs and TXT
heap gracefully
* tboot: add warning when TPM timeout values are wrong
* all PM1_CNT accesses should be 16bit.
* Enlarge NR_CPUS from 64 to 256
* Add support for SBIOS policy element type
(LCP_SBIOS_ELEMENT) to lcp_crtpolelt
* Fix processor id list matching between platform and
acmod
* Make lcp_crtpollist support empty lists (i.e. with no
elements)
* print a bit more error reasons in txt-stat
* Fix segmentation fault in txt-stat on some systems
Indications:
Trusted computing users should update
Patch Instructions:
To install this SUSE Feature Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-tboot-6174 - SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-tboot-6174
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):
- tboot-20120115_1.7.0-0.5.1
- SUSE Linux Enterprise Server 11 SP2 (i586 x86_64):
- tboot-20120115_1.7.0-0.5.1