Feature update for tboot

SUSE Feature Update: Feature update for tboot
Announcement ID: SUSE-FU-2012:0766-1
Rating: low
References: #757713
Affected Products:
  • SUSE Linux Enterprise Server 11 SP2 for VMware
  • SUSE Linux Enterprise Server 11 SP2

  • An update that has one feature fix can now be installed.


    The Intel(R) trusted boot component tboot was updated to
    1.7.0. (FATE#313333), including the following changes:

    * Print version number while changeset info unavailable
    * Document DA changes in README
    * Add event log for PCR extends in tboot
    * Follow details / authorities PCR mapping style in
    * Support details / authorities PCR mapping
    * Support TPM event log
    * fix build issue for txt-stat in 64 bit environment.
    * update README for mwait AP wakeup mechanism
    * tboot: provide a new AP wakeup way for OS/VMM - mwait
    then memory write
    * Original txt-stat.c doesn't display TXT heap info by
    default. Add command line options to display help info and
    optionally enable displaying heap info.
    * Fix a shutdown issue on heavily throttled large server
    * Adjust mle_hdr.{mle|cmdline}_{start|end}_off
    according to CS285,286 changes to give lcp_mlehash correct
    info to produce hash value.
    * Fix boot issue caused by including mle page table
    into tboot memory
    * Fix for possible overwritting to mle page table by
    * Add PAGE_UP() fn that rounds things up/donw to a page.
    * Update get_mbi_mem_end() with a accurate, safer
    calculating way ACPI fix and sanity check
    * Add some sanity check before using mods_count in a
    count-down loop
    * TPM: add waiting on expect==0 before issue tpmGo
    * txt-stat: Don't show heap info by default.
    * Exchange definitions for TBOOT_BASE_ADDR & TBOOT_START
    * Add const qualifier for suibable parms of all
    possible fns.
    * fix possible mbi overwrite issue for Linux with grub2
    * enhance print_mbi() to print more mbi info for debug
    * Fix for GRUB2 loading elf image such as Xen.
    * Move apply_policy() call into txt_post_launch()
    * Don't zap s3_key in tboot shared page if sealing
    failed due to tpm unowned
    * Update the explanation of signed lists to make it
    * tboot: add a fall back for reboot via keyboard reset
    * tboot: revise README to explain how to configure
    GRUB2 config file for tboot
    * tboot: rewrite acpi reg access fns to refer to
    bit_width instead of access_width
    * tboot: change reboot mechanism to use keyboard reset
    * tboot: handle mis-programmed TXT config regs and TXT
    heap gracefully
    * tboot: add warning when TPM timeout values are wrong
    * all PM1_CNT accesses should be 16bit.
    * Enlarge NR_CPUS from 64 to 256
    * Add support for SBIOS policy element type
    (LCP_SBIOS_ELEMENT) to lcp_crtpolelt
    * Fix processor id list matching between platform and
    * Make lcp_crtpollist support empty lists (i.e. with no
    * print a bit more error reasons in txt-stat
    * Fix segmentation fault in txt-stat on some systems


    Trusted computing users should update

    Patch Instructions:

    To install this SUSE Feature Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 11 SP2 for VMware:
      zypper in -t patch slessp2-tboot-6174
    • SUSE Linux Enterprise Server 11 SP2:
      zypper in -t patch slessp2-tboot-6174

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):
    • tboot-20120115_1.7.0-0.5.1
    • SUSE Linux Enterprise Server 11 SP2 (i586 x86_64):
    • tboot-20120115_1.7.0-0.5.1


  • https://bugzilla.novell.com/757713
  • http://download.suse.com/patch/finder/?keywords=68904f340444bf1986132dced511c5d2