Recommended update for tboot

SUSE Recommended Update: Recommended update for tboot
Announcement ID: SUSE-RU-2018:3380-1
Rating: moderate
References: #1078262 #1103182 #1108184
Affected Products:
  • SUSE Linux Enterprise Server 12-SP3

An update that has three recommended fixes can now be installed.


This update for tboot to version 1.9.7 provides the following fixes:

  • Fix issues with tboot in conjunction with tpm 2.0 devices (bsc#1103182, bsc#1108184).
  • Mitigations for tpm interposer attacks
  • Add an option in tboot to force SINIT to use the legacy TPM2 log format.
  • Add support for appending to a TPM2 TCG style event log.
  • Ensure tboot log is available even when measured launch is skipped.
  • Fix TPM 1.2 locality selection issue.
  • Fix a null pointer dereference bug when Intel TXT is disabled.
  • The size field of the MB2 tag is the size of the tag header + the size
  • Make policy element stm_elt use unique type name
  • Reset debug PCR16 to zero.
  • Fix a logical error in function bool evtlog_append(...).
  • Don't add GNU/Linux to grub menu entries. SUSE's grub2 itself doesn't do it either. (bsc#1078262)
  • Perform update of bootloader configuration after installation via %posttrans. Perform cleanup of bootloader configuration upon package removal via %postun. (bsc#1078262)

Patch Instructions:

To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 12-SP3:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2424=1

Package List:

  • SUSE Linux Enterprise Server 12-SP3 (x86_64):
    • tboot-20170711_1.9.7-7.10.1
    • tboot-debuginfo-20170711_1.9.7-7.10.1
    • tboot-debugsource-20170711_1.9.7-7.10.1