Recommended update for tboot

Announcement ID: SUSE-RU-2018:3380-1
Rating: moderate
References:
Affected Products:
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that has three fixes can now be installed.

Description:

This update for tboot to version 1.9.7 provides the following fixes:

  • Fix issues with tboot in conjunction with tpm 2.0 devices (bsc#1103182, bsc#1108184).
  • Mitigations for tpm interposer attacks
  • Add an option in tboot to force SINIT to use the legacy TPM2 log format.
  • Add support for appending to a TPM2 TCG style event log.
  • Ensure tboot log is available even when measured launch is skipped.
  • Fix TPM 1.2 locality selection issue.
  • Fix a null pointer dereference bug when Intel TXT is disabled.
  • The size field of the MB2 tag is the size of the tag header + the size
  • Make policy element stm_elt use unique type name
  • Reset debug PCR16 to zero.
  • Fix a logical error in function bool evtlog_append(...).
  • Don't add GNU/Linux to grub menu entries. SUSE's grub2 itself doesn't do it either. (bsc#1078262)
  • Perform update of bootloader configuration after installation via %posttrans. Perform cleanup of bootloader configuration upon package removal via %postun. (bsc#1078262)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2424=1
  • SUSE Linux Enterprise Server 12 SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2424=1
  • SUSE Linux Enterprise High Performance Computing 12 SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2424=1

Package List:

  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 (x86_64)
    • tboot-debugsource-20170711_1.9.7-7.10.1
    • tboot-debuginfo-20170711_1.9.7-7.10.1
    • tboot-20170711_1.9.7-7.10.1
  • SUSE Linux Enterprise Server 12 SP3 (x86_64)
    • tboot-debugsource-20170711_1.9.7-7.10.1
    • tboot-debuginfo-20170711_1.9.7-7.10.1
    • tboot-20170711_1.9.7-7.10.1
  • SUSE Linux Enterprise High Performance Computing 12 SP3 (x86_64)
    • tboot-debugsource-20170711_1.9.7-7.10.1
    • tboot-debuginfo-20170711_1.9.7-7.10.1
    • tboot-20170711_1.9.7-7.10.1

References: