SUSE-FU-2021:4184-1: moderate: Feature update for tboot

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Dec 23 14:52:18 UTC 2021 

   SUSE Feature Update: Feature update for tboot
______________________________________________________________________________

Announcement ID:    SUSE-FU-2021:4184-1
Rating:             moderate
References:         SLE-19516 
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________

   An update that has 0 feature fixes and contains one feature
   can now be installed.

Description:

   This feature update for tboot fixes the following issues:

   Update to upstream version 1.10.2 of tboot to sync with SLE-15-SP4 status
   (jsc#SLE-19516)

   - `acminfo` and `parse_err` now are called `txt-acminfo` and
     `txt-parse_err`
   - lcptools are deprecated (tpm 1.2, TrouSerS dependency) and are no longer
     packaged
   - tpmnv_* binaries are deprecated and no longer packaged
   - lcptools-v2: implement SM2 signing and SM2 signature verification and
     add pconf2 policy element support
   - Add SHA256, SHA384 and SHA512 support in `tb_polgen`
   - Add Doxygen documentation
   - Add SHA384 and SHA512 digest algorithms
   - Add support for 64bit framebuffer address
   - Add warning when using SHA1 as hashing algorithm
   - Default to D/A mapping instead of legacy when TPM1.2 and CBnT platform
   - Enable VGA logging for EFI platforms
   - Ensure `txt-acminfo` does not print false information if msr module is
     not loaded
   - Fix ACM chipset/processor list validation
   - Fix a harmless overflow caused by wrong loop limits
   - Fix issue with TPM1.2 - invalid default policy
   - Fix issue with multiboot(1) booting - infinite loop during boot
   - Fix warnings after "Avoid unsafe functions" scan
   - Print latest tag in logs
   - README is now README.md
   - Replace VMAC with Poly1305
   - Strip executable file before generating tboot.gz
   - Update GRUB scripts to use multiboot2 only
   - Use SHA256 as default hashing algorithm
   - Validate TPM NV index attributes


Patch Instructions:

   To install this SUSE Feature Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-4184=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-4184=1



Package List:

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):

      tboot-20170711_1.10.2-15.12.1
      tboot-debuginfo-20170711_1.10.2-15.12.1
      tboot-debugsource-20170711_1.10.2-15.12.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64):

      tboot-20170711_1.10.2-15.12.1
      tboot-debuginfo-20170711_1.10.2-15.12.1
      tboot-debugsource-20170711_1.10.2-15.12.1


References:

More information about the sle-updates mailing list