SUSE-FU-2012:0766-1: Feature update for tboot

sle-updates at sle-updates at
Wed Jun 20 10:08:35 MDT 2012

   SUSE Feature Update: Feature update for tboot

Announcement ID:    SUSE-FU-2012:0766-1
Rating:             low
References:         #757713 
Affected Products:
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2

   An update that has one feature fix can now be installed.


   The Intel(R) trusted boot component tboot was updated to
   1.7.0.  (FATE#313333), including the following changes:

   * Print version number while changeset info unavailable
   * Document DA changes in README
   * Add event log for PCR extends in tboot
   * Follow details / authorities PCR mapping style in
   * Support details / authorities PCR mapping
   * Support TPM event log
   * fix build issue for txt-stat in 64 bit environment.
   * update README for mwait AP wakeup mechanism
   * tboot: provide a new AP wakeup way for OS/VMM - mwait
   then memory write
   * Original txt-stat.c doesn't display TXT heap info by
   default. Add command line options to display help info and
   optionally enable displaying heap info.
   * Fix a shutdown issue on heavily throttled large server
   * Adjust mle_hdr.{mle|cmdline}_{start|end}_off
   according to CS285,286 changes to give lcp_mlehash correct
   info to produce hash value.
   * Fix boot issue caused by including mle page table
   into tboot memory
   * Fix for possible overwritting to mle page table by
   * Add PAGE_UP() fn that rounds things up/donw to a page.
   * Update get_mbi_mem_end() with a accurate, safer
   calculating way ACPI fix and sanity check
   * Add some sanity check before using mods_count in a
   count-down loop
   * TPM: add waiting on expect==0 before issue tpmGo
   * txt-stat: Don't show heap info by default.
   * Exchange definitions for TBOOT_BASE_ADDR & TBOOT_START
   * Add const qualifier for suibable parms of all
   possible fns.
   * fix possible mbi overwrite issue for Linux with grub2
   * enhance print_mbi() to print more mbi info for debug
   * Fix for GRUB2 loading elf image such as Xen.
   * Move apply_policy() call into txt_post_launch()
   * Don't zap s3_key in tboot shared page if sealing
   failed due to tpm unowned
   * Update the explanation of signed lists to make it
   * tboot: add a fall back for reboot via keyboard reset
   * tboot: revise README to explain how to configure
   GRUB2 config file for tboot
   * tboot: rewrite acpi reg access fns to refer to
   bit_width instead of access_width
   * tboot: change reboot mechanism to use keyboard reset
   * tboot: handle mis-programmed TXT config regs and TXT
   heap gracefully
   * tboot: add warning when TPM timeout values are wrong
   * all PM1_CNT accesses should be 16bit.
   * Enlarge NR_CPUS from 64 to 256
   * Add support for SBIOS policy element type
   (LCP_SBIOS_ELEMENT) to lcp_crtpolelt
   * Fix processor id list matching between platform and
   * Make lcp_crtpollist support empty lists (i.e. with no
   * print a bit more error reasons in txt-stat
   * Fix segmentation fault in txt-stat on some systems


   Trusted computing users should update

Patch Instructions:

   To install this SUSE Feature Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-tboot-6174

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-tboot-6174

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):


   - SUSE Linux Enterprise Server 11 SP2 (i586 x86_64):



More information about the sle-updates mailing list