SUSE-RU-2024:2243-1: moderate: Recommended update for tboot

SLE-UPDATES null at suse.de
Mon Aug 19 12:32:56 UTC 2024



# Recommended update for tboot

Announcement ID: SUSE-RU-2024:2243-1  
Rating: moderate  
References:

  * jsc#SLE-8505

  
Affected Products:

  * Basesystem Module 15-SP6
  * openSUSE Leap 15.6
  * SUSE Linux Enterprise Desktop 15 SP6
  * SUSE Linux Enterprise Real Time 15 SP6
  * SUSE Linux Enterprise Server 15 SP6
  * SUSE Linux Enterprise Server for SAP Applications 15 SP6

  
  
An update that contains one feature can now be installed.

## Description:

This update for tboot fixes the following issues:

  * Version bump to upstream version v1.11.4 (jsc#SLE-8505)
  * v1.11.4
    * Increase the TBOOT log size from 32 KB to 64 KB. For some Intel server platforms, it was noticed that TBOOT_SERIAL_LOG memory section was too small to hold all of the print logs, produced by TBOOT. Due to this reason TBOOT log section memory size had to be increase to 64KB.
  * v1.11.3
    * Fix the hanging TBOOT issue, which appeared during the RLPs wake up process on the Intel's multisocket platform. This problem appeared during the AP stacks allocations for these RLPs. TBOOT allocated memory for them depending on the woken-up CPUs X2 APIC values. When some of them exceeded the NR_CPUS (1024), then the RLP wake up process execution halted. For the current moment, the maximal X2 APID value was increased from 1024 to 8192. This kind of solution fixed the given problem.
  * v1.11.2
    * Fix the RAM memory allocation algorithm for the initrd.
  * v1.11.1
    * Revert log memory range extension (caused memory overlaps and boot failures)
  * v1.11.0
    * Fixed TPM handling to flush objects after integrity measurement (Intel PTT limitations)
    * Extended low memory range for logs (HCC CPUs had issue with not enough memory)
    * "agile" removed from PCR Extend policy options (requested deprecation)
    * Added handling for flexible ACM Info Table format
    * lcptools: CPPFLAGS use by environment in build
    * lcptools: removed **DATE** refs to make build reproducible
    * Only platform-matching SINIT modules can be selected
    * txt-acminfo: Map TXT heap using mmap
    * Typo fix in man page
  * v1.10.5
    * Fixed mlehash.c to bring back functionality and make it GCC12 compliant
    * Reverted change for replacing EFI memory to bring back Tboot in-memory logs
  * v1.10.4
    * Fix hash printing for SHA384, SHA512 and SM3
    * Touch ups for GCC12
    * Set GDT to map CS and DS to 4GB before jumping to Linux
    * make efi_memmap_reserve handle gaps like e820_protect_region
    * Ensure that growth of Multiboot tags does not go beyond original area
    * Replace EFI memory map in Multiboot2 info
    * Fix endianness of pcr_info->pcr_selection.size_of_select
    * Don't ignore locality in PCR file
    * Fix composite hashing algorithm for PCONF elements to match lcptools-1
  * v1.10.3
    * Add UNI-VGA license information
    * Remove poly1305 object files on clean
    * Support higher resolution monitors
    * Use SHA256 as default hashing algorithm in lcp2_mlehash and tb_polgen
    * Add OpenSSL 3.0.0 support in lcptools-v2
    * Increase number of supported CPUs to 1024 to accommodate for larger units

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.6  
    zypper in -t patch SUSE-2024-2243=1 openSUSE-SLE-15.6-2024-2243=1

  * Basesystem Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2243=1

## Package List:

  * openSUSE Leap 15.6 (x86_64 i586)
    * tboot-debuginfo-20240625_1.11.4-150600.11.3.1
    * tboot-20240625_1.11.4-150600.11.3.1
    * tboot-debugsource-20240625_1.11.4-150600.11.3.1
  * Basesystem Module 15-SP6 (x86_64)
    * tboot-debuginfo-20240625_1.11.4-150600.11.3.1
    * tboot-20240625_1.11.4-150600.11.3.1
    * tboot-debugsource-20240625_1.11.4-150600.11.3.1

## References:

  * https://jira.suse.com/browse/SLE-8505

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240819/1c2d5d92/attachment.htm>


More information about the sle-updates mailing list