<div class="container">
<h1>Recommended update for keylime</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2026:22633-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2026-07-11T20:40:04Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise Server 16.0</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP applications 16.0</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that can now be installed.</p>
<h2>Description:</h2>
<p>This update for keylime fixes the following issues:</p>
<ul>
<li>Update to version 7.14.3:<ul>
<li>tests:<ul>
<li>Verify GET handler race condition fix with unit tests</li>
<li>Accept both error messages for invalid ECC points</li>
<li>Fix asyncio.Event() usage in shutdown tests</li>
</ul>
</li>
<li>fix:<ul>
<li>Handle concurrent agent deletion in verifier GET handler</li>
<li>Suppress type checker errors for compatibility import in types.py</li>
<li>Correct [A-z] regex in DM-IMA grammar STRING token</li>
<li>Update pre-commit isort to 8.0.1 to match tox</li>
</ul>
</li>
<li>docs:<ul>
<li>Empty refstate skips PCR replay and policy evaluation</li>
<li>Document qualifying data change for IAK certification in v2.6</li>
</ul>
</li>
<li>tpm:<ul>
<li>Use only policy's relevant PCRs for event log verification</li>
<li>Parse TPM2B_NAME with _unpackv instead of fixed-size slice</li>
<li>Refactor verify_aik_with_iak to use proper TPMS_ATTEST parsing</li>
</ul>
</li>
<li>elparsing:<ul>
<li>Harden stderr decoding for tpm2_eventlog</li>
<li>Check tpm2_eventlog exit code instead of stderr</li>
</ul>
</li>
<li>DB: Increase evidence_items.agent_id column length</li>
<li>[Automatic] Update Keylime base image (2026-07-02, 2026-06-01)</li>
<li>CI: Use PR label to disable e2e tests through Packit</li>
<li>[CI] Split e2e CI testing to fast and full</li>
<li>api: Bump pull-mode API version to 2.6</li>
<li>registrar: Fix missing return after error in _bind_ak_to_iak</li>
<li>Fix mypy error and include runtime deps in test-requirements</li>
<li>Fix PUSH mode agent status tracking across restarts and recovery</li>
<li>Preserve FAIL status when timeout fires</li>
<li>Block PUSH mode FAIL to PASS auto-recovery</li>
<li>server: Add max_workers config to cap worker process count</li>
</ul>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Server 16.0
<br/>
<code>zypper in -t patch SUSE-SLES-16.0-1216=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP applications 16.0
<br/>
<code>zypper in -t patch SUSE-SLES-16.0-1216=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Server 16.0 (noarch)
<ul>
<li>keylime-config-7.14.3-160000.1.1</li>
<li>keylime-tenant-7.14.3-160000.1.1</li>
<li>keylime-logrotate-7.14.3-160000.1.1</li>
<li>python313-keylime-7.14.3-160000.1.1</li>
<li>keylime-registrar-7.14.3-160000.1.1</li>
<li>keylime-verifier-7.14.3-160000.1.1</li>
<li>keylime-firewalld-7.14.3-160000.1.1</li>
<li>keylime-tpm_cert_store-7.14.3-160000.1.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP applications 16.0 (noarch)
<ul>
<li>keylime-config-7.14.3-160000.1.1</li>
<li>keylime-tenant-7.14.3-160000.1.1</li>
<li>python313-keylime-7.14.3-160000.1.1</li>
<li>keylime-logrotate-7.14.3-160000.1.1</li>
<li>keylime-registrar-7.14.3-160000.1.1</li>
<li>keylime-verifier-7.14.3-160000.1.1</li>
<li>keylime-firewalld-7.14.3-160000.1.1</li>
<li>keylime-tpm_cert_store-7.14.3-160000.1.1</li>
</ul>
</li>
</ul>
</div>