forked from stefanberger/swtpm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGES
59 lines (55 loc) · 2.29 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
CHANGES - changes for swtpm
version 0.4.0:
- swtpm:
- Invoke print capabilites after choosing TPM version
- Add some recent syscalls to seccomp blacklist
- swtpm_cert:
- Support --ecc-curveid option to pass curve id
- swtpm_setup & related scripts:
- Added support for RSA 3072 keys and ECC NIST P386 curves; default
RSA keysize is still 2048;
- Added support for --rsa-keysize option
- Extend script to create a CA using a TPM 2 for signing
- tests:
- Use the IBM TSS2 v1.5.0's test suite
- Add test case for loading of an NVRAM completely full with keys
- various other
- build-sys:
- clang: properly test for linker flag 'now' and 'relro'
- Gentoo: explicitly link libswtpm_libtpms with -lcrypto
version 0.3.0:
- swtpm:
- Support for applying 'TPM Startup' command during initialization
- Use writev_full rather than writev; fixes --vtpm-proxy EIO error
- Only accept() new client ctrl connection if we have none (bugfix)
- swtpm_setup & related scripts:
- Support whitespaces in filenames and paths
- Do not fail on future PCR banks' hashes
- swtpm_cert:
- Fix OIDs for TPM 2 platforms data
- Option parsing cleanup
- Support for passing password in various forms
- Use gnutls_x509_crt_get_subject_key_id API call for subj keyId
- Support 64bit serial numbers read from command line
- swtpm_ioctl:
- Block SIGPIPE so we can get EPIPE on write()
- swtpm_bios:
- Block SIGPIPE so we can get EPIPE on write()
- tests:
- Increased timeouts and better support for running tests with
executables run by valgrind
- Allow running tests with choice of seccomp profile option
(SWTPM_TEST_SECCOMP_OPT) to enable building for Ubuntu
- Various cleanups & fixes
- SELinux:
- More rules added for support on F30
version 0.2.0:
- Linux: swtpm now runs with a seccomp profile (blacklist) if compiled with
libseccomp support
- Added subpport for passing key and passphrase via file descriptor
- TPM 2 commands can now be prefixed by 'the TCG header' and responses will
have a 4-byte prefix and 4-byte suffix.
- Added --print-capabilities command line option
- Proper handling on EINTR on read, poll, and write
version 0.1.0:
first public release