-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
471 lines (457 loc) · 22.9 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
20181130: v1.9.9
tools: fix some dereference-NULL issues reported by klocwork
tools: replace banned mem/str fns with corresponding ones in safestringlib
Add safestringlib code to support replacement of banned mem/str fns
lcptools: remove tools supporting platforms before 2008
tboot: update string/memory fn name to differentiate from c lib
Fix a harmless overflow caused by wrong loop limits
20181011: v1.9.8
Skip tboot launch error index read/write when ignore prev err option is true
s3-fix: fix a stack overflow caused by enlarged tb_hash_t union
S3 fix: revert the mis-changed type casting in changeset 522:8e881a07c059
S3-fix: Adding option save_vtd=true to opt-in the vtd table restore
20180830: v1.9.7
Fix a lot of issues in tools reported by klocwork scan.
Fix a lot of issues in tboot module reported by klocwork scan.
Remove a redundant tboot option
Fix indent in heap.c
Fix 4 issues along with extpol=agile option
Mitigations for tpm interposer attacks
Add an option in tboot to force SINIT to use the legacy TPM2 log format.
Add support for appending to a TPM2 TCG style event log.
Ensure tboot log is available even when measured launch is skipped.
Add centos7 instructions for Use in EFI boot mode.
Fix memory leak and invalid reads and writes issues.
Fix TPM 1.2 locality selection issue.
Fix a null pointer dereference bug when Intel TXT is disabled.
Optimize tboot docs installation.
Fix security vulnerabilities rooted in tpm_if structure and g_tpm variable.
The size field of the MB2 tag is the size of the tag header + the size
Fix openssl-1.0.2 double frees
Make policy element stm_elt use unique type name
lcptools-v2 utilities fixes
port to openssl-1.1.0
Reset debug PCR16 to zero.
Fix a logical error in function bool evtlog_append(...).
20170711: v1.9.6
GCC7 fix, adds generic FALLTHROUGH notations to avoid warnings appearing on GCC7
Ensure Tboot never overwrites modules in the process of moving them.
Add support to x2APIC, which uses 32 bit APIC ID.
Fix S3 secrets sealing/unsealing failures
Support OpenSSL 1.1.0+ for ECDSA signature verification.
Support OpenSSL 1.1.0+ for RSA key manipulation.
Adds additional checks to prevent the kernel image from being overwritten.
Added TCG TPM event log support.
Pass through the EFI memory map that's provided by grub2.
Fix a null pointer dereference bug when Intel TXT is disabled in BIOS.
Adjust KERNEL_CMDLINE_OFFSET from 0x9000 to 0x8D00.
Bounds checking on the kernel_cmdline string.
20161216: v1.9.5
Add 2nd generation of LCP creation tool source codes for TPM 2.0 platforms.
Add user guide for 2nd generation LCP creation tool
Provide workaround for Intel PTT(Platform Trust Technology) & Linux PTT driver.
Add new fields in Linux kernel header struct to accommodate Linux kernel new capabilities.
Fix a pointer dereference regression in the tboot native Linux loader which manifests itself as a system reset.
Fix the issue of overwriting tboot when the loaded elf kernel is located below tboot.
Add support to release TPM localities when tboot exits to linux kernel.
Fix the evtlog dump function for tpm2 case.
Initiaize kernel header comdline buffer before copying kernel cmdline arguments to the buffer to avoid random
data at end of the original cmdline contents.
Move tpm_detect() to an earlier stage so as to get tpm interface initialized before checking TXT platform capabilities.
20160518: v1.9.4
Added TPM 2.0 CRB support
Increased BSP and AP stacks to avoid stack overflow
Added an ACPI_RSDP structure g_rsdp in tboot to avoid potential memory overwritten issue on TPM 2.0 UEFI platforms
Added support to both Intel TPM nv index set and TCG TPM nv index set
grub2: tboot doesn't skip first argument any more
grub2: sanitize whitespace in command lines
grub2: Allow addition of policy data in grub.cfg
grub2 support: allow the user to customize the command line
Mitigated S3 resume delay by adjusting LZ_MAX_OFFSET to 5000 in lz.c.
Added SGX TPM nv index support
Add 64 bit ELF object support
Gentoo Hardened, which uses the GRSecurity and PaX patch sets
Disable -fstack-check in CFLAG for compatibility with Gentoo Linux.
Enhanced tboot compatiblity running on non-Intel TXT platform with a fix of is_launched()
LCP documentation improvements
20150506: v1.8.3
Added verified lanuch control policy user guide
Fixed a bug about var MTRR settings to follow the rule that each VAR MTRR base must be a multiple of that MTRR's size.
Access tpm sts reg with 3-byte width in v1.2 case and 4-byte width in v2.0 case
Bugfix: lcp2_mlehash get wrong hash if the cmdline string length > 7
Optimized tboot log processing flow to avoid log buffer overflow by adopting lz Compress/Uncompress algorithms
Added SGX support for Skylake platform
tpm2: use the primary object in NULL Hierarchy instead of Platform Hierachy for seal/unseal usage
Fixed a bug for lcp2_mlehash tool
Fixed system hang issue casued by TXT disable, TPM disable or SINIT ACM not correctly provided in EFI booting mode
Fixed bug for wrong assumption on the way how GRUB2 load modules
Fixed MB2 tags mess issue caused by moving shorter module cmdline to head
Fixed compile issue when debug=y
20140728: v1.8.2
Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF Kernels
fix werror in 32 bit build environment
20140516: v1.8.1
Fix build error "may be used uninitialized"
Reset eventlog when S3
Make new Infenion TPM 2.0 module work
Update tboot version to 1.8.1 in grub title
Fix grub cfg file generation scripts for SLES12
Fix seal failure issue
tpm2 lcptools
Restore local apic base for AP
Fix typo in hash_alg_to_string()
Change to create primary object only once
Add prepare_tpm call in S3 path to ensure locality 0 was released before senter
Fix possible dead loop in print_bios_data when bios_data version==4
Fix possible null pointer dereference in loader.c
Fix possible null pointer dereference in tpm_12.c and tpm_20.c
Avoid buffer overrun when append tpm12 eventlog
Fix possible NULL pointer dereference
Fix one event log issue caused by wrong append and print operation
Fix error "unsupported hash alg" for agile extend policy
Fix warning "ACM info_table version mismatch"
Update the tpm family detection with a general way
Fix a lcp tools issue caused by redefining TB_HALG_SHA1 from 0 to 4
Assign g_tpm a value for no tpm case to avoid NULL checks
Fix crash when TPM is missing
Fix infinite loop in determine_multiboot_type()
Fix typo in tpm20_init() and remove unused variable
Allow the to-be-measured nv to be protected by AUTHWRITE
Check cpu vendor id to avoid unexpected behavior in non-intel cpu
Change to detect TPM family only once
Fix some typos caused by copy-paste
20140130: v1.8.0
Update README for TPM2 support
tpm2 support
Adding sha256 algorithm implementation
Update README for TPM NV measuring
Update README for EFI support
Fix typo in tboot/Makefile
Increase the supported maximum number of cpus from 256 to 512
Extend tboot policy supporting measuring TPM NV
EFI support via multiboot2 changes
Fix typo in common/hash.c
Fix verification for extended data elements in txt heap
20130705: v1.7.4
Fix possible empty submenu block in generated grub.cfg
Add a call_racm=check option for easy RACM launch result check
Fix type check for revocation ACM.
20121228: v1.7.3
Update README with updated code repository url.
Fix grub2 scripts to be compatible with more distros.
Update README for RACM launch support
Add a new option "call_racm=true|false" for revocation acm(RACM) launch
Fix potential buffer overrun & memory leak in crtpconf.c
Fix a potential buffer overrun in lcptools/lock.c
Print cmdline in multi-lines
Optional print TXT.ERRORCODE under level error or info
Fix side effects of tboot log level macros in tools
Update readme for the new detail log level
Classify all logs into different log levels
Add detail log level and the macros defined for log level
Fix acmod_error_t type to correctly align all bits in 4bytes
20120929: v1.7.2
Add Makefile for docs to install man pages.
Add man pages for tools
Add grub-mkconfig helper scripts for tboot case in GRUB2
Fix for deb build in ubuntu
Fix S3 issue brought by c/s 308
Fix a S4 hang issue and a potential shutdown reset issue
Fix build with new zlib 1.2.7.
Initialize event log when S3
Update README to change upstream repo url from bughost.org to sf.net.
20120427: v1.7.1
Fix cmdline size in tb_polgen
Add description for option min_ram in README.
new tboot cmdline option "min_ram=0xXXXXXX"
Update test-patches/tpm-test.patch to fit in latest code.
20120115: v1.7.0
Print version number while changeset info unavailable
Document DA changes in README
Add event log for PCR extends in tboot
Follow details / authorities PCR mapping style in tboot
Support details / authorities PCR mapping
Support TPM event log
fix build issue for txt-stat in 64 bit environment.
update README for mwait AP wakeup mechanism
tboot: provide a new AP wakeup way for OS/VMM - mwait then memory write
Original txt-stat.c doesn't display TXT heap info by default. Add
command line options to display help info and optionally enable
displaying heap info.
Fix a shutdown issue on heavily throttled large server
Adjust mle_hdr.{mle|cmdline}_{start|end}_off according to CS285,286
changes to give lcp_mlehash correct info to produce hash value.
Fix boot issue caused by including mle page table into tboot memory
Fix for possible overwritting to mle page table by GRUB2
Add PAGE_UP() fn that rounds things up/donw to a page.
Update get_mbi_mem_end() with a accurate, safer calculating way
ACPI fix and sanity check
Add some sanity check before using mods_count in a count-down loop
TPM: add waiting on expect==0 before issue tpmGo
txt-stat: Don't show heap info by default.
Exchange definitions for TBOOT_BASE_ADDR & TBOOT_START
Add const qualifier for suibable parms of all possible fns.
fix possible mbi overwrite issue for Linux with grub2
enhance print_mbi() to print more mbi info for debug purpose
Fix for GRUB2 loading elf image such as Xen.
Move apply_policy() call into txt_post_launch()
Don't zap s3_key in tboot shared page if sealing failed due to tpm
unowned
Update the explanation of signed lists to make it clearer.
tboot: add a fall back for reboot via keyboard reset vector
tboot: revise README to explain how to configure GRUB2 config file for
tboot
tboot: rewrite acpi reg access fns to refer to bit_width instead of
access_width
tboot: change reboot mechanism to use keyboard reset vector
tboot: handle mis-programmed TXT config regs and TXT heap gracefully
tboot: add warning when TPM timeout values are wrong
all PM1_CNT accesses should be 16bit.
Enlarge NR_CPUS from 64 to 256
Add support for SBIOS policy element type (LCP_SBIOS_ELEMENT) to
lcp_crtpolelt
Fix processor id list matching between platform and acmod
Make lcp_crtpollist support empty lists (i.e. with no elements)
print a bit more error reasons in txt-stat
Fix segmentation fault in txt-stat on some systems
20110429: v1.5.0
Fix build errors under Fedora 15
Various cleanups to output and checks to make it more readable
Removed PAGE_SIZE/PAGE_SHIFT requirements from utils/*
Added definitions of PAGE_SIZE and PAGE_SHIFT to acminfo.c
Fix display of TXT.ERRORCODE values
Added Developer's Certificate of Origin 1.1 to README
Add support for TXT heap extended data elements and BiosData version 4
Removed some fields and changed names for some TXT configuration space
registers
Add support for AC Module chipset info table version 4 (ProcessorIDList)
Separate AC Module subtype field from type field in ACM header
Fixed error in description of what is extended to PCRs 17, 18, and 19.
Fix tboot Makefile to make object files explicit in order to avoid
incorrect ordering
Removed no_usb command line parameter and SMI disabling
Fixed bug with PCONF elements not displaying correctly
Support MAXPHYADDR > 36b
Reversed and rewrote c/s 225 for wrapping tboot policy in LCP custom
element to store tb policy in the LCP PO index.
Added the log level support.
Clean up build
Trigger TB_ERR_S3_INTEGRITY and don't call verify_integrity() if a
measured launch is not performed on S3 resume. Then the policy
decides whether to continue unmeasured S3 launch or not.
verify_integrity() should be called after TXT is launched on S3 resume.
Continue to fix the error message "response size incorrect".
Add checking whether a given index exists by its public data in TPM NV,
because the original "response size incorrect" is not clear to
describe the error message.
Make default parameter values for command line parameters consistent
with the default initialized values.
Fixed to support offsetof definition for gcc 3.X and below.
Moved utility binaries (lcptools/*, tb_polgen, utils/*) to /usr/sbin to
conform to convention for non-critical system utilities
Re-licensing tboot/include/printk.h to BSD
Fixed a bug in txt-stat. In tboot_log_t, char *buf will occupy 4 bytes
on 32bit system and 8 bytes on 64bit. Both sizeof(*log) and
offsetof(tboot_log_t, buf) cannot get the accurate position of the
log memory, which might cause some characters missing in the log
printed by running "txt-stat".
Removed end-of-line CRs from README file
Moved definitions of tpm_pcrvalue_t and tpm_pcr_composite_t from lcp2.h
back to pconf_elt.c, sinc they are only needed by pconf_elt.c
Fixed the bug in pconf creation.
Pause when transferring to VMM/kernel and SINIT by GETSEC[SENTER].
Again, clean the code and fix to see the first few lines of tboot
output and sync-up serial port output with vga output when pause.
Fix the compile error for c/s 225
Use LCP_POLELT_TYPE_CUSTOM to wrap tboot policy, so tboot policy is
allowed to be stored in the LCP index and be signed, etc.
Additionally tboot code unwraps the policy from the PO index.
Change to use time-based timeout instead of counter-based timeout for
tpm_save_state().
Fixed option values in tb_polgen
Fix build error in lcptools on systems that don't support 'ehco -e'
Change serial command line option back to original format
Removed htobeXX() fns because not supported in older glibc
Fix build error (on some systems) in lcptools
Fix print_mbi() to have more useful and properly-formatted output
Disable legacy USB SMIs by default
Fixed bug in creation of LCP_PCONF_ELEMENT
Fix build errors with gcc v4.1.2
Add timeout ot comc_setup() and don't re-initialize serial on shutdown
Added additional compiler warnings and cleaned up code to build cleanly
Merge
Fixes support for PCI serial cards
Fixed buffer overrun errors in lcptools/ and compilation error on some
systems in utils/
Fix build error
Improve efficiency of div64()
All non-BSD compatible files rmeoved and functionality replaced by BSD
compatible code
Fix bug where some e820 configurations would case recent USB-related
fix code to reserve too much memory
Fix S3 resume path to not call copy_e820_table()
Remove SINITs and LCP policy data files from module list before modules
are verified and measured
Fix issue where tboot would appear to hang after SENTER on some BIOSes
(due to DMA protecting legacy USB buffers)
Fixed build inconsistencies
Always extend PCRs on S3 integrity creation/verification
Added support for 'vga_delay' command line option
Fix bug in TXT.VER.EMIF/FSBIF handling
Fixed debug chipset detection
Fix for changed defn. of is_acmod()
Add support for choosing correct SINIT ACM from multiple loaded modules
This patch is to clean up the code by clearing all blank spaces at the
end of
This patch changes VMAC_NHBYTES from the standard 128 to 4K in order to
improve the performance of MACing.
This patch adds pae paging support into tboot for tboot to access >4GB
memory during S3 MACing.
Walkaround for pvops to read public config registers.
Explicitly link lcp_mlehash with libz
Don't write to tboot's launch error index if it doesn't exist
Merge TPM timeout workaround
Workaround for TPMs with incorrect timeout values
This patch reimplements memory reading by lseek()/read() in order to
fix mmap() issue which causes dom0 hangs under pvops.
Added dependency to give "friendly" error if trousers is not installed
Fix build error
Add support for LCP v2, as defined in December 2009 MLE Developers
Guide chapt. 3 and Appendix E
Moved acminfo and txt-stat from txt-test to (new) utils directory and
added parse_err utility
Removed trousers sub-project
Update for latest TXT data structures and GETSEC[PARAMETERS] type
Handle case where BSP does not have APIC ID 0
Support TPMs that return TPM_RETRY for TPM_SaveState command
Fix one more '&' to '&&' ocurrence.
Fix bug with '&' instead of '&&'.
Fixed a timeout bug in 163
Added text that repo chnages are sent to
[email protected] mailing list.
Updated README about e820 table memory types used.
Updated README with the fact that TXT support is now part of the 2.6.32
kernel.
add gzip lib to fix build errors
Fixed "Handle page table addr in ECX", some SINITs are not fully ready
for this.
Fixed overflow check in folder txt-test.
Add MSEG verification.
Continue to fix build warning on ubuntu 4.3.2
Fix the build warning with gcc 4.3.2 on ubuntu 4.3.2
Check the return values from some functions.
Check overflow for uint32_t, and some other types.
Before checking bios data, check TXT supported
Read real TIMEOUT values from TPM and set timeout
Handle page table addr in ECX
Fix the potential segmentation fault in find_mle_hdr,
Changed mechanism for initializing VMCS controls; changed license to BSD
Copy LCP owner policy data (if present) to buffer in os_mle_data
Create common fn to determine end addr of tboot; don't set
boot_params->tboot_shared_addr if launching Linux w/o TXT
Fix locking for AP wakeup and WFS
If APIC ID of AP exceeds NR_CPUS, put AP into hlt loop
Increase NR_CPUS to allow for discontiguous APIC IDs on some systems
Update spinlock.h with latest Xen code
Reserved tboot's memory as E820_RESERVED if launching Linux; fix tboot
image size
Clear key from memory even when seal/unseal fails
Fix bug in tpm_write_cmd_fifo() when tracing TPM data
Ensure that memory region chosen for initrd is large enough
Changed passing of shared page for Linux to use new field in boot_params
This is a test.
Fix bug with calling verify_modules() on S3 resume patch
Added -Wformat-security to Config.mk to catch additional errors and
fixed resulting warnings; also fixed some warnings that are
generated by gcc v4.4
Fixed bug in tpm_seal() with setting of localityAtCreation and added
fallback for tpm_get_random()
Remove SINIT and LCP data modules from mbi structure when not doing
measured launch
Do TPM_SaveState as last TPM command
20090330:
Added s3_key and num_in_wfs fields to tboot_shared_t and rev'ed
version to 5
Use VMAC as S3 integrity MAC algo
Changed tboot load/start addr to 0x800000 (8MB)
Fixed support for newer Linux kernels
Support TB_SHUTDONW_WFS shutdown type for APs
Misc. fixes
20090130:
Fixed build issues with newer versions of gcc (e.g. in Fedora 9)
Increased CPU/core/thread support to 32 CPUs/cores/threads
Simpified tboot build process to be that of standard ELF binary
Enhanced logging support (see README)
Include tboot command line in its hash; support for including command
line in hash added to lcp_mlehash
Always extend measurement of module 0 to PCR 18
Added verification of memory layout on launch
Set VT-d PMR protections to cover all usable RAM
Misc. fixes
20081008:
Fixed build error in lcptools/
20081007:
Updated README and doc/* files
Fixed support for in-memory serial log
Fixes and enhancements to txt-stat
Changed policy format (see doc/policy.txt for new command syntax)
Added support for launching Linux kernels >= 2.6.20 (Linux kernel
patches will be available on LKML)
Fixed build errors under gcc v4.3.0+
20080609:
Removed support for Technology Enabling Platform (TEP)
Removed support for SINIT AC module versions <16 (i.e. <= 20070910)
Updated per changes in May 2008 Intel(R) TXT MLE Developer's Manual:
Updated to MLE (header) version 2.0
Updated OsSinitData, SinitMleData structs
Updated AC module InfoTable struct
Support Capabilities fields
Support MONITOR-based RLP wakeup
Added acminfo app to parse and display AC module information
Updated for v3 of BiosData struct
Reduced TPM-related serial output
Fixed sealing of hashes for restoring PCRs after S3 resume
Misc. fixes and code cleanup
20080523:
Updated TrouSerS version to 0.3.1 and to download it from its SF site
Fixed several items regarding TPM:
call TPM_SaveState in case launching kernel that does not, so
that S3 resume will restore SRTM PCRs
support for TPMs with an Idle state
fixed timeout values per TCG spec
enforce that TPM is activated and enabled (or fail launch)
misc. fixes
Fixed failure paths to apply policy
Enhancements to and cleanup of policy support
Cap PCRs on exit
Added txt-stat app to display TXT config registers and status info
S3 fixes
Added 'loglvl' command line option to control serial output
Handle unordered and overlapping e820 tables
Misc. fixes and code cleanup
20071128:
Added '-f' command line option to lcptools/tpmnv_getcap to display the
TPM_PERMANENT_FLAGS and TPM_STCLEAR_FLAGS contents
Revised the docs/policy.txt steps
Code and build re-factoring and cleanup (default target is now 'build')
Make memory logging build-time optional and disable by default
Support >2 cores/threads
Move tboot to load and execute at 16MB (this also now protects it from
dom0 access since it's memory type can be E820_UNUSABLE now)
*** this requires a patch to Xen ***
The Xen command line shoudl have 'no-real-mode' removed and 'vtd=1'
added (as indicated in the updated docs/tboot-info.txt)
setting 'vtd=1' is optional but some systems fail to boot dom0
otherwise
*** setting 'vtd=1' will cause S3 resume to fail ***
Updated trousers sub-directory to download 0.3.1 version from TrouSerS
SourceForge site and build it
20071029:
Moved build_tools target into top-level Makefile
Put 'tboot=0x1234' (where 1234 is the addr of the tboot_shared data)
on VMM/kernel command line, per latest Xen feedback
Changed TB_LAUNCH_ERR_IDX to 0x20000002
Made TPM detailed debug ouput conditional
Changes TBOOT_S3_WAKEUP_ADDR to 0x8a000 to ensure no conflicts
20071026:
Initial version.