Skip to content

Releases: tpm2-software/tpm2-tools

5.7

26 Apr 11:34
@AndreasFuchsTPM AndreasFuchsTPM
5.7
This tag was signed with the committer’s verified signature.
AndreasFuchsTPM Andreas Fuchs
GPG key ID: 8F4F9A45D7FFEE74
Learn about vigilant mode.
c6e182c
Compare
Choose a tag to compare
5.7 Latest
Latest

Security

  • Fixed CVE-2024-29038
  • Fixed CVE-2024-29039

Fixed

  • Fix eventlog test
  • Fix issues with reading NV indexes
  • Fix context save error on tpm2_create
  • tpm2_sessionconfig: fix handling of --disable-continue session so that the subsequent command will not fail
    when attempting to context save a flushed session.
  • detection of functions within libcrypto when CRYPTO_LIBS is set and system has install libcrypto.
  • tpm2_send: fix EOF detection on input stream.
  • tpm2_policy.c fix compilation error caused by format directive for size_t on 32 bit systems.
  • tpm2_nvread: fix input handling no nv index.
  • Auth file: Ensure 0-termination when reading auths from a file.
  • configure.ac: fix bashisms. configure scripts need to be runnable with a POSIX-compliant /bin/sh.
  • cirrus.yml fix tss compilation with libtpms for FreeBSD.
  • tpm2_tool.c Fix missing include for basename to enable compilation on netbsd.
  • options: fix TCTI handling to avoid failures for commands that should work with no options.
  • tpm2_getekcertificate.c Fix leak. ek_uri was not freed if get_ek_server_address failed.

Added

  • Add the possibility for autoflush (environment variable "TPM2TOOLS_AUTOFLUSH", or -R option)

Removed

  • Testing on Ubuntu 18.04 as it's near EOL (May 2023).m2_policy.c fix compilation error caused by format directive for size_t on 32 bit systems.
  • tpm2_nvread: fix input handling no nv index.
Assets 4
Loading

5.6.1

26 Apr 11:38
@AndreasFuchsTPM AndreasFuchsTPM
5.6.1
This tag was signed with the committer’s verified signature.
AndreasFuchsTPM Andreas Fuchs
GPG key ID: 8F4F9A45D7FFEE74
Learn about vigilant mode.
6ea98b5
Compare
Choose a tag to compare
5.6.1

Security

  • Fixed CVE-2024-29038
  • Fixed CVE-2024-29039

Fixed

  • tpm2_sessionconfig: fix handling of --disable-continue session so that the subsequent command will not fail.
  • tpm2_policy.c fix compilation error caused by format directive for size_t on 32 bit systems.
  • Auth file: Ensure 0-termination when reading auths from a file.
  • cirrus.yml fix tss compilation with libtpms for FreeBSD.
  • tpm2_tool.c Fix missing include for basename to enable compilation on netbsd.
  • tpm2_nvread: fix input handling no nv index.
  • options: fix TCTI handling to avoid failures for commands that should work with no options.
  • tpm2_getekcertificate.c Fix leak. ek_uri was not freed if get_ek_server_address failed.

Removed

  • Testing on Ubuntu 18.04 as it's near EOL (May 2023).m2_policy.c fix compilation error caused by format directive for size_t on 32 bit systems.
Assets 4
Loading

5.5.1

26 Apr 11:41
@AndreasFuchsTPM AndreasFuchsTPM
5.5.1
This tag was signed with the committer’s verified signature.
AndreasFuchsTPM Andreas Fuchs
GPG key ID: 8F4F9A45D7FFEE74
Learn about vigilant mode.
0868b2f
Compare
Choose a tag to compare
5.5.1

Security

  • Fixed CVE-2024-29038
  • Fixed CVE-2024-29039
Assets 4
Loading

5.6 - 2023-11-08

08 Nov 16:08
@ajaykish ajaykish
5.6
This tag was signed with the committer’s verified signature.
ajaykish Ajay Kishore
GPG key ID: 0D0DB2B265493E29
Learn about vigilant mode.
a36f8e2
This commit was signed with the committer’s verified signature.
ajaykish Ajay Kishore
GPG key ID: 0D0DB2B265493E29
Learn about vigilant mode.
Compare
Choose a tag to compare
5.6 - 2023-11-08

  • tpm2_eventlog:
    - add H-CRTM event support
    - add support of efivar versions less than 38
    - Add support to check for efivar/efivar.h manually
    - Minor formatting fixes
    - tpm2_eventlog: add support for replay with different StartupLocality
    - Fix pcr extension for EV_NO_ACTION
    - Extend test of yaml string representation
    - Use helper for printing a string dump
    - Fix upper bound on unique data size
    - Fix YAML string formatting

  • tpm2_policy:

    • Add support for parsing forward seal TPM values
    • Use forward seal values in creating policies
    • Move dgst_size in evaluate_populate_pcr_digests()
    • Allow more than 8 PCRs for sealing
    • Move dgst_size in evaluate_populate_pcr_digests
    • Allow more than 8 PCRs for sealing
    • Make __wrap_Esys_PCR_Read() more dynamic to enable testing more PCRs

  • tpm2_encryptdecrypt: Fix pkcs7 padding stripping

  • tpm2_duplicate:

    • Support -a option for attributes
    • Add --key-algorithm option

  • tpm2_encodeobject: Use the correct -O option instead of -C

  • tpm2_unseal: Add qualifier static to enhance the privacy of unseal function

  • tpm2_sign:

    • Remove -m option which was added mistakenly
    • Revert sm2 sign and verifysignature

  • tpm2_createek:
    - Correct man page example

    • Fix usage of nonce
    • Fix integrating nonce

  • tpm2_clear: add more details about the action

  • tpm2_startauthsession: allow the file attribute for policy authorization.

  • tpm2_getekcertificate: Add AMD EK support

  • tpm2_ecdhzgen: Add public-key parameter

  • tpm2_nvreadpublic: Prevent free of unallocated pointers on failure

  • Bug-fixes:

    • The readthedocs build failed with module 'jinja2' has no attribute 'contextfilter'
      a requirement file was added to fix this problem

    • An error caused by the flags -flto -_FORTIFY_SOURCE=3 in kdfa implementation.
      This error can be avoided by switching off the optimization with pragma

    • Changed wrong function name of "Esys_Load" to "Esys_Load"

    • Function names beginning with Esys_ are wrongly written as Eys_

    • Reading and writing a serialized persistent ESYS_TR handles

    • cirrus-ci update image-family to freebsd-13-2 from 13-1

  • misc:

    • Change the default Python version to Python3 in the helper's code

    • Skip test which uses the sign operator for comparison in abrmd_policynv.sh

    • tools/tr_encode: Add a tool that can encode serialized ESYS_TR for persistent handles
      from the TPM2B_PUBLIC and the raw persistent TPM2_HANDLE

    • Add safe directory in config

Assets 4
Loading

5.6-rc0 - 2023-09-26

25 Sep 23:46
@ajaykish ajaykish
5.6-rc0
This tag was signed with the committer’s verified signature.
ajaykish Ajay Kishore
GPG key ID: 0D0DB2B265493E29
Learn about vigilant mode.
0cb093f
This commit was signed with the committer’s verified signature.
ajaykish Ajay Kishore
GPG key ID: 0D0DB2B265493E29
Learn about vigilant mode.
Compare
Choose a tag to compare
5.6-rc0 - 2023-09-26 Pre-release
Pre-release

  • tpm2_eventlog:

    • add H-CRTM event support
    • add support of efivar versions less than 38
    • Add support to check for efivar/efivar.h manually
    • Minor formatting fixes
    • tpm2_eventlog: add support for replay with different StartupLocality
    • Fix pcr extension for EV_NO_ACTION
    • Extend test of yaml string representation
    • Use helper for printing a string dump
    • Fix upper bound on unique data size
    • Fix YAML string formatting

  • tpm2_policy:

    • Add support for parsing forward seal TPM values
    • Use forward seal values in creating policies
    • Move dgst_size in evaluate_populate_pcr_digests()
    • Allow more than 8 PCRs for sealing
    • Move dgst_size in evaluate_populate_pcr_digests
    • Allow more than 8 PCRs for sealing
    • Make __wrap_Esys_PCR_Read() more dynamic to enable testing more PCRs

  • tpm2_encryptdecrypt: Fix pkcs7 padding stripping

  • tpm2_duplicate:

    • Support -a option for attributes
    • Add --key-algorithm option

  • tpm2_encodeobject: Use the correct -O option instead of -C

  • tpm2_unseal: Add qualifier static to enhance the privacy of unseal function

  • tpm2_sign:

    • Remove -m option which was added mistakenly
    • Revert sm2 sign and verifysignature

  • tpm2_createek:

    • Correct man page example
    • Fix usage of nonce
    • Fix integrating nonce

  • tpm2_clear: add more details about the action

  • tpm2_startauthsession: allow the file attribute for policy authorization.

  • tpm2_getekcertificate: Add AMD EK support

  • tpm2_ecdhzgen: Add public-key parameter

  • tpm2_nvreadpublic: Prevent free of unallocated pointers on failure

  • Bug-fixes:

    • The readthedocs build failed with module 'jinja2' has no attribute 'contextfilter'
      a requirement file was added to fix this problem

    • An error caused by the flags -flto -_FORTIFY_SOURCE=3 in kdfa implementation.
      This error can be avoided by switching off the optimization with pragma

    • Changed wrong function name of "Esys_Load" to "Esys_Load"

    • Function names beginning with Esys_ are wrongly written as Eys_

    • Reading and writing a serialized persistent ESYS_TR handles

    • cirrus-ci update image-family to freebsd-13-2 from 13-1

  • misc:

    • Change the default Python version to Python3 in the helper's code

    • Skip test which uses the sign operator for comparison in abrmd_policynv.sh

    • tools/tr_encode: Add a tool that can encode serialized ESYS_TR for persistent handles
      from the TPM2B_PUBLIC and the raw persistent TPM2_HANDLE

Assets 4
Loading

5.5

13 Feb 15:41
@williamcroberts williamcroberts
5.5
7ef8b4c
Compare
Choose a tag to compare
5.5

5.5 - 2022-02-13

Added

  • tpm2_createek:

    • SM2 EK Support

  • misc:

    • SM2 support to internal OSSL format key routines. Fixes --format
      flags for conversions.

Fixed:

  • echo_tcti.py: set to use python3 named executable in shebang.
Assets 4
Loading

5.5-rc1

12 Dec 21:28
@williamcroberts williamcroberts
5.5-rc1
1f47c4d
Compare
Choose a tag to compare
5.5-rc1 Pre-release
Pre-release

5.5-rc1 - 2022-12-12

Added

  • tpm2_createek:

    • SM2 EK Support

  • misc:

    • SM2 support to internal OSSL format key routines. Fixes --format
      flags for conversions.

Fixed:

  • echo_tcti.py: set to use python3 named executable in shebang.
Assets 4
Loading

5.4

05 Dec 16:44
@williamcroberts williamcroberts
5.4
137ab2a
Compare
Choose a tag to compare
5.4

5.4 - 2022-12-05

Added:

  • tpm2_policyrestart:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyRestart.

  • tpm2_policynvwritten:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyNvWritten.

  • tpm2_policylocality:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyLocality.

  • tpm2_policycountertimer:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyCounterTimer.

  • tpm2_policycommandcode:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyCommandCode.

  • tpm2_policypassword:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyPassword.

  • tpm2_policyauthvalue:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyAuthValue.

  • tpm2_policyauthorize:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyAuthorize.

  • tpm2_print:

    • Support printing serialized ESYS_TR's

  • tpm2_create:

    • Add a clarifying message to usage of -c when TPM2_CreateLoaded
      is not supported.

  • tpm2_getcap:

    • Add support for vendor agnostic capabilites. Requires tpm2-tss version 4.0
      and higher to enable.

  • Add a script, check_endorsement_cert.sh, to validate the endorsement
    certificate chain. It takes two inputs - A TPM2B_PUBLIC format EKpublic and
    a PEM format EKcertificate specified in that order as arguments.

Assets 4
Loading

5.5-rc0

05 Dec 17:11
@williamcroberts williamcroberts
5.5-rc0
2c9d1b4
Compare
Choose a tag to compare
5.5-rc0 Pre-release
Pre-release

5.5-rc0 - 2022-12-05

Added

  • tpm2_createek:

    • SM2 EK Support

  • misc:

    • SM2 support to internal OSSL format key routines. Fixes --format
      flags for conversions.
Assets 4
Loading

5.4-rc0

28 Nov 21:36
@williamcroberts williamcroberts
5.4-rc0
ec55bc2
Compare
Choose a tag to compare
5.4-rc0 Pre-release
Pre-release

5.4-rc0 - 2022-11-28

Added:

  • tpm2_policyrestart:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyRestart.

  • tpm2_policynvwritten:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyNvWritten.

  • tpm2_policylocality:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyLocality.

  • tpm2_policycountertimer:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyCounterTimer.

  • tpm2_policycommandcode:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyCommandCode.

  • tpm2_policypassword:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyPassword.

  • tpm2_policyauthvalue:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyAuthValue.

  • tpm2_policyauthorize:

    • Added option --cphash to output the cpHash for the command
      TPM2_CC_PolicyAuthorize.

  • tpm2_print:

    • Support printing serialized ESYS_TR's

  • tpm2_create:

    • Add a clarifying message to usage of -c when TPM2_CreateLoaded
      is not supported.

  • tpm2_getcap:

    • Add support for vendor agnostic capabilites. Requires tpm2-tss version 4.0
      and higher to enable.

  • Add a script, check_endorsement_cert.sh, to validate the endorsement
    certificate chain. It takes two inputs - A TPM2B_PUBLIC format EKpublic and
    a PEM format EKcertificate specified in that order as arguments.

Assets 4
Loading