Name: tpm2.0-tools	Distribution: openSUSE:Factory:zSystems
Version: 5.6	Vendor: openSUSE
Release: 1.1	Build date: Fri Dec 29 00:16:33 2023
Group: Productivity/Security	Build host: s390zl24
Size: 1615916	Source RPM: tpm2.0-tools-5.6-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/tpm2-software/tpm2-tools/releases
Summary: Trusted Platform Module (TPM) 2.0 administration tools

Trusted Computing is a set of specifications published by the Trusted
Computing Group (TCG). The Trusted Platform Module (TPM) is the
hardware component for Trusted Computing. The tpm2.0-tools package
provides tools for enablement and configuration of the TPM 2.0 and
associated interfaces.

Provides

Requires

License

BSD-3-Clause

Changelog

* Thu Dec 21 2023 Alberto Planas Dominguez <aplanas@suse.com>
- Update to version 5.6
+ tpm2_eventlog:
* add H-CRTM event support
* add support of efivar versions less than 38
* Add support to check for efivar/efivar.h manually
* Minor formatting fixes
* tpm2_eventlog: add support for replay with different
StartupLocality
* Fix pcr extension for EV_NO_ACTION
* Extend test of yaml string representation
* Use helper for printing a string dump
* Fix upper bound on unique data size
* Fix YAML string formatting
+ tpm2_policy:
* Add support for parsing forward seal TPM values
* Use forward seal values in creating policies
* Move dgst_size in evaluate_populate_pcr_digests()
* Allow more than 8 PCRs for sealing
* Move dgst_size in evaluate_populate_pcr_digests
* Allow more than 8 PCRs for sealing
* Make __wrap_Esys_PCR_Read() more dynamic to enable testing more
PCRs
+ tpm2_encryptdecrypt: Fix pkcs7 padding stripping
+ tpm2_duplicate:
* Support -a option for attributes
* Add --key-algorithm option
+ tpm2_encodeobject: Use the correct -O option instead of -C
+ tpm2_unseal: Add qualifier static to enhance the privacy of unseal
function
+ tpm2_sign:
* Remove -m option which was added mistakenly
* Revert sm2 sign and verifysignature
+ tpm2_createek:
* Correct man page example
* Fix usage of nonce
* Fix integrating nonce
+ tpm2_clear: add more details about the action
+ tpm2_startauthsession: allow the file attribute for policy
authorization.
+ tpm2_getekcertificate: Add AMD EK support
+ tpm2_ecdhzgen: Add public-key parameter
+ tpm2_nvreadpublic: Prevent free of unallocated pointers on failure
+ Bug-fixes:
* The readthedocs build failed with module 'jinja2' has no
attribute 'contextfilter' a requirement file was added to fix
this problem
* An error caused by the flags -flto -_FORTIFY_SOURCE=3 in kdfa
implementation. This error can be avoided by switching off the
optimization with pragma
* Changed wrong function name of "Esys_Load" to "Esys_Load"
* Function names beginning with Esys_ are wrongly written as Eys_
* Reading and writing a serialized persistent ESYS_TR handles
* cirrus-ci update image-family to freebsd-13-2 from 13-1
+ misc:
* Change the default Python version to Python3 in the helper's
code
* Skip test which uses the sign operator for comparison in
abrmd_policynv.sh
* tools/tr_encode: Add a tool that can encode serialized ESYS_TR
for persistent handles from the TPM2B_PUBLIC and the raw
persistent TPM2_HANDLE
* Add safe directory in config
* Wed May 17 2023 Alberto Planas Dominguez <aplanas@suse.com>
- Disable tests. Some tests randomly fails, maybe dependening on the
OBS worker assigned during the build (not confirmed)
* Thu Feb 16 2023 Alberto Planas Dominguez <aplanas@suse.com>
- Update to version 5.5
+ Added:
* tpm2_createek: SM2 EK Support
* misc: SM2 support to internal OSSL format key routines. Fixes
- -format flags for conversions.
+ Fixed:
* echo_tcti.py: set to use python3 named executable in shebang.
- Drop already merged patches
+ fix_bogus_warning.patch
+ echo_tcti_call_python3_binary.patch
* Wed Jan 04 2023 Alberto Planas Dominguez <aplanas@suse.com>
- Re-disable tests in PPC, PPC64 and S390X and reference issues about
endianness unsafe API
* Thu Dec 08 2022 Alberto Planas Dominguez <aplanas@suse.com>
- Update to version 5.4
+ Added:
* tpm2_policyrestart: Added option --cphash to output the cpHash
for the command PM2_CC_PolicyRestart.
* tpm2_policynvwritten: Added option --cphash to output the cpHash
for the command TPM2_CC_PolicyNvWritten.
* tpm2_policylocality: Added option --cphash to output the cpHash
for the command TPM2_CC_PolicyLocality.
* tpm2_policycountertimer: Added option --cphash to output the
cpHash for the command TPM2_CC_PolicyCounterTimer.
* tpm2_policycommandcode: Added option --cphash to output the
cpHash for the command TPM2_CC_PolicyCommandCode.
* tpm2_policypassword: Added option --cphash to output the cpHash
for the command TPM2_CC_PolicyPassword.
* tpm2_policyauthvalue: Added option --cphash to output the cpHash
for the command TPM2_CC_PolicyAuthValue.
* tpm2_policyauthorize: Added option --cphash to output the cpHash
for the command TPM2_CC_PolicyAuthorize.
* tpm2_print: Support printing serialized ESYS_TR's
* tpm2_create: Add a clarifying message to usage of -c when
TPM2_CreateLoaded is not supported.
* tpm2_getcap: Add support for vendor agnostic
capabilites. Requires tpm2-tss version 4.0 and higher to enable.
* Add a script, check_endorsement_cert.sh, to validate the
endorsement certificate chain. It takes two inputs - A
TPM2B_PUBLIC format EKpublic and a PEM format EKcertificate
specified in that order as arguments.
- Update to version 5.3
+ Features:
* lib/tpm2_tool.c: add --help=no-man for tpm2 option. Prior to
this change the tool parsed no-man as an unrecognized option and
errored out. Now it lists all the available tool options.
* tpm2_encodeobject: New tool to encode TPM2 object. It takes
public and private portions of an object and encode them in a
combined PEM form called tssprivkey used by tpm2-tss-engine and
other applications.
* Support alternative ECC curves for which default EK templates
exist (NIST_P256, NIST_P384, NIST_P521, and SM2_P256).
* tools/misc/tpm2_checkquote: add sm2 verification of signature.
* crypto: support the TPM2_ECC_SM2_P256 curveID.
* fapi: add new command to enable the use of fapi objects for tpm2
tools. The new command tss2_gettpm2object was added. With this
command context files which can be used for tpm2 tool commands
can be created.
* Support for sign and verify with sm2 algorithms.
* tools/tpm2_startauthsession: add sym-algorithm argument for
supported symmetric algorithm.
* Attestation (certify, command audit, sessionaudit and quote):
add scheme argument for supported signature schemes. This also
enable support for SM signing.
* tpm2_flushcontext: support all options at a time. Support the
- t/-l/-s options all at once so folks don't have to call it
multiple times.
* tools/tpm2_nvread: add human readable output for NV content
Enable parsing and YAML-style output for the different NV index
types.
* New event types in tpm2_eventlog:
EV_EFI_PLATFORM_FIRMWARE_BLOB2, EV_EFI_HANDOFF_TABLES2,
EV_EFI_VARIABLE_BOOT2
* VERSION: add version file - Generate the version file with
bootstrap and include in the DIST tarball so endusers can call
autoreconf on a dist tarball which doesn't have git. This
alleviates git describe errors on release tarballs in the
autoreconf case.
* import: support restricted parents - Support a restricted parent
with an aes128cfb symmetric parameter.
* tpm2_load - Added capability to load pem files in
TSS2-Private-Key format for interoperability with
tpm2-tss-engine, tpm2-openssl provider tpm2-pkcs11, and
tpm2-pytss.
* tpm2_print - Added capability to parse out and print the public
portion of a TSS Private Key in the PEM format with the arg
option TSSPRIVKEY_OBJ.
* tpm2_loadexternal: Added support to tpm2_loadexternal for
parsing and loading the public portion of a TSS2 Privkey PEM
file. The path to the PEM file must be specified using the -r
option while skipping the -G option for key type.
* Support added for calculating cpHash, rpHash, sessions for
parameter encryption and auditing in: tpm2_nvwrite,
tpm2_nvcertify, tpm2_nvincrement, tpm2_nvwritelock,
tpm2_nvreadlock, tpm2_nvundefine and tpm2_nvreadpublic.
* Support added for calculating cpHash in: tpm2_clear,
tpm2_dictionarylockout, tpm2_clearcontrol, tpm2_sign,
tpm2_setprimarypolicy, tpm2_setclock, tpm2_rsadecrypt,
tpm2_duplicate, tpm2_clockrateadjust, tpm2_createprimary,
tpm2_quote, tpm2_policysecret, tpm2_policynv,
tpm2_policyauthorizenv, tpm2_import, tpm2_hmac,
tpm2_hierarchycontrol, tpm2_load, tpm2_gettime,
tpm2_evictcontrol, tpm2_encryptdecrypt, tpm2_getpolicydigest,
tpm2_loadexternal, tpm2_commit, tpm2_ecdhkeygen, tpm2_ecdhzgen,
tpm2_ecephemeral, tpm2_geteccparameters, tpm2_flushcontext,
tpm2_pcrallocate, tpm2_pcrevent, tpm2_pcrreset, tpm2_pcrread.
* Support for using tcti=none for cpHash calculations to avoid
invoking checks for active TPM in: tpm2_nvreadpublic,
tpm2_nvundefine, tpm2_nvreadlock, tpm2_nvwritelock,
tpm2_nvincrement, tpm2_nvcertify, tpm2_nvdefine, tpm2_nvwrite.
+ Known issue:
* FAPI tools will not work on 32bit user-static qemu on 64bit host
because readdir returns NULL. Follow the issue on
https://gitlab.com/qemu-project/qemu/-/issues/263
+ Bug fixes:
* tools/tpm2_pcrreset.c: fix build errors in 32bit systems.
* Fix tssprivkey formatted PEM generation and load errors on 32
bit systems.
* CI: Add testing of 32bit systems with multiarch/qemu-user-static
containers.
* tools/tpm2_evictcontrol: fix for calls to Esys_TR_Close on bad
handles.
* tools/tpm2_nvextend: fix for ESYS_TR handle not being used in
calculating the object name.
* tools/tpm2_nvwrite, tools/tpm2_nvread: Policy authorization must
be re-instantiated on each iteration of the read/ write when
size exceeds the allowed operating size
(TPM2_PT_NV_BUFFER_MAX). However, information on the compounded
policies cannot be retrieved from the only policy digest read
from the session and hence the session cannot be
re-instantiated. To avoid this scenario only a single iteration
is allowed when policy authorization is in use.
* Fix argument parsing in tpm2_policylocality to fix an issue
causing almost always to generate PolicyLocality(0). There was a
logical inversion that caused almost any argument (including
invalid ones) to be interpreted as zero, except “zero" would be
interpreted as one.
* test/fapi/fapi-quote-verify.sh Fix check of qualifying
data. Because of a bug in Fapi_VerifyQuote the qualifying data
was not checked correctly. Errors that were not recognized
before occur now. The order of the tests was cleaned up and for
every quote and verify quote now the correct combination of the
qualifying data and quote info containing the nonce is used.
* tpm2_nvdefine: set TPMA_NV_PLATFORMCREATE when authenticating
with the platform hierarchy.
* tools/tpm2_getekcertificate: fixed the url link to
ekop.intel.com. There were two places where the fix was needed:
o In the tool source code where a forward slash was always
appended irrespective of it already being part of the link
specified by the user and
o In the integration test where curl tests the link to the
ekop.intel.com backend. It now requires the full link to
include the base64 encoded ek pub hash.
* tools/tpm2_tool.c: Fix an issue where LOG_WARN is always
displayed Despite setting the 'quiet' flag with -Q.
* fapi: fix usage of parameter pcrLog for tss2_quote. pcrLog is an
optional parameter. If pcrLog is not used as parameter currently
the pcr log is still calculated in Fapi_Quote. To avoid this
calculation a NULL pointer will be passed to Fapi_Quote if the
parameter pcrLog is not passed. So tss2_quote can be executed
for a user which has no access rights to the files with the
system measurements.
* import: fix bug on using scheme wherein if scheme is specified
in the template, the openssl load functions clobber the scheme
value and set it to TPM2_ALG_NULL.
* tools/tpm2_sign and tpm2_verifysignature: fix sm2 sign and
verifysignature bugs : (1.) sm2 sign could not get output
signature. (2.) sm2 verify tss format signature failed.
* lib/tpm2.c: added workaround for a system api bug where in the
flush handle is erroneously placed in the handle area instead of
the parameter area.
* nvreadpublic: drop ntoh on attributes The attributes get
marshalled to correct endianess by libmu and don’t need to be
changed again.
* Removing unused '-i' option from tpm2_print
* tpm2_policyor: fix unallocated policy list The TPML_DIGEST
policy list was calloc'd for some reason, however it could just
be statically allocated in the context. The side effect is that
when no options or arguments were given a NPD occured when
checking the count of the policy list.
* tools/tpm2_certify: fix man page for short options and add tests
The short options for the signing-key-auth and
certified-key-auth were swapped. The case fix in the man page
makes it less intuitive but have to go through with the change
so that we don't break any existing scripts. This change does
not affect the long options. Tests have been added to ensure the
functionality.
+ CI:
* ci: add ubuntu-22.04. This also requires the min tpm2-tss
version to be at 3.2.0 to support the openSSL major version 3.
* cirrus.yml: update freebsd version to 13.1
* .ci/download-deps.sh: update tpm2-abrmd dependency version to
2.4.1
- Drop 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch
(merged)
- Drop add_missing_shut_down_call_on_cleanup.patch (merged)
- Drop fix_check_of_qualifying_data.patch (merged)
- Add echo_tcti_call_python3_binary.patch (upstreamed)
* Thu Jul 14 2022 Alberto Planas Dominguez <aplanas@suse.com>
- Disable tests in some architectures (ppc, ppc64, s390x)
* Wed Jul 13 2022 Alberto Planas Dominguez <aplanas@suse.com>
- Add patch to fix leakage of TPM simulator process
add_missing_shut_down_call_on_cleanup.patch
- Add patch to fix fapi-quote-verify[_ecc].sh test
fix_check_of_qualifying_data.patch
- Enable test execution by default
* Fri Jul 08 2022 Alberto Planas Dominguez <aplanas@suse.com>
- Add missing dependencies for testing.
- Add patch to properly skip getekcertificate if curl is missing
0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch
* Thu Jul 07 2022 Alberto Planas Dominguez <aplanas@suse.com>
- Disable LTO for 5.2, to fix tpm2_makecredential with "-T none"
(bsc#1201291)
* Wed Dec 08 2021 Alberto Planas Dominguez <aplanas@suse.com>
- The update to 5.2 fill also jsc#SLE-9515 (4.1) and jsc#SLE-17366 (4.3.0)
* Mon Nov 29 2021 Alberto Planas Dominguez <aplanas@suse.com>
- Fix python3-PyYAML requirement
- Move the tests inside a bcond. Disabled by default.
* Wed Oct 20 2021 Alberto Planas Dominguez <aplanas@suse.com>
- Update to version 5.2:
+ tpm2_nvextend:
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NV_Extend command to the TPM.
+ tpm2_nvread:
* Added option --rphash=FILE to specify ile path to record the
hash of the response parameters. This is commonly termed as
rpHash.
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NVRead command to the TPM.
* Added option -S, --session to specify to specify an auxiliary
session for auditing and or encryption/decryption of the
parameters.
+ tpm2_nvsetbits:
* Added option --rphash=FILE to specify file path to record the
hash of the response parameters. This is commonly termed as
rpHash.
* Added option -S, --session to specify to specify an auxiliary
session for auditing and or encryption/decryption of the
parameters.
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NV_SetBits command to the TPM.
+ tpm2_createprimary:
* Support public-key output at creation time in various public-key
formats.
+ tpm2_create:
* Support public-key output at creation time in various public-key
formats.
+ tpm2_print:
* Support outputing public key in various public key formats over
the default YAML output. Supports taking -u output from
tpm2_create and converting it to a PEM or DER file format.
+ tpm2_import:
* Add support for importing keys with sealed-data-blobs.
+ tpm2_rsaencrypt, tpm2_rsadecrypt:
* Add support for specifying the hash algorithm with oaep.
+ tpm2_pcrread, tpm2_quote:
* Add option -F, --pcrs_format to specify PCR format selection for
the binary blob in the PCR output file. 'values' will output a
binary blob of the PCR values. 'serialized' will output a binary
blob of the PCR values in the form of serialized data structure
in little endian format.
+ tpm2_eventlog:
* Add support for decoding StartupLocality.
* Add support for printing the partition information.
* Add support for reading eventlogs longer than 64kb including
from /sys/kernel/security/tpm0/binary_bios-measurements.
+ tpm2_duplicate:
* Add option -L, --policy to specify an authorization policy to be
associated with the duplicated object.
* Added support for external key duplication without needing the
TCTI.
+ tools:
* Enhance error message on invalid passwords when sessions cannot
be used.
+ lib/tpm2_options:
* Add option to specify fake tcti which is required in cases where
sapi ctx is required to be initialized for retrieving command
parameters without invoking the tcti to talk to the TPM.
+ openssl:
* Dropped support for OpenSSL < 1.1.0
* Add support for OpenSSL 3.0.0
+ Support added to make the repository documentation and man pages
available live on readthedocs.
+ Bug-fixes:
* tpm2_import: Don't allow setting passwords for imported object
with -p option as the tool doesn't modify the TPM2B_SENSITIVE
structure. Added appropriate logging to indicate using
tpm2_changeauth after import.
* lib/tpm2_util.c: The function to calculate pHash algorithm
returned error when input session is a password session and the
only session in the command.
* lib/tpm2_alg_util.c: Fix an error where oaep was parsed under
ECC.
* tpm2_sign: Fix segfaults when tool does not find TPM resources
(TPM or RM).
* tpm2_makecredential: Fix an issue where reading input from stdin
could result in unsupported data size larger than the largest
digest size.
* tpm2_loadexternal: Fix an issue where restricted attribute could
not be set.
* lib/tpm2_nv_util.h: The NV index size is dependent on different
data sets read from the GetCapability structures because there
is a dependency on the NV operation type: Define vs Read vs
Write vs Extend. Fix a sane default in the case where
GetCapability fails or fails to report the specific property/
data set. This is especially true because some properties are
TPM implementation dependent.
* tpm2_createpolicy: Fix an issue where tool exited silently
without reporting an error if wrong pcr string is specified.
* lib/tpm2_alg_util: add error message on public init to prevent
tools from dying silently, add an error message.
* tpm2_import: fix an issue where an imported hmac object scheme
was NULL. While allowed, it was inconsistent with other tools
like tpm2_create which set the scheme as hmac->sha256 when
generating a keyedhash object.
- Drop patches already in upstream:
+ 0001-tpm2_checkquote-fix-uninitialized-variable.patch
+ 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch
+ 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch
* Thu Jul 29 2021 Alberto Planas Dominguez <aplanas@suse.com>
- Add 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch to
fix the offset of the read buffer
* Thu Jul 08 2021 Matthias Gerstner <matthias.gerstner@suse.com>
- prepare running the test suite via %check, but leave it commented out,
because it is broken due to LTO linking.
* Mon Jun 28 2021 Fabian Vogt <fvogt@suse.com>
- update to version 5.1.1:
- tpm2_import: fix fixed AES key CVE-2021-3565
- tpm2_import used a fixed AES key for the inner wrapper, which means that
a MITM attack would be able to unwrap the imported key. To fix this,
ensure the key size is 16 bytes or bigger and use OpenSSL to generate a
secure random AES key.
- Avoid pandoc build dependency, use prebuilt man pages everywhere
- Drop 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch, now upstream
- Drop _service, unused
- Drop unused unzip build dependency
- Drop autoreconfigure call, no longer necessary
- Use %autosetup
- Verify tarball signature
- Build against efivar
- Drop %check section, tests weren't built, so that was a noop
* Fri Jun 18 2021 Alberto Planas Dominguez <aplanas@suse.com>
- Add 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch to fix the
tpm2_eventlog command (boo#1187360)
* Thu Jun 17 2021 Alberto Planas Dominguez <aplanas@suse.com>
- Add 0001-tpm2_checkquote-fix-uninitialized-variable.patch for a better
fix of boo#1187316
- Re-enable lto
* Tue Jun 15 2021 Alberto Planas Dominguez <aplanas@suse.com>
- Disable lto to fix tpm2_checkquote error (boo#1187316)
- Update service file to point to the correct revision
* Mon Jun 07 2021 Dominique Leuenberger <dimstar@opensuse.org>
- Do not BuildRequire pandoc on ix86 architectures: the haskell
stack is not supported on intel 32bit archs.
* Fri May 28 2021 Matthias Gerstner <matthias.gerstner@suse.com>
- add 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch: no longer use a
fixed AES key in the context of the tpm2_import command. Fixes CVE-2021-3565
(bsc#1186490).
- drop fix_pie_linking.patch: now contained in upstream tarball
- drop fix_warnings.patch: now contained in upstream tarball
- update to upstream version 5.1:
- Minimum tpm2-tss version dependency bumped to 3.1.0
- Minimum tpm2-abrmd version dependency bumped to 2.4.0
- tss2:
- Support in tools for PolicyRef inclusion in policy search per latest TSS.
- Support to use TPM objects protected by a policy with PolicySigned.
- Enable backward compatibility to old Fapi callback API.
- Fix PCR selection for tss2 quote.
- Support policy signed policies by implementing Fapi_SetSignCB.
- Command/ response parameter support for auditing and pHash policies:
- lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash
- Add support to calculate rphash for tpm2_create, tpm2_activatecredential,
tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps,
tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal
- Add support to calculate cphash for tpm2_changeeps, tpm2_changepps.
- Session-support:
- tpm2_sessionconfig: Add tool to display and configure session attributes.
- tpm2_getrandom: Fix— session input was hardcoded for audit-only
- tpm2_startauthsession: Add option to specify the bind object and its
authorization value.
- tpm2_startauthsession: support for bounded-only session.
- tpm2_startauthsession: support for salted-only session.
- tpm2_startauthsession: add option to specify an hmac session type.
- Add support for specifying non-authorization sessions for audit and
parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend,
tpm2_nvdefine, tpm2_unseal, tpm2_activatecredential, tpm2_certify,
tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps, tpm2_changepps.
- tpm2_eventlog:
- Support for event type: EV_IPL extensively used by the Shim and Grub.
- Support for event type: EV_EFI_GPT_EVENT to parse.
UEFI_PARTITION_TABLE_HEADER and UEFI_PARTITION_ENTRY.
- Support for event type: EFI_SIGNATURE_LIST, which contains one or more
EFI_SIGNATURE_DATA.
- Support for event type EV_EFI_VARIABLE_AUTHORITY.
- Parse UEFI_PLATFORM_FIRMWARE_BLOB structure that the CRTM MUST put into
the Event Log entry TCG_PCR_EVENT2.event field for event types
EV_POST_CODE, EV_S_CRTM_CONTENTS, and EV_EFI_PLATFORM_FIRMWARE_BLOB.
- Parse secureboot variable to indicate enable as 'Yes'.
- Parse BootOrder variable to a more readable format.
- Parse Boot variables per EFI_LOAD_OPTION described in more details in
UEFI Spec Section 3.1.3
- Parse Device-path in a readable format using the efivar library.
- Support for logs longer than 64 kilobytes.
- Perform verification for event types where digest can be verified from
their event payload.
- Better support for multiline strings.
- Fix handling of event log EV_POST_CODE data where field is empty and len
is specified.
- scripts/utils: Add a utility to read the cert chain of embedded CA.
- tpm2_getekcertificate: Fix tool failing to return error/non-zero for HTTP
404.
- tpm2_nvdefine: allow setting hash algorithm by command line parameter for NV
indices set in extend mode.
- tpm2_duplicate, tpm2_import: support duplicating non-TPM keys to a remote
TPM without first requiring them to be loaded to a local TPM.
- tpm2_dictionarylockout: Fix issue where setting value for one parameter
caused to reset the others.
- tpm2_getpolicydigest: Add new tool to enable TPM2_CC_PolicyGetDigest.
- Fix segfault where optind > argc.
- tools/tpm2_checkquote: fix missing initializer
- tpm2_convert: fix EVP_EncodeUpdate usage for OSSL < 1.1.0
- openssl: fix EVP_ENCODE_CTX_(new|free)
- test: Add support for swTPM simulator to the testing framework and make it
the default if mssim isn't available.
- tpm2_unseal:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- tpm2_nvextend:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- tpm2_nvdefine:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- tpm2_changepps:
- Added option **\--cphash**=_FILE_ to specify ile path to record the hash
of the command parameters. This is commonly termed as cpHash.
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- tpm2_changeeps:
- Added option **\--cphash**=_FILE_ to specify ile path to record the hash
of the command parameters. This is commonly termed as cpHash.
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- tpm2_changeauth:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- tpm2_certifycreation:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- tpm2_certify:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- tpm2_activatecredential:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- tpm2_create:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- tpm2_unseal:
- Added option **-S**, **--session** to specify auxiliary sessions for
audit and encryption.
- tpm2_nvdefine:
- Added option **-S**, **--session** to specify auxiliary sessions for
audit and encryption.
- tpm2_nvextend:
- Added option **-S**, **--session** to specify auxilary sessions for
audit and encryption.
* Tue May 04 2021 Matthias Gerstner <matthias.gerstner@suse.com>
- fix `--version` output of tools. Since now autoreconf is called and
configure.ac attempts to fetch the version from git (which we don't have
during building), the version was empty. Fix this by replacing the git
invocation in configure.ac.
* Thu Jan 28 2021 Matthias Gerstner <matthias.gerstner@suse.com>
- add fix_warnings.patch: fixes a couple of build errors resulting from LTO
linking and -Werror.
- add fix_pie_linking.patch: fixes an error in the build system that causes
the tss2 binary to be linked without passed LDFLAGS (like -pie), which
causes the binary not to be position independent.
- update to major version 5.0:
- Non Backwards Compatible Changes
* Default hash algorithm is now sha256. Prior versions claimed sha1, but were
inconsistent in choice. Best practice is to specify the hash algorithm to
avoid surprises.
* tpm2_tools and tss2_tools are now a busybox style commandlet. Ie
tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks
to the old tool names and the tpm2 commandlet will interrogate argv[0] for
the command to run. This will provide backwards compatibility if they are
installed. If you wish to use the old names not installed system wide, set
DESTDIR during install to a separate path and set the proper directory on
PATH.
* tpm2_eventlog's output changed to be YAML compliant. The output before
was intended to be YAML compliant but was never properly checked and
tested.
* umask set to 0117 for all tools.
* tpm2_getekcertificate now outputs the INTC EK certificates in PEM format
by default. In order to output the URL safe variant of base64 encoded
output of the INTC EK certificate use the added option --raw.
- Dependency update
* Update tpm2-tss dependency version to 3.0.1
* Update tpm2-abrmd dependency version to 2.3.3
- New tools and features
* tpm2_zgen2phase: Add new tool to support command TPM2_CC_ZGen_2Phase.
* tpm2_ecdhzgen: Add new tool to support command TPM2_CC_ECDH_ZGen.
* tpm2_ecdhkeygen: Add new tool to support command TPM2_CC_ECDH_KeyGen.
* tpm2_commit: Add new tool to support command TPM2_CC_Commit.
* tpm2_ecephemeral: Add new tool to support command TPM2_CC_EC_Ephemeral.
* tpm2_geteccparameters: Add new tool to support command TPM2_CC_ECC_Parameters.
* tpm2_setcommandauditstatus: Added new tool to support command TPM2_CC_SetCommandCodeAuditStatus.
* tpm2_getcommandauditstatus: Added new tool to support command TPM2_CC_GetCommandAuditDigest.
* tpm2_getsessionauditdigest: Added new tool to support command TPM2_CC_GetSessionAuditDigest.
* tpm2_certifyX509certutil: Added new tool for creating partial x509 certificates required to support
the TPM2_CC_CertifyX509 command.
* tpm2_policysigned:
Added option --cphash-input to specify the command parameter hash
(cpHashA), enforcing the TPM command to be authorized as well as its
handle and parameter values.
* tpm2_createprimary:
Added option to specify the unique data from the stdin by adding
provision for specifying the option value for unique file as -.
* tpm2_startauthsession:
Added new feature/option --audit-session to start an HMAC session to
be used as an audit session.
* tpm2_getrandom:
- Added new feature/option -S, --session to specify a HMAC session
to be used as an audit session. This adds support for auditing the
command using an audit session.
- Added new feature/option --rphash to specify file path to record the
hash of the response parameters. This is commonly termed as rpHash.
- Added new feature/option --cphash to specify a file path to record
the hash of the command parameters. This is commonly termed as cpHash.
NOTE: In absence of --rphash option, when this option is selected,
The tool will not actually execute the command, it simply returns a
cpHash.
* tpm2_getcap: tpm2_getcap was missing raw on a property TPM2_PT_REVISION,
and it should always be specified.
* tpm2_sign:
- Add option --commit-index to specify the commit index to use when
performing an ECDAA signature.
- Add support for ECDAA signature.
* tpm2_getekcertificate:
- Add option --raw to output EK certificate in URL safe variant base64
encoded format. By default it outputs a PEM formatted certificate.
- The tool can now output INTC and non INTC EK certificates from NV
indices specified by the TCG EK profile specification.
* tpm2_activatecredential:
- The secret data input can now be specified as stdin with -s option.
- The public key used for encryption can be specified as -u to make it
similar to rest of the tools specifying a public key. The old -e
option is retained for backwards compatibility.
- Add option to specify the key algorithm when the input public key is in
PEM format using the new option -G, --key-algorithm. Can specify
either RSA/ECC. When this option is used, input public key is expected
to be in PEM format and the default TCG EK template is used for the key
properties.
* tpm2_checkqoute:
- Add EC support.
- Support loading tss signatures.
- Support loading tpm2 pcrread PCR values by specifying the PCR
selection using the new option -l, --pcr-list.
- Added support for automatically detecting the signature format. With
this -F, --format option is retained for backwards compatibility but
it is deprecated.
* tpm2_createak: add option to output qualified name with new option
- q, --ak-qualified-name.
* tpm2_policypcr: Add option for specifying cumulative hash of PCR's as an argument.
* tpm2_readpublic: Add option to output qualified name using the new option
- q, --qualified-name.
* tpm2_print:
- Support printing TPM2B_PUBLIC data structures.
- Support printing TPMT_PUBLIC data structures.
* tpm2_send: Add support for handling sending and receiving command and
response buffer for multiple commands.
* tpm2_verifysignature: Added support for verifying RSA-PSS signatures.
* tpm2_eventlog:
- Add handling of sha1 log format.
- Add fixes for eventlog output to be proper YAML.
- Add support for sha384, sha512, sm3_256 PCR hash algorithms.
- Add support for computing PCR values based on the events.
* tpm2_tools (all):
- Set stdin/stdout to non-buffering.
- Added changes for FreeBSD portability.
- Bug fixes
* Fix printing short options when no ascii character is used.
* OpenSSL: Fix deprecated OpenSSL functions. ECC Functions with suffix
GFp will become deprecated (DEPRECATED_1_2_0).
* tpm2_eventlog: output EV_POST_CODE as string not firmware blob to be
compliant with TCG PC Client FPF section 2.3.4.1 and 9.4.12.3.4.1
* Fix missing handle maps for ESY3 handle breaks. See #1994.
* tpm2_rsaencrypt: fix OAEP RSA encryption failing to invalid hash selection.
* tpm2_rsadecrypt: fix OAEP RSA decryption failing to invalid hash selection.
* tpm2_sign: fix for signing failures with restricted signing keys when
input data to sign is not a digest, rather the full message. The
validation ticket creation process defaults to the owner hierarchy and
so in order to choose other hierarchies the tpm2_hash tool should be
used instead.
* tpm2_print: fix segfault when -t option is omitted by appropriately
warning of the required option.
* tpm2_nvdefine: fix for default size when size is not specified by
invoking TPM2_CC_GetCapability.
* Fix for an issue where the return code for unsupported algorithms was
tool_rc_general instead of tool_rc_unsupported in tpm2_create and
tpm2_createprimary tools.
* Fix for an issue where RSA_PSS signature verification caused failures.
* tpm2_nvreadpublic, tpm2_kdfa, tpm2_checkquote, tpm2_quote:
Fixes for issues with interoperability of the attestation tools between
big and little endian platforms.
* tss2_*:
- Fix bash-completion for tss2_pcrextend and tss2_verifysignature
- Add force option to tss2_list
- Make force option consistent in all fapi tools
- Do not decode non-TPM errors
- Enhance integration tests to test changes of optional/mandatory parameters
- Add --hex parameter to tss2_getrandom
- Fix autocompletion issue
- Switch tss2_* to with-"="-style
- Add size parameter to tss2_createseal
- References to the cryptographic profile (fapi-profile(5)) and config file
- (fapi-config(5)) man pages from all relevant tss2_* man pages.
- Fix policy branch selection menu item from 1 to 0.
- Documentation
* wiki pages have been removed and data has been migrated to
tpm2-software.github.io portal's tutorial section.
* Fix the problem with man and no-man help output for tools were not
correctly displayed.
* man:
- tpm2_create: Correct max seal data size from 256 bytes to 128 bytes.
- tpm2_nvread: Fix manpage example.
- tpm2_nvwrite: Added missing information on how to specify the NV index as
an argument.
- tpm2_unseal: Add end-to-end example.
- tpm2_nvincrement: Fix incorrect commands in example section.
- tpm2_hmac: Fix the example section.
* Thu Oct 22 2020 Matthias Gerstner <matthias.gerstner@suse.com>
- update to version 4.3:
- changes in version 4.3:
- tss2_*: Fix double-free errors in commands asking for password authorization
- tss2_*: Fix shorthand command -f that was falsely requiring an argument
- tss2_*: Update tss2_encrypt to the new FAPI interface
- The argument 'policyPath' is removed which was never read anyway
- tss2_*: Remove the additional '\n' that was appended when redirecting to stdout
- tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec
- tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo
- tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout
- tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec
- tss2_*: Add parameter types to all man page
- tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data
- tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output
- tss2_pcrextend: fix extending PCR 0
- tss2_quote: fix unused TSS2_RC in LOG_ERR
- changes in 4.2.1:
- Fix missing handle maps for ESY3 handle breaks. See #1994.
- Bump ESYS minimum dependency version from 2.3.0 to 2.4.0.
- Fix for loop declarations build error.
- changes in 4.2:
- Fix various issues reported by static analysis tools.
- Add integration test for ECC based getekcertificate.
- Fix for issue #1959 where ARM builds were failing.
- Add a check in autotools to add "expect" as a package dependency for fapi tools.
- tpm2_createek: Drop the unused -p or --ek-auth option
- tpm2_policyor: List of policy files should be specified as an argument
- instead of -l option. The -l option is still retained for backwards
- compatibility. See issue#1894.
- tpm2_eventlog: add a tool for parsing and displaying the event log.
- tpm2_createek: Fix an issue where the template option looked for args
- tpm2_hierarchycontrol: Fixed bug where tool operation failed silently
- tpm2_nvdefine: Fixed an issue where text output suggested failures as passes
- tpm2_certify: Add an example usage in man page
- tpm2_policyor: Fix a bug where tool failed silently when no input were given
- tpm2_getekcertificate: Intel (R) PTT EK cert web portal is set as default address
- tpm2_alg_util.c: Fix a bug where string rsa3072 was not parsed
- .ci/download-deps.sh: Change tss dependency to 2.4.0 to acquire SAPI handles for cpHash calculations
- tpm2_policycphash: Add a tool to implement enhanced authorization with cpHash of a command
- Add options to tools to enable cpHash outputs: tpm2_nvsetbits, tpm2_nvextend,
tpm2_nvincrement, tpm2_nvread, tpm2_nvreadlock, tpm2_writelock, tpm2_nvdefine,
tpm2_nvundefine, tpm2_nvcertify, tpm2_policynv, tpm2_policyauthorizenv,
tpm2_policysecret, tpm2_create, tpm2_load, tpm2_activatecredential, tpm2_unseal,
tpm2_changeauth, tpm2_duplicate, tpm2_import, tpm2_rsadecrypt, tpm2_certify,
tpm2_certifycreation, tpm2_hierarchycontrol, tpm2_setprimarypolicy, tpm2_clearcontrol,
tpm2_dictionarylockout, tpm2_evictcontrol, tpm2_setclock, tpm2_clockrateadjust,
tpm2_clear, tpm2_nvwrite, tpm2_encryptdecrypt, tpm2_hmac.
- tpm2_import: Fix an issue where the imported key always required to have a policy
- tpm2_policysecret: Fix an issue where authorization model was fixed to password only
- Feature API (FAPI) tools added. These additional set of tools implement utilities
- using the FAPI which was added to the tpm2-tss v2.4.4:
tss2_decrypt, tss2_encrypt, tss2_list, tss2_changeauth, tss2_delete,
tss2_import, tss2_getinfo, tss2_createkey, tss2_createseal, tss2_exportkey,
tss2_getcertificate, tss2_getplatformcertificates, tss2_gettpmblobs,
tss2_getappdata, tss2_setappdata, tss2_setcertificate, tss2_sign,
tss2_verifysignature, tss2_verifyquote, tss2_createnv, tss2_nvextend,
tss2_nvincrement, tss2_nvread, tss2_nvsetbits, tss2_nvwrite,
tss2_getdescription, tss2_setdescription, tss2_pcrextend, tss2_quote,
tss2_pcrread, tss2_authorizepolicy, tss2_exportpolicy, tss2_import,
tss2_provision, tss2_getrandom, tss2_unseal, tss2_writeauthorizenv
- tpm2_policycountertimer: Fix an issue where operandB array was reversed causing faulty comparisons.
- changes in 4.1.1:
- tpm2_certify: Fix output of attestation data including size field. Now outputs just bytes.
- tpm2_certifycreation: Fix tool to match manpage where the code had the -C and -c options reversed.
- tpm2_gettime: Fix output of attestation data including size field. Now outputs just bytes.
- tpm2_nvcertify: Fix output of attestation data including size field. Now outputs just bytes.
- tpm2_nvreadpublic: add name hash output.
- tpm2_import: Support object policies when importing raw key material.
- Fix overflow in pcrs.h where sizeof() was used instead of ARRAY_LEN().
- build:
- Fix compilation issue: lib/tpm2_hash.c:17:19: note: 'left' was declared here.
- man:
- Fix manpage examples that have "sha" instead of "sha1"
- tpm2_shutdown manpage was missing, add it to build.
- Fix manpage example for tpm2_createak's tpm2_evictcontrol example.
- Remove fix_bad_bufsize.patch: is now contained in upstream tarball
- Adjust fix_bogus_warning.patch: one hunk no longer applies, upstream code
changed.

Files

/usr/bin/tpm2
/usr/bin/tpm2_activatecredential
/usr/bin/tpm2_certify
/usr/bin/tpm2_certifyX509certutil
/usr/bin/tpm2_certifycreation
/usr/bin/tpm2_changeauth
/usr/bin/tpm2_changeeps
/usr/bin/tpm2_changepps
/usr/bin/tpm2_checkquote
/usr/bin/tpm2_clear
/usr/bin/tpm2_clearcontrol
/usr/bin/tpm2_clockrateadjust
/usr/bin/tpm2_commit
/usr/bin/tpm2_create
/usr/bin/tpm2_createak
/usr/bin/tpm2_createek
/usr/bin/tpm2_createpolicy
/usr/bin/tpm2_createprimary
/usr/bin/tpm2_dictionarylockout
/usr/bin/tpm2_duplicate
/usr/bin/tpm2_ecdhkeygen
/usr/bin/tpm2_ecdhzgen
/usr/bin/tpm2_ecephemeral
/usr/bin/tpm2_encodeobject
/usr/bin/tpm2_encryptdecrypt
/usr/bin/tpm2_eventlog
/usr/bin/tpm2_evictcontrol
/usr/bin/tpm2_flushcontext
/usr/bin/tpm2_getcap
/usr/bin/tpm2_getcommandauditdigest
/usr/bin/tpm2_geteccparameters
/usr/bin/tpm2_getekcertificate
/usr/bin/tpm2_getpolicydigest
/usr/bin/tpm2_getrandom
/usr/bin/tpm2_getsessionauditdigest
/usr/bin/tpm2_gettestresult
/usr/bin/tpm2_gettime
/usr/bin/tpm2_hash
/usr/bin/tpm2_hierarchycontrol
/usr/bin/tpm2_hmac
/usr/bin/tpm2_import
/usr/bin/tpm2_incrementalselftest
/usr/bin/tpm2_load
/usr/bin/tpm2_loadexternal
/usr/bin/tpm2_makecredential
/usr/bin/tpm2_nvcertify
/usr/bin/tpm2_nvdefine
/usr/bin/tpm2_nvextend
/usr/bin/tpm2_nvincrement
/usr/bin/tpm2_nvread
/usr/bin/tpm2_nvreadlock
/usr/bin/tpm2_nvreadpublic
/usr/bin/tpm2_nvsetbits
/usr/bin/tpm2_nvundefine
/usr/bin/tpm2_nvwrite
/usr/bin/tpm2_nvwritelock
/usr/bin/tpm2_pcrallocate
/usr/bin/tpm2_pcrevent
/usr/bin/tpm2_pcrextend
/usr/bin/tpm2_pcrread
/usr/bin/tpm2_pcrreset
/usr/bin/tpm2_policyauthorize
/usr/bin/tpm2_policyauthorizenv
/usr/bin/tpm2_policyauthvalue
/usr/bin/tpm2_policycommandcode
/usr/bin/tpm2_policycountertimer
/usr/bin/tpm2_policycphash
/usr/bin/tpm2_policyduplicationselect
/usr/bin/tpm2_policylocality
/usr/bin/tpm2_policynamehash
/usr/bin/tpm2_policynv
/usr/bin/tpm2_policynvwritten
/usr/bin/tpm2_policyor
/usr/bin/tpm2_policypassword
/usr/bin/tpm2_policypcr
/usr/bin/tpm2_policyrestart
/usr/bin/tpm2_policysecret
/usr/bin/tpm2_policysigned
/usr/bin/tpm2_policytemplate
/usr/bin/tpm2_policyticket
/usr/bin/tpm2_print
/usr/bin/tpm2_quote
/usr/bin/tpm2_rc_decode
/usr/bin/tpm2_readclock
/usr/bin/tpm2_readpublic
/usr/bin/tpm2_rsadecrypt
/usr/bin/tpm2_rsaencrypt
/usr/bin/tpm2_selftest
/usr/bin/tpm2_send
/usr/bin/tpm2_sessionconfig
/usr/bin/tpm2_setclock
/usr/bin/tpm2_setcommandauditstatus
/usr/bin/tpm2_setprimarypolicy
/usr/bin/tpm2_shutdown
/usr/bin/tpm2_sign
/usr/bin/tpm2_startauthsession
/usr/bin/tpm2_startup
/usr/bin/tpm2_stirrandom
/usr/bin/tpm2_testparms
/usr/bin/tpm2_tr_encode
/usr/bin/tpm2_unseal
/usr/bin/tpm2_verifysignature
/usr/bin/tpm2_zgen2phase
/usr/bin/tss2
/usr/bin/tss2_authorizepolicy
/usr/bin/tss2_changeauth
/usr/bin/tss2_createkey
/usr/bin/tss2_createnv
/usr/bin/tss2_createseal
/usr/bin/tss2_decrypt
/usr/bin/tss2_delete
/usr/bin/tss2_encrypt
/usr/bin/tss2_exportkey
/usr/bin/tss2_exportpolicy
/usr/bin/tss2_getappdata
/usr/bin/tss2_getcertificate
/usr/bin/tss2_getdescription
/usr/bin/tss2_getinfo
/usr/bin/tss2_getplatformcertificates
/usr/bin/tss2_getrandom
/usr/bin/tss2_gettpm2object
/usr/bin/tss2_gettpmblobs
/usr/bin/tss2_import
/usr/bin/tss2_list
/usr/bin/tss2_nvextend
/usr/bin/tss2_nvincrement
/usr/bin/tss2_nvread
/usr/bin/tss2_nvsetbits
/usr/bin/tss2_nvwrite
/usr/bin/tss2_pcrextend
/usr/bin/tss2_pcrread
/usr/bin/tss2_provision
/usr/bin/tss2_quote
/usr/bin/tss2_setappdata
/usr/bin/tss2_setcertificate
/usr/bin/tss2_setdescription
/usr/bin/tss2_sign
/usr/bin/tss2_unseal
/usr/bin/tss2_verifyquote
/usr/bin/tss2_verifysignature
/usr/bin/tss2_writeauthorizenv
/usr/share/bash-completion
/usr/share/bash-completion/completions
/usr/share/bash-completion/completions/tpm2
/usr/share/bash-completion/completions/tpm2_completion.bash
/usr/share/bash-completion/completions/tss2
/usr/share/bash-completion/completions/tss2_authorizepolicy
/usr/share/bash-completion/completions/tss2_changeauth
/usr/share/bash-completion/completions/tss2_createkey
/usr/share/bash-completion/completions/tss2_createnv
/usr/share/bash-completion/completions/tss2_createseal
/usr/share/bash-completion/completions/tss2_decrypt
/usr/share/bash-completion/completions/tss2_delete
/usr/share/bash-completion/completions/tss2_encrypt
/usr/share/bash-completion/completions/tss2_exportkey
/usr/share/bash-completion/completions/tss2_exportpolicy
/usr/share/bash-completion/completions/tss2_getappdata
/usr/share/bash-completion/completions/tss2_getcertificate
/usr/share/bash-completion/completions/tss2_getdescription
/usr/share/bash-completion/completions/tss2_getinfo
/usr/share/bash-completion/completions/tss2_getplatformcertificates
/usr/share/bash-completion/completions/tss2_getrandom
/usr/share/bash-completion/completions/tss2_gettpm2object
/usr/share/bash-completion/completions/tss2_gettpmblobs
/usr/share/bash-completion/completions/tss2_import
/usr/share/bash-completion/completions/tss2_list
/usr/share/bash-completion/completions/tss2_nvextend
/usr/share/bash-completion/completions/tss2_nvincrement
/usr/share/bash-completion/completions/tss2_nvread
/usr/share/bash-completion/completions/tss2_nvsetbits
/usr/share/bash-completion/completions/tss2_nvwrite
/usr/share/bash-completion/completions/tss2_pcrextend
/usr/share/bash-completion/completions/tss2_pcrread
/usr/share/bash-completion/completions/tss2_provision
/usr/share/bash-completion/completions/tss2_quote
/usr/share/bash-completion/completions/tss2_setappdata
/usr/share/bash-completion/completions/tss2_setcertificate
/usr/share/bash-completion/completions/tss2_setdescription
/usr/share/bash-completion/completions/tss2_sign
/usr/share/bash-completion/completions/tss2_unseal
/usr/share/bash-completion/completions/tss2_verifyquote
/usr/share/bash-completion/completions/tss2_verifysignature
/usr/share/bash-completion/completions/tss2_writeauthorizenv
/usr/share/doc/packages/tpm2.0-tools
/usr/share/doc/packages/tpm2.0-tools/CHANGELOG.md
/usr/share/doc/packages/tpm2.0-tools/README.md
/usr/share/licenses/tpm2.0-tools
/usr/share/licenses/tpm2.0-tools/LICENSE
/usr/share/man/man1/tpm2.1.gz
/usr/share/man/man1/tpm2_activatecredential.1.gz
/usr/share/man/man1/tpm2_certify.1.gz
/usr/share/man/man1/tpm2_certifyX509certutil.1.gz
/usr/share/man/man1/tpm2_certifycreation.1.gz
/usr/share/man/man1/tpm2_changeauth.1.gz
/usr/share/man/man1/tpm2_changeeps.1.gz
/usr/share/man/man1/tpm2_changepps.1.gz
/usr/share/man/man1/tpm2_checkquote.1.gz
/usr/share/man/man1/tpm2_clear.1.gz
/usr/share/man/man1/tpm2_clearcontrol.1.gz
/usr/share/man/man1/tpm2_clockrateadjust.1.gz
/usr/share/man/man1/tpm2_commit.1.gz
/usr/share/man/man1/tpm2_create.1.gz
/usr/share/man/man1/tpm2_createak.1.gz
/usr/share/man/man1/tpm2_createek.1.gz
/usr/share/man/man1/tpm2_createpolicy.1.gz
/usr/share/man/man1/tpm2_createprimary.1.gz
/usr/share/man/man1/tpm2_dictionarylockout.1.gz
/usr/share/man/man1/tpm2_duplicate.1.gz
/usr/share/man/man1/tpm2_ecdhkeygen.1.gz
/usr/share/man/man1/tpm2_ecdhzgen.1.gz
/usr/share/man/man1/tpm2_ecephemeral.1.gz
/usr/share/man/man1/tpm2_encodeobject.1.gz
/usr/share/man/man1/tpm2_encryptdecrypt.1.gz
/usr/share/man/man1/tpm2_eventlog.1.gz
/usr/share/man/man1/tpm2_evictcontrol.1.gz
/usr/share/man/man1/tpm2_flushcontext.1.gz
/usr/share/man/man1/tpm2_getcap.1.gz
/usr/share/man/man1/tpm2_getcommandauditdigest.1.gz
/usr/share/man/man1/tpm2_geteccparameters.1.gz
/usr/share/man/man1/tpm2_getekcertificate.1.gz
/usr/share/man/man1/tpm2_getpolicydigest.1.gz
/usr/share/man/man1/tpm2_getrandom.1.gz
/usr/share/man/man1/tpm2_getsessionauditdigest.1.gz
/usr/share/man/man1/tpm2_gettestresult.1.gz
/usr/share/man/man1/tpm2_gettime.1.gz
/usr/share/man/man1/tpm2_hash.1.gz
/usr/share/man/man1/tpm2_hierarchycontrol.1.gz
/usr/share/man/man1/tpm2_hmac.1.gz
/usr/share/man/man1/tpm2_import.1.gz
/usr/share/man/man1/tpm2_incrementalselftest.1.gz
/usr/share/man/man1/tpm2_load.1.gz
/usr/share/man/man1/tpm2_loadexternal.1.gz
/usr/share/man/man1/tpm2_makecredential.1.gz
/usr/share/man/man1/tpm2_nvcertify.1.gz
/usr/share/man/man1/tpm2_nvdefine.1.gz
/usr/share/man/man1/tpm2_nvextend.1.gz
/usr/share/man/man1/tpm2_nvincrement.1.gz
/usr/share/man/man1/tpm2_nvread.1.gz
/usr/share/man/man1/tpm2_nvreadlock.1.gz
/usr/share/man/man1/tpm2_nvreadpublic.1.gz
/usr/share/man/man1/tpm2_nvsetbits.1.gz
/usr/share/man/man1/tpm2_nvundefine.1.gz
/usr/share/man/man1/tpm2_nvwrite.1.gz
/usr/share/man/man1/tpm2_nvwritelock.1.gz
/usr/share/man/man1/tpm2_pcrallocate.1.gz
/usr/share/man/man1/tpm2_pcrevent.1.gz
/usr/share/man/man1/tpm2_pcrextend.1.gz
/usr/share/man/man1/tpm2_pcrread.1.gz
/usr/share/man/man1/tpm2_pcrreset.1.gz
/usr/share/man/man1/tpm2_policyauthorize.1.gz
/usr/share/man/man1/tpm2_policyauthorizenv.1.gz
/usr/share/man/man1/tpm2_policyauthvalue.1.gz
/usr/share/man/man1/tpm2_policycommandcode.1.gz
/usr/share/man/man1/tpm2_policycountertimer.1.gz
/usr/share/man/man1/tpm2_policycphash.1.gz
/usr/share/man/man1/tpm2_policyduplicationselect.1.gz
/usr/share/man/man1/tpm2_policylocality.1.gz
/usr/share/man/man1/tpm2_policynamehash.1.gz
/usr/share/man/man1/tpm2_policynv.1.gz
/usr/share/man/man1/tpm2_policynvwritten.1.gz
/usr/share/man/man1/tpm2_policyor.1.gz
/usr/share/man/man1/tpm2_policypassword.1.gz
/usr/share/man/man1/tpm2_policypcr.1.gz
/usr/share/man/man1/tpm2_policyrestart.1.gz
/usr/share/man/man1/tpm2_policysecret.1.gz
/usr/share/man/man1/tpm2_policysigned.1.gz
/usr/share/man/man1/tpm2_policytemplate.1.gz
/usr/share/man/man1/tpm2_policyticket.1.gz
/usr/share/man/man1/tpm2_print.1.gz
/usr/share/man/man1/tpm2_quote.1.gz
/usr/share/man/man1/tpm2_rc_decode.1.gz
/usr/share/man/man1/tpm2_readclock.1.gz
/usr/share/man/man1/tpm2_readpublic.1.gz
/usr/share/man/man1/tpm2_rsadecrypt.1.gz
/usr/share/man/man1/tpm2_rsaencrypt.1.gz
/usr/share/man/man1/tpm2_selftest.1.gz
/usr/share/man/man1/tpm2_send.1.gz
/usr/share/man/man1/tpm2_sessionconfig.1.gz
/usr/share/man/man1/tpm2_setclock.1.gz
/usr/share/man/man1/tpm2_setcommandauditstatus.1.gz
/usr/share/man/man1/tpm2_setprimarypolicy.1.gz
/usr/share/man/man1/tpm2_shutdown.1.gz
/usr/share/man/man1/tpm2_sign.1.gz
/usr/share/man/man1/tpm2_startauthsession.1.gz
/usr/share/man/man1/tpm2_startup.1.gz
/usr/share/man/man1/tpm2_stirrandom.1.gz
/usr/share/man/man1/tpm2_testparms.1.gz
/usr/share/man/man1/tpm2_tr_encode.1.gz
/usr/share/man/man1/tpm2_unseal.1.gz
/usr/share/man/man1/tpm2_verifysignature.1.gz
/usr/share/man/man1/tpm2_zgen2phase.1.gz
/usr/share/man/man1/tss2_authorizepolicy.1.gz
/usr/share/man/man1/tss2_changeauth.1.gz
/usr/share/man/man1/tss2_createkey.1.gz
/usr/share/man/man1/tss2_createnv.1.gz
/usr/share/man/man1/tss2_createseal.1.gz
/usr/share/man/man1/tss2_decrypt.1.gz
/usr/share/man/man1/tss2_delete.1.gz
/usr/share/man/man1/tss2_encrypt.1.gz
/usr/share/man/man1/tss2_exportkey.1.gz
/usr/share/man/man1/tss2_exportpolicy.1.gz
/usr/share/man/man1/tss2_getappdata.1.gz
/usr/share/man/man1/tss2_getcertificate.1.gz
/usr/share/man/man1/tss2_getdescription.1.gz
/usr/share/man/man1/tss2_getinfo.1.gz
/usr/share/man/man1/tss2_getplatformcertificates.1.gz
/usr/share/man/man1/tss2_getrandom.1.gz
/usr/share/man/man1/tss2_gettpm2object.1.gz
/usr/share/man/man1/tss2_gettpmblobs.1.gz
/usr/share/man/man1/tss2_import.1.gz
/usr/share/man/man1/tss2_list.1.gz
/usr/share/man/man1/tss2_nvextend.1.gz
/usr/share/man/man1/tss2_nvincrement.1.gz
/usr/share/man/man1/tss2_nvread.1.gz
/usr/share/man/man1/tss2_nvsetbits.1.gz
/usr/share/man/man1/tss2_nvwrite.1.gz
/usr/share/man/man1/tss2_pcrextend.1.gz
/usr/share/man/man1/tss2_pcrread.1.gz
/usr/share/man/man1/tss2_provision.1.gz
/usr/share/man/man1/tss2_quote.1.gz
/usr/share/man/man1/tss2_setappdata.1.gz
/usr/share/man/man1/tss2_setcertificate.1.gz
/usr/share/man/man1/tss2_setdescription.1.gz
/usr/share/man/man1/tss2_sign.1.gz
/usr/share/man/man1/tss2_unseal.1.gz
/usr/share/man/man1/tss2_verifyquote.1.gz
/usr/share/man/man1/tss2_verifysignature.1.gz
/usr/share/man/man1/tss2_writeauthorizenv.1.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 9 12:50:11 2024

tpm2.0-tools-5.6-1.1 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Provides

Requires

License

Changelog

Files