|
1 | 1 | ## Changelog |
2 | 2 |
|
3 | 3 | ### next |
4 | | - * tpm2_nvextend: |
5 | | - - Added option **\-n**, **\--name** to specify the name of the nvindex in |
6 | | - hex bytes. This is used when cpHash ought to be calculated without |
7 | | - dispatching the TPM2_NV_Extend command to the TPM. |
8 | | - * tpm2_nvread: |
9 | | - - Added option **\--rphash**=_FILE_ to specify ile path to record the hash |
10 | | - of the response parameters. This is commonly termed as rpHash. |
11 | | - - Added option **\-n**, **\--name** to specify the name of the nvindex in |
12 | | - hex bytes. This is used when cpHash ought to be calculated without |
13 | | - dispatching the TPM2_NVRead command to the TPM. |
14 | | - - Added option **-S**, **\--session** to specify to specify an auxiliary |
15 | | - session for auditing and or encryption/decryption of the parameters. |
16 | | - * tpm2_nvsetbits: |
17 | | - - Added option **\--rphash**=_FILE_ to specify file path to record the hash |
18 | | - of the response parameters. This is commonly termed as rpHash. |
19 | | - - Added option **-S**, **\--session** to specify to specify an auxiliary |
20 | | - session for auditing and or encryption/decryption of the parameters. |
21 | | - - Added option **\-n**, **\--name** to specify the name of the nvindex in |
22 | | - hex bytes. This is used when cpHash ought to be calculated without |
23 | | - dispatching the TPM2_NV_SetBits command to the TPM. |
24 | | - * tpm2_createprimary: Support outputing public key at creation time in various |
25 | | - public key formats. |
26 | | - * tpm2_create: Support outputing public key at creation time in various |
27 | | - public key formats. |
28 | | - * tpm2_print: Support outputing public key in various public key formats over |
29 | | - the default YAML output. Supports taking `-u` output from `tpm2_create` and |
30 | | - converting it to a PEM or DER file format. |
31 | | - * tools: Enhance error message on invalid passwords when sessions cannot |
32 | | - be used. |
33 | | - * openssl: |
34 | | - - Dropped support for OpenSSL < 1.1.0 |
| 4 | + |
| 5 | +* tpm2_nvextend: |
| 6 | + |
| 7 | + * Added option -n, --name to specify the name of the nvindex in hex bytes. |
| 8 | + This is used when cpHash ought to be calculated without dispatching the |
| 9 | + TPM2_NV_Extend command to the TPM. |
| 10 | + |
| 11 | +* tpm2_nvread: |
| 12 | + |
| 13 | + * Added option **\--rphash**=_FILE_ to specify ile path to record the hash |
| 14 | + of the response parameters. This is commonly termed as rpHash. |
| 15 | + * Added option **\-n**, **\--name** to specify the name of the nvindex in |
| 16 | + hex bytes. This is used when cpHash ought to be calculated without |
| 17 | + dispatching the TPM2_NVRead command to the TPM. |
| 18 | + * Added option **-S**, **\--session** to specify to specify an auxiliary |
| 19 | + session for auditing and or encryption/decryption of the parameters. |
| 20 | + |
| 21 | +* tpm2_nvsetbits: |
| 22 | + |
| 23 | + * Added option **\--rphash**=_FILE_ to specify file path to record the hash |
| 24 | + of the response parameters. This is commonly termed as rpHash. |
| 25 | + * Added option **-S**, **\--session** to specify to specify an auxiliary |
| 26 | + session for auditing and or encryption/decryption of the parameters. |
| 27 | + * Added option **\-n**, **\--name** to specify the name of the nvindex in |
| 28 | + hex bytes. This is used when cpHash ought to be calculated without |
| 29 | + dispatching the TPM2_NV_SetBits command to the TPM. |
| 30 | + |
| 31 | +* tpm2_createprimary: |
| 32 | + |
| 33 | + * Support public-key output at creation time in various public-key formats. |
| 34 | + |
| 35 | +* tpm2_create: |
| 36 | + |
| 37 | + * Support public-key output at creation time in various public-key formats. |
| 38 | + |
| 39 | +* tpm2_print: |
| 40 | + |
| 41 | + * Support outputing public key in various public key formats over the default |
| 42 | + YAML output. Supports taking `-u` output from `tpm2_create` and converting |
| 43 | + it to a PEM or DER file format. |
| 44 | + |
| 45 | +* tpm2_import: |
| 46 | + |
| 47 | + * Add support for importing keys with sealed-data-blobs. |
| 48 | + |
| 49 | +* tpm2_rsaencrypt, tpm2_rsadecrypt: |
| 50 | + |
| 51 | + * Add support for specifying the hash algorithm with oaep. |
| 52 | + |
| 53 | +* tpm2_pcrread, tpm2_quote: |
| 54 | + |
| 55 | + * Add option **-F**, **\--pcrs_format** to specify PCR format selection for |
| 56 | + the binary blob in the PCR output file. 'values' will output a binary blob |
| 57 | + of the PCR values. 'serialized' will output a binary blob of the PCR |
| 58 | + values in the form of serialized data structure in little endian format. |
| 59 | + |
| 60 | +* tpm2_eventlog: |
| 61 | + |
| 62 | + * Add support for decoding StartupLocality. |
| 63 | + * Add support for printing the partition information. |
| 64 | + * Add support for reading eventlogs longer than 64kb including from |
| 65 | + /sys/kernel/security/tpm0/binary_bios-measurements. |
| 66 | + |
| 67 | +* tpm2_duplicate: |
| 68 | + |
| 69 | + * Add option **-L**, **\--policy** to specify an authorization policy to be |
| 70 | + associated with the duplicated object. |
| 71 | + * Added support for external key duplication without needing the TCTI. |
| 72 | + |
| 73 | +* tools: |
| 74 | + |
| 75 | + * Enhance error message on invalid passwords when sessions cannot be used. |
| 76 | + |
| 77 | +* lib/tpm2_options: |
| 78 | + |
| 79 | + * Add option to specify fake tcti which is required in cases where sapi ctx |
| 80 | + is required to be initialized for retrieving command parameters without |
| 81 | + invoking the tcti to talk to the TPM. |
| 82 | + |
| 83 | +* openssl: |
| 84 | + |
| 85 | + * Dropped support for OpenSSL < 1.1.0 |
| 86 | + * Add support for OpenSSL 3.0.0 |
| 87 | + |
| 88 | +* Support added to make the repository documentation and man pages available |
| 89 | + live on readthedocs. |
| 90 | + |
| 91 | +* Bug-fixes: |
| 92 | + |
| 93 | + * tpm2_import: Don't allow setting passwords for imported object with -p |
| 94 | + option as the tool doesn't modify the TPM2B_SENSITIVE structure. Added |
| 95 | + appropriate logging to indicate using **tpm2_changeauth** after import. |
| 96 | + |
| 97 | + * lib/tpm2_util.c: The function to calculate pHash algorithm returned error |
| 98 | + when input session is a password session and the only session in the command. |
| 99 | + |
| 100 | + * lib/tpm2_alg_util.c: Fix an error where oaep was parsed under ECC. |
| 101 | + |
| 102 | + * tpm2_sign: Fix segfaults when tool does not find TPM resources (TPM or RM). |
| 103 | + |
| 104 | + * tpm2_makecredential: Fix an issue where reading input from stdin could |
| 105 | + result in unsupported data size larger than the largest digest size. |
| 106 | + |
| 107 | + * tpm2_loadexternal: Fix an issue where restricted attribute could not be set. |
| 108 | + |
| 109 | + * lib/tpm2_nv_util.h: The NV index size is dependent on different data sets |
| 110 | + read from the GetCapability structures because there is a dependency on the |
| 111 | + NV operation type: Define vs Read vs Write vs Extend. Fix a sane default in |
| 112 | + the case where GetCapability fails or fails to report the specific property/ |
| 113 | + data set. This is especially true because some properties are TPM |
| 114 | + implementation dependent. |
| 115 | + |
| 116 | + * tpm2_createpolicy: Fix an issue where tool exited silently without reporting |
| 117 | + an error if wrong pcr string is specified. |
| 118 | + |
| 119 | + * lib/tpm2_alg_util: add error message on public init to prevent tools from |
| 120 | + dying silently, add an error message. |
| 121 | + |
| 122 | + * tpm2_import: fix an issue where an imported hmac object scheme was NULL. |
| 123 | + While allowed, it was inconsistent with other tools like tpm2_create which |
| 124 | + set the scheme as hmac->sha256 when generating a keyedhash object. |
35 | 125 |
|
36 | 126 | ### 5.1.1 2021-06-21 |
37 | 127 |
|
|
0 commit comments