Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

tpm2.0-abrmd-3.0.0-160000.2.2 RPM for ppc64le

From OpenSuSE Leap 16.0 for ppc64le

Name: tpm2.0-abrmd Distribution: SUSE Linux 16
Version: 3.0.0 Vendor: SUSE LLC <https://www.suse.com/>
Release: 160000.2.2 Build date: Wed Mar 26 12:06:46 2025
Group: Productivity/Security Build host: reproducible
Size: 241524 Source RPM: tpm2.0-abrmd-3.0.0-160000.2.2.src.rpm
Packager: https://www.suse.com/
Url: https://github.com/tpm2-software/tpm2-abrmd
Summary: Intel's TCG Software Stack Access Broker & Resource Manager for TPM 2.0 chips
 
The tpm2.0-abrmd package provides the TPM2 Access Broker & Resource Manager.
This is a daemon service that coordinates requests to the TPM2 chip via
Intel's TPM 2.0 software stack.

Provides

Requires

License

BSD-2-Clause

Changelog

* Wed Mar 26 2025 matthias.gerstner@suse.com
  - also enable SELinux features for SLE-16 (bsc#1240070). On SLE-16 abrmd does
    not work, because the SELinux configuration is missing and thus its
    operations are denied. Include SLE-16 to fix this.
* Wed Jan 22 2025 dimstar@opensuse.org
  - Drop rcFOO symlinks for CODE16 (PED-266).
* Tue Aug 13 2024 cathy.hu@suse.com
  - Fix SELinux sbin/bin merge (bsc#1229047)
    1229047-fix-bin-sbin-selinux.patch
    Can be dropped once https://github.com/tpm2-software/tpm2-abrmd/pull/846
    is merged upstream
* Thu Aug 01 2024 jsegitz@suse.com
  - Update harden_tpm2-abrmd.service.patch to contain necessary SELinux
    changes (bsc#1209831)
* Tue May 23 2023 aplanas@suse.com
  - Cover ALP via the %{suse_version} macro
* Thu Dec 08 2022 aplanas@suse.com
  - Version 3.0.0
    + Fixed
    * A bug in special command processing in TPM2_GetCapability when
      an audit session is in use cuased tpm2-abrmd to abort.
    + Added
    * New SELinux interfaces for communication with keylime
    + Changed
    * DBUS permissions in tpm2-abrmd.conf to match the in-kernel RM,
      ie /dev/tpmrm0, permissions. Now users MUST be in the tss group
      to send to tpm2-abrmd over DBUS.
  - Drop dbus-access.patch (merged in PR#805)
* Fri Jul 08 2022 aplanas@suse.com
  - Version 2.4.1
    + Added
      Contributor Covenant Code of Conduct.
    + Fixed
    * superflous warning messages about tcti status.
      WARNING **: 11:00:56.205: tcti_conf before: "(null)"
      WARNING **: 11:00:56.205: tcti_conf after: "mssim"
    * GCC 11 build error: error: argument 2 of __atomic_load’ discards
      'volatile' qualifier
    * Initialize gerror pointer variable to NULL to fix use of
      unitialized memory and segfault.
    * Updated missing defaults in manpage.
    * Port CI to composite actions in tpm2-software/ci.
    + Removed
      Dependency on 'which' utility in configure.ac.
      ubuntu-16.04 from CI.
* Mon Apr 04 2022 matthias.gerstner@suse.com
  - dbus-access.patch: restrict D-Bus access to tpm2-abrmd to members of the tss
    group (bsc#1197532). This prevents arbitrary users from meddling with TPM
    state and thus potential denial-of-service vectors.
* Wed Dec 08 2021 aplanas@suse.com
  - Version 2.4.0
    + remover syslog deprecation warning (bsc#1185154)
    + cover update to 2.3.3 (jsc#SLE-17366)
    + contains reload fix (bsc#1166936)
    + fix tcti loading using short / long names (bsc#1159176)
* Mon Nov 29 2021 aplanas@suse.com
  - Warp selinux into a bcond
* Thu Nov 25 2021 jsegitz@suse.com
  - Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
    * harden_tpm2-abrmd.service.patch
* Sat Jul 17 2021 gmbr3@opensuse.org
  - Move selinux devel file to devel subpackage
* Wed Jul 14 2021 gmbr3@opensuse.org
  - Update to version 2.4.0:
    - Service start depends on systemd device unit: dev-tpm0.device.
    - Numerous memory leaks.
    - udev settle service deprecation warnings.
    - StandardOutput=syslog deprecation warnings.
  - Add selinux module files
  - Move dbus files out of /etc
* Wed Jun 09 2021 aplanas@suse.com
  - Requires libtss2-tcti-{device0,tabrmd0} (bsc#1187077).
    In MicroOS systems the recommendations are not installed, making the
    service fail to initialize: Failed to instantiate TCTI
* Thu Oct 22 2020 matthias.gerstner@suse.com
  - update to version 2.3.3:
    - changes in version 2.3.1:
    - Fixed handle resource leak exhausting TPM resources.
    - changes in version 2.3.2:
    - Added cirrus CI specific config files to enable FreeBSD builds.
    - Changed test scripts to be more portable.
    - Changed include header paths specific to FreeBSD.
    - changes in version 2.3.1:
    - Provide meaningful exit codes on initialization failures.
    - Prevent systemd from starting the daemon before udev changes ownership
      of the TPM device node.
    - Prevent systemd from starting the daemon if there is no TPM device node.
    - Prevent systemd from restarting the daemon if it fails.
    - Add SELinux policy to allow daemon to resolve names.
    - Add SELinux policy boolean (disabled by default) to allow daemon to
      connect to all unreserved ports.
* Wed Dec 11 2019 matthias.gerstner@suse.com
  - update to version 2.3.0:
    - changes in version 2.3.0:
    - Add '--enable-debug' flag to configure script to simplify debug builds.
      This relies on the AX_CHECK_ENABLE_DEBUG autoconf archive macro.
    - Replaced custom dynamic TCTI loading code with libtss2-tctildr from
      upstream tpm2-tss repo. (requires tpm2-0-tss version 2.3.0)
    - Explicitly set '-O2' optimization when using FORTIFY_SOURCE as required.
    - changes in version 2.2.0:
    - New configuration option `--disable-defaultflags/ added. This is
      for use for packaging for targets that do not support the default
      compilation / linking flags.
    - Use private dependencies properly in pkg-config metadata for TCTI.
    - Refactor daemon main module to enable better handling of error
      conditions and enable more thorough unit testing.
    - Updated dependencies to ensure compatibility with pkg-config fixes
      in tpm2-tss.
    - Fixed bug causing TCTI to block when used by libtss2-sys built with
      partial reads enabled.
    - Removed unnecessary libs / flags for pthreads in the TCTI pkg-config.
    - Output from configure script now accurately describes the state of the
      flags that govern the integration tests.
  - drop fix_dlopen.patch: no longer necessary since abrmd not uses the tctildr
    shared library. This one hopefully now does the right thing.
* Mon Aug 26 2019 matthias.gerstner@suse.com
  - update to version 2.1.1:
    - changes in version 2.1.1:
    - Unit tests accessing dbus have been fixed to use mock functions. Unit
      tests no longer depend on dbus.
    - Race condition between client connections and dbus proxy object
      creation by registering bus name after instantiation of the proxy object.
* Fri Apr 26 2019 mvetter@suse.com
  - bsc#1130588: Require shadow instead of old pwdutils
* Wed Mar 06 2019 matthias.gerstner@suse.com
  - update to version 2.1.0:
    - changes in version 2.1.0:
    - `-Wstrict-overflow=5` now used in default CFLAGS.
    - Handling of `TPM2_RC_CONTEXT_GAP` on behalf of users.
    - Convert `TPM2_PT_CONTEXT_GAP_MAX` response from lower layer to
      `UINT32_MAX`
    - travis-ci now uses 'xenial' builder
    - Significant refactoring of TCTI handling code.
    - `--install` added to ACLOCAL_AMFLAGS to install aclocal required macros
      instead of using the default symlinks
    - Launch `dbus-run-session` in the automake test environment to
      automagically set up a dbus session bus instance when one isn't present.
    - Bug caused by unloading of `libtss2-tcti-tabrmd.so` on dlclose. GLib
      does not support reloading a second time.
    - Bug causing `-fstack-protector-all` to be used on systems with core
      libraries (i.e. libc) that do not support it. This caused failures at
      link-time.
    - Unnecessary symbols from libtest utility library no longer included in
      TCTI library.
    - changes  in version 2.0.3:
    - Update build to account for upstream change to glib '.pc' files
      described in: https://gitlab.gnome.org/GNOME/glib/issues/1521
  - added _service file for syncing with upstream tags
* Thu Oct 25 2018 matthias.gerstner@suse.com
  - add a Requires towards tpm2-0-tss, because that main package holds the udev
    rules and logic for setting up the tss user. Without this the daemon can't
    start up correctly.
* Tue Oct 23 2018 matthias.gerstner@suse.com
  - fix broken build due to newer glib dependency that reports a full path for
    gdbus-codegen, breaking the configure check.
* Wed Sep 26 2018 matthias.gerstner@suse.com
  - update to version 2.0.2 (FATE#326270):
    - --enable-integration option to configure script now works as documented.
    - Format specifier with wrong size in util module.
    - Initialize TCTI context to 0 before setting values. This will cause all
      members that aren't explicitly initialized by be 0.
* Tue Sep 18 2018 matthias.gerstner@suse.com
  - add recommends to the tcti-device and tcti-abrmd. Otherwise they're not
    installed right away, rendering the abrmd quite unusable.
* Fri Aug 10 2018 matthias.gerstner@suse.com
  - Update to version 2.0.1:
    * SessionList: Fix Connection object reference leak.
    * source/sink: Organize ControlMessage processing.
    * CommandSource: Replace 'connection-removed' signal with ControlMessage.
    * SessionList: Remove all locking.
    * ConnectionManager: Remove 'connection-removed' signal.
    * ci: Build 'check' target when CC is gcc.
    * build: Fix bad URLs in configure script.
    * CHANGELOG.md: Add version number and date for 2.0.1 release.
    * Replace references to drand48_r family of functions for portability
    * Fix for type-punned pointer reported in newer compilers that enforce strict aliasing
* Tue Jul 03 2018 matthias.gerstner@suse.com
  - Trying to fix build on older distros that fail because of a missing or
    broken autoconf valgrind detection macro. Removing  autoreconf to hopefully
    fix this.
* Mon Jul 02 2018 matthias.gerstner@suse.com
  - add fix_dlopen.patch: fixes an issue with dlopen()'ing the tcti-device
    library from tpm2-0-tss. See
    https://github.com/tpm2-software/tpm2-abrmd/issues/486.
* Fri Jun 29 2018 matthias.gerstner@suse.com
  - update to major version 2.0.0:
    - support_dbus_activation.diff: removed, is not contained upstream
    - the tpm2 stack introduces an incompatible ABI to the previous version with
      this update. There is no compatibility layer, libraries have new names
    etc.
    - upstream changelog:
      [#]# 2.0.0 - 2018-06-22
      [#]## Added
    - Integration test script and build support to execute integration tests
      against a physical TPM2 device on the build platform.
    - Implementation of dynamic TCTI initialization mechanism.
    - configure option `--enable-integration` to enable integration tests.
      The simulator executable must be on PATH.
    - Support for version 2.0 of tpm2-tss libraries.
      [#]## Changed
    - 'max-transient-objects' command line option renamted to 'max-transients'.
    - Added -Wextra for more strict checks at compile time.
    - Install location of headers to $(includedir)/tss2.
      [#]## Fixed
    - Added missing checks for NULL parameters identified by the check-build.
    - Bug in session continuation logic.
    - Off by one error in HandleMap.
    - Memory leak and uninitialized variable issues in unit tests.
      [#]## Removed
    - Command line option --fail-on-loaded-trans.
    - udev rules for TPM device node. This now lives in the tpm2-tss repo.
    - Remove legacy TCTI initialization functions.
    - configure option `--with-simulatorbin`.
      [#]# 1.3.1 - 2018-03-18
      [#]## Fixed
    - Distribute systemd preset template instead of the generated file.
      [#]# 1.3.0 - 2018-03-02
      [#]## Added
    - New configure option (--test-hwtpm) to run integration tests against a
      physical TPM2 device on the build platform.
    - Install systemd service file to allow on-demand systemd unit activation.
      [#]## Changed
    - Converted some inappropriate uses of g_error to critical / warning instead.
    - Removed use of gen_require from SELinux policy, use dbus_stub instead.
    - udev rules now give tss group read / write access to the TPM device node.
    - udev rules now give tss user and group read / write access to kernel RM
      node.
      [#]## Fixed
    - Memory leak on an error path in the AccessBroker.
* Thu Feb 22 2018 matthias.gerstner@suse.com
  - update to upstream version 1.2.0:
    - Limit maximum number of active sessions per connection with '--max-sessions'.
    - Flush all transient objects and sessions on daemon start with '--flush-all'.
    - Allow passing of sessions across connections with ContextSave / Load.
    - Unref the GUnixFDList returned by GIO / dbus in the TCTI init function.
      This fixes a memory leak in the TCTI library.
  - correctly trigger udev to update /dev/tpm* permissions after package
    installation. (bnc#1078687)
  - prepared support_dbus_activation.diff patch which adds D-Bus activation, but
    can't use it yet due to rpmlint
* Wed Nov 15 2017 matthias.gerstner@suse.com
  - fix_service_paths.diff: fixed broken systemd service unit (bnc#1066123). the
    service unit file in the upstream distribution tarball is already configured
    and looks for binaries and configuration files in the /usr/local prefix
    which is wrong.
* Fri Sep 01 2017 matthias.gerstner@suse.com
  - package version symlink correctly, belongs into the lib package itself, not
    the -devel.
* Wed Aug 30 2017 matthias.gerstner@suse.com
  - update to upstream version 1.1.1 which fixes some local denial-of-service
    security issues among other things:
    - Replace use of sigaction with g_unix_signal_* stuff from glib.
    - Rewrite of INSTALL.md including info on custom configure script options.
    - Default value for --with-simulatorbin configure option has been removed.
    New default behavior is to disable integration tests.
    - CommandSource will no longer reject commands without parameters.
    - Unit tests updated to use cmocka v1.0.0 API.
    - Integration tests now run daemon under valgrind memcheck and fail when
    errors are found.
    - CommandSource now tracks max FD in set of client FDs to prevent unnecessary
    iterations over FD_SETSIZE fds.
  - no longer call bootstrap and switch to the release upstream tarball which
    has now been fixed to contain all necessary files
* Thu Jul 20 2017 matthias.gerstner@suse.com
  - first version of the new arbmd resource manager from Intel's tpm2 stack.
    This will replace the old resourcemgr previously shipped with the
    tpm2-0-tss package.

Files

/usr/lib/systemd/system/tpm2-abrmd.service
/usr/sbin/tpm2-abrmd
/usr/share/dbus-1/system-services/com.intel.tss2.Tabrmd.service
/usr/share/dbus-1/system.d/tpm2-abrmd.conf
/usr/share/doc/packages/tpm2.0-abrmd
/usr/share/doc/packages/tpm2.0-abrmd/CHANGELOG.md
/usr/share/doc/packages/tpm2.0-abrmd/CONTRIBUTING.md
/usr/share/doc/packages/tpm2.0-abrmd/INSTALL.md
/usr/share/doc/packages/tpm2.0-abrmd/README.SUSE
/usr/share/doc/packages/tpm2.0-abrmd/README.md
/usr/share/licenses/tpm2.0-abrmd
/usr/share/licenses/tpm2.0-abrmd/LICENSE
/usr/share/man/man7/tss2-tcti-tabrmd.7.gz
/usr/share/man/man8/tpm2-abrmd.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Sep 30 22:29:13 2025