Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: evmctl | Distribution: openSUSE Tumbleweed |
Version: 1.5 | Vendor: openSUSE |
Release: 2.1 | Build date: Thu Jan 4 17:27:53 2024 |
Group: System/Kernel | Build host: i01-ch2a |
Size: 67225 | Source RPM: ima-evm-utils-1.5-2.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://sourceforge.net/projects/linux-ima/ | |
Summary: IMA/EVM signing utility |
The evmctl utility can be used for producing and verifying digital signatures, which are used by Linux kernel integrity subsystem (IMA/EVM). It can be also used to import keys into the kernel keyring.
LGPL-2.1-or-later
* Fri Dec 15 2023 Frederic Crozat <fcrozat@suse.com> - Update download url. * Fri Mar 10 2023 Petr Vorel <pvorel@suse.cz> - Update to version 1.5 * CI changes: * New: UML kernel testing environment * Support for running specific test(s) * Update distros * Update software release versions * New features: * Signing fs-verity signatures * Reading TPM 2.0 PCRs via sysfs interface * New tests: * Missing IMA mmapped file measurements * Overlapping IMA policy rules * EVM portable signatures * fs-verity file measurements in the IMA measurement list * Build and library changes: * OpenSSL 3.0 version related changes * New configuration options: --disable-engine, --enable-sigv1 * Deprecate IMA signature v1 format * Misc bug fixes and code cleanup: * memory leaks, bounds checking, use after free * Fix and update test output * Add missing sanity checks * Documentation: * Store the sourceforge ima-evm-utils wiki for historical purposes. - Upstream bumped soname to 4.0.0 - Add BuildRequires: e2fsprogs util-linux (required by tests, which are mandatory) - /usr/sbin to PATH (0001-fsverity.test-Add-usr-sbin-into-PATH.patch, sent to upstream ML) * Mon Apr 25 2022 Marcus Meissner <meissner@suse.com> - switch to use https urls * Fri Nov 05 2021 Petr Vorel <pvorel@suse.cz> - Update to version 1.4 * Elliptic curve support and tests * PKCS11 support and tests * Ability to manually specify the keyid included in the IMA xattr * Improve IMA measurement list per TPM bank verification * Linking with IBM TSS * Set default hash algorithm in package configuration * (Minimal) support and test EVM portable signatures * CI testing: * Refresh and include new distros * Podman support * GitHub Actions * Limit "sudo" usage * Misc bug fixes and code cleanup * Fix static analysis bug reports, memory leaks * Remove experimental code that was never upstreamed in the kernel * Use unsigned variable, remove unused variables, etc - Upstream bumped soname to 3.0.0 * Thu Oct 29 2020 Petr Vorel <pvorel@suse.cz> - Update to version 1.3.2 * Bugfixes: importing keys * NEW: Docker based travis distro testing * Travis bugfixes, code cleanup, software version update, and script removal * Initial travis testing - Remove 0001-help-Add-missing-new-line-for-ignore-violations.patch (patch from this release) - Add make check + dependencies (getfattr => attr, xxd => vim) * Thu Oct 01 2020 Petr Vorel <pvorel@suse.cz> - Fix missing new line in help (0001-help-Add-missing-new-line-for-ignore-violations.patch) * Fri Aug 14 2020 Petr Vorel <pvorel@suse.cz> - Update to version 1.3.1 * "--pcrs" support for per crypto algorithm * Drop/rename "ima_measurement" options * Moved this summary from "Changelog" to "NEWS", removing requirement for GNU empty files * Distro build fixes * Remove 0001-pcr_tss-Fix-compilation-for-old-compilers.patch (from this release) * Thu Jul 23 2020 Petr Vorel <pvorel@suse.cz> - Use %autosetup -p1 * Wed Jul 22 2020 Petr Vorel <pvorel@suse.cz> - Remove suse_version check for tpm2-0-tss-devel as the package is available for back as far as SLE 12 SP2 and respective openSUSE versions (also check was wrong, should have been 1500). * Wed Jul 22 2020 Petr Vorel <pvorel@suse.cz> - Fixes from previous SR (reported by fvogt): * Move ibmtss runtime dependency to evmctl package * Remove dependencies to devel package (should not be needed) * Wed Jul 22 2020 Petr Vorel <pvorel@suse.cz> - Update to version 1.3 version 1.3 new features: * NEW ima-evm-utils regression test infrastructure with two initial tests: - ima_hash.test: calculate/verify different crypto hash algorithms - sign_verify.test: EVM and IMA sign/verify signature tests * TPM 2.0 support - Calculate the new per TPM 2.0 bank template data digest - Support original padding the SHA1 template data digest - Compare ALL the re-calculated TPM 2.0 bank PCRs against the TPM 2.0 bank PCR values - Calculate the per TPM bank "boot_aggregate" values, including PCRs 8 & 9 in calculation - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS - boot_aggregate.test: compare the calculated "boot_aggregate" values with the "boot_aggregate" value included in the IMA measurement. * TPM 1.2 support - Additionally support reading the TPM 1.2 PCRs from a supplied file ("--pcrs" option) * Based on original IMA LTP and standalone version support - Calculate the TPM 1.2 "boot_aggregate" based on the exported TPM 1.2 BIOS event log. - In addition to verifying the IMA measurement list against the the TPM PCRs, verify the IMA template data digest against the template data. (Based on LTP "--verify" option.) - Ignore file measurement violations while verifying the IMA measurment list. (Based on LTP "--validate" option.) - Verify the file data signature included in the measurement list based on the file hash also included in the measurement list (--verify-sig) - Support original "ima" template (mixed templates not supported) * Support "sm3" crypto name Bug fixes and code cleanup: * Don't exit with -1 on failure, exit with 125 * On signature verification failure, include pathname. * Provide minimal hash_info.h file in case one doesn't exist, needed by the ima-evm-utils regression tests. * On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs * Fix hash_algo type comparison mismatch * Simplify/clean up code * Address compiler complaints and failures * Fix memory allocations and leaks * Sanity check provided input files are regular files * Revert making "tsspcrread" a compile build time decision. * Limit additional messages based on log level (-v) - Add patch 0001-pcr_tss-Fix-compilation-for-old-compilers.patch - Upstream bumped soname to 2.0.0 - Add tpm2-0-tss-devel for Tumbleweed as build dependency, for the rest ibmtss as runtime dependency (needed for for reading PCR in ima_boot_aggregate cmd; better to use libtss2-esys and libtss2-rc than require tsspcrread binary in runtime, but tpm2-0-tss-devel is available only for Tumbleweed) + the same logic as runtime dependency for devel package - Mark COPYING as %license
/usr/bin/evmctl /usr/share/man/man1/evmctl.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 11:08:27 2024