Skip to content

Releases: stefanberger/swtpm

Release of v0.5.0

23 Nov 15:04
@stefanberger stefanberger
v0.5.0
This tag was signed with the committer’s verified signature.
stefanberger Stefan Berger
GPG key ID: 75AD65802A0B4211
Learn about vigilant mode.
b931e10
Compare
Choose a tag to compare
Release of v0.5.0

version 0.5.0:

  • swtpm:
    • Write files atomically using a temp file and then renaming
  • swtpm_setup:
    • Removed remaining 'c' wrapper program
    • Do not truncate logfile when testing write-access (regression)
    • Remove TPM state file in case error occurred
  • swtpm-localca:
    • Rewrite in python
    • Allow passing pkcs11 PIN using signingkey_password
    • Allow passing environment variables needed for pkcs11 modules using
      swtpm-localca.conf and format 'env:VARNAME=VALUE'.
  • build-sys:
    • Add python-install and python-uninstall targets
    • Add configure option to disable installation of Python module
    • Use -Wl,-z,relro and -Wl,-z,now only when linking (clang)
    • Use AC_LINK_IFELSE to check whether support for hardening flags
Assets 3
Loading

Release of v0.4.1

23 Nov 15:06
@stefanberger stefanberger
v0.4.1
This tag was signed with the committer’s verified signature.
stefanberger Stefan Berger
GPG key ID: 75AD65802A0B4211
Learn about vigilant mode.
b28b158
Compare
Choose a tag to compare
Release of v0.4.1

version 0.4.1:

  • swtpm_setup:
    • Do not hardcode '/etc' but use SYSCONFDIR
    • Fix support for -h and -? options
    • Add missing .config path when using ${HOME}
  • swtpm-localca:
    • Apply password for signing key when creating platform cert
    • Properly apply passwords for localca signing key
Assets 3
Loading

Release of v0.4.0

23 Nov 15:08
@stefanberger stefanberger
v0.4.0
This tag was signed with the committer’s verified signature.
stefanberger Stefan Berger
GPG key ID: 75AD65802A0B4211
Learn about vigilant mode.
0c238a2
Compare
Choose a tag to compare
Release of v0.4.0

version 0.4.0:

  • swtpm:
    • Invoke print capabilities after choosing TPM version
    • Add some recent syscalls to seccomp blacklist
  • swtpm_cert:
    • Support --ecc-curveid option to pass curve id
  • swtpm_setup & related scripts:
    • Rewrite swtpm_setup.sh in python with TPM 1.2 not requiring tcsd
      and TPM tools anymore; new dependencies:
      • python3: pip, cryptography, setuptools
        dropped dependencies for swtpm_setup:
      • tcsd, expect, tpm-tools (some still needed for pkcs11 tests)
    • Added support for RSA 3072 keys (for libtpms-0.8.0) and moved to
      ECC NIST P384 curve; default RSA key size is still 2048
    • Added support for --rsa-keysize option
    • Extend script to create a CA using a TPM 2 for signing
  • tests:
    • Use the IBM TSS2 v1.5.0's test suite
    • Add test case for loading of an NVRAM completely full with keys
    • Have softhsm_setup use temporary directory for softhsm config & state
    • various other improvements
  • man pages:
    • Improvements
  • build-sys:
    • clang: properly test for linker flag 'now' and 'relro'
    • Gentoo: explicitly link libswtpm_libtpms with -lcrypto
    • Ownership of /var/lib/swtpm-localca is now tss:root and
      mode flags 0750.
Assets 3
Loading