[swtpm.git] / CHANGES

CHANGES - changes for swtpm

version 0.8.0:
  - swtpm:
    - Implement release-lock-outgoing parameter for --migration option
    - Introduce --migration option and 'incoming' parameter
    - Implement terminate parameter for ctrl channel loss
    - Add a chroot option
    - Introduce disable-auto-shutdown flag for --flags option
    - If necessary send TPM2_Shutdown() before TPMLIB_Terminate()
    - Add some more recent syscalls to seccomp profile
    - Disable OpenSSL FIPS mode to avoid libtpms failures
    - Avoid locking directory multiple times
    - Remove support for pre-v0.1 state files without header
    - Use uint64_t in tlv_data_append() to avoid integer overflows
    - Use uint64_t to avoid integer wrap-around when adding a uint32_t
    - Do not chdir(/) when using --daemon
    - Check header size indicator against expected size (CVE-2022-23645)
    - Fixes for gcc 12.2.1 -fanalyzer
  - build-sys:
    - Fix configure script to support _FORTIFY_SOURCE=3
    - Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin)
  - swtpm-localca:
    - Re-implement variable resolution for swtpm-localca.conf
    - Test for available issuercert before creating CA
  - swtpm_setup:
    - Configure swtpm to log to stdout/err if needed (glib >=2.74)
  - tests:
    - Use ${WORKDIR} in config files to test env. var replacement
    - Patch IBM TSS2 test suite for OpenSSL 3.x
  - build-sys:
    - Add probing for -fstack-protector

version 0.7.0:
  - swtpm:
    - Support for linear file storage backend (file://)
    - Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what
      libtpms supports
    - Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs
    - Wipe keys from stack and heap
    - Many other small changes
    - Make --daemon not racy
  - swtpm_setup:
    - Only activate SHA256 PCR bank, not SHA1 bank anymore by default
    - Support for linear file storage backend (file://)
    - Implement option --create-config-files to create config files
    - Use non-deprecated APIs to contruct RSA key (OSSL 3)
    - Report stderr as returned by external tool (swtpm-localcal)
    - Replace '+' and ',' characters in VMId's to make work with
      common name in X509 subject
    - Add support for --reconfigure flag to change active PCR banks
  - swtpm_localca:
    - Created certificates for CAs and TPM that do not expire
  - swtpm_cert:
    - Allow passing -1 for days to get a non-expiring certificate
  - test:
    - ASAN-related test changes and skipping of tests if ASAN is used
    - Fix tests using tpm2-abrmd by preventing concurrency
    - Skip chardev related tests after checking for chardev support
    - exit with error code if mktemp fails
    - OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test
  - build-sys:
    - Introduce --enable-sanitizers to configure
    - Remove check for pip3 that was used by python swtpm_setup
    - Allow passing of aditional CFLAGS during build

version 0.6.0:
  - swtpm:
    - Fix --print-capabilities for 'swtpm chardev'
    - Various cleanups and fixes (coverity)
    - Addressed potential symlink attack issue (CVE-2020-28407)
  - swtpm_setup:
    - Rewritten in 'C'; needs json-glib
    - Addressed potential symlink attack issue (CVE-2020-28407)
  - swtpm_ioctl:
    - Use timeouts for communicating with swtpm (Unix socket)
  - swtpm-localca:
    - Rewritten in 'C'
  - tests:
    - Use the IBM TSS2 v1.6.0's test suite
    - Store and also restore the volatile state at every step when running
      IBM TSS2 test suite
    - Various cleanup
  - build-sys:
    - Add HARDENING_CFLAGS and _LDFLAGS to all C programs

version 0.5.0:
  - swtpm:
    - Write files atomically using a temp file and then renaming
  - swtpm_setup:
    - Removed remaining 'c' wrapper program
    - Do not truncate logfile when testing write-access (regression)
    - Remove TPM state file in case error occurred
  - swtpm-localca:
    - Rewrite in python
    - Allow passing pkcs11 PIN using signingkey_password
    - Allow passing environment variables needed for pkcs11 modules using
      swtpm-localca.conf and format 'env:VARNAME=VALUE'.
  - build-sys:
    - Add python-install and python-uninstall targets
    - Add configure option to disable installation of Python module
    - Use -Wl,-z,relro and -Wl,-z,now only when linking (clang)
    - Use AC_LINK_IFELSE to check whether support for hardening flags

version 0.4.0:
  - swtpm:
    - Invoke print capabilities after choosing TPM version
    - Add some recent syscalls to seccomp blacklist
  - swtpm_cert:
    - Support --ecc-curveid option to pass curve id
  - swtpm_setup & related scripts:
    - Rewrite swtpm_setup.sh in python with TPM 1.2 not requiring tcsd
      and TPM tools anymore; new dependencies:
      - python3: pip, cryptography, setuptools
      dropped dependencies for swtpm_setup:
      - tcsd, expect, tpm-tools (some still needed for pkcs11 tests)
    - Added support for RSA 3072 keys (for libtpms-0.8.0) and moved to
      ECC NIST P384 curve; default RSA key size is still 2048
    - Added support for --rsa-keysize option
    - Extend script to create a CA using a TPM 2 for signing
  - tests:
    - Use the IBM TSS2 v1.5.0's test suite
    - Add test case for loading of an NVRAM completely full with keys
    - Have softhsm_setup use temporary directory for softhsm config & state
    - various other improvements
  - man pages:
    - Improvements
  - build-sys:
    - clang: properly test for linker flag 'now' and 'relro'
    - Gentoo: explicitly link libswtpm_libtpms with -lcrypto
    - Ownership of /var/lib/swtpm-localca is now tss:root and
      mode flags 0750.

version 0.3.0:
  - swtpm:
      - Support for applying 'TPM Startup' command during initialization
      - Use writev_full rather than writev; fixes --vtpm-proxy EIO error
      - Only accept() new client ctrl connection if we have none (bugfix)
  - swtpm_setup & related scripts:
      - Support whitespaces in filenames and paths
      - Do not fail on future PCR banks' hashes
  - swtpm_cert:
      - Fix OIDs for TPM 2 platforms data
      - Option parsing cleanup
      - Support for passing password in various forms
      - Use gnutls_x509_crt_get_subject_key_id API call for subj keyId
      - Support 64bit serial numbers read from command line
  - swtpm_ioctl:
      - Block SIGPIPE so we can get EPIPE on write()
  - swtpm_bios:
      - Block SIGPIPE so we can get EPIPE on write()
  - tests:
      - Increased timeouts and better support for running tests with
        executables run by valgrind
      - Allow running tests with choice of seccomp profile option
        (SWTPM_TEST_SECCOMP_OPT) to enable building for Ubuntu
      - Various cleanups & fixes
  - SELinux:
      - More rules added for support on F30

version 0.2.0:
  - Linux: swtpm now runs with a seccomp profile (blacklist) if compiled with
           libseccomp support
  - Added subpport for passing key and passphrase via file descriptor
  - TPM 2 commands can now be prefixed by 'the TCG header' and responses will
    have a 4-byte prefix and 4-byte suffix.
  - Added --print-capabilities command line option
  - Proper handling on EINTR on read, poll, and write

version 0.1.0:
  first public release
Commit	Line	Data
e9b08c71 SB	1	CHANGES - changes for swtpm
e9b08c71 SB	2
8cbb6dae SB	3	version 0.8.0:
	4	- swtpm:
	5	- Implement release-lock-outgoing parameter for --migration option
	6	- Introduce --migration option and 'incoming' parameter
	7	- Implement terminate parameter for ctrl channel loss
	8	- Add a chroot option
	9	- Introduce disable-auto-shutdown flag for --flags option
	10	- If necessary send TPM2_Shutdown() before TPMLIB_Terminate()
	11	- Add some more recent syscalls to seccomp profile
	12	- Disable OpenSSL FIPS mode to avoid libtpms failures
	13	- Avoid locking directory multiple times
	14	- Remove support for pre-v0.1 state files without header
	15	- Use uint64_t in tlv_data_append() to avoid integer overflows
	16	- Use uint64_t to avoid integer wrap-around when adding a uint32_t
	17	- Do not chdir(/) when using --daemon
	18	- Check header size indicator against expected size (CVE-2022-23645)
441d8839	19	- Fixes for gcc 12.2.1 -fanalyzer
8cbb6dae SB	20	- build-sys:
	21	- Fix configure script to support _FORTIFY_SOURCE=3
	22	- Define __USE_LINUX_IOCTL_DEFS in header file (Cygwin)
	23	- swtpm-localca:
	24	- Re-implement variable resolution for swtpm-localca.conf
	25	- Test for available issuercert before creating CA
441d8839 SB	26	- swtpm_setup:
441d8839 SB	27	- Configure swtpm to log to stdout/err if needed (glib >=2.74)
8cbb6dae SB	28	- tests:
	29	- Use ${WORKDIR} in config files to test env. var replacement
	30	- Patch IBM TSS2 test suite for OpenSSL 3.x
	31	- build-sys:
	32	- Add probing for -fstack-protector
	33
0a194745 SB	34	version 0.7.0:
	35	- swtpm:
	36	- Support for linear file storage backend (file://)
	37	- Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what
	38	libtpms supports
	39	- Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs
	40	- Wipe keys from stack and heap
	41	- Many other small changes
	42	- Make --daemon not racy
	43	- swtpm_setup:
	44	- Only activate SHA256 PCR bank, not SHA1 bank anymore by default
	45	- Support for linear file storage backend (file://)
	46	- Implement option --create-config-files to create config files
	47	- Use non-deprecated APIs to contruct RSA key (OSSL 3)
	48	- Report stderr as returned by external tool (swtpm-localcal)
	49	- Replace '+' and ',' characters in VMId's to make work with
	50	common name in X509 subject
	51	- Add support for --reconfigure flag to change active PCR banks
	52	- swtpm_localca:
	53	- Created certificates for CAs and TPM that do not expire
	54	- swtpm_cert:
	55	- Allow passing -1 for days to get a non-expiring certificate
	56	- test:
	57	- ASAN-related test changes and skipping of tests if ASAN is used
	58	- Fix tests using tpm2-abrmd by preventing concurrency
	59	- Skip chardev related tests after checking for chardev support
	60	- exit with error code if mktemp fails
	61	- OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test
	62	- build-sys:
	63	- Introduce --enable-sanitizers to configure
	64	- Remove check for pip3 that was used by python swtpm_setup
	65	- Allow passing of aditional CFLAGS during build
	66
1415cfaa SB	67	version 0.6.0:
	68	- swtpm:
	69	- Fix --print-capabilities for 'swtpm chardev'
	70	- Various cleanups and fixes (coverity)
	71	- Addressed potential symlink attack issue (CVE-2020-28407)
c125e34b SB	72	- swtpm_setup:
c125e34b SB	73	- Rewritten in 'C'; needs json-glib
1415cfaa SB	74	- Addressed potential symlink attack issue (CVE-2020-28407)
	75	- swtpm_ioctl:
	76	- Use timeouts for communicating with swtpm (Unix socket)
e689684c SB	77	- swtpm-localca:
e689684c SB	78	- Rewritten in 'C'
1415cfaa SB	79	- tests:
	80	- Use the IBM TSS2 v1.6.0's test suite
	81	- Store and also restore the volatile state at every step when running
	82	IBM TSS2 test suite
	83	- Various cleanup
	84	- build-sys:
	85	- Add HARDENING_CFLAGS and _LDFLAGS to all C programs
c125e34b	86
611c5896 SB	87	version 0.5.0:
	88	- swtpm:
	89	- Write files atomically using a temp file and then renaming
	90	- swtpm_setup:
	91	- Removed remaining 'c' wrapper program
	92	- Do not truncate logfile when testing write-access (regression)
	93	- Remove TPM state file in case error occurred
	94	- swtpm-localca:
	95	- Rewrite in python
	96	- Allow passing pkcs11 PIN using signingkey_password
	97	- Allow passing environment variables needed for pkcs11 modules using
	98	swtpm-localca.conf and format 'env:VARNAME=VALUE'.
	99	- build-sys:
	100	- Add python-install and python-uninstall targets
	101	- Add configure option to disable installation of Python module
	102	- Use -Wl,-z,relro and -Wl,-z,now only when linking (clang)
	103	- Use AC_LINK_IFELSE to check whether support for hardening flags
	104
e9b08c71 SB	105	version 0.4.0:
e9b08c71 SB	106	- swtpm:
2feefb2c	107	- Invoke print capabilities after choosing TPM version
e9b08c71 SB	108	- Add some recent syscalls to seccomp blacklist
	109	- swtpm_cert:
	110	- Support --ecc-curveid option to pass curve id
	111	- swtpm_setup & related scripts:
2feefb2c SB	112	- Rewrite swtpm_setup.sh in python with TPM 1.2 not requiring tcsd
	113	and TPM tools anymore; new dependencies:
	114	- python3: pip, cryptography, setuptools
	115	dropped dependencies for swtpm_setup:
	116	- tcsd, expect, tpm-tools (some still needed for pkcs11 tests)
	117	- Added support for RSA 3072 keys (for libtpms-0.8.0) and moved to
	118	ECC NIST P384 curve; default RSA key size is still 2048
e9b08c71 SB	119	- Added support for --rsa-keysize option
	120	- Extend script to create a CA using a TPM 2 for signing
	121	- tests:
	122	- Use the IBM TSS2 v1.5.0's test suite
	123	- Add test case for loading of an NVRAM completely full with keys
2feefb2c SB	124	- Have softhsm_setup use temporary directory for softhsm config & state
	125	- various other improvements
	126	- man pages:
	127	- Improvements
e9b08c71 SB	128	- build-sys:
	129	- clang: properly test for linker flag 'now' and 'relro'
	130	- Gentoo: explicitly link libswtpm_libtpms with -lcrypto
2feefb2c SB	131	- Ownership of /var/lib/swtpm-localca is now tss:root and
2feefb2c SB	132	mode flags 0750.
e9b08c71	133
16952a5f SB	134	version 0.3.0:
	135	- swtpm:
	136	- Support for applying 'TPM Startup' command during initialization
	137	- Use writev_full rather than writev; fixes --vtpm-proxy EIO error
	138	- Only accept() new client ctrl connection if we have none (bugfix)
	139	- swtpm_setup & related scripts:
	140	- Support whitespaces in filenames and paths
	141	- Do not fail on future PCR banks' hashes
	142	- swtpm_cert:
	143	- Fix OIDs for TPM 2 platforms data
	144	- Option parsing cleanup
	145	- Support for passing password in various forms
	146	- Use gnutls_x509_crt_get_subject_key_id API call for subj keyId
	147	- Support 64bit serial numbers read from command line
	148	- swtpm_ioctl:
	149	- Block SIGPIPE so we can get EPIPE on write()
	150	- swtpm_bios:
	151	- Block SIGPIPE so we can get EPIPE on write()
	152	- tests:
	153	- Increased timeouts and better support for running tests with
	154	executables run by valgrind
	155	- Allow running tests with choice of seccomp profile option
	156	(SWTPM_TEST_SECCOMP_OPT) to enable building for Ubuntu
	157	- Various cleanups & fixes
	158	- SELinux:
	159	- More rules added for support on F30
	160
933f4055 SB	161	version 0.2.0:
	162	- Linux: swtpm now runs with a seccomp profile (blacklist) if compiled with
	163	libseccomp support
e6512b84 SB	164	- Added subpport for passing key and passphrase via file descriptor
	165	- TPM 2 commands can now be prefixed by 'the TCG header' and responses will
	166	have a 4-byte prefix and 4-byte suffix.
	167	- Added --print-capabilities command line option
	168	- Proper handling on EINTR on read, poll, and write
933f4055	169
0c1ecae2 SB	170	version 0.1.0:
0c1ecae2 SB	171	first public release