The source repository for the Trusted Platform Module (TPM2.0) tools
5.3 2022-09-27
Features:
Known issue:
Bug fixes:
CI:
Reference the CHANGELOG for this pre-release.
Reference the CHANGELOG for this pre-release.
tpm2_nvextend:
tpm2_nvread:
tpm2_nvsetbits:
tpm2_createprimary:
tpm2_create:
tpm2_print:
-u
output from tpm2_create
and converting
it to a PEM or DER file format.tpm2_import:
tpm2_rsaencrypt, tpm2_rsadecrypt:
tpm2_pcrread, tpm2_quote:
tpm2_eventlog:
tpm2_duplicate:
tools:
lib/tpm2_options:
openssl:
Support added to make the repository documentation and man pages available live on readthedocs.
Bug-fixes:
tpm2_import: Don't allow setting passwords for imported object with -p option as the tool doesn't modify the TPM2B_SENSITIVE structure. Added appropriate logging to indicate using tpm2_changeauth after import.
lib/tpm2_util.c: The function to calculate pHash algorithm returned error when input session is a password session and the only session in the command.
lib/tpm2_alg_util.c: Fix an error where oaep was parsed under ECC.
tpm2_sign: Fix segfaults when tool does not find TPM resources (TPM or RM).
tpm2_makecredential: Fix an issue where reading input from stdin could result in unsupported data size larger than the largest digest size.
tpm2_loadexternal: Fix an issue where restricted attribute could not be set.
lib/tpm2_nv_util.h: The NV index size is dependent on different data sets read from the GetCapability structures because there is a dependency on the NV operation type: Define vs Read vs Write vs Extend. Fix a sane default in the case where GetCapability fails or fails to report the specific property/ data set. This is especially true because some properties are TPM implementation dependent.
tpm2_createpolicy: Fix an issue where tool exited silently without reporting an error if wrong pcr string is specified.
lib/tpm2_alg_util: add error message on public init to prevent tools from dying silently, add an error message.
tpm2_import: fix an issue where an imported hmac object scheme was NULL. While allowed, it was inconsistent with other tools like tpm2_create which set the scheme as hmac->sha256 when generating a keyedhash object.
Reference the CHANGELOG for this pre-release.
Reference the CHANGELOG for this pre-release.
Reference the CHANGELOG for this pre-release.
Build
tss2:
Command/ response parameter support for auditing and pHash policies:
Session-support:
tpm2_eventlog:
scripts/utils: Add a utility to read the cert chain of embedded CA.
tpm2_getekcertificate: Fix tool failing to return error/non-zero for HTTP 404.
tpm2_nvdefine: allow setting hash algorithm by command line parameter for NV indices set in extend mode.
tpm2_duplicate, tpm2_import: support duplicating non-TPM keys to a remote TPM without first requiring them to be loaded to a local TPM.
tpm2_dictionarylockout: Fix issue where setting value for one parameter caused to reset the others.
tpm2_getpolicydigest: Add new tool to enable TPM2_CC_PolicyGetDigest.
Fix segfault where optind > argc.
tools/tpm2_checkquote: fix missing initializer
tpm2_convert: fix EVP_EncodeUpdate usage for OSSL < 1.1.0
openssl: fix EVP_ENCODE_CTX_(new|free)
test: Add support for swTPM simulator to the testing framework and make it the default if mssim isn't available.
tpm2_unseal:
tpm2_nvextend:
tpm2_nvdefine:
tpm2_changepps:
tpm2_changeeps:
tpm2_changeauth:
tpm2_certifycreation:
tpm2_certify:
tpm2_activatecredential:
tpm2_create:
tpm2_unseal:
tpm2_nvdefine:
tpm2_nvextend: