Tags: fly2x/tpm2-tools
Tags
5.6-rc0
* tpm2_eventlog:
- add H-CRTM event support
- add support of efivar versions less than 38
- Add support to check for efivar/efivar.h manually
- Minor formatting fixes
- tpm2_eventlog: add support for replay with different StartupLocality
- Fix pcr extension for EV_NO_ACTION
- Extend test of yaml string representation
- Use helper for printing a string dump
- Fix upper bound on unique data size
- Fix YAML string formatting
* tpm2_policy:
- Add support for parsing forward seal TPM values
- Use forward seal values in creating policies
- Move dgst_size in evaluate_populate_pcr_digests()
- Allow more than 8 PCRs for sealing
- Move dgst_size in evaluate_populate_pcr_digests
- Allow more than 8 PCRs for sealing
- Make __wrap_Esys_PCR_Read() more dynamic to enable testing more PCRs
* tpm2_encryptdecrypt: Fix pkcs7 padding stripping
* tpm2_duplicate:
- Support -a option for attributes
- Add --key-algorithm option
* tpm2_encodeobject: Use the correct -O option instead of -C
* tpm2_unseal: Add qualifier static to enhance the privacy of unseal function
* tpm2_sign:
- Remove -m option which was added mistakenly
- Revert sm2 sign and verifysignature
* tpm2_createek:
- Correct man page example
- Fix usage of nonce
- Fix integrating nonce
* tpm2_clear: add more details about the action
* tpm2_startauthsession: allow the file attribute for policy authorization.
* tpm2_getekcertificate: Add AMD EK support
* tpm2_ecdhzgen: Add public-key parameter
* tpm2_nvreadpublic: Prevent free of unallocated pointers on failure
* Bug-fixes:
* The readthedocs build failed with module 'jinja2' has no attribute 'contextfilter'
a requirement file was added to fix this problem
* An error caused by the flags -flto -_FORTIFY_SOURCE=3 in kdfa implementation.
This error can be avoided by switching off the optimization with pragma
* Changed wrong function name of "Esys_Load" to "Esys_Load"
* Function names beginning with Esys_ are wrongly written as Eys_
* Reading and writing a serialized persistent ESYS_TR handles
* cirrus-ci update image-family to freebsd-13-2 from 13-1
* misc:
- Change the default Python version to Python3 in the helper's code
- Skip test which uses the sign operator for comparison in abrmd_policynv.sh
- tools/tr_encode: Add a tool that can encode serialized ESYS_TR for persistent handles
from the TPM2B_PUBLIC and the raw persistent TPM2_HANDLE
5.4 - 2022-12-05
Added:
* tpm2_policyrestart:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyRestart.
* tpm2_policynvwritten:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyNvWritten.
* tpm2_policylocality:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyLocality.
* tpm2_policycountertimer:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyCounterTimer.
* tpm2_policycommandcode:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyCommandCode.
* tpm2_policypassword:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyPassword.
* tpm2_policyauthvalue:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyAuthValue.
* tpm2_policyauthorize:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyAuthorize.
* tpm2_print:
- Support printing serialized ESYS_TR's
* tpm2_create:
- Add a clarifying message to usage of `-c` when TPM2_CreateLoaded
is not supported.
* tpm2_getcap:
- Add support for vendor agnostic capabilites. Requires tpm2-tss version 4.0
and higher to enable.
* Add a script, check_endorsement_cert.sh, to validate the endorsement
certificate chain. It takes two inputs - A TPM2B_PUBLIC format EKpublic and
a PEM format EKcertificate specified in that order as arguments.
5.4-rc0 - 2022-11-28
Added:
* tpm2_policyrestart:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyRestart.
* tpm2_policynvwritten:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyNvWritten.
* tpm2_policylocality:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyLocality.
* tpm2_policycountertimer:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyCounterTimer.
* tpm2_policycommandcode:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyCommandCode.
* tpm2_policypassword:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyPassword.
* tpm2_policyauthvalue:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyAuthValue.
* tpm2_policyauthorize:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyAuthorize.
* tpm2_print:
- Support printing serialized ESYS_TR's
* tpm2_create:
- Add a clarifying message to usage of `-c` when TPM2_CreateLoaded
is not supported.
* tpm2_getcap:
- Add support for vendor agnostic capabilites. Requires tpm2-tss version 4.0
and higher to enable.
* Add a script, check_endorsement_cert.sh, to validate the endorsement
certificate chain. It takes two inputs - A TPM2B_PUBLIC format EKpublic and
a PEM format EKcertificate specified in that order as arguments.
5.3 2022-09-27
* .ci/download-deps.sh: update tpm2-abrmd dependency version to 2.4.1
* .cirrus.yml: updated the freebsd version to 13.1 in the CI.
5.3-rc1 2022-09-12
* tools/tpm2_pcrreset.c: fix build errors in 32bit systems.
* Fix tssprivkey formatted PEM generation and load errors on 32 bit systems.
* CI: Add testing of 32bit systems with multiarch/qemu-user-static containers.
* Known issue: FAPI tools will not work on 32bit user-static qemu on 64bit
host because readdir returns NULL. Follow the issue on
https://gitlab.com/qemu-project/qemu/-/issues/263
5.3-rc0 2022-08-02
* tpm2_nvextend: fix for including ESYS_TR handle to calculate object name.
* tpm2_nv(read/write): allow policy authorization only for single iterations
for a maximum buffer size of TPM2_PT_NV_BUFFER_MAX.
* tpm2_policylocality: fix logical inversion that caused any argument to be
interpreted as zero, except "zero" would be interpreted as one.
* tpm2_nvdefine: fixed to set TPMA_NV_PLATFORMCREATE attribute default when
authorizing with platform hierarchy.
* tpm2_getekcertificate: fixed the url/link for retrieving ek
certificates from ekop.intel.com.
* tools/tpm2_tool.c: fix an issue where LOG_WARN messages were displayed
despite setting the quite flag.
* tpm2_import: fix an issue where openssl load function resets a specified
scheme with TPM2_ALG_NULL.
* tpm2_sign, tpm2_verifysignature: fixes for sm2 signing and verification.
* Support alternative ECC curves for which default EK templates exist
(NIST_P256, NIST_P384, NIST_P521, and SM2_P256).
* tools/misc/tpm2_checkquote: add sm2 verification of signature.
* tpm2_startauthsession:
- Added option **-G**, **--key-algorithm=ALGORITHM** to specify the
symmetric algorithm used in parameter encryption/decryption.
* tpm2_certify:
- Added option **\--scheme**=_ALGORITHM_ for supporting signature schemes.
Signing schemes should follow the "formatting standards", see section
"Algorithm Specifiers".
* tpm2_getcommandauditdigest:
- Added option **\--scheme**=_ALGORITHM_ for supporting signature schemes.
Signing schemes should follow the "formatting standards", see section
"Algorithm Specifiers".
* tpm2_getsessionauditdigest:
- Added option **\--scheme**=_ALGORITHM_ for supporting signature schemes.
Signing schemes should follow the "formatting standards", see section
"Algorithm Specifiers".
* tpm2_quote:
- Added option **\--scheme**=_ALGORITHM_ for supporting signature schemes.
Signing schemes should follow the "formatting standards", see section
"Algorithm Specifiers".
* lib/tpm2.c: flushcontext cphash calculation workaround for a system api bug
where in the flush handle was erroneously placed in the handle area instead
of parameter area.
* tpm2_flushcontext: options **-t**, **-l**, **-s** can now be simultaneously
specified.
* tpm2_import: support restricted parent with an aes128cfb symmetric parameter.
* tpm2_nvreadpublic: drop ntoh on attributes because they get marshalled to
the correct endianness by libmu to begin with.
* tpm2_print: remove unused **-i** option.
* tpm2_policyor: fix segfault when no options or arguments to specify the list
of policies to be compounded.
* tpm2_certify: fix man page for short options and add tests The short
options for the signing-key-auth and certified-key-auth were swapped. The
case fix in the man page makes it less intuitive but have to go through with
the change so that we don't break any existing scripts. This change does not
affect the long options. Tests have been added to ensure the functionality.
* .cirrus.yml: updated the freebsd version to 13.
* VERSION: add version file - Generate the version file with bootstrap and
include in the DIST tarball so endusers can call autoreconf on a dist
tarball which doesn't have git. This alleviates git describe errors on
release tarballs in the autoreconf case.
* tpm2_clear:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_Clear.
* tpm2_dictionarylockout:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_DictionaryAttackLockReset and TPM2_CC_DictionaryAttackParameters.
* tpm2_clearcontrol:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC__ClearControl.
* tpm2_sign:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_Sign.
* tpm2_setprimarypolicy:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_SetPrimaryPolicy.
* tpm2_setclock:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_ClockSet.
* tpm2_rsadecrypt:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_RSA_Decrypt.
* tpm2_duplicate:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_Duplicate.
* tpm2_clockrateadjust:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_ClockRateAdjust.
* tpm2_createprimary:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_CreatePrimary.
* tpm2_quote:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_Quote.
* tpm2_policysecret:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicySecret
* tpm2_policynv:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyNV.
* tpm2_policyauthorizenv:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PolicyAuthorizeNV.
* tpm2_import:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_Import.
* tpm2_hmac:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_HMAC.
* tpm2_hierarchycontrol:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_HierarchyControl.
* tpm2_load:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_Load.
* tpm2_gettime:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_GetTime.
* tpm2_evictcontrol:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_EvictControl.
* tpm2_encryptdecrypt:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_EncryptDecrypt.
* tpm2_getpolicydigest:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_GetPolicyDigest.
* tpm2_loadexternal:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_LoadExternal.
* tpm2_pcrreset:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PCR_Reset.
* tpm2_pcrread:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PCR_Read.
* tpm2_pcrevent:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PCR_Event.
* tpm2_pcrallocate:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_PCR_Allocate.
* tpm2_loadexternal:
- Added support to tpm2_loadexternal for parsing and loading the public
portion of a TSS2 Privkey PEM file. The path to the PEM file must be
specified using the **-r** option while skipping the **-G** option for
key type.
* tpm2_print:
- Added capability to parse out and print the public portion of a
TSS Private Key in the PEM format with the arg option
**TSSPRIVKEY_OBJ**.
* tpm2_geteccparameters:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_ECC_Parameters.
* tpm2_flushcontext:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_FlushContext.
* tpm2_ecephemeral:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_EC_Ephemeral.
* tpm2_ecdhzgen:
- Added option **--cphash** to output the cpHash for the command
TPM2_CC_ECDH_ZGen.
* tpm2_load:
- Added capability to load pem files in TSS2-Private-Key format for
interoperability with tpm2-tss-engine, tpm2-openssl provider,
tpm2-pkcs11, and tpm2-pytss.
* tpm2_ecdhkeygen:
- Added option to output the cpHash for the command TPM2_CC_ECDH_KeyGen.
* tpm2_commit:
- Added option to output the cpHash for the command TPM2_CC_Commit.
* tpm2:
- Added option to specify **--help=no-man**
* tpm2_nvreadpublic:
- Added option **\--cphash**=_FILE_ to specify file path to record hash
of the command parameters. This is commonly termed as cpHash.
- Added option **\--rphash**=_FILE_ to specify file path to record the
hash of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- Added option **-n**, **\--name** to specify the name of the nvindex in
hex bytes. This is used when cpHash is calculated without dispatching
the TPM2_NV_Write command to the TPM ie when **--tcti=none**
* tpm2_nvundefine:
- Added option **\--rphash**=_FILE_ to specify file path to record the
hash of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- Added option **-n**, **\--name** to specify the name of the nvindex in
hex bytes. This is used when cpHash is calculated without dispatching
the TPM2_NV_Write command to the TPM.
- Added option **\--with-policydelete** when calculating cpHash with
**\--tcti=none** there is no way to know if the attribute
TPMA_NV_POLICYDELETE has been set from the NV index name alone.
* tpm2_nvreadlock:
- Added option **\--rphash**=_FILE_ to specify file path to record the
hash of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- Added option **-n**, **\--name** to specify the name of the nvindex in
hex bytes. This is used when cpHash is calculated without dispatching
the TPM2_NV_Write command to the TPM.
* tpm2_nvwritelock:
- Added option **\--rphash**=_FILE_ to specify file path to record the
hash of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
* tpm2_nvincrement:
- Added option **\--rphash**=_FILE_ to specify file path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
* tpm2_nvcertify:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- Added option **-n**, **\--name** to specify the name of the nvindex in
hex bytes. This is used when cpHash is calculated without dispatching
the TPM2_NV_Write command to the TPM.
- Added option **\-signer-name** to specify the signer name in hex bytes.
This is used when cpHash is calculated without dispatching the
TPM2_NV_Write command to the TPM.
* tpm2_nvwrite:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- Added option -n, --name to specify the name of the nvindex in hex bytes.
This is used when cpHash is calculated without dispatching the
TPM2_NV_Write command to the TPM.
* Minimum tpm2-tss version is now 3.2.0 to support openssl3 migration.
* Fix test harness leaving tpm servers running after a make check. Fixes sporadic
hangs in testing.
5.3-rc1 2022-09-13 tools/tpm2_pcrreset.c: fix build errors in 32bit systems. Fix tssprivkey formatted PEM generation and load errors on 32 bit systems. CI: Add testing of 32bit systems with multiarch/qemu-user-static containers. Known issue: FAPI tools will not work on 32bit user-static qemu on 64bit host because readdir returns NULL. Follow the issue on https://gitlab.com/qemu-project/qemu/-/issues/263 Also reference 5.3-rc0 tag description
5.3-rc0 2022-08-02
Feature support:
1. lib/tpm2_tool.c: add --help=no-man for tpm2 option. Prior to this change the
tool parsed no-man as an unrecognized option and errored out. Now it lists
all the available tool options.
2. tpm2_encodeobject: New tool to encode TPM2 object. It takes public and
private portions of an object and encode them in a combined PEM form called
tssprivkey used by tpm2-tss-engine and other applications.
3. Support alternative ECC curves for which default EK templates exist
(NIST_P256, NIST_P384, NIST_P521, and SM2_P256).
4. tools/misc/tpm2_checkquote: add sm2 verification of signature.
5. crypto: support the TPM2_ECC_SM2_P256 curveID.
6. fapi: add new command to enable the use of fapi objects for tπpm2 tools. The
new command **tss2_gettpm2object** was added. With this command context files
which can be used for tpm2 tool commands can be created.
7. Support for sign and verify with sm2 algorithms.
8. tools/tpm2_startauthsession: add sym-algorithm argument for supported
symmetric algorithm.
9. Attestation (certify, command audit, sessionaudit and quote): add scheme
argument for supported signature schemes. This also enable support for SM
signing.
10. tpm2_flushcontext: support all options at a time Support the -t/-l/-s
options all at once so folks don't have to call it multiple times.
11. tools/tpm2_nvread: add human readable output for NV content Enable parsing
and YAML-style output for the different NV index types.
12. New event types in tpm2_eventlog: EV_EFI_PLATFORM_FIRMWARE_BLOB2,
EV_EFI_HANDOFF_TABLES2, EV_EFI_VARIABLE_BOOT2
13. VERSION: add version file - Generate the version file with bootstrap and
include in the DIST tarball so endusers can call autoreconf on a dist
tarball which doesn't have git. This alleviates git describe errors on
release tarballs in the autoreconf case.
14. import: support restricted parents - Support a restricted parent with an
aes128cfb symmetric parameter.
15. tpm2_load - Added capability to load pem files in TSS2-Private-Key format
for interoperability with tpm2-tss-engine, tpm2-openssl provider
tpm2-pkcs11, and tpm2-pytss.
16. tpm2_print - Added capability to parse out and print the public portion of a
TSS Private Key in the PEM format with the arg option **TSSPRIVKEY_OBJ**.
17. tpm2_loadexternal: Added support to tpm2_loadexternal for parsing and
loading the public portion of a TSS2 Privkey PEM file. The path to the PEM
file must be specified using the **-r** option while skipping the **-G**
option for key type.
18. Support added for calculating cpHash, rpHash, sessions for parameter
encryption and auditing in: tpm2_nvwrite, tpm2_nvcertify, tpm2_nvincrement,
tpm2_nvwritelock, tpm2_nvreadlock, tpm2_nvundefine and tpm2_nvreadpublic.
19. Support added for calculating cpHash in: tpm2_clear, tpm2_dictionarylockout,
tpm2_clearcontrol, tpm2_sign, tpm2_setprimarypolicy, tpm2_setclock,
tpm2_rsadecrypt, tpm2_duplicate, tpm2_clockrateadjust, tpm2_createprimary,
tpm2_quote, tpm2_policysecret, tpm2_policynv, tpm2_policyauthorizenv,
tpm2_import, tpm2_hmac, tpm2_hierarchycontrol, tpm2_load, tpm2_gettime,
tpm2_evictcontrol, tpm2_encryptdecrypt, tpm2_getpolicydigest,
tpm2_loadexternal, tpm2_commit, tpm2_ecdhkeygen, tpm2_ecdhzgen,
tpm2_ecephemeral, tpm2_geteccparameters, tpm2_flushcontext,
tpm2_pcrallocate, tpm2_pcrevent, tpm2_pcrreset, tpm2_pcrread.
20. Support for using tcti=none for cpHash calculations to avoid invoking checks
for active TPM in: tpm2_nvreadpublic, tpm2_nvundefine, tpm2_nvreadlock,
tpm2_nvwritelock, tpm2_nvincrement, tpm2_nvcertify, tpm2_nvdefine,
tpm2_nvwrite.
Bug fixes:
1. tools/tpm2_evictcontrol: fix for calls to Esys_TR_Close on bad handles.
2. tools/tpm2_nvextend: fix for ESYS_TR handle not being used in calculating the
object name.
3. tools/tpm2_nvwrite, tools/tpm2_nvread: Policy authorization must be
re-instantiated on each iteration of the read/ write when size exceeds the
allowed operating size (TPM2_PT_NV_BUFFER_MAX). However, information on the
compounded policies cannot be retrieved from the only policy digest read from
the session and hence the session cannot be re-instantiated. To avoid this
scenario only a single iteration is allowed when policy authorization is in
use.
4. Fix argument parsing in tpm2_policylocality to fix an issue causing almost
always to generate PolicyLocality(0). There was a logical inversion that
caused almost any argument (including invalid ones) to be interpreted as
zero, except “zero" would be interpreted as one.
5. test/fapi/fapi-quote-verify.sh Fix check of qualifying data. Because of a bug
in Fapi_VerifyQuote the qualifying data was not checked correctly. Errors
that were not recognized before occur now. The order of the tests was cleaned
up and for every quote and verify quote now the correct combination of the
qualifying data and quote info containing the nonce is used.
6. tpm2_nvdefine: set TPMA_NV_PLATFORMCREATE when authenticating with the
platform hierarchy.
7. tools/tpm2_getekcertificate: fixed the url link to ekop.intel.com. There were
two places where the fix was needed: (1.) In the tool source code where a
forward slash was always appended irrespective of it already being part of
the link specified by the user and (2.) In the integration test where curl
tests the link to the ekop.intel.com backend. It now requires the full link
to include the base64 encoded ek pub hash.
8. tools/tpm2_tool.c: Fix an issue where LOG_WARN is always displayed Despite
setting the 'quiet' flag with -Q.
9. fapi: fix usage of parameter pcrLog for tss2_quote. pcrLog is an optional
parameter. If pcrLog is not used as parameter currently the pcr log is still
calculated in Fapi_Quote. To avoid this calculation a NULL pointer will be
passed to Fapi_Quote if the parameter pcrLog is not passed. So tss2_quote can
be executed for a user which has no access rights to the files with the
system measurements.
11. import: fix bug on using scheme wherein if scheme is specified in the
template, the openssl load functions clobber the scheme value and set it to
TPM2_ALG_NULL.
12. tools/tpm2_sign and tpm2_verifysignature: fix sm2 sign and verifysignature
bugs : (1.) sm2 sign could not get output signature. (2.) sm2 verify tss
format signature failed.
13. lib/tpm2.c: added workaround for a system api bug where in the flush handle
is erroneously placed in the handle area instead of the parameter area.
14. nvreadpublic: drop ntoh on attributes The attributes get marshalled to
correct endianess by libmu and don’t need to be changed again.
15. Removing unused '-i' option from tpm2_print
16. tpm2_policyor: fix unallocated policy list The TPML_DIGEST policy list was
calloc'd for some reason, however it could just be statically allocated in
the context. The side effect is that when no options or arguments were given
a NPD occured when checking the count of the policy list.
17. tools/tpm2_certify: fix man page for short options and add tests The short
options for the signing-key-auth and certified-key-auth were swapped. The
case fix in the man page makes it less intuitive but have to go through with
the change so that we don't break any existing scripts. This change does not
affect the long options. Tests have been added to ensure the functionality.
CI:
1. ci: add ubuntu-22.04. This also requires the min tpm2-tss version to be at
3.2.0 to support the openSSL major version 3.
2. cirrus.yml: update freebsd version to 13.
PreviousNext