Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tboot for openSUSE:Factory checked in at 2025-07-17 17:26:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tboot (Old) and /work/SRC/openSUSE:Factory/.tboot.new.8875 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tboot" Thu Jul 17 17:26:43 2025 rev:52 rq:1294047 version:20250417_1.11.10 Changes: -------- --- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2025-02-20 16:37:59.352043943 +0100 +++ /work/SRC/openSUSE:Factory/.tboot.new.8875/tboot.changes 2025-07-17 17:26:45.067722072 +0200 @@ -1,0 +2,10 @@ +Wed Jul 16 09:04:58 UTC 2025 - Marcus Meissner <meiss...@suse.com> + +- updated to version 20250417: v1.11.10 + - Fix the issue causing tboot to hang during waking up processors from + txt sleep on DMR simics +- add .gpg signature and tboot.keyring +- tboot-cet.patch: add a missing ENDBR64 instruction when kernel is + using CET (bsc#1246573) + +------------------------------------------------------------------- Old: ---- tboot-1.11.9.tar.gz New: ---- tboot-1.11.10.tar.gz tboot-1.11.10.tar.gz.gpg tboot-cet.patch tboot.keyring ----------(New B)---------- New:- add .gpg signature and tboot.keyring - tboot-cet.patch: add a missing ENDBR64 instruction when kernel is using CET (bsc#1246573) ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tboot.spec ++++++ --- /var/tmp/diff_new_pack.pHyK3l/_old 2025-07-17 17:26:46.299773367 +0200 +++ /var/tmp/diff_new_pack.pHyK3l/_new 2025-07-17 17:26:46.303773534 +0200 @@ -17,14 +17,16 @@ Name: tboot -%define ver 1.11.9 -Version: 20250219_%{ver} +%define ver 1.11.10 +Version: 20250417_%{ver} Release: 0 Summary: Program for performing a verified launch using Intel TXT License: BSD-3-Clause Group: Productivity/Security URL: https://sourceforge.net/projects/tboot/ -Source0: https://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz +Source0: https://downloads.sourceforge.net/project/tboot/tboot-%{ver}.tar.gz +Source2: https://downloads.sourceforge.net/project/tboot/tboot-%{ver}.tar.gz.gpg +Source3: https://downloads.sourceforge.net/project/tboot/tboot-1.11.0-pub-key.key#/tboot.keyring Source1: tboot.rpmlintrc Patch1: tboot-grub2-fix-menu-in-xen-host-server.patch Patch2: tboot-grub2-fix-xen-submenu-name.patch @@ -32,6 +34,7 @@ Patch4: tboot-grub2-refuse-secure-boot.patch Patch5: tboot-bsc#1207833-copy-mbi.patch Patch6: tboot-fix-alloc-size-warning.patch +Patch7: tboot-cet.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: %{ix86} x86_64 BuildRequires: openssl-devel ++++++ tboot-1.11.9.tar.gz -> tboot-1.11.10.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.11.9/.hg_archival.txt new/tboot-1.11.10/.hg_archival.txt --- old/tboot-1.11.9/.hg_archival.txt 2024-10-11 14:55:09.000000000 +0200 +++ new/tboot-1.11.10/.hg_archival.txt 2025-04-17 14:33:11.000000000 +0200 @@ -1,4 +1,4 @@ repo: cedd93279188334eb41d248d5eb70a41a2bc70ca -node: 93a7c34511548204c2921a5c427085d352e64eb7 +node: 4bf2e38197238a539530eab991244723fb127ba1 branch: default -tag: v1.11.9 +tag: v1.11.10 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.11.9/.hgtags new/tboot-1.11.10/.hgtags --- old/tboot-1.11.9/.hgtags 2024-10-11 14:55:09.000000000 +0200 +++ new/tboot-1.11.10/.hgtags 2025-04-17 14:33:11.000000000 +0200 @@ -47,3 +47,7 @@ 8a1423750815ecd495b089f78f85271db494ba8f v1.11.7 ba65f5eab8dcf4c7e82960d187d6789a3cfb8e19 v1.11.8 656ba831c3bbf6d9f2a28b00580165afe483df87 v1.11.9 +656ba831c3bbf6d9f2a28b00580165afe483df87 v1.11.9 +0000000000000000000000000000000000000000 v1.11.9 +0000000000000000000000000000000000000000 v1.11.9 +93a7c34511548204c2921a5c427085d352e64eb7 v1.11.9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.11.9/CHANGELOG new/tboot-1.11.10/CHANGELOG --- old/tboot-1.11.9/CHANGELOG 2024-10-11 14:55:09.000000000 +0200 +++ new/tboot-1.11.10/CHANGELOG 2025-04-17 14:33:11.000000000 +0200 @@ -1,3 +1,6 @@ +20250417: v1.11.10 + Fix the issue causing tboot to hang during waking up processors from + txt sleep on DMR simics 20241011: v1.11.9 Restore call to configure_vtd. 20241004: v1.11.8 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.11.9/tboot/20_linux_tboot new/tboot-1.11.10/tboot/20_linux_tboot --- old/tboot-1.11.9/tboot/20_linux_tboot 2024-10-11 14:55:09.000000000 +0200 +++ new/tboot-1.11.10/tboot/20_linux_tboot 2025-04-17 14:33:11.000000000 +0200 @@ -195,7 +195,7 @@ tboot_dirname=`dirname ${current_tboot}` rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` # tboot_version=`echo $tboot_basename | sed -e "s,.gz$,,g;s,^tboot-,,g"` - tboot_version="1.11.9" + tboot_version="1.11.10" echo "submenu \"tboot ${tboot_version}\" {" while [ "x$list" != "x" ] ; do linux=`version_find_latest $list` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.11.9/tboot/20_linux_xen_tboot new/tboot-1.11.10/tboot/20_linux_xen_tboot --- old/tboot-1.11.9/tboot/20_linux_xen_tboot 2024-10-11 14:55:09.000000000 +0200 +++ new/tboot-1.11.10/tboot/20_linux_xen_tboot 2025-04-17 14:33:11.000000000 +0200 @@ -230,7 +230,7 @@ tboot_basename=`basename ${current_tboot}` tboot_dirname=`dirname ${current_tboot}` rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` - tboot_version="1.11.9" + tboot_version="1.11.10" list="${linux_list}" echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{" while [ "x$list" != "x" ] ; do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.11.9/tboot/Config.mk new/tboot-1.11.10/tboot/Config.mk --- old/tboot-1.11.9/tboot/Config.mk 2024-10-11 14:55:09.000000000 +0200 +++ new/tboot-1.11.10/tboot/Config.mk 2025-04-17 14:33:11.000000000 +0200 @@ -6,8 +6,8 @@ # # tboot-specific build settings # -RELEASEVER := "1.11.9" -RELEASETIME := "2024-10-11 12:00 +0100" +RELEASEVER := "1.11.10" +RELEASETIME := "2025-04-17 16:00 +0100" ROOTDIR ?= $(CURDIR)/.. # tboot needs too many customized compiler settings to use system CFLAGS, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.11.9/tboot/txt/txt.c new/tboot-1.11.10/tboot/txt/txt.c --- old/tboot-1.11.9/tboot/txt/txt.c 2024-10-11 14:55:09.000000000 +0200 +++ new/tboot-1.11.10/tboot/txt/txt.c 2025-04-17 14:33:11.000000000 +0200 @@ -1207,10 +1207,9 @@ return; } - printk(TBOOT_INFO"Mutex lock cpu %u\n", cpuid); mtx_enter(&ap_lock); - printk(TBOOT_INFO"cpu %u waking up from TXT sleep\n", cpuid); + printk(TBOOT_INFO"waking cpu %u\n", cpuid); /* restore LAPIC base address for AP */ madt_apicbase = (uint64_t)get_madt_apic_base(); @@ -1221,7 +1220,6 @@ } msr_apicbase = rdmsr(MSR_APICBASE); if ( madt_apicbase != (msr_apicbase & ~0xFFFULL) ) { - printk(TBOOT_INFO"cpu %u restore apic base to %llx\n", cpuid, madt_apicbase); wrmsr(MSR_APICBASE, (msr_apicbase & 0xFFFULL) | madt_apicbase); } @@ -1238,7 +1236,6 @@ apply_policy(TB_ERR_POST_LAUNCH_VERIFICATION); /* enable SMIs and NMI */ - printk(TBOOT_DETA"enabling SMIs and NMI on cpu %u\n", cpuid); __getsec_smctrl(); __enable_nmi(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tboot-1.11.9/tboot/txt/verify.c new/tboot-1.11.10/tboot/txt/verify.c --- old/tboot-1.11.9/tboot/txt/verify.c 2024-10-11 14:55:09.000000000 +0200 +++ new/tboot-1.11.10/tboot/txt/verify.c 2025-04-17 14:33:11.000000000 +0200 @@ -673,31 +673,19 @@ apicbase = rdmsr(MSR_APICBASE); if ( apicbase & APICBASE_BSP ) { ilp_smm_mon_ctl = smm_mon_ctl; - printk(TBOOT_DETA"MSR for SMM monitor control on BSP is 0x%Lx.\n", - ilp_smm_mon_ctl); /* verify ILP's MSEG == TXT.MSEG.BASE */ - printk(TBOOT_INFO"verifying ILP is opt-out " - "or has the same MSEG header with TXT.MSEG.BASE\n\t"); if ( !verify_mseg(ilp_smm_mon_ctl) ) { - printk(TBOOT_ERR" : failed.\n"); + printk(TBOOT_ERR"verifying ILP is opt-out or has the same MSEG header with TXT.MSEG.BASE failed.\n"); return false; } - printk(TBOOT_INFO" : succeeded.\n"); } else { - printk(TBOOT_DETA"MSR for SMM monitor control on cpu %u is 0x%Lx\n", - cpuid, smm_mon_ctl); - /* verify ILP's SMM MSR == RLP's SMM MSR */ - printk(TBOOT_INFO"verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu %u\n\t", - cpuid); if ( smm_mon_ctl != ilp_smm_mon_ctl ) { - printk(TBOOT_ERR" : failed.\n"); + printk(TBOOT_ERR" : verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu %u failed.\n", cpuid); return false; } - printk(TBOOT_INFO" : succeeded.\n"); - /* since the RLP's MSR is the same. No need to verify MSEG header */ } ++++++ tboot-cet.patch ++++++ Index: tboot-1.11.10/tboot/common/shutdown.S =================================================================== --- tboot-1.11.10.orig/tboot/common/shutdown.S +++ tboot-1.11.10/tboot/common/shutdown.S @@ -116,6 +116,7 @@ shutdown_entry32: */ ENTRY(shutdown_entry) .code64 + endbr64 cli wbinvd ++++++ tboot-grub2-fix-xen-submenu-name.patch ++++++ --- /var/tmp/diff_new_pack.pHyK3l/_old 2025-07-17 17:26:46.535783193 +0200 +++ /var/tmp/diff_new_pack.pHyK3l/_new 2025-07-17 17:26:46.539783360 +0200 @@ -4,13 +4,13 @@ References: bnc#865815 Patch-Mainline: no -Index: tboot-1.11.9/tboot/20_linux_xen_tboot +Index: tboot-1.11.10/tboot/20_linux_xen_tboot =================================================================== ---- tboot-1.11.9.orig/tboot/20_linux_xen_tboot -+++ tboot-1.11.9/tboot/20_linux_xen_tboot +--- tboot-1.11.10.orig/tboot/20_linux_xen_tboot ++++ tboot-1.11.10/tboot/20_linux_xen_tboot @@ -246,7 +246,7 @@ while [ "x${xen_list}" != "x" ] ; do rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname` - tboot_version="1.11.9" + tboot_version="1.11.10" list="${linux_list}" - echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{" + echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"