Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2025-07-17 17:26:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new.8875 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tboot"
Thu Jul 17 17:26:43 2025 rev:52 rq:1294047 version:20250417_1.11.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2025-02-20
16:37:59.352043943 +0100
+++ /work/SRC/openSUSE:Factory/.tboot.new.8875/tboot.changes 2025-07-17
17:26:45.067722072 +0200
@@ -1,0 +2,10 @@
+Wed Jul 16 09:04:58 UTC 2025 - Marcus Meissner <meiss...@suse.com>
+
+- updated to version 20250417: v1.11.10
+ - Fix the issue causing tboot to hang during waking up processors from
+ txt sleep on DMR simics
+- add .gpg signature and tboot.keyring
+- tboot-cet.patch: add a missing ENDBR64 instruction when kernel is
+ using CET (bsc#1246573)
+
+-------------------------------------------------------------------
Old:
----
tboot-1.11.9.tar.gz
New:
----
tboot-1.11.10.tar.gz
tboot-1.11.10.tar.gz.gpg
tboot-cet.patch
tboot.keyring
----------(New B)----------
New:- add .gpg signature and tboot.keyring
- tboot-cet.patch: add a missing ENDBR64 instruction when kernel is
using CET (bsc#1246573)
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tboot.spec ++++++
--- /var/tmp/diff_new_pack.pHyK3l/_old 2025-07-17 17:26:46.299773367 +0200
+++ /var/tmp/diff_new_pack.pHyK3l/_new 2025-07-17 17:26:46.303773534 +0200
@@ -17,14 +17,16 @@
Name: tboot
-%define ver 1.11.9
-Version: 20250219_%{ver}
+%define ver 1.11.10
+Version: 20250417_%{ver}
Release: 0
Summary: Program for performing a verified launch using Intel TXT
License: BSD-3-Clause
Group: Productivity/Security
URL: https://sourceforge.net/projects/tboot/
-Source0:
https://downloads.sourceforge.net/project/tboot/tboot/tboot-%{ver}.tar.gz
+Source0:
https://downloads.sourceforge.net/project/tboot/tboot-%{ver}.tar.gz
+Source2:
https://downloads.sourceforge.net/project/tboot/tboot-%{ver}.tar.gz.gpg
+Source3:
https://downloads.sourceforge.net/project/tboot/tboot-1.11.0-pub-key.key#/tboot.keyring
Source1: tboot.rpmlintrc
Patch1: tboot-grub2-fix-menu-in-xen-host-server.patch
Patch2: tboot-grub2-fix-xen-submenu-name.patch
@@ -32,6 +34,7 @@
Patch4: tboot-grub2-refuse-secure-boot.patch
Patch5: tboot-bsc#1207833-copy-mbi.patch
Patch6: tboot-fix-alloc-size-warning.patch
+Patch7: tboot-cet.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: %{ix86} x86_64
BuildRequires: openssl-devel
++++++ tboot-1.11.9.tar.gz -> tboot-1.11.10.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.11.9/.hg_archival.txt
new/tboot-1.11.10/.hg_archival.txt
--- old/tboot-1.11.9/.hg_archival.txt 2024-10-11 14:55:09.000000000 +0200
+++ new/tboot-1.11.10/.hg_archival.txt 2025-04-17 14:33:11.000000000 +0200
@@ -1,4 +1,4 @@
repo: cedd93279188334eb41d248d5eb70a41a2bc70ca
-node: 93a7c34511548204c2921a5c427085d352e64eb7
+node: 4bf2e38197238a539530eab991244723fb127ba1
branch: default
-tag: v1.11.9
+tag: v1.11.10
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.11.9/.hgtags new/tboot-1.11.10/.hgtags
--- old/tboot-1.11.9/.hgtags 2024-10-11 14:55:09.000000000 +0200
+++ new/tboot-1.11.10/.hgtags 2025-04-17 14:33:11.000000000 +0200
@@ -47,3 +47,7 @@
8a1423750815ecd495b089f78f85271db494ba8f v1.11.7
ba65f5eab8dcf4c7e82960d187d6789a3cfb8e19 v1.11.8
656ba831c3bbf6d9f2a28b00580165afe483df87 v1.11.9
+656ba831c3bbf6d9f2a28b00580165afe483df87 v1.11.9
+0000000000000000000000000000000000000000 v1.11.9
+0000000000000000000000000000000000000000 v1.11.9
+93a7c34511548204c2921a5c427085d352e64eb7 v1.11.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.11.9/CHANGELOG new/tboot-1.11.10/CHANGELOG
--- old/tboot-1.11.9/CHANGELOG 2024-10-11 14:55:09.000000000 +0200
+++ new/tboot-1.11.10/CHANGELOG 2025-04-17 14:33:11.000000000 +0200
@@ -1,3 +1,6 @@
+20250417: v1.11.10
+ Fix the issue causing tboot to hang during waking up processors
from
+ txt sleep on DMR simics
20241011: v1.11.9
Restore call to configure_vtd.
20241004: v1.11.8
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.11.9/tboot/20_linux_tboot
new/tboot-1.11.10/tboot/20_linux_tboot
--- old/tboot-1.11.9/tboot/20_linux_tboot 2024-10-11 14:55:09.000000000
+0200
+++ new/tboot-1.11.10/tboot/20_linux_tboot 2025-04-17 14:33:11.000000000
+0200
@@ -195,7 +195,7 @@
tboot_dirname=`dirname ${current_tboot}`
rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname`
# tboot_version=`echo $tboot_basename | sed -e "s,.gz$,,g;s,^tboot-,,g"`
- tboot_version="1.11.9"
+ tboot_version="1.11.10"
echo "submenu \"tboot ${tboot_version}\" {"
while [ "x$list" != "x" ] ; do
linux=`version_find_latest $list`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.11.9/tboot/20_linux_xen_tboot
new/tboot-1.11.10/tboot/20_linux_xen_tboot
--- old/tboot-1.11.9/tboot/20_linux_xen_tboot 2024-10-11 14:55:09.000000000
+0200
+++ new/tboot-1.11.10/tboot/20_linux_xen_tboot 2025-04-17 14:33:11.000000000
+0200
@@ -230,7 +230,7 @@
tboot_basename=`basename ${current_tboot}`
tboot_dirname=`dirname ${current_tboot}`
rel_tboot_dirname=`make_system_path_relative_to_its_root
$tboot_dirname`
- tboot_version="1.11.9"
+ tboot_version="1.11.10"
list="${linux_list}"
echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
while [ "x$list" != "x" ] ; do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.11.9/tboot/Config.mk
new/tboot-1.11.10/tboot/Config.mk
--- old/tboot-1.11.9/tboot/Config.mk 2024-10-11 14:55:09.000000000 +0200
+++ new/tboot-1.11.10/tboot/Config.mk 2025-04-17 14:33:11.000000000 +0200
@@ -6,8 +6,8 @@
#
# tboot-specific build settings
#
-RELEASEVER := "1.11.9"
-RELEASETIME := "2024-10-11 12:00 +0100"
+RELEASEVER := "1.11.10"
+RELEASETIME := "2025-04-17 16:00 +0100"
ROOTDIR ?= $(CURDIR)/..
# tboot needs too many customized compiler settings to use system CFLAGS,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.11.9/tboot/txt/txt.c
new/tboot-1.11.10/tboot/txt/txt.c
--- old/tboot-1.11.9/tboot/txt/txt.c 2024-10-11 14:55:09.000000000 +0200
+++ new/tboot-1.11.10/tboot/txt/txt.c 2025-04-17 14:33:11.000000000 +0200
@@ -1207,10 +1207,9 @@
return;
}
- printk(TBOOT_INFO"Mutex lock cpu %u\n", cpuid);
mtx_enter(&ap_lock);
- printk(TBOOT_INFO"cpu %u waking up from TXT sleep\n", cpuid);
+ printk(TBOOT_INFO"waking cpu %u\n", cpuid);
/* restore LAPIC base address for AP */
madt_apicbase = (uint64_t)get_madt_apic_base();
@@ -1221,7 +1220,6 @@
}
msr_apicbase = rdmsr(MSR_APICBASE);
if ( madt_apicbase != (msr_apicbase & ~0xFFFULL) ) {
- printk(TBOOT_INFO"cpu %u restore apic base to %llx\n", cpuid,
madt_apicbase);
wrmsr(MSR_APICBASE, (msr_apicbase & 0xFFFULL) | madt_apicbase);
}
@@ -1238,7 +1236,6 @@
apply_policy(TB_ERR_POST_LAUNCH_VERIFICATION);
/* enable SMIs and NMI */
- printk(TBOOT_DETA"enabling SMIs and NMI on cpu %u\n", cpuid);
__getsec_smctrl();
__enable_nmi();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.11.9/tboot/txt/verify.c
new/tboot-1.11.10/tboot/txt/verify.c
--- old/tboot-1.11.9/tboot/txt/verify.c 2024-10-11 14:55:09.000000000 +0200
+++ new/tboot-1.11.10/tboot/txt/verify.c 2025-04-17 14:33:11.000000000
+0200
@@ -673,31 +673,19 @@
apicbase = rdmsr(MSR_APICBASE);
if ( apicbase & APICBASE_BSP ) {
ilp_smm_mon_ctl = smm_mon_ctl;
- printk(TBOOT_DETA"MSR for SMM monitor control on BSP is 0x%Lx.\n",
- ilp_smm_mon_ctl);
/* verify ILP's MSEG == TXT.MSEG.BASE */
- printk(TBOOT_INFO"verifying ILP is opt-out "
- "or has the same MSEG header with TXT.MSEG.BASE\n\t");
if ( !verify_mseg(ilp_smm_mon_ctl) ) {
- printk(TBOOT_ERR" : failed.\n");
+ printk(TBOOT_ERR"verifying ILP is opt-out or has the same MSEG
header with TXT.MSEG.BASE failed.\n");
return false;
}
- printk(TBOOT_INFO" : succeeded.\n");
}
else {
- printk(TBOOT_DETA"MSR for SMM monitor control on cpu %u is 0x%Lx\n",
- cpuid, smm_mon_ctl);
-
/* verify ILP's SMM MSR == RLP's SMM MSR */
- printk(TBOOT_INFO"verifying ILP's MSR_IA32_SMM_MONITOR_CTL with cpu
%u\n\t",
- cpuid);
if ( smm_mon_ctl != ilp_smm_mon_ctl ) {
- printk(TBOOT_ERR" : failed.\n");
+ printk(TBOOT_ERR" : verifying ILP's MSR_IA32_SMM_MONITOR_CTL with
cpu %u failed.\n", cpuid);
return false;
}
- printk(TBOOT_INFO" : succeeded.\n");
-
/* since the RLP's MSR is the same. No need to verify MSEG header */
}
++++++ tboot-cet.patch ++++++
Index: tboot-1.11.10/tboot/common/shutdown.S
===================================================================
--- tboot-1.11.10.orig/tboot/common/shutdown.S
+++ tboot-1.11.10/tboot/common/shutdown.S
@@ -116,6 +116,7 @@ shutdown_entry32:
*/
ENTRY(shutdown_entry)
.code64
+ endbr64
cli
wbinvd
++++++ tboot-grub2-fix-xen-submenu-name.patch ++++++
--- /var/tmp/diff_new_pack.pHyK3l/_old 2025-07-17 17:26:46.535783193 +0200
+++ /var/tmp/diff_new_pack.pHyK3l/_new 2025-07-17 17:26:46.539783360 +0200
@@ -4,13 +4,13 @@
References: bnc#865815
Patch-Mainline: no
-Index: tboot-1.11.9/tboot/20_linux_xen_tboot
+Index: tboot-1.11.10/tboot/20_linux_xen_tboot
===================================================================
---- tboot-1.11.9.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.11.9/tboot/20_linux_xen_tboot
+--- tboot-1.11.10.orig/tboot/20_linux_xen_tboot
++++ tboot-1.11.10/tboot/20_linux_xen_tboot
@@ -246,7 +246,7 @@ while [ "x${xen_list}" != "x" ] ; do
rel_tboot_dirname=`make_system_path_relative_to_its_root
$tboot_dirname`
- tboot_version="1.11.9"
+ tboot_version="1.11.10"
list="${linux_list}"
- echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
+ echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"
