Hello community,
here is the log from the commit of package tboot for openSUSE:Factory checked
in at 2018-10-25 09:11:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tboot (Old)
and /work/SRC/openSUSE:Factory/.tboot.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tboot"
Thu Oct 25 09:11:30 2018 rev:36 rq:644201 version:20170711_1.9.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2018-09-15
15:41:21.192784743 +0200
+++ /work/SRC/openSUSE:Factory/.tboot.new/tboot.changes 2018-10-25
09:11:30.730319613 +0200
@@ -1,0 +2,10 @@
+Wed Oct 24 08:44:04 UTC 2018 - matthias.gerst...@suse.com
+
+- update to new upstream release 1.9.8:
+ - Skip tboot launch error index read/write when ignore prev err option
is true
+ - s3-fix: fix a stack overflow caused by enlarged tb_hash_t union
+ - S3 fix: revert the mis-changed type casting in changeset
522:8e881a07c059
+ - S3-fix: Adding option save_vtd=true to opt-in the vtd table restore
+- rebased patches to match new upstream version
+
+-------------------------------------------------------------------
Old:
----
tboot-1.9.7.tar.gz
New:
----
tboot-1.9.8.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tboot.spec ++++++
--- /var/tmp/diff_new_pack.rKPaqF/_old 2018-10-25 09:11:31.150319362 +0200
+++ /var/tmp/diff_new_pack.rKPaqF/_new 2018-10-25 09:11:31.154319359 +0200
@@ -17,7 +17,7 @@
Name: tboot
-%define ver 1.9.7
+%define ver 1.9.8
Version: 20170711_%{ver}
Release: 0
Summary: Program for performing a verified launch using Intel TXT
++++++ tboot-1.9.7.tar.gz -> tboot-1.9.8.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/.hg_archival.txt
new/tboot-1.9.8/.hg_archival.txt
--- old/tboot-1.9.7/.hg_archival.txt 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/.hg_archival.txt 2018-10-18 06:55:47.000000000 +0200
@@ -1,4 +1,5 @@
repo: cedd93279188334eb41d248d5eb70a41a2bc70ca
-node: fa126d410df0916f0bab32a882349eb401597d5f
+node: bde570f28820ea6cfc4a12fecec9f51e867e28ca
branch: default
-tag: v1.9.7
+latesttag: v1.9.8
+latesttagdistance: 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/.hgtags new/tboot-1.9.8/.hgtags
--- old/tboot-1.9.7/.hgtags 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/.hgtags 2018-10-18 06:55:47.000000000 +0200
@@ -17,3 +17,6 @@
698548a9b9fe6201361d19099100f8eb59fad4f6 v1.9.5
61c17659bb8670e466c3bac8913459848f5f36d5 v1.9.6
11613463d703e203785b2e4dc9447d76530266c4 v1.9.7
+11613463d703e203785b2e4dc9447d76530266c4 v1.9.7
+fa126d410df0916f0bab32a882349eb401597d5f v1.9.7
+dbc7b1d289f848c3d88a9d4694d67fd409f48039 v1.9.8
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/CHANGELOG new/tboot-1.9.8/CHANGELOG
--- old/tboot-1.9.7/CHANGELOG 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/CHANGELOG 2018-10-18 06:55:47.000000000 +0200
@@ -1,3 +1,8 @@
+20181011: v1.9.8
+ Skip tboot launch error index read/write when ignore prev err option
is true
+ s3-fix: fix a stack overflow caused by enlarged tb_hash_t union
+ S3 fix: revert the mis-changed type casting in changeset
522:8e881a07c059
+ S3-fix: Adding option save_vtd=true to opt-in the vtd table restore
20180830: v1.9.7
Fix a lot of issues in tools reported by klocwork scan.
Fix a lot of issues in tboot module reported by klocwork scan.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/README new/tboot-1.9.8/README
--- old/tboot-1.9.7/README 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/README 2018-10-18 06:55:47.000000000 +0200
@@ -315,6 +315,16 @@
setting provides a way to force use of the legacy log format for TPM 2
systems:
force_tpm2_legacy_log=false|true // defaults to false
+o Opt-in the vtd dmar table save/restore process
+ With recent kernel (4.16.3 in fedora28), the acpi table seems changed by
+ kernel. So function restore_vtd_dmar_table() will not work as expected to
+ find the vtd dmar table and restore it in S3 resume, instead, the system
will
+ run into a hang or a reset.
+
+ To solve the S3 issue but still keep vtd dmar table save/restore process for
+ specific case, add below option:
+ save_vtd=false|true // defaults to false
+
PCR Usage:
---------
o Legacy PCR mapping
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/20_linux_tboot
new/tboot-1.9.8/tboot/20_linux_tboot
--- old/tboot-1.9.7/tboot/20_linux_tboot 2018-09-03 10:43:39.000000000
+0200
+++ new/tboot-1.9.8/tboot/20_linux_tboot 2018-10-18 06:55:47.000000000
+0200
@@ -201,7 +201,7 @@
tboot_dirname=`dirname ${current_tboot}`
rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname`
# tboot_version=`echo $tboot_basename | sed -e "s,.gz$,,g;s,^tboot-,,g"`
- tboot_version="1.9.7"
+ tboot_version="1.9.8"
echo "submenu \"tboot ${tboot_version}\" {"
while [ "x$list" != "x" ] ; do
linux=`version_find_latest $list`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/20_linux_xen_tboot
new/tboot-1.9.8/tboot/20_linux_xen_tboot
--- old/tboot-1.9.7/tboot/20_linux_xen_tboot 2018-09-03 10:43:39.000000000
+0200
+++ new/tboot-1.9.8/tboot/20_linux_xen_tboot 2018-10-18 06:55:47.000000000
+0200
@@ -216,7 +216,7 @@
tboot_basename=`basename ${current_tboot}`
tboot_dirname=`dirname ${current_tboot}`
rel_tboot_dirname=`make_system_path_relative_to_its_root
$tboot_dirname`
- tboot_version="1.9.7"
+ tboot_version="1.9.8"
list="${linux_list}"
echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
while [ "x$list" != "x" ] ; do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/Config.mk
new/tboot-1.9.8/tboot/Config.mk
--- old/tboot-1.9.7/tboot/Config.mk 2018-09-03 10:43:39.000000000 +0200
+++ new/tboot-1.9.8/tboot/Config.mk 2018-10-18 06:55:47.000000000 +0200
@@ -33,7 +33,7 @@
CFLAGS += $(call cc-option,$(CC),-fno-stack-check,)
# changeset variable for banner
-CFLAGS += -DTBOOT_CHANGESET=\""$(shell ((hg parents --template
"{isodate|isodate} {rev}:{node|short}" >/dev/null && hg parents --template
"{isodate|isodate} {rev}:{node|short}") || echo "2018-08-30 18:00 +0800 1.9.7")
2>/dev/null)"\"
+CFLAGS += -DTBOOT_CHANGESET=\""$(shell ((hg parents --template
"{isodate|isodate} {rev}:{node|short}" >/dev/null && hg parents --template
"{isodate|isodate} {rev}:{node|short}") || echo "2018-10-18 13:00 +0800 1.9.8")
2>/dev/null)"\"
AFLAGS += -D__ASSEMBLY__
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/common/cmdline.c
new/tboot-1.9.8/tboot/common/cmdline.c
--- old/tboot-1.9.7/tboot/common/cmdline.c 2018-09-03 10:43:39.000000000
+0200
+++ new/tboot-1.9.8/tboot/common/cmdline.c 2018-10-18 06:55:47.000000000
+0200
@@ -86,6 +86,7 @@
{ "extpol", "sha1" }, /*agile|embedded|sha1|sha256|sm3|... */
{ "ignore_prev_err", "true"}, /* true|false */
{ "force_tpm2_legacy_log", "false"}, /* true|false */
+ { "save_vtd", "false"}, /* true|false */
{ NULL, NULL }
};
static char
g_tboot_param_values[ARRAY_SIZE(g_tboot_cmdline_options)][MAX_VALUE_LEN];
@@ -552,6 +553,17 @@
return false;
}
+bool get_tboot_save_vtd(void)
+{
+ const char *save_vtd =
+ get_option_val(g_tboot_cmdline_options,
+ g_tboot_param_values,
+ "save_vtd");
+ if ( save_vtd != NULL && strcmp(save_vtd, "true") == 0 )
+ return true;
+ return false;
+}
+
/*
* linux kernel command line parsing
*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/common/integrity.c
new/tboot-1.9.8/tboot/common/integrity.c
--- old/tboot-1.9.7/tboot/common/integrity.c 2018-09-03 10:43:39.000000000
+0200
+++ new/tboot-1.9.8/tboot/common/integrity.c 2018-10-18 06:55:47.000000000
+0200
@@ -141,7 +141,7 @@
{
/* TPM_Seal can only seal small data (like key or hash), so hash data */
struct __packed {
- tb_hash_t data_hash;
+ sha256_hash_t data_hash;
uint8_t secrets[secrets_size];
} blob;
uint32_t err;
@@ -149,7 +149,7 @@
const struct tpm_if_fp *tpm_fp = get_tpm_fp();
memset(&blob, 0, sizeof(blob));
- if ( !hash_buffer(data, data_size, &blob.data_hash, tpm->cur_alg) ) {
+ if ( !hash_buffer(data, data_size, (tb_hash_t *)&blob.data_hash,
TB_HALG_SHA256) ) {
printk(TBOOT_ERR"failed to hash data\n");
return false;
}
@@ -169,7 +169,7 @@
{
/* sealed data is hash of state data and optional secret */
struct __packed {
- tb_hash_t data_hash;
+ sha256_hash_t data_hash;
uint8_t secrets[secrets_size];
} blob;
bool err = true;
@@ -186,14 +186,14 @@
goto done;
}
- /* verify that (hash of) current data maches sealed hash */
+ /* verify that (hash of) current data matches sealed hash */
tb_hash_t curr_data_hash;
memset(&curr_data_hash, 0, sizeof(curr_data_hash));
- if ( !hash_buffer(curr_data, curr_data_size, &curr_data_hash,
tpm->cur_alg) ) {
+ if ( !hash_buffer(curr_data, curr_data_size, &curr_data_hash,
TB_HALG_SHA256) ) {
printk(TBOOT_WARN"failed to hash state data\n");
goto done;
}
- if ( !are_hashes_equal(&blob.data_hash, &curr_data_hash, tpm->cur_alg) ) {
+ if ( !are_hashes_equal((tb_hash_t *)&blob.data_hash, &curr_data_hash,
TB_HALG_SHA256) ) {
printk(TBOOT_WARN"sealed hash does not match current hash\n");
goto done;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/common/paging.c
new/tboot-1.9.8/tboot/common/paging.c
--- old/tboot-1.9.7/tboot/common/paging.c 2018-09-03 10:43:39.000000000
+0200
+++ new/tboot-1.9.8/tboot/common/paging.c 2018-10-18 06:55:47.000000000
+0200
@@ -178,8 +178,8 @@
for ( i = 0; i < sizeof(pd_table)/TB_L1_PAGETABLE_ENTRIES; i++ ) {
ppdptre = &pdptr_table[i];
- *ppdptre = MAKE_TB_PDPTE((unsigned long)
- pd_table + i * TB_L1_PAGETABLE_ENTRIES);
+ *ppdptre = MAKE_TB_PDPTE((unsigned long)(
+ pd_table + i * TB_L1_PAGETABLE_ENTRIES));
}
/* map serial log address ~ kernel command address */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/common/tb_error.c
new/tboot-1.9.8/tboot/common/tb_error.c
--- old/tboot-1.9.7/tboot/common/tb_error.c 2018-09-03 10:43:39.000000000
+0200
+++ new/tboot-1.9.8/tboot/common/tb_error.c 2018-10-18 06:55:47.000000000
+0200
@@ -49,6 +49,7 @@
#include <tpm.h>
#include <tboot.h>
#include <txt/config_regs.h>
+#include <cmdline.h>
#define TB_LAUNCH_ERR_IDX 0x20000002 /* launch error index */
@@ -145,6 +146,9 @@
memset(error, 0, size);
+ if ( get_tboot_ignore_prev_err() )
+ return true;
+
/* read! */
if ( !tpm_fp->nv_read(tpm, 0, tpm->tb_err_index, 0,
(uint8_t *)error, &size) ) {
@@ -168,6 +172,9 @@
struct tpm_if *tpm = get_tpm();
const struct tpm_if_fp *tpm_fp = get_tpm_fp();
+ if ( get_tboot_ignore_prev_err() )
+ return true;
+
if ( !tpm || !tpm_fp || no_err_idx )
return false;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/common/tboot.c
new/tboot-1.9.8/tboot/common/tboot.c
--- old/tboot-1.9.7/tboot/common/tboot.c 2018-09-03 10:43:39.000000000
+0200
+++ new/tboot-1.9.8/tboot/common/tboot.c 2018-10-18 06:55:47.000000000
+0200
@@ -169,7 +169,8 @@
txt_post_launch();
/* backup DMAR table */
- save_vtd_dmar_table();
+ if ( get_tboot_save_vtd() )
+ save_vtd_dmar_table();
if ( s3_flag )
s3_launch();
@@ -473,7 +474,8 @@
}
/* remove DMAR table if necessary */
- remove_vtd_dmar_table();
+ if ( get_tboot_save_vtd() )
+ remove_vtd_dmar_table();
if ( !is_launched() )
apply_policy(TB_ERR_S3_INTEGRITY);
@@ -591,7 +593,8 @@
if ( _tboot_shared.shutdown_type == TB_SHUTDOWN_S3 ) {
/* restore DMAR table if needed */
- restore_vtd_dmar_table();
+ if ( get_tboot_save_vtd() )
+ restore_vtd_dmar_table();
if ( tpm->major == TPM20_VER_MAJOR ) {
tpm_fp->context_flush(tpm, tpm->cur_loc, handle2048);
tpm_fp->context_load(tpm, tpm->cur_loc, &tpm2_context_saved,
&handle2048);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/common/tpm_20.c
new/tboot-1.9.8/tboot/common/tpm_20.c
--- old/tboot-1.9.7/tboot/common/tpm_20.c 2018-09-03 10:43:39.000000000
+0200
+++ new/tboot-1.9.8/tboot/common/tpm_20.c 2018-10-18 06:55:47.000000000
+0200
@@ -1430,7 +1430,7 @@
cmd_size = (u8 *)other - cmd_buf;
reverse_copy(cmd_buf + CMD_SIZE_OFFSET, &cmd_size, sizeof(cmd_size));
- rsp_size = sizeof(*out);
+ rsp_size = sizeof(rsp_buf);
if (g_tpm_family == TPM_IF_20_FIFO) {
if (!tpm_submit_cmd(locality, cmd_buf, cmd_size, rsp_buf, &rsp_size))
@@ -1799,8 +1799,8 @@
cmd_size = (u8 *)other - cmd_buf;
reverse_copy(cmd_buf + CMD_SIZE_OFFSET, &cmd_size, sizeof(cmd_size));
- rsp_size = sizeof(*out);
-
+ rsp_size = sizeof(rsp_buf);
+
if (g_tpm_family == TPM_IF_20_FIFO) {
if (!tpm_submit_cmd(locality, cmd_buf, cmd_size, rsp_buf, &rsp_size))
return TPM_RC_FAILURE;
@@ -2412,9 +2412,19 @@
create_in.public.t.public_area.param.keyed_hash.scheme.scheme =
TPM_ALG_NULL;
create_in.public.t.public_area.unique.keyed_hash.t.size = 0;
+ COMPILE_TIME_ASSERT( sizeof(auth_str) - 1 <=
+ sizeof(create_in.sensitive.t.sensitive.user_auth.t.buffer) );
create_in.sensitive.t.sensitive.user_auth.t.size = sizeof(auth_str) - 1;
memcpy(&(create_in.sensitive.t.sensitive.user_auth.t.buffer[0]),
auth_str, sizeof(auth_str)-1);
+ if ( in_data_size >
+ sizeof(create_in.sensitive.t.sensitive.data.t.buffer) ) {
+ printk(TBOOT_WARN"TPM: input data size to seal is too large:"
+ " %08X(%08x)\n",
+ in_data_size,
+ sizeof(create_in.sensitive.t.sensitive.data.t.buffer));
+ return false;
+ }
create_in.sensitive.t.sensitive.data.t.size = in_data_size;
memcpy(&(create_in.sensitive.t.sensitive.data.t.buffer[0]),
in_data, in_data_size);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tboot-1.9.7/tboot/include/cmdline.h
new/tboot-1.9.8/tboot/include/cmdline.h
--- old/tboot-1.9.7/tboot/include/cmdline.h 2018-09-03 10:43:39.000000000
+0200
+++ new/tboot-1.9.8/tboot/include/cmdline.h 2018-10-18 06:55:47.000000000
+0200
@@ -56,6 +56,7 @@
extern bool get_tboot_measure_nv(void);
extern void get_tboot_extpol(void);
extern bool get_tboot_force_tpm2_legacy_log(void);
+extern bool get_tboot_save_vtd(void);
/* for parse cmdline of linux kernel, say vga and mem */
extern void linux_parse_cmdline(const char *cmdline);
++++++ tboot-distributor.patch ++++++
--- /var/tmp/diff_new_pack.rKPaqF/_old 2018-10-25 09:11:31.266319292 +0200
+++ /var/tmp/diff_new_pack.rKPaqF/_new 2018-10-25 09:11:31.266319292 +0200
@@ -1,7 +1,7 @@
-Index: tboot-1.9.6/tboot/20_linux_tboot
+Index: tboot-1.9.8/tboot/20_linux_tboot
===================================================================
---- tboot-1.9.6.orig/tboot/20_linux_tboot
-+++ tboot-1.9.6/tboot/20_linux_tboot
+--- tboot-1.9.8.orig/tboot/20_linux_tboot
++++ tboot-1.9.8/tboot/20_linux_tboot
@@ -72,7 +72,7 @@ CLASS="--class gnu-linux --class gnu --c
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
OS=GNU/Linux
@@ -11,10 +11,10 @@
CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr '[A-Z]' '[a-z]' | cut -d' '
-f1) ${CLASS}"
fi
-Index: tboot-1.9.6/tboot/20_linux_xen_tboot
+Index: tboot-1.9.8/tboot/20_linux_xen_tboot
===================================================================
---- tboot-1.9.6.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.9.6/tboot/20_linux_xen_tboot
+--- tboot-1.9.8.orig/tboot/20_linux_xen_tboot
++++ tboot-1.9.8/tboot/20_linux_xen_tboot
@@ -63,7 +63,7 @@ CLASS="--class gnu-linux --class gnu --c
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
OS=GNU/Linux
++++++ tboot-grub2-fix-menu-in-xen-host-server.patch ++++++
--- /var/tmp/diff_new_pack.rKPaqF/_old 2018-10-25 09:11:31.274319288 +0200
+++ /var/tmp/diff_new_pack.rKPaqF/_new 2018-10-25 09:11:31.278319285 +0200
@@ -23,10 +23,10 @@
References: bnc#865815
Porting to tboot in order to fix duplicated xen entries
-Index: tboot-1.9.7/tboot/20_linux_tboot
+Index: tboot-1.9.8/tboot/20_linux_tboot
===================================================================
---- tboot-1.9.7.orig/tboot/20_linux_tboot
-+++ tboot-1.9.7/tboot/20_linux_tboot
+--- tboot-1.9.8.orig/tboot/20_linux_tboot
++++ tboot-1.9.8/tboot/20_linux_tboot
@@ -225,6 +225,49 @@ while [ "x${tboot_list}" != "x" ] && [ "
break
fi
@@ -77,10 +77,10 @@
if test -n "${initrd}" ; then
echo "Found initrd image: ${dirname}/${initrd}" >&2
else
-Index: tboot-1.9.7/tboot/20_linux_xen_tboot
+Index: tboot-1.9.8/tboot/20_linux_xen_tboot
===================================================================
---- tboot-1.9.7.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.9.7/tboot/20_linux_xen_tboot
+--- tboot-1.9.8.orig/tboot/20_linux_xen_tboot
++++ tboot-1.9.8/tboot/20_linux_xen_tboot
@@ -52,6 +52,12 @@ fi
export TEXTDOMAIN=grub
export TEXTDOMAINDIR=${prefix}/share/locale
++++++ tboot-grub2-fix-xen-submenu-name.patch ++++++
--- /var/tmp/diff_new_pack.rKPaqF/_old 2018-10-25 09:11:31.286319281 +0200
+++ /var/tmp/diff_new_pack.rKPaqF/_new 2018-10-25 09:11:31.286319281 +0200
@@ -4,13 +4,13 @@
References: bnc#865815
Patch-Mainline: no
-Index: tboot-1.9.7/tboot/20_linux_xen_tboot
+Index: tboot-1.9.8/tboot/20_linux_xen_tboot
===================================================================
---- tboot-1.9.7.orig/tboot/20_linux_xen_tboot
-+++ tboot-1.9.7/tboot/20_linux_xen_tboot
+--- tboot-1.9.8.orig/tboot/20_linux_xen_tboot
++++ tboot-1.9.8/tboot/20_linux_xen_tboot
@@ -232,7 +232,7 @@ while [ "x${xen_list}" != "x" ] ; do
rel_tboot_dirname=`make_system_path_relative_to_its_root
$tboot_dirname`
- tboot_version="1.9.7"
+ tboot_version="1.9.8"
list="${linux_list}"
- echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
+ echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"
