Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: evmctl | Distribution: SUSE Linux Enterprise 15 |
Version: 1.4 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: 150400.1.5 | Build date: Sun May 8 00:45:10 2022 |
Group: System/Kernel | Build host: ibs-power9-13 |
Size: 141599 | Source RPM: ima-evm-utils-1.4-150400.1.5.src.rpm |
Packager: https://www.suse.com/ | |
Url: http://sourceforge.net/projects/linux-ima/ | |
Summary: IMA/EVM signing utility |
The evmctl utility can be used for producing and verifying digital signatures, which are used by Linux kernel integrity subsystem (IMA/EVM). It can be also used to import keys into the kernel keyring.
LGPL-2.1-or-later
* Fri Nov 05 2021 [email protected] - Update to version 1.4 * Elliptic curve support and tests * PKCS11 support and tests * Ability to manually specify the keyid included in the IMA xattr * Improve IMA measurement list per TPM bank verification * Linking with IBM TSS * Set default hash algorithm in package configuration * (Minimal) support and test EVM portable signatures * CI testing: * Refresh and include new distros * Podman support * GitHub Actions * Limit "sudo" usage * Misc bug fixes and code cleanup * Fix static analysis bug reports, memory leaks * Remove experimental code that was never upstreamed in the kernel * Use unsigned variable, remove unused variables, etc - Upstream bumped soname to 3.0.0 * Thu Oct 29 2020 [email protected] - Update to version 1.3.2 * Bugfixes: importing keys * NEW: Docker based travis distro testing * Travis bugfixes, code cleanup, software version update, and script removal * Initial travis testing - Remove 0001-help-Add-missing-new-line-for-ignore-violations.patch (patch from this release) - Add make check + dependencies (getfattr => attr, xxd => vim) * Thu Oct 01 2020 [email protected] - Fix missing new line in help (0001-help-Add-missing-new-line-for-ignore-violations.patch) * Fri Aug 14 2020 [email protected] - Update to version 1.3.1 * "--pcrs" support for per crypto algorithm * Drop/rename "ima_measurement" options * Moved this summary from "Changelog" to "NEWS", removing requirement for GNU empty files * Distro build fixes * Remove 0001-pcr_tss-Fix-compilation-for-old-compilers.patch (from this release) * Thu Jul 23 2020 [email protected] - Use %autosetup -p1 * Wed Jul 22 2020 [email protected] - Remove suse_version check for tpm2-0-tss-devel as the package is available for back as far as SLE 12 SP2 and respective openSUSE versions (also check was wrong, should have been 1500). * Wed Jul 22 2020 [email protected] - Fixes from previous SR (reported by fvogt): * Move ibmtss runtime dependency to evmctl package * Remove dependencies to devel package (should not be needed) * Wed Jul 22 2020 [email protected] - Update to version 1.3 version 1.3 new features: * NEW ima-evm-utils regression test infrastructure with two initial tests: - ima_hash.test: calculate/verify different crypto hash algorithms - sign_verify.test: EVM and IMA sign/verify signature tests * TPM 2.0 support - Calculate the new per TPM 2.0 bank template data digest - Support original padding the SHA1 template data digest - Compare ALL the re-calculated TPM 2.0 bank PCRs against the TPM 2.0 bank PCR values - Calculate the per TPM bank "boot_aggregate" values, including PCRs 8 & 9 in calculation - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS - boot_aggregate.test: compare the calculated "boot_aggregate" values with the "boot_aggregate" value included in the IMA measurement. * TPM 1.2 support - Additionally support reading the TPM 1.2 PCRs from a supplied file ("--pcrs" option) * Based on original IMA LTP and standalone version support - Calculate the TPM 1.2 "boot_aggregate" based on the exported TPM 1.2 BIOS event log. - In addition to verifying the IMA measurement list against the the TPM PCRs, verify the IMA template data digest against the template data. (Based on LTP "--verify" option.) - Ignore file measurement violations while verifying the IMA measurment list. (Based on LTP "--validate" option.) - Verify the file data signature included in the measurement list based on the file hash also included in the measurement list (--verify-sig) - Support original "ima" template (mixed templates not supported) * Support "sm3" crypto name Bug fixes and code cleanup: * Don't exit with -1 on failure, exit with 125 * On signature verification failure, include pathname. * Provide minimal hash_info.h file in case one doesn't exist, needed by the ima-evm-utils regression tests. * On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs * Fix hash_algo type comparison mismatch * Simplify/clean up code * Address compiler complaints and failures * Fix memory allocations and leaks * Sanity check provided input files are regular files * Revert making "tsspcrread" a compile build time decision. * Limit additional messages based on log level (-v) - Add patch 0001-pcr_tss-Fix-compilation-for-old-compilers.patch - Upstream bumped soname to 2.0.0 - Add tpm2-0-tss-devel for Tumbleweed as build dependency, for the rest ibmtss as runtime dependency (needed for for reading PCR in ima_boot_aggregate cmd; better to use libtss2-esys and libtss2-rc than require tsspcrread binary in runtime, but tpm2-0-tss-devel is available only for Tumbleweed) + the same logic as runtime dependency for devel package - Mark COPYING as %license * Tue Jul 30 2019 [email protected] - Update to version 1.2.1 (included changes of unreleased v1.2) version 1.2 new features: * Generate EVM signatures based on the specified hash algorithm * include "security.apparmor" in EVM signature * Add support for writing & verifying "user.xxxx" xattrs for testing * Support Strebog/Gost hash functions * Add OpenSSL engine support * Use of EVP_PKEY OpenSSL API to generate/verify v2 signatures * Support verifying multiple signatures at once * Support new template "buf" field and warn about other unknown fields * Improve OpenSSL error reporting * Support reading TPM 2.0 PCRs using tsspcrread Bug fixes and code cleanup: * Update manpage stylesheet detection * Fix xattr.h include file * On error when reading TPM PCRs, don't log gargabe * Properly return keyid string to calc_keyid_v1/v2 callers, caused by limiting keyid output to verbose mode * Fix hash buffer overflow caused by EVM support for larger hashes, defined MAX_DIGEST_SIZE and MAX_SIGNATURE_SIZE, and added "asserts". * Linked with libcrypto instead of OpenSSL * Updated Autotools, replacing INCLUDES with AM_CPPFLAGS * Include new "hash-info.gen" in tar * Log the hash algorithm, not just the hash value * Fixed memory leaks in: EV_MD_CTX, init_public_keys * Fixed other warnings/bugs discovered by clang, coverity * Remove indirect calls in verify_hash() to improve code readability * Don't fallback to using sha1 * Namespace some too generic object names * Make functions/arrays static if possible - Upstream bumped soname to 1.0.0 in v1.2 - Drop ima-evm-utils-xattr.patch and ima-evm-utils-fix-docbook-xsl-directory.patch (included in v1.2) * Wed Sep 12 2018 [email protected] - ima-evm-utils-xattr.patch: xattr.h is now libattr.h * Fri Mar 16 2018 [email protected] - Update to version 1.1 * Support the new openssl 1.1 api * Support for validating multiple pcrs * Verify the measurement list signature based on the list digest * Verify the "ima-sig" measurement list using multiple keys * Fixed parsing the measurement template data field length * Portable & immutable EVM signatures (new format) * Multiple fixes that have been lingering in the next branch. Some are for experimental features that are not yet supported in the kernel. - Drop ima-evm-utils-openssl1.patch (not needed any more as IMA got backward compatible support for openssl 1.1). * Tue Nov 21 2017 [email protected] - Small spec file cleanup with spec-cleaner * Wed Nov 08 2017 [email protected] - ima-evm-utils-openssl1.patch: allow building against openssl 1.1 (bsc#1066947) * Mon Oct 23 2017 [email protected] - added openssl-devel dependency to ima-evm-utils-devel. otherwise the ima header can't be included if the openssl headers are missing * Sat Oct 14 2017 [email protected] - No need to remove .a files which don't exist. - Drop extraneous ldconfig call on preun. - Update RPM groups and descriptions. * Fri Oct 13 2017 [email protected] - ima-evm-utils-fix-docbook-xsl-directory.patch: adjusted to refer to the "current" version of stylesheet to make the build work again - adjusted spec file to apply stylesheet patch to SLE12 as well * Mon May 08 2017 [email protected] - Add ima-evm-utils to SLES. (FATE#321603) * Tue Jan 19 2016 [email protected] - ima-evm-utils-fix-docbook-xsl-directory.patch: fixed the nwalsh docbook directory again * Wed Dec 02 2015 [email protected] - Update to version 1.0 * Recursive hashing * Immutable EVM signatures (experimental) * Command 'ima_clear' to remove xattrs * Support for passing password to the library * Support for asking password safely from the user * Wed Jan 21 2015 [email protected] - Update to version 0.9 * Updated README * man page generated and added to the package * Use additional SMACK xattrs for EVM signature generation * Signing functions moved to libimaevm for external use (RPM) * Fixed setting of correct hash header - Add additional requirements; asciidoc, docbook-xsl-stylesheets, libattr-devel and libxslt-tools - Remove COPYING from sources; upstream provides one now - Remove automake.patch; "test" directory isn't provided by upstream anymore - Remove ima-evm-utils-xattr.patch; libimaevm0 does link against libattr now - Split package in three subpackage * libimaevm0: contains shared library * -devel: contains header and examples files * evmctl: the kernel signing tool - Add ima-evm-utils-fix-docbook-xsl-directory.patch; fix path where Make is looking for docbook.xsl
/usr/bin/evmctl /usr/share/man/man1/evmctl.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 17:57:49 2024