)]}' { "log": [ { "commit": "5a89ef3d57e9f6b835233e343a3ca26b215114b4", "tree": "ac9b80b2346f42fefd0a34b1b9996ae069842f50", "parents": [ "6a01b548bc3d49f795cfab80418dd1e195deb239" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Mar 13 10:03:15 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu May 07 08:40:28 2026 -0400" }, "message": "swtpm: Use TPMPROP_TPM2_BUFFER_MAX when using a libtpms v0.11 TPM 2\n\nTo query for the buffer size, use the TPMPROP_TPM2_BUFFER_MAX when\nusing a TPM 2. This is a new property introduced in libtpms v0.11.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "6a01b548bc3d49f795cfab80418dd1e195deb239", "tree": "ae10c808a736fdedce6a22d5f186b112cd5af990", "parents": [ "74f272e337da2c2aa209140df85ddd43a285a2d9" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Mar 18 09:18:31 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu May 07 08:40:28 2026 -0400" }, "message": "build-sys: Add dependency on libtpms v0.11\n\nRequire that libtpms v0.11 is installed. It\u0027s needed for new enums and\ndefines.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "74f272e337da2c2aa209140df85ddd43a285a2d9", "tree": "363aa219a5679d620048d1f9db212486e1c9b084", "parents": [ "a115055450a31a62680ef3f7264765c386ab04d8" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed May 06 09:42:03 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed May 06 10:22:22 2026 -0400" }, "message": "debian/rpm: Add openssl as dependent package\n\nswtpm_localca and swtpm-create-tpmca now depend on openssl command line\ntool, so add it as a dependency for the swtpm-tools and\nswtpm-tools-pkcs11 packages.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "a115055450a31a62680ef3f7264765c386ab04d8", "tree": "0f1eb7da4bf3743a938f98accfe20b0740d659f2", "parents": [ "5804f19649698a4f00a595ab4ddc2bdc2bda7da4" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue May 05 18:36:27 2026 +0000" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed May 06 08:09:04 2026 -0400" }, "message": "build-sys: Remove checking for GnuTLS and certtool\n\nRemove the checks for GnuTLS and certtool from the build system now that\ncerttool is not used anymore.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "5804f19649698a4f00a595ab4ddc2bdc2bda7da4", "tree": "2dda5d33dc531a3ab0b9d972d1c811b3603b9fb5", "parents": [ "896f19bc49954d43b7f5e3b54502e72810ca1b74" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue May 05 15:46:34 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed May 06 08:09:04 2026 -0400" }, "message": "debian/rpm: Remove gnutls-utils/gnutls-bin dependency where possible\n\nRemove the dependency on the gnutls utilities package where possible.\nswtpm_localca does not need certtool anymore but sample/swtpm-create-tpmca\nstill needs p11tool from gnutls-utils.\n\nrpm:\n- tools-pkcs11 may keep the dependency due to dependency on p11tool\n\ndebian:\n- swtpm-create-tpmca is not packaged\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "896f19bc49954d43b7f5e3b54502e72810ca1b74", "tree": "a03e8bd014077901a9c2b98826c074d82f4c8c1f", "parents": [ "ee977b9eec5a8565eaf1e7de1e8cbb3755b58bac" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue May 05 17:39:36 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed May 06 08:09:04 2026 -0400" }, "message": "tests: Skip tests if p11tool is not found in PATH\n\nRather than keeping gnutls-utils/gnutls-bin as a hard dependency, have\ntest cases check for for availability of p11tool and skip the tests if\nthe tool cannot be found.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "ee977b9eec5a8565eaf1e7de1e8cbb3755b58bac", "tree": "24a5448bb93d8ffc0307a059d0068db2f61402ee", "parents": [ "a5de646f9acd4a5aa2b4895c1308873ea5f2ccb1" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue May 05 13:36:08 2026 +0000" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed May 06 08:09:04 2026 -0400" }, "message": "samples: Remove usage of certtool from swtpm-create-tpmca\n\nRemove the usage of certtool from swtpm-create-tpmca and use openssl\ninstead.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "a5de646f9acd4a5aa2b4895c1308873ea5f2ccb1", "tree": "922f23219a530d9b04e71a01cc387187b466fce0", "parents": [ "1106f2c98acb371a8cb80a19e62292057b81d9ee" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue May 05 16:54:50 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue May 05 17:19:48 2026 -0400" }, "message": "docs: Remove expect and trousers as packages to install\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "1106f2c98acb371a8cb80a19e62292057b81d9ee", "tree": "24df1fca0981dd1a6801b9272d4a269eb1053ebc", "parents": [ "55b986226a42ea3bc49341c6bd5f867961b8591a" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue May 05 16:53:54 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue May 05 17:19:48 2026 -0400" }, "message": "debian/rpm: Remove expect and trousers packages as dependencies\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "55b986226a42ea3bc49341c6bd5f867961b8591a", "tree": "652ac70fcad3678807221b8bde6351e506fdb61f", "parents": [ "23b9b678801c3ae1e5ea38db1bf1f7bc1d2aaacf" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue May 05 16:49:29 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue May 05 17:19:48 2026 -0400" }, "message": "CI: Do not install expect package anymore\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "23b9b678801c3ae1e5ea38db1bf1f7bc1d2aaacf", "tree": "8758387c9d04f7d774f90214ab627cef8d605f66", "parents": [ "a4f5c7563797bcfce80140831495e053647f6c2c" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue May 05 16:15:12 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue May 05 17:19:48 2026 -0400" }, "message": "man: Remove reference to TPM 1.2 tcsd from swtpm-local.conf page\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "a4f5c7563797bcfce80140831495e053647f6c2c", "tree": "4c0b423f2ac95d151ef5ad2fecc9b9257d137fc4", "parents": [ "0a1efc5b7967ab5e99e22032977f23a8326c4c90" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue May 05 16:15:54 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue May 05 17:19:48 2026 -0400" }, "message": "build-sys: Remove checks for TPM 1.2 tcsd from build system\n\nSince TPM 1.2 tcsd is not available anymore, have_tcsd will always be \u0027no\u0027.\nRemove all the code around have_tcsd.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "0a1efc5b7967ab5e99e22032977f23a8326c4c90", "tree": "1cbfb8730c625af54f8a79d5ae827dc073ea7c37", "parents": [ "ec2fdc0e15f8b91605385ae9c838e430026d6653" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue May 05 16:25:55 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue May 05 17:19:48 2026 -0400" }, "message": "tests: Pass --disable-tests when building swtpm across versions\n\nOlder versions of swtpm require the expect package to be installed, but we\ndo not need it anymore and will get rid of it. Pass --disable-tests when\nbuilding older versions of swtpm to avoid the older build scripts to check\nwhether \u0027expect\u0027 is installed -- which may not be the case anymore.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "ec2fdc0e15f8b91605385ae9c838e430026d6653", "tree": "cc07628d60f972fd3d55f45ce2dd2c48b1436724", "parents": [ "846fcd7fee8f3c928b074dfd7cd219236e0ab373" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue May 05 18:05:57 2026 +0000" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue May 05 14:19:08 2026 -0400" }, "message": "man: Remove paragraph about certtool from swtpm_localca man page\n\nSince certtool is not used anymore by swtpm_localca, remove the paragraph\nrelated to it from the man page.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "846fcd7fee8f3c928b074dfd7cd219236e0ab373", "tree": "91c1e780b168f02544df0135fa54cdaf52ae899c", "parents": [ "7ff85f3ccb503c454a07ae6c76e265b1c48ea5b6" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue May 05 14:07:44 2026 +0000" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue May 05 13:41:20 2026 -0400" }, "message": "swtpm_localca: Replace certtool with openssl for creating CAs\n\nUse openssl CLI tool now for creating the local root and intermediate CAs.\n\nCreate the CAs with an RSA-3072 key for as long as OpenSSL \u003e\u003d v3.5 is not\nrequired.\n\nAdjust one test case to have a longer password since openssl requirew at\nleast 4 characters for a key password.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "7ff85f3ccb503c454a07ae6c76e265b1c48ea5b6", "tree": "9d7bd745e4c147c708d9331bcbc893a4d90ce778", "parents": [ "60daa0b0d00d8cb4af0d959477278876ede19346" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Mon May 04 14:57:38 2026 +0000" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon May 04 14:17:03 2026 -0400" }, "message": "swtpm_setup: Use extra long timeouts for all 4096 byte RSA keys\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "60daa0b0d00d8cb4af0d959477278876ede19346", "tree": "891ef982992c8303bdb5113c8d12195dac39e408", "parents": [ "6770d72e1554a62cc9b5572f4b6ecb4a9efd7086" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 28 14:36:34 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue Apr 28 20:40:58 2026 -0400" }, "message": "tests: Test verification and encryption with state from libtpms v0.9 and v0.10\n\nExtend an existing test case using the IBM TSS2 tools and add state created\nwith libtpms v0.9 and v0.10 that contains signing and encryption primary\nkeys. Use the keys to verify a signature created by those versions of\nlibtpms and data encrypted by them to make sure that primary keys that are\nrecreated with later versions of libtpms still create the same primary\nkeys.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "6770d72e1554a62cc9b5572f4b6ecb4a9efd7086", "tree": "176a2fcc8eae55defdb5398843271b6acf78cafb", "parents": [ "b6dc44a59b4dd27d0ef89c4ff9b3f8d3b1299fdd" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Mon Aug 21 17:58:36 2023 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Apr 23 15:43:40 2026 -0400" }, "message": "swtpm_setup: Create IAK hwSerialNum from data extracted from EK certificate\n\nCreate the IAK hwSerialNum from the authority key identifier (AKID) and\nserial number extracted from the EK certificate.\n\nAdjust a test script that now needs to use a valid certificate for the EK\nso that we can get the AKID and serial from it to create the serial number\nfor the IAK certificate.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "b6dc44a59b4dd27d0ef89c4ff9b3f8d3b1299fdd", "tree": "98ec82eee35de831d8993e5d0107f254e603eceb", "parents": [ "493573961896d9e11b4c5b3051744d607b199fb0" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Aug 17 23:43:43 2023 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Apr 23 15:43:40 2026 -0400" }, "message": "swtpm_setup: Add support for creating IAK and IDevID keys and certificates\n\nExtend swtpm_setup to create IAK and IDevID keys and certificates using\ncommand line options --iakkeyalgo and --idevidkeyalgo to choose the\nkey algorithms for those types of keys.\n\nUse the same CA for signing the IAK and IDevID certificates as used for\nthe EK and platform certificates since all these certificates are issued\nat the same time anyway.\n\nPersist IDevID and IAK keys at 0x81020000 and 0x81020001 respectively.\n\nAdd documentation to the man page.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "493573961896d9e11b4c5b3051744d607b199fb0", "tree": "2fc777f56a617f00ca2f256f9ab695d9f6fffbd1", "parents": [ "06cc18c43df82a9dc64a2b6c4bf07228478c7b49" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 21 10:31:06 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Apr 23 15:43:40 2026 -0400" }, "message": "swtpm_setup: Prepare for primary EC key creation with 2 different nonces\n\nPrepare for primary EC keys for IAK and IDevID to be created with 2\ndifferent nonce (one containing the unique string, the other being empty).\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "06cc18c43df82a9dc64a2b6c4bf07228478c7b49", "tree": "4e254a5b71b28450ab382e34463203da79c36d02", "parents": [ "ac0d334f65fe888b11aebf097e1a44950cebd2f7" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 22 21:44:25 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Apr 23 15:43:40 2026 -0400" }, "message": "swtpm_setup: Move all the ECC scheme data into the tables\n\nAll the scheme data for ECC EKs and SPKs has been the same so far. Move\nit into the tables.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "ac0d334f65fe888b11aebf097e1a44950cebd2f7", "tree": "809eded639d48683f105d28afb1caf50704afb8c", "parents": [ "d8973ee83a1ef2f983cfa91bdb0d6c348ee66bfa" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 22 21:33:30 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Apr 23 15:43:40 2026 -0400" }, "message": "swtpm_setup: Move all the RSA scheme data into the tables\n\nAdd the RSA scheme data was always the same for EKs and SPKs so far.\nMove it into the tables.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "d8973ee83a1ef2f983cfa91bdb0d6c348ee66bfa", "tree": "76788bb43918ddf6cc29a043c5151d5afc44b4e6", "parents": [ "30545a06caa97809469767d8220cff6541e84d5d" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 22 21:17:06 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Apr 23 15:43:40 2026 -0400" }, "message": "swtpm_setup: Move offset \u0026 keyflags of pubkey and SPK RSA keys into table\n\nMove the ECC SPK offsets where the public key can be found in the response\ninto the table along with the keyflags for SPKs. Also move the SPK RSA\nparameters into this same table.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "30545a06caa97809469767d8220cff6541e84d5d", "tree": "d769ad91397ca73f43f0d9f81508f32cb8a2a33a", "parents": [ "e0f95c2d1bbf9411ba9ab69cb5ba7533e21dbcc4" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Aug 18 11:49:28 2023 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Apr 23 15:43:40 2026 -0400" }, "message": "swtpm_localca: Add support for creating IAK and IDevID certs\n\nAdd documentation to the man page.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "e0f95c2d1bbf9411ba9ab69cb5ba7533e21dbcc4", "tree": "ac57e3f37d5127d55163bfe16b41ac4090dd471d", "parents": [ "5c172537743111f5c5dfebb2308de158e5fa4ba7" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Mon Aug 21 13:43:35 2023 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Apr 23 15:43:40 2026 -0400" }, "message": "swtpm_localca: Add support for --tpm-serial-num command line option\n\nAdd support for the --tpm-serial-num command line option to pass it on to\nswtpm_cert.\n\nMake the vmid part of the serialNumber of the subject passed to\nswtpm_cert (following an email exchange with TCG IWG).\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "5c172537743111f5c5dfebb2308de158e5fa4ba7", "tree": "cbe64489e0ed53f3b734b263a22211a39edf3f08", "parents": [ "ae9492f31f0415d6029eab2ebef7c5be637d17d5" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Apr 23 12:11:19 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Apr 23 15:43:40 2026 -0400" }, "message": "swtpm_cert: Use serialNumber from subject command line option\n\nswtpm_localca will pass the serialNumber in the subject command line option\nand we can use this rather than the TPM serial number.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "ae9492f31f0415d6029eab2ebef7c5be637d17d5", "tree": "8633fa4443aee6c2f403db279f6de83dafc87473", "parents": [ "9dd1f83eab3ce450cb45bf27bf14623edc00a01a" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 22 14:21:35 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 22 14:38:43 2026 -0400" }, "message": "tests: Fall back to using default-v1 profile while libtpms v0.11 is not required\n\nHave the test_tpm2_swtpm_setup_check_certs use the default-v1 profile for now\nto be compatible with libtpms v0.10 while libtpms v0.11 is not required, yet.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "9dd1f83eab3ce450cb45bf27bf14623edc00a01a", "tree": "2822e3ffb1e4226cfa6ba0e71625549f3982f404", "parents": [ "c239abc465c3273ffc04530e6c6895af07a8cb61" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Aug 18 09:22:00 2023 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 22 14:38:43 2026 -0400" }, "message": "swtpm_cert: Add support for creating IAK and IDevID certificates\n\nAdd support for certificate types iak and idevid. Both require the new\ncommand line option --tpm-serial-num to be passed.\n\nAdd support for creating the ASN.1 for the SAN for the new certificates.\n\nAdvertise the support for the new certificate types using the capabilities\nJSON with entries \"cmdarg-tpm-serial-num\" and \"supports-iak-idevid\".\n\nAdd documentation to the man page and extend test cases.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "c239abc465c3273ffc04530e6c6895af07a8cb61", "tree": "200369a2dded350d53325657ee9dd7170b6a94dd", "parents": [ "1455c46dcd2dd1e0eff02c6a438bf796876a74c4" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 22 09:38:11 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 22 11:19:28 2026 -0400" }, "message": "swtpm_cert: Cast variables to unsigned long int before comparison\n\nTo avoid gcc errors on 32bit machines, cast the variables to\nunsigned long int before comparison.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "1455c46dcd2dd1e0eff02c6a438bf796876a74c4", "tree": "c8f9fc0a0b1a80c2e565e1530fd557ae4291f489", "parents": [ "8760bf0f5c631a83544a25da760092ad0eb7bc19" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 21 20:40:28 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 22 11:19:28 2026 -0400" }, "message": "tests: Convert test cases to use openssl tool\n\nUse openssl CLI tool rather than certtool.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "8760bf0f5c631a83544a25da760092ad0eb7bc19", "tree": "2ba61d626ea28ae69b86261e79f90ab864b53b3f", "parents": [ "09f7440eb245972f09b63d4f32cf6f845b7f3040" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 22 09:46:13 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 22 11:19:28 2026 -0400" }, "message": "ci: Make openssl and pcks11-provider always-required packages\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "09f7440eb245972f09b63d4f32cf6f845b7f3040", "tree": "ec10ff96a2f97c9e386c928ac825958e0d4f5f2d", "parents": [ "4abd7c76856f35b79983de46264b143de79a35a1" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 21 21:44:15 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 22 11:19:28 2026 -0400" }, "message": "debian/rpm: Add openssl and pkcs11-provider as build dependencies\n\nFor the conversion to openssl CLI tool, add openssl and pkcs11-provider\nas build dependencies so that tests can run.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "4abd7c76856f35b79983de46264b143de79a35a1", "tree": "7c50463c906cddd61175ec8b98b601b2d7ee2fe8", "parents": [ "d22c0480ec9ad1c61377cfbdab385b5c97ba3a81" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 21 21:39:28 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 22 11:19:28 2026 -0400" }, "message": "build-sys: Require openssl tool\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "d22c0480ec9ad1c61377cfbdab385b5c97ba3a81", "tree": "080c7233b3c5d8c90a101e7b839dc9a39328192e", "parents": [ "75eb72fe31e8cd4e89b4ea4453fc68fb3e2c39a2" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 21 12:57:55 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue Apr 21 14:30:16 2026 -0400" }, "message": "tests: Add test cases with the new key algorithms and aliases\n\nAdd test cases that run swtpm_setup with the new key algorithms and\naliases.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "75eb72fe31e8cd4e89b4ea4453fc68fb3e2c39a2", "tree": "097a42faf2ff27bd5d2d9ff48ba178f314d31b47", "parents": [ "9ae4f6d499fb7b5fe739fbafbbae4a4eb160d81a" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Apr 16 16:38:30 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue Apr 21 14:30:16 2026 -0400" }, "message": "tests: Check created EK cert and compare key against tpm2_createek output\n\nAdd a test case that creates various types of EKs and compares them against\nthe (public) keys created by tpm2_createek, if the tool is found to be\navailable and the swtpm tcti is installed and the tools knows how to create\nthe type of key. Any failure by tpm2_createek to create a key leads to no\ncomarison of the keys being done.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "9ae4f6d499fb7b5fe739fbafbbae4a4eb160d81a", "tree": "23950d0b151373a7b642d131ac8e22180187ec25", "parents": [ "c2239536b1488917613259fccc8522db24c052a1" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 21 12:33:55 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue Apr 21 14:30:16 2026 -0400" }, "message": "swtpm_setup: Add support for ecc_nist_p521/secp521r1 EK in high range\n\nAdd support for secp521r1 EKs in the high range.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "c2239536b1488917613259fccc8522db24c052a1", "tree": "32bd78560a4a276f4242ef105ab39b747c70d476", "parents": [ "bca84a3004cbd02a4c31f6c277359902b6543b70" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 21 11:38:48 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue Apr 21 14:30:16 2026 -0400" }, "message": "swtpm_setup: Add support for ecc_nist_p256/secp256r1 EK in low range\n\nAdd support for secp256r1 EKs in the low range.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "bca84a3004cbd02a4c31f6c277359902b6543b70", "tree": "efa56ee2626b5a4eddabc33a83b68bc0f9b015ce", "parents": [ "ac8cf58b27df34cb2764a86c5a5abf19ed8cf66c" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 21 11:20:51 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue Apr 21 14:30:16 2026 -0400" }, "message": "swtpm_setup: Add secp384r1 as alias to ecc_nist_p384 for CLI options\n\necc_nist_p384 is a name that the Intel TSS2 tools are using for command\nline option. Add secp384r1 as an alternative for it.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "ac8cf58b27df34cb2764a86c5a5abf19ed8cf66c", "tree": "5e72a83c0c305152097482c0ea2edda864c71c03", "parents": [ "3205f94aa3b7743f041701a0f9e643eb20866e8e" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 17 13:20:33 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Apr 20 09:15:47 2026 -0400" }, "message": "samples: Remove --srk-password option from swtpm-create-tpmca\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "3205f94aa3b7743f041701a0f9e643eb20866e8e", "tree": "86dbe04e67edb0e3711dd339c697004919a9604e", "parents": [ "caec46bacb1e45b59b0c07e08bfa0d78df756caf" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 17 13:17:48 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Apr 20 09:15:47 2026 -0400" }, "message": "swtpm_localca: Remove parentkey_password for TPM 1.2 SRK\n\nRemove support for parentkey_password for TPM 1.2 SRK since swtpm_cert\ndoes not support it anymore.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "caec46bacb1e45b59b0c07e08bfa0d78df756caf", "tree": "a9049e0736269ac3d8f944bdbc8fc60949ffdabd", "parents": [ "dc84d9ba7b527aad391424fd0852ca2038aff879" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 01 17:38:51 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Apr 20 09:15:47 2026 -0400" }, "message": "swtpm_cert: Use keychoice variable to disallow conflicting CLI options\n\nIntroduce a \u0027keychoice\u0027 variable and set it when the user provides an\noption for a particular type of key, such as the modulus or exponent for an\nRSA key or the x and y parameters for an EC key. Check that no conflicting\nparameters are provided.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "dc84d9ba7b527aad391424fd0852ca2038aff879", "tree": "b90742f01f4702bf0f83a84e4a3186d880193608", "parents": [ "8c38ab740fdb2b0efc41f90bad41cd4a8969d15e" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 17 08:59:14 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Apr 20 09:15:47 2026 -0400" }, "message": "swtpm_cert: Let BN_to_ASN1_INTEGER handle perpending of 0 to negative number\n\nThe serial number is now converted from its byte form using\n bn_serial \u003d BN_bin2bn(ser_number, ser_number_len, NULL);\n\nand then later on this BN is converted to its ASN.1 representation using\n asn1_serial \u003d BN_to_ASN1_INTEGER(bn_serial, NULL);\n\nTherefore it is not necessary to prepend a 0 to a number that has its\nhighest bit set (code was previously wrong and unnecessary).\n\nSince previously a 0-byte was prepended to the number if it was found to be\nnegative, now only 20 bytes are necessary for the ser_number.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "8c38ab740fdb2b0efc41f90bad41cd4a8969d15e", "tree": "35c1e8680c1d1152426cb455ca975752bf3fbd49", "parents": [ "e43267609539c75a177964a579a26affe26961fe" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 17 11:57:02 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Apr 20 09:15:47 2026 -0400" }, "message": "swtpm_cert: Remove --parentkey-password/pwd for TPM 1.2 SRK support\n\nRemove dead support for --parentkey-password/pwd that allowed to provide a\npassword for the TPM 1.2 SRK if a TPM 1.2 was used for signing.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "e43267609539c75a177964a579a26affe26961fe", "tree": "bd9a64f29da17850e38591907b9e6add7fb9ba95", "parents": [ "1f6dab5ae3eb8152b0bed8ad32cfd5a190fbfe0c" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Apr 16 23:17:30 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Apr 20 09:15:47 2026 -0400" }, "message": "swtpm_cert: Clean up\n\n- Use a macro to report (unlikley) errors from ASN functions\n- Clean up error messages\n- Remove early exit()s and use jump to cleanup instead\n- Only display cert if PEM output format was chosen\n- Fix a memory leak in \u0027ext\u0027\n- Use a #define for maximum password size\n- Use a #define to initialize and check spec_level and spec_revision\n- Introduce and use macro BITS_TO_BYTES convert number of bits to number\n of bytes\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "1f6dab5ae3eb8152b0bed8ad32cfd5a190fbfe0c", "tree": "fba224a3e43435ca40e2640ae3d903aa9caa3380", "parents": [ "06230738903237dfe4a4ac9710af5864b1fea0c2" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Apr 16 22:15:35 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Apr 20 09:15:47 2026 -0400" }, "message": "swtpm_cert: Check return values of OSSL_PARAM_BLD_push functions\n\nCheck the return values of OSSL_PARAM_BLD_push functions and convert other\nfunctions that haven\u0027t reported OSSL error to report them in case of\nfailure. Also check return code of X509_NAME_add_entry_by_txt.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "06230738903237dfe4a4ac9710af5864b1fea0c2", "tree": "0e46eb4e315e229c9a24015f82b56576ae675146", "parents": [ "7ffd681df8126287cb5a79147bbbbb9c5b565ba1" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 15 12:52:54 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 14:41:18 2026 -0400" }, "message": "swtpm_cert: Return NULL if coordinates of EC key exceed expected sizes\n\nReturn NULL for failure if coordinates of passed EC key exceed expected\nsizes.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "7ffd681df8126287cb5a79147bbbbb9c5b565ba1", "tree": "2b619457e1d89173b884158d8e7a9a0ad1b117ca", "parents": [ "3664c4b2cbdd27f87b4ae7f1cbd1b9495701311c" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 15 12:31:34 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 14:41:18 2026 -0400" }, "message": "swtpm_cert: Check for errors after calling strtol for number parsing\n\nCheck for errors after strtol numbers parsing and convert one usage of atoi\nto also use strtol.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "3664c4b2cbdd27f87b4ae7f1cbd1b9495701311c", "tree": "277a52b70b7245a2341f7aa4a25fc7a2bde5805c", "parents": [ "9524e44e76b7aadaa959feaa8275a0dd321b0c67" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 15 12:24:41 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 14:41:18 2026 -0400" }, "message": "swtpm_cert: Check for unreasonably large hex string\n\nSet an upper limit of 10kb for a hexstring that we would allocate memory\nfor for convering it into a byte array.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "9524e44e76b7aadaa959feaa8275a0dd321b0c67", "tree": "9d5928adac9695f6e430481aa49487660fbf1668", "parents": [ "7421206d6b6b8d5317d161b77f2a27965a455947" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Mon Apr 13 15:01:47 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "tests: Add test cases for running swtpm_setup with --ek1/2keyalgo parameters\n\nAdd test cases for running swtpm_setup with --ek1keyalgo and --ek2keyalgo and\nvarious types of keys.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "7421206d6b6b8d5317d161b77f2a27965a455947", "tree": "5039443e1a701b818881373e49c104ed95474b7c", "parents": [ "b4791406fa1fa745e5a10b51156c9455a8a1e558" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Sat Apr 11 17:33:49 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "man: Extend man pages for swtpm_setup.conf and swtpm_setup\n\nAdd descriptions for the ek1keyalgo and ek2keyalgo key words and related\ncommand line options to the man pages for swtpm_setup.conf and swtpm_setup\nrespectively.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "b4791406fa1fa745e5a10b51156c9455a8a1e558", "tree": "134185d4c7dc5431278aeeb22ea0150066a27a47", "parents": [ "ffd7166a5db3ea22433e9d2d1145f7cdcdc96763" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Mon Apr 13 13:22:51 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "swtpm_setup, man: Announce ek1/2keyalgo option support in capabilities JSON\n\nAdd cmdarg-ek1keyalgo and cmdarg-ek2keyalgo to the capabilities JSON and\nmention them in the man page. Adjust test cases.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "ffd7166a5db3ea22433e9d2d1145f7cdcdc96763", "tree": "d5f3bd6222292ccdc16c0a02977d5180127c1800", "parents": [ "9cbf4581cd0cfed2811937dec433797f62e03230" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 10 16:32:59 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "swtpm_setup: Implement options to allow choice of 1st \u0026 2nd EK key types\n\nImplement options --ek1keyalgo and --ek2keyalgo to allow the user to\nchoose the EK key types for the 1st and 2nd EK key.\n\nIf the user chooses the same type of key twice then only 1 key is created.\n\nFor the SPK: If --ecc was passed, create an ecc_nist_p384 storage key as\nbefore, otherwise created an RSA-3072 key.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "9cbf4581cd0cfed2811937dec433797f62e03230", "tree": "8ffd61c6390a1ec8045007737af1ec53621ffa72", "parents": [ "a7464484972c42a00c70130d9c9f5db01f0e5dcf" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 14 22:29:16 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "swtpm_setup: Move symkeydata creation further down for RSA keys\n\nMove the symkeydata creation into a common function furter down the call\npath of RSA primary key creation\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "a7464484972c42a00c70130d9c9f5db01f0e5dcf", "tree": "ca4a2bb2a215ac3b846ec28990154aef272438f9", "parents": [ "3755fb87d8618ed3701488168509892cfb947af7" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 14 22:23:05 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "swtpm_setup: Move symkeydata creation further down for EC keys\n\nMove the symkeydata creation into a common function furter down the call\npath of ECC primary key creation.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "3755fb87d8618ed3701488168509892cfb947af7", "tree": "359b9f7681285911fa90b86c0c2773dce4b794b5", "parents": [ "891e63300e34d12457a5ef154b99c494b9fb9ad1" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Sun Apr 12 18:57:43 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "swtpm_setup: Factor-out common function for creating a primary key\n\nRefactor the code so that a common function for RSA and ECC for creating a\nprimary key can be called.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "891e63300e34d12457a5ef154b99c494b9fb9ad1", "tree": "5601ef477d5ec4dc827ef6d3442c6a7bc7a222ef", "parents": [ "09e64b6efc6c9a9faeff7c3dfc97c887de384ead" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 10 16:30:35 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "swtpm_setup: Move RSA key size parsing and checking code into own functions\n\nMove the code that was parsing the RSA key size and checking the key size\nfor TPM support, into functions. Have the code RSA key size parsed and\nchecked only if a TPM 2 is used and only if the ek1keyalgo indicates an\nRSA key and the eky1keyalgo_param is 0, which is always the case for now.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "09e64b6efc6c9a9faeff7c3dfc97c887de384ead", "tree": "67d2e482eba6c328685aff0b3a6a6401d24f7a3e", "parents": [ "8b3bb4412b3f47de3820b35cf4b39b4d19ea0416" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 10 11:30:33 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "swtpm_setup: Convert RSA and EC EK building code to use table\n\nMove yet more key algorithm and size/curve-specific parameters into the\ntable and convert the existing RSA end ECC key generating functions to use\nthe entries from the table.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "8b3bb4412b3f47de3820b35cf4b39b4d19ea0416", "tree": "4a3e93228b292705eefc33acaec80205f2ba0b03", "parents": [ "0e999e6860c532c9e9784cc330233877070437ff" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 10 09:44:18 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "swtpm_setup: Convert code related to EK parameters to use a table\n\nConvert code related to getting EK parameters to use a table holding\nper key algorithm parameters rather than switch statements. Implement\na function looking up the entry in the table relvant for the given key\nalgorithm and size or curve id (keyalgo_param).\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "0e999e6860c532c9e9784cc330233877070437ff", "tree": "6774c8b6599ef9f3d66c97ebd43b73d4d04ff75d", "parents": [ "3d2aa46c8bda0863621977a44d27279578317d78" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 10 10:23:49 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "swtpm_setup: Convert rsa_keysize parameter to keyalgo_param\n\nConvert the rsa_keysize parameter to keyalgo_param where it does not\nspecifically indicate an RSA key\u0027s size. This is to enable other types\nof keys to be supported with this \u0027additional\u0027 parameter that can for\nexample provide a code for the ECC curve. Start with the conversion in\nmain() where the 1st EK is currently always an RSA key and the 2nd EK is\ncurrently always an ECC key. On this level introduce two variables, one\nfor each EK. Initialize the 2nd one for secp384r1 curve, which is the\ncurrent default for the 2nd EK. Pass the variables through the functions.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "3d2aa46c8bda0863621977a44d27279578317d78", "tree": "2a458cbf266bcd9fcca78f8acf9a062a2a1bf20d", "parents": [ "a2516ad3557337534fa31f6ee4b1608643bc7873" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Apr 09 17:05:45 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "swtpm_setup: Replace \u0027isecc\u0027 flag with variable describing algorithm of EK key\n\nTo describe the algorithm of an EK to create, replace the previously used\n\u0027isecc\u0027 flag with an enum keyalgo. This provides more flexibility later on\nwhen ML-KEM or ML-DSA keys can also be chosen.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "a2516ad3557337534fa31f6ee4b1608643bc7873", "tree": "af840d3a7a87a6693463d05994224d0cdbc78edc", "parents": [ "a09a255fb96dd238612f92e667ab7ec399e69013" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 01 13:49:59 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "swtpm_setup: Comment on RSA-2k/3k/4k and NIST-P384 signing key flags\n\nFollowing \"TCG EK Credential Profile For TPM Family 2.0; Level 0\nVersion 2.7, RC1 Nov 7, 2025\" the NIST-P384 key flags also have the\n\u0027restricted\u0027 bit (0x10000) set, but it cannot be set on primary keys\nsince this returns error codes 0x2d2 \u0026 0x2c2. Therefore, add a comment\nto the listed flags about the \u0027restricted\u0027 flag.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "a09a255fb96dd238612f92e667ab7ec399e69013", "tree": "8402b1b1aba58637da35ca5d79e55125aa9f5733", "parents": [ "81a770262475b2385b0967afcf3c33d87b0ecce6" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 01 13:11:36 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "swtpm_setup: Move PolicyA_SHA256 and PolicyB_SHA384 values into statics\n\nMove the values for PolicyA_SHA256 and PolicyB_SHA384 into their own static\nvariables for re-use.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "81a770262475b2385b0967afcf3c33d87b0ecce6", "tree": "de20d9a827ae9459bb483fdcef3760b406eddfec", "parents": [ "8c3f99ce85e334bf7726f33c4e8c78135c08a6bd" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 08 21:50:06 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 10:27:11 2026 -0400" }, "message": "tests: Check the sizes of OpenSSL-created EK certificates\n\nEnable the checks for the sizes of the creatd EK certificates.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "8c3f99ce85e334bf7726f33c4e8c78135c08a6bd", "tree": "37829fb8135c947457f6a32b183a288a5874a374", "parents": [ "e7d0a72f9a446e22cb03a649ee71b021d359011e" ], "author": { "name": "Takuma IMAMURA", "email": "209989118+hyperfinitism@users.noreply.github.com", "time": "Wed Apr 15 20:54:33 2026 +0900" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 09:07:38 2026 -0400" }, "message": "swtpm_localca: replace broken logfile symlink pre-check with O_NOFOLLOW open\n\nThe previous code attempted to detect symlinks using stat(), which is\nineffective since it follows symlinks and never reports S_IFLNK.\n\nInstead, open() is now called with O_NOFOLLOW to enforce the intended security\nproperty (same as in append_to_file() function), and errors are reported based\non errno (e.g., ELOOP, EACCES, EISDIR) to preserve user-facing diagnostics.\n\nThis removes the redundant preflight check and aligns validation with the\nactual write path.\n\nSigned-off-by: Takuma IMAMURA \u003c209989118+hyperfinitism@users.noreply.github.com\u003e\n" }, { "commit": "e7d0a72f9a446e22cb03a649ee71b021d359011e", "tree": "e38e7d8d603e52becf11cf02087a515511cda3ce", "parents": [ "ce4270193eac58c0b9fc80b21d287b918f479cf1" ], "author": { "name": "Takuma IMAMURA", "email": "209989118+hyperfinitism@users.noreply.github.com", "time": "Wed Apr 15 20:53:56 2026 +0900" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 15 09:07:38 2026 -0400" }, "message": "swtpm_setup: replace broken logfile symlink pre-check with O_NOFOLLOW open\n\nThe previous code attempted to detect symlinks using stat(), which is\nineffective since it follows symlinks and never reports S_IFLNK.\n\nInstead, open() is now called with O_NOFOLLOW to enforce the intended security\nproperty (same as in append_to_file() function), and errors are reported based\non errno (e.g., ELOOP, EACCES, EISDIR) to preserve user-facing diagnostics.\n\nThis removes the redundant preflight check and aligns validation with the\nactual write path.\n\nAlso move the logfile validation earlier, before any logerr(gl_LOGFILE, ...) calls,\nso that invalid logfile paths are detected before the logfile is first used.\nThis avoids falling back to generic error messages from append_to_file() and ensures\nconsistent diagnostics.\n\nSigned-off-by: Takuma IMAMURA \u003c209989118+hyperfinitism@users.noreply.github.com\u003e\n" }, { "commit": "ce4270193eac58c0b9fc80b21d287b918f479cf1", "tree": "30458814f56c6fd9a2cb97ea28bd3a155979705f", "parents": [ "88113e1f3048b5a9f802887acad02b39ec6127ec" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 14 17:27:33 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue Apr 14 17:41:51 2026 -0400" }, "message": "swtpm_cert: Cast parameter passed to isspace to int (Cygwin)\n\nCygwin requires an explicit cast of the char parameter passed to isspace\nto int to fix this issue:\n\nek-cert.c: In function ‘main’:\nek-cert.c:1605:28: error: array subscript has type ‘char’ [-Werror\u003dchar-subscripts]\n 1605 | while (isspace(*token))\n | ^~~~~~\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "88113e1f3048b5a9f802887acad02b39ec6127ec", "tree": "380d496e104e6df26856dc559fbf7574d6a24a16", "parents": [ "24e74c711905a82e2ac2fbe417d6f9596b0ad4ec" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 14 17:06:02 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue Apr 14 17:41:51 2026 -0400" }, "message": "swtpm_setup: Use gsize rather than size_t when calling read_file\n\nread_file uses gsize rather than size_t when calling read_file. Therefore,\nuse the same to enable compiling it on 32bit platforms.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "24e74c711905a82e2ac2fbe417d6f9596b0ad4ec", "tree": "847530ffd897caaf7dbe9d2a93cfe695cfc852b4", "parents": [ "9b33df1a601bab79c06e29350b4d98d946f86f9a" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 14 16:33:02 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue Apr 14 17:41:51 2026 -0400" }, "message": "swtpm_setup, swtpm_localca: Add compiler attribute for printf to logging functions\n\nAdd the printf compiler attribute to the logging functions and fix detected\nparameter issues.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "9b33df1a601bab79c06e29350b4d98d946f86f9a", "tree": "58a3ee408cba534c8ab519c37fc85441cee03993", "parents": [ "2710aecbc153dc6592b63b3610f09512f44d1181" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 14 16:30:46 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue Apr 14 17:41:51 2026 -0400" }, "message": "swtpm: Add compiler attribute for printf to logging functions\n\nAdd the printf compiler attribute to the logging functions and fix detected\nparameter issues.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "2710aecbc153dc6592b63b3610f09512f44d1181", "tree": "22eb4f3e9f317be765dc6ff9eec3bbcc6cbaab82", "parents": [ "d7c0653709761995f181192a61c8d230fb7f8caa" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 14 11:34:19 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue Apr 14 11:44:24 2026 -0400" }, "message": "swtpm_cert: Remove duplicate OSSL_STORE_load statement\n\nRemove a duplicate OSSL_STORE_load statement at the end of the loop since\nit appears again at the beginning of the loop.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "d7c0653709761995f181192a61c8d230fb7f8caa", "tree": "0845f8b30623851ad0257702e3aaba0262cc980a", "parents": [ "687c1d6f44e48987f3769339cf47a1ffa7dc8e7f" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Apr 14 11:01:51 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Tue Apr 14 11:44:24 2026 -0400" }, "message": "swtpm: Fix an imprecise cast detected by Coverity\n\nCoverity complains that we may be reading beyond the bounds of the data\nfield of the ptm_setstate structure. However, data are received into\nthe input structure, which is then imprecisely cast to ptm_setstate.\nThe problem is that the \u0027data\u0027 field of ptm_setstate was declared too\nsmall for the cast (due to concerns of limits when used with ioctls on\ncertain architectures). Also, the client may have started streaming TPM\nstate data immediatley after sending the ptm_setstate structure, and\nswtpm may therefore have received a full input structure \u0027body\u0027 and\nwe may then end up reading data beyond the declared size of the buffer\n(which is backed by the input structure\u0027s \u0027body\u0027 -- so no out of bounds\naccess).\n\nTo resolve this issue, define a ptm_setstate_priv structure that can be\ncast to the input structure\u0027s \u0027body\u0027 field and has the same size as the\n\u0027body\u0027 field. Also check that the number of bytes copied that will be\ncopied out of the received buffer does not exceed the size of the \u0027data\u0027\nfield.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "687c1d6f44e48987f3769339cf47a1ffa7dc8e7f", "tree": "dfd5318c898c9d31d456a3f1a07485412d65d67f", "parents": [ "5e4003fc2f50b130db5e9ad0220ae564ca361d7e" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Apr 09 12:35:00 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Apr 09 12:51:53 2026 -0400" }, "message": "CI: Only run coveralls test if env. var COVERALLS_REPO_TOKEN is set\n\nThe COVERALLS_REPO_TOKEN is not set on PRs from other users, so skip\nall coveralls test steps when it is not set.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "5e4003fc2f50b130db5e9ad0220ae564ca361d7e", "tree": "6df2db17e3ed82c333935088b835d9bf16368a15", "parents": [ "338b0dc10ae5cde50a9d15effff357d5696c290e" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Apr 09 11:40:47 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Apr 09 12:26:28 2026 -0400" }, "message": "swtpm_cert: Fix result code of PIN getter function\n\nWhen UI_set_result() returns !\u003d 0 for failure, return 0 on the PIN getter,\n1 otherwise.\n\nFrom UI_method_set_reader man page:\n\n\"All of these functions are expected to return 0 on error, 1 on success...\"\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "338b0dc10ae5cde50a9d15effff357d5696c290e", "tree": "2359ec666d88ee27ddfe96c4a7b4efc08a7a5523", "parents": [ "b3a865ea87a16096b68eaa77d6c988734b4bce37" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Apr 09 11:36:36 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Apr 09 12:26:28 2026 -0400" }, "message": "tests: Remove TPM 1.2 acting as CA testcase\n\nRemove the test case where a TPM 1.2 was acting as a CA. The reason is\nthat OpenSSL does not (seem to) allow it to sign with a SHA1 with the\nfunctions that it uses even with OPENSSL_ENABLE_SHA1_SIGNATURES\u003d1 set.\n\nCould not sign the certificate.\n400794B2537F0000:error:030000EA:digital envelope routines:EVP_DigestSignUpdate:provider signature failure:crypto/evp/m_sigver.c:446:RSA digest_sign_update:PKCS11 RSA Implementation\n400794B2537F0000:error:06880006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:crypto/asn1/a_sign.c:277:\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "b3a865ea87a16096b68eaa77d6c988734b4bce37", "tree": "512e203edf55ef4711b06091a2f69f0e741125ff", "parents": [ "02da2e3eafd439b04d3b48add8cf1a0ae92dbdaa" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 08 17:48:22 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 08 20:33:35 2026 -0400" }, "message": "swtpm_cert: Improve the loop reading from the store\n\nRead from the store until EOF is readched, even if load errors occur on\nthe way.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "02da2e3eafd439b04d3b48add8cf1a0ae92dbdaa", "tree": "b5354924005f293c68aaef0ecb17d0f1073bc065", "parents": [ "9ae920df2881bc2cdf88515b08b5cd897680a474" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 08 17:26:16 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 08 20:33:35 2026 -0400" }, "message": "swtpm_cert: Use PIN reader only if SWTPM_PKCS11_PIN env var is set\n\nDo not use the PIN reader of SWTPM_PKCS11_PIN is not set to avoid NULL\npointer segmentation faults.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "9ae920df2881bc2cdf88515b08b5cd897680a474", "tree": "eae7f7a2a51ad2c63623373c6adf82773bfb799c", "parents": [ "62a70603324cc390ee35a3845e5b3a1428b29863" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Apr 08 17:23:18 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Apr 08 20:33:35 2026 -0400" }, "message": "swtpm-create-tpmca: Remove trailing %00 from TPM 2 pkcs11 URI\n\nOpenSSL\u0027s PKCS11 provider cannot parse the model name with trailing %00s.\nRemove them.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "62a70603324cc390ee35a3845e5b3a1428b29863", "tree": "99a3b565701f711f31197207f31aa3b4a685adbb", "parents": [ "4c9577aa446c68faf4a482d32755044d1c1fbabd" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 03 23:05:50 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Sun Apr 05 20:19:36 2026 -0400" }, "message": "build: Remove gnutls-devel as required package for swtpm\n\nswtpm_cert was the only user of GnuTLS library. Now that it moved to\nOpenSSL remove the dependency of swtpm package on gnutls-devel.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "4c9577aa446c68faf4a482d32755044d1c1fbabd", "tree": "6c966d4635e31fba29093ba19f9652d2f95c6b4e", "parents": [ "86c6046cbe0e913e884683d20acec3949a4a1220" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 03 16:32:27 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Sun Apr 05 20:19:36 2026 -0400" }, "message": "build-sys: Do not set GNUTLS_LIBS/CFLAGS anymore\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "86c6046cbe0e913e884683d20acec3949a4a1220", "tree": "6f192772398ca5b1c13c67ae677bc7d9c89d8042", "parents": [ "4811aa5d6665a2f3010e2ab10fa3723620fcc4b1" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Apr 02 09:15:55 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Sun Apr 05 20:19:36 2026 -0400" }, "message": "swtpm_cert: Switch to OpenSSL from GnuTLS\n\nSince GnuTLS does not allow import of ML-KEM keys and also does not\nsupport ML-KEM-512 keys, switch to OpenSSL so that certificates for\nPQC type of keys can also be created.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "4811aa5d6665a2f3010e2ab10fa3723620fcc4b1", "tree": "2c05c330e955bc2c58b9d32457e4de137687ddb2", "parents": [ "380debb44384add15220affb78ab3ce196919f20" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 03 08:47:13 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Sun Apr 05 20:19:36 2026 -0400" }, "message": "CI: Install pkcs11-provider for usage of pkcs11 with OpenSSL\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "380debb44384add15220affb78ab3ce196919f20", "tree": "3556aec487dc2dee0465cdceb986cefd38290b66", "parents": [ "703acefbd4364aab2c3ba44a599c6e06018d68e8" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Apr 02 15:31:02 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Sun Apr 05 20:19:36 2026 -0400" }, "message": "tests: Add missing exit 1 on X509 cert subject comparison failure\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "703acefbd4364aab2c3ba44a599c6e06018d68e8", "tree": "8f8d7794e97b4257a9064ddd4329addf14b0cc4d", "parents": [ "45971fe053850735d527bdc481dca6d82086930a" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Sat Apr 04 09:21:04 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Sat Apr 04 10:08:55 2026 -0400" }, "message": "CI: Use cpp-coveralls again for result uploads\n\nFall back to using cpp-coveralls for result uploads since the github\naction uploads coverage information for the wrong files.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "45971fe053850735d527bdc481dca6d82086930a", "tree": "710fe3a99178996cb79edc4e0be0914a2fc58c8c", "parents": [ "e1e01d1f23775f81f6ef16de1db47b9dfac4f679" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 03 23:47:12 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Sat Apr 04 08:41:30 2026 -0400" }, "message": "CI: Extend cpp-coveralls with a github-action for upload\n\nInstall cpp-coveralls after git clone using pip and use it to prepare the\ndata for upload. Use the coveralls github-action for the upload.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "e1e01d1f23775f81f6ef16de1db47b9dfac4f679", "tree": "88feb4889ebc09731f4f71e8a7debaf71a7f0376", "parents": [ "a3dac7a6339cbd5180f8750df503589898dbc273" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 03 22:43:33 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Fri Apr 03 22:55:17 2026 -0400" }, "message": "tests: Fix bugs in test_tpm2_samples_create_tpmca.test\n\nHandle the case where key algorithms is not given as the rsa2048 case\nand use its expected certificate size.\n\nWait for the tpm2 abrmd to have terminated (instead of waiting for swtpm\na 2nd time; c\u0026p error).\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "a3dac7a6339cbd5180f8750df503589898dbc273", "tree": "5245e7cd71f8dddad7d159b331b738f485b7b720", "parents": [ "63812fd4a267142a4f228af36d907a9425f012ca" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 03 21:55:43 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Fri Apr 03 22:55:17 2026 -0400" }, "message": "swtpm_localca: Remove support for GnuTLS TPM 1.2 URIs\n\nGnuTLS does not support TPM 1.2 URIs anymore, so remove support for them.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "63812fd4a267142a4f228af36d907a9425f012ca", "tree": "7cb68516954042fa1f6cea541a90abe016f7daf5", "parents": [ "acf8e92d03ed7c897847e8742e5012f256e52736" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 03 21:49:49 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Fri Apr 03 22:55:17 2026 -0400" }, "message": "samples: Remove TPM 1.2 support from swtpm-create-tpmca\n\nThe tpmtool does not exist anymore, TCSD is not maintained anymore,\nTPM 1.2 is old, so remove TPM 1.2 support.\n\nAdjust the man page for swtpm-create-tpmca.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "acf8e92d03ed7c897847e8742e5012f256e52736", "tree": "83140071a7579a2b88b508bd3d50216dff7171ed", "parents": [ "4af4b875dedc8cafbe76cf351d91e05f57f17acf" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Fri Apr 03 21:59:27 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Fri Apr 03 22:55:17 2026 -0400" }, "message": "tests: Remove test that depended on availability of GnuTLS\u0027s tpmtool\n\nGnuTLS has removed support for the TPM 1.2 \u0027tpmtool\u0027 a while ago and\nsamples/swtpm-create-tpmca therefore does not work anymore. Also the\nTPM 1.2 TCSD is not supported anymore, so remove this test.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "4af4b875dedc8cafbe76cf351d91e05f57f17acf", "tree": "8acab8aa6eb696d9fe78ac5f0f7748ed9a5125af", "parents": [ "51566d690436028b0fb4a9e705dbfbf5e15df7e8" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Mar 19 13:20:19 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Mar 19 20:11:10 2026 -0400" }, "message": "tests: Test that disabled commands and algorithms are actually disabled\n\nConstruct profiles with disabled algorithms and commands and check that\nthe algorithms and commands are actually disabled using IBM tss2 tools.\n\nNot all algorithms can be tested since the tools do not support all of\nthem or the distro we are running on has older tools.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "51566d690436028b0fb4a9e705dbfbf5e15df7e8", "tree": "b28e4abbaf175763d719a23ff04b50ae8eedbb6d", "parents": [ "76326f499ac69548f10b0082f9ffb170b9b378ef" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Mar 19 19:19:00 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Mar 19 20:11:10 2026 -0400" }, "message": "tests: Add comment to kill_quiet function\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "76326f499ac69548f10b0082f9ffb170b9b378ef", "tree": "051430bf167ca5f037fb20a55ae3e4033fb08de6", "parents": [ "407c2a57c168f2d729b2285e2382e47ad8cc2157" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Wed Mar 18 09:14:25 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Mar 18 09:37:27 2026 -0400" }, "message": "header: Remove _Static_assert and adjust comments\n\nRemove the _Static_assert. Also adjust the comment for the forced\nalignment, which is only needed for m68k.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "407c2a57c168f2d729b2285e2382e47ad8cc2157", "tree": "24d3a9cfae25e7863570ed7e0e9063d566ca87f9", "parents": [ "6f1559f59c72c4d08cb4943f61719a105caaa74d" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Mon Mar 16 16:15:37 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Mar 16 17:05:53 2026 -0400" }, "message": "man: Fix some typos in the man pages\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "6f1559f59c72c4d08cb4943f61719a105caaa74d", "tree": "b3be26c57fcedf0f08fb59bd68221ea24e3d55d6", "parents": [ "98e23a9757941cae12a80af8fa3ea5b7ee3811c6" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Mon Mar 16 16:17:24 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Mar 16 17:05:53 2026 -0400" }, "message": "swtpm_cert: Fix a typo in an error message\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "98e23a9757941cae12a80af8fa3ea5b7ee3811c6", "tree": "6d98d78167497664025b94ed95498a75375d31b8", "parents": [ "7f66f996e07ea19603d75a2e5b8063ae490f0411" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Mon Mar 16 15:40:48 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Mar 16 17:05:53 2026 -0400" }, "message": "swtpm: Replace strcpy with strncpy in str_replace\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "7f66f996e07ea19603d75a2e5b8063ae490f0411", "tree": "36c6d9339b733e68b4b650a85825f57ccf187661", "parents": [ "81d34844b71c4e73120ed83420a1507e24a4a4d7" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Mon Mar 16 15:27:32 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Mar 16 17:05:53 2026 -0400" }, "message": "swtpm: Fix typos in comments and messages\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "81d34844b71c4e73120ed83420a1507e24a4a4d7", "tree": "3addb5993812a22ce75759fc6aff966e998b6e57", "parents": [ "e13981622b9d4e67e45387260a31dfd6fe345bb3" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Mon Mar 16 16:32:23 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Mar 16 17:05:53 2026 -0400" }, "message": "swtpm: Refactor and improve description of SWTPM_CheckHash\n\nRefactor SWTPM_CheckHash and have it return NULL in the output buffer\npointer in case of malloc failure. Improve the description of the\nfunction and its parameters.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "e13981622b9d4e67e45387260a31dfd6fe345bb3", "tree": "fd9e257e052c96ea8e24229e617d196c881a2469", "parents": [ "4a99496094ceb087ceef0f0ee2535f08dc67da70" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Mon Mar 16 15:26:39 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Mon Mar 16 17:05:53 2026 -0400" }, "message": "swtpm: Reject state blobs of unreasonable large size\n\nOnly accept state \u003c\u003d 512kb. The upper limit of 512kb is \u0027generous\u0027.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "4a99496094ceb087ceef0f0ee2535f08dc67da70", "tree": "218c79a099356400d68a1e7595932636cbc16c74", "parents": [ "ac1a47ca6ad56403eee87c540f922e386afd6899" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Thu Mar 12 20:36:45 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Thu Mar 12 21:27:43 2026 -0400" }, "message": "tests: Test for expected message receive on NOTIFY_SOCKET\n\nHave swtpm send its \u0027READY\u003d1\u0027 message to the NOTIFY_SOCKET on which we have\nsocat listening and writing the output to a file. Check that the file\ncontains the expected message \u0027READY\u003d1\u0027.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "ac1a47ca6ad56403eee87c540f922e386afd6899", "tree": "5d967db7dc23ddfd30f3a530832d45ac5dc975b6", "parents": [ "4e9b1fe836d05e3e0cec722abcfde3ea98cb60e7" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Mar 10 15:33:42 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Mar 11 10:40:50 2026 -0400" }, "message": "tests: Choose swtpm branch based on libtpms version\n\nChoose the swtpm branch to build based on the libtpms version. Previously\nswtpm stable-0.9 branch was also build for libtpms v0.10 and profiles\ncould not be displayed (swtpm v0.9 does not support profiles) and no tests\nwere done with the default-v1 profile but only the null profile.\n\nAlready choose that for libtpms v0.11 swtpm\u0027s stable-0.11 branch will have\nto be built. While the latter is not available, master will be used.\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" }, { "commit": "4e9b1fe836d05e3e0cec722abcfde3ea98cb60e7", "tree": "c4dfd959888d91feb8fdb96b08d102902366fe2c", "parents": [ "0335ee5542b90898cb6e065ace5d59ca24bc8ed8" ], "author": { "name": "Stefan Berger", "email": "stefanb@linux.ibm.com", "time": "Tue Mar 10 15:32:29 2026 -0400" }, "committer": { "name": "Stefan Berger", "email": "stefanb@us.ibm.com", "time": "Wed Mar 11 10:40:50 2026 -0400" }, "message": "tests: Fix and better format test output\n\nSigned-off-by: Stefan Berger \u003cstefanb@linux.ibm.com\u003e\n" } ], "next": "0335ee5542b90898cb6e065ace5d59ca24bc8ed8" }