(RHEL-16182) Support remote sealing in systemd-cryptenroll/systemd-cryptsetup #283
GitHub Actions / Advanced Commit Linter
failed
Dec 12, 2023 in 2s
Advanced Commit Linter
Tracker - Missing issue tracker ✋
The following commits meet all requirements
| commit | upstream |
|---|---|
| 484fb33 - tree-wide: fix return value handling of base64mem() | systemd/systemd@5e476b8 |
| 0bc90be - Consolidate various TAKE* into TAKE_GENERIC(), add TAKE_STRUCT()_ | systemd/systemd@40c5cc2 |
| 068da52 - pcrphase: add $SYSTEMD_PCRPHASE_STUB_VERIFY env var for overriding stu… | systemd/systemd@6337be0 |
| b1392f9 - pcrphase: gracefully exit if TPM2 support is incomplete | systemd/systemd@0318d54 |
| 8256ee3 - tpm2-util: split out code that derives "good" TPM2 banks into an strv … | systemd/systemd@e4481cc |
| 27a0be5 - tpm2-util: split out code that extends a PCR from pcrphase | systemd/systemd@15c591d |
| f5c7ad3 - tpm2-util: optionally do HMAC in tpm2_extend_bytes() in case we proces… | systemd/systemd@9885c87 |
| 7d7b68c - cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab opti… | systemd/systemd@94c0c85 |
| aafe388 - man: document the new crypttab measurement options | systemd/systemd@572f787 |
| 5fa73c0 - gpt-auto-generator: automatically measure root/var volume keys into PC… | systemd/systemd@ff386f9 |
| 5250f5f - pcrphase: make tool more generic, reuse for measuring machine id/fs uu… | systemd/systemd@17984c5 |
| b9ee9d3 - units: measure /etc/machine-id into PCR 15 during early boot | systemd/systemd@072c8f6 |
| 0d38059 - generators: optionally, measure file systems at boot | systemd/systemd@04959fa |
| da23cf9 - tpm2: add common helper for checking if we are running on UKI with TPM… | systemd/systemd@6c51b49 |
| 944db06 - man: document new machine-id/fs measurement options | systemd/systemd@2bd33c9 |
| 747ac4c - test: add simple integration test for checking PCR extension works as … | systemd/systemd@f44ed15 |
| 4102ea3 - update TODO | systemd/systemd@a67a50e |
| cbb7b10 - cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_C… | systemd/systemd@0254e4d |
| a24e9e1 - boot: Simplify object erasure | systemd/systemd@3f92dc2 |
| d46c115 - tree-wide: use CLEANUP_ERASE() at various places | systemd/systemd@692597c |
| cb99d31 - dlfcn: add new safe_dclose() helper | systemd/systemd@f2592ef |
| bfd20c4 - tpm2: rename tpm2 alg id<->string functions | systemd/systemd@7bfe0a4 |
| 187a3be - tpm2: rename struct tpm2_context to Tpm2Context | systemd/systemd@bd86098 |
| 766d27d - tpm2: use ref counter for Tpm2Context | systemd/systemd@68d084c |
| 551ad42 - tpm2: use Tpm2Context* instead of ESYS_CONTEXT* | systemd/systemd@23e9ccc |
| 9ba6803 - tpm2: add Tpm2Handle with automatic cleanup | systemd/systemd@16e16b8 |
| fccb363 - tpm2: simplify tpm2_seal() blob creation | systemd/systemd@e8858f1 |
| 61afab9 - tpm2: add salt to pin | systemd/systemd@aae6eb9 |
| 1e6cf29 - basic/macro: add macro to iterate variadic args | systemd/systemd@e179f2d |
| 9fc371d - test/test-macro: add tests for FOREACH_VA_ARGS() | systemd/systemd@326ef26 |
| 8dd88be - basic/bitfield: add bitfield operations | systemd/systemd@33d9bee |
| 8efacbf - test/test-bitfield: add tests for bitfield macros | systemd/systemd@5e31ddd |
| 7f85565 - tpm2: add tpm2_get_policy_digest() | systemd/systemd@23b972d |
| 7d0b427 - tpm2: add TPM2_PCR_VALID() | systemd/systemd@aa07a4f |
| 79ae112 - tpm2: add/rename functions to manage pcr selections | systemd/systemd@c69bd0a |
| 2923c25 - test/test-tpm2: add tests for pcr selection functions | systemd/systemd@e067a49 |
| 41ae8b8 - tpm2: add tpm2_pcr_read() | systemd/systemd@c57d8bc |
| 879b80d - tpm2: move openssl-required ifdef code out of policy-building function… | systemd/systemd@9589824 |
| 52bd8f4 - tpm2: add tpm2_is_encryption_session() | systemd/systemd@e976445 |
| b59993a - tpm2: move policy building out of policy session creation | systemd/systemd@2cd9d57 |
| 85ca196 - tpm2: add support for a trusted SRK | systemd/systemd@acbb504 |
| 4e5623b - tpm2: fix nits from PR #26185 | systemd/systemd@96181b7 |
| a9f52e8 - tpm2: replace magic number | systemd/systemd@1200777 |
| 49ea661 - tpm2: add tpm2_digest*() functions_ | systemd/systemd@da92d39 |
| f04f474 - tpm2: replace hash_pin() with tpm2_digest*() functions_ | systemd/systemd@94a4ff2 |
| 3a6ab16 - tpm2: add tpm2_set_auth() | systemd/systemd@409a65f |
| 0f85d6c - tpm2: add tpm2_get_name() | systemd/systemd@dbae4b9 |
| 5577714 - tpm2: rename pcr_values_size vars to n_pcr_values | systemd/systemd@c648a4b |
| b44815c - tpm2: add tpm2_policy_pcr() | systemd/systemd@dcbc467 |
| 871b1e6 - tpm2: add tpm2_policy_auth_value() | systemd/systemd@8a71635 |
| 71c31a9 - tpm2: add tpm2_policy_authorize() | systemd/systemd@5c7852f |
| 7aec3a5 - tpm2: use tpm2_policy_authorize() | systemd/systemd@524cef3 |
| 1a07275 - tpm2: add tpm2_calculate_sealing_policy() | systemd/systemd@d9a1f1a |
| 36b5c2b - tpm: remove external calls to dlopen_tpm2() | systemd/systemd@9944909 |
| f69c532 - tpm2: remove all extern tpm2-tss symbols | systemd/systemd@b57a7b3 |
| 61233db - tpm2: add tpm2_get_capability(), tpm2_cache_capabilities(), tpm2_capab… | systemd/systemd@3a35d6c |
| 9376b7b - tpm2: verify symmetric parms in tpm2_context_new() | systemd/systemd@a47060b |
| 0605e48 - tpm2: replace cleanup_tpm2* macros with cleanup() | systemd/systemd@1dc8f51 |
| f99de78 - tpm2-util: use compound initialization when allocating tpm2 objects | systemd/systemd@d70e4bc |
| 701f6aa - tpm2: add tpm2_get_capability_handle(), tpm2_esys_handle_from_tpm_hand… | systemd/systemd@c8a8524 |
| 10e5105 - tpm2: add tpm2_read_public() | systemd/systemd@98d6a80 |
| 215612f - tpm2: add tpm2_get_legacy_template() and tpm2_get_srk_template() | systemd/systemd@f4f5b3a |
| b71e5b0 - tpm2: add tpm2_load() | systemd/systemd@d1d0de7 |
| 5474253 - tpm2: add tpm2_load_external() | systemd/systemd@efe153b |
| 9eff344 - tpm2: move local vars in tpm2_seal() to point of use | systemd/systemd@ee6a871 |
| 4bf09a7 - tpm2: replace magic number in hmac_sensitive initialization | systemd/systemd@180444b |
| 7082d30 - tpm2: add tpm2_create() | systemd/systemd@e3f1f21 |
| 63159f9 - tpm2: replace tpm2_capability_pcrs() macro with direct c->capaiblity_p… | systemd/systemd@9ea0ffe |
| 241acca - basic/alloc-util: add greedy_realloc_append() | systemd/systemd@3f27ba9 |
| 3948ab2 - tpm2: cache the TPM supported commands, add tpm2_supports_command() | systemd/systemd@adbf0c8 |
| 0d8b990 - tpm2: cache TPM algorithms | systemd/systemd@cbc92a3 |
| b57aa6b - tpm2: add tpm2_persist_handle() | systemd/systemd@d2d29c3 |
| 6887816 - tpm2: add tpm2_get_or_create_srk() | systemd/systemd@cea525a |
| ad94955 - tpm2: move local vars in tpm2_unseal() to point of use | systemd/systemd@9849742 |
| f18c59a - tpm2: remove tpm2_make_primary() | systemd/systemd@2098860 |
| 9c64cab - tpm2: use CreatePrimary() to create primary keys instead of Create() | systemd/systemd@aff853f |
| 806c256 - cryptsetup: downgrade a bunch of log messages that to LOG_WARNING | systemd/systemd@b96cc40 |
| b80af47 - boot/measure: replace TPM PolicyPCR session with calculation | systemd/systemd@b2efe28 |
| 85bc924 - core: imply DeviceAllow=/dev/tpmrm0 with LoadCredentialEncrypted | systemd/systemd@398dc7d |
| 6382a24 - added more test cases | systemd/systemd@e2a4411 |
| 2d168e9 - test: fixed negative checks in TEST-70-TPM2. | systemd/systemd@27d45db |
| 6f8851c - systemd-cryptenroll: add string aliases for tpm2 PCRs | systemd/systemd@96ead60 |
| 46c4684 - cryptenroll: fix an assertion with weak passwords | systemd/systemd@0e43ab6 |
| d9da83f - man/systemd-cryptenroll: update list of PCRs, link to uapi docs | systemd/systemd@10fa725 |
| 3358358 - tpm2: add debug logging to functions converting hash or asym algs to/f… | systemd/systemd@240774f |
| a5a3ee9 - tpm2: add tpm2_hash_alg_to_size() | systemd/systemd@c9df1fb |
| 058cf90 - _tpm2: change tpm2_tpm*pcr_selection_to_mask() to return mask | systemd/systemd@dbaae76 |
| 1670dd7 - tpm2: add more helper functions for managing TPML_PCR_SELECTION and TP… | systemd/systemd@13b5517 |
| ae6b9cb - tpm2: add Tpm2PCRValue struct and associated functions | systemd/systemd@323eb48 |
| ccdc811 - tpm2: move declared functions in header lower down | systemd/systemd@e00f46a |
| c673663 - tpm2: declare tpm2_log_debug*() functions in tpm2_util.h_ | systemd/systemd@75de375 |
| 6e84889 - tpm2: change tpm2_calculate_policy_pcr(), tpm2_calculate_sealing_polic… | systemd/systemd@6e8fb3a |
| f1f032c - tpm2: change tpm2_parse_pcr_argument() parameters to parse to Tpm2PCRV… | systemd/systemd@07c0406 |
| b0aebfd - tpm2: add TPM2BMAKE(), TPM2BCHECK_SIZE() macros | systemd/systemd@53b91e1 |
| 4a852ab - tpm2: add tpm2_pcr_read_missing_values() | systemd/systemd@b4a6fcd |
| 883a9ad - openssl: add openssl_pkey_from_pem() | systemd/systemd@4af788c |
| f2177d8 - openssl: add rsa_pkey_new(), rsa_pkey_from_n_e(), rsa_pkey_to_n_e() | systemd/systemd@dcec950 |
| 8b53af5 - openssl: add ecc_pkey_new(), ecc_pkey_from_curve_x_y(), ecc_pkey_to_cu… | systemd/systemd@900e73f |
| 81e86b5 - test: add DEFINE_HEX_PTR() helper function | systemd/systemd@0fdcfa7 |
| c8c7e77 - openssl: add test-openssl | systemd/systemd@cffeee9 |
| e3a7d43 - tpm2: add functions to convert TPM2B_PUBLIC to/from openssl pkey or PE… | systemd/systemd@e3acb4d |
| 2be11c1 - tpm2: move policy calculation out of tpm2_seal() | systemd/systemd@9e43799 |
| 196eac2 - man: update systemd-cryptenroll man page with details on --tpm2-pcrs f… | systemd/systemd@1782b0b |
| 9da488d - tpm2: update TEST-70-TPM2 to test passing PCR value to systemd-crypten… | systemd/systemd@e85ddd9 |
| 01dd46c - tpm2: change *alg_to* functions to use switch()_ | systemd/systemd@7354a7c |
| 921e003 - _tpm2: lowercase TPM2_PCR_VALUE[S]VALID functions | systemd/systemd@cc1a78d |
| 04a61ca - tpm2: move cast from lhs to rhs in uint16_t/int comparison | systemd/systemd@3cd4145 |
| 1ac7683 - tpm2: in validator functions, return false instead of assert failure | systemd/systemd@064ac95 |
| b1f8b2e - tpm2: in tpm2_pcr_values_valid() use FOREACH_ARRAY() | systemd/systemd@193fd57 |
| 205b763 - tpm2: use SIZE_MAX instead of strlen() for unhexmem() | systemd/systemd@7001a7d |
| c02fdcc - tpm2: put !isempty() check inside previous !isempty() check | systemd/systemd@2b2ee3f |
| 57787d4 - tpm2: simplify call to asprintf() | systemd/systemd@495f2bf |
| 7a8fb7a - tpm2: check pcr value hash != 0 before looking up hash algorithm name | systemd/systemd@8e75725 |
| 6636cb3 - tpm2: use strempty() | systemd/systemd@85b6f29 |
| 0f679bf - tpm2: split TPM2_PCR_VALUE_MAKE() over multiple lines | systemd/systemd@c6e5178 |
| 9ff3436 - tpm2: remove ret prefix from input/output params_ | systemd/systemd@ae2b38e |
| 63816b1 - tpm2: use memcpy_safe() instead of memcpy() | systemd/systemd@65fd657 |
| d7c12f1 - openssl: use new(char, size) instead of malloc(size) | systemd/systemd@b030710 |
| 958e888 - tpm2: use table for openssl<->tpm2 ecc curve id mappings | systemd/systemd@6761e13 |
| 24b41bc - tpm2: use switch() instead of if-else | systemd/systemd@3f4d5df |
| 7782aec - tpm2: make logging level consistent at debug for some functions | systemd/systemd@ed35ac3 |
| ea12375 - tpm2: remove unnecessary void* cast | systemd/systemd@70cb382 |
| 7888ec4 - tpm2: add tpm2_pcr_values_has(any | all)values() functions |
| 87a691a - tpm2: wrap (7) in UINT32_C() | systemd/systemd@81e3d37 |
| b84177b - cryptenroll: change man page example to remove leading 0x and lowercas… | systemd/systemd@a11a2e0 |
| 54f0cff - openssl: add log_openssl_errors() | systemd/systemd@60696b2 |
| 9b1f1ee - openssl: add openssl_digest_size() | systemd/systemd@c52a003 |
| 398ca3f - openssl: add openssl_digest_many() | systemd/systemd@bed4831 |
| fdd4994 - openssl: replace openssl_hash() with openssl_digest() | systemd/systemd@11f7bc5 |
| 8888c02 - openssl: add openssl_hmac_many() | systemd/systemd@a95e8fa |
| 2a70f9b - openssl: add rsa_oaep_encrypt_bytes() | systemd/systemd@816b1dc |
| 752d79e - openssl: add kdf_kb_hmac_derive() | systemd/systemd@a65a25b |
| f6a3e01 - openssl: add openssl_cipher_many() | systemd/systemd@58f215a |
| 54a1aa0 - openssl: add ecc_edch() | systemd/systemd@779b80d |
| 716a3c1 - openssl: add kdf_ss_derive() | systemd/systemd@8c2205b |
| 64c6762 - dlfcn-util: add static asserts ensuring our sym_xyz() func ptrs match … | systemd/systemd@7736a71 |
| 0c5a95a - tpm2: add tpm2_marshal_blob() and tpm2_unmarshal_blob() | systemd/systemd@653c3fe |
| d5bd95a - tpm2: add tpm2_serialize() and tpm2_deserialize() | systemd/systemd@1eff424 |
| d4b37f7 - tpm2: add tpm2_index_to_handle() and tpm2_index_from_handle() | systemd/systemd@13cf98f |
| 19db4c7 - tpm2: fix build failure without openssl | systemd/systemd@0d7009d |
| 69d85fe - tpm2-util: look for tpm2-pcr-signature.json directly in /.extra/ | systemd/systemd@6270b2e |
| d2b07bc - tpm2: downgrade most log functions from error to debug | systemd/systemd@f9a0ee7 |
| af8e983 - tpm2: handle older tpm enrollments without a saved pcr bank | systemd/systemd@730d6ab |
| 012b142 - tpm2: allow tpm2_make_encryption_session() without bind key | systemd/systemd@73592a7 |
| cfc9397 - tpm2: update tpm2 test for supported commands | systemd/systemd@171d5b6 |
| c03d377 - tpm2: use GREEDY_REALLOC_APPEND() in tpm2_get_capability_handles(), ca… | systemd/systemd@7014006 |
| a693034 - tpm2: change tpm2_unseal() to accept Tpm2Context instead of device str… | systemd/systemd@db7fdf1 |
| 9796eb4 - tpm2: cache TPM's supported ECC curves | systemd/systemd@639dca0 |
| 1e1c476 - tpm2-util: make tpm2_marshal_blob()/tpm2_unmarshal_blob() static | systemd/systemd@9122edf |
| 22d03e3 - tpm2-util: make tpm2_read_public() static, as we use it only internall… | systemd/systemd@add8091 |
| ae36332 - cryptenroll: allow specifying handle index of key to use for sealing | systemd/systemd@382bfd9 |
| c909c9f - test: add tests for systemd-cryptenroll --tpm2-seal-key-handle | systemd/systemd@adcd326 |
| 3b4f97d - tpm2: do not call Esys_TR_Close() | systemd/systemd@1524184 |
| 845df7f - tpm2: don't use GetCapability() to check transient handles | systemd/systemd@9c18019 |
| 72db680 - tpm2-util: pick up a few new symbols from tpm2-tss | systemd/systemd@199d758 |
| 2dffc80 - tpm2: add tpm2_get_pin_auth() | systemd/systemd@f230572 |
| f600560 - tpm2: instead of adjusting authValue trailing 0(s), trim them as requi… | systemd/systemd@63477a7 |
| 12028fe - tpm2-util: rename tpm2_calculate_name() → tpm2_calculate_pubkey_name()… | systemd/systemd@b98c4f1 |
| a6d05c4 - cryptenroll: do not implicitly verify with default tpm policy signatur… | systemd/systemd@b0fc23f |
| e1b730b - cryptenroll: drop deadcode | systemd/systemd@645063d |
| 0e9cbf3 - tpm2: allow using tpm2_get_srk_template() without tpm | systemd/systemd@7889333 |
| 1afde34 - tpm2: add test to verify srk templates | systemd/systemd@2eea1b8 |
| 1b6527d - tpm2: add tpm2_sym_algstring() and tpm2_sym_modestring() | systemd/systemd@2d78478 |
| aac6e9c - tpm2: add tpm2_calculate_seal() and helper functions | systemd/systemd@0a7874a |
| 6d4034d - tpm2: update test-tpm2 for tpm2_calculate_seal() | systemd/systemd@65883f6 |
| 5c9e6c5 - cryptenroll: add support for calculated TPM2 enrollment | systemd/systemd@c3a2a68 |
| 8228334 - test: update TEST-70 with systemd-cryptenroll calculated TPM2 enrollme… | systemd/systemd@803e959 |
The following commits need an inspection
| commit | note |
|---|---|
| 782f598 - blkid-util: define enum for blkid_do_safeprobe() return values | Missing issue tracker ✋ |
Loading