From: Kent Y. <shp...@gm...> - 2005-03-18 16:36:19
|
The latest and greatest TrouSerS, version 0.1.9, has been released and is available in tarball form at: https://sourceforge.net/project/showfiles.php?group_id=126012 CVS has been tagged at this release as TROUSERS_0_1_9, which should be reflected in the anonymous CVS in the next few hours. The largest changes between 0.1.8 and 0.1.9 are the addition of access controls to the TCSD (see the tcsd.conf file and manpage for tcsd for details) and the exporting of the crypto and blob loading routines for use by apps. App writers can now include tss/trousers.h to get trousers specific routines which will hopefully be helpful. (All trousers specific calls that have been exported are prefixed by "Trspi_"). ChangeLog follows. Thanks, Kent * TROUSERS_0_1_9 - added tcsd manpage - added access control functionality so that sets of ordinals cannot be executed by non-local hosts. This is now a configurable option in tcsd.conf as "remote_ops". - Set Physical Presence now works from the TSP when the TCSD detects that it is running in single user mode. When not running in single user mode, the TCS_PhysicalPresence command returns TSS_E_NOTIMPL. - Changed an fprintf to LogError in gtk/support.c - TCP/IP server-side fixes in svrside.c - various compile warnings fixed - moved commonly used utility functions to trspi/trousers.c and exported these functions in the header file tss/trousers.h. - added new testcases for ChangeAuth of the TPM owner and SRK in tcg/highlevel/tspi. - added test tcg/highlevel/tpm/Tspi_TPM_PcrRead04.c - updated Tspi_TPM_GetCapability manpage. - added code to detect a 1.2 TPM and get auth sessions the 1.2 way. - added manpage for Tspi_TPM_GetPubEndorsementKey - Bugfixes - in crypto.c, encrypted data area should be RSA_size(rsa) bytes large, not always 256. This was keeping non-2048 bit keys from working with the TPM keyring app. - Fixed detection of an already closed Tddl. - Allow validating the entire TCPA_PUBKEY structure in Tspi_TPM_GetPubEndorsementKey, as National chips do this. - Added support for TSS_TPMCAP_ORD and TSS_TPMCAP_FLAG in Tspi_TPM_GetCapability, which required a call to TCSP_GetCapabilityOwner to fetch the TPM's internal flags. Added tcg/highlevel/tpm/Tspi_TPM_GetCapability0{4,5}.c to test. - When loading the SRK from TCS PS, the TCS key handle should now be 0x40000000 (TSS_SRK_KEY_HANDLE). There were checks for this in the ChangeAuth code paths, which caused failing of various sorts. - Bug fixed in roll over of TCS key handle generation. Previously we would have smashed the SRK's fixed value and we would have thought there were 2 SRK's loaded. - sf.net bug #1154611, old SRK was not being removed from mem cache, though disk cache was being deleted. This means that after re-taking ownership the mem cache was corrupted until a restart of the TCSD. - Feature Requests - sf.net RFE #1122608 completed. Several different device locations are now supported by default. If /dev/tpm is created its assumed that the IBM Research device driver is being used and therefore ioctl's are sent to the driver, all others get read/write's. Updated README. |