Fedora has issued an advisory on September 27: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z2AGXFU7PAB4Q5N67NIHGKL635HWPYUI/ The issue is fixed upstream in 3.0.1.
Fedora has issued an advisory for this on October 6: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KBRTMYDRPQBDGNADVXGI745WGT2MGVOO/ The issue is also fixed in 2.4.3.
Done for mga7!
Advisory: ======================== Updated tpm2-tss packages fix security vulnerability: FAPI PolicyPCR not instatiating correctly (CVE-2020-24455). Note that all TPM object created with a PolicyPCR with the currentPcrs and currentPcrsAndBank options have been created with an incorrect policy that omits PCR checks. All such objects have to be recreated. The tpm2-tss package has been updated to version 2.4.3, which includes a fix for this issue and several other changes. See the upstream release announcements for details. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24455 https://github.com/tpm2-software/tpm2-tss/releases/tag/2.4.3 https://github.com/tpm2-software/tpm2-tss/releases ======================== Updated packages in core/updates_testing: ======================== tpm2-tss-2.4.3-1.mga7 libtss2-mu0-2.4.3-1.mga7 libtss2-sys0-2.4.3-1.mga7 libtss2-esys0-2.4.3-1.mga7 libtss2-fapi0-2.4.3-1.mga7 libtss2-rc0-2.4.3-1.mga7 libtss2-tctildr0-2.4.3-1.mga7 libtss2-tcti-device0-2.4.3-1.mga7 libtss2-tcti-mssim0-2.4.3-1.mga7 libtpm2-tss-devel-2.4.3-1.mga7 from tpm2-tss-2.4.3-1.mga7.src.rpm
Assignee: geiger.david68210 => qa-bugsCC: (none) => geiger.david68210
M7 Plasma x86_64, Intel CPU i5 6600k, TPM2.0 Chip on a Gigabyte Motherboard with Z170 Intel Chipset. Installation of updated packages is OK. Really don't know what to do next: upstream webpage mentions CLI tools that it does not seems to be in Mageia repos. See: https://tpm2-software.github.io/ and here: https://github.com/tpm2-software This package tpm2-tss is a framefork between Kernel TPM2 drivers and User Applications. $ urpmq --whatrequires-recursive tpm2-tss Nothing else... If someone as a clue on this.
CC: (none) => ouaurelien
MGA7-64 MATE on Peaq C1011 No installation issues. Previous update 24457 was decided on clean install, no tests done. Did some research and found https://archive.fosdem.org/2017/schedule/event/tpm2/attachments/slides/1517/export/events/attachments/tpm2/slides/1517/FOSDEM___TPM2_0_practical_usage.pdf Quote from there: "using TPM2.0 tools for "real world" applications is not easy •they don't use widely supported formats like PEM or DER •but the TSSes provide an API (SAPI) that can be used in your C/C++ apps, although the TCG spec is quite hard to digest " So this seems to be developers area and further "Create a signing key Endorsement Key~ •Intel Tools won't allow creating a primary signing key • we need to create an EK and use that to generate a AIK # tpm2_getpubek -H 0x81010000 -g 0x01 -f ek.pub •this will: •generate a 2048 RSA (0x01) key pair •store it in the NVM with handle 0x81010000• export the public part in ek.pub I checked and this command is indeed not in our repo. As far as I am concerned, Aurelien can OK this update, but one could question whether it is worth all the trouble if the whole setup seems so uncomplete.
CC: (none) => herman.viaene
Validating update. Advisory and Packages in Comment 3. Advisory pushed to SVN.
Whiteboard: (none) => MGA7-64-OKCC: (none) => sysadmin-bugsKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0417.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED