[MIR] swtpm
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
autogen (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
gnutls28 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
libtpms (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
libvirt (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
swtpm (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
[Availability]
Available in universe in jammy.
[Rationale]
Needed in order to provide TPM functionality to VMs through kvm/libvirt; should be a Recommends: of qemu-system-x86
[Security]
Several security bugs found and fixed in libtpms this year http://
http://
[Quality assurance]
Limited history: package not present in Debian, and only in Ubuntu since jammy.
[UI standards]
N/A
[Dependencies]
swtpm and libtpms; no further dependencies outside of main.
[Standards compliance]
OK
[Maintenance]
To be maintained by the Foundations Team.
[Background information]
N/A
Related branches
- Utkarsh Gupta (community): Approve
- Canonical Server packageset reviewers: Pending requested
- git-ubuntu import: Pending requested
-
Diff: 34 lines (+7/-1)2 files modifieddebian/changelog (+6/-0)
debian/control (+1/-1)
- Andreas Hasenack: Approve
- Canonical Server: Pending requested
- git-ubuntu import: Pending requested
-
Diff: 439 lines (+198/-44)15 files modifiedCHANGES (+12/-0)
configure.ac (+7/-5)
debian/changelog (+16/-0)
debian/patches/do_not_inline_makeiv.patch (+23/-0)
debian/patches/lp-1948748-tpm2-Address-Coverity-Issue-by-casting-1-before-shif.patch (+37/-0)
debian/patches/lp-1948748-tpm2-Check-return-code-of-BN_div.patch (+36/-0)
debian/patches/no_local_check.patch (+26/-0)
debian/patches/series (+4/-2)
dev/null (+0/-31)
dist/libtpms.spec (+10/-1)
dist/libtpms.spec.in (+9/-0)
include/libtpms/tpm_library.h (+1/-1)
src/tpm2/NVMarshal.c (+6/-1)
src/tpm2/Time.c (+9/-0)
src/tpm2/crypto/openssl/CryptRsa.c (+2/-3)
- Sergio Durigan Junior (community): Approve
- Canonical Server: Pending requested
- git-ubuntu import: Pending requested
-
Diff: 10026 lines (+9063/-67)38 files modifieddebian/changelog (+7651/-11)
debian/control (+13/-11)
debian/libvirt-clients.install (+1/-0)
debian/libvirt-clients.lintian-overrides (+1/-0)
debian/libvirt-daemon-system.dirs (+2/-0)
debian/libvirt-daemon-system.install (+1/-0)
debian/libvirt-daemon-system.postinst (+170/-0)
debian/libvirt-daemon-system.postrm (+42/-1)
debian/libvirt-daemon.README.Debian (+82/-22)
debian/libvirt-daemon.apport (+22/-0)
debian/libvirt-daemon.dnsmasq (+2/-0)
debian/libvirt-daemon.install (+1/-0)
debian/libvirt-uri.sh (+27/-0)
debian/patches/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch (+42/-0)
debian/patches/backport/util-fix-syslog-facility-value.patch (+58/-0)
debian/patches/series (+22/-0)
debian/patches/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch (+37/-0)
debian/patches/ubuntu-aa/0029-appmor-libvirt-qemu-Add-9p-support.patch (+34/-0)
debian/patches/ubuntu-aa/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch (+43/-0)
debian/patches/ubuntu-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch (+34/-0)
debian/patches/ubuntu-aa/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch (+41/-0)
debian/patches/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch (+33/-0)
debian/patches/ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch (+57/-0)
debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch (+50/-0)
debian/patches/ubuntu/daemon-augeas-fix-expected.patch (+21/-0)
debian/patches/ubuntu/dnsmasq-as-priv-user (+290/-0)
debian/patches/ubuntu/lp-1861125-ubuntu-models.patch (+21/-0)
debian/patches/ubuntu/ovmf_paths.patch (+60/-0)
debian/patches/ubuntu/parallel-shutdown.patch (+25/-0)
debian/patches/ubuntu/set-default-machine-to-ubuntu.patch (+45/-0)
debian/patches/ubuntu/swtpm-by-swtpm-user.patch (+40/-0)
debian/patches/ubuntu/ubuntu_machine_type.patch (+14/-0)
debian/patches/ubuntu/wait-for-qemu-kvm.patch (+23/-0)
debian/rules (+18/-14)
debian/tests/control (+3/-2)
debian/tests/smoke-lxc (+30/-4)
debian/tests/smoke-qemu-session (+5/-0)
debian/tests/smoke-qemu-session.xml (+2/-2)
- Sergio Durigan Junior (community): Approve
- Canonical Server packageset reviewers: Pending requested
- git-ubuntu import: Pending requested
-
Diff: 197 lines (+140/-0)6 files modifieddebian/changelog (+13/-0)
debian/control (+1/-0)
debian/libvirt-daemon-system.postinst (+8/-0)
debian/patches/series (+2/-0)
debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch (+76/-0)
debian/patches/ubuntu/swtpm-by-swtpm-user.patch (+40/-0)
CVE References
Changed in libtpms (Ubuntu): | |
milestone: | none → ubuntu-22.04-beta |
Changed in swtpm (Ubuntu): | |
milestone: | none → ubuntu-22.04-beta |
Changed in libtpms (Ubuntu): | |
importance: | Undecided → High |
Changed in swtpm (Ubuntu): | |
importance: | Undecided → High |
Hi,
thanks Steve for the work on this!
While it is true that it is "new in the Archive" it isn't entirely new to the wider ecosystem.
Plenty of people have used it from [1] and similar PPAs since then.
Some others use snaps [2]
But nowadays also snaps with way more user-base and security checks already use it directly embedded like LXD [3].
So it really isn't that much "from scratch" as it might seem at first :-)
Finally it might be worth to add [4] to background info for people unaware what this is about.
Starting to have a look ...
[1]: https:/ /launchpad. net/~stefanberg er/+archive/ ubuntu/ swtpm /snapcraft. io/swtpm- mvo /snapcraft. io/lxd /github. com/stefanberge r/swtpm/ wiki
[2]: https:/
[3]: https:/
[4]: https:/