5.1-rc1 2021-05-19

Changes after 5.1-rc0

• scripts/utils: Add a utility to read the cert chain of embedded CA
• .ci/download-deps.sh: Bump tpm2-tss version to 3.1.0
• build: only use -Werror for non-release builds

4.3.1 2021-05-19

tpm2_dictionarylockout: Fix issue where setting value reset others

tpm2_create.c: Fix an issue where userwithauth attr cleared if policy
specified

tss2_quote: Tool now correctly supports to quote against a list of passed
PCR registers

Fix fapi-branch-select integration test to correctly use the PolicyRef
parameter (triggered by recent bug-fix in tpm2-tss)

Fix an outdated parameter in the fapi-provision integration test

tpm2_getekcertificate: Fix tool failing to return error/non-zero
for HTTP 404

4.3.1-rc0 2021-05-03

• tpm2_dictionarylockout: Fix issue where setting value reset others

• tpm2_create.c: Fix an issue where userwithauth attr cleared if policy
  specified

• tss2_quote: Tool now correctly supports to quote against a list of passed
  PCR registers

• Fix fapi-branch-select integration test to correctly use the PolicyRef
  parameter (triggered by recent bug-fix in tpm2-tss)

• Fix an outdated parameter in the fapi-provision integration test

• tpm2_getekcertificate: Fix tool failing to return error/non-zero
  for HTTP 404

5.1-rc0

5.1-rc0 2021-04-20

• Build

  • Dependency-update: Minimum tpm2-tss version dependency bumped to 3.0.3
  • Dependency-update: Minimum tpm2-abrmd version dependency bumped to 2.4.0
  • tpm2_eventlog: Fix build errors on 64 bit arm systems.
  • tpm2_checkquote: Fix build on 32b little-endian platforms.
  • Fixes builds on CentOS 7 which notably has an ancient version of
    GCC: 4.8.5 and an older version of OSSL, 1.0.2
  • Configure handles searching for python executable more gracefully, thus
    just having python3, will work.
  • Moved to GitHub Actions for CI testing.
  • Added fedora-32 to CI testing configurations and related fixes.
  • FreeBSD testing is bumped up to version 12.2
  • Fix compiler and packaging warnings for OpenSuse builds.
  • configure: make build gnu99.
  • configure: make -Wbool-compare non fatal.

• tss2:

  • Support in tools for PolicyRef inclusion in policy search per latest TSS.
  • Support to use TPM objects protected by a policy with PolicySigned.
  • Enable backward compatibility to old Fapi callback API.
  • Fix PCR selection for tss2 quote.
  • Support policy signed policies by implementing Fapi_SetSignCB.

• Command/ response parameter support for auditing and pHash policies:

  • lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash
  • Add support to calculate rphash for tpm2_create, tpm2_activatecredential,
    tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps,
    tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal
  • Add support to calculate cphash for tpm2_changeeps, tpm2_changepps.

• Session-support:

  • tpm2_sessionconfig: Add tool to display and configure session attributes.
  • tpm2_getrandom: Fix— session input was hardcoded for audit-only
  • tpm2_startauthsession: Add option to specify the bind object and its
    authorization value.
  • tpm2_startauthsession: support for bounded-only session.
  • tpm2_startauthsession: support for salted-only session.
  • tpm2_startauthsession: add option to specify an hmac session type.
  • Add support for specifying non-authorization sessions for audit and
    parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend,
    tpm2_nvdefine, tpm2_unseal, tpm2_activatecredential, tpm2_certify,
    tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps, tpm2_changepps.

• tpm2_eventlog:

  • Support for event type: EV_IPL extensively used by the Shim and Grub.
  • Support for event type: EV_EFI_GPT_EVENT to parse.
    UEFI_PARTITION_TABLE_HEADER and UEFI_PARTITION_ENTRY.
  • Support for event type: EFI_SIGNATURE_LIST, which contains one or more
    EFI_SIGNATURE_DATA.
  • Support for event type EV_EFI_VARIABLE_AUTHORITY.
  • Parse UEFI_PLATFORM_FIRMWARE_BLOB structure that the CRTM MUST put into
    the Event Log entry TCG_PCR_EVENT2.event field for event types
    EV_POST_CODE, EV_S_CRTM_CONTENTS, and EV_EFI_PLATFORM_FIRMWARE_BLOB.
  • Parse secureboot variable to indicate enable as 'Yes'.
  • Parse BootOrder variable to a more readable format.
  • Parse Boot variables per EFI_LOAD_OPTION described in more details in
    UEFI Spec Section 3.1.3
  • Parse Device-path in a readable format using the efivar library.
  • Support for logs longer than 64 kilobytes.
  • Perform verification for event types where digest can be verified from
    their event payload.
  • Better support for multiline strings.
  • Fix handling of event log EV_POST_CODE data where field is empty and len
    is specified.

• tpm2_getekcertificate: Fix tool failing to return error/non-zero for HTTP 404.

• tpm2_nvdefine: allow setting hash algorithm by command line parameter for NV
  indices set in extend mode.

• tpm2_duplicate, tpm2_import: support duplicating non-TPM keys to a remote TPM
  without first requiring them to be loaded to a local TPM.

• tpm2_dictionarylockout: Fix issue where setting value for one parameter caused
  to reset the others.

• tpm2_getpolicydigest: Add new tool to enable TPM2_CC_PolicyGetDigest.

• Fix segfault where optind > argc.

• tools/tpm2_checkquote: fix missing initializer

• tpm2_convert: fix EVP_EncodeUpdate usage for OSSL < 1.1.0

• openssl: fix EVP_ENCODE_CTX_(new|free)

• test: Add support for swTPM simulator to the testing framework and make it the
  default if mssim isn't available.

5.0

5.0 - 2020-11-16

Non Backwards Compatible Changes

• Default hash algorithm is now sha256. Prior versions claimed sha1, but were
  inconsistent in choice. Best practice is to specify the hash algorithm to
  avoid surprises.

• tpm2_tools and tss2_tools are now a busybox style commandlet. Ie
  tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks
  to the old tool names and the tpm2 commandlet will interrogate argv[0] for
  the command to run. This will provide backwards compatibility if they are
  installed. If you wish to use the old names not installed system wide, set
  DESTDIR during install to a separate path and set the proper directory on
  PATH.

• tpm2_eventlog's output changed to be YAML compliant. The output before
  was intended to be YAML compliant but was never properly checked and tested.

• umask set to 0117 for all tools.

• tpm2_getekcertificate now outputs the INTC EK certificates in PEM format
  by default. In order to output the URL safe variant of base64 encoded
  output of the INTC EK certificate use the added option --raw.

Dependency update

• Update tpm2-tss dependency version to
  3.0.1

• Update tpm2-abrmd dependency version to
  2.3.3

New tools and features

• tpm2_zgen2phase:

  • Add new tool to support command TPM2_CC_ZGen_2Phase.

• tpm2_ecdhzgen:

  • Add new tool to support command TPM2_CC_ECDH_ZGen.

• tpm2_ecdhkeygen:

  • Add new tool to support command TPM2_CC_ECDH_KeyGen.

• tpm2_commit:

  • Add new tool to support command TPM2_CC_Commit.

• tpm2_ecephemeral:

  • Add new tool to support command TPM2_CC_EC_Ephemeral.

• tpm2_geteccparameters:

  • Add new tool to support command TPM2_CC_ECC_Parameters.

• tpm2_setcommandauditstatus:

  • Added new tool to support command TPM2_CC_SetCommandCodeAuditStatus.

• tpm2_getcommandauditstatus:

  • Added new tool to support command TPM2_CC_GetCommandAuditDigest.

• tpm2_getsessionauditdigest:

  • Added new tool to support command TPM2_CC_GetSessionAuditDigest.

• tpm2_certifyX509certutil:

  • Added new tool for creating partial x509 certificates required to support
    the TPM2_CC_CertifyX509 command.

• tpm2_policysigned:

  • Added option --cphash-input to specify the command parameter hash
    (cpHashA), enforcing the TPM command to be authorized as well as its handle
    and parameter values.

• tpm2_createprimary:

  • Added option to specify the unique data from the stdin by adding provision
    for specifying the option value for unique file as -.

• tpm2_startauthsession:

  • Added new feature/option --audit-session to start an HMAC session to
    be used as an audit session.

• tpm2_getrandom:

  • Added new feature/option -S, --session to specify a HMAC session
    to be used as an audit session. This adds support for auditing the command
    using an audit session.
  • Added new feature/option --rphash to specify file path to record the
    hash of the response parameters. This is commonly termed as rpHash.
  • Added new feature/option --cphash to specify a file path to record
    the hash of the command parameters. This is commonly termed as cpHash.
    NOTE: In absence of --rphash option, when this option is selected,
    The tool will not actually execute the command, it simply returns a
    cpHash.

• tpm2_getcap:

  • tpm2_getcap was missing raw on a property TPM2_PT_REVISION, and it should
    always be specified.

• tpm2_sign:

  • Add option --commit-index to specify the commit index to use when
    performing an ECDAA signature.
  • Add support for ECDAA signature.

• tpm2_getekcertificate:

  • Add option --raw to output EK certificate in URL safe variant base64
    encoded format. By default it outputs a PEM formatted certificate.
  • The tool can now output INTC and non INTC EK certificates from NV indices
    specified by the TCG EK profile specification.

• tpm2_activatecredential:

  • The secret data input can now be specified as stdin with -s option.
  • The public key used for encryption can be specified as -u to make it
    similar to rest of the tools specifying a public key. The old -e
    option is retained for backwards compatibility.
  • Add option to specify the key algorithm when the input public key is in
    PEM format using the new option -G, --key-algorithm. Can specify
    either RSA/ECC. When this option is used, input public key is expected to
    be in PEM format and the default TCG EK template is used for the key
    properties.

• tpm2_checkqoute:

  • Add EC support.
  • Support loading tss signatures.
  • Support loading tpm2 pcrread PCR values by specifying the PCR selection
    using the new option -l, --pcr-list.
  • Added support for automatically detecting the signature format. With this
    -F, --format option is retained for backwards compatibility but
    it is deprecated.

• tpm2_createak:

  • add option to output qualified name with new option
    -q, --ak-qualified-name.

• tpm2_policypcr:

  • Add option for specifying cumulative hash of PCR's as an argument.

• tpm2_readpublic:

  • Add option to output qualified name using the new option
    -q, --qualified-name.

• tpm2_print:

  • Support printing TPM2B_PUBLIC data structures.
  • Support printing TPMT_PUBLIC data structures.

• tpm2_send:

  • Add support for handling sending and receiving command and response buffer
    for multiple commands.

• tpm2_verifysignature:

  • Added support for verifying RSA-PSS signatures.

• tpm2_eventlog:

  • Add handling of sha1 log format.
  • Add fixes for eventlog output to be proper YAML.
  • Add support for sha384, sha512, sm3_256 PCR hash algorithms.
  • Add support for computing PCR values based on the events.

• tpm2_tools (all):

  • Set stdin/stdout to non-buffering.
  • Added changes for FreeBSD portability.

Bug fixes

• Fix printing short options when no ascii character is used.

• OpenSSL: Fix deprecated OpenSSL functions. ECC Functions with suffix GFp
  will become deprecated (DEPRECATED_1_2_0).

• tpm2_eventlog: output EV_POST_CODE as string not firmware blob to be
  compliant with TCG PC Client FPF section 2.3.4.1 and 9.4.12.3.4.1

• Fix missing handle maps for ESY3 handle breaks. See #1994.

• tpm2_rsaencrypt: fix OAEP RSA encryption failing to invalid hash selection.

• tpm2_rsadecrypt: fix OAEP RSA decryption failing to invalid hash selection.

• tpm2_sign: fix for signing failures with restricted signing keys when
  input data to sign is not a digest, rather the full message. The validation
  ticket creation process defaults to the owner hierarchy and so in order to
  choose other hierarchies the tpm2_hash tool should be used instead.

• tpm2_print: fix segfault when -t option is omitted by appropriately
  warning of the required option.

• tpm2_nvdefine: fix for default size when size is not specified by invoking
  TPM2_CC_GetCapability.

• Fix for an issue where the return code for unsupported algorithms was
  tool_rc_general instead of tool_rc_unsupported in tpm2_create and
  tpm2_createprimary tools.

• Fix for an issue where RSA_PSS signature verification caused failures.

• tpm2_nvreadpublic, tpm2_kdfa, tpm2_checkquote, tpm2_quote:
  Fixes for issues with interoperability of the attestation tools between big
  and little endian platforms.

• tss2_*:

  • Fix bash-completion for tss2_pcrextend and tss2_verifysignature
  • Add force option to tss2_list
  • Make force option consistent in all fapi tools
  • Do not decode non-TPM errors
  • Enhance integration tests to test changes of optional/mandatory parameters
  • Add --hex parameter to tss2_getrandom
  • Fix autocompletion issue
  • Switch tss2_* to with-"="-style
  • Add size parameter to tss2_createseal
  • References to the cryptographic profile (fapi-profile(5)) and config file
    (fapi-config(5)) man pages from all relevant tss2_* man pages.
  • Fix policy branch selection menu item from 1 to 0.

CI changes

• Travis-CI

  • Drop Ubuntu-16.04 and add Ubuntu-20.04.
  • Added unit/integration test instance to verify we are not breaking tool
    options and or maintaining backwards compatibility with 4.X version.

• Cirrus-CI:

  • Added support for testing on FreeBSD.

Documentation

• wiki pages have been removed and data has been migrated to
  tpm2-software.github.io portal's tutorial section.

• Fix the problem with man and no-man help output for tools were not correctly
  displayed.

• man:

  • tpm2_create: Correct max seal data size from 256 bytes to 128 bytes.

  • tpm2_nvread: Fix manpage example.

  • tpm2_nvwrite: Added missing information on how to specify the NV index as
    an argument.

  • tpm2_unseal: Add end-to-end example.

  • tpm2_nvincrement: Fix incorrect commands in example section.

  • tpm2_hmac: Fix the example section.

5.0-rc0 2020-10-22

5.0-RC0 2020-10-22

Non Backwards Compatible Changes

• Default hash algorithm is now sha256. Prior versions claimed sha1, but were
  inconsistent in choice. Best practice is to specify the hash algorithm to
  avoid suprises.

• tpm2_tools and tss2_tools are now a busybox style commandlet. Ie
  tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks
  to the old tool names and the tpm2 commandlet will interogate argv[0] for
  the command to run. This will provide backwards compatibility if they are
  installed. If you wish to use the old names not installed system wide, set
  DESTDIR during install to a seperate path and set the proper directory on
  PATH.

• tpm2_eventlog's output changed to be YAML compliant. The output before
  was intended to be YAML compliant but was never properly checked and tested.

• umask set to 0117 for all tools.

• tpm2_getekcertificate now outputs the INTC EK certificates in PEM format
  by default. In order to output the URL safe variant of base64 encoded
  output of the INTC EK certificate use the added option --raw.

Dependency update

• Update tpm2-tss dependency version to
  3.0.1

• Update tpm2-abrmd dependency version to
  2.3.3

New tools and features

• tpm2_zgen2phase:

  • Add new tool to support command TPM2_CC_ZGen_2Phase.

• tpm2_ecdhzgen:

  • Add new tool to support command TPM2_CC_ECDH_ZGen.

• tpm2_ecdhkeygen:

  • Add new tool to support command TPM2_CC_ECDH_KeyGen.

• tpm2_commit:

  • Add new tool to support command TPM2_CC_Commit.

• tpm2_ecephemeral:

  • Add new tool to support command TPM2_CC_EC_Ephemeral.

• tpm2_geteccparameters:

  • Add new tool to support command TPM2_CC_ECC_Parameters.

• tpm2_setcommandauditstatus:

  • Added new tool to support command TPM2_CC_SetCommandCodeAuditStatus.

• tpm2_getcommandauditstatus:

  • Added new tool to support command TPM2_CC_GetCommandAuditDigest.

• tpm2_getsessionauditdigest:

  • Added new tool to support command TPM2_CC_GetSessionAuditDigest.

• tpm2_certifyX509certutil:

  • Added new tool for creating partial x509 certrificates required to support
    the TPM2_CC_CertifyX509 command.

• tpm2_policysigned:

  • Added option --cphash-input to specify the command parameter hash
    (cpHashA), enforcing the TPM command to be authorized as well as its handle
    and parameter values.

• tpm2_createprimary:

  • Added option to specify the unique data from the stdin by adding provision
    for specifying the option value for unique file as -.

• tpm2_startauthsession:

  • Added new feature/option --audit-session to start an HMAC session to
    be used as an audit session.

• tpm2_getrandom:

  • Added new feature/option -S, --session to specify a HMAC session
    to be used as an audit session. This adds support for auditing the command
    using an audit session.
  • Added new feature/option --rphash to specify file path to record the
    hash of the response parameters. This is commonly termed as rpHash.
  • Added new feature/option --cphash to specify a file path to record
    the hash of the command parameters. This is commonly termed as cpHash.
    NOTE: In absence of --rphash option, when this option is selected,
    The tool will not actually execute the command, it simply returns a
    cpHash.

• tpm2_getcap:

  • tpm2_getcap was missing raw on a property TPM2_PT_REVISION, and it should
    always be specified.

• tpm2_sign:

  • Add option --commit-index to specify the commit index to use when
    performing an ECDAA signature.
  • Add support for ECDAA signature.

• tpm2_getekcertificate:

  • Add option --raw to output EK certificate in URL safe variant base64
    encoded format. By default it outputs a PEM formatted certificate.
  • The tool can now output INTC and non INTC EK certificates from NV indices
    specified by the TCG EK profile specification.

• tpm2_activatecredential:

  • The secret data input can now be specified as stdin with -s option.
  • The public key used for encryption can be specified as -u to make it
    similar to rest of the tools specifying a public key. The old -e
    option is retained for backwards compatibility.
  • Add option to specify the key algorithm when the input public key is in
    PEM format using the new option -G, --key-algorithm. Can specify
    either RSA/ECC. When this option is used, input public key is expected to
    be in PEM format and the default TCG EK template is used for the key
    properties.

• tpm2_checkqoute:

  • Add EC support.
  • Support loading tss signatures.
  • Support loading tpm2 pcrread PCR values by specifying the PCR selection
    using the new option -l, --pcr-list.
  • Added support for automatically detecting the signature format. With this
    -F, --format option is retained for backwards compatibility but
    it is deprecated.

• tpm2_createak:

  • add option to output qualified name with new option
    -q, --ak-qualified-name.

• tpm2_policypcr:

  • Add option for specifying cumulative hash of PCR's as an argument.

• tpm2_readpublic:

  • Add option to output qualified name using the new option
    -q, --qualified-name.

• tpm2_print:

  • Support printing TPM2B_PUBLIC data structures.
  • Support printing TPMT_PUBLIC data structures.

• tpm2_send:

  • Add support for handling sending and receiving command and response buffer
    for multiple commands.

• tpm2_verifysignature:

  • Added support for verifying RSA-PSS signatures.

• tpm2_eventlog:

  • Add handling of sha1 log format.
  • Add fixes for eventlog output to be proper YAML.
  • Add support for sha384, sha512, sm3_256 PCR hash algorithms.
  • Add support for computing PCR values based on the events.

• tpm2_tools (all):

  • Set stdin/stdout to non-buffering.
  • Added changes for FreeBSD portability.

Bug fixes

• Fix printing short options when no ascii character is used.

• OpenSSL: Fix deprecated OpenSSL functions. ECC Functions with suffix GFp
  will become deprecated (DEPRECATED_1_2_0).

• tpm2_eventlog: output EV_POST_CODE as string not firmware blob to be
  compliant with TCG PC Client FPF section 2.3.4.1 and 9.4.12.3.4.1

• Fix missing handle maps for ESY3 handle breaks. See #1994.

• tpm2_rsaencrypt: fix OAEP RSA encryption failing to invalid hash selection.

• tpm2_rsadecrypt: fix OAEP RSA decryption failing to invalid hash selection.

• tpm2_sign: fix for signing failures with restricted signing keys when
  input data to sign is not a digest, rather the full message. The validation
  ticket creation process defaults to the owner hierarchy and so in order to
  choose other hierarchies the tpm2_hash tool should be used instead.

• tpm2_print: fix segfault when -t option is omitted by appropriately
  warning of the required option.

• tpm2_nvdefine: fix for default size when size is not specified by invoking
  TPM2_CC_GetCapability.

• Fix for an issue where the return code for unsupported algorithms was
  tool_rc_general instead of tool_rc_unsupported in tpm2_create and
  tpm2_createprimary tools.

• Fix for an issue where RSA_PSS signature verification caused failures.

• tpm2_nvreadpublic, tpm2_kdfa, tpm2_checkquote, tpm2_quote:
  Fixes for issues with interoperability of the attestation tools between big
  and little endian platforms.

• tss2_*:

  • Fix bash-completion for tss2_pcrextend and tss2_verifysignature
  • Add force option to tss2_list
  • Make force option consistent in all fapi tools
  • Do not decode non-TPM errors
  • Enhance integration tests to test changes of optional/mandatory parameters
  • Add --hex parameter to tss2_getrandom
  • Fix autocompletion issue
  • Switch tss2_* to with-"="-style
  • Add size parameter to tss2_createseal
  • References to the cryptographic profile (fapi-profile(5)) and config file
    (fapi-config(5)) man pages from all relevant tss2_* man pages.
  • Fix policy branch selection menu item from 1 to 0.

CI changes

• Travis-CI

  • Drop Ubuntu-16.04 and add Ubuntu-20.04.
  • Added unit/integration test instance to verify we are not breaking tool
    options and or maintaining backwards compatibility with 4.X version.

• Cirrus-CI:

  • Added support for testing on FreeBSD.

Documentation

• wiki pages have been removed and data has been migrated to
  tpm2-software.github.io portal's tutorial section.

• Fix the problem with man and no-man help output for tools were not correctly
  displayed.

• man:

  • tpm2_create: Correct max seal data size from 256 bytes to 128 bytes.

  • tpm2_nvread: Fix manpage example.

  • tpm2_nvwrite: Added missing information on how to specify the NV index as
    an argument.

  • tpm2_unseal: Add end-to-end example.

  • tpm2_nvincrement: Fix incorrect commands in example section.

  • tpm2_hmac: Fix the example section.

4.3.0

Note: Per bug #2189 the release upload was missing tss2 manpages, this has been corrected in the current upload. If your upload doesn't match the current signature file, please download the newer release.

4.3.0 - 2020-08-24

• tss2_*: Fix double-free errors in commands asking for password authorization

• tss2_*: Fix shorthand command -f that was falsely requiring an argument

• tss2_*: Update tss2_encrypt to the new FAPI interface

  • The argument 'policyPath' is removed which was never read anyway

• tss2_*: Remove the additional '\n' that was appended when redirecting to stdout

• tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec

• tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo

• tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout

• tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec

• tss2_*: Add parameter types to all man page

• tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data

• tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output

• tss2_pcrextend: fix extending PCR 0

• tss2_quote: fix unused TSS2_RC in LOG_ERR

4.3.0-rc1 - 2020-08-21

4.3.0-rc1 - 2020-08-21

• tss2_*: Fix double-free errors in commands asking for password authorization

• tss2_*: Fix shorthand command -f that was falsely requiring an argument

• tss2_*: Update tss2_encrypt to the new FAPI interface

  • The argument 'policyPath' is removed which was never read anyway

• tss2_*: Remove the additional '\n' that was appended when redirecting to stdout

• tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec

• tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo

• tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout

• tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec

• tss2_*: Add parameter types to all man page

• tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data

• tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output

• tss2_pcrextend: fix extending PCR 0

• tss2_quote: fix unused TSS2_RC in LOG_ERR

4.3.0-rc0

4.3.0-rc0 - 2020-08-13

• tss2_*: Fix double-free errors in commands asking for password authorization

• tss2_*: Fix shorthand command -f that was falsely requiring an argument

• tss2_*: Update tss2_encrypt to the new FAPI interface

  • The argument 'policyPath' is removed which was never read anyway

• tss2_*: Remove the additional '\n' that was appended when redirecting to stdout

• tss2_*: Update mandatory vs optional treatment of arguments according to latest Fapi spec

• tss2_*: tss2_getinfo now retrieves the correct FAPI version from Fapi_GetInfo

• tss2_*: Fix the error handling in case of multiple inputs and/or outputs from stdin/stdout

• tss2_*: Fix syntax errors and update content of man pages according to latest Fapi spec

• tss2_*: Add parameter types to all man page

• tss2_*: tss2_setappdata now reads from file or stdin allowing to store also binary data

• tss2_*: Memory leaks are fixed in cases when a returned empty non-char output value was passed to file output

4.1.3

4.1.3 - 2020-06-02

• tpm2_create: Fix issue with userauth attribute being cleared if policy is specified.