tboot - Performs a verified launch using Intel(R) TXT

Distribution: openSUSE 13.2
Repository: openSUSE Security all
Package name: tboot
Package version: 20160518_1.9.4
Package release: 69.1
Package architecture: x86_64
Package type: rpm
Installed size: 1.07 MB
Download size: 566.30 KB
Official Mirror: ftp.gwdg.de
Trusted Boot (tboot) is a pre-kernel/VMM module that uses Intel(R) Trusted Execution Technology (Intel(R) TXT) to perform a measured and verified launch of an OS kernel/VMM.



  • tboot = 20160518_1.9.4-69.1
  • tboot(x86-64) = 20160518_1.9.4-69.1

    Install Howto

    1. Add the openSUSE Security repository:
      # zypper addrepo http://ftp.gwdg.de/pub/opensuse/repositories/security/openSUSE_13.2/ opensuse-security
    2. Install tboot rpm package:
      # zypper install tboot


    • /boot/tboot-syms
    • /boot/tboot.gz
    • /etc/grub.d/20_linux_tboot
    • /etc/grub.d/20_linux_xen_tboot
    • /usr/sbin/acminfo
    • /usr/sbin/lcp2_crtpol
    • /usr/sbin/lcp2_crtpolelt
    • /usr/sbin/lcp2_crtpollist
    • /usr/sbin/lcp2_mlehash
    • /usr/sbin/lcp_crtpconf
    • /usr/sbin/lcp_crtpol
    • /usr/sbin/lcp_crtpol2
    • /usr/sbin/lcp_crtpolelt
    • /usr/sbin/lcp_crtpollist
    • /usr/sbin/lcp_mlehash
    • /usr/sbin/lcp_readpol
    • /usr/sbin/lcp_writepol
    • /usr/sbin/parse_err
    • /usr/sbin/tb_polgen
    • /usr/sbin/tpmnv_defindex
    • /usr/sbin/tpmnv_getcap
    • /usr/sbin/tpmnv_lock
    • /usr/sbin/tpmnv_relindex
    • /usr/sbin/txt-stat
    • /usr/share/doc/packages/tboot/COPYING
    • /usr/share/doc/packages/tboot/Linux_LCP_Tools_User_Manual.pdf
    • /usr/share/doc/packages/tboot/Makefile
    • /usr/share/doc/packages/tboot/README
    • /usr/share/doc/packages/tboot/lcptools2.txt
    • /usr/share/doc/packages/tboot/policy_v1.txt
    • /usr/share/doc/packages/tboot/policy_v2.txt
    • /usr/share/doc/packages/tboot/txt-info.txt
    • /usr/share/doc/packages/tboot/vlp.txt
    • /usr/share/doc/packages/tboot/man/acminfo.8
    • /usr/share/doc/packages/tboot/man/lcp_crtpconf.8
    • /usr/share/doc/packages/tboot/man/lcp_crtpol.8
    • /usr/share/doc/packages/tboot/man/lcp_crtpol2.8
    • /usr/share/doc/packages/tboot/man/lcp_crtpolelt.8
    • /usr/share/doc/packages/tboot/man/lcp_crtpollist.8
    • /usr/share/doc/packages/tboot/man/lcp_mlehash.8
    • /usr/share/doc/packages/tboot/man/lcp_readpol.8
    • /usr/share/doc/packages/tboot/man/lcp_writepol.8
    • /usr/share/doc/packages/tboot/man/tb_polgen.8
    • /usr/share/doc/packages/tboot/man/txt-stat.8
    • /usr/share/man/man8/acminfo.8.gz
    • /usr/share/man/man8/lcp_crtpconf.8.gz
    • /usr/share/man/man8/lcp_crtpol.8.gz
    • /usr/share/man/man8/lcp_crtpol2.8.gz
    • /usr/share/man/man8/lcp_crtpolelt.8.gz
    • /usr/share/man/man8/lcp_crtpollist.8.gz
    • /usr/share/man/man8/lcp_mlehash.8.gz
    • /usr/share/man/man8/lcp_readpol.8.gz
    • /usr/share/man/man8/lcp_writepol.8.gz
    • /usr/share/man/man8/tb_polgen.8.gz
    • /usr/share/man/man8/txt-stat.8.gz


    2017-02-10 - jengelh@inai.de - Trim filler words from description; use modern macros over shell vars.

    2017-02-08 - meissner@suse.com - Updated to 20161216: v1.9.5 (FATE#321510) + Add 2nd generation of LCP creation tool source codes for TPM 2.0 platforms. + Add user guide for 2nd generation LCP creation tool + Provide workaround for Intel PTT(Platform Trust Technology) & Linux PTT driver. + Add new fields in Linux kernel header struct to accommodate Linux kernel new capabilities. + Fix a pointer dereference regression in the tboot native Linux loader which manifests itself as a system reset. + Fix the issue of overwriting tboot when the loaded elf kernel is located below tboot. + Add support to release TPM localities when tboot exits to linux kernel. + Fix the evtlog dump function for tpm2 case. + Initiaize kernel header comdline buffer before copying kernel cmdline arguments to the buffer to avoid random + data at end of the original cmdline contents. + Move tpm_detect() to an earlier stage so as to get tpm interface initialized before checking TXT platform capabilities.

    2016-06-22 - mchang@suse.com - Fix wrong pvops kernel config matching (bsc#981948) * modified tboot-grub2-fix-menu-in-xen-host-server.patch

    2016-06-01 - meissner@suse.com - tboot-grub2-suse.patch: fixed bad if/elif

    2016-05-19 - meissner@suse.com - Updated to 1.9.4/20160518 (FATE#320665) Added TPM 2.0 CRB support Increased BSP and AP stacks to avoid stack overflow Added an ACPI_RSDP structure g_rsdp in tboot to avoid potential memory overwritten issue on TPM 2.0 UEFI platforms Added support to both Intel TPM nv index set and TCG TPM nv index set grub2: tboot doesn't skip first argument any more grub2: sanitize whitespace in command lines grub2: Allow addition of policy data in grub.cfg grub2 support: allow the user to customize the command line Mitigated S3 resume delay by adjusting LZ_MAX_OFFSET to 5000 in lz.c. Added SGX TPM nv index support Add 64 bit ELF object support Gentoo Hardened, which uses the GRSecurity and PaX patch sets Disable -fstack-check in CFLAG for compatibility with Gentoo Linux. Enhanced tboot compatiblity running on non-Intel TXT platform with a fix of is_launched() LCP documentation improvements - tboot-grub2-suse.patch: refreshed - tboot-grub2-fix-xen-submenu-name.patch: refreshed - tboot-fix-stackoverflow.patch: upstream in 1.9.4

    2016-04-06 - meissner@suse.com - tboot-fix-stackoverflow.patch: fix a excessive stack usage pattern that could lead to resets/crashes (bsc#967441)

    2015-05-08 - meissner@suse.com - Updated to 1.8.3/20140728 FATE#318542 * Added verified launch control policy user guide * Fixed a bug about var MTRR settings to follow the rule that each VAR MTRR base must be a multiple of that MTRR's size. * Access tpm sts reg with 3-byte width in v1.2 case and 4-byte width in v2.0 case * Bugfix: lcp2_mlehash get wrong hash if the cmdline string length > 7 * Optimized tboot log processing flow to avoid log buffer overflow by adopting lz Compress/Uncompress algorithms * Added SGX support for Skylake platform * tpm2: use the primary object in NULL Hierarchy instead of Platform Hierarchy for seal/unseal usage * Fixed a bug for lcp2_mlehash tool * Fixed system hang issue caused by TXT disable, TPM disable or SINIT ACM not correctly provided in EFI booting mode * Fixed bug for wrong assumption on the way how GRUB2 load modules * Fixed MB2 tags mess issue caused by moving shorter module cmdline to head * Fixed compile issue when debug=y - refreshed tboot-grub2-fix-xen-submenu-name.patch

    2014-07-28 - meissner@suse.com - updated to 1.8.2/20140728 Security Fix: TBOOT Argument Measurement Vulnerability for GRUB2 + ELF Kernels fix werror in 32 bit build environment - tboot-fix.patch: removed, fixed differently upstream.