| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: clevis-pin-tpm2 | Distribution: openSUSE Tumbleweed |
| Version: 21 | Vendor: openSUSE |
| Release: 1.1 | Build date: Sat Apr 19 14:57:13 2025 |
| Group: Unspecified | Build host: reproducible |
| Size: 51644 | Source RPM: clevis-21-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://github.com/latchset/clevis | |
| Summary: TPM2 pin integration for Clevis | |
Provides support to encrypt a key in a Trusted Platform Module 2.0 (TPM2) chip. The key used for encryption is encrypted using the TPM2 chip, and is decrypted using TPM2 to allow clevis to decrypt the secret stored in the JWE. Clevis store the public and private keys of the encrypted key in the JWE object, so those can be fetched on decryption to unseal the key encrypted using the TPM2.
GPL-3.0-or-later
* Sat Apr 19 2025 Enrico Belleri <kilgore.trout@idesmi.eu>
- Create packages:
* clevis-pin_tpm2
* clevis-pin_pkcs11
* clevis-pin-sss
* clevis-pin-tang
- Add 0002-find-pcscd.patch
- Update to version 21:
* [EXPERIMENTAL] Add PKCS#11 pin basic functionality (5b07e40)
* Ensure dnf builddep is installed in Fedora (#466) (2b34226)
* udisks2: check for EINTR when reading in recover_key() (4c6d5d9)
* udisks2: check if variables are NULL before calling unref (eea777f)
* Fix README.md to include tang https configuration (#175) (#417) (4bddd5e)
* Prevent Address in use error (601d0a9)
* Fedora test build fix (3420001)
* luks/udisks2: explicitly NULL-terminate buffer (251a888)
* pins/sss: intialize variable before use (0938231)
* Fix DNS resolution in initramfs (#367) (bebb037)
* Upgrade checkout version (v3->v4) (#452) (ea7a8e1)
* Fix killing of child process of clevisloop (c03dbf3)
* Added language and misspell check for markdown files (#439) (fee1db3)
* luks: decouple dracut from systemd unlocker (afe91eb)
* luks: move dracut out of systemd directory (cfefdde)
* Include manual compilation steps (#433) (ec16c7a)
* Avoid execution of Github actions for Markdown (#427) (c9f2066)
* Upgrade version for checkout Github action (#429) (4764b66)
* Fix README.md to include "tang" pin (#424) (3add946)
* Use jose, not pwmake, for password generation (#418) (4d23eda)
* Use quay.io version of Fedora Rawhide container (#425) (bf9e1cd)
* Add bash syntax highlighting to README.md (#414) (7c23279)
* Fix README.md to include correct sss example (#409) (eb92459)
* Fix Github actions by using latest ubuntu distro (#411) (c1a8aff)
* documenting parameter to pass args to cryptsetup (96726a2)
* initial test of passing args to 'crypsetup open' (0666b88)
* passing args to 'crypsetup open'
* Mon May 22 2023 Andreas Stieger <andreas.stieger@gmx.de>
- drop ncat requirement from clevis-systemd (boo#1211580)
* Tue Apr 11 2023 Marcus Meissner <meissner@suse.com>
- updated to v19
- Add external token id for existing passphrase (71869cb)
- luks-edit: remove unnecessary 2>/dev/null (6e48a1c)
- Avoid invalid message for clevis command (3f879a3)
- Notify error url on server connect fail (f5786d3)
- Improve boot performance by removing key check (47b01ab)
- systemd: account for unlocking failures in clevis-luks-askpass (92b09c9)
- luks: enable debugging in clevis scripts when rd.debug is set (8c9e020)
- luks: explicitly specify pbkdf iterations to cryptsetup (7159630)
- tpm2: improve validation of PCRs in clevis-encrypt-tpm2 (4eb1980)
- luks: define max entropy bits for pwmake (3bb852b)
- luks: ignore empty & comment lines in crypttab (0589c14)
- Avoid luksmeta corruption on clevis bind (d8a25e3)
* Tue Jan 17 2023 Marcus Meissner <meissner@suse.com>
- ship clevis v18, a unattended disk encryption unlocker, via either
a server or TPM2. (jsc#PED-3009, jsc#PM-3627, jsc#PM-2793)
/usr/bin/clevis-decrypt-tpm2 /usr/bin/clevis-encrypt-tpm2 /usr/share/licenses/clevis-pin-tpm2 /usr/share/licenses/clevis-pin-tpm2/COPYING /usr/share/man/man1/clevis-encrypt-tpm2.1.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat May 24 00:20:10 2025