Package: tpm2-tools / 5.0-2


Package Version Patches format
tpm2-tools 5.0-2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001_add_version_string.patch | (download) | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 add version string to
 The uses git to get the version string. However the git command
 cannot get the version string because this is not a git repo.
 In Debian we should get the string from debian/changelog.
0001 tpm2_import fix fixed AES key CVE 2021 3565.patch | (download)

tools/tpm2_import.c | 12 11 + 1 - 0 !
1 file changed, 11 insertions(+), 1 deletion(-)

 [patch] tpm2_import: fix fixed aes key cve-2021-3565

tpm2_import used a fixed AES key for the inner wrapper, which means that
a MITM attack would be able to unwrap the imported key. Even the
use of an encrypted session will not prevent this. The TPM only
encrypts the first parameter which is the fixed symmetric key.

To fix this, ensure the key size is 16 bytes or bigger and use
OpenSSL to generate a secure random AES key.

Fixes: #2738

Signed-off-by: William Roberts <>