What's Changed

• Adjust MarshalSubjectAltName to allow SANs to be critical by @liamjm in #367
• A note for Linux clients of tpm.EKs(). Fix the doc for attest.ActivateCredentialWithEK() as well. by @zhsh in #368
• Support sha384 RSA signature by @whongda in #372
• Configured Dependabot grouped updates by @brandonweeks in #376
• Support ECC AKs on Linux by @brandonweeks in #395
• attest: Support "qualifyingData" when creating a new key. by @zhsh in #401
• attest: tpm.NewKeyCertifiedBy() that does not require an attest.AK object by @zhsh in #402
• attest: Implement discovery of supported PCR banks by @zhsh in #404
• TPM.PCRBanks() should ignore empty PCR banks. by @zhsh in #406
• Add github-actions to Dependabot config by @brandonweeks in #408
• Bump Go version to 1.24 by @brandonweeks in #411
• Fix CodeSQL permissions by @brandonweeks in #412
• Fix CodeQL permissions take 2 by @brandonweeks in #413
• Support ECDSA based AK's on Windows by @skepth in #415
• Update tpm.go docs to match implementation of AttestPlatform by @liamjm in #426
• Add oid.VerifiedTPM{Fixed,Residency} by @JasonXJ in #420
• x509ext.ParseSubjectAltName() rejects unknown otherName type ids by @JasonXJ in #419
• Make ActivationParameters.CheckAKParameters() public by @JasonXJ in #421
• As per RFC 5755, OtherObjectTypeID is optional by @sribs in #427
• Support ECDSA verification for attribute certificates by @limansa in #429
• Add support for AMD EK certificates by @Krishap-s in #380
• Add RSA package containing RSA-PSS workaround by @brandonweeks in #431
• Fix OSS-Fuzz finding by @brandonweeks in #432
• Drop TPM 1.2; sync internal changes by @brandonweeks in #430
• Remove unnecessary test helper by @brandonweeks in #433
• Add SignMsg() and Public() to AK by @JasonXJ in #434
• Clarify license and origin of attributecert.go (#440) by @jas4711 in #441
• feat: support quote for ECDSA based AK by @loicsikidi in #444
• Add negative test cases for AK signing. by @liamjm in #450
• Update README.md by @liamjm in #449
• Fix(attributecert): Use int64 for ComponentManufacturerID by @liamjm in #457
• More thorough testing of PCR banks and their hash algs by @liamjm in #455
• Define more windows erorr codes, and their description. by @liamjm in #458
• Add method to create Attribute certs by @liamjm in #453
• Typos by @liamjm in #461
• Allow rsa.PSSSaltLengthEqualsHash as option by @maraino in #361
• Replace multierr with errors.Join for error handling by @liamjm in #462
• Add helper method FromCryptoHash() to convert to HashAlg by @liamjm in #463
• Add another failure case for RSA PSS Opts by @liamjm in #464
• Fix typos in comments. by @tomfitzhenry in #466

New Contributors

• @liamjm made their first contribution in #367
• @whongda made their first contribution in #372
• @skepth made their first contribution in #415
• @JasonXJ made their first contribution in #420
• @sribs made their first contribution in #427
• @limansa made their first contribution in #429
• @Krishap-s made their first contribution in #380
• @jas4711 made their first contribution in #441
• @loicsikidi made their first contribution in #444
• @maraino made their first contribution in #361
• @tomfitzhenry made their first contribution in #466

Full Changelog: v0.5.1...v0.6.0

What's Changed

• Add EK as a field to AK struct. by @zhsh in #332
• Add TPM.EKCertificates() method. by @zhsh in #333
• attest: Make PCRs included in quote configurable by @smo4201 in #311
• Activate AK with ECC EKs. by @zhsh in #339
• attest: ActivateCredentialWithEK() method that can be used with ECC EKs by @zhsh in #340
• attest: Remove the EK field from AK struct by @zhsh in #341
• attest: Create keys under non-default SRKs by @zhsh in #342
• ci: don't install OpenSSL 1.1 on macOS by @brandonweeks in #350
• Bump golang.org/x/sys from 0.9.0 to 0.12.0 by @dependabot in #348
• Fix typo by @djm-google in #349
• Fix Intel EK certificate URLs on Linux by @hslatman in #347
• Bump github.com/google/go-tpm-tools from 0.3.13-0.20230620182252-4639ecce2aba to 0.4.0 by @dependabot in #351
• Bump github.com/google/go-tpm-tools from 0.4.0 to 0.4.1 by @dependabot in #352
• Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in #354
• Bump golang.org/x/sys from 0.12.0 to 0.13.0 by @dependabot in #353
• Bump github.com/google/go-tpm-tools from 0.4.1 to 0.4.2 by @dependabot in #355
• Bump golang.org/x/sys from 0.13.0 to 0.14.0 by @dependabot in #356
• Don't drop leading zeroes when performing generic ecdsa signing by @mwielgoszewski in #357

New Contributors

• @smo4201 made their first contribution in #311
• @djm-google made their first contribution in #349

Full Changelog: v0.5.0...v0.5.1

What's Changed

• Bump github.com/google/go-cmp from 0.5.5 to 0.5.7 by @dependabot in #261
• Fixup CI by @josephlr in #270
• Remove certificate-transparency-go dependency by @josephlr in #269
• Bump github.com/google/go-tpm-tools from 0.3.1 to 0.3.7 by @dependabot in #273
• Bump github.com/google/go-tpm-tools from 0.3.7 to 0.3.8 by @dependabot in #276
• Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #275
• attest: restore change from a35bd36 mistakingly removed in be496f1 by @brandonweeks in #277
• attest: fix OSS-Fuzz build by @brandonweeks in #278
• x509ext: initial version of package by @brandonweeks in #279
• Set NoDa flag on the AK template by @brandonweeks in #280
• Bump github.com/google/go-tpm-tools from 0.3.8 to 0.3.9 by @dependabot in #285
• Ignore MokListTrusted events in ParseUEFIVariableAuthority by @malt3 in #284
• Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 by @dependabot in #286
• Fix decoding of uints in windows events by @hansinator in #290
• fix returning wrong error in ParseWinEvents by @hansinator in #291
• Fix lints; run gofmt by @brandonweeks in #293
• Run golangci-lint as part of CI by @brandonweeks in #294
• Preserve error logic in getPrimaryKeyHandle by @gerow in #296
• Truncate digests to the left most bits when signing with ECDSA by @mwielgoszewski in #298
• Use NV cert index as auth hierarchy for EK cert by @gerow in #304
• Handle multiple ELAM events by @brandonweeks in #309
• Bump github.com/google/go-tspi from 0.2.1-0.20190423175329-115dea689aad to 0.3.0 by @dependabot in #307
• Parse TCG_PCR_EVENT2 structures with an eventSize of 0 by @xose in #318
• Fix comments referring to .Serialize() instead of .Marshal() by @strideynet in #315
• Bump Go version to 1.19 by @brandonweeks in #325
• Bump golang.org/x/sys from 0.0.0-20220209214540-3681064d5158 to 0.8.0 by @dependabot in #316
• Bump github.com/google/go-tpm-tools from 0.3.9 to 0.3.12 by @dependabot in #324
• wrappedTPM20.ekTemplate() never returns an error. by @zhsh in #327
• Fix Intel EK certificate URL by @hslatman in #310
• Add support for generating TPM2.0 challenges using AttestedCertifyInfos by @juanvallejo in #322
• Renamed some variables and methods to highlight that only RSA EKs are by @zhsh in #330
• use legacy tpm2 at its new path by @chrisfenner in #331
• Fix golangci-lint workflow by @ldez in #336
• Bump golang.org/x/sys from 0.8.0 to 0.9.0 by @dependabot in #335
• Bump github.com/google/go-tpm from 0.3.4 to 0.9.0 by @brandonweeks in #337

New Contributors

• @josephlr made their first contribution in #270
• @malt3 made their first contribution in #284
• @hansinator made their first contribution in #290
• @gerow made their first contribution in #296
• @mwielgoszewski made their first contribution in #298
• @xose made their first contribution in #318
• @strideynet made their first contribution in #315
• @zhsh made their first contribution in #327
• @hslatman made their first contribution in #310
• @juanvallejo made their first contribution in #322
• @chrisfenner made their first contribution in #331
• @ldez made their first contribution in #336

Full Changelog: v0.4.3...v0.5.0

• Parse TCG_PCClientPCREvent structures with an eventSize of 0 (#212)

• win_events: Determine if the WBCL was for a cold boot (as opposed to a resume from hibernation) (#209)
• bugfix(eventlog): Assume TPM1.2 events if NO_ACTION is too short (#208)
• Fix integer overflow in digest parsing (#211)

• attest: add bounds checks for slice indexes (#197)
• attestPCRs(): make sure that the return values are consistent (#199)
• Support for application signing keys (#201)
• Bump github.com/google/go-cmp from 0.5.4 to 0.5.5 (#203)
• Verify(): ensure that the hash function is available (#204)
• Bump Go version to 1.16, update dependencies (#205)
• testKeySign: small fix (#206)
• Minor fixes and additions (#207)

• Update google/go-tpm to v0.3.2 (#195)

• Update google/go-tpm to v0.3.1 (#183)
• Go 1.15 support (#185)