kernel-tools/grub2
SHA256
7
0
Fork 0
forked from pool/grub2
Code Pull Requests Activity
Files
main
grub2/0003-tss2-Fix-the-missing-authCommand.patch
Michael Chang 55e98eca8c - Measure the envblk used by pre_loadenv 
* 0001-prep_loadenv-Measure-the-environment-block-into-PCR-.patch
- Enable PowerPC 64 support for tss2 and tpm2_key_protector
  * 0001-tpm2_key_protector-Add-grub-emu-support.patch
  * 0001-tss2-Adjust-bit-fields-for-big-endian-targets.patch
  * 0002-term-ieee1275-serial-Cast-0-to-proper-type.patch
  * 0003-ieee1275-Consolidate-repeated-definitions-of-IEEE127.patch
  * 0004-ieee1275-ibmvpm-Move-TPM-initialization-functions-to.patch
  * 0005-ieee1275-tcg2-Refactor-grub_ieee1275_tpm_init.patch
  * 0006-ieee1275-tcg2-Add-TCG2-driver-for-ieee1275-PowerPC-f.patch
  * 0007-tpm2_key_protector-Enable-build-for-powerpc_ieee1275.patch
- Dump PCRs when TPM unsealing fails
  * 0001-tpm2_key_protector-Dump-PCRs-on-policy-fail.patch
  * 0002-tpm2_key_protector-Add-tpm2_dump_pcr-command.patch
- Add 'NV index' handle support to tpm2_key_protector
  * 0003-tss2-Fix-the-missing-authCommand.patch
  * 0004-tss2-Add-TPM-2.0-NV-index-commands.patch
  * 0005-tpm2_key_protector-Unseal-key-from-a-buffer.patch
  * 0006-tpm2_key_protector-Support-NV-index-handles.patch
  * 0007-util-grub-protect-Support-NV-index-mode.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=540
2025-04-15 04:10:27 +00:00

67 lines
2.4 KiB
Diff
Raw Permalink Blame History

From 041164d00e79ffd2433675a5dd5b824833b9fc6a Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Mon, 7 Apr 2025 16:29:17 +0800
Subject: [PATCH 3/7] tss2: Fix the missing authCommand
grub_tpm2_readpublic() and grub_tpm2_testparms() didn't check
authCommand when marshaling the input data buffer. Currently, there is
no caller using non-NULL authCommand. However, to avoid the potential
issue, the conditional check is added to insert authCommand into the
input buffer if necessary.
Also fix a few pointer checks.
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/lib/tss2/tpm2_cmd.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/grub-core/lib/tss2/tpm2_cmd.c b/grub-core/lib/tss2/tpm2_cmd.c
index cd0c6fd31..211d807d5 100644
--- a/grub-core/lib/tss2/tpm2_cmd.c
+++ b/grub-core/lib/tss2/tpm2_cmd.c
@@ -341,6 +341,8 @@ grub_tpm2_readpublic (const TPMI_DH_OBJECT_t objectHandle,
/* Marshal */
grub_tpm2_buffer_init (&in);
grub_tpm2_buffer_pack_u32 (&in, objectHandle);
+ if (authCommand != NULL)
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
if (in.error != 0)
return TPM_RC_FAILURE;
@@ -398,7 +400,7 @@ grub_tpm2_load (const TPMI_DH_OBJECT_t parent_handle,
/* Marshal */
grub_tpm2_buffer_init (&in);
grub_tpm2_buffer_pack_u32 (&in, parent_handle);
- if (authCommand)
+ if (authCommand != NULL)
grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
grub_Tss2_MU_TPM2B_Marshal (&in, inPrivate->size, inPrivate->buffer);
grub_Tss2_MU_TPM2B_PUBLIC_Marshal (&in, inPublic);
@@ -461,9 +463,9 @@ grub_tpm2_loadexternal (const TPMS_AUTH_COMMAND_t *authCommand,
/* Marshal */
grub_tpm2_buffer_init (&in);
- if (authCommand)
+ if (authCommand != NULL)
grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
- if (inPrivate)
+ if (inPrivate != NULL)
grub_Tss2_MU_TPM2B_SENSITIVE_Marshal (&in, inPrivate);
else
grub_tpm2_buffer_pack_u16 (&in, 0);
@@ -1023,6 +1025,8 @@ grub_tpm2_testparms (const TPMT_PUBLIC_PARMS_t *parms,
/* Marshal */
grub_tpm2_buffer_init (&in);
grub_Tss2_MU_TPMT_PUBLIC_PARMS_Marshal (&in, parms);
+ if (authCommand != NULL)
+ grub_Tss2_MU_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
if (in.error != 0)
return TPM_RC_FAILURE;
--
2.43.0
View Git Blame Copy Permalink