forked from pool/grub2
Michael Chang
cda3e9a045
* grub2-bls-loader-entry-oneshot.patch OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=550
85 lines
2.8 KiB
Diff
85 lines
2.8 KiB
Diff
From 46c9f3a8dac5274c8d117ea131ca5c5842f9276f Mon Sep 17 00:00:00 2001
|
|
From: Gary Lin <glin@suse.com>
|
|
Date: Mon, 7 Apr 2025 16:29:16 +0800
|
|
Subject: [PATCH 2/7] tpm2_key_protector: Add tpm2_dump_pcr command
|
|
|
|
The user may need to inspect the TPM 2.0 PCR values with the GRUB shell,
|
|
so the new tpm2_dump_pcr command is added to print all PCRs of the
|
|
specified bank.
|
|
|
|
Also update the document for the new command.
|
|
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
---
|
|
docs/grub.texi | 13 +++++++
|
|
.../commands/tpm2_key_protector/module.c | 35 +++++++++++++++++++
|
|
2 files changed, 48 insertions(+)
|
|
|
|
Index: grub-2.12/grub-core/commands/tpm2_key_protector/module.c
|
|
===================================================================
|
|
--- grub-2.12.orig/grub-core/commands/tpm2_key_protector/module.c
|
|
+++ grub-2.12/grub-core/commands/tpm2_key_protector/module.c
|
|
@@ -160,6 +160,8 @@ static grub_extcmd_t tpm2_protector_init
|
|
static grub_extcmd_t tpm2_protector_clear_cmd;
|
|
static tpm2_protector_context_t tpm2_protector_ctx = {0};
|
|
|
|
+static grub_command_t tpm2_dump_pcr_cmd;
|
|
+
|
|
static grub_err_t
|
|
tpm2_protector_srk_read_file (const char *filepath, void **buffer, grub_size_t *buffer_size)
|
|
{
|
|
@@ -1327,6 +1329,33 @@ static struct grub_key_protector tpm2_ke
|
|
.recover_key = tpm2_protector_recover_key
|
|
};
|
|
|
|
+static grub_err_t
|
|
+tpm2_dump_pcr (grub_command_t cmd __attribute__((__unused__)),
|
|
+ int argc, char *argv[])
|
|
+{
|
|
+ TPM_ALG_ID_t pcr_bank;
|
|
+
|
|
+ if (argc == 0)
|
|
+ pcr_bank = TPM_ALG_SHA256;
|
|
+ else if (grub_strcmp (argv[0], "sha1") == 0)
|
|
+ pcr_bank = TPM_ALG_SHA1;
|
|
+ else if (grub_strcmp (argv[0], "sha256") == 0)
|
|
+ pcr_bank = TPM_ALG_SHA256;
|
|
+ else if (grub_strcmp (argv[0], "sha384") == 0)
|
|
+ pcr_bank = TPM_ALG_SHA384;
|
|
+ else if (grub_strcmp (argv[0], "sha512") == 0)
|
|
+ pcr_bank = TPM_ALG_SHA512;
|
|
+ else
|
|
+ {
|
|
+ grub_printf ("Unknown PCR bank\n");
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
+ }
|
|
+
|
|
+ tpm2_protector_dump_pcr (pcr_bank);
|
|
+
|
|
+ return GRUB_ERR_NONE;
|
|
+}
|
|
+
|
|
GRUB_MOD_INIT (tpm2_key_protector)
|
|
{
|
|
tpm2_protector_init_cmd =
|
|
@@ -1348,6 +1377,10 @@ GRUB_MOD_INIT (tpm2_key_protector)
|
|
N_("Clear the TPM2 key protector if previously initialized."),
|
|
NULL);
|
|
grub_key_protector_register (&tpm2_key_protector);
|
|
+
|
|
+ tpm2_dump_pcr_cmd =
|
|
+ grub_register_command ("tpm2_dump_pcr", tpm2_dump_pcr, N_("Dump TPM2 PCRs"),
|
|
+ N_("Print all PCRs of the specified TPM 2.0 bank"));
|
|
}
|
|
|
|
GRUB_MOD_FINI (tpm2_key_protector)
|
|
@@ -1357,4 +1390,6 @@ GRUB_MOD_FINI (tpm2_key_protector)
|
|
grub_key_protector_unregister (&tpm2_key_protector);
|
|
grub_unregister_extcmd (tpm2_protector_clear_cmd);
|
|
grub_unregister_extcmd (tpm2_protector_init_cmd);
|
|
+
|
|
+ grub_unregister_command (tpm2_dump_pcr_cmd);
|
|
}
|