2024-12-04 04:59:01 +01:00
|
|
|
From efaca9fb03399c706191e047b68f5fede49421ab Mon Sep 17 00:00:00 2001
|
2024-11-29 09:48:07 +01:00
|
|
|
From: Hernan Gatta <hegatta@linux.microsoft.com>
|
|
|
|
Date: Tue, 1 Feb 2022 05:02:57 -0800
|
2024-12-04 04:59:01 +01:00
|
|
|
Subject: [PATCH] util/grub-protect: Add new tool
|
2024-11-29 09:48:07 +01:00
|
|
|
|
|
|
|
To utilize the key protectors framework, there must be a way to protect
|
|
|
|
full-disk encryption keys in the first place. The grub-protect tool
|
|
|
|
includes support for the TPM2 key protector but other protectors that
|
|
|
|
require setup ahead of time can be supported in the future.
|
|
|
|
|
|
|
|
For the TPM2 key protector, the intended flow is for a user to have a
|
|
|
|
LUKS 1 or LUKS 2-protected fully-encrypted disk. The user then creates a
|
|
|
|
new LUKS key file, say by reading /dev/urandom into a file, and creates
|
|
|
|
a new LUKS key slot for this key. Then, the user invokes the grub-protect
|
|
|
|
tool to seal this key file to a set of PCRs using the system's TPM 2.0.
|
|
|
|
The resulting sealed key file is stored in an unencrypted partition such
|
|
|
|
as the EFI System Partition (ESP) so that GRUB may read it. The user also
|
|
|
|
has to ensure the cryptomount command is included in GRUB's boot script
|
|
|
|
and that it carries the requisite key protector (-P) parameter.
|
|
|
|
|
|
|
|
Sample usage:
|
|
|
|
|
|
|
|
$ dd if=/dev/urandom of=luks-key bs=1 count=32
|
|
|
|
$ sudo cryptsetup luksAddKey /dev/sdb1 luks-key --pbkdf=pbkdf2 --hash=sha512
|
|
|
|
|
|
|
|
To seal the key with TPM 2.0 Key File (recommended):
|
|
|
|
|
|
|
|
$ sudo grub-protect --action=add \
|
|
|
|
--protector=tpm2 \
|
2024-12-04 04:59:01 +01:00
|
|
|
--tpm2-pcrs=0,2,4,7,9 \
|
2024-11-29 09:48:07 +01:00
|
|
|
--tpm2key \
|
|
|
|
--tpm2-keyfile=luks-key \
|
2024-12-04 04:59:01 +01:00
|
|
|
--tpm2-outfile=/boot/efi/efi/grub/sealed.tpm
|
2024-11-29 09:48:07 +01:00
|
|
|
|
|
|
|
Or, to seal the key with the raw sealed key:
|
|
|
|
|
|
|
|
$ sudo grub-protect --action=add \
|
|
|
|
--protector=tpm2 \
|
2024-12-04 04:59:01 +01:00
|
|
|
--tpm2-pcrs=0,2,4,7,9 \
|
2024-11-29 09:48:07 +01:00
|
|
|
--tpm2-keyfile=luks-key \
|
2024-12-04 04:59:01 +01:00
|
|
|
--tpm2-outfile=/boot/efi/efi/grub/sealed.key
|
2024-11-29 09:48:07 +01:00
|
|
|
|
|
|
|
Then, in the boot script, for TPM 2.0 Key File:
|
|
|
|
|
2024-12-04 04:59:01 +01:00
|
|
|
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/efi/grub/sealed.tpm
|
2024-11-29 09:48:07 +01:00
|
|
|
cryptomount -u <SDB1_UUID> -P tpm2
|
|
|
|
|
|
|
|
Or, for the raw sealed key:
|
|
|
|
|
2024-12-04 04:59:01 +01:00
|
|
|
tpm2_key_protector_init --keyfile=(hd0,gpt1)/efi/grub/sealed.key --pcrs=0,2,4,7,9
|
2024-11-29 09:48:07 +01:00
|
|
|
cryptomount -u <SDB1_UUID> -P tpm2
|
|
|
|
|
|
|
|
The benefit of using TPM 2.0 Key File is that the PCR set is already
|
|
|
|
written in the key file, so there is no need to specify PCRs when
|
|
|
|
invoking tpm2_key_protector_init.
|
|
|
|
|
|
|
|
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
|
|
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
2024-12-04 04:59:01 +01:00
|
|
|
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
2024-11-29 09:48:07 +01:00
|
|
|
---
|
|
|
|
.gitignore | 2 +
|
2024-12-04 04:59:01 +01:00
|
|
|
Makefile.util.def | 26 +
|
2024-11-29 09:48:07 +01:00
|
|
|
configure.ac | 30 +
|
|
|
|
docs/man/grub-protect.h2m | 4 +
|
2024-12-04 04:59:01 +01:00
|
|
|
util/grub-protect.c | 1407 +++++++++++++++++++++++++++++++++++++
|
|
|
|
5 files changed, 1469 insertions(+)
|
2024-11-29 09:48:07 +01:00
|
|
|
create mode 100644 docs/man/grub-protect.h2m
|
|
|
|
create mode 100644 util/grub-protect.c
|
|
|
|
|
|
|
|
Index: grub-2.12/Makefile.util.def
|
|
|
|
===================================================================
|
|
|
|
--- grub-2.12.orig/Makefile.util.def
|
|
|
|
+++ grub-2.12/Makefile.util.def
|
2024-12-04 04:59:01 +01:00
|
|
|
@@ -208,6 +208,32 @@ program = {
|
2024-11-29 09:48:07 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
program = {
|
|
|
|
+ name = grub-protect;
|
|
|
|
+ mansection = 1;
|
|
|
|
+
|
|
|
|
+ common = grub-core/kern/emu/argp_common.c;
|
|
|
|
+ common = grub-core/osdep/init.c;
|
2024-12-04 04:59:01 +01:00
|
|
|
+ common = grub-core/lib/tss2/buffer.c;
|
|
|
|
+ common = grub-core/lib/tss2/tss2_mu.c;
|
|
|
|
+ common = grub-core/lib/tss2/tpm2_cmd.c;
|
|
|
|
+ common = grub-core/commands/tpm2_key_protector/args.c;
|
|
|
|
+ common = grub-core/commands/tpm2_key_protector/tpm2key_asn1_tab.c;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ common = util/grub-protect.c;
|
|
|
|
+ common = util/probe.c;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ cflags = '-I$(srcdir)/grub-core/lib/tss2 -I$(srcdir)/grub-core/commands/tpm2_key_protector';
|
|
|
|
+
|
2024-11-29 09:48:07 +01:00
|
|
|
+ ldadd = libgrubmods.a;
|
|
|
|
+ ldadd = libgrubgcry.a;
|
|
|
|
+ ldadd = libgrubkern.a;
|
|
|
|
+ ldadd = grub-core/lib/gnulib/libgnu.a;
|
|
|
|
+ ldadd = '$(LIBTASN1)';
|
|
|
|
+ ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
|
|
|
+
|
|
|
|
+ condition = COND_GRUB_PROTECT;
|
|
|
|
+};
|
|
|
|
+
|
|
|
|
+program = {
|
|
|
|
name = grub-mkrelpath;
|
|
|
|
mansection = 1;
|
|
|
|
|
|
|
|
Index: grub-2.12/configure.ac
|
|
|
|
===================================================================
|
|
|
|
--- grub-2.12.orig/configure.ac
|
|
|
|
+++ grub-2.12/configure.ac
|
|
|
|
@@ -76,6 +76,7 @@ grub_TRANSFORM([grub-mkpasswd-pbkdf2])
|
|
|
|
grub_TRANSFORM([grub-mkrelpath])
|
|
|
|
grub_TRANSFORM([grub-mkrescue])
|
|
|
|
grub_TRANSFORM([grub-probe])
|
|
|
|
+grub_TRANSFORM([grub-protect])
|
|
|
|
grub_TRANSFORM([grub-reboot])
|
|
|
|
grub_TRANSFORM([grub-script-check])
|
|
|
|
grub_TRANSFORM([grub-set-default])
|
|
|
|
@@ -2057,6 +2058,29 @@ fi
|
|
|
|
AC_SUBST([LIBZFS])
|
|
|
|
AC_SUBST([LIBNVPAIR])
|
|
|
|
|
|
|
|
+AC_ARG_ENABLE([grub-protect],
|
|
|
|
+ [AS_HELP_STRING([--enable-grub-protect],
|
|
|
|
+ [build and install the `grub-protect' utility (default=guessed)])])
|
|
|
|
+if test x"$enable_grub_protect" = xno ; then
|
|
|
|
+ grub_protect_excuse="explicitly disabled"
|
|
|
|
+fi
|
|
|
|
+
|
|
|
|
+LIBTASN1=
|
|
|
|
+if test x"$grub_protect_excuse" = x ; then
|
|
|
|
+ AC_CHECK_LIB([tasn1], [asn1_write_value], [LIBTASN1="-ltasn1"], [grub_protect_excuse="need libtasn1 library"])
|
|
|
|
+fi
|
|
|
|
+AC_SUBST([LIBTASN1])
|
|
|
|
+
|
|
|
|
+if test x"$enable_grub_protect" = xyes && test x"$grub_protect_excuse" != x ; then
|
|
|
|
+ AC_MSG_ERROR([grub-protect was explicitly requested but can't be compiled ($grub_protect_excuse)])
|
|
|
|
+fi
|
|
|
|
+if test x"$grub_protect_excuse" = x ; then
|
|
|
|
+enable_grub_protect=yes
|
|
|
|
+else
|
|
|
|
+enable_grub_protect=no
|
|
|
|
+fi
|
|
|
|
+AC_SUBST([enable_grub_protect])
|
|
|
|
+
|
|
|
|
LIBS=""
|
|
|
|
|
|
|
|
AC_SUBST([FONT_SOURCE])
|
|
|
|
@@ -2177,6 +2201,7 @@ AM_CONDITIONAL([COND_GRUB_EMU_SDL], [tes
|
|
|
|
AM_CONDITIONAL([COND_GRUB_EMU_PCI], [test x$enable_grub_emu_pci = xyes])
|
|
|
|
AM_CONDITIONAL([COND_GRUB_MKFONT], [test x$enable_grub_mkfont = xyes])
|
|
|
|
AM_CONDITIONAL([COND_GRUB_MOUNT], [test x$enable_grub_mount = xyes])
|
|
|
|
+AM_CONDITIONAL([COND_GRUB_PROTECT], [test x$enable_grub_protect = xyes])
|
|
|
|
AM_CONDITIONAL([COND_HAVE_FONT_SOURCE], [test x$FONT_SOURCE != x])
|
|
|
|
if test x$FONT_SOURCE != x ; then
|
|
|
|
HAVE_FONT_SOURCE=1
|
|
|
|
@@ -2304,6 +2329,11 @@ echo grub-mount: Yes
|
|
|
|
else
|
|
|
|
echo grub-mount: No "($grub_mount_excuse)"
|
|
|
|
fi
|
|
|
|
+if [ x"$grub_protect_excuse" = x ]; then
|
|
|
|
+echo grub-protect: Yes
|
|
|
|
+else
|
|
|
|
+echo grub-protect: No "($grub_protect_excuse)"
|
|
|
|
+fi
|
|
|
|
if [ x"$starfield_excuse" = x ]; then
|
|
|
|
echo starfield theme: Yes
|
|
|
|
echo With DejaVuSans font from $DJVU_FONT_SOURCE
|
|
|
|
Index: grub-2.12/docs/man/grub-protect.h2m
|
|
|
|
===================================================================
|
|
|
|
--- /dev/null
|
|
|
|
+++ grub-2.12/docs/man/grub-protect.h2m
|
|
|
|
@@ -0,0 +1,4 @@
|
|
|
|
+[NAME]
|
|
|
|
+grub-protect \- protect a disk key with a key protector
|
|
|
|
+[DESCRIPTION]
|
2024-12-04 04:59:01 +01:00
|
|
|
+grub-protect helps to protect a disk encryption key with a specified key protector.
|
2024-11-29 09:48:07 +01:00
|
|
|
Index: grub-2.12/util/grub-protect.c
|
|
|
|
===================================================================
|
|
|
|
--- /dev/null
|
|
|
|
+++ grub-2.12/util/grub-protect.c
|
2024-12-04 04:59:01 +01:00
|
|
|
@@ -0,0 +1,1407 @@
|
2024-11-29 09:48:07 +01:00
|
|
|
+/*
|
|
|
|
+ * GRUB -- GRand Unified Bootloader
|
|
|
|
+ * Copyright (C) 2022 Microsoft Corporation
|
|
|
|
+ * Copyright (C) 2023 SUSE LLC
|
2024-12-04 04:59:01 +01:00
|
|
|
+ * Copyright (C) 2024 Free Software Foundation, Inc.
|
2024-11-29 09:48:07 +01:00
|
|
|
+ *
|
|
|
|
+ * GRUB is free software: you can redistribute it and/or modify
|
|
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
|
|
+ * the Free Software Foundation, either version 3 of the License, or
|
|
|
|
+ * (at your option) any later version.
|
|
|
|
+ *
|
|
|
|
+ * GRUB is distributed in the hope that it will be useful,
|
|
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
+ * GNU General Public License for more details.
|
|
|
|
+ *
|
|
|
|
+ * You should have received a copy of the GNU General Public License
|
|
|
|
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
+ */
|
|
|
|
+
|
|
|
|
+#include <config.h>
|
|
|
|
+
|
|
|
|
+#include <errno.h>
|
|
|
|
+#include <fcntl.h>
|
|
|
|
+#include <libtasn1.h>
|
|
|
|
+#include <stdio.h>
|
|
|
|
+#include <string.h>
|
|
|
|
+#include <unistd.h>
|
|
|
|
+
|
|
|
|
+#include <grub/emu/hostdisk.h>
|
|
|
|
+#include <grub/emu/misc.h>
|
2024-12-04 04:59:01 +01:00
|
|
|
+
|
2024-11-29 09:48:07 +01:00
|
|
|
+#include <grub/util/misc.h>
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+#include <tss2_buffer.h>
|
|
|
|
+#include <tss2_mu.h>
|
|
|
|
+#include <tcg2.h>
|
|
|
|
+#include <tpm2_args.h>
|
|
|
|
+#include <tpm2.h>
|
|
|
|
+
|
2024-11-29 09:48:07 +01:00
|
|
|
+#pragma GCC diagnostic ignored "-Wmissing-prototypes"
|
|
|
|
+#pragma GCC diagnostic ignored "-Wmissing-declarations"
|
|
|
|
+#include <argp.h>
|
|
|
|
+#pragma GCC diagnostic error "-Wmissing-prototypes"
|
|
|
|
+#pragma GCC diagnostic error "-Wmissing-declarations"
|
|
|
|
+
|
|
|
|
+#include "progname.h"
|
|
|
|
+
|
|
|
|
+/* Unprintable option keys for argp */
|
2024-12-04 04:59:01 +01:00
|
|
|
+typedef enum protect_opt
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
|
|
|
+ /* General */
|
2024-12-04 04:59:01 +01:00
|
|
|
+ PROTECT_OPT_ACTION = 'a',
|
|
|
|
+ PROTECT_OPT_PROTECTOR = 'p',
|
2024-11-29 09:48:07 +01:00
|
|
|
+ /* TPM2 */
|
2024-12-04 04:59:01 +01:00
|
|
|
+ PROTECT_OPT_TPM2_DEVICE = 0x100,
|
|
|
|
+ PROTECT_OPT_TPM2_PCRS,
|
|
|
|
+ PROTECT_OPT_TPM2_ASYMMETRIC,
|
|
|
|
+ PROTECT_OPT_TPM2_BANK,
|
|
|
|
+ PROTECT_OPT_TPM2_SRK,
|
|
|
|
+ PROTECT_OPT_TPM2_KEYFILE,
|
|
|
|
+ PROTECT_OPT_TPM2_OUTFILE,
|
|
|
|
+ PROTECT_OPT_TPM2_EVICT,
|
|
|
|
+ PROTECT_OPT_TPM2_TPM2KEY
|
|
|
|
+} protect_opt_t;
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+/* Option flags to keep track of specified arguments */
|
2024-12-04 04:59:01 +01:00
|
|
|
+typedef enum protect_arg
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
|
|
|
+ /* General */
|
2024-12-04 04:59:01 +01:00
|
|
|
+ PROTECT_ARG_ACTION = 1 << 0,
|
|
|
|
+ PROTECT_ARG_PROTECTOR = 1 << 1,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ /* TPM2 */
|
2024-12-04 04:59:01 +01:00
|
|
|
+ PROTECT_ARG_TPM2_DEVICE = 1 << 2,
|
|
|
|
+ PROTECT_ARG_TPM2_PCRS = 1 << 3,
|
|
|
|
+ PROTECT_ARG_TPM2_ASYMMETRIC = 1 << 4,
|
|
|
|
+ PROTECT_ARG_TPM2_BANK = 1 << 5,
|
|
|
|
+ PROTECT_ARG_TPM2_SRK = 1 << 6,
|
|
|
|
+ PROTECT_ARG_TPM2_KEYFILE = 1 << 7,
|
|
|
|
+ PROTECT_ARG_TPM2_OUTFILE = 1 << 8,
|
|
|
|
+ PROTECT_ARG_TPM2_EVICT = 1 << 9,
|
|
|
|
+ PROTECT_ARG_TPM2_TPM2KEY = 1 << 10
|
|
|
|
+} protect_arg_t;
|
|
|
|
+
|
|
|
|
+typedef enum protect_protector
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ PROTECT_TYPE_ERROR,
|
|
|
|
+ PROTECT_TYPE_TPM2
|
|
|
|
+} protect_protector_t;
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+typedef enum protect_action
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ PROTECT_ACTION_ERROR,
|
|
|
|
+ PROTECT_ACTION_ADD,
|
|
|
|
+ PROTECT_ACTION_REMOVE
|
|
|
|
+} protect_action_t;
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+typedef struct protect_args
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ protect_arg_t args;
|
|
|
|
+ protect_action_t action;
|
|
|
|
+ protect_protector_t protector;
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+ const char *tpm2_device;
|
|
|
|
+ grub_uint8_t tpm2_pcrs[TPM_MAX_PCRS];
|
|
|
|
+ grub_uint8_t tpm2_pcr_count;
|
|
|
|
+ grub_srk_type_t srk_type;
|
2024-12-04 04:59:01 +01:00
|
|
|
+ TPM_ALG_ID_t tpm2_bank;
|
|
|
|
+ TPM_HANDLE_t tpm2_srk;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ const char *tpm2_keyfile;
|
|
|
|
+ const char *tpm2_outfile;
|
2024-12-04 04:59:01 +01:00
|
|
|
+ bool tpm2_evict;
|
|
|
|
+ bool tpm2_tpm2key;
|
|
|
|
+} protect_args_t;
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+static struct argp_option protect_options[] =
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
|
|
|
+ /* Top-level options */
|
|
|
|
+ {
|
|
|
|
+ .name = "action",
|
|
|
|
+ .key = 'a',
|
|
|
|
+ .arg = "add|remove",
|
|
|
|
+ .flags = 0,
|
|
|
|
+ .doc =
|
|
|
|
+ N_("Add or remove a key protector to or from a key."),
|
|
|
|
+ .group = 0
|
|
|
|
+ },
|
|
|
|
+ {
|
|
|
|
+ .name = "protector",
|
|
|
|
+ .key = 'p',
|
|
|
|
+ .arg = "tpm2",
|
|
|
|
+ .flags = 0,
|
|
|
|
+ .doc =
|
2024-12-04 04:59:01 +01:00
|
|
|
+ N_("Set key protector to use (only tpm2 is currently supported)."),
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .group = 0
|
|
|
|
+ },
|
|
|
|
+ /* TPM2 key protector options */
|
|
|
|
+ {
|
|
|
|
+ .name = "tpm2-device",
|
2024-12-04 04:59:01 +01:00
|
|
|
+ .key = PROTECT_OPT_TPM2_DEVICE,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .arg = "FILE",
|
|
|
|
+ .flags = 0,
|
|
|
|
+ .doc =
|
2024-12-04 04:59:01 +01:00
|
|
|
+ N_("Set the path to the TPM2 device. (default: /dev/tpm0)"),
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .group = 0
|
|
|
|
+ },
|
|
|
|
+ {
|
|
|
|
+ .name = "tpm2-pcrs",
|
2024-12-04 04:59:01 +01:00
|
|
|
+ .key = PROTECT_OPT_TPM2_PCRS,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .arg = "0[,1]...",
|
|
|
|
+ .flags = 0,
|
|
|
|
+ .doc =
|
2024-12-04 04:59:01 +01:00
|
|
|
+ N_("Set a comma-separated list of PCRs used to authorize key release "
|
2024-11-29 09:48:07 +01:00
|
|
|
+ "e.g., '7,11'. Please be aware that PCR 0~7 are used by the "
|
|
|
|
+ "firmware and the measurement result may change after a "
|
|
|
|
+ "firmware update (for baremetal systems) or a package "
|
2024-12-04 04:59:01 +01:00
|
|
|
+ "(OVMF/SLOF) update in the VM host. This may lead to "
|
2024-11-29 09:48:07 +01:00
|
|
|
+ "the failure of key unsealing. (default: 7)"),
|
|
|
|
+ .group = 0
|
|
|
|
+ },
|
|
|
|
+ {
|
|
|
|
+ .name = "tpm2-bank",
|
2024-12-04 04:59:01 +01:00
|
|
|
+ .key = PROTECT_OPT_TPM2_BANK,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .arg = "ALG",
|
|
|
|
+ .flags = 0,
|
|
|
|
+ .doc =
|
2024-12-04 04:59:01 +01:00
|
|
|
+ N_("Set the bank of PCRs used to authorize key release: "
|
2024-11-29 09:48:07 +01:00
|
|
|
+ "SHA1, SHA256, SHA384, or SHA512. (default: SHA256)"),
|
|
|
|
+ .group = 0
|
|
|
|
+ },
|
|
|
|
+ {
|
|
|
|
+ .name = "tpm2-keyfile",
|
2024-12-04 04:59:01 +01:00
|
|
|
+ .key = PROTECT_OPT_TPM2_KEYFILE,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .arg = "FILE",
|
|
|
|
+ .flags = 0,
|
|
|
|
+ .doc =
|
2024-12-04 04:59:01 +01:00
|
|
|
+ N_("Set the path to a file that contains the cleartext key to protect."),
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .group = 0
|
|
|
|
+ },
|
|
|
|
+ {
|
|
|
|
+ .name = "tpm2-outfile",
|
2024-12-04 04:59:01 +01:00
|
|
|
+ .key = PROTECT_OPT_TPM2_OUTFILE,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .arg = "FILE",
|
|
|
|
+ .flags = 0,
|
|
|
|
+ .doc =
|
2024-12-04 04:59:01 +01:00
|
|
|
+ N_("Set the path to the file that will contain the key after sealing "
|
|
|
|
+ "(must be accessible to GRUB during boot)."),
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .group = 0
|
|
|
|
+ },
|
|
|
|
+ {
|
|
|
|
+ .name = "tpm2-srk",
|
2024-12-04 04:59:01 +01:00
|
|
|
+ .key = PROTECT_OPT_TPM2_SRK,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .arg = "NUM",
|
|
|
|
+ .flags = 0,
|
|
|
|
+ .doc =
|
2024-12-04 04:59:01 +01:00
|
|
|
+ N_("Set the SRK handle if the SRK is to be made persistent."),
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .group = 0
|
|
|
|
+ },
|
|
|
|
+ {
|
|
|
|
+ .name = "tpm2-asymmetric",
|
2024-12-04 04:59:01 +01:00
|
|
|
+ .key = PROTECT_OPT_TPM2_ASYMMETRIC,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .arg = "TYPE",
|
|
|
|
+ .flags = 0,
|
|
|
|
+ .doc =
|
2024-12-04 04:59:01 +01:00
|
|
|
+ N_("Set the type of SRK: RSA (RSA2048) and ECC (ECC_NIST_P256)."
|
2024-11-29 09:48:07 +01:00
|
|
|
+ "(default: ECC)"),
|
|
|
|
+ .group = 0
|
|
|
|
+ },
|
|
|
|
+ {
|
|
|
|
+ .name = "tpm2-evict",
|
2024-12-04 04:59:01 +01:00
|
|
|
+ .key = PROTECT_OPT_TPM2_EVICT,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .arg = NULL,
|
|
|
|
+ .flags = 0,
|
|
|
|
+ .doc =
|
|
|
|
+ N_("Evict a previously persisted SRK from the TPM, if any."),
|
|
|
|
+ .group = 0
|
|
|
|
+ },
|
|
|
|
+ {
|
|
|
|
+ .name = "tpm2key",
|
2024-12-04 04:59:01 +01:00
|
|
|
+ .key = PROTECT_OPT_TPM2_TPM2KEY,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .arg = NULL,
|
|
|
|
+ .flags = 0,
|
|
|
|
+ .doc =
|
2024-12-04 04:59:01 +01:00
|
|
|
+ N_("Use TPM 2.0 Key File format."),
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .group = 0
|
|
|
|
+ },
|
|
|
|
+ /* End of list */
|
|
|
|
+ { 0, 0, 0, 0, 0, 0 }
|
|
|
|
+ };
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+static int protector_tpm2_fd = -1;
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_read_file (const char *filepath, void **buffer, size_t *buffer_size)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
|
|
|
+ grub_err_t err;
|
|
|
|
+ FILE *f;
|
|
|
|
+ long len;
|
|
|
|
+ void *buf;
|
|
|
|
+
|
|
|
|
+ f = fopen (filepath, "rb");
|
|
|
|
+ if (f == NULL)
|
2024-12-04 04:59:01 +01:00
|
|
|
+ {
|
|
|
|
+ fprintf (stderr, N_("Could not open file: %s\n"), filepath);
|
|
|
|
+ return GRUB_ERR_FILE_NOT_FOUND;
|
|
|
|
+ }
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+ if (fseek (f, 0, SEEK_END))
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("Could not seek file: %s\n"), filepath);
|
|
|
|
+ err = GRUB_ERR_FILE_READ_ERROR;
|
|
|
|
+ goto exit1;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ len = ftell (f);
|
|
|
|
+ if (len <= 0)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("Could not get file length: %s\n"), filepath);
|
|
|
|
+ err = GRUB_ERR_FILE_READ_ERROR;
|
|
|
|
+ goto exit1;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ rewind (f);
|
|
|
|
+
|
|
|
|
+ buf = grub_malloc (len);
|
|
|
|
+ if (buf == NULL)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("Could not allocate memory for file: %s\n"), filepath);
|
|
|
|
+ err = GRUB_ERR_OUT_OF_MEMORY;
|
|
|
|
+ goto exit1;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (fread (buf, len, 1, f) != 1)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("Could not read file: %s\n"), filepath);
|
|
|
|
+ err = GRUB_ERR_FILE_READ_ERROR;
|
|
|
|
+ goto exit2;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ *buffer = buf;
|
|
|
|
+ *buffer_size = len;
|
|
|
|
+
|
|
|
|
+ buf = NULL;
|
|
|
|
+ err = GRUB_ERR_NONE;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ exit2:
|
2024-11-29 09:48:07 +01:00
|
|
|
+ grub_free (buf);
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ exit1:
|
2024-11-29 09:48:07 +01:00
|
|
|
+ fclose (f);
|
|
|
|
+
|
|
|
|
+ return err;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_write_file (const char *filepath, void *buffer, size_t buffer_size)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
|
|
|
+ grub_err_t err;
|
|
|
|
+ FILE *f;
|
|
|
|
+
|
|
|
|
+ f = fopen (filepath, "wb");
|
|
|
|
+ if (f == NULL)
|
|
|
|
+ return GRUB_ERR_FILE_NOT_FOUND;
|
|
|
|
+
|
|
|
|
+ if (fwrite (buffer, buffer_size, 1, f) != 1)
|
|
|
|
+ {
|
|
|
|
+ err = GRUB_ERR_WRITE_ERROR;
|
2024-12-04 04:59:01 +01:00
|
|
|
+ goto exit;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ err = GRUB_ERR_NONE;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ exit:
|
2024-11-29 09:48:07 +01:00
|
|
|
+ fclose (f);
|
|
|
|
+
|
|
|
|
+ return err;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+grub_err_t
|
|
|
|
+grub_tcg2_get_max_output_size (grub_size_t *size)
|
|
|
|
+{
|
|
|
|
+ if (size == NULL)
|
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+
|
|
|
|
+ *size = GRUB_TPM2_BUFFER_CAPACITY;
|
|
|
|
+
|
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+grub_err_t
|
|
|
|
+grub_tcg2_submit_command (grub_size_t input_size, grub_uint8_t *input,
|
|
|
|
+ grub_size_t output_size, grub_uint8_t *output)
|
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (write (protector_tpm2_fd, input, input_size) != input_size)
|
|
|
|
+ {
|
|
|
|
+ fprintf (stderr, N_("Could not send TPM command.\n"));
|
|
|
|
+ return GRUB_ERR_BAD_DEVICE;
|
|
|
|
+ }
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (read (protector_tpm2_fd, output, output_size) < sizeof (TPM_RESPONSE_HEADER_t))
|
|
|
|
+ {
|
|
|
|
+ fprintf (stderr, N_("Could not get TPM response.\n"));
|
|
|
|
+ return GRUB_ERR_BAD_DEVICE;
|
|
|
|
+ }
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_tpm2_open_device (const char *dev_node)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (protector_tpm2_fd != -1)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ protector_tpm2_fd = open (dev_node, O_RDWR);
|
|
|
|
+ if (protector_tpm2_fd == -1)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("Could not open TPM device (%s).\n"), strerror (errno));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_FILE_NOT_FOUND;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_tpm2_close_device (void)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
|
|
|
+ int err;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (protector_tpm2_fd == -1)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ err = close (protector_tpm2_fd);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("Could not close TPM device (%s).\n"), strerror (errno));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_IO;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ protector_tpm2_fd = -1;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_tpm2_get_policy_digest (protect_args_t *args, TPM2B_DIGEST_t *digest)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ TPM_RC_t rc;
|
|
|
|
+ TPML_PCR_SELECTION_t pcr_sel = {
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .count = 1,
|
|
|
|
+ .pcrSelections = {
|
|
|
|
+ {
|
|
|
|
+ .hash = args->tpm2_bank,
|
|
|
|
+ .sizeOfSelect = 3,
|
2024-12-04 04:59:01 +01:00
|
|
|
+ .pcrSelect = {0}
|
2024-11-29 09:48:07 +01:00
|
|
|
+ },
|
|
|
|
+ }
|
|
|
|
+ };
|
2024-12-04 04:59:01 +01:00
|
|
|
+ TPML_PCR_SELECTION_t pcr_sel_out = {0};
|
|
|
|
+ TPML_DIGEST_t pcr_values = {0};
|
|
|
|
+ TPM2B_DIGEST_t pcr_digest = {0};
|
2024-11-29 09:48:07 +01:00
|
|
|
+ grub_size_t pcr_digest_len;
|
2024-12-04 04:59:01 +01:00
|
|
|
+ TPM2B_MAX_BUFFER_t pcr_concat = {0};
|
2024-11-29 09:48:07 +01:00
|
|
|
+ grub_size_t pcr_concat_len;
|
|
|
|
+ grub_uint8_t *pcr_cursor;
|
2024-12-04 04:59:01 +01:00
|
|
|
+ TPM2B_NONCE_t nonce = {0};
|
|
|
|
+ TPM2B_ENCRYPTED_SECRET_t salt = {0};
|
|
|
|
+ TPMT_SYM_DEF_t symmetric = {0};
|
|
|
|
+ TPMI_SH_AUTH_SESSION_t session = 0;
|
|
|
|
+ TPM2B_DIGEST_t policy_digest = {0};
|
2024-11-29 09:48:07 +01:00
|
|
|
+ grub_uint8_t i;
|
|
|
|
+ grub_err_t err;
|
|
|
|
+
|
|
|
|
+ /* PCR Read */
|
|
|
|
+ for (i = 0; i < args->tpm2_pcr_count; i++)
|
|
|
|
+ TPMS_PCR_SELECTION_SelectPCR (&pcr_sel.pcrSelections[0], args->tpm2_pcrs[i]);
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ rc = grub_tpm2_pcr_read (NULL, &pcr_sel, NULL, &pcr_sel_out, &pcr_values, NULL);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to read PCRs (TPM2_PCR_Read: 0x%x).\n", rc);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_DEVICE;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if ((pcr_sel_out.count != pcr_sel.count) ||
|
|
|
|
+ (pcr_sel.pcrSelections[0].sizeOfSelect !=
|
|
|
|
+ pcr_sel_out.pcrSelections[0].sizeOfSelect))
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("Could not read all the specified PCRs.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_DEVICE;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Compute PCR Digest */
|
|
|
|
+ switch (args->tpm2_bank)
|
|
|
|
+ {
|
|
|
|
+ case TPM_ALG_SHA1:
|
|
|
|
+ pcr_digest_len = TPM_SHA1_DIGEST_SIZE;
|
|
|
|
+ break;
|
|
|
|
+ case TPM_ALG_SHA256:
|
|
|
|
+ pcr_digest_len = TPM_SHA256_DIGEST_SIZE;
|
|
|
|
+ break;
|
|
|
|
+ case TPM_ALG_SHA384:
|
|
|
|
+ pcr_digest_len = TPM_SHA384_DIGEST_SIZE;
|
|
|
|
+ break;
|
|
|
|
+ case TPM_ALG_SHA512:
|
|
|
|
+ pcr_digest_len = TPM_SHA512_DIGEST_SIZE;
|
|
|
|
+ break;
|
|
|
|
+ default:
|
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ pcr_concat_len = pcr_digest_len * args->tpm2_pcr_count;
|
|
|
|
+ if (pcr_concat_len > TPM_MAX_DIGEST_BUFFER)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("PCR concatenation buffer not big enough.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_OUT_OF_RANGE;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ pcr_cursor = pcr_concat.buffer;
|
|
|
|
+ for (i = 0; i < args->tpm2_pcr_count; i++)
|
|
|
|
+ {
|
|
|
|
+ if (pcr_values.digests[i].size != pcr_digest_len)
|
|
|
|
+ {
|
|
|
|
+ fprintf (stderr,
|
2024-12-04 04:59:01 +01:00
|
|
|
+ N_("Bad PCR value size: expected %llu bytes but got %u bytes.\n"),
|
|
|
|
+ (long long unsigned int)pcr_digest_len, pcr_values.digests[i].size);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ grub_memcpy (pcr_cursor, pcr_values.digests[i].buffer, pcr_digest_len);
|
|
|
|
+ pcr_cursor += pcr_digest_len;
|
|
|
|
+ }
|
|
|
|
+ pcr_concat.size = pcr_concat_len;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ rc = grub_tpm2_hash (NULL, &pcr_concat, args->tpm2_bank, TPM_RH_NULL, &pcr_digest, NULL, NULL);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to generate PCR digest (TPM2_Hash: 0x%x)\n", rc);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_DEVICE;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Start Trial Session */
|
|
|
|
+ nonce.size = TPM_SHA256_DIGEST_SIZE;
|
|
|
|
+ symmetric.algorithm = TPM_ALG_NULL;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ rc = grub_tpm2_startauthsession (TPM_RH_NULL, TPM_RH_NULL, 0, &nonce, &salt,
|
|
|
|
+ TPM_SE_TRIAL, &symmetric, TPM_ALG_SHA256,
|
|
|
|
+ &session, NULL, 0);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to start trial policy session (TPM2_StartAuthSession: 0x%x).\n", rc);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_DEVICE;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* PCR Policy */
|
2024-12-04 04:59:01 +01:00
|
|
|
+ rc = grub_tpm2_policypcr (session, NULL, &pcr_digest, &pcr_sel, NULL);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to submit PCR policy (TPM2_PolicyPCR: 0x%x).\n", rc);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_DEVICE;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Retrieve Policy Digest */
|
2024-12-04 04:59:01 +01:00
|
|
|
+ rc = grub_tpm2_policygetdigest (session, NULL, &policy_digest, NULL);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to get policy digest (TPM2_PolicyGetDigest: 0x%x).\n", rc);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_DEVICE;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Epilogue */
|
|
|
|
+ *digest = policy_digest;
|
|
|
|
+ err = GRUB_ERR_NONE;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ error:
|
|
|
|
+ grub_tpm2_flushcontext (session);
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+ return err;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_tpm2_get_srk (protect_args_t *args, TPM_HANDLE_t *srk)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ TPM_RC_t rc;
|
|
|
|
+ TPM2B_PUBLIC_t public;
|
|
|
|
+ TPMS_AUTH_COMMAND_t authCommand = {0};
|
|
|
|
+ TPM2B_SENSITIVE_CREATE_t inSensitive = {0};
|
|
|
|
+ TPM2B_PUBLIC_t inPublic = {0};
|
|
|
|
+ TPM2B_DATA_t outsideInfo = {0};
|
|
|
|
+ TPML_PCR_SELECTION_t creationPcr = {0};
|
|
|
|
+ TPM2B_PUBLIC_t outPublic = {0};
|
|
|
|
+ TPM2B_CREATION_DATA_t creationData = {0};
|
|
|
|
+ TPM2B_DIGEST_t creationHash = {0};
|
|
|
|
+ TPMT_TK_CREATION_t creationTicket = {0};
|
|
|
|
+ TPM2B_NAME_t srkName = {0};
|
|
|
|
+ TPM_HANDLE_t srkHandle;
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+ if (args->tpm2_srk != 0)
|
|
|
|
+ {
|
|
|
|
+ /* Find SRK */
|
2024-12-04 04:59:01 +01:00
|
|
|
+ rc = grub_tpm2_readpublic (args->tpm2_srk, NULL, &public);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (rc == TPM_RC_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ printf ("Read SRK from 0x%x\n", args->tpm2_srk);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ *srk = args->tpm2_srk;
|
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* The handle exists but its public area could not be read. */
|
|
|
|
+ if ((rc & ~TPM_RC_N_MASK) != TPM_RC_HANDLE)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to retrieve SRK from 0x%x (TPM2_ReadPublic: 0x%x).\n", args->tpm2_srk, rc);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_DEVICE;
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Create SRK */
|
|
|
|
+ authCommand.sessionHandle = TPM_RS_PW;
|
|
|
|
+ inPublic.publicArea.type = args->srk_type.type;
|
|
|
|
+ inPublic.publicArea.nameAlg = TPM_ALG_SHA256;
|
|
|
|
+ inPublic.publicArea.objectAttributes.restricted = 1;
|
|
|
|
+ inPublic.publicArea.objectAttributes.userWithAuth = 1;
|
|
|
|
+ inPublic.publicArea.objectAttributes.decrypt = 1;
|
|
|
|
+ inPublic.publicArea.objectAttributes.fixedTPM = 1;
|
|
|
|
+ inPublic.publicArea.objectAttributes.fixedParent = 1;
|
|
|
|
+ inPublic.publicArea.objectAttributes.sensitiveDataOrigin = 1;
|
|
|
|
+ inPublic.publicArea.objectAttributes.noDA = 1;
|
|
|
|
+
|
|
|
|
+ switch (args->srk_type.type)
|
|
|
|
+ {
|
|
|
|
+ case TPM_ALG_RSA:
|
|
|
|
+ inPublic.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES;
|
|
|
|
+ inPublic.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
|
|
|
|
+ inPublic.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB;
|
|
|
|
+ inPublic.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
|
|
|
|
+ inPublic.publicArea.parameters.rsaDetail.keyBits = args->srk_type.detail.rsa_bits;
|
|
|
|
+ inPublic.publicArea.parameters.rsaDetail.exponent = 0;
|
|
|
|
+ break;
|
|
|
|
+
|
|
|
|
+ case TPM_ALG_ECC:
|
|
|
|
+ inPublic.publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_AES;
|
|
|
|
+ inPublic.publicArea.parameters.eccDetail.symmetric.keyBits.aes = 128;
|
|
|
|
+ inPublic.publicArea.parameters.eccDetail.symmetric.mode.aes = TPM_ALG_CFB;
|
|
|
|
+ inPublic.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
|
|
|
|
+ inPublic.publicArea.parameters.eccDetail.curveID = args->srk_type.detail.ecc_curve;
|
|
|
|
+ inPublic.publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
|
|
|
|
+ break;
|
|
|
|
+
|
|
|
|
+ default:
|
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ rc = grub_tpm2_createprimary (TPM_RH_OWNER, &authCommand, &inSensitive, &inPublic,
|
|
|
|
+ &outsideInfo, &creationPcr, &srkHandle, &outPublic,
|
|
|
|
+ &creationData, &creationHash, &creationTicket,
|
|
|
|
+ &srkName, NULL);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to create SRK (TPM2_CreatePrimary: 0x%x).\n", rc);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_DEVICE;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Persist SRK */
|
|
|
|
+ if (args->tpm2_srk != 0)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ rc = grub_tpm2_evictcontrol (TPM_RH_OWNER, srkHandle, &authCommand, args->tpm2_srk, NULL);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (rc == TPM_RC_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ grub_tpm2_flushcontext (srkHandle);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ srkHandle = args->tpm2_srk;
|
|
|
|
+ }
|
|
|
|
+ else
|
|
|
|
+ fprintf (stderr,
|
2024-12-04 04:59:01 +01:00
|
|
|
+ "Warning: Failed to persist SRK (0x%x) (TPM2_EvictControl: 0x%x).\n"
|
|
|
|
+ "Continuing anyway...\n", args->tpm2_srk, rc);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Epilogue */
|
|
|
|
+ *srk = srkHandle;
|
|
|
|
+
|
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_tpm2_seal (TPM2B_DIGEST_t *policyDigest, TPM_HANDLE_t srk,
|
|
|
|
+ grub_uint8_t *clearText, grub_size_t clearTextLength,
|
|
|
|
+ tpm2_sealed_key_t *sealed_key)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ TPM_RC_t rc;
|
|
|
|
+ TPMS_AUTH_COMMAND_t authCommand = {0};
|
|
|
|
+ TPM2B_SENSITIVE_CREATE_t inSensitive = {0};
|
|
|
|
+ TPM2B_PUBLIC_t inPublic = {0};
|
|
|
|
+ TPM2B_DATA_t outsideInfo = {0};
|
|
|
|
+ TPML_PCR_SELECTION_t pcr_sel = {0};
|
|
|
|
+ TPM2B_PRIVATE_t outPrivate = {0};
|
|
|
|
+ TPM2B_PUBLIC_t outPublic = {0};
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+ /* Seal Data */
|
|
|
|
+ authCommand.sessionHandle = TPM_RS_PW;
|
|
|
|
+
|
|
|
|
+ inSensitive.sensitive.data.size = clearTextLength;
|
|
|
|
+ memcpy(inSensitive.sensitive.data.buffer, clearText, clearTextLength);
|
|
|
|
+
|
|
|
|
+ inPublic.publicArea.type = TPM_ALG_KEYEDHASH;
|
|
|
|
+ inPublic.publicArea.nameAlg = TPM_ALG_SHA256;
|
|
|
|
+ inPublic.publicArea.parameters.keyedHashDetail.scheme.scheme = TPM_ALG_NULL;
|
|
|
|
+ inPublic.publicArea.authPolicy = *policyDigest;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ rc = grub_tpm2_create (srk, &authCommand, &inSensitive, &inPublic, &outsideInfo,
|
|
|
|
+ &pcr_sel, &outPrivate, &outPublic, NULL, NULL, NULL, NULL);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to seal key (TPM2_Create: 0x%x).\n", rc);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_DEVICE;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Epilogue */
|
|
|
|
+ sealed_key->public = outPublic;
|
|
|
|
+ sealed_key->private = outPrivate;
|
|
|
|
+
|
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+extern asn1_static_node tpm2key_asn1_tab[];
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+/* id-sealedkey OID defined in TPM 2.0 Key Files Spec */
|
|
|
|
+#define TPM2KEY_SEALED_KEY_OID "2.23.133.10.1.5"
|
|
|
|
+
|
2024-11-29 09:48:07 +01:00
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_tpm2_export_tpm2key (const protect_args_t *args,
|
|
|
|
+ tpm2_sealed_key_t *sealed_key)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ const char *sealed_key_oid = TPM2KEY_SEALED_KEY_OID;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ asn1_node asn1_def = NULL;
|
|
|
|
+ asn1_node tpm2key = NULL;
|
|
|
|
+ grub_uint32_t parent;
|
|
|
|
+ grub_uint32_t cmd_code;
|
|
|
|
+ struct grub_tpm2_buffer pol_buf;
|
2024-12-04 04:59:01 +01:00
|
|
|
+ TPML_PCR_SELECTION_t pcr_sel = {
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .count = 1,
|
|
|
|
+ .pcrSelections = {
|
|
|
|
+ {
|
|
|
|
+ .hash = args->tpm2_bank,
|
|
|
|
+ .sizeOfSelect = 3,
|
2024-12-04 04:59:01 +01:00
|
|
|
+ .pcrSelect = {0}
|
2024-11-29 09:48:07 +01:00
|
|
|
+ },
|
|
|
|
+ }
|
|
|
|
+ };
|
|
|
|
+ struct grub_tpm2_buffer pub_buf;
|
|
|
|
+ struct grub_tpm2_buffer priv_buf;
|
|
|
|
+ void *der_buf = NULL;
|
|
|
|
+ int der_buf_size = 0;
|
|
|
|
+ int i;
|
|
|
|
+ int ret;
|
|
|
|
+ grub_err_t err;
|
|
|
|
+
|
|
|
|
+ for (i = 0; i < args->tpm2_pcr_count; i++)
|
|
|
|
+ TPMS_PCR_SELECTION_SelectPCR (&pcr_sel.pcrSelections[0], args->tpm2_pcrs[i]);
|
|
|
|
+
|
|
|
|
+ /*
|
|
|
|
+ * Prepare the parameters for TPM_CC_PolicyPCR:
|
|
|
|
+ * empty pcrDigest and the user selected PCRs
|
|
|
|
+ */
|
|
|
|
+ grub_tpm2_buffer_init (&pol_buf);
|
|
|
|
+ grub_tpm2_buffer_pack_u16 (&pol_buf, 0);
|
2024-12-04 04:59:01 +01:00
|
|
|
+ grub_Tss2_MU_TPML_PCR_SELECTION_Marshal (&pol_buf, &pcr_sel);
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+ grub_tpm2_buffer_init (&pub_buf);
|
2024-12-04 04:59:01 +01:00
|
|
|
+ grub_Tss2_MU_TPM2B_PUBLIC_Marshal (&pub_buf, &sealed_key->public);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ grub_tpm2_buffer_init (&priv_buf);
|
2024-12-04 04:59:01 +01:00
|
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&priv_buf, sealed_key->private.size,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ sealed_key->private.buffer);
|
|
|
|
+ if (pub_buf.error != 0 || priv_buf.error != 0)
|
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+
|
|
|
|
+ ret = asn1_array2tree (tpm2key_asn1_tab, &asn1_def, NULL);
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+
|
|
|
|
+ ret = asn1_create_element (asn1_def, "TPM2KEY.TPMKey" , &tpm2key);
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+
|
|
|
|
+ /* Set 'type' to "sealed key" */
|
|
|
|
+ ret = asn1_write_value (tpm2key, "type", sealed_key_oid, 1);
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to set 'type': 0x%u\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Set 'emptyAuth' to TRUE */
|
|
|
|
+ ret = asn1_write_value (tpm2key, "emptyAuth", "TRUE", 1);
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to set 'emptyAuth': 0x%x\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Set 'policy' */
|
|
|
|
+ ret = asn1_write_value (tpm2key, "policy", "NEW", 1);
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to set 'policy': 0x%x\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+ cmd_code = grub_cpu_to_be32 (TPM_CC_PolicyPCR);
|
|
|
|
+ ret = asn1_write_value (tpm2key, "policy.?LAST.CommandCode", &cmd_code,
|
|
|
|
+ sizeof (cmd_code));
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to set 'policy CommandCode': 0x%x\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+ ret = asn1_write_value (tpm2key, "policy.?LAST.CommandPolicy", &pol_buf.data,
|
|
|
|
+ pol_buf.size);
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to set 'policy CommandPolicy': 0x%x\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Remove 'secret' */
|
|
|
|
+ ret = asn1_write_value (tpm2key, "secret", NULL, 0);
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to remove 'secret': 0x%x\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Remove 'authPolicy' */
|
|
|
|
+ ret = asn1_write_value (tpm2key, "authPolicy", NULL, 0);
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to remove 'authPolicy': 0x%x\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Remove 'description' */
|
|
|
|
+ ret = asn1_write_value (tpm2key, "description", NULL, 0);
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to remove 'description': 0x%x\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /*
|
|
|
|
+ * Use the SRK handle as the parent handle if specified
|
|
|
|
+ * Otherwise, Use TPM_RH_OWNER as the default parent handle
|
|
|
|
+ */
|
|
|
|
+ if (args->tpm2_srk != 0)
|
|
|
|
+ parent = grub_cpu_to_be32 (args->tpm2_srk);
|
|
|
|
+ else
|
|
|
|
+ parent = grub_cpu_to_be32 (TPM_RH_OWNER);
|
|
|
|
+ ret = asn1_write_value (tpm2key, "parent", &parent, sizeof (parent));
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to set 'parent': 0x%x\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /*
|
|
|
|
+ * Set 'rsaParent' to TRUE if the RSA SRK is specified and the SRK
|
|
|
|
+ * handle is not persistent. Otherwise, remove 'rsaParent'.
|
|
|
|
+ */
|
|
|
|
+ if (args->tpm2_srk == 0 && args->srk_type.type == TPM_ALG_RSA)
|
|
|
|
+ ret = asn1_write_value (tpm2key, "rsaParent", "TRUE", 1);
|
|
|
|
+ else
|
|
|
|
+ ret = asn1_write_value (tpm2key, "rsaParent", NULL, 0);
|
|
|
|
+
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to set 'rsaParent': 0x%x\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Set the pubkey */
|
|
|
|
+ ret = asn1_write_value (tpm2key, "pubkey", pub_buf.data, pub_buf.size);
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to set 'pubkey': 0x%x\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Set the privkey */
|
|
|
|
+ ret = asn1_write_value (tpm2key, "privkey", priv_buf.data, priv_buf.size);
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to set 'privkey': 0x%x\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Create the DER binary */
|
|
|
|
+ der_buf_size = 0;
|
|
|
|
+ ret = asn1_der_coding (tpm2key, "", NULL, &der_buf_size, NULL);
|
|
|
|
+ if (ret != ASN1_MEM_ERROR)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to get DER size: 0x%x\n", ret);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ der_buf = grub_malloc (der_buf_size);
|
|
|
|
+ if (der_buf == NULL)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to allocate memory for DER encoding\n");
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_OUT_OF_MEMORY;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ ret = asn1_der_coding (tpm2key, "", der_buf, &der_buf_size, NULL);
|
|
|
|
+ if (ret != ASN1_SUCCESS)
|
|
|
|
+ {
|
|
|
|
+ fprintf (stderr, "DER coding error: 0x%x\n", ret);
|
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto error;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ err = protect_write_file (args->tpm2_outfile, der_buf, der_buf_size);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (err != GRUB_ERR_NONE)
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("Could not write tpm2key file (%s).\n"), strerror (errno));
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ error:
|
2024-11-29 09:48:07 +01:00
|
|
|
+ grub_free (der_buf);
|
|
|
|
+
|
|
|
|
+ if (tpm2key)
|
|
|
|
+ asn1_delete_structure (&tpm2key);
|
|
|
|
+
|
|
|
|
+ return err;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_tpm2_export_sealed_key (const char *filepath,
|
|
|
|
+ tpm2_sealed_key_t *sealed_key)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
|
|
|
+ grub_err_t err;
|
|
|
|
+ struct grub_tpm2_buffer buf;
|
|
|
|
+
|
|
|
|
+ grub_tpm2_buffer_init (&buf);
|
2024-12-04 04:59:01 +01:00
|
|
|
+ grub_Tss2_MU_TPM2B_PUBLIC_Marshal (&buf, &sealed_key->public);
|
|
|
|
+ grub_Tss2_MU_TPM2B_Marshal (&buf, sealed_key->private.size,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ sealed_key->private.buffer);
|
|
|
|
+ if (buf.error != 0)
|
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ err = protect_write_file (filepath, buf.data, buf.size);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (err != GRUB_ERR_NONE)
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("Could not write sealed key file (%s).\n"), strerror (errno));
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+ return err;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_tpm2_add (protect_args_t *args)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
|
|
|
+ grub_err_t err;
|
|
|
|
+ grub_uint8_t *key = NULL;
|
|
|
|
+ grub_size_t key_size;
|
2024-12-04 04:59:01 +01:00
|
|
|
+ TPM_HANDLE_t srk;
|
|
|
|
+ TPM2B_DIGEST_t policy_digest;
|
|
|
|
+ tpm2_sealed_key_t sealed_key;
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ err = protect_tpm2_open_device (args->tpm2_device);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ return err;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ err = protect_read_file (args->tpm2_keyfile, (void **)&key, &key_size);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ goto exit1;
|
|
|
|
+
|
|
|
|
+ if (key_size > TPM_MAX_SYM_DATA)
|
2024-12-04 04:59:01 +01:00
|
|
|
+ {
|
|
|
|
+ fprintf (stderr, N_("Input key size larger than %u bytes.\n"), TPM_MAX_SYM_DATA);
|
|
|
|
+ err = GRUB_ERR_OUT_OF_RANGE;
|
|
|
|
+ goto exit2;
|
|
|
|
+ }
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ err = protect_tpm2_get_srk (args, &srk);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ goto exit2;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ err = protect_tpm2_get_policy_digest (args, &policy_digest);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ goto exit3;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ err = protect_tpm2_seal (&policy_digest, srk, key, key_size, &sealed_key);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ goto exit3;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (args->tpm2_tpm2key != 0)
|
|
|
|
+ err = protect_tpm2_export_tpm2key (args, &sealed_key);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ else
|
2024-12-04 04:59:01 +01:00
|
|
|
+ err = protect_tpm2_export_sealed_key (args->tpm2_outfile, &sealed_key);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ goto exit3;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ exit3:
|
|
|
|
+ grub_tpm2_flushcontext (srk);
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ exit2:
|
2024-11-29 09:48:07 +01:00
|
|
|
+ grub_free (key);
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ exit1:
|
|
|
|
+ protect_tpm2_close_device ();
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+ return err;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_tpm2_remove (protect_args_t *args)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ TPM_RC_t rc;
|
|
|
|
+ TPM2B_PUBLIC_t public;
|
|
|
|
+ TPMS_AUTH_COMMAND_t authCommand = {0};
|
2024-11-29 09:48:07 +01:00
|
|
|
+ grub_err_t err;
|
|
|
|
+
|
|
|
|
+ if (args->tpm2_evict == 0)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ printf ("--tpm2-evict not specified, nothing to do.\n");
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ err = protect_tpm2_open_device (args->tpm2_device);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ return err;
|
|
|
|
+
|
|
|
|
+ /* Find SRK */
|
2024-12-04 04:59:01 +01:00
|
|
|
+ rc = grub_tpm2_readpublic (args->tpm2_srk, NULL, &public);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "SRK with handle 0x%x not found.\n", args->tpm2_srk);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ goto exit1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ /* Evict SRK */
|
|
|
|
+ authCommand.sessionHandle = TPM_RS_PW;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ rc = grub_tpm2_evictcontrol (TPM_RH_OWNER, args->tpm2_srk, &authCommand, args->tpm2_srk, NULL);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (rc != TPM_RC_SUCCESS)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, "Failed to evict SRK with handle 0x%x (TPM2_EvictControl: 0x%x).\n", args->tpm2_srk, rc);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ err = GRUB_ERR_BAD_DEVICE;
|
|
|
|
+ goto exit2;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ err = GRUB_ERR_NONE;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ exit2:
|
|
|
|
+ grub_tpm2_flushcontext (args->tpm2_srk);
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ exit1:
|
|
|
|
+ protect_tpm2_close_device ();
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_tpm2_run (protect_args_t *args)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
|
|
|
+ switch (args->action)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_ACTION_ADD:
|
|
|
|
+ return protect_tpm2_add (args);
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_ACTION_REMOVE:
|
|
|
|
+ return protect_tpm2_remove (args);
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+ default:
|
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_tpm2_args_verify (protect_args_t *args)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (args->tpm2_device == NULL)
|
|
|
|
+ args->tpm2_device = "/dev/tpm0";
|
|
|
|
+
|
2024-11-29 09:48:07 +01:00
|
|
|
+ switch (args->action)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_ACTION_ADD:
|
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_EVICT)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-evict is invalid when --action is 'add'.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (args->tpm2_keyfile == NULL)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-keyfile must be specified.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (args->tpm2_outfile == NULL)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-outfile must be specified.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (args->tpm2_pcr_count == 0)
|
|
|
|
+ {
|
|
|
|
+ args->tpm2_pcrs[0] = 7;
|
|
|
|
+ args->tpm2_pcr_count = 1;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (args->srk_type.type == TPM_ALG_ERROR)
|
|
|
|
+ {
|
|
|
|
+ args->srk_type.type = TPM_ALG_ECC;
|
|
|
|
+ args->srk_type.detail.ecc_curve = TPM_ECC_NIST_P256;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (args->tpm2_bank == TPM_ALG_ERROR)
|
|
|
|
+ args->tpm2_bank = TPM_ALG_SHA256;
|
|
|
|
+
|
|
|
|
+ break;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_ACTION_REMOVE:
|
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_ASYMMETRIC)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-asymmetric is invalid when --action is 'remove'.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_BANK)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-bank is invalid when --action is 'remove'.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_KEYFILE)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-keyfile is invalid when --action is 'remove'.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_OUTFILE)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-outfile is invalid when --action is 'remove'.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_PCRS)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-pcrs is invalid when --action is 'remove'.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (args->tpm2_srk == 0)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-srk is not specified when --action is 'remove'.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ break;
|
|
|
|
+
|
|
|
|
+ default:
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("The TPM2 key protector only supports the following actions: add, remove.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static error_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_argp_parser (int key, char *arg, struct argp_state *state)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
|
|
|
+ grub_err_t err;
|
2024-12-04 04:59:01 +01:00
|
|
|
+ protect_args_t *args = state->input;
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
|
|
|
+ switch (key)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_OPT_ACTION:
|
|
|
|
+ if (args->args & PROTECT_ARG_ACTION)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--action|-a can only be specified once.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (grub_strcmp (arg, "add") == 0)
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->action = PROTECT_ACTION_ADD;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ else if (grub_strcmp (arg, "remove") == 0)
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->action = PROTECT_ACTION_REMOVE;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ else
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("'%s' is not a valid action.\n"), arg);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->args |= PROTECT_ARG_ACTION;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ break;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_OPT_PROTECTOR:
|
|
|
|
+ if (args->args & PROTECT_ARG_PROTECTOR)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--protector|-p can only be specified once.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ if (grub_strcmp (arg, "tpm2") == 0)
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->protector = PROTECT_TYPE_TPM2;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ else
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("'%s' is not a valid protector.\n"), arg);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->args |= PROTECT_ARG_PROTECTOR;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ break;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_OPT_TPM2_DEVICE:
|
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_DEVICE)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-device can only be specified once.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->tpm2_device = xstrdup (arg);
|
|
|
|
+ args->args |= PROTECT_ARG_TPM2_DEVICE;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ break;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_OPT_TPM2_PCRS:
|
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_PCRS)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-pcrs can only be specified once.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ err = grub_tpm2_protector_parse_pcrs (arg, args->tpm2_pcrs,
|
|
|
|
+ &args->tpm2_pcr_count);
|
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ {
|
|
|
|
+ if (grub_errno != GRUB_ERR_NONE)
|
|
|
|
+ grub_print_error ();
|
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->args |= PROTECT_ARG_TPM2_PCRS;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ break;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_OPT_TPM2_SRK:
|
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_SRK)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-srk can only be specified once.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ err = grub_tpm2_protector_parse_tpm_handle (arg, &args->tpm2_srk);
|
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ {
|
|
|
|
+ if (grub_errno != GRUB_ERR_NONE)
|
|
|
|
+ grub_print_error ();
|
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->args |= PROTECT_ARG_TPM2_SRK;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ break;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_OPT_TPM2_ASYMMETRIC:
|
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_ASYMMETRIC)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-asymmetric can only be specified once.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ err = grub_tpm2_protector_parse_asymmetric (arg, &args->srk_type);
|
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ {
|
|
|
|
+ if (grub_errno != GRUB_ERR_NONE)
|
|
|
|
+ grub_print_error ();
|
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->args |= PROTECT_ARG_TPM2_ASYMMETRIC;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ break;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_OPT_TPM2_BANK:
|
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_BANK)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-bank can only be specified once.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ err = grub_tpm2_protector_parse_bank (arg, &args->tpm2_bank);
|
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ {
|
|
|
|
+ if (grub_errno != GRUB_ERR_NONE)
|
|
|
|
+ grub_print_error ();
|
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->args |= PROTECT_ARG_TPM2_BANK;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ break;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_OPT_TPM2_KEYFILE:
|
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_KEYFILE)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-keyfile can only be specified once.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ args->tpm2_keyfile = xstrdup(arg);
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->args |= PROTECT_ARG_TPM2_KEYFILE;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ break;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_OPT_TPM2_OUTFILE:
|
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_OUTFILE)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-outfile can only be specified once.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ args->tpm2_outfile = xstrdup(arg);
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->args |= PROTECT_ARG_TPM2_OUTFILE;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ break;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_OPT_TPM2_EVICT:
|
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_EVICT)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-evict can only be specified once.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ args->tpm2_evict = 1;
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->args |= PROTECT_ARG_TPM2_EVICT;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ break;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_OPT_TPM2_TPM2KEY:
|
|
|
|
+ if (args->args & PROTECT_ARG_TPM2_TPM2KEY)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--tpm2-tpm2key can only be specified once.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return EINVAL;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ args->tpm2_tpm2key = 1;
|
2024-12-04 04:59:01 +01:00
|
|
|
+ args->args |= PROTECT_ARG_TPM2_TPM2KEY;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ break;
|
|
|
|
+
|
|
|
|
+ default:
|
|
|
|
+ return ARGP_ERR_UNKNOWN;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ return 0;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_args_verify (protect_args_t *args)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (args->action == PROTECT_ACTION_ERROR)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--action is mandatory.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ /*
|
|
|
|
+ * At the moment, the only configurable key protector is the TPM2 one, so it
|
|
|
|
+ * is the only key protector supported by this tool.
|
|
|
|
+ */
|
|
|
|
+ if (args->protector != PROTECT_TYPE_TPM2)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("--protector is mandatory and only 'tpm2' is currently supported.\n"));
|
2024-11-29 09:48:07 +01:00
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ switch (args->protector)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_TYPE_TPM2:
|
|
|
|
+ return protect_tpm2_args_verify (args);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ default:
|
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_dispatch (protect_args_t *args)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
|
|
|
+ switch (args->protector)
|
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ case PROTECT_TYPE_TPM2:
|
|
|
|
+ return protect_tpm2_run (args);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ default:
|
|
|
|
+ return GRUB_ERR_BAD_ARGUMENT;
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static void
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_init (int *argc, char **argv[])
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
|
|
|
+ grub_util_host_init (argc, argv);
|
|
|
|
+
|
|
|
|
+ grub_util_biosdisk_init (NULL);
|
|
|
|
+
|
|
|
|
+ grub_init_all ();
|
|
|
|
+
|
|
|
|
+ grub_lvm_fini ();
|
|
|
|
+ grub_mdraid09_fini ();
|
|
|
|
+ grub_mdraid1x_fini ();
|
|
|
|
+ grub_diskfilter_fini ();
|
|
|
|
+ grub_diskfilter_init ();
|
|
|
|
+ grub_mdraid09_init ();
|
|
|
|
+ grub_mdraid1x_init ();
|
|
|
|
+ grub_lvm_init ();
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+static void
|
2024-12-04 04:59:01 +01:00
|
|
|
+protect_fini (void)
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
|
|
|
+ grub_fini_all ();
|
|
|
|
+ grub_util_biosdisk_fini ();
|
|
|
|
+}
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+static struct argp protect_argp =
|
2024-11-29 09:48:07 +01:00
|
|
|
+{
|
2024-12-04 04:59:01 +01:00
|
|
|
+ .options = protect_options,
|
|
|
|
+ .parser = protect_argp_parser,
|
2024-11-29 09:48:07 +01:00
|
|
|
+ .args_doc = NULL,
|
|
|
|
+ .doc =
|
|
|
|
+ N_("Protect a cleartext key using a GRUB key protector that can retrieve "
|
|
|
|
+ "the key during boot to unlock fully-encrypted disks automatically."),
|
|
|
|
+ .children = NULL,
|
|
|
|
+ .help_filter = NULL,
|
|
|
|
+ .argp_domain = NULL
|
|
|
|
+};
|
|
|
|
+
|
|
|
|
+int
|
|
|
|
+main (int argc, char *argv[])
|
|
|
|
+{
|
|
|
|
+ grub_err_t err;
|
2024-12-04 04:59:01 +01:00
|
|
|
+ protect_args_t args = {0};
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (argp_parse (&protect_argp, argc, argv, 0, 0, &args) != 0)
|
2024-11-29 09:48:07 +01:00
|
|
|
+ {
|
2024-12-04 04:59:01 +01:00
|
|
|
+ fprintf (stderr, N_("Could not parse arguments.\n"));
|
|
|
|
+ return EXIT_FAILURE;
|
2024-11-29 09:48:07 +01:00
|
|
|
+ }
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ protect_init (&argc, &argv);
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ err = protect_args_verify (&args);
|
2024-11-29 09:48:07 +01:00
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ goto exit;
|
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ err = protect_dispatch (&args);
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ exit:
|
|
|
|
+ protect_fini ();
|
2024-11-29 09:48:07 +01:00
|
|
|
+
|
2024-12-04 04:59:01 +01:00
|
|
|
+ if (err != GRUB_ERR_NONE)
|
|
|
|
+ return EXIT_FAILURE;
|
|
|
|
+
|
|
|
|
+ return EXIT_SUCCESS;
|
2024-11-29 09:48:07 +01:00
|
|
|
+}
|