pool/shim
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1087321 from home:gary_lin:branches:devel:openSUSE:Factory

Browse Source 
- Update shim-install to amend full disk encryption support
    b540061e041b  Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
    f2e8143ce831  Use the long name to specify the grub2 key protector
    72830120e5ea  cryptodisk: support TPM authorized policies
    49e7a0d307f3  Do not use tpm_record_pcrs unless the command is in command.lst

OBS-URL: https://build.opensuse.org/request/show/1087321
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=202
This commit is contained in:
Gary Ching-Pang Lin 2023-05-25 12:41:58 +00:00 committed by Git OBS Bridge
parent 84a3ac6c45
commit b90dab54cc
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
shim-install
View File

@ -370,20 +370,23 @@ prepare_cryptodisk () {
return
fi
tpm_pcr_bank="${GRUB_TPM2_PCR_BANK:-sha256}"
tpm_pcr_list="${GRUB_TPM2_PCR_LIST:-0,2,4,7,9}"
tpm_sealed_key="${GRUB_TPM2_SEALED_KEY}"
declare -g TPM_PCR_SNAPSHOT_TAKEN
if [ -z "$TPM_PCR_SNAPSHOT_TAKEN" ]; then
TPM_PCR_SNAPSHOT_TAKEN=1
echo "tpm_record_pcrs 0-9"
# Check if tpm_record_pcrs is available and set the command to
# grub.cfg.
if grep -q "tpm_record_pcrs" ${datadir}/grub2/${arch}-efi/command.lst ; then
echo "tpm_record_pcrs 0-9"
fi
fi
cat <<EOF
tpm2_key_protector_init -b $tpm_pcr_bank -p $tpm_pcr_list -k \$prefix/$tpm_sealed_key
if ! cryptomount -u $uuid -k tpm2; then
tpm2_key_protector_init -T \$prefix/$tpm_sealed_key
if ! cryptomount -u $uuid --protector tpm2; then
cryptomount -u $uuid
fi
EOF

9
shim.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Mon May 15 03:28:47 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
- Update shim-install to amend full disk encryption support
b540061e041b Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
f2e8143ce831 Use the long name to specify the grub2 key protector
72830120e5ea cryptodisk: support TPM authorized policies
49e7a0d307f3 Do not use tpm_record_pcrs unless the command is in command.lst
-------------------------------------------------------------------
Mon Apr 10 05:04:33 UTC 2023 - Joey Lee <jlee@suse.com>