Accepting request 1087321 from home:gary_lin:branches:devel:openSUSE:Factory
- Update shim-install to amend full disk encryption support b540061e041b Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector f2e8143ce831 Use the long name to specify the grub2 key protector 72830120e5ea cryptodisk: support TPM authorized policies 49e7a0d307f3 Do not use tpm_record_pcrs unless the command is in command.lst OBS-URL: https://build.opensuse.org/request/show/1087321 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=202
This commit is contained in:
parent
84a3ac6c45
commit
b90dab54cc
13
shim-install
13
shim-install
@ -370,20 +370,23 @@ prepare_cryptodisk () {
|
||||
return
|
||||
fi
|
||||
|
||||
tpm_pcr_bank="${GRUB_TPM2_PCR_BANK:-sha256}"
|
||||
tpm_pcr_list="${GRUB_TPM2_PCR_LIST:-0,2,4,7,9}"
|
||||
tpm_sealed_key="${GRUB_TPM2_SEALED_KEY}"
|
||||
|
||||
declare -g TPM_PCR_SNAPSHOT_TAKEN
|
||||
|
||||
if [ -z "$TPM_PCR_SNAPSHOT_TAKEN" ]; then
|
||||
TPM_PCR_SNAPSHOT_TAKEN=1
|
||||
echo "tpm_record_pcrs 0-9"
|
||||
|
||||
# Check if tpm_record_pcrs is available and set the command to
|
||||
# grub.cfg.
|
||||
if grep -q "tpm_record_pcrs" ${datadir}/grub2/${arch}-efi/command.lst ; then
|
||||
echo "tpm_record_pcrs 0-9"
|
||||
fi
|
||||
fi
|
||||
|
||||
cat <<EOF
|
||||
tpm2_key_protector_init -b $tpm_pcr_bank -p $tpm_pcr_list -k \$prefix/$tpm_sealed_key
|
||||
if ! cryptomount -u $uuid -k tpm2; then
|
||||
tpm2_key_protector_init -T \$prefix/$tpm_sealed_key
|
||||
if ! cryptomount -u $uuid --protector tpm2; then
|
||||
cryptomount -u $uuid
|
||||
fi
|
||||
EOF
|
||||
|
@ -1,3 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon May 15 03:28:47 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
|
||||
|
||||
- Update shim-install to amend full disk encryption support
|
||||
b540061e041b Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
|
||||
f2e8143ce831 Use the long name to specify the grub2 key protector
|
||||
72830120e5ea cryptodisk: support TPM authorized policies
|
||||
49e7a0d307f3 Do not use tpm_record_pcrs unless the command is in command.lst
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 10 05:04:33 UTC 2023 - Joey Lee <jlee@suse.com>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user