grub2/0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch

From 8c9f7cefdf9d03cae65773ef35e103fc346ee17f Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Tue, 3 May 2022 12:38:34 +0800
Subject: [PATCH] tpm: Log EFI_VOLUME_FULL and continue

Appending entries to tpm event log would fail if it is full and in this
case EFI_VOLUME_FULL is returned. Since the measurement itself is
successful but only the event is not logged, the booting shouldn't be
forced to stop and instead grub should log the error and continue.

All errors other than EFI_VOLUME_FULL remains to stop grub from booting
so the failure can be examined. In case of unknown tpm error, the return
code from efi firmware is also displayed for reference.

Signed-off-by: Michael Chang <mchang@suse.com>
---
 grub-core/commands/efi/tpm.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
index a97d85368a..98fd5892b0 100644
--- a/grub-core/commands/efi/tpm.c
+++ b/grub-core/commands/efi/tpm.c
@@ -144,8 +144,10 @@ grub_efi_log_event_status (grub_efi_status_t status)
       return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
     case GRUB_EFI_NOT_FOUND:
       return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
+    case GRUB_EFI_VOLUME_FULL:
+      return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("TPM event log is full"));
     default:
-      return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
+      return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error: %" PRIuGRUB_SIZE), status);
     }
 }
 
@@ -159,6 +161,7 @@ grub_tpm1_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,
   grub_efi_tpm_protocol_t *tpm;
   grub_efi_physical_address_t lastevent;
   grub_uint32_t algorithm;
+  grub_err_t err;
   grub_uint32_t eventnum = 0;
 
   tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
@@ -182,7 +185,12 @@ grub_tpm1_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,
 		       algorithm, event, &eventnum, &lastevent);
   grub_free (event);
 
-  return grub_efi_log_event_status (status);
+  err = grub_efi_log_event_status (status);
+  /* Log EFI_VOLUME_FULL and continue */
+  if (err == GRUB_ERR_OUT_OF_RANGE)
+    grub_print_error ();
+
+  return err;
 }
 
 static grub_err_t
@@ -193,6 +201,7 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,
   EFI_TCG2_EVENT *event;
   grub_efi_status_t status;
   grub_efi_tpm2_protocol_t *tpm;
+  grub_err_t err;
 
   tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
 				GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
@@ -218,7 +227,12 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,
 		       (grub_uint64_t) size, event);
   grub_free (event);
 
-  return grub_efi_log_event_status (status);
+  err = grub_efi_log_event_status (status);
+  /* Log EFI_VOLUME_FULL and continue */
+  if (err == GRUB_ERR_OUT_OF_RANGE)
+    grub_print_error ();
+
+  return err;
 }
 
 grub_err_t
-- 
2.34.1
Accepting request 992180 from home:michael-chang:branches:home:michael-chang:test:tpm - Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625) - Make grub-tpm.efi a symlink to grub.efi * grub2.spec - Log error when tpm event log is full and continue * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch - Patch superseded * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668) * 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch * 0002-cryptodisk-Refactor-to-discard-have_it-global.patch * 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch * 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch * 0005-cryptodisk-Improve-cryptomount-u-error-message.patch * 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch * 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch * 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch * 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch * 0010-protectors-Add-key-protectors-framework.patch * 0011-tpm2-Add-TPM-Software-Stack-TSS.patch * 0012-protectors-Add-TPM2-Key-Protector.patch * 0013-cryptodisk-Support-key-protectors.patch * 0014-util-grub-protect-Add-new-tool.patch - Fix no disk unlocking happen (bsc#1196668) * 0001-crytodisk-fix-cryptodisk-module-looking-up.patch - Fix build error * fix-tpm2-build.patch OBS-URL: https://build.opensuse.org/request/show/992180 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=417 2022-08-11 12:30:46 +02:00			`From 8c9f7cefdf9d03cae65773ef35e103fc346ee17f Mon Sep 17 00:00:00 2001`
			`From: Michael Chang <mchang@suse.com>`
			`Date: Tue, 3 May 2022 12:38:34 +0800`
			`Subject: [PATCH] tpm: Log EFI_VOLUME_FULL and continue`

			`Appending entries to tpm event log would fail if it is full and in this`
			`case EFI_VOLUME_FULL is returned. Since the measurement itself is`
			`successful but only the event is not logged, the booting shouldn't be`
			`forced to stop and instead grub should log the error and continue.`

			`All errors other than EFI_VOLUME_FULL remains to stop grub from booting`
			`so the failure can be examined. In case of unknown tpm error, the return`
			`code from efi firmware is also displayed for reference.`

			`Signed-off-by: Michael Chang <mchang@suse.com>`
			`---`
			`grub-core/commands/efi/tpm.c \| 20 +++++++++++++++++---`
			`1 file changed, 17 insertions(+), 3 deletions(-)`

			`diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c`
			`index a97d85368a..98fd5892b0 100644`
			`--- a/grub-core/commands/efi/tpm.c`
			`+++ b/grub-core/commands/efi/tpm.c`
			`@@ -144,8 +144,10 @@ grub_efi_log_event_status (grub_efi_status_t status)`
			`return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));`
			`case GRUB_EFI_NOT_FOUND:`
			`return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));`
			`+ case GRUB_EFI_VOLUME_FULL:`
			`+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("TPM event log is full"));`
			`default:`
			`- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));`
			`+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error: %" PRIuGRUB_SIZE), status);`
			`}`
			`}`

			`@@ -159,6 +161,7 @@ grub_tpm1_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,`
			`grub_efi_tpm_protocol_t *tpm;`
			`grub_efi_physical_address_t lastevent;`
			`grub_uint32_t algorithm;`
			`+ grub_err_t err;`
			`grub_uint32_t eventnum = 0;`

			`tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,`
			`@@ -182,7 +185,12 @@ grub_tpm1_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,`
			`algorithm, event, &eventnum, &lastevent);`
			`grub_free (event);`

			`- return grub_efi_log_event_status (status);`
			`+ err = grub_efi_log_event_status (status);`
			`+ /* Log EFI_VOLUME_FULL and continue */`
			`+ if (err == GRUB_ERR_OUT_OF_RANGE)`
			`+ grub_print_error ();`
			`+`
			`+ return err;`
			`}`

			`static grub_err_t`
			`@@ -193,6 +201,7 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,`
			`EFI_TCG2_EVENT *event;`
			`grub_efi_status_t status;`
			`grub_efi_tpm2_protocol_t *tpm;`
			`+ grub_err_t err;`

			`tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,`
			`GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);`
			`@@ -218,7 +227,12 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,`
			`(grub_uint64_t) size, event);`
			`grub_free (event);`

			`- return grub_efi_log_event_status (status);`
			`+ err = grub_efi_log_event_status (status);`
			`+ /* Log EFI_VOLUME_FULL and continue */`
			`+ if (err == GRUB_ERR_OUT_OF_RANGE)`
			`+ grub_print_error ();`
			`+`
			`+ return err;`
			`}`

			`grub_err_t`
			`--`
			`2.34.1`