2022-09-19 08:10:23 +02:00
|
|
|
---
|
2022-11-01 05:59:50 +01:00
|
|
|
grub-core/commands/tpm.c | 46 ++++++++++++++++++++++++++++++++++++----------
|
2022-10-04 08:01:45 +02:00
|
|
|
util/grub-install.c | 6 ++++--
|
2022-11-01 05:59:50 +01:00
|
|
|
2 files changed, 40 insertions(+), 12 deletions(-)
|
2022-09-19 08:10:23 +02:00
|
|
|
|
|
|
|
--- a/grub-core/commands/tpm.c
|
|
|
|
+++ b/grub-core/commands/tpm.c
|
2022-11-01 05:59:50 +01:00
|
|
|
@@ -27,8 +27,10 @@
|
|
|
|
#include <grub/verify.h>
|
|
|
|
#include <grub/dl.h>
|
|
|
|
#include <grub/extcmd.h>
|
|
|
|
+#ifdef GRUB_MACHINE_EFI
|
|
|
|
#include <grub/tpm2/tpm2.h>
|
|
|
|
#include <grub/efi/efi.h>
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
|
|
|
|
|
@@ -87,12 +89,6 @@
|
|
|
|
.verify_string = grub_tpm_verify_string,
|
|
|
|
};
|
|
|
|
|
|
|
|
-/*
|
|
|
|
- * Preserve current PCR values and record them to an EFI variable
|
|
|
|
- */
|
|
|
|
-#define GRUB2_PCR_BITMASK_DEFAULT ((1 << 16) - 1)
|
|
|
|
-#define GRUB2_PCR_BITMASK_ALL ((1 << 24) - 1)
|
|
|
|
-
|
|
|
|
static const struct grub_arg_option grub_tpm_record_pcrs_options[] =
|
|
|
|
{
|
|
|
|
{
|
|
|
|
@@ -108,6 +104,14 @@
|
|
|
|
{0, 0, 0, 0, 0, 0}
|
|
|
|
};
|
2022-09-19 08:10:23 +02:00
|
|
|
|
|
|
|
+#ifdef GRUB_MACHINE_EFI
|
2022-11-01 05:59:50 +01:00
|
|
|
+
|
|
|
|
+/*
|
|
|
|
+ * Preserve current PCR values and record them to an EFI variable
|
|
|
|
+ */
|
|
|
|
+#define GRUB2_PCR_BITMASK_DEFAULT ((1 << 16) - 1)
|
|
|
|
+#define GRUB2_PCR_BITMASK_ALL ((1 << 24) - 1)
|
2022-09-19 08:10:23 +02:00
|
|
|
+
|
|
|
|
static grub_err_t
|
2022-11-01 05:59:50 +01:00
|
|
|
grub_tpm_parse_pcr_index (const char *word, const char **end_ret, unsigned int *index)
|
2022-09-19 08:10:23 +02:00
|
|
|
{
|
2022-11-01 05:59:50 +01:00
|
|
|
@@ -259,6 +263,10 @@
|
2022-09-19 08:10:23 +02:00
|
|
|
grub_size_t size = 0;
|
|
|
|
int n, rv = 1;
|
|
|
|
|
|
|
|
+ /* To prevent error: unable to read PCR from TPM, if no TPM device available */
|
|
|
|
+ if (!grub_tpm_present())
|
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+
|
|
|
|
if (argc == 0)
|
|
|
|
pcr_bitmask = GRUB2_PCR_BITMASK_DEFAULT;
|
|
|
|
else
|
2022-11-01 05:59:50 +01:00
|
|
|
@@ -287,13 +295,28 @@
|
2022-09-19 08:10:23 +02:00
|
|
|
return rv;
|
|
|
|
}
|
|
|
|
|
|
|
|
+#else
|
|
|
|
+
|
|
|
|
+static grub_err_t
|
|
|
|
+grub_tpm_record_pcrs (grub_extcmd_context_t ctxt __attribute__((unused)),
|
|
|
|
+ int argc __attribute__((unused)),
|
|
|
|
+ char **args __attribute__((unused)))
|
|
|
|
+{
|
|
|
|
+ return GRUB_ERR_NONE;
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+#endif
|
|
|
|
+
|
|
|
|
static grub_extcmd_t cmd;
|
|
|
|
|
|
|
|
GRUB_MOD_INIT (tpm)
|
|
|
|
{
|
|
|
|
- if (!grub_tpm_present())
|
|
|
|
- return;
|
2022-11-01 05:59:50 +01:00
|
|
|
+#ifdef GRUB_MACHINE_EFI
|
2022-09-19 08:10:23 +02:00
|
|
|
+ if (grub_tpm_present())
|
|
|
|
+ grub_verifier_register (&grub_tpm_verifier);
|
2022-11-01 05:59:50 +01:00
|
|
|
+#else
|
|
|
|
grub_verifier_register (&grub_tpm_verifier);
|
|
|
|
+#endif
|
2022-09-19 08:10:23 +02:00
|
|
|
|
|
|
|
cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0,
|
|
|
|
N_("LIST_OF_PCRS"),
|
2022-11-01 05:59:50 +01:00
|
|
|
@@ -303,8 +326,11 @@
|
2022-09-19 08:10:23 +02:00
|
|
|
|
|
|
|
GRUB_MOD_FINI (tpm)
|
|
|
|
{
|
|
|
|
- if (!grub_tpm_present())
|
|
|
|
- return;
|
2022-11-01 05:59:50 +01:00
|
|
|
+#ifdef GRUB_MACHINE_EFI
|
2022-09-19 08:10:23 +02:00
|
|
|
+ if (grub_tpm_present())
|
|
|
|
+ grub_verifier_unregister (&grub_tpm_verifier);
|
2022-11-01 05:59:50 +01:00
|
|
|
+#else
|
|
|
|
grub_verifier_unregister (&grub_tpm_verifier);
|
|
|
|
+#endif
|
2022-09-19 08:10:23 +02:00
|
|
|
grub_unregister_extcmd (cmd);
|
|
|
|
}
|
|
|
|
--- a/util/grub-install.c
|
|
|
|
+++ b/util/grub-install.c
|
2022-10-04 08:01:45 +02:00
|
|
|
@@ -1457,8 +1457,9 @@
|
2022-09-19 08:10:23 +02:00
|
|
|
|
|
|
|
grub_util_unlink (load_cfg);
|
|
|
|
|
|
|
|
- if (1)
|
2022-10-04 08:01:45 +02:00
|
|
|
+ if (platform == GRUB_INSTALL_PLATFORM_X86_64_EFI && have_cryptodisk)
|
2022-09-19 08:10:23 +02:00
|
|
|
{
|
|
|
|
+ grub_install_push_module ("tpm");
|
|
|
|
load_cfg_f = grub_util_fopen (load_cfg, "wb");
|
|
|
|
have_load_cfg = 1;
|
|
|
|
fprintf (load_cfg_f, "tpm_record_pcrs 0-9\n");
|
2022-10-04 08:01:45 +02:00
|
|
|
@@ -1466,7 +1467,8 @@
|
2022-09-19 08:10:23 +02:00
|
|
|
|
|
|
|
if (debug_image && debug_image[0])
|
|
|
|
{
|
|
|
|
- load_cfg_f = grub_util_fopen (load_cfg, "wb");
|
|
|
|
+ if (!load_cfg_f)
|
|
|
|
+ load_cfg_f = grub_util_fopen (load_cfg, "wb");
|
|
|
|
have_load_cfg = 1;
|
|
|
|
fprintf (load_cfg_f, "set debug='%s'\n",
|
|
|
|
debug_image);
|