--- grub-core/commands/tpm.c | 46 ++++++++++++++++++++++++++++++++++++---------- util/grub-install.c | 6 ++++-- 2 files changed, 40 insertions(+), 12 deletions(-) --- a/grub-core/commands/tpm.c +++ b/grub-core/commands/tpm.c @@ -27,8 +27,10 @@ #include #include #include +#ifdef GRUB_MACHINE_EFI #include #include +#endif GRUB_MOD_LICENSE ("GPLv3+"); @@ -87,12 +89,6 @@ .verify_string = grub_tpm_verify_string, }; -/* - * Preserve current PCR values and record them to an EFI variable - */ -#define GRUB2_PCR_BITMASK_DEFAULT ((1 << 16) - 1) -#define GRUB2_PCR_BITMASK_ALL ((1 << 24) - 1) - static const struct grub_arg_option grub_tpm_record_pcrs_options[] = { { @@ -108,6 +104,14 @@ {0, 0, 0, 0, 0, 0} }; +#ifdef GRUB_MACHINE_EFI + +/* + * Preserve current PCR values and record them to an EFI variable + */ +#define GRUB2_PCR_BITMASK_DEFAULT ((1 << 16) - 1) +#define GRUB2_PCR_BITMASK_ALL ((1 << 24) - 1) + static grub_err_t grub_tpm_parse_pcr_index (const char *word, const char **end_ret, unsigned int *index) { @@ -259,6 +263,10 @@ grub_size_t size = 0; int n, rv = 1; + /* To prevent error: unable to read PCR from TPM, if no TPM device available */ + if (!grub_tpm_present()) + return GRUB_ERR_NONE; + if (argc == 0) pcr_bitmask = GRUB2_PCR_BITMASK_DEFAULT; else @@ -287,13 +295,28 @@ return rv; } +#else + +static grub_err_t +grub_tpm_record_pcrs (grub_extcmd_context_t ctxt __attribute__((unused)), + int argc __attribute__((unused)), + char **args __attribute__((unused))) +{ + return GRUB_ERR_NONE; +} + +#endif + static grub_extcmd_t cmd; GRUB_MOD_INIT (tpm) { - if (!grub_tpm_present()) - return; +#ifdef GRUB_MACHINE_EFI + if (grub_tpm_present()) + grub_verifier_register (&grub_tpm_verifier); +#else grub_verifier_register (&grub_tpm_verifier); +#endif cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0, N_("LIST_OF_PCRS"), @@ -303,8 +326,11 @@ GRUB_MOD_FINI (tpm) { - if (!grub_tpm_present()) - return; +#ifdef GRUB_MACHINE_EFI + if (grub_tpm_present()) + grub_verifier_unregister (&grub_tpm_verifier); +#else grub_verifier_unregister (&grub_tpm_verifier); +#endif grub_unregister_extcmd (cmd); } --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1457,8 +1457,9 @@ grub_util_unlink (load_cfg); - if (1) + if (platform == GRUB_INSTALL_PLATFORM_X86_64_EFI && have_cryptodisk) { + grub_install_push_module ("tpm"); load_cfg_f = grub_util_fopen (load_cfg, "wb"); have_load_cfg = 1; fprintf (load_cfg_f, "tpm_record_pcrs 0-9\n"); @@ -1466,7 +1467,8 @@ if (debug_image && debug_image[0]) { - load_cfg_f = grub_util_fopen (load_cfg, "wb"); + if (!load_cfg_f) + load_cfg_f = grub_util_fopen (load_cfg, "wb"); have_load_cfg = 1; fprintf (load_cfg_f, "set debug='%s'\n", debug_image);