forked from pool/grub2
14793c1f96
- Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625) - Make grub-tpm.efi a symlink to grub.efi * grub2.spec - Log error when tpm event log is full and continue * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch - Patch superseded * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch - Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668) * 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch * 0002-cryptodisk-Refactor-to-discard-have_it-global.patch * 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch * 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch * 0005-cryptodisk-Improve-cryptomount-u-error-message.patch * 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch * 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch * 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch * 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch * 0010-protectors-Add-key-protectors-framework.patch * 0011-tpm2-Add-TPM-Software-Stack-TSS.patch * 0012-protectors-Add-TPM2-Key-Protector.patch * 0013-cryptodisk-Support-key-protectors.patch * 0014-util-grub-protect-Add-new-tool.patch - Fix no disk unlocking happen (bsc#1196668) * 0001-crytodisk-fix-cryptodisk-module-looking-up.patch - Fix build error * fix-tpm2-build.patch OBS-URL: https://build.opensuse.org/request/show/992180 OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=417
83 lines
2.9 KiB
Diff
83 lines
2.9 KiB
Diff
From 8c9f7cefdf9d03cae65773ef35e103fc346ee17f Mon Sep 17 00:00:00 2001
|
|
From: Michael Chang <mchang@suse.com>
|
|
Date: Tue, 3 May 2022 12:38:34 +0800
|
|
Subject: [PATCH] tpm: Log EFI_VOLUME_FULL and continue
|
|
|
|
Appending entries to tpm event log would fail if it is full and in this
|
|
case EFI_VOLUME_FULL is returned. Since the measurement itself is
|
|
successful but only the event is not logged, the booting shouldn't be
|
|
forced to stop and instead grub should log the error and continue.
|
|
|
|
All errors other than EFI_VOLUME_FULL remains to stop grub from booting
|
|
so the failure can be examined. In case of unknown tpm error, the return
|
|
code from efi firmware is also displayed for reference.
|
|
|
|
Signed-off-by: Michael Chang <mchang@suse.com>
|
|
---
|
|
grub-core/commands/efi/tpm.c | 20 +++++++++++++++++---
|
|
1 file changed, 17 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
|
|
index a97d85368a..98fd5892b0 100644
|
|
--- a/grub-core/commands/efi/tpm.c
|
|
+++ b/grub-core/commands/efi/tpm.c
|
|
@@ -144,8 +144,10 @@ grub_efi_log_event_status (grub_efi_status_t status)
|
|
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Output buffer too small"));
|
|
case GRUB_EFI_NOT_FOUND:
|
|
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
|
|
+ case GRUB_EFI_VOLUME_FULL:
|
|
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("TPM event log is full"));
|
|
default:
|
|
- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error"));
|
|
+ return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error: %" PRIuGRUB_SIZE), status);
|
|
}
|
|
}
|
|
|
|
@@ -159,6 +161,7 @@ grub_tpm1_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,
|
|
grub_efi_tpm_protocol_t *tpm;
|
|
grub_efi_physical_address_t lastevent;
|
|
grub_uint32_t algorithm;
|
|
+ grub_err_t err;
|
|
grub_uint32_t eventnum = 0;
|
|
|
|
tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
|
|
@@ -182,7 +185,12 @@ grub_tpm1_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,
|
|
algorithm, event, &eventnum, &lastevent);
|
|
grub_free (event);
|
|
|
|
- return grub_efi_log_event_status (status);
|
|
+ err = grub_efi_log_event_status (status);
|
|
+ /* Log EFI_VOLUME_FULL and continue */
|
|
+ if (err == GRUB_ERR_OUT_OF_RANGE)
|
|
+ grub_print_error ();
|
|
+
|
|
+ return err;
|
|
}
|
|
|
|
static grub_err_t
|
|
@@ -193,6 +201,7 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,
|
|
EFI_TCG2_EVENT *event;
|
|
grub_efi_status_t status;
|
|
grub_efi_tpm2_protocol_t *tpm;
|
|
+ grub_err_t err;
|
|
|
|
tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
|
|
GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
|
|
@@ -218,7 +227,12 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf,
|
|
(grub_uint64_t) size, event);
|
|
grub_free (event);
|
|
|
|
- return grub_efi_log_event_status (status);
|
|
+ err = grub_efi_log_event_status (status);
|
|
+ /* Log EFI_VOLUME_FULL and continue */
|
|
+ if (err == GRUB_ERR_OUT_OF_RANGE)
|
|
+ grub_print_error ();
|
|
+
|
|
+ return err;
|
|
}
|
|
|
|
grub_err_t
|
|
--
|
|
2.34.1
|
|
|