rpm/grub2
SHA256
1
0
Fork 0
forked from pool/grub2
Code Pull Requests Activity
53e10b88bf
grub2/0001-tpm2-Add-extra-RSA-SRK-types.patch
Michael Chang 53da76e569 Accepting request 1174325 from home:gary_lin:branches:Base:System 
- Update to the latest upstreaming TPM2 patches
  * 0001-key_protector-Add-key-protectors-framework.patch
    - Replace 0001-protectors-Add-key-protectors-framework.patch
  * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch
    - Merge other TSS patches
      * 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch
      * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch
      * 0003-tpm2-Implement-more-TPM2-commands.patch
  * 0003-key_protector-Add-TPM2-Key-Protector.patch
    - Replace 0003-protectors-Add-TPM2-Key-Protector.patch
  * 0004-cryptodisk-Support-key-protectors.patch
  * 0005-util-grub-protect-Add-new-tool.patch
  * 0001-tpm2-Support-authorized-policy.patch
    - Replace 0004-tpm2-Support-authorized-policy.patch
  * 0001-tpm2-Add-extra-RSA-SRK-types.patch
  * 0001-tpm2-Implement-NV-index.patch
    - Replace 0001-protectors-Implement-NV-index.patch
  * 0002-cryptodisk-Fallback-to-passphrase.patch
  * 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
  * 0004-diskfilter-look-up-cryptodisk-devices-first.patch
- Refresh affected patches
  * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
  * grub2-bsc1220338-key_protector-implement-the-blocklist.patch
- New manpage for grub2-protect

OBS-URL: https://build.opensuse.org/request/show/1174325
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=504
2024-05-16 07:26:55 +00:00

98 lines
3.0 KiB
Diff
Raw Blame History

From f41a45b080cb9c6f59879a3e23f9ec2380015a16 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Thu, 25 Apr 2024 16:21:45 +0800
Subject: [PATCH] tpm2: Add extra RSA SRK types
Since fde-tools may set RSA3072 and RSA4096 as the SRK type, grub2 has
to support those parameters.
Signed-off-by: Gary Lin <glin@suse.com>
---
grub-core/tpm2/args.c | 12 ++++++++++++
grub-core/tpm2/module.c | 16 ++++++++++++++--
util/grub-protect.c | 4 ++--
3 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/grub-core/tpm2/args.c b/grub-core/tpm2/args.c
index c11280ab9..d140364d2 100644
--- a/grub-core/tpm2/args.c
+++ b/grub-core/tpm2/args.c
@@ -92,6 +92,18 @@ grub_tpm2_protector_parse_asymmetric (const char *value,
srk_type->type = TPM_ALG_RSA;
srk_type->detail.rsa_bits = 2048;
}
+ else if (grub_strcasecmp (value, "RSA") == 0 ||
+ grub_strcasecmp (value, "RSA3072") == 0)
+ {
+ srk_type->type = TPM_ALG_RSA;
+ srk_type->detail.rsa_bits = 3072;
+ }
+ else if (grub_strcasecmp (value, "RSA") == 0 ||
+ grub_strcasecmp (value, "RSA4096") == 0)
+ {
+ srk_type->type = TPM_ALG_RSA;
+ srk_type->detail.rsa_bits = 4096;
+ }
else
return grub_error (GRUB_ERR_OUT_OF_RANGE,
N_("Value '%s' is not a valid asymmetric key type"),
diff --git a/grub-core/tpm2/module.c b/grub-core/tpm2/module.c
index b754b38df..8b72ed6fa 100644
--- a/grub-core/tpm2/module.c
+++ b/grub-core/tpm2/module.c
@@ -136,8 +136,8 @@ static const struct grub_arg_option grub_tpm2_protector_init_cmd_options[] =
.arg = NULL,
.type = ARG_TYPE_STRING,
.doc =
- N_("In SRK mode, the type of SRK: RSA (RSA2048) and ECC (ECC_NIST_P256)"
- "(default: ECC)"),
+ N_("In SRK mode, the type of SRK: RSA (RSA2048), RSA3072, RSA4096, "
+ "and ECC (ECC_NIST_P256). (default: ECC)"),
},
/* NV Index-mode options */
{
@@ -541,6 +541,10 @@ srk_type_to_name (grub_srk_type_t srk_type)
{
case 2048:
return "RSA2048";
+ case 3072:
+ return "RSA3072";
+ case 4096:
+ return "RSA4096";
}
}
@@ -561,6 +565,14 @@ grub_tpm2_protector_load_key (const struct grub_tpm2_protector_context *ctx,
.type = TPM_ALG_ECC,
.detail.ecc_curve = TPM_ECC_NIST_P256,
},
+ {
+ .type = TPM_ALG_RSA,
+ .detail.rsa_bits = 4096,
+ },
+ {
+ .type = TPM_ALG_RSA,
+ .detail.rsa_bits = 3072,
+ },
{
.type = TPM_ALG_RSA,
.detail.rsa_bits = 2048,
diff --git a/util/grub-protect.c b/util/grub-protect.c
index 869f45861..00be03ca0 100644
--- a/util/grub-protect.c
+++ b/util/grub-protect.c
@@ -199,8 +199,8 @@ static struct argp_option grub_protect_options[] =
.arg = "TYPE",
.flags = 0,
.doc =
- N_("The type of SRK: RSA (RSA2048) and ECC (ECC_NIST_P256)."
- "(default: ECC)"),
+ N_("The type of SRK: RSA (RSA2048), RSA3072, RSA4096, "
+ "and ECC (ECC_NIST_P256). (default: ECC)"),
.group = 0
},
{
--
2.35.3
View Git Blame Copy Permalink