SHA256
1
0
forked from pool/grub2
grub2/safe_tpm_pcr_snapshot.patch
Michael Chang 61a62ea989 Accepting request 1032365 from home:michael-chang:15sp5
- NVMeoFC support on grub (jsc#PED-996)
  * 0001-ieee1275-add-support-for-NVMeoFC.patch
  * 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch
  * 0003-ieee1275-change-the-logic-of-ieee1275_get_devargs.patch
  * 0004-ofpath-controller-name-update.patch
- TDX: Enhance grub2 measurement to TD RTMR (jsc#PED-1265)
  * 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch
  * 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch
  * 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
- Measure the kernel on POWER10 and extend TPM PCRs (PED-1990) 
  * 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch
  * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
- Fix efi pcr snapshot related funtion is defined but not used on powerpc
  platform.
  * safe_tpm_pcr_snapshot.patch

OBS-URL: https://build.opensuse.org/request/show/1032365
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=424
2022-11-01 04:59:50 +00:00

126 lines
3.0 KiB
Diff

---
grub-core/commands/tpm.c | 46 ++++++++++++++++++++++++++++++++++++----------
util/grub-install.c | 6 ++++--
2 files changed, 40 insertions(+), 12 deletions(-)
--- a/grub-core/commands/tpm.c
+++ b/grub-core/commands/tpm.c
@@ -27,8 +27,10 @@
#include <grub/verify.h>
#include <grub/dl.h>
#include <grub/extcmd.h>
+#ifdef GRUB_MACHINE_EFI
#include <grub/tpm2/tpm2.h>
#include <grub/efi/efi.h>
+#endif
GRUB_MOD_LICENSE ("GPLv3+");
@@ -87,12 +89,6 @@
.verify_string = grub_tpm_verify_string,
};
-/*
- * Preserve current PCR values and record them to an EFI variable
- */
-#define GRUB2_PCR_BITMASK_DEFAULT ((1 << 16) - 1)
-#define GRUB2_PCR_BITMASK_ALL ((1 << 24) - 1)
-
static const struct grub_arg_option grub_tpm_record_pcrs_options[] =
{
{
@@ -108,6 +104,14 @@
{0, 0, 0, 0, 0, 0}
};
+#ifdef GRUB_MACHINE_EFI
+
+/*
+ * Preserve current PCR values and record them to an EFI variable
+ */
+#define GRUB2_PCR_BITMASK_DEFAULT ((1 << 16) - 1)
+#define GRUB2_PCR_BITMASK_ALL ((1 << 24) - 1)
+
static grub_err_t
grub_tpm_parse_pcr_index (const char *word, const char **end_ret, unsigned int *index)
{
@@ -259,6 +263,10 @@
grub_size_t size = 0;
int n, rv = 1;
+ /* To prevent error: unable to read PCR from TPM, if no TPM device available */
+ if (!grub_tpm_present())
+ return GRUB_ERR_NONE;
+
if (argc == 0)
pcr_bitmask = GRUB2_PCR_BITMASK_DEFAULT;
else
@@ -287,13 +295,28 @@
return rv;
}
+#else
+
+static grub_err_t
+grub_tpm_record_pcrs (grub_extcmd_context_t ctxt __attribute__((unused)),
+ int argc __attribute__((unused)),
+ char **args __attribute__((unused)))
+{
+ return GRUB_ERR_NONE;
+}
+
+#endif
+
static grub_extcmd_t cmd;
GRUB_MOD_INIT (tpm)
{
- if (!grub_tpm_present())
- return;
+#ifdef GRUB_MACHINE_EFI
+ if (grub_tpm_present())
+ grub_verifier_register (&grub_tpm_verifier);
+#else
grub_verifier_register (&grub_tpm_verifier);
+#endif
cmd = grub_register_extcmd ("tpm_record_pcrs", grub_tpm_record_pcrs, 0,
N_("LIST_OF_PCRS"),
@@ -303,8 +326,11 @@
GRUB_MOD_FINI (tpm)
{
- if (!grub_tpm_present())
- return;
+#ifdef GRUB_MACHINE_EFI
+ if (grub_tpm_present())
+ grub_verifier_unregister (&grub_tpm_verifier);
+#else
grub_verifier_unregister (&grub_tpm_verifier);
+#endif
grub_unregister_extcmd (cmd);
}
--- a/util/grub-install.c
+++ b/util/grub-install.c
@@ -1457,8 +1457,9 @@
grub_util_unlink (load_cfg);
- if (1)
+ if (platform == GRUB_INSTALL_PLATFORM_X86_64_EFI && have_cryptodisk)
{
+ grub_install_push_module ("tpm");
load_cfg_f = grub_util_fopen (load_cfg, "wb");
have_load_cfg = 1;
fprintf (load_cfg_f, "tpm_record_pcrs 0-9\n");
@@ -1466,7 +1467,8 @@
if (debug_image && debug_image[0])
{
- load_cfg_f = grub_util_fopen (load_cfg, "wb");
+ if (!load_cfg_f)
+ load_cfg_f = grub_util_fopen (load_cfg, "wb");
have_load_cfg = 1;
fprintf (load_cfg_f, "set debug='%s'\n",
debug_image);