[PATCH v3 0/1] tpm: Don't propagate measurement failures to the verifiers layer

Mon, 31 Oct 2022 14:42:26 -0700 

Address Daniel's and James's feedback on previous version by adding an
environment variable to restore the TPM hard failure behavior.  Interdiff
attached.

Be well,
--Robbie

Robbie Harwood (1):
  tpm: Don't propagate measurement failures to the verifiers layer

 docs/grub.texi           |  9 +++++++++
 grub-core/commands/tpm.c | 29 ++++++++++++++++++++++++++---
 2 files changed, 35 insertions(+), 3 deletions(-)

Interdiff against v2:
diff --git a/docs/grub.texi b/docs/grub.texi
index 2d6cd83580..eb43d8970d 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -3318,6 +3318,7 @@ These variables have special meaning to GRUB.
 * theme::
 * timeout::
 * timeout_style::
+* tpm_fail_fatal::
 @end menu
 
 
@@ -3825,6 +3826,14 @@ displaying the menu.  See the documentation of 
@samp{GRUB_TIMEOUT_STYLE}
 (@pxref{Simple configuration}) for details.
 
 
+@node tpm_fail_fatal
+@subsection tpm_fail_fatal
+
+If this variable is enabled, TPM measurements that fail will be treated
+as fatal.  Otherwise, they will merely be debug-logged and boot will
+continue.
+
+
 @node Environment block
 @section The GRUB environment block
 
diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
index 24874ffacb..ca088055dd 100644
--- a/grub-core/commands/tpm.c
+++ b/grub-core/commands/tpm.c
@@ -18,6 +18,7 @@
  *  Core TPM support code.
  */
 
+#include <grub/env.h>
 #include <grub/err.h>
 #include <grub/i18n.h>
 #include <grub/misc.h>
@@ -26,6 +27,7 @@
 #include <grub/term.h>
 #include <grub/verify.h>
 #include <grub/dl.h>
+#include <stdbool.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -39,14 +41,27 @@ grub_tpm_verify_init (grub_file_t io,
   return GRUB_ERR_NONE;
 }
 
+static inline bool
+is_tpm_fail_fatal (void)
+{
+  const char *val = grub_env_get ("tpm_fail_fatal");
+
+  if (val == NULL || grub_strlen (val) < 1 || grub_strcmp (val, "0") == 0 ||
+      grub_strcmp (val, "false") == 0)
+    return false;
+  return true;
+}
+
 static grub_err_t
 grub_tpm_verify_write (void *context, void *buf, grub_size_t size)
 {
   grub_err_t status = grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context);
 
-  if (status)
-    grub_dprintf ("tpm", "Measuring buffer failed: %d\n", status);
-  return GRUB_ERR_NONE;
+  if (status == GRUB_ERR_NONE)
+    return GRUB_ERR_NONE;
+
+  grub_dprintf ("tpm", "Measuring buffer failed: %d\n", status);
+  return is_tpm_fail_fatal () ? status : GRUB_ERR_NONE;
 }
 
 static grub_err_t
@@ -77,10 +92,12 @@ grub_tpm_verify_string (char *str, enum 
grub_verify_string_type type)
   status =
     grub_tpm_measure ((unsigned char *) str, grub_strlen (str),
                      GRUB_STRING_PCR, description);
-  if (status)
-    grub_dprintf ("tpm", "Measuring string %s failed: %d\n", str, status);
   grub_free (description);
-  return GRUB_ERR_NONE;
+  if (status == GRUB_ERR_NONE)
+    return GRUB_ERR_NONE;
+
+  grub_dprintf ("tpm", "Measuring string %s failed: %d\n", str, status);
+  return is_tpm_fail_fatal () ? status : GRUB_ERR_NONE;
 }
 
 struct grub_file_verifier grub_tpm_verifier = {
-- 
2.35.1


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to