On 12/13/22 11:35, Daniel Kiper wrote:
On Thu, Dec 01, 2022 at 04:12:01PM -0500, Stefan Berger wrote:
Add support for trusted boot using a vTPM 2.0 on the IBM IEEE1275
PowerPC platform. With this patch grub now measures text and binary data
into the TPM's PCRs 8 and 9 in the same way as the x86_64 platform
does.
+}
+
+grub_err_t
+grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
+ const char *description)
+{
+ grub_err_t err = tpm_init ();
This should happen on module load. Then code in tpm_init() and here should
be much simpler.
I tried moving this into GRUB_MOD_INIT() but at that point it doesn't succeed
to find the device it seems. I have to repeat the tpm_init () call then later
on in this function here when an actual measurement is to be done and then it
is able to find the device. I'd rather leave it as-is now.
It looked like this:
GRUB_MOD_INIT (ibmvtpm)
{
init_success = tpm_init ();
}
GRUB_MOD_FINI (ibmvtpm)
{
if (tpm_ihandle != IEEE1275_IHANDLE_INVALID)
grub_ieee1275_close (tpm_ihandle);
}
Stefan
+ /* Absence of a TPM isn't a failure. */
+ if (err != GRUB_ERR_NONE)
+ return GRUB_ERR_NONE;
+
+ grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ",
%s\n",
+ pcr, size, description);
+
+ if (tpm_version == 2)
+ return tpm2_log_event (buf, size, pcr, description);
+
+ return GRUB_ERR_NONE;
+}
Daniel
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
