Based on the patch from Olaf Kirch <o...@suse.com>
The sealed key is the subject to change and measuring the file into PCR9
makes the prediction of PCR9 value impossible. This commit opens the
file with GRUB_FILE_TYPE_SIGNATURE to avoid the measurement.
Signed-off-by: Gary Lin <g...@suse.com>
---
grub-core/tpm2/module.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/grub-core/tpm2/module.c b/grub-core/tpm2/module.c
index c35bfabdb..bebdecd1c 100644
--- a/grub-core/tpm2/module.c
+++ b/grub-core/tpm2/module.c
@@ -139,7 +139,9 @@ grub_tpm2_protector_srk_read_keyfile (const char *filepath,
void **buffer,
void *sealed_key_buffer;
grub_off_t sealed_key_read;
- sealed_key_file = grub_file_open (filepath, GRUB_FILE_TYPE_NONE);
+ /* Using GRUB_FILE_TYPE_SIGNATURE ensures we do not hash the keyfile into
PCR9
+ * otherwise we'll never be able to predict the value of PCR9 at unseal time
*/
+ sealed_key_file = grub_file_open (filepath, GRUB_FILE_TYPE_SIGNATURE);
if (!sealed_key_file)
{
grub_dprintf ("tpm2", "Could not open sealed key file.\n");
--
2.35.3
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
