On Fri, Apr 12, 2024 at 11:26:48AM -0400, Stefan Berger wrote: > > > On 4/12/24 04:39, Gary Lin wrote: > > From: Hernan Gatta <hega...@linux.microsoft.com> > > > > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to > > compose, submit, and parse TPM commands and responses. > > compose and submit TPM commands and parse reponses. > > > > A limited number of TPM commands may be accessed via the EFI TCG2 > > protocol. This protocol exposes functionality that is primarily geared > > toward TPM usage within the context of Secure Boot. For all other TPM > > commands, however, such as sealing and unsealing, this protocol does not > > provide any help, with the exception of passthrough command submission. > > Other platforms don't have EFI at all... > The current target is the systems with EFI support. Since the EFI protocol is only used to submit the commands, other platforms with a proper grub_tcg2_submit_command() still can use the stack. For example, tcg2-emu.c implements that function for grub-emu, so that the test script can test key unsealing.
> > > > The SubmitCommand method allows a caller to send raw commands to the > > system's TPM and to receive the corresponding response. These > > command/response pairs are formatted using the TPM wire protocol. To > > construct commands in this way, and to parse the TPM's response, it is > > necessary to, first, possess knowledge of the various TPM structures, and, > > second, of the TPM wire protocol itself. > > > > As such, this patch includes a set of header files that define the > > necessary TPM structures and TSS functions, implementations of various > > TPM2_* functions (inventoried below), and logic to write and read command > > and response buffers, respectively, using the TPM wire protocol. > > > > Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl, > > TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest, > > TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal, > > TPM2_LoadExternal, TPM2_HashSequenceStart, TPM2_SequenceUpdate, > > TPM2_SequenceComplete, TPM2_Hash, TPM2_VerifySignature, > > HashSequenceStart, SequenceUpdate and SequenceComplete don't have callers > and could be removed. > Ok, we won't use them in the forseeable future, so I'm fine to remove them. I'll also remove the related structs and marshal/unmarshal functions. Thanks, Gary Lin _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
