On Fri, May 31, 2024 at 02:42:38PM +0200, Hector Cao wrote:
> The measurements for confidential computing has been introduced in the commit
> 4c76565b6 (efi/tpm: Add EFI_CC_MEASUREMENT_PROTOCOL support). Recently
> this patch 30708dfe3 (tpm: Disable the tpm verifier if the TPM device
> is not present) has been introduced to optimize the memory usage when
> TPM device is not available on the platform. This patch will prevent the
> tpm module to be loaded on confidential computing platform (for example
> Intel TDX) where no TPM device is available.
>
> In this patch, we propose to load the tpm module for this use case
> by generalizing the tpm feature detection in order to cover CC platforms.
> Basically, do we it by detecting the availability of the EFI protocol
> EFI_CC_MEASUREMENT_PROTOCOL.
>
> Fixes bug : https://savannah.gnu.org/bugs/?65821
Missing SOB...
> ---
> grub-core/commands/efi/tpm.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
> index f250c30db..386ea3d66 100644
> --- a/grub-core/commands/efi/tpm.c
> +++ b/grub-core/commands/efi/tpm.c
> @@ -292,6 +292,13 @@ grub_tpm_present (void)
> {
> grub_efi_handle_t tpm_handle;
> grub_efi_uint8_t protocol_version;
> + grub_efi_cc_protocol_t *cc;
> +
> + // if confidential computing measurement protocol is enabled
> + // we consider TPM is present
Please be in line with the GRUB coding style [1].
Otherwise patch LGTM.
> + cc = grub_efi_locate_protocol (&cc_measurement_guid, NULL);
> + if (cc != NULL)
> + return 1;
Daniel
[1] https://www.gnu.org/software/grub/manual/grub-dev/grub-dev.html#Comments
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
