On Tue, Jun 18, 2024 at 03:30:03PM +0200, Daniel Kiper wrote: > On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote: > > From: Hernan Gatta <hega...@linux.microsoft.com> > > > > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to > > compose and submit TPM commands and parse reponses. > > > > A limited number of TPM commands may be accessed via the EFI TCG2 > > protocol. This protocol exposes functionality that is primarily geared > > toward TPM usage within the context of Secure Boot. For all other TPM > > commands, however, such as sealing and unsealing, this protocol does not > > provide any help, with the exception of passthrough command submission. > > > > The SubmitCommand method allows a caller to send raw commands to the > > system's TPM and to receive the corresponding response. These > > command/response pairs are formatted using the TPM wire protocol. To > > construct commands in this way, and to parse the TPM's response, it is > > necessary to, first, possess knowledge of the various TPM structures, and, > > second, of the TPM wire protocol itself. > > > > As such, this patch includes a set of header files that define the > > necessary TPM structures and TSS functions, implementations of various > > TPM2_* functions (inventoried below), and logic to write and read command > > and response buffers, respectively, using the TPM wire protocol. > > > > Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl, > > TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest, > > TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal, > > TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature, > > TPM2_PolicyAuthorize, TPM2_TestParms > > > > Signed-off-by: Hernan Gatta <hega...@linux.microsoft.com> > > Signed-off-by: Gary Lin <g...@suse.com> > > Reviewed-by: Stefan Berger <stef...@linux.ibm.com> > > --- > > grub-core/tpm2/buffer.c | 145 +++ > > grub-core/tpm2/mu.c | 1168 ++++++++++++++++++++++++ > > grub-core/tpm2/tcg2.c | 143 +++ > > grub-core/tpm2/tpm2.c | 1048 +++++++++++++++++++++ > > include/grub/tpm2/buffer.h | 65 ++ > > include/grub/tpm2/internal/functions.h | 156 ++++ > > include/grub/tpm2/internal/structs.h | 768 ++++++++++++++++ > > include/grub/tpm2/internal/types.h | 403 ++++++++ > > include/grub/tpm2/mu.h | 396 ++++++++ > > include/grub/tpm2/tcg2.h | 34 + > > include/grub/tpm2/tpm2.h | 34 + > > 11 files changed, 4360 insertions(+) > > create mode 100644 grub-core/tpm2/buffer.c > > create mode 100644 grub-core/tpm2/mu.c > > create mode 100644 grub-core/tpm2/tcg2.c > > create mode 100644 grub-core/tpm2/tpm2.c > > create mode 100644 include/grub/tpm2/buffer.h > > create mode 100644 include/grub/tpm2/internal/functions.h > > create mode 100644 include/grub/tpm2/internal/structs.h > > create mode 100644 include/grub/tpm2/internal/types.h > > create mode 100644 include/grub/tpm2/mu.h > > create mode 100644 include/grub/tpm2/tcg2.h > > create mode 100644 include/grub/tpm2/tpm2.h > > > > diff --git a/grub-core/tpm2/buffer.c b/grub-core/tpm2/buffer.c > > new file mode 100644 > > index 000000000..cb9f29497 > > --- /dev/null > > +++ b/grub-core/tpm2/buffer.c > > I think this together with other TPM2 driver files should go to the > grub-core/commands/efi/tpm2 directory. > The TPM2 stack is not EFI only. The only EFI related code is in grub-core/tpm2/tcg2.c which mainly implements how the TPM2 commands to be submitted. I'd propose to move them to grub-core/commands/tpm2 and rename tcg2.c to tcg2-efi.c.
> > @@ -0,0 +1,145 @@ > > +/* > > + * GRUB -- GRand Unified Bootloader > > + * Copyright (C) 2022 Microsoft Corporation > > + * > > + * GRUB is free software: you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License as published by > > + * the Free Software Foundation, either version 3 of the License, or > > + * (at your option) any later version. > > + * > > + * GRUB is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > + * GNU General Public License for more details. > > + * > > + * You should have received a copy of the GNU General Public License > > + * along with GRUB. If not, see <http://www.gnu.org/licenses/>. > > + */ > > + > > +#include <grub/misc.h> > > +#include <grub/tpm2/buffer.h> > > + > > +void grub_tpm2_buffer_init (grub_tpm2_buffer_t buffer) > > +{ > > + grub_memset (buffer->data, 0xDD, sizeof (buffer->data)); > > If you init the buffer->data with 0xDD instead of 0 then it begs for > a comment. And s/0xDD/0xdd/... > It should be 0. I'll fix in v18. > > + buffer->size = 0; > > + buffer->offset = 0; > > + buffer->cap = sizeof (buffer->data); > > + buffer->error = 0; > > +} > > + > > +void > > +grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void* data, > > + grub_size_t size) > > +{ > > + grub_uint32_t r = buffer->cap - buffer->size; > > + > > + if (buffer->error) > > + return; > > + > > + if (size > r) > > + { > > + buffer->error = 1; > > + return; > > + } > > + > > + grub_memcpy (&buffer->data[buffer->size], (void*) data, size); > > + buffer->size += size; > > +} > > + > > +void > > +grub_tpm2_buffer_pack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t value) > > +{ > > + grub_tpm2_buffer_pack (buffer, (const char*) &value, sizeof (value)); > > +} > > + > > +void > > +grub_tpm2_buffer_pack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t value) > > +{ > > + grub_uint16_t tmp = grub_cpu_to_be16 (value); > > I would add an empty line here. > > > + grub_tpm2_buffer_pack (buffer, (const char*) &tmp, sizeof (tmp)); > > +} > > + > > +void > > +grub_tpm2_buffer_pack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t value) > > +{ > > + grub_uint32_t tmp = grub_cpu_to_be32 (value); > > Ditto and below please if needed... > I'll go through the whole patch and fix the similar issue. > > + grub_tpm2_buffer_pack (buffer, (const char*) &tmp, sizeof (tmp)); > > +} > > [...] > > > diff --git a/grub-core/tpm2/mu.c b/grub-core/tpm2/mu.c > > new file mode 100644 > > index 000000000..10ed71c04 > > --- /dev/null > > +++ b/grub-core/tpm2/mu.c > > I can imagine where it comes from but I think it should be efi.c instead > of mu.c. > No, it's not from the MU firmware but stands for Marshal/Unmarshal. The similar naming policy from tpm2-tss: https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h > > @@ -0,0 +1,1168 @@ > > +/* > > + * GRUB -- GRand Unified Bootloader > > + * Copyright (C) 2022 Microsoft Corporation > > + * > > + * GRUB is free software: you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License as published by > > + * the Free Software Foundation, either version 3 of the License, or > > + * (at your option) any later version. > > + * > > + * GRUB is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > + * GNU General Public License for more details. > > + * > > + * You should have received a copy of the GNU General Public License > > + * along with GRUB. If not, see <http://www.gnu.org/licenses/>. > > + */ > > + > > +#include <grub/misc.h> > > +#include <grub/tpm2/mu.h> > > + > > +void > > +grub_tpm2_mu_TPMS_AUTH_COMMAND_Marshal (grub_tpm2_buffer_t buffer, > > + const TPMS_AUTH_COMMAND* authCommand) > > s/grub_tpm2_mu_TPMS_AUTH_COMMAND_Marshal/grub_efi_tpm2_TPMS_AUTH_COMMAND_Marshal/ > > I would change "grub_tpm2_mu_" prefix to "grub_efi_tpm2_" everywhere. > As mentioned above, it's not EFI related, so the renaming is not necessary. > > +{ > > + grub_uint32_t start; > > + grub_uint32_t tmp; > > + > > + grub_tpm2_buffer_pack_u32 (buffer, 0); > > + start = buffer->size; > > + > > + grub_tpm2_buffer_pack_u32 (buffer, authCommand->sessionHandle); > > + > > + grub_tpm2_buffer_pack_u16 (buffer, authCommand->nonce.size); > > + grub_tpm2_buffer_pack (buffer, authCommand->nonce.buffer, > > + authCommand->nonce.size); > > + > > + grub_tpm2_buffer_pack_u8 (buffer, > > + *((const grub_uint8_t*) > > &authCommand->sessionAttributes)); > > + > > + grub_tpm2_buffer_pack_u16 (buffer, authCommand->hmac.size); > > + grub_tpm2_buffer_pack (buffer, authCommand->hmac.buffer, > > + authCommand->hmac.size); > > + > > + tmp = grub_cpu_to_be32 (buffer->size - start); > > + grub_memcpy (&buffer->data[start - sizeof (grub_uint32_t)], &tmp, > > + sizeof (tmp)); > > +} > > + > > +void > > +grub_tpm2_mu_TPM2B_Marshal (grub_tpm2_buffer_t buffer, > > + const grub_uint16_t size, > > + const grub_uint8_t* b) > > s/grub_tpm2_mu_TPM2B_Marshal/grub_efi_tpm2_TPM2B_Marshal/ and similar > changes below please... > > > +{ > > + grub_tpm2_buffer_pack_u16 (buffer, size); > > + > > + for (grub_uint16_t i = 0; i < size; i++) > > + grub_tpm2_buffer_pack_u8 (buffer, b[i]); > > +} > > [...] > > > +static void > > +__tpm2_mu_TPM2B_BUFFER_Unmarshal (grub_tpm2_buffer_t buffer, > > + TPM2B* p, grub_uint16_t bound) > > I think this... > > > +{ > > + grub_tpm2_buffer_unpack_u16 (buffer, &p->size); > > + > > + if (p->size > bound) > > + { > > + buffer->error = 1; > > + return; > > + } > > + > > + grub_tpm2_buffer_unpack (buffer, &p->buffer, p->size); > > +} > > + > > +#define TPM2B_BUFFER_UNMARSHAL(buffer, type, data) \ > > + __tpm2_mu_TPM2B_BUFFER_Unmarshal(buffer, (TPM2B *)data, sizeof(type) - > > sizeof(grub_uint16_t)) > > ... and this... > > > + > > +void > > +grub_tpm2_mu_TPMS_AUTH_RESPONSE_Unmarshal (grub_tpm2_buffer_t buffer, > > + TPMS_AUTH_RESPONSE* p) > > ... should go behind this... > > > +{ > > + grub_uint8_t tmp; > > + grub_uint32_t tmp32; > > + > > + grub_tpm2_buffer_unpack_u16 (buffer, &p->nonce.size); > > + > > + if (p->nonce.size) > > + grub_tpm2_buffer_unpack (buffer, &p->nonce.buffer, p->nonce.size); > > + > > + grub_tpm2_buffer_unpack_u8 (buffer, &tmp); > > + tmp32 = tmp; > > + grub_memcpy (&p->sessionAttributes, &tmp32, sizeof (grub_uint32_t)); > > + > > + grub_tpm2_buffer_unpack_u16 (buffer, &p->hmac.size); > > + > > + if (p->hmac.size) > > + grub_tpm2_buffer_unpack (buffer, &p->hmac.buffer, p->hmac.size); > > +} > > + > > +void > > +grub_tpm2_mu_TPM2B_DIGEST_Unmarshal (grub_tpm2_buffer_t buffer, > > + TPM2B_DIGEST* digest) > > +{ > > + TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_DIGEST, digest); > > +} > > + > > +void > > +grub_tpm2_mu_TPM2B_NONCE_Unmarshal (grub_tpm2_buffer_t buffer, > > + TPM2B_NONCE* nonce) > > +{ > > + TPM2B_BUFFER_UNMARSHAL (buffer, TPM2B_NONCE, nonce); > > +} > > [...] > > > diff --git a/grub-core/tpm2/tcg2.c b/grub-core/tpm2/tcg2.c > > new file mode 100644 > > index 000000000..9e4b7f565 > > --- /dev/null > > +++ b/grub-core/tpm2/tcg2.c > > @@ -0,0 +1,143 @@ > > +/* > > + * GRUB -- GRand Unified Bootloader > > + * Copyright (C) 2022 Microsoft Corporation > > + * > > + * GRUB is free software: you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License as published by > > + * the Free Software Foundation, either version 3 of the License, or > > + * (at your option) any later version. > > + * > > + * GRUB is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > + * GNU General Public License for more details. > > + * > > + * You should have received a copy of the GNU General Public License > > + * along with GRUB. If not, see <http://www.gnu.org/licenses/>. > > + */ > > + > > +#include <grub/efi/api.h> > > +#include <grub/efi/efi.h> > > +#include <grub/efi/tpm.h> > > +#include <grub/mm.h> > > +#include <grub/tpm2/tcg2.h> > > + > > +static grub_err_t > > +grub_tcg2_get_caps (grub_efi_tpm2_protocol_t *protocol, int *tpm2, > > + grub_size_t *max_output_size) > > +{ > > + grub_efi_status_t status; > > + > > I would drop this empty line. Please fix similar things in the other > places too. > Sure. I'll check the patch to remove the unnecessary lines. > > + static int has_caps = 0; > > + static EFI_TCG2_BOOT_SERVICE_CAPABILITY caps = > > + { > > + .Size = (grub_uint8_t) sizeof (caps) > > + }; > > + > > + if (has_caps) > > + goto exit; > > + > > + status = protocol->get_capability (protocol, &caps); > > + if (status != GRUB_EFI_SUCCESS || !caps.TPMPresentFlag) > > + return GRUB_ERR_FILE_NOT_FOUND; > > + > > + has_caps = 1; > > + > > +exit: > > Missing space before label. Please fix similar things in the other > places too. > Ok, I'll add the missing spaces to the labels. > > + if (tpm2) > > I prefer > if (tpm2 != NULL) > > > + *tpm2 = caps.TPMPresentFlag; > > + if (max_output_size) > > Ditto... Especially here short form can be confusing... > Please fix similar problems everywhere. > Got it. > > + *max_output_size = caps.MaxResponseSize; > > + > > + return GRUB_ERR_NONE; > > +} > > + > > +static grub_err_t > > +grub_tcg2_get_protocol (grub_efi_tpm2_protocol_t **protocol) > > +{ > > + static grub_guid_t tpm2_guid = EFI_TPM2_GUID; > > + static grub_efi_tpm2_protocol_t *tpm2_protocol = NULL; > > + > > + int tpm2; > > + grub_efi_handle_t *handles; > > + grub_efi_uintn_t num_handles; > > + grub_efi_handle_t tpm2_handle; > > + grub_err_t err = GRUB_ERR_FILE_NOT_FOUND; > > + > > + if (tpm2_protocol) > > + { > > + *protocol = tpm2_protocol; > > + return GRUB_ERR_NONE; > > + } > > + > > + handles = grub_efi_locate_handle (GRUB_EFI_BY_PROTOCOL, &tpm2_guid, NULL, > > + &num_handles); > > + if (!handles || !num_handles) > > + return err; > > + > > + tpm2_handle = handles[0]; > > + > > + tpm2_protocol = grub_efi_open_protocol (tpm2_handle, &tpm2_guid, > > + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); > > + if (!tpm2_protocol) > > + goto exit; > > + > > + err = grub_tcg2_get_caps (tpm2_protocol, &tpm2, NULL); > > + if (err || !tpm2) > > + goto exit; > > + > > + *protocol = tpm2_protocol; > > + err = GRUB_ERR_NONE; > > + > > +exit: > > + grub_free (handles); > > + return err; > > +} > > [...] > > > diff --git a/include/grub/tpm2/buffer.h b/include/grub/tpm2/buffer.h > > new file mode 100644 > > index 000000000..87dcd8d6c > > --- /dev/null > > +++ b/include/grub/tpm2/buffer.h > > @@ -0,0 +1,65 @@ > > +/* > > + * GRUB -- GRand Unified Bootloader > > + * Copyright (C) 2022 Microsoft Corporation > > + * > > + * GRUB is free software: you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License as published by > > + * the Free Software Foundation, either version 3 of the License, or > > + * (at your option) any later version. > > + * > > + * GRUB is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > + * GNU General Public License for more details. > > + * > > + * You should have received a copy of the GNU General Public License > > + * along with GRUB. If not, see <http://www.gnu.org/licenses/>. > > + */ > > + > > +#ifndef GRUB_TPM2_BUFFER_HEADER > > +#define GRUB_TPM2_BUFFER_HEADER 1 > > + > > +#include <grub/types.h> > > + > > +#define GRUB_TPM2_BUFFER_CAPACITY 4096 > > + > > +struct grub_tpm2_buffer > > +{ > > + grub_uint8_t data[GRUB_TPM2_BUFFER_CAPACITY]; > > + grub_size_t size; > > + grub_size_t offset; > > + grub_size_t cap; > > + int error; > > The int does not look right for me here. Yeah, grub_bool_t is better for this variable. > > > +}; > > +typedef struct grub_tpm2_buffer *grub_tpm2_buffer_t; > > + > > +void > > +grub_tpm2_buffer_init (grub_tpm2_buffer_t buffer); > > + > > +void > > +grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void* data, > > + grub_size_t size); > > + > > +void > > +grub_tpm2_buffer_pack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t value); > > + > > +void > > +grub_tpm2_buffer_pack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t value); > > + > > +void > > +grub_tpm2_buffer_pack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t value); > > + > > +void > > +grub_tpm2_buffer_unpack (grub_tpm2_buffer_t buffer, void* data, > > + grub_size_t size); > > + > > +void > > +grub_tpm2_buffer_unpack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t* > > value); > > + > > +void > > +grub_tpm2_buffer_unpack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t* > > value); > > + > > +void > > +grub_tpm2_buffer_unpack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t* > > value); > > Is not all that stuff internal thing? If yes it should not go to the > include/grub/tpm2 dir. > Currently, the tpm2 module is the only user. I'll move them to the tpm2 dir. > [...] > > > diff --git a/include/grub/tpm2/internal/structs.h > > b/include/grub/tpm2/internal/structs.h > > new file mode 100644 > > index 000000000..c615d71e9 > > --- /dev/null > > +++ b/include/grub/tpm2/internal/structs.h > > @@ -0,0 +1,768 @@ > > +/* > > + * GRUB -- GRand Unified Bootloader > > + * Copyright (C) 2022 Microsoft Corporation > > + * > > + * GRUB is free software: you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License as published by > > + * the Free Software Foundation, either version 3 of the License, or > > + * (at your option) any later version. > > + * > > + * GRUB is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > + * GNU General Public License for more details. > > + * > > + * You should have received a copy of the GNU General Public License > > + * along with GRUB. If not, see <http://www.gnu.org/licenses/>. > > + */ > > + > > +#ifndef GRUB_TPM2_INTERNAL_STRUCTS_HEADER > > +#define GRUB_TPM2_INTERNAL_STRUCTS_HEADER 1 > > + > > +#include <grub/tpm2/internal/types.h> > > + > > [...] > > > +/* TPMA_SESSION Structure */ > > +struct TPMA_SESSION > > +{ > > + unsigned int continueSession:1; > > + unsigned int auditExclusive:1; > > + unsigned int auditReset:1; > > + unsigned int reserved1:2; > > + unsigned int decrypt:1; > > + unsigned int encrypt:1; > > + unsigned int audit:1; > > + unsigned int reserved:24; > > s/unsigned int/grub_uint32_t/? > Hmmm, I overlooked this struct. Per TPM2 spec, TPMA_SESSION is actually UINT8. However, the unpack function covered the mistake so the TPM2 commands still work. Will fix it in v18. > > +}; > > +typedef struct TPMA_SESSION TPMA_SESSION; > > [...] > > > +/* TPMA_OBJECT Structure */ > > +struct TPMA_OBJECT > > +{ > > + unsigned int reserved1:1; > > + unsigned int fixedTPM:1; > > + unsigned int stClear:1; > > + unsigned int reserved2:1; > > + unsigned int fixedParent:1; > > + unsigned int sensitiveDataOrigin:1; > > + unsigned int userWithAuth:1; > > + unsigned int adminWithPolicy:1; > > + unsigned int reserved3:2; > > + unsigned int noDA:1; > > + unsigned int encryptedDuplication:1; > > + unsigned int reserved4:4; > > + unsigned int restricted:1; > > + unsigned int decrypt:1; > > + unsigned int sign:1; > > + unsigned int reserved5:13; > > s/unsigned int/grub_uint64_t/? > It's UINT32. Will fix it in v18. > > +}; > > +typedef struct TPMA_OBJECT TPMA_OBJECT; > > [...] > > > +/* TPMA_LOCALITY Structure */ > > +struct TPMA_LOCALITY > > +{ > > + unsigned char TPM_LOC_ZERO:1; > > + unsigned char TPM_LOC_ONE:1; > > + unsigned char TPM_LOC_TWO:1; > > + unsigned char TPM_LOC_THREE:1; > > + unsigned char TPM_LOC_FOUR:1; > > + unsigned char Extended:3; > > s/unsigned char/grub_uint8_t/? > > And similar things below... > Ok, I'll check the header to fix those types... > > +}; > > +typedef struct TPMA_LOCALITY TPMA_LOCALITY; > > [...] > > > diff --git a/include/grub/tpm2/tcg2.h b/include/grub/tpm2/tcg2.h > > new file mode 100644 > > index 000000000..553b3fd93 > > --- /dev/null > > +++ b/include/grub/tpm2/tcg2.h > > @@ -0,0 +1,34 @@ > > +/* > > + * GRUB -- GRand Unified Bootloader > > + * Copyright (C) 2022 Microsoft Corporation > > + * > > + * GRUB is free software: you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License as published by > > + * the Free Software Foundation, either version 3 of the License, or > > + * (at your option) any later version. > > + * > > + * GRUB is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > + * GNU General Public License for more details. > > + * > > + * You should have received a copy of the GNU General Public License > > + * along with GRUB. If not, see <http://www.gnu.org/licenses/>. > > + */ > > + > > +#ifndef GRUB_TPM2_TCG2_HEADER > > +#define GRUB_TPM2_TCG2_HEADER 1 > > + > > +#include <grub/err.h> > > +#include <grub/types.h> > > + > > +grub_err_t > > +grub_tcg2_get_max_output_size (grub_size_t *size); > > + > > +grub_err_t > > +grub_tcg2_submit_command (grub_size_t input_size, > > + grub_uint8_t *input, > > + grub_size_t output_size, > > + grub_uint8_t *output); > > + > > +#endif /* ! GRUB_TPM2_TCG2_HEADER */ > > diff --git a/include/grub/tpm2/tpm2.h b/include/grub/tpm2/tpm2.h > > new file mode 100644 > > index 000000000..cfdc9edcd > > --- /dev/null > > +++ b/include/grub/tpm2/tpm2.h > > @@ -0,0 +1,34 @@ > > +/* > > + * GRUB -- GRand Unified Bootloader > > + * Copyright (C) 2022 Microsoft Corporation > > I think you should add > Copyright (C) 2024 Free Software Foundation, Inc. > everywhere in this patch. Maybe in the others too. > Will do that in v18. > > + * GRUB is free software: you can redistribute it and/or modify > > + * it under the terms of the GNU General Public License as published by > > + * the Free Software Foundation, either version 3 of the License, or > > + * (at your option) any later version. > > + * > > + * GRUB is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > + * GNU General Public License for more details. > > + * > > + * You should have received a copy of the GNU General Public License > > + * along with GRUB. If not, see <http://www.gnu.org/licenses/>. > > + */ > > + > > +#ifndef GRUB_TPM2_TPM2_HEADER > > +#define GRUB_TPM2_TPM2_HEADER 1 > > + > > +#include <grub/tpm2/internal/types.h> > > +#include <grub/tpm2/internal/structs.h> > > +#include <grub/tpm2/internal/functions.h> > > You put all three headers into "internal" directory and then you make > all that stuff public. Something is off here. Please export to the rest > of the GRUB only minimal set of TPM2 functions. Additionally, all names, > functions, types, structs, variables, constants, etc. exported outside > of a compilation unit should be prefixed with "grub_" or "GRUB_" respectively. > All typedefs should end with "_t". In general please be in line with > the GRUB coding style. > > > +/* Well-Known Windows SRK handle */ > > +#define TPM2_SRK_HANDLE 0x81000001 > > + > > +typedef struct TPM2_SEALED_KEY { > > Please be inline with the GRUB coding style. So, define struct first and > then typedef. > Ok, I'll fix them. Gary Lin > > + TPM2B_PUBLIC public; > > + TPM2B_PRIVATE private; > > +} TPM2_SEALED_KEY; > > Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
