On Fri, Jun 28, 2024 at 04:19:07PM +0800, Gary Lin via Grub-devel wrote:
> As a preparation to test tpm2_key_protector with grub-emu, the new
> option, --tpm-device, is introduced to specify the TPM device for
> grub-emu so that grub-emu can share the emulated TPM device with
> the host.
>
> Since grub-emu can directly access the device node on host, it's easy to
> implement the essential TCG2 command submission function with the
> read/write functions and enable tpm2_key_protector module for grub-emu,
> so that we can further test TPM2 key unsealing with grub-emu.
>
> Signed-off-by: Gary Lin <g...@suse.com>
> Reviewed-by: Stefan Berger <stef...@linux.ibm.com>
> ---
>  grub-core/Makefile.core.def   |  3 ++
>  grub-core/kern/emu/main.c     | 11 ++++++-
>  grub-core/kern/emu/misc.c     | 51 +++++++++++++++++++++++++++++++++
>  grub-core/lib/tss2/tcg2_emu.c | 54 +++++++++++++++++++++++++++++++++++
>  include/grub/emu/misc.h       |  5 ++++
>  5 files changed, 123 insertions(+), 1 deletion(-)
>  create mode 100644 grub-core/lib/tss2/tcg2_emu.c
>
> diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
> index d54c12574..df07c0f0e 100644
> --- a/grub-core/Makefile.core.def
> +++ b/grub-core/Makefile.core.def
> @@ -2574,7 +2574,9 @@ module = {
>    common = lib/tss2/tpm2_cmd.c;
>    common = lib/tss2/tss2.c;
>    efi = lib/efi/tcg2.c;
> +  emu = lib/tss2/tcg2_emu.c;
>    enable = efi;
> +  enable = emu;
>    cppflags = '-I$(srcdir)/lib/tss2';
>  };
>
> @@ -2586,6 +2588,7 @@ module = {
>    common = commands/tpm2_key_protector/tpm2key_asn1_tab.c;
>    /* The plaform support of tpm2_key_protector depends on the tcg2 
> implementation in tss2. */
>    enable = efi;
> +  enable = emu;
>    cppflags = '-I$(srcdir)/lib/tss2 -I$(srcdir)/lib/libtasn1-grub';
>  };
>
> diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c
> index 855b11c3d..c10838613 100644
> --- a/grub-core/kern/emu/main.c
> +++ b/grub-core/kern/emu/main.c
> @@ -55,7 +55,7 @@
>  static jmp_buf main_env;
>
>  /* Store the prefix specified by an argument.  */
> -static char *root_dev = NULL, *dir = NULL;
> +static char *root_dev = NULL, *dir = NULL, *tpm_dev = NULL;
>
>  grub_addr_t grub_modbase = 0;
>
> @@ -108,6 +108,7 @@ static struct argp_option options[] = {
>    {"verbose",     'v', 0,      0, N_("print verbose messages."), 0},
>    {"hold",     'H', N_("SECS"),      OPTION_ARG_OPTIONAL, N_("wait until a 
> debugger will attach"), 0},
>    {"kexec",       'X', 0,      0, N_("use kexec to boot Linux kernels via 
> systemctl (pass twice to enable dangerous fallback to non-systemctl)."), 0},
> +  {"tpm-device",  't', N_("DEV"), 0, N_("Set TPM device."), 0},
Again, this has to be documented.

Otherwise patch LGTM...

Daniel

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to