On Fri, Jun 28, 2024 at 04:19:07PM +0800, Gary Lin via Grub-devel wrote: > As a preparation to test tpm2_key_protector with grub-emu, the new > option, --tpm-device, is introduced to specify the TPM device for > grub-emu so that grub-emu can share the emulated TPM device with > the host. > > Since grub-emu can directly access the device node on host, it's easy to > implement the essential TCG2 command submission function with the > read/write functions and enable tpm2_key_protector module for grub-emu, > so that we can further test TPM2 key unsealing with grub-emu. > > Signed-off-by: Gary Lin <g...@suse.com> > Reviewed-by: Stefan Berger <stef...@linux.ibm.com> > --- > grub-core/Makefile.core.def | 3 ++ > grub-core/kern/emu/main.c | 11 ++++++- > grub-core/kern/emu/misc.c | 51 +++++++++++++++++++++++++++++++++ > grub-core/lib/tss2/tcg2_emu.c | 54 +++++++++++++++++++++++++++++++++++ > include/grub/emu/misc.h | 5 ++++ > 5 files changed, 123 insertions(+), 1 deletion(-) > create mode 100644 grub-core/lib/tss2/tcg2_emu.c > > diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def > index d54c12574..df07c0f0e 100644 > --- a/grub-core/Makefile.core.def > +++ b/grub-core/Makefile.core.def > @@ -2574,7 +2574,9 @@ module = { > common = lib/tss2/tpm2_cmd.c; > common = lib/tss2/tss2.c; > efi = lib/efi/tcg2.c; > + emu = lib/tss2/tcg2_emu.c; > enable = efi; > + enable = emu; > cppflags = '-I$(srcdir)/lib/tss2'; > }; > > @@ -2586,6 +2588,7 @@ module = { > common = commands/tpm2_key_protector/tpm2key_asn1_tab.c; > /* The plaform support of tpm2_key_protector depends on the tcg2 > implementation in tss2. */ > enable = efi; > + enable = emu; > cppflags = '-I$(srcdir)/lib/tss2 -I$(srcdir)/lib/libtasn1-grub'; > }; > > diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c > index 855b11c3d..c10838613 100644 > --- a/grub-core/kern/emu/main.c > +++ b/grub-core/kern/emu/main.c > @@ -55,7 +55,7 @@ > static jmp_buf main_env; > > /* Store the prefix specified by an argument. */ > -static char *root_dev = NULL, *dir = NULL; > +static char *root_dev = NULL, *dir = NULL, *tpm_dev = NULL; > > grub_addr_t grub_modbase = 0; > > @@ -108,6 +108,7 @@ static struct argp_option options[] = { > {"verbose", 'v', 0, 0, N_("print verbose messages."), 0}, > {"hold", 'H', N_("SECS"), OPTION_ARG_OPTIONAL, N_("wait until a > debugger will attach"), 0}, > {"kexec", 'X', 0, 0, N_("use kexec to boot Linux kernels via > systemctl (pass twice to enable dangerous fallback to non-systemctl)."), 0}, > + {"tpm-device", 't', N_("DEV"), 0, N_("Set TPM device."), 0},
Again, this has to be documented. Otherwise patch LGTM... Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel