On 9/16/24 1:42 PM, Stefan Berger wrote:
On 9/15/24 11:35 PM, Gary Lin wrote:
On Mon, Sep 16, 2024 at 10:24:03AM +0800, Gary Lin wrote:
On Fri, Sep 13, 2024 at 10:32:39AM -0400, Stefan Berger wrote:
On 9/6/24 5:10 AM, Gary Lin wrote:
GIT repo for v19: https://github.com/lcp/grub2/tree/tpm2-unlock-v19
This patch series is based on "Automatic TPM Disk Unlock"(*1)
posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB2, and this could be a useful feature for the systems to
implement full disk encryption.
To support TPM 2.0 Key File format(*2), patch 1~7,9-16 are grabbed
from
Daniel Axtens's "appended signature secure boot support" (*3) to
import
libtasn1 into grub2. Besides, the libtasn1 version is upgraded to
4.19.0 instead of 4.16.0 in the original patch.
I was going to try it out now (on a ppc64 machine) but fail to
configure it.
The configure and build work on tip of master.
git clean -xdf ; ./bootstrap && ./configure --prefix=/usr
[...]
Using python3...
Importing unicode...
Importing libgcrypt...
Importing libtasn1...
cp: cannot stat 'grub-core/lib/libtasn1/lib/*.[ch]': No such file or
directory
That's weird. The second patch, "libtasn1: import libtasn1-4.19.0",
imports the libtasn1 files into grub-core/lib/libtasn1/, and those
source files are supposed to exist when applying the patch mentioned
below.
I'll do a thorough check for that...
I successfully built the patches on a freshly-cloned grub git repo.
Since you mentioned ppc64, I wonder if it's caused by the conflicts with
the PowerPC Secure Boot patches?
I took your series from the mailing list with the b4 tool. For some
reason 02/33 is missing there, maybe because it is too big.
https://lore.kernel.org/grub-devel/20240916033543.gzfture5q4ljuw4b@GaryLaptop/T/#t
I checked out your repo branch and there I can configure but then run
into this issue here:
tests/asn1/tests/Test_overflow.c: In function ‘test_overflow’:
tests/asn1/tests/Test_overflow.c:48:50: error: left shift of negative
value [-Werror=shift-negative-value]
48 | unsigned long num = ((long) GRUB_UINT_MAX) << 2;
| ^~
cc1: all warnings being treated as errors
It's the cast to 'long' that this gcc complains about. If I remove the
cast then it works.
$ gcc --version
gcc (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0
Copyright (C) 2019 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
I got this error when libtasn1 was not installed on the host. Do you
still need libtasn1 installed now that its part of the repo with your
series?
checking for libnvpair.h... no
checking for libzfs_init in -lzfs... no
checking for asn1_write_value in -ltasn1... no
configure: error: grub-protect was explicitly requested but can't be
compiled (need libtasn1 library)
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
