From: Ross Philipson <ross.philip...@oracle.com>
Replace UEFI tpm measuring command with TPM logging function, allowing the
removal of the tpm command file.
Signed-off-by: Ross Philipson <ross.philip...@oracle.com>
Signed-off-by: Sergii Dmytruk <sergii.dmyt...@3mdeb.com>
---
grub-core/Makefile.core.def | 1 -
grub-core/commands/efi/tpm.c | 2 +-
grub-core/commands/tpm.c | 125 -----------------------------------
include/grub/tpm.h | 2 +
4 files changed, 3 insertions(+), 127 deletions(-)
delete mode 100644 grub-core/commands/tpm.c
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index f70e02e69..adadd1365 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1153,7 +1153,6 @@ module = {
module = {
name = tpm;
- common = commands/tpm.c;
ieee1275 = commands/ieee1275/ibmvtpm.c;
enable = powerpc_ieee1275;
};
diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
index cbac69866..ca7d9bf5d 100644
--- a/grub-core/commands/efi/tpm.c
+++ b/grub-core/commands/efi/tpm.c
@@ -267,7 +267,7 @@ grub_cc_log_event (unsigned char *buf, grub_size_t size,
grub_uint8_t pcr,
}
grub_err_t
-grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
+grub_tpm_log_event (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
const char *description)
{
grub_efi_handle_t tpm_handle;
diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
deleted file mode 100644
index dde74ab83..000000000
--- a/grub-core/commands/tpm.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * GRUB -- GRand Unified Bootloader
- * Copyright (C) 2018 Free Software Foundation, Inc.
- *
- * GRUB is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * GRUB is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
- *
- * Core TPM support code.
- */
-
-#include <grub/err.h>
-#include <grub/i18n.h>
-#include <grub/misc.h>
-#include <grub/mm.h>
-#include <grub/tpm.h>
-#include <grub/term.h>
-#include <grub/verify.h>
-#include <grub/dl.h>
-
-GRUB_MOD_LICENSE ("GPLv3+");
-
-static grub_err_t
-grub_tpm_verify_init (grub_file_t io,
- enum grub_file_type type __attribute__ ((unused)),
- void **context, enum grub_verify_flags *flags)
-{
- *context = io->name;
- *flags |= GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
-
- /*
- * The loopback image is mapped as a disk allowing it to function like
- * a block device. However, we measure files read from the block device
- * not the device itself. For example, we don't measure block devices like
- * hd0 disk directly. This process is crucial to prevent out-of-memory
- * errors as loopback images are inherently large.
- */
- if ((type & GRUB_FILE_TYPE_MASK) == GRUB_FILE_TYPE_LOOPBACK)
- *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
- return GRUB_ERR_NONE;
-}
-
-static grub_err_t
-grub_tpm_verify_write (void *context, void *buf, grub_size_t size)
-{
- grub_err_t status = grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context);
-
- if (status == GRUB_ERR_NONE)
- return GRUB_ERR_NONE;
-
- grub_dprintf ("tpm", "Measuring buffer failed: %d\n", status);
- return grub_is_tpm_fail_fatal () ? status : GRUB_ERR_NONE;
-}
-
-static grub_err_t
-grub_tpm_verify_string (char *str, enum grub_verify_string_type type)
-{
- const char *prefix = NULL;
- char *description;
- grub_err_t status;
-
- switch (type)
- {
- case GRUB_VERIFY_KERNEL_CMDLINE:
- prefix = "kernel_cmdline: ";
- break;
- case GRUB_VERIFY_MODULE_CMDLINE:
- prefix = "module_cmdline: ";
- break;
- case GRUB_VERIFY_COMMAND:
- prefix = "grub_cmd: ";
- break;
- }
- description = grub_malloc (grub_strlen (str) + grub_strlen (prefix) + 1);
- if (!description)
- return grub_errno;
- grub_memcpy (description, prefix, grub_strlen (prefix));
- grub_memcpy (description + grub_strlen (prefix), str,
- grub_strlen (str) + 1);
- status =
- grub_tpm_measure ((unsigned char *) str, grub_strlen (str),
- GRUB_STRING_PCR, description);
- grub_free (description);
- if (status == GRUB_ERR_NONE)
- return GRUB_ERR_NONE;
-
- grub_dprintf ("tpm", "Measuring string %s failed: %d\n", str, status);
- return grub_is_tpm_fail_fatal () ? status : GRUB_ERR_NONE;
-}
-
-struct grub_file_verifier grub_tpm_verifier = {
- .name = "tpm",
- .init = grub_tpm_verify_init,
- .write = grub_tpm_verify_write,
- .verify_string = grub_tpm_verify_string,
-};
-
-GRUB_MOD_INIT (tpm)
-{
- /*
- * Even though this now calls ibmvtpm's grub_tpm_present() from
GRUB_MOD_INIT(),
- * it does seem to call it late enough in the initialization sequence so
- * that whatever discovered "device nodes" before this GRUB_MOD_INIT() is
- * called, enables the ibmvtpm driver to see the device nodes.
- */
- if (!grub_tpm_present())
- return;
- grub_verifier_register (&grub_tpm_verifier);
-}
-
-GRUB_MOD_FINI (tpm)
-{
- if (!grub_tpm_present())
- return;
- grub_verifier_unregister (&grub_tpm_verifier);
-}
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
index d09783dac..c9dfbfb21 100644
--- a/include/grub/tpm.h
+++ b/include/grub/tpm.h
@@ -38,6 +38,8 @@
grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size,
grub_uint8_t pcr, const char *description);
+grub_err_t grub_tpm_log_event (unsigned char *buf, grub_size_t size,
grub_uint8_t pcr,
+ const char *description);
int grub_tpm_present (void);
static inline bool
--
2.47.1
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
