[PATCH v2 6/7] tpm2_key_protector/grub_protect: add noDA parameter in grub_srk_type struct

Sat, 15 Mar 2025 09:43:22 -0700 

Signed-off-by: Yann Diorcet <diorcet.y...@gmail.com>
---
 grub-core/commands/tpm2_key_protector/module.c  | 4 ++++
 grub-core/commands/tpm2_key_protector/tpm2.h    | 1 +
 grub-core/commands/tpm2_key_protector/tpm2srk.c | 2 +-
 util/grub-protect.c                             | 1 +
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/grub-core/commands/tpm2_key_protector/module.c 
b/grub-core/commands/tpm2_key_protector/module.c
index 618cc4d32..4f7b6e95d 100644
--- a/grub-core/commands/tpm2_key_protector/module.c
+++ b/grub-core/commands/tpm2_key_protector/module.c
@@ -413,10 +413,12 @@ tpm2_protector_load_key (const tpm2_protector_context_t 
*ctx,
     {
       .type = TPM_ALG_ECC,
       .detail.ecc_curve = TPM_ECC_NIST_P256,
+      .noDA = true,
     },
     {
       .type = TPM_ALG_RSA,
       .detail.rsa_bits = 2048,
+      .noDA = true,
     },
     {
       .type = TPM_ALG_ERROR,
@@ -858,6 +860,7 @@ tpm2_protector_key_from_buffer (const 
tpm2_protector_context_t *ctx,
          ctx_w = (tpm2_protector_context_t *)ctx;
          ctx_w->srk_type.type = TPM_ALG_RSA;
          ctx_w->srk_type.detail.rsa_bits = 2048;
+         ctx_w->srk_type.noDA = true;
        }
     }
   else
@@ -1125,6 +1128,7 @@ tpm2_protector_check_args (tpm2_protector_context_t *ctx)
     {
       ctx->srk_type.type = TPM_ALG_ECC;
       ctx->srk_type.detail.ecc_curve = TPM_ECC_NIST_P256;
+      ctx->srk_type.noDA = true;
     }
 
   return GRUB_ERR_NONE;
diff --git a/grub-core/commands/tpm2_key_protector/tpm2.h 
b/grub-core/commands/tpm2_key_protector/tpm2.h
index bb86b2e20..1e25a9bdd 100644
--- a/grub-core/commands/tpm2_key_protector/tpm2.h
+++ b/grub-core/commands/tpm2_key_protector/tpm2.h
@@ -40,6 +40,7 @@ struct grub_srk_type
     TPM_KEY_BITS_t rsa_bits;
     TPM_ECC_CURVE_t ecc_curve;
   } detail;
+  bool noDA;
 };
 typedef struct grub_srk_type grub_srk_type_t;
 
diff --git a/grub-core/commands/tpm2_key_protector/tpm2srk.c 
b/grub-core/commands/tpm2_key_protector/tpm2srk.c
index 8eae091ce..7392addda 100644
--- a/grub-core/commands/tpm2_key_protector/tpm2srk.c
+++ b/grub-core/commands/tpm2_key_protector/tpm2srk.c
@@ -69,7 +69,7 @@ tpm2_protector_srk_get (const grub_srk_type_t srk_type,
   inPublic.publicArea.objectAttributes.fixedTPM = 1;
   inPublic.publicArea.objectAttributes.fixedParent = 1;
   inPublic.publicArea.objectAttributes.sensitiveDataOrigin = 1;
-  inPublic.publicArea.objectAttributes.noDA = 1;
+  inPublic.publicArea.objectAttributes.noDA = srk_type.noDA;
 
   if (srk_type.type == TPM_ALG_RSA)
     {
diff --git a/util/grub-protect.c b/util/grub-protect.c
index bda7ec239..d5432adf8 100644
--- a/util/grub-protect.c
+++ b/util/grub-protect.c
@@ -1227,6 +1227,7 @@ protect_tpm2_args_verify (protect_args_t *args)
        {
          args->srk_type.type = TPM_ALG_ECC;
          args->srk_type.detail.ecc_curve = TPM_ECC_NIST_P256;
+         args->srk_type.noDA = true;
        }
 
       if (args->tpm2_bank == TPM_ALG_ERROR)
-- 
2.39.5


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to