[PATCH 3/7] tss2: Implement grub_tcg2_cap_pcr() for EFI

Tue, 08 Jul 2025 13:06:15 -0700 

This commit implements grub_tcg2_cap_pcr() for EFI by using the UEFI
TCG2 protocol, HashLogExtendEvent, to extend the specified PCR with a
SEPARATOR event and ensure the event will be recorded properly in the
TPM event log.

Signed-off-by: Gary Lin <g...@suse.com>
---
 grub-core/lib/efi/tcg2.c | 41 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/grub-core/lib/efi/tcg2.c b/grub-core/lib/efi/tcg2.c
index 841bf50bb..81f5dea24 100644
--- a/grub-core/lib/efi/tcg2.c
+++ b/grub-core/lib/efi/tcg2.c
@@ -22,6 +22,7 @@
 #include <grub/efi/tpm.h>
 #include <grub/mm.h>
 
+#include <tss2_types.h>
 #include <tcg2.h>
 
 static grub_err_t
@@ -141,3 +142,43 @@ grub_tcg2_submit_command (grub_size_t input_size,
 
   return GRUB_ERR_NONE;
 }
+
+grub_err_t
+grub_tcg2_cap_pcr (grub_uint8_t pcr)
+{
+  grub_err_t err;
+  grub_efi_status_t status;
+  grub_efi_tpm2_protocol_t *protocol;
+  EFI_TCG2_EVENT *event;
+  grub_uint8_t separator[4] = {0};
+
+  if (pcr >= TPM_MAX_PCRS)
+    return GRUB_ERR_BAD_ARGUMENT;
+
+  err = tcg2_get_protocol (&protocol);
+  if (err != GRUB_ERR_NONE)
+    return err;
+
+  event = grub_zalloc (sizeof (EFI_TCG2_EVENT) + sizeof (separator));
+  if (!event)
+    return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+                      N_("cannot allocate TPM event buffer"));
+
+  event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
+  event->Header.HeaderVersion = 1;
+  event->Header.PCRIndex = pcr;
+  event->Header.EventType = EV_SEPARATOR;
+  event->Size = sizeof (*event) - sizeof (event->Event) + sizeof (separator);
+  grub_memcpy (event->Event, separator, sizeof (separator));
+
+
+  status = protocol->hash_log_extend_event (protocol, 0,
+                                           (grub_addr_t) separator,
+                                           sizeof (separator), event);
+  grub_free (event);
+
+  if (status != GRUB_EFI_SUCCESS)
+    return grub_error (GRUB_ERR_BAD_DEVICE, N_("cannot cap PCR %u"), pcr);
+
+  return GRUB_ERR_NONE;
+}
-- 
2.43.0


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to