Re: [PATCH 3/7] tss2: Implement grub_tcg2_cap_pcr() for EFI

Tue, 08 Jul 2025 19:05:12 -0700 

On Tue, Jul 08, 2025 at 12:27:09PM -0400, Stefan Berger wrote:
> 
> 
> On 7/8/25 4:31 AM, Gary Lin wrote:
> > This commit implements grub_tcg2_cap_pcr() for EFI by using the UEFI
> > TCG2 protocol, HashLogExtendEvent, to extend the specified PCR with a
> > SEPARATOR event and ensure the event will be recorded properly in the
> 
> EV_SEPARATOR ?
Hmmm I should use EV_SEPARATOR in the whole patch set. I'll update other
patches to use EV_SEPARATOR.

> 
> > TPM event log.
> > 
> > Signed-off-by: Gary Lin <g...@suse.com>
> > ---
> >   grub-core/lib/efi/tcg2.c | 41 ++++++++++++++++++++++++++++++++++++++++
> >   1 file changed, 41 insertions(+)
> > 
> > diff --git a/grub-core/lib/efi/tcg2.c b/grub-core/lib/efi/tcg2.c
> > index 841bf50bb..81f5dea24 100644
> > --- a/grub-core/lib/efi/tcg2.c
> > +++ b/grub-core/lib/efi/tcg2.c
> > @@ -22,6 +22,7 @@
> >   #include <grub/efi/tpm.h>
> >   #include <grub/mm.h>
> > +#include <tss2_types.h>
> >   #include <tcg2.h>
> >   static grub_err_t
> > @@ -141,3 +142,43 @@ grub_tcg2_submit_command (grub_size_t input_size,
> >     return GRUB_ERR_NONE;
> >   }
> > +
> > +grub_err_t
> > +grub_tcg2_cap_pcr (grub_uint8_t pcr)
> > +{
> > +  grub_err_t err;
> > +  grub_efi_status_t status;
> > +  grub_efi_tpm2_protocol_t *protocol;
> > +  EFI_TCG2_EVENT *event;
> > +  grub_uint8_t separator[4] = {0};
> > +
> > +  if (pcr >= TPM_MAX_PCRS)
> > +    return GRUB_ERR_BAD_ARGUMENT;
> > +
> > +  err = tcg2_get_protocol (&protocol);
> > +  if (err != GRUB_ERR_NONE)
> > +    return err;
> > +
> > +  event = grub_zalloc (sizeof (EFI_TCG2_EVENT) + sizeof (separator));
> > +  if (!event)
> > +    return grub_error (GRUB_ERR_OUT_OF_MEMORY,
> > +                  N_("cannot allocate TPM event buffer"));
> > +
> > +  event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
> > +  event->Header.HeaderVersion = 1;
> > +  event->Header.PCRIndex = pcr;
> > +  event->Header.EventType = EV_SEPARATOR;
> > +  event->Size = sizeof (*event) - sizeof (event->Event) + sizeof 
> > (separator);
> > +  grub_memcpy (event->Event, separator, sizeof (separator));
> > +
> > +
> 
> One too many empty lines.
> 
Will fix it in v2.

> > +  status = protocol->hash_log_extend_event (protocol, 0,
> > +                                       (grub_addr_t) separator,
> > +                                       sizeof (separator), event);
> > +  grub_free (event);
> > +
> > +  if (status != GRUB_EFI_SUCCESS)
> > +    return grub_error (GRUB_ERR_BAD_DEVICE, N_("cannot cap PCR %u"), pcr);
> > +
> > +  return GRUB_ERR_NONE;
> > +}
> 
> With nit fixed:
> 
> Reviewed-by: Stefan Berger <stef...@linux.ibm.com>
> 
Thanks!

Gary Lin

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to