GIT repo for v3: https://github.com/lcp/grub2/tree/tpm2-unlock-v3
This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB2, and this could be a useful feature for the systems to
implement full disk encrypt
From: Daniel Axtens
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these ex
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
From: Daniel Axtens
Do a few things to make libtasn1 compile as part of grub:
- redefine _asn1_strcat. grub removed strcat so replace it with the
appropriate calls to memcpy and strlen. Use this internally where
strcat was used.
- replace c_isdigit with grub_isdigit (and don't import c-
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
grub-core/Makefile.core.def| 15 +++
grub-core/lib/libtasn1_wrap/wrap.c | 26 ++
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
---
docs/grub-dev.texi| 27 ++
...asn1-disable-code-not-needed-in-grub.patch | 311 ++
...tasn1
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
On Tue, Apr 11, 2023 at 4:10 PM Oliver Steffen wrote:
> On Wed, Apr 5, 2023 at 5:57 PM Daniel Kiper wrote:
>
>> On Thu, Mar 30, 2023 at 01:18:13PM +0200, Oliver Steffen wrote:
>> > Add a new configuration drop-in file that loads the bli module and runs
>> > the command if booting on the EFI plat
On Wed, Apr 5, 2023 at 5:57 PM Daniel Kiper wrote:
> On Thu, Mar 30, 2023 at 01:18:13PM +0200, Oliver Steffen wrote:
> > Add a new configuration drop-in file that loads the bli module and runs
> > the command if booting on the EFI platform.
> >
> > Signed-off-by: Oliver Steffen
> > ---
> > Make
12 matches
Mail list logo
