On Thu, 27 Jun 2024 at 12:27, Jan Čermák wrote:
>
> Hi Ard,
>
> sorry, I feel a little ashamed for replying after such a long time but I
> wanted to do some due diligence first and didn't have time (or the Atom
> board around) until now.
>
> > Does your Kconfig have EFI_DISABLE_PCI_DMA enabled by
Reviewed-By: Vladimir Serbinenko
On Fri, Jun 28, 2024 at 2:14 PM Renaud Métrich wrote:
>
> Signed-off-by: Renaud Métrich
> ---
> grub-core/commands/efi/lsefi.c | 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/grub-core/commands/efi/lsefi.c b/grub-core/commands/efi/lsefi.c
> index 7
> + if (protector == NULL || protector->name == NULL || grub_strlen
> (protector->name) == 0)
> +return GRUB_ERR_BAD_ARGUMENT;
> +
Here and in the other places you miss grub_error. Note that the
message in such technical cases should be left untranslated (no N_
mark).
> + if (protector == N
The need to connect looks like an internal implementation detail. Can
we treat it as such and connect when needed automatically rather than
having an extra configuration knob?
On Fri, Jun 28, 2024 at 2:14 PM Renaud Métrich wrote:
>
> When efi.quickboot is enabled on VMWare (which is the default f
Signed-off-by: Renaud Métrich
---
grub-core/commands/efi/lsefi.c | 4
1 file changed, 4 insertions(+)
diff --git a/grub-core/commands/efi/lsefi.c b/grub-core/commands/efi/lsefi.c
index 7b8316d41..bda25a3a9 100644
--- a/grub-core/commands/efi/lsefi.c
+++ b/grub-core/commands/efi/lsefi.c
@@ -
When efi.quickboot is enabled on VMWare (which is the default for
hardware release 16 and later), it may happen that not all EFI devices
are connected. Due to this, browsing the devices in make_devices() just
fails to find devices, in particular disks or partitions for a given
disk.
This typically
An attacker may insert a malicious disk with the same crypto UUID and
trick grub2 to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wip
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker cou
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub2_protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is now set. Print the existing errors out first, before
pr
For the tpm2_key_protector module, the TCG2 command submission function
is the only difference between a QEMU instance and grub-emu. To test
TPM2 key unsealing with a QEMU instance, it requires an extra OS image
to invoke grub-protect to seal the LUKS key, rather than a simple
grub-shell rescue CD
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
As a preparation to test tpm2_key_protector with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can share the emulated TPM device with
the host.
Since grub-emu can directly access the device node on host, it's easy to
implement the ess
From: Daniel Axtens
Import tests from libtasn1 that don't use functionality we don't
import. This test module is integrated into functional_test so that the
user can run the test in grub shell.
This doesn't test the full decoder but that will be exercised in
test suites for coming patch sets.
A
Replace a 64 bit division with a call to grub_divmod64, preventing
creation of __udivdi3 calls on 32 bit platforms.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...tasn1-Use-grub_divmod64-for-division.patch | 30 +++
1 file changed, 30 insertions(+)
create mode 1006
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official u
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
compose and submit TPM commands and parse reponses.
A limited number of TPM commands may be accessed via the EFI TCG2
protocol. This protocol exposes functionality that is primarily geared
toward TPM usage within the context of
Do a few things to make asn1 tests compile as part of grub:
- include asn1_test.h only
- rename the main functions to the test names
- remove 'verbose' and the unnecessary printf()
- print the error messages with grub_printf()
- return either 0 or 1 to reflect the results of the tests
- repla
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these exclusions we also avoid
Use the grub headers instead of the standard POSIX headers.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...djust-the-header-paths-in-libtasn1.h.patch | 32 +++
1 file changed, 32 insertions(+)
create mode 100644
grub-core/lib/libtasn1-patches/0003-libtasn1-adjust-
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
This commit adds the necessary TPM2 types and structs as the preparation
for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
functions are also added to handle the data structure to be submitted to
TPM2 commands and to be received from the response.
Cc: Stefan Berger
Signed-off-by:
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
---
docs/grub-dev.texi | 35 +++
1 file changed, 35 insertions(+)
diff --
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
autogen.sh | 18 ++
grub-core/Makefile.core.def|
As the prepartion to support TPM2 Software Stack (TSS2), this commit
implements the TPM2 buffer handling functions to pack data for the TPM2
commands and unpack the data from the response.
Cc: Stefan Berger
Signed-off-by: Hernan Gatta
Signed-off-by: Gary Lin
---
grub-core/lib/tss2/buffer.c
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
This commit handles the TPM2_PolicyAuthorize command from the key file
in TPM 2.0 Key File format.
TPM2_PolicyAuthorize is the essential command to support authorized
policy which allows the users to sign TPM policies with their own keys.
Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuth
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
Remove _asn1_strcat() and replace strcat() with the bound-checked
_asn1_str_cat() except the one inside _asn1_str_cat(). That strcat
is replaced with strcpy.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...asn1-use-bound-checked-_asn1_str_cat.patch | 85 +++
1 file c
30 matches
Mail list logo
