strcat() is not available in GRUB. This commit replaces strcat() and
_asn1_strcat() with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...n1-replace-strcat-with-_asn1_str_cat.patch | 70 +++
1 file changed, 70 insertions(+)
create
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official u
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
From: Daniel Axtens
Import tests from libtasn1 that use functionality we import.
This test module is integrated into functional_test so that the
user can run the test in grub shell.
This doesn't test the full decoder but that will be exercised in
test suites for coming patch sets.
Add testcase
This commit changes the main functions in the testcases to the test
names so that the real 'main' test function can invokes them.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...-the-main-functions-to-the-test-name.patch | 128 ++
1 file changed, 128 insertions(+)
c
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these exclusions we also avoid
This commit removes the 'verbose' variables and the unnecessary printf()
to simplify the output.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...e-verbose-and-the-unnecessary-printf.patch | 172 ++
1 file changed, 172 insertions(+)
create mode 100644
grub-core/lib/
Some testcases use exit() to end the test. Since all the asn1 testcases
are invoked as functions, this commit replaces exit() with return to
reflect the test results, so that the main test function can check the
results.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...-either-0-or-1
Replace a 64-bit division with a call to grub_divmod64(), preventing
creation of __udivdi3() calls on 32-bit platforms.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...tasn1-Use-grub_divmod64-for-division.patch | 31 +++
1 file changed, 31
strcat() is not available in GRUB. This commit replaces strcat() with
strcpy() in _asn1_str_cat() as the preparation to replace other strcat()
with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...-strcat-with-strcpy-in-_asn1_str_cat.patch | 32 ++
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker cou
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
As the prepartion to support TPM2 Software Stack (TSS2), this commit
implements the TPM2 buffer handling functions to pack data for the TPM2
commands and unpack the data from the response.
Cc: Stefan Berger
Signed-off-by: Hernan Gatta
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
grub
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
Reviewed-by: Daniel Kiper
---
docs/grub-dev.texi | 35 +++
1 file changed
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
compose and submit TPM commands and parse reponses.
A limited number of TPM commands may be accessed via the EFI TCG2
protocol. This protocol exposes functionality that is primarily geared
toward TPM usage within the context of
This commit handles the TPM2_PolicyAuthorize command from the key file
in TPM 2.0 Key File format.
TPM2_PolicyAuthorize is the essential command to support authorized
policy which allows the users to sign TPM policies with their own keys.
Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuth
This commit removes all the headers and only uses asn1_test.h.
To avoid including int.h from grub-core/lib/libtasn1-grub/lib/,
CONST_DOWN is defined in reproducers.c.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...7-asn1_test-include-asn1_test.h-only.patch | 163 ++
As a preparation to test tpm2_key_protector with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can share the emulated TPM device with
the host.
Since grub-emu can directly access the device node on host, it's easy to
implement the ess
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
autogen.sh | 19 +++
grub-core/Makefile.core.def
This commit adds the necessary TPM2 types and structs as the preparation
for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
functions are also added to handle the data structure to be submitted to
TPM2 commands and to be received from the response.
Cc: Stefan Berger
Signed-off-by:
This commit replaces printf() and fprintf() with grub_printf() to print
the error messages for the testcases. Besides, asn1_strerror() is used
to convert the result code to strings instead of asn1_perror().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...-the-error-messages-with-gru
For the tpm2_key_protector module, the TCG2 command submission function
is the only difference between a QEMU instance and grub-emu. To test
TPM2 key unsealing with a QEMU instance, it requires an extra OS image
to invoke grub-protect to seal the LUKS key, rather than a simple
grub-shell rescue CD
Update the user manual to address TPM2 key protector including the two
related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
and the user-space utility: grub-protect.
Signed-off-by: Gary Lin
---
docs/grub.texi | 507 +
1 file chan
Since libtasn1.h is the header to be included by users, including the
standard POSIX headers in libtasn1.h would force the user to add the
CFLAGS/CPPFLAGS for the POSIX headers.
This commit adjusts the header paths to use the grub headers instead of
the standard POSIX headers, so that users only n
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
The '-P' option is introduced to support the key protectors framework.
This commit adds the new option to the GRUB manual.
Signed-off-by: Gary Lin
---
docs/grub.texi | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/docs/grub.texi b/docs/grub.texi
index 2ea6c56d1..3e6f602b
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub2_protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase.
Before requesting the passphrase, the error from the key protector(s)
has to be cleared, or the later code (e.g., LUKS code) may stop as
'grub_errno' is set. This commit print
An attacker may insert a malicious disk with the same crypto UUID and
trick grub2 to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wip
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
This commit converts functions and types to the grub-specific ones:
LONG_MAX -> GRUB_LONG_MAX
INT_MAX -> GRUB_INT_MAX
UINT_MAX -> GRUB_UINT_MAX
size_t -> grub_size_t
memcmp() -> grub_memcmp()
memcpy() -> grub_memcpy()
free() -> grub_free()
strcmp() -> grub_strcmp()
Signed-off-by: Daniel Axtens
S
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
Hi. I propose changing "efi" to "EFI" in grub-mkrescue, because this is needed
for secure boot. Please, apply patch below. Here is why.
First of all, iso9660 file system is case sensitive from GRUB point of view. I.
e. if you have directory named "efi" in iso9660, then GRUB command "ls /EFI"
wi
Hi,
Askar Safin wrote:
> I CC Thomas Schmitt, because my work seems to be related to xorriso.
I checked that grub-mkrescue variables efidir_efi and efidir_efi_boot
are not leading to arguments of the xorriso run.
Insofar this change is transparent from the view of xorriso.
I can confirm that ma
On 06/09/2024 at 15:15, Askar Safin wrote:
While testing this script I noticed this: if I boot from disk (i. e.
using "-drive" Qemu option), then "grub.cfg" is read from ESP, i. e.
FAT. But if I boot from CD (i. e. using "-cdrom" Qemu option), then
"grub.cfg" is read from main .iso partition, i.
35 matches
Mail list logo
