This commit implements the missing NV index mode support in
'grub-protect'. NV index mode stores the sealed key in the TPM
non-volatile memory (NVRAM) instead of a file. There are two supported
types of TPM handles.
1. Persistent handle (0x8100~0x81FF)
Only the raw format is supported d
Some arm compilers insert 64-bit division into the
code compiled from libgcrypt source and possibly others.
Rether than fighting it, simply provide the function in
question.
Signed-off-by: Vladimir Serbinenko
---
grub-core/kern/arm/compiler-rt.S | 11 +++
include/grub/compiler-rt.h
I understand your frustration and I share it and will try to do as much as
reasonable to decrease amount of carried patches. Rust experiments do not
and should not take over release and patch integration work. They are
independent and effort for rust is minimal. Please put discussion about
topics o
This commit updates the NV index mode section and the grub-protect
section to reflect the recent changes in TPM2 key protector and
grub-protect.
Signed-off-by: Gary Lin
---
docs/grub.texi | 188 +++--
1 file changed, 166 insertions(+), 22 deletions(-)
On Tue, Mar 25, 2025 at 04:37:43PM +0100, Daniel Kiper wrote:
> On Mon, Jan 13, 2025 at 11:07:08AM +0800, Gary Lin wrote:
> > The following TPM 2.0 commands are introduced to tss2 to access the
> > TPM non-volatile memory associated with the NV index handles.
> >
> > - TPM2_NV_DefineSpace
> > - TPM
Signed-off-by: Vladimir Serbinenko
---
autogen.sh | 7 +-
conf/Makefile.common| 4 +-
grub-core/Makefile.core.def | 36 ++-
grub-core/commands/hashsum.c| 2 +-
grub-core/commands/legacycfg.c
Two more NV index test cases are added to test key sealing and
unsealing with the NV index handle 0x100.
Signed-off-by: Gary Lin
---
tests/tpm2_key_protector_test.in | 55 ++--
1 file changed, 39 insertions(+), 16 deletions(-)
diff --git a/tests/tpm2_key_protecto
Signed-off-by: Vladimir Serbinenko
---
.../libgcrypt-patches/03_mpiutil_alloc.patch | 20 ++
.../lib/libgcrypt-patches/03_sexp_free.patch | 37 +++
2 files changed, 57 insertions(+)
create mode 100644 grub-core/lib/libgcrypt-patches/03_mpiutil_alloc.patch
create mode 1
PCR mismatching is one common cause of TPM key unsealing fail. Since the
system may be compromised, it is not safe to boot into OS to get the PCR
values and TPM eventlog for the further investigation.
To provide some hints, GRUB now dumps PCRs on policy fail, so the user
can check the current PCR
Hello GRUB Developers,
I hope this message finds you well. During my work with the GRUB
chainloader command in conjunction with grub-to-bootmgr, I encountered
the error message: "failed to load image." This message lacked
sufficient detail to diagnose the underlying issue.
Upon investigation, I d
Update linux_kernel_params to match the latest upstream (v6.13.77)
version of boot_params. Refactor most things out into structs, as the
Linux kernel does.
"edid_info" should be a struct with "unsigned char dummy[128]" and
"efi_info" should be a struct as well, starting at 0x1c0. However, for
back
On Tue, Apr 01, 2025 at 03:58:55PM +0300, Vladimir Serbinenko wrote:
> This allows us to test purely the integration of the implementation
> of DSA and RSA from libgcrypt without concerning with additional
> code.
>
> Signed-off-by: Vladimir Serbinenko
> ---
> grub-core/tests/dsa_sexp_test.c | 12
Other platforms specify license in platform-specific files but corresponding
code for emu is in kernel, so datetime ends up without license section.
Signed-off-by: Vladimir Serbinenko
---
grub-core/lib/datetime.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/grub-core/lib/datetime.c b
la.pcrel unlike la should work even above 4GiB mark.
Signed-off-by: Vladimir Serbinenko
---
grub-core/kern/loongarch64/efi/startup.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/kern/loongarch64/efi/startup.S
b/grub-core/kern/loongarch64/efi/startup.S
index
14 matches
Mail list logo
