On Thu, Feb 08, 2024 at 08:58:43PM +0100, Daniel Kiper wrote:
> Hey,
>
> Adding Patrick...
>
> On Mon, Feb 05, 2024 at 03:39:33PM +0800, Gary Lin wrote:
> > GIT repo for v9: https://github.com/lcp/grub2/tree/tpm2-unlock-v9
> >
> > This patch series is based on "Automatic TPM Disk Unlock"(*1) post
On Thu, Feb 08, 2024 at 08:58:43PM +0100, Daniel Kiper wrote:
> Hey,
>
--8<--
>
> And I have attached the Coverity report. All issues reported there have
> to be fixed. If you cannot fix an issue you have to explain why you
> cannot do that and what is potential impact on the code stability,
> se
On Tue, Mar 12, 2024 at 11:03:17AM +0800, Hyman Huang wrote:
Hi Hyman,
> This patchset aims to supplement James's previous work, please refer to
> the following link for details:
> https://lists.gnu.org/archive/html/grub-devel/2020-12/msg00257.html
>
> The alterations listed below were made in li
On Tue, Mar 12, 2024 at 04:00:02PM +0800, Yong Huang wrote:
> On Tue, Mar 12, 2024 at 3:28 PM Gary Lin wrote:
>
> > On Tue, Mar 12, 2024 at 11:03:17AM +0800, Hyman Huang wrote:
> > Hi Hyman,
> >
> > > This patchset aims to supplement James's previous work, please refer to
> > > the following link
_split_longopt() was the bash-completion private API and removed since
bash-completion 2.12. This commit initializes the bash-completion
general variables with _init_completion() to avoid the potential
'command not found' error.
Although bash-completion 2.12 introduces _comp_initialize() to deprec
On Thu, Apr 04, 2024 at 11:03:47PM +0200, Daniel Kiper wrote:
> On Thu, Mar 07, 2024 at 04:59:05PM +0800, Gary Lin via Grub-devel wrote:
> > On Thu, Feb 08, 2024 at 08:58:43PM +0100, Daniel Kiper wrote:
> > > Hey,
> > >
> > --8<--
> > >
> > &g
From: Daniel Axtens
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these ex
From: Daniel Axtens
Do a few things to make libtasn1 compile as part of grub:
- remove _asn1_strcat and replace strcat with the bound-checked
_asn1_str_cat except the one inside _asn1_str_cat. That strcat is
replaced with strcpy.
- adjust header paths in libtasn1.h
- adjust header pat
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
This commit handles the TPM2_PolicyAuthorize command from the key file
in TPM 2.0 Key File format.
TPM2_PolicyAuthorize is the essential command to support authorized
policy which allows the users to sign TPM policies with their own keys.
Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuth
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
An attacker may insert a malicious disk with the same crypto UUID and
trick grub2 to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wip
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official u
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker cou
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is now set. Print the existing errors out first, before
pr
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
As a preparation to test TPM 2.0 TSS stack with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can share the emulated TPM device with
the host.
Since grub-emu can directly access the device node on host, it's easy to
implement the esse
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
---
grub-core/Makefile.core.def| 15 +++
grub-core/lib/libtasn1_wrap/wrap
For the tpm2 module, the TCG2 command submission function is the only
difference between the a QEMU instance and grub-emu. To test TPM key
unsealing with a QEMU instance, it requires an extra OS image to invoke
grub-protect to seal the LUKS key, rather than a simple grub-shell rescue
CD image. On t
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
---
docs/grub-dev.texi| 28 ++
...asn1-disable-code-not-needed-in-grub.patch
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub2_protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
On Tue, Apr 09, 2024 at 11:32:44AM -0400, Stefan Berger wrote:
>
>
> On 4/9/24 04:30, Gary Lin via Grub-devel wrote:
> > From: Hernan Gatta
> >
> > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > compose, submit, and parse TPM c
On Tue, Apr 09, 2024 at 04:30:32PM +0800, Gary Lin wrote:
> GIT repo for v10: https://github.com/lcp/grub2/tree/tpm2-unlock-v10
>
> This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
> Hernan Gatta to introduce the key protector framework and TPM2 stack
> to GRUB2, and this co
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
From: Daniel Axtens
Do a few things to make libtasn1 compile as part of grub:
- remove _asn1_strcat and replace strcat with the bound-checked
_asn1_str_cat except the one inside _asn1_str_cat. That strcat is
replaced with strcpy.
- adjust header paths in libtasn1.h
- adjust header pat
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official u
From: Daniel Axtens
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these ex
GIT repo for v11: https://github.com/lcp/grub2/tree/tpm2-unlock-v11
This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB2, and this could be a useful feature for the systems to
implement full disk encry
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
---
docs/grub-dev.texi| 28 ++
...asn1-disable-code-not-needed-in-grub.patch
An attacker may insert a malicious disk with the same crypto UUID and
trick grub2 to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wip
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
---
grub-core/Makefile.core.def| 15 +++
grub-core/lib/libtasn1_wrap/wrap
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is now set. Print the existing errors out first, before
pr
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
This commit handles the TPM2_PolicyAuthorize command from the key file
in TPM 2.0 Key File format.
TPM2_PolicyAuthorize is the essential command to support authorized
policy which allows the users to sign TPM policies with their own keys.
Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuth
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub2_protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
As a preparation to test TPM 2.0 TSS stack with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can share the emulated TPM device with
the host.
Since grub-emu can directly access the device node on host, it's easy to
implement the esse
For the tpm2 module, the TCG2 command submission function is the only
difference between the a QEMU instance and grub-emu. To test TPM key
unsealing with a QEMU instance, it requires an extra OS image to invoke
grub-protect to seal the LUKS key, rather than a simple grub-shell rescue
CD image. On t
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker cou
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
On Fri, Apr 12, 2024 at 12:09:36PM -0400, Stefan Berger wrote:
>
>
> On 4/9/24 04:30, Gary Lin via Grub-devel wrote:
> > For the tpm2 module, the TCG2 command submission function is the only
> > difference between the a QEMU instance and grub-emu. To test TPM key
>
On Fri, Apr 12, 2024 at 11:26:48AM -0400, Stefan Berger wrote:
>
>
> On 4/12/24 04:39, Gary Lin wrote:
> > From: Hernan Gatta
> >
> > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > compose, submit, and parse TPM commands and responses.
>
> compose and submit TPM com
On Fri, Apr 12, 2024 at 02:57:42PM -0400, Stefan Berger wrote:
>
>
> On 4/12/24 04:39, Gary Lin via Grub-devel wrote:
> > From: Hernan Gatta
> >
> > The TPM2 key protector is a module that enables the automatic retrieval
> > of a fully-encrypted disk's un
On Fri, Apr 12, 2024 at 04:52:02PM -0400, Stefan Berger wrote:
>
>
> On 4/12/24 04:39, Gary Lin via Grub-devel wrote:
> > From: Hernan Gatta
> >
> > To utilize the key protectors framework, there must be a way to protect
> > full-disk encryption keys in the f
On Fri, Apr 12, 2024 at 12:24:36PM -0400, Stefan Berger wrote:
>
>
> On 4/12/24 04:39, Gary Lin via Grub-devel wrote:
> > GIT repo for v11: https://github.com/lcp/grub2/tree/tpm2-unlock-v11
> >
> > This patch series is based on "Automatic TPM Disk Unlock&qu
On Mon, Apr 15, 2024 at 05:40:53PM +0800, Gary Lin wrote:
> On Fri, Apr 12, 2024 at 04:52:02PM -0400, Stefan Berger wrote:
> >
> >
> > On 4/12/24 04:39, Gary Lin via Grub-devel wrote:
> > > From: Hernan Gatta
> > >
> > > To utilize the key prot
On Mon, Apr 15, 2024 at 10:26:32AM -0400, Stefan Berger wrote:
>
>
> On 4/15/24 05:45, Gary Lin wrote:
> > On Fri, Apr 12, 2024 at 12:24:36PM -0400, Stefan Berger wrote:
> > >
> > >
> > > On 4/12/24 04:39, Gary Lin via Grub-devel wrote:
> > &g
From: Daniel Axtens
Do a few things to make libtasn1 compile as part of grub:
- remove _asn1_strcat and replace strcat with the bound-checked
_asn1_str_cat except the one inside _asn1_str_cat. That strcat is
replaced with strcpy.
- adjust header paths in libtasn1.h
- adjust header pat
From: Daniel Axtens
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these ex
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
---
grub-core/Makefile.core.def| 15 +++
grub-core/lib/libtasn1_wrap/wrap
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
GIT repo for v12: https://github.com/lcp/grub2/tree/tpm2-unlock-v12
This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB2, and this could be a useful feature for the systems to
implement full disk encry
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official u
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker cou
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
---
docs/grub-dev.texi| 28 ++
...asn1-disable-code-not-needed-in-grub.patch
An attacker may insert a malicious disk with the same crypto UUID and
trick grub2 to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wip
This commit handles the TPM2_PolicyAuthorize command from the key file
in TPM 2.0 Key File format.
TPM2_PolicyAuthorize is the essential command to support authorized
policy which allows the users to sign TPM policies with their own keys.
Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuth
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is now set. Print the existing errors out first, before
pr
For the tpm2 module, the TCG2 command submission function is the only
difference between the a QEMU instance and grub-emu. To test TPM key
unsealing with a QEMU instance, it requires an extra OS image to invoke
grub-protect to seal the LUKS key, rather than a simple grub-shell rescue
CD image. On t
As a preparation to test TPM 2.0 TSS stack with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can share the emulated TPM device with
the host.
Since grub-emu can directly access the device node on host, it's easy to
implement the esse
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub2_protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
On Fri, Apr 19, 2024 at 08:23:44AM -0400, James Bottomley wrote:
> On Fri, 2024-04-19 at 16:30 +0800, Gary Lin wrote:
> > TPMKey ::= SEQUENCE {
> > type OBJECT IDENTIFIER
> > emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL
> > policy [1] EXPLICIT SEQUENCE OF TPMPolicy OPTION
On Fri, Apr 19, 2024 at 09:12:00AM -0400, Stefan Berger wrote:
>
>
> On 4/19/24 04:31, Gary Lin via Grub-devel wrote:
> > For the tpm2 module, the TCG2 command submission function is the only
> > difference between the a QEMU instance and grub-emu. To test TPM key
>
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
GIT repo for v13: https://github.com/lcp/grub2/tree/tpm2-unlock-v13
This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB2, and this could be a useful feature for the systems to
implement full disk encry
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
---
grub-core/Makefile.core.def| 15 +++
grub-core/lib/libtasn1_wrap/wrap
From: Daniel Axtens
Do a few things to make libtasn1 compile as part of grub:
- remove _asn1_strcat and replace strcat with the bound-checked
_asn1_str_cat except the one inside _asn1_str_cat. That strcat is
replaced with strcpy.
- adjust header paths in libtasn1.h
- adjust header pat
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is now set. Print the existing errors out first, before
pr
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
---
docs/grub-dev.texi| 28 ++
...asn1-disable-code-not-needed-in-grub.patch
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub2_protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official u
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
As a preparation to test TPM 2.0 TSS stack with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can share the emulated TPM device with
the host.
Since grub-emu can directly access the device node on host, it's easy to
implement the esse
For the tpm2 module, the TCG2 command submission function is the only
difference between the a QEMU instance and grub-emu. To test TPM key
unsealing with a QEMU instance, it requires an extra OS image to invoke
grub-protect to seal the LUKS key, rather than a simple grub-shell rescue
CD image. On t
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker cou
From: Daniel Axtens
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these ex
This commit handles the TPM2_PolicyAuthorize command from the key file
in TPM 2.0 Key File format.
TPM2_PolicyAuthorize is the essential command to support authorized
policy which allows the users to sign TPM policies with their own keys.
Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuth
An attacker may insert a malicious disk with the same crypto UUID and
trick grub2 to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wip
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
On Sat, Apr 27, 2024 at 03:27:57AM -0500, Glenn Washburn wrote:
> On Thu, 25 Apr 2024 16:01:54 +0800
> Gary Lin wrote:
>
> > Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
> > Also add the patches to make libtasn1 compatible with grub code.
> >
> > Signed-off-by: Gary Lin
>
On Fri, Apr 26, 2024 at 05:18:04PM -0500, Glenn Washburn wrote:
> On Thu, 25 Apr 2024 16:02:06 +0800
> Gary Lin wrote:
>
> > For the tpm2 module, the TCG2 command submission function is the only
> > difference between the a QEMU instance and grub-emu. To test TPM key
> > unsealing with a QEMU ins
On Mon, Apr 29, 2024 at 04:10:05PM +0800, Gary Lin wrote:
> On Fri, Apr 26, 2024 at 05:18:04PM -0500, Glenn Washburn wrote:
> > On Thu, 25 Apr 2024 16:02:06 +0800
> > Gary Lin wrote:
> >
> > > For the tpm2 module, the TCG2 command submission function is the only
> > > difference between the a QEM
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
From: Daniel Axtens
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these ex
For the tpm2 module, the TCG2 command submission function is the only
difference between the a QEMU instance and grub-emu. To test TPM key
unsealing with a QEMU instance, it requires an extra OS image to invoke
grub-protect to seal the LUKS key, rather than a simple grub-shell rescue
CD image. On t
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker cou
GIT repo for v14: https://github.com/lcp/grub2/tree/tpm2-unlock-v14
This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB2, and this could be a useful feature for the systems to
implement full disk encry
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
---
grub-core/Makefile.core.def| 15 +++
grub-core/lib/libtasn1_wrap/wrap
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub2_protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
1 - 100 of 664 matches
Mail list logo
