In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official u
Replace a 64 bit division with a call to grub_divmod64, preventing
creation of __udivdi3 calls on 32 bit platforms.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...tasn1-Use-grub_divmod64-for-division.patch | 30 +++
1 file changed, 30 insertions(+)
create mode 1006
From: Daniel Axtens
Import tests from libtasn1 that don't use functionality we don't
import. This test module is integrated into functional_test so that the
user can run the test in grub shell.
This doesn't test the full decoder but that will be exercised in
test suites for coming patch sets.
A
As a preparation to test tpm2_key_protector with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can share the emulated TPM device with
the host.
Since grub-emu can directly access the device node on host, it's easy to
implement the ess
For the tpm2_key_protector module, the TCG2 command submission function
is the only difference between a QEMU instance and grub-emu. To test
TPM2 key unsealing with a QEMU instance, it requires an extra OS image
to invoke grub-protect to seal the LUKS key, rather than a simple
grub-shell rescue CD
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is now set. Print the existing errors out first, before
pr
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub2_protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
An attacker may insert a malicious disk with the same crypto UUID and
trick grub2 to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wip
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker cou
On Fri, Jun 28, 2024 at 02:54:53PM +0300, Vladimir 'phcoder' Serbinenko wrote:
> > + if (protector == NULL || protector->name == NULL || grub_strlen
> > (protector->name) == 0)
> > +return GRUB_ERR_BAD_ARGUMENT;
> > +
> Here and in the other places you miss grub_error. Note that the
> message
On Wed, Aug 14, 2024 at 05:40:08PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:18:47PM +0800, Gary Lin via Grub-devel wrote:
> > Remove _asn1_strcat() and replace strcat() with the bound-checked
> > _asn1_str_cat() except the one inside _asn1_str_cat(). That strcat
>
On Wed, Aug 14, 2024 at 05:41:35PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:18:48PM +0800, Gary Lin via Grub-devel wrote:
> > Use the grub headers instead of the standard POSIX headers.
>
> Again, why?
>
"libtasn1.h" is to be included by users, not on
On Wed, Aug 14, 2024 at 05:46:46PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:18:49PM +0800, Gary Lin via Grub-devel wrote:
> > Replace a 64 bit division with a call to grub_divmod64, preventing
>
> s/64 bit/64-bit/
> s/grub_divmod64/grub_divmod64()/
>
>
On Wed, Aug 14, 2024 at 05:52:14PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:18:51PM +0800, Gary Lin via Grub-devel wrote:
> > Do a few things to make asn1 tests compile as part of grub:
> >
> > - include asn1_test.h only
> >
> > - rename the
On Wed, Aug 14, 2024 at 05:34:52PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:18:43PM +0800, Gary Lin via Grub-devel wrote:
> > GIT repo for v18: https://github.com/lcp/grub2/tree/tpm2-unlock-v18
> >
> > This patch series is based on "Automatic TPM
On Fri, Aug 16, 2024 at 12:41:34PM +0200, Daniel Kiper wrote:
> On Thu, Aug 15, 2024 at 02:18:17PM +0800, Gary Lin wrote:
> > On Wed, Aug 14, 2024 at 05:40:08PM +0200, Daniel Kiper wrote:
> > > On Fri, Jun 28, 2024 at 04:18:47PM +0800, Gary Lin via Grub-devel wrote:
> >
On Fri, Aug 16, 2024 at 12:43:18PM +0200, Daniel Kiper wrote:
> On Thu, Aug 15, 2024 at 02:24:18PM +0800, Gary Lin wrote:
> > On Wed, Aug 14, 2024 at 05:41:35PM +0200, Daniel Kiper wrote:
> > > On Fri, Jun 28, 2024 at 04:18:48PM +0800, Gary Lin via Grub-devel wrote:
> >
On Fri, Aug 16, 2024 at 12:53:36PM +0200, Daniel Kiper wrote:
> On Thu, Aug 15, 2024 at 02:49:34PM +0800, Gary Lin wrote:
> > On Wed, Aug 14, 2024 at 05:52:14PM +0200, Daniel Kiper wrote:
> > > On Fri, Jun 28, 2024 at 04:18:51PM +0800, Gary Lin via Grub-devel wrote:
> > >
On Fri, Aug 16, 2024 at 01:22:39PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:18:53PM +0800, Gary Lin via Grub-devel wrote:
> > From: Daniel Axtens
> >
> > Import tests from libtasn1 that don't use functionality we don't
> > import. This test modu
On Thu, Aug 22, 2024 at 03:21:51PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:18:56PM +0800, Gary Lin via Grub-devel wrote:
> > As the prepartion to support TPM2 Software Stack (TSS2), this commit
> > implements the TPM2 buffer handling functions to pack data for the TP
On Thu, Aug 22, 2024 at 04:03:35PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:18:57PM +0800, Gary Lin via Grub-devel wrote:
> > This commit adds the necessary TPM2 types and structs as the preparation
> > for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarsha
On Thu, Aug 22, 2024 at 04:30:46PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:18:58PM +0800, Gary Lin via Grub-devel wrote:
> > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > compose and submit TPM commands and parse reponses.
> >
&g
On Mon, Aug 26, 2024 at 04:32:16PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:18:59PM +0800, Gary Lin via Grub-devel wrote:
> > From: Hernan Gatta
> >
> > The TPM2 key protector is a module that enables the automatic retrieval
> > of a fully-encrypted disk
On Mon, Aug 26, 2024 at 04:37:33PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:18:43PM +0800, Gary Lin via Grub-devel wrote:
> > GIT repo for v18: https://github.com/lcp/grub2/tree/tpm2-unlock-v18
> >
> > This patch series is based on "Automatic TPM
On Fri, Aug 30, 2024 at 05:49:04PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:19:01PM +0800, Gary Lin via Grub-devel wrote:
> > From: Hernan Gatta
> >
> > To utilize the key protectors framework, there must be a way to protect
> > full-disk encryption k
On Fri, Aug 30, 2024 at 05:55:53PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:19:02PM +0800, Gary Lin via Grub-devel wrote:
> > This commit handles the TPM2_PolicyAuthorize command from the key file
> > in TPM 2.0 Key File format.
> >
> > TPM2_PolicyAuthori
On Fri, Aug 30, 2024 at 06:03:16PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:19:03PM +0800, Gary Lin via Grub-devel wrote:
> > From: Patrick Colp
> >
> > Currently with the TPM2 protector, only SRK mode is supported and
> > NV index support is just a s
On Fri, Aug 30, 2024 at 06:10:28PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:19:04PM +0800, Gary Lin via Grub-devel wrote:
> > From: Patrick Colp
> >
> > If a protector is specified, but it fails to unlock the disk, fall back
> > to asking for the passph
On Fri, Aug 30, 2024 at 06:31:50PM +0200, Daniel Kiper wrote:
> On Fri, Jun 28, 2024 at 04:19:06PM +0800, Gary Lin via Grub-devel wrote:
> > When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
> > look like this:
> >
> > tpm2_key_protector_init --tp
strcat() is not available in GRUB. This commit replaces strcat() and
_asn1_strcat() with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...n1-replace-strcat-with-_asn1_str_cat.patch | 70 +++
1 file changed, 70 insertions(+)
create
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official u
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
From: Daniel Axtens
Import tests from libtasn1 that use functionality we import.
This test module is integrated into functional_test so that the
user can run the test in grub shell.
This doesn't test the full decoder but that will be exercised in
test suites for coming patch sets.
Add testcase
This commit changes the main functions in the testcases to the test
names so that the real 'main' test function can invokes them.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...-the-main-functions-to-the-test-name.patch | 128 ++
1 file changed, 128 insertions(+)
c
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these exclusions we also avoid
This commit removes the 'verbose' variables and the unnecessary printf()
to simplify the output.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...e-verbose-and-the-unnecessary-printf.patch | 172 ++
1 file changed, 172 insertions(+)
create mode 100644
grub-core/lib/
Some testcases use exit() to end the test. Since all the asn1 testcases
are invoked as functions, this commit replaces exit() with return to
reflect the test results, so that the main test function can check the
results.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...-either-0-or-1
Replace a 64-bit division with a call to grub_divmod64(), preventing
creation of __udivdi3() calls on 32-bit platforms.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...tasn1-Use-grub_divmod64-for-division.patch | 31 +++
1 file changed, 31
strcat() is not available in GRUB. This commit replaces strcat() with
strcpy() in _asn1_str_cat() as the preparation to replace other strcat()
with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...-strcat-with-strcpy-in-_asn1_str_cat.patch | 32 ++
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker cou
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
As the prepartion to support TPM2 Software Stack (TSS2), this commit
implements the TPM2 buffer handling functions to pack data for the TPM2
commands and unpack the data from the response.
Cc: Stefan Berger
Signed-off-by: Hernan Gatta
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
grub
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
Reviewed-by: Daniel Kiper
---
docs/grub-dev.texi | 35 +++
1 file changed
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
compose and submit TPM commands and parse reponses.
A limited number of TPM commands may be accessed via the EFI TCG2
protocol. This protocol exposes functionality that is primarily geared
toward TPM usage within the context of
This commit handles the TPM2_PolicyAuthorize command from the key file
in TPM 2.0 Key File format.
TPM2_PolicyAuthorize is the essential command to support authorized
policy which allows the users to sign TPM policies with their own keys.
Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuth
This commit removes all the headers and only uses asn1_test.h.
To avoid including int.h from grub-core/lib/libtasn1-grub/lib/,
CONST_DOWN is defined in reproducers.c.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...7-asn1_test-include-asn1_test.h-only.patch | 163 ++
As a preparation to test tpm2_key_protector with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can share the emulated TPM device with
the host.
Since grub-emu can directly access the device node on host, it's easy to
implement the ess
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
autogen.sh | 19 +++
grub-core/Makefile.core.def
This commit adds the necessary TPM2 types and structs as the preparation
for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
functions are also added to handle the data structure to be submitted to
TPM2 commands and to be received from the response.
Cc: Stefan Berger
Signed-off-by:
This commit replaces printf() and fprintf() with grub_printf() to print
the error messages for the testcases. Besides, asn1_strerror() is used
to convert the result code to strings instead of asn1_perror().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
...-the-error-messages-with-gru
For the tpm2_key_protector module, the TCG2 command submission function
is the only difference between a QEMU instance and grub-emu. To test
TPM2 key unsealing with a QEMU instance, it requires an extra OS image
to invoke grub-protect to seal the LUKS key, rather than a simple
grub-shell rescue CD
Update the user manual to address TPM2 key protector including the two
related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
and the user-space utility: grub-protect.
Signed-off-by: Gary Lin
---
docs/grub.texi | 507 +
1 file chan
Since libtasn1.h is the header to be included by users, including the
standard POSIX headers in libtasn1.h would force the user to add the
CFLAGS/CPPFLAGS for the POSIX headers.
This commit adjusts the header paths to use the grub headers instead of
the standard POSIX headers, so that users only n
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
The '-P' option is introduced to support the key protectors framework.
This commit adds the new option to the GRUB manual.
Signed-off-by: Gary Lin
---
docs/grub.texi | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/docs/grub.texi b/docs/grub.texi
index 2ea6c56d1..3e6f602b
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub2_protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase.
Before requesting the passphrase, the error from the key protector(s)
has to be cleared, or the later code (e.g., LUKS code) may stop as
'grub_errno' is set. This commit print
An attacker may insert a malicious disk with the same crypto UUID and
trick grub2 to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wip
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
This commit converts functions and types to the grub-specific ones:
LONG_MAX -> GRUB_LONG_MAX
INT_MAX -> GRUB_INT_MAX
UINT_MAX -> GRUB_UINT_MAX
size_t -> grub_size_t
memcmp() -> grub_memcmp()
memcpy() -> grub_memcpy()
free() -> grub_free()
strcmp() -> grub_strcmp()
Signed-off-by: Daniel Axtens
S
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
On Fri, Sep 13, 2024 at 10:32:39AM -0400, Stefan Berger wrote:
>
>
> On 9/6/24 5:10 AM, Gary Lin wrote:
> > GIT repo for v19: https://github.com/lcp/grub2/tree/tpm2-unlock-v19
> >
> > This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
> > Hernan Gatta to introduce the key pr
On Mon, Sep 16, 2024 at 10:24:03AM +0800, Gary Lin wrote:
> On Fri, Sep 13, 2024 at 10:32:39AM -0400, Stefan Berger wrote:
> >
> >
> > On 9/6/24 5:10 AM, Gary Lin wrote:
> > > GIT repo for v19: https://github.com/lcp/grub2/tree/tpm2-unlock-v19
> > >
> > > This patch series is based on "Automatic
On Thu, Sep 01, 2022 at 06:44:24PM +0200, Marcel Langner via Grub-devel wrote:
> Hi,
> just subscribed coming from arch forum
> (https://bbs.archlinux.org/viewtopic.php?id=279006) to report slower loading
> of grub after commit 887f98f0d.
> The additional delay is around 20s and happens right after
In preparation for setting the default memory region size based on the
available memory, this patch extracts the logic to get the filtered
memory map from grub_efi_mm_add_regions() so that we can reuse it later.
Signed-off-by: Gary Lin
---
grub-core/kern/efi/mm.c | 53 ++-
The current default heap size (1MB) is too small for some cases and
causes noticeable delays when loading files. This patch series
reimplements the previous heap size setting to allocate a larger
heap to avoid the some possible delays.
Gary Lin (2):
kern/efi/mm: Extract function to get the filte
We currently request 1MB memory as the initial heap and then request
pages on demand. However, it caused some noticeable delays(*) due to the
small heap size. To mitigate the delays, this patch reimplements the
previous heap size: a quarter of the available memory. The setting may
not be ideal but
On Tue, Sep 06, 2022 at 04:22:54PM +0800, Gary Lin via Grub-devel wrote:
> The current default heap size (1MB) is too small for some cases and
> causes noticeable delays when loading files. This patch series
> reimplements the previous heap size setting to allocate a larger
> heap
On Wed, Sep 07, 2022 at 06:21:07PM +0200, Daniel Kiper wrote:
> Adding folks who may be interested in this...
>
> Sorry for delay but I was on vacation...
>
> Somehow related issue was reported here [1]...
>
> On Fri, Sep 02, 2022 at 01:45:28PM +0800, Gary Lin via Grub-de
On Sat, Sep 10, 2022 at 09:33:47AM +0300, jim945 via Grub-devel wrote:
> Hi,
>
> I am compiling grubx64.efi with modulescpio exfat ext2 fat gzio iso9660
> loopback lzopio newc normal ntfs part_gpt part_msdos probe read search tar
> test configfile echo xzio squash4 sfs memdisk
>
> The prefix is s
On Tue, Sep 13, 2022 at 01:49:51AM +0800, Zhang Boyang wrote:
> Hi,
>
> This patch should probably fix the slow loading problem introduced by
> 887f98f0db43 (mm: Allow dynamically requesting additional memory
> regions).
>
> Although I'm not against increasing default heap size, simply increasing
On Tue, Sep 13, 2022 at 11:16:19AM +0800, Gary Lin via Grub-devel wrote:
> On Tue, Sep 13, 2022 at 01:49:51AM +0800, Zhang Boyang wrote:
> > Hi,
> >
> > This patch should probably fix the slow loading problem introduced by
> > 887f98f0db43 (mm: Allow dynamically r
Per "man 5 cpio", the namesize in the cpio header includes the trailing
NULL byte of the pathname and the pathname is followed by NULL bytes, but
the current implementation excludes the trailing NULL byte when making
the newc header plus the pathname. Although make_header() would pad the
pathname s
On Wed, Nov 23, 2022 at 03:44:54PM +0100, Daniel Kiper wrote:
> On Wed, Nov 23, 2022 at 02:40:21PM +0800, Gary Lin via Grub-devel wrote:
> > Per "man 5 cpio", the namesize in the cpio header includes the trailing
> > NULL byte of the pathname and the pathname is followed
Per "man 5 cpio", the namesize in the cpio header includes the trailing
NUL byte of the pathname and the pathname is followed by NUL bytes, but
the current implementation ignores the trailing NUL byte when making
the newc header. Although make_header() tries to pad the pathname string,
the padding
On Tue, Feb 01, 2022 at 05:02:52AM -0800, Hernan Gatta wrote:
> Updates since v1:
>
Hi,
Is there any further progress with this patchset?
I have prototype patchset to support authorized policy and it heavily
rely on the TPM2 stack implemented by this patchset. Would love to see
this patchset in u
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval of a
fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various arguments, most
of which are optional and therefore possess reasonable defaults. On
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key for a
fully-encrypted disk from a specific source. A key protector module registers
itself with the key protectors framework when it is loaded and unregisters when
unloaded. Additionally, a key protector ma
From: Michael Chang
The error "no cryptodisk module can handle this device" may happen even
encrypted disk were correctly formatted and required modules were loaded.
It is casued by missing break to the loop in which cryptodisk modules are
iterated to find the one matching target's disk format.
From: Hernan Gatta
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to compose,
submit, and parse TPM commands and responses.
A limited number of TPM commands may be accessed via the EFI TCG2 protocol. This
protocol exposes functionality that is primarily geared toward TPM usa
Some command parameters should not be NULL. Add the conditional check to
avoid the potential NULL pointer reference.
Besides, for TPM2_StartAuthSession, when 'tpmKey' is 'TPM_RH_NULL', the
size of 'encryptedSalt' must be 0 per "TCG TPM2 Part3 Commands".
Signed-off-by: Gary Lin
---
grub-core/tpm
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -k.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool includes
support for the TPM2 key protector but other protectors that require setup ahead
of time can be supported in the future.
For the
When the caller of TPM2_PCR_Read() passes a valid authorization command,
we should pack it into the 'in' buffer before sending the command.
Signed-off-by: Gary Lin
---
grub-core/tpm2/tpm2.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/grub-core/tpm2/tpm2.c b/grub-core/tpm2/tpm2.c
index
Since the NULL 'encryptedSalt' of 'TPM2_StartAuthSession' is handled as
an empty TPM2B structure, there is no need to declare an empty salt.
As for 'nonceTPM', we don't use in the following TPM2 commands, so we
can safely ignore it.
Signed-off-by: Gary Lin
---
grub-core/tpm2/module.c | 6 ++
Based on the patch from Olaf Kirch
The sealed key is the subject to change and measuring the file into PCR9
makes the prediction of PCR9 value impossible. This commit opens the
file with GRUB_FILE_TYPE_SIGNATURE to avoid the measurement.
Signed-off-by: Gary Lin
---
grub-core/tpm2/module.c | 4
Per "TCG TPM2 Part3 Commands", 'persistentHandle' of TPM2_EvictControl
is in the parameter area, i.e. after the authorization command. Adjust
the order of the arguments to match the spec definition.
Signed-off-by: Gary Lin
---
grub-core/tpm2/tpm2.c | 2 +-
include/grub/tpm2/inte
There are some parameters of TPM2 commmands allowing to be empty such
as 'encryptedSalt' of 'TPM2_StartAuthSession' and 'pcrDigest' of
'TPM2_PolicyPCR'. Instead of forcing the user of those functions to
declare an empty variable, we can just pack a u16 zero to fabricate an
empty variable when the u
Sometimes TPM may return TPM_RC_RETRY for some reason, and the only
thing we can do is to send the command again. To avoid pending in the
while loop indefinitely, just try to send the command 3 times.
Signed-off-by: Gary Lin
---
grub-core/tpm2/tpm2.c | 33 -
1 fil
The arguments, except the buffer, of the marshal functions are the pure
inputs. Also, the TPM2 command parameters are supposed not changed by
the command. Declare those arguments as 'const' so that the compiler can
help to detect the undesired change on those arguments. Besides, when
looking up the
The patch series "Automatic TPM Disk Unlock" posted by Hernan Gatta
introduces the key protector framework and TPM2 stack to GRUB2, and it's
a useful feature for the systems to implement full disk encryption.
However, it seems the development was stalled for a while, and I'd like
to push it forward
On Wed, Feb 22, 2023 at 07:41:38AM -0500, James Bottomley wrote:
> On Wed, 2023-02-22 at 15:00 +0800, Gary Lin via Grub-devel wrote:
> > +GRUB_MOD_INIT (tpm2)
> > +{
> > + grub_tpm2_protector_init_cmd =
> > + grub_register_extcm
On Wed, Feb 22, 2023 at 03:00:44PM +0800, Gary Lin via Grub-devel wrote:
> From: Hernan Gatta
>
> Add a new parameter to cryptomount to support the key protectors framework:
> -k.
> The parameter is used to automatically retrieve a key from specified key
> protectors. Th
On Tue, Feb 28, 2023 at 06:39:22PM +0100, Daniel Kiper wrote:
> On Wed, Feb 22, 2023 at 03:00:40PM +0800, Gary Lin via Grub-devel wrote:
> > The patch series "Automatic TPM Disk Unlock" posted by Hernan Gatta
> > introduces the key protector framework and TPM2 stack to GRU
On Wed, Feb 22, 2023 at 07:41:38AM -0500, James Bottomley wrote:
> On Wed, 2023-02-22 at 15:00 +0800, Gary Lin via Grub-devel wrote:
> > +GRUB_MOD_INIT (tpm2)
> > +{
> > + grub_tpm2_protector_init_cmd =
> > + grub_register_extcm
On Mon, Mar 06, 2023 at 08:20:39AM -0500, James Bottomley wrote:
> On Mon, 2023-03-06 at 14:51 +0800, Gary Lin wrote:
> > On Wed, Feb 22, 2023 at 07:41:38AM -0500, James Bottomley wrote:
> > > On Wed, 2023-02-22 at 15:00 +0800, Gary Lin via Grub-devel wrote:
> >
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
From: Daniel Axtens
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these ex
201 - 300 of 690 matches
Mail list logo
