From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is now set. Print the existing errors out first, before
pr
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
For TPM 2.0 TSS stack, the TCG2 command sending function is the only
difference between the a QEMU instance and grub-emu. To test TPM key
unsealing with a QEMU instance, it requires an extra OS image to invoke
grub-protect to seal the LUKS key, not only a simple grub-shell rescue
CD image. On the o
From: Daniel Axtens
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these ex
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker cou
On Tue, Jan 16, 2024 at 10:39:45AM -0500, James Bottomley wrote:
> On Tue, 2024-01-16 at 17:20 +0800, Gary Lin via Grub-devel wrote:
> [...]
> > (*1) https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
> > (*2) https://github.com/okirch/pcr-oracle
>
> Just a
> Le mar. 16 janv. 2024, 12:24, Gary Lin via Grub-devel
> a écrit :
>
> > From: Daniel Axtens
> >
> > We don't expect to be able to write ASN.1, only read it,
> > so we can disable some code.
> >
> > Do that with #if 0/#endif, rather than dele
On Wed, Jan 17, 2024 at 05:51:58AM +0300, Vladimir 'phcoder' Serbinenko wrote:
> On Tue, Jan 16, 2024 at 12:23 PM Gary Lin via Grub-devel
> wrote:
> >
> > From: Daniel Axtens
> >
> > Do a few things to make libtasn1 compile as part of grub:
> >
>
the location as long as it works.
Will move the key protector to cryptodisk since it's the only user currently.
Gary Lin
> On Tue, Jan 16, 2024 at 12:22 PM Gary Lin via Grub-devel
> wrote:
> >
> > From: Hernan Gatta
> >
> > A key protector encapsulates functionali
That makes sense and improves the readability. Will update it for v9.
One of the advantages of "#if 0" is the syntax highlighting so that it's
clear which code is disabled. I propose to add a comment like this:
#if 0 /* GRUB SKIPPED IMPORTING */
Gary Lin
>
> Thanks,
>
> Ga
m2 module (added later) registers itself as the key
protector and then cryptodisk calls the specific key protector with
recover_key(). Both modules need a common ground to access the key
protector functions, and kernel is the ideal place.
Gary Lin
> Gary Lin
>
> > On Tue, Jan 16, 2024
There are two system directories for bash-completion scripts. One is
/usr/share/bash-completion/completions and the other is
/etc/bash_completion.d/. The 'etc' scripts are loaded in advance and
for backward compatibility while the 'usr' scripts are loaded on demand.
To load scripts on demand, it re
On Wed, Jan 17, 2024 at 04:13:17PM +0800, Gary Lin wrote:
> On Tue, Jan 16, 2024 at 10:39:45AM -0500, James Bottomley wrote:
> > On Tue, 2024-01-16 at 17:20 +0800, Gary Lin via Grub-devel wrote:
> > [...]
> > > (*1) https://www.hansenpartnership.com/draft-bottomley-tpm2-ke
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
GIT repo for v9: https://github.com/lcp/grub2/tree/tpm2-unlock-v9
This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB2, and this could be a useful feature for the systems to
implement full disk encrypt
This commit handles the TPM2_PolicyAuthorize command from the key file
in TPM 2.0 Key File format.
TPM2_PolicyAuthorize is the essential command to support authorized
policy which allows the users to sign TPM policies with their own keys.
Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuth
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase. However, an error was set indicating that
the protector(s) failed. Later code (e.g., LUKS code) fails as
`grub_errno` is now set. Print the existing errors out first, before
pr
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker cou
From: Daniel Axtens
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these ex
From: Daniel Axtens
Do a few things to make libtasn1 compile as part of grub:
- remove _asn1_strcat and replace strcat with the bound-checked
_asn1_str_cat except the one inside _asn1_str_cat. That strcat is
replaced with strcpy.
- adjust header paths in libtasn1.h
- adjust header pat
For TPM 2.0 TSS stack, the TCG2 command sending function is the only
difference between the a QEMU instance and grub-emu. To test TPM key
unsealing with a QEMU instance, it requires an extra OS image to invoke
grub-protect to seal the LUKS key, not only a simple grub-shell rescue
CD image. On the o
An attacker may insert a malicious disk with the same crypto UUID and
trick grub2 to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wip
This commit implements a few more TPM2 commands as the preparation for
the authorized policy support.
* TPM2_LoadExternal
This command is added to load the external public key to verify the
signed policy digest
* TPM2_HashSequenceStart, TPM2_SequenceUpdate, TPM2_SequenceComplete,
and TPM2_Ha
Add new TPM2 types and structures as the preparation to support
authorized policy.
* New types:
TPM_ALG_ECDAA, TPM_ALG_ECDSA, TPM_ALG_ECSCHNORR, TPM_ALG_RSASSA,
TPM_ALG_RSAPSS, TPM_ALG_SM2, and TPMI_ALG_SIG_SCHEME
* New structures:
TPMS_EMPTY, TPMS_SIGNATURE_RSA, TPMS_SIGNATURE_ECC,
TPMS_
As a preparation to test TPM 2.0 TSS stack with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can share the emulated TPM device with
the host.
Since grub-emu can directly access the device node on host, it's easy to
implement the esse
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub2_protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
---
grub-core/Makefile.core.def| 15 +++
grub-core/lib/libtasn1_wrap/wrap
From: Hernan Gatta
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
compose, submit, and parse TPM commands and responses.
A limited number of TPM commands may be accessed via the EFI TCG2
protocol. This protocol exposes functionality that is primarily geared
toward TPM usa
Add a few more marshal/unmarshal functions to support authorized policy.
* Marshal:
grub_tpm2_mu_TPMU_SENSITIVE_COMPOSITE_Marshal()
grub_tpm2_mu_TPMT_SENSITIVE_Marshal()
grub_tpm2_mu_TPM2B_SENSITIVE_Marshal()
grub_tpm2_mu_TPMS_SIGNATURE_RSA_Marshal()
grub_tpm2_mu_TPMS_SIGNATURE_ECC_Marsh
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
---
docs/grub-dev.texi| 27 ++
...asn1-disable-code-not-needed-in-grub.patch
On Mon, Feb 05, 2024 at 08:48:53AM +, James Bottomley wrote:
> On Mon, 2024-02-05 at 15:27 +0800, Gary Lin via Grub-devel wrote:
> > On Wed, Jan 17, 2024 at 04:13:17PM +0800, Gary Lin wrote:
> > > On Tue, Jan 16, 2024 at 10:39:45AM -0500, James Bottomley wrote:
> > >
On Tue, Oct 01, 2024 at 04:48:34PM +0200, Daniel Kiper wrote:
> On Wed, Sep 18, 2024 at 03:28:44PM +0800, Gary Lin via Grub-devel wrote:
> > On Tue, Sep 17, 2024 at 11:14:33PM -0400, Stefan Berger wrote:
> > > On 9/6/24 5:11 AM, Gary Lin wrote:
> > > > A Trusted
On Fri, Sep 20, 2024 at 09:42:01AM -0400, Stefan Berger wrote:
>
Sorry for my late reply. Just back from vacation.
>
> On 9/20/24 4:16 AM, Gary Lin wrote:
> > On Fri, Sep 13, 2024 at 10:25:14AM -0400, Stefan Berger wrote:
> > >
> > >
>
> > > > +SHA1, SHA256, SHA384, and SHA512, and the defaul
On Thu, Oct 03, 2024 at 05:58:41PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:10:52PM +0800, Gary Lin via Grub-devel wrote:
> > GIT repo for v19: https://github.com/lcp/grub2/tree/tpm2-unlock-v19
> >
> > This patch series is based on "Automatic TPM
On Tue, Oct 01, 2024 at 04:48:34PM +0200, Daniel Kiper wrote:
> On Wed, Sep 18, 2024 at 03:28:44PM +0800, Gary Lin via Grub-devel wrote:
> > On Tue, Sep 17, 2024 at 11:14:33PM -0400, Stefan Berger wrote:
> > > On 9/6/24 5:11 AM, Gary Lin wrote:
> > > > A Trusted
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker coul
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
This commit removes all the headers and only uses asn1_test.h.
To avoid including int.h from grub-core/lib/libtasn1-grub/lib/,
CONST_DOWN is defined in reproducers.c.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...7-asn1_test-include-asn1_test.h-only.patc
strcat() is not available in GRUB. This commit replaces strcat() with
strcpy() in _asn1_str_cat() as the preparation to replace other strcat()
with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...-strcat-with-strcpy-in-
This commit removes the 'verbose' variables and the unnecessary printf()
to simplify the output.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...e-verbose-and-the-unnecessary-printf.patch | 173 ++
1 file changed, 173 insertions(+)
create
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official u
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
strcat() is not available in GRUB. This commit replaces strcat() and
_asn1_strcat() with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...n1-replace-strcat-with-_asn1_str_cat.patch | 71 +++
1 file change
Some testcases use exit() to end the test. Since all the asn1 testcases
are invoked as functions, this commit replaces exit() with return to
reflect the test results, so that the main test function can check the
results.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Ki
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
autogen.sh | 19 +++
grub-core/Makefile.core.def
This commit replaces printf() and fprintf() with grub_printf() to print
the error messages for the testcases. Besides, asn1_strerror() is used
to convert the result code to strings instead of asn1_perror().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...-
Since libtasn1.h is the header to be included by users, including the
standard POSIX headers in libtasn1.h would force the user to add the
CFLAGS/CPPFLAGS for the POSIX headers.
This commit adjusts the header paths to use the grub headers instead of
the standard POSIX headers, so that users only n
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
Reviewed-by: Daniel Kiper
---
docs/grub-dev.texi | 35 +++
1 file changed
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub-protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
A
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
compose and submit TPM commands and parse reponses.
A limited number of TPM commands may be accessed via the EFI TCG2
protocol. This protocol exposes functionality that is primarily geared
toward TPM usage within the context of
Update the user manual to address TPM2 key protector including the two
related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
and the user-space utility: grub-protect.
Signed-off-by: Gary Lin
---
docs/grub.texi | 514 +
1 file chan
An attacker may insert a malicious disk with the same crypto UUID and
trick GRUB to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wipe
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
As the prepartion to support TPM2 Software Stack (TSS2), this commit
implements the TPM2 buffer handling functions to pack data for the TPM2
commands and unpack the data from the response.
Cc: Stefan Berger
Signed-off-by: Hernan Gatta
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
grub
This commit handles the TPM2_PolicyAuthorize command from the key file
in TPM 2.0 Key File format.
TPM2_PolicyAuthorize is the essential command to support authorized
policy which allows the users to sign TPM policies with their own keys.
Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuth
From: Daniel Axtens
Import tests from libtasn1 that use functionality we import.
This test module is integrated into functional_test so that the
user can run the test in grub shell.
This doesn't test the full decoder but that will be exercised in
test suites for coming patch sets.
Add testcase
This commit converts functions and types to the grub-specific ones:
LONG_MAX -> GRUB_LONG_MAX
INT_MAX -> GRUB_INT_MAX
UINT_MAX -> GRUB_UINT_MAX
size_t -> grub_size_t
memcmp() -> grub_memcmp()
memcpy() -> grub_memcpy()
free() -> grub_free()
strcmp() -> grub_strcmp()
Signed-off-by: Daniel Axtens
S
This commit changes the main functions in the testcases to the test
names so that the real 'main' test function can invokes them.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...-the-main-functions-to-the-test-name.patch | 129 ++
1 file ch
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
This commit adds the necessary TPM2 types and structs as the preparation
for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
functions are also added to handle the data structure to be submitted to
TPM2 commands and to be received from the response.
Cc: Stefan Berger
Signed-off-by:
As a preparation to test tpm2_key_protector with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can access an emulated TPM device from
the host.
Since grub-emu can directly access the device on host, it's easy to
implement the essentia
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
For the tpm2_key_protector module, the TCG2 command submission function
is the only difference between a QEMU instance and grub-emu. To test
TPM2 key unsealing with a QEMU instance, it requires an extra OS image
to invoke grub-protect to seal the LUKS key, rather than a simple
grub-shell rescue CD
There is a testcase to test the values larger than 'int' but smaller
than 'long'. However, for some architectures, 'long' and 'int' are the
same, and the compiler may issue a warning like this:
grub-core/tests/asn1/tests/Test_overflow.c:48:50: error: left shift of negative
value [-Werror=shift-ne
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase.
Before requesting the passphrase, the error from the key protector(s)
has to be cleared, or the later code (e.g., LUKS code) may stop as
'grub_errno' is set. This commit print
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these exclusions we also avoid
Replace a 64-bit division with a call to grub_divmod64(), preventing
creation of __udivdi3() calls on 32-bit platforms.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...tasn1-Use-grub_divmod64-for-division.patch | 31 +++
1 file changed, 31
On Wed, Oct 16, 2024 at 06:04:43PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:16PM +0800, Gary Lin via Grub-devel wrote:
> > From: Hernan Gatta
> >
> > To utilize the key protectors framework, there must be a way to protect
> > full-disk encryption k
On Wed, Oct 16, 2024 at 06:19:33PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:21PM +0800, Gary Lin via Grub-devel wrote:
> > When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
> > look like this:
> >
> > tpm2_key_protector_init --tp
On Wed, Oct 16, 2024 at 06:11:49PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:18PM +0800, Gary Lin via Grub-devel wrote:
> > From: Patrick Colp
> >
> > Currently with the TPM2 protector, only SRK mode is supported and
> > NV index support is just a s
On Thu, Oct 17, 2024 at 07:57:11PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:22PM +0800, Gary Lin via Grub-devel wrote:
> > As a preparation to test tpm2_key_protector with grub-emu, the new
> > option, --tpm-device, is introduced to specify the TPM device for
>
On Mon, Oct 21, 2024 at 07:11:00PM -0400, Stefan Berger wrote:
>
>
> On 10/21/24 4:07 AM, Gary Lin wrote:
> > From: Hernan Gatta
> >
> > To utilize the key protectors framework, there must be a way to protect
> > full-disk encryption keys in the first place. The grub-protect tool
> > includes s
On Thu, Oct 24, 2024 at 05:11:00PM +0200, Daniel Kiper wrote:
> On Mon, Oct 21, 2024 at 04:07:03PM +0800, Gary Lin wrote:
> > From: Hernan Gatta
> >
> > To utilize the key protectors framework, there must be a way to protect
> > full-disk encryption keys in the first place. The grub-protect tool
>
On Fri, Oct 25, 2024 at 03:35:11PM +0800, Gary Lin wrote:
> On Thu, Oct 24, 2024 at 05:11:00PM +0200, Daniel Kiper wrote:
> > On Mon, Oct 21, 2024 at 04:07:03PM +0800, Gary Lin wrote:
> > > From: Hernan Gatta
> > >
> > > To utilize the key protectors framework, there must be a way to protect
> > >
On Mon, Nov 04, 2024 at 01:04:56PM -0500, Stefan Berger wrote:
>
>
> On 11/4/24 2:31 AM, Gary Lin wrote:
> > From: Hernan Gatta
> >
> > The TPM2 key protector is a module that enables the automatic retrieval
> > of a fully-encrypted disk's unlocking key from a TPM 2.0.
> >
> > The theory of op
On Mon, Nov 04, 2024 at 01:11:08PM -0500, Stefan Berger wrote:
>
>
> On 11/4/24 2:31 AM, Gary Lin wrote:
> > From: Hernan Gatta
> >
> > To utilize the key protectors framework, there must be a way to protect
> > full-disk encryption keys in the first place. The grub-protect tool
> > includes su
On Tue, Nov 05, 2024 at 10:58:47AM +0800, Gary Lin wrote:
> On Mon, Nov 04, 2024 at 01:20:45PM -0500, Stefan Berger wrote:
> >
> >
> > On 11/4/24 2:31 AM, Gary Lin via Grub-devel wrote:
> > > This commit adds the necessary TPM2 types and structs as the preparati
This commit handles the TPM2_PolicyAuthorize command from the key file
in TPM 2.0 Key File format.
TPM2_PolicyAuthorize is the essential command to support authorized
policy which allows the users to sign TPM policies with their own keys.
Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuth
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
Reviewed-by: Daniel Kiper
---
docs/grub-dev.texi | 35 +++
1 file changed
This commit adds the necessary TPM2 types and structs as the preparation
for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
functions are also added to handle the data structure to be submitted to
TPM2 commands and to be received from the response.
Cc: Stefan Berger
Signed-off-by:
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
For the tpm2_key_protector module, the TCG2 command submission function
is the only difference between a QEMU instance and grub-emu. To test
TPM2 key unsealing with a QEMU instance, it requires an extra OS image
to invoke grub-protect to seal the LUKS key, rather than a simple
grub-shell rescue CD
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official u
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
This commit changes the main functions in the testcases to the test
names so that the real 'main' test function can invokes them.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...-the-main-functions-to-the-test-name.patch | 129 ++
1 file ch
strcat() is not available in GRUB. This commit replaces strcat() with
strcpy() in _asn1_str_cat() as the preparation to replace other strcat()
with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...-strcat-with-strcpy-in-
This commit converts functions and types to the grub-specific ones:
LONG_MAX -> GRUB_LONG_MAX
INT_MAX -> GRUB_INT_MAX
UINT_MAX -> GRUB_UINT_MAX
size_t -> grub_size_t
memcmp() -> grub_memcmp()
memcpy() -> grub_memcpy()
free() -> grub_free()
strcmp() -> grub_strcmp()
Signed-off-by: Daniel Axtens
S
This commit removes all the headers and only uses asn1_test.h.
To avoid including int.h from grub-core/lib/libtasn1-grub/lib/,
CONST_DOWN is defined in reproducers.c.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...7-asn1_test-include-asn1_test.h-only.patc
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these exclusions we also avoid
Update the user manual to address TPM2 key protector including the two
related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
and the user-space utility: grub-protect.
Signed-off-by: Gary Lin
---
docs/grub.texi | 512 +
1 file chan
As the prepartion to support TPM2 Software Stack (TSS2), this commit
implements the TPM2 buffer handling functions to pack data for the TPM2
commands and unpack the data from the response.
Cc: Stefan Berger
Signed-off-by: Hernan Gatta
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
grub
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub-protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
A
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
compose and submit TPM commands and parse reponses.
A limited number of TPM commands may be accessed via the EFI TCG2
protocol. This protocol exposes functionality that is primarily geared
toward TPM usage within the context of
strcat() is not available in GRUB. This commit replaces strcat() and
_asn1_strcat() with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...n1-replace-strcat-with-_asn1_str_cat.patch | 71 +++
1 file change
401 - 500 of 690 matches
Mail list logo
