Replace a 64-bit division with a call to grub_divmod64(), preventing
creation of __udivdi3() calls on 32-bit platforms.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...tasn1-Use-grub_divmod64-for-division.patch | 31 +++
1 file changed, 31
An attacker may insert a malicious disk with the same crypto UUID and
trick GRUB to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wipe
As a preparation to test tpm2_key_protector with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can access an emulated TPM device from
the host.
Since grub-emu can directly access the device on host, it's easy to
implement the essentia
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
autogen.sh | 19 +++
grub-core/Makefile.core.def
This commit removes the 'verbose' variables and the unnecessary printf()
to simplify the output.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...e-verbose-and-the-unnecessary-printf.patch | 173 ++
1 file changed, 173 insertions(+)
create
Since libtasn1.h is the header to be included by users, including the
standard POSIX headers in libtasn1.h would force the user to add the
CFLAGS/CPPFLAGS for the POSIX headers.
This commit adjusts the header paths to use the grub headers instead of
the standard POSIX headers, so that users only n
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
Some testcases use exit() to end the test. Since all the asn1 testcases
are invoked as functions, this commit replaces exit() with return to
reflect the test results, so that the main test function can check the
results.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Ki
This commit replaces printf() and fprintf() with grub_printf() to print
the error messages for the testcases. Besides, asn1_strerror() is used
to convert the result code to strings instead of asn1_perror().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...-
There is a testcase to test the values larger than 'int' but smaller
than 'long'. However, for some architectures, 'long' and 'int' are the
same, and the compiler may issue a warning like this:
grub-core/tests/asn1/tests/Test_overflow.c:48:50: error: left shift of negative
value [-Werror=shift-ne
From: Daniel Axtens
Import tests from libtasn1 that use functionality we import.
This test module is integrated into functional_test so that the
user can run the test in grub shell.
This doesn't test the full decoder but that will be exercised in
test suites for coming patch sets.
Add testcase
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker coul
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase.
Before requesting the passphrase, the error from the key protector(s)
has to be cleared, or the later code (e.g., LUKS code) may stop as
'grub_errno' is set. This commit print
On Mon, Nov 04, 2024 at 01:20:45PM -0500, Stefan Berger wrote:
>
>
> On 11/4/24 2:31 AM, Gary Lin via Grub-devel wrote:
> > This commit adds the necessary TPM2 types and structs as the preparation
> > for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
> &g
On Mon, Nov 04, 2024 at 12:42:19PM -0500, Stefan Berger wrote:
>
>
> On 11/4/24 2:32 AM, Gary Lin via Grub-devel wrote:
> > Update the user manual to address TPM2 key protector including the two
> > related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
&
On Thu, Oct 24, 2024 at 05:51:55PM +0200, Daniel Kiper wrote:
> On Mon, Oct 21, 2024 at 04:07:11PM +0800, Gary Lin wrote:
> > Update the user manual to address TPM2 key protector including the two
> > related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
> > and the user-space uti
GIT repo for v22: https://github.com/lcp/grub2/tree/tpm2-unlock-v22
This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB, and this could be a useful feature for the systems to
implement full disk encryp
This commit replaces printf() and fprintf() with grub_printf() to print
the error messages for the testcases. Besides, asn1_strerror() is used
to convert the result code to strings instead of asn1_perror().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...-
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
This commit changes the main functions in the testcases to the test
names so that the real 'main' test function can invokes them.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...-the-main-functions-to-the-test-name.patch | 129 ++
1 file ch
strcat() is not available in GRUB. This commit replaces strcat() with
strcpy() in _asn1_str_cat() as the preparation to replace other strcat()
with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...-strcat-with-strcpy-in-
strcat() is not available in GRUB. This commit replaces strcat() and
_asn1_strcat() with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...n1-replace-strcat-with-_asn1_str_cat.patch | 71 +++
1 file change
This commit converts functions and types to the grub-specific ones:
LONG_MAX -> GRUB_LONG_MAX
INT_MAX -> GRUB_INT_MAX
UINT_MAX -> GRUB_UINT_MAX
size_t -> grub_size_t
memcmp() -> grub_memcmp()
memcpy() -> grub_memcpy()
free() -> grub_free()
strcmp() -> grub_strcmp()
Signed-off-by: Daniel Axtens
S
Since libtasn1.h is the header to be included by users, including the
standard POSIX headers in libtasn1.h would force the user to add the
CFLAGS/CPPFLAGS for the POSIX headers.
This commit adjusts the header paths to use the grub headers instead of
the standard POSIX headers, so that users only n
As the prepartion to support TPM2 Software Stack (TSS2), this commit
implements the TPM2 buffer handling functions to pack data for the TPM2
commands and unpack the data from the response.
Cc: Stefan Berger
Signed-off-by: Hernan Gatta
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
grub
Replace a 64-bit division with a call to grub_divmod64(), preventing
creation of __udivdi3() calls on 32-bit platforms.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...tasn1-Use-grub_divmod64-for-division.patch | 31 +++
1 file changed, 31
This commit removes all the headers and only uses asn1_test.h.
To avoid including int.h from grub-core/lib/libtasn1-grub/lib/,
CONST_DOWN is defined in reproducers.c.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...7-asn1_test-include-asn1_test.h-only.patc
This commit handles the TPM2_PolicyAuthorize command from the key file
in TPM 2.0 Key File format.
TPM2_PolicyAuthorize is the essential command to support authorized
policy which allows the users to sign TPM policies with their own keys.
Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuth
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
Reviewed-by: Daniel Kiper
---
docs/grub-dev.texi | 35 +++
1 file changed
There is a testcase to test the values larger than 'int' but smaller
than 'long'. However, for some architectures, 'long' and 'int' are the
same, and the compiler may issue a warning like this:
grub-core/tests/asn1/tests/Test_overflow.c:48:50: error: left shift of negative
value [-Werror=shift-ne
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
This commit adds the necessary TPM2 types and structs as the preparation
for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
functions are also added to handle the data structure to be submitted to
TPM2 commands and to be received from the response.
Signed-off-by: Hernan Gatta
Signe
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
compose and submit TPM commands and parse reponses.
A limited number of TPM commands may be accessed via the EFI TCG2
protocol. This protocol exposes functionality that is primarily geared
toward TPM usage within the context of
From: Daniel Axtens
Import tests from libtasn1 that use functionality we import.
This test module is integrated into functional_test so that the
user can run the test in grub shell.
This doesn't test the full decoder but that will be exercised in
test suites for coming patch sets.
Add testcase
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
For the tpm2_key_protector module, the TCG2 command submission function
is the only difference between a QEMU instance and grub-emu. To test
TPM2 key unsealing with a QEMU instance, it requires an extra OS image
to invoke grub-protect to seal the LUKS key, rather than a simple
grub-shell rescue CD
As a preparation to test tpm2_key_protector with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can access an emulated TPM device from
the host.
Since grub-emu can directly access the device on host, it's easy to
implement the essentia
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
autogen.sh | 19 +++
grub-core/Makefile.core.def
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these exclusions we also avoid
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official u
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub-protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
A
This commit removes the 'verbose' variables and the unnecessary printf()
to simplify the output.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...e-verbose-and-the-unnecessary-printf.patch | 173 ++
1 file changed, 173 insertions(+)
create
Some testcases use exit() to end the test. Since all the asn1 testcases
are invoked as functions, this commit replaces exit() with return to
reflect the test results, so that the main test function can check the
results.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Ki
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase.
Before requesting the passphrase, the error from the key protector(s)
has to be cleared, or the later code (e.g., LUKS code) may stop as
'grub_errno' is set. This commit print
An attacker may insert a malicious disk with the same crypto UUID and
trick GRUB to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wipe
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
Update the user manual to address TPM2 key protector including the two
related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
and the user-space utility: grub-protect.
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
docs/grub.texi | 525 +++
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker coul
On Mon, Nov 11, 2024 at 11:39:11AM -0500, Stefan Berger wrote:
>
>
> On 11/11/24 2:45 AM, Gary Lin via Grub-devel wrote:
> > Update the user manual to address TPM2 key protector including the two
> > related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
&
On Tue, Nov 12, 2024 at 01:04:38PM -0500, Stefan Berger wrote:
> The TPM bit fields need to be in reverse order for big endian targets,
> such as ieee1275 PowerPC platforms that run grub in big endian mode.
>
> Signed-off-by: Stefan Berger
Thanks for fixing the endianness of the TPMA structs!
Re
On Thu, Sep 19, 2024 at 11:05:13AM -0400, Stefan Berger wrote:
>
>
> On 9/19/24 3:45 AM, Gary Lin wrote:
> > On Wed, Sep 18, 2024 at 11:22:16AM -0400, Stefan Berger wrote:
> > >
> > >
>
> > > *handle = (TPM_HANDLE_t) num;
> > >
> > How about this change?
> >
> > - return grub_error (GRUB
On Mon, Sep 16, 2024 at 01:42:18PM -0400, Stefan Berger wrote:
>
>
> On 9/15/24 11:35 PM, Gary Lin wrote:
> > On Mon, Sep 16, 2024 at 10:24:03AM +0800, Gary Lin wrote:
> > > On Fri, Sep 13, 2024 at 10:32:39AM -0400, Stefan Berger wrote:
> > > >
> > > >
> > > > On 9/6/24 5:10 AM, Gary Lin wrote:
On Tue, Sep 17, 2024 at 03:23:00PM -0400, Stefan Berger wrote:
>
>
> On 9/16/24 1:42 PM, Stefan Berger wrote:
> >
> >
> > On 9/15/24 11:35 PM, Gary Lin wrote:
> > > On Mon, Sep 16, 2024 at 10:24:03AM +0800, Gary Lin wrote:
> > > > On Fri, Sep 13, 2024 at 10:32:39AM -0400, Stefan Berger wrote:
>
On Tue, Sep 17, 2024 at 11:14:33PM -0400, Stefan Berger wrote:
>
>
> On 9/6/24 5:11 AM, Gary Lin wrote:
> > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > compose and submit TPM commands and parse reponses.
> >
>
> > +static TPM_RC_t
> > +tpm2_submit_command_real (co
On Fri, Sep 13, 2024 at 10:25:14AM -0400, Stefan Berger wrote:
>
>
> On 9/6/24 5:11 AM, Gary Lin wrote:
> > Update the user manual to address TPM2 key protector including the two
> > related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
> > and the user-space utility: grub-prote
On Mon, Sep 16, 2024 at 01:42:18PM -0400, Stefan Berger wrote:
>
>
> On 9/15/24 11:35 PM, Gary Lin wrote:
> > On Mon, Sep 16, 2024 at 10:24:03AM +0800, Gary Lin wrote:
> > > On Fri, Sep 13, 2024 at 10:32:39AM -0400, Stefan Berger wrote:
> > > >
> > > >
> > > > On 9/6/24 5:10 AM, Gary Lin wrote:
On Wed, Sep 18, 2024 at 11:22:16AM -0400, Stefan Berger wrote:
>
>
> On 9/6/24 5:11 AM, Gary Lin via Grub-devel wrote:
> > From: Hernan Gatta
> >
> > The TPM2 key protector is a module that enables the automatic retrieval
> > of a fully-encrypted di
On Wed, Oct 23, 2024 at 03:52:43PM +0200, Daniel Kiper wrote:
> On Mon, Oct 21, 2024 at 04:06:38PM +0800, Gary Lin wrote:
> > GIT repo for v20: https://github.com/lcp/grub2/tree/tpm2-unlock-v20
> >
> > This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
> > Hernan Gatta to intro
On Wed, Oct 23, 2024 at 07:02:20PM +0200, Daniel Kiper wrote:
> On Mon, Oct 21, 2024 at 04:07:01PM +0800, Gary Lin wrote:
> > From: Hernan Gatta
> >
> > The TPM2 key protector is a module that enables the automatic retrieval
> > of a fully-encrypted disk's unlocking key from a TPM 2.0.
> >
> > The
On Wed, Oct 16, 2024 at 05:44:29PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:14PM +0800, Gary Lin via Grub-devel wrote:
> > From: Hernan Gatta
> >
> > The TPM2 key protector is a module that enables the automatic retrieval
> > of a fully-encrypted disk
On Wed, Nov 06, 2024 at 06:48:46PM -0500, Stefan Berger wrote:
>
>
> On 11/4/24 2:32 AM, Gary Lin via Grub-devel wrote:
> > Update the user manual to address TPM2 key protector including the two
> > related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
&
On Tue, Nov 26, 2024 at 03:39:39PM -0500, Stefan Berger wrote:
> This series of patches enables the 'Automatic Disk Unlock with TPM2'
> support for ieee1275 PowerPC platforms. It adds a TCG2 driver for this
> platform, which has the same API as the one for EFI. Further, it adjusts
> the definition
On Thu, Nov 07, 2024 at 12:11:15PM -0500, James Bottomley wrote:
> On Wed, 2024-11-06 at 18:48 -0500, Stefan Berger wrote:
> >
> >
> > On 11/4/24 2:32 AM, Gary Lin via Grub-devel wrote:
> > > Update the user manual to address TPM2 key protector including the
&g
From: Patrick Colp
If a protector is specified, but it fails to unlock the disk, fall back
to asking for the passphrase.
Before requesting the passphrase, the error from the key protector(s)
has to be cleared, or the later code (e.g., LUKS code) may stop as
'grub_errno' is set. This commit print
Update the user manual to address TPM2 key protector including the two
related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
and the user-space utility: grub-protect.
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
Reviewed-by: Stefan Berger
---
docs/grub.texi | 525 +++
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
autogen.sh | 19 +++
grub-core/Makefile.core.def
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
compose and submit TPM commands and parse reponses.
A limited number of TPM commands may be accessed via the EFI TCG2
protocol. This protocol exposes functionality that is primarily geared
toward TPM usage within the context of
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
As a preparation to test tpm2_key_protector with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can access an emulated TPM device from
the host.
Since grub-emu can directly access the device on host, it's easy to
implement the essentia
This commit converts functions and types to the grub-specific ones:
LONG_MAX -> GRUB_LONG_MAX
INT_MAX -> GRUB_INT_MAX
UINT_MAX -> GRUB_UINT_MAX
size_t -> grub_size_t
memcmp() -> grub_memcmp()
memcpy() -> grub_memcpy()
free() -> grub_free()
strcmp() -> grub_strcmp()
Signed-off-by: Daniel Axtens
S
This commit removes all the headers and only uses asn1_test.h.
To avoid including int.h from grub-core/lib/libtasn1-grub/lib/,
CONST_DOWN is defined in reproducers.c.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...7-asn1_test-include-asn1_test.h-only.patc
There is a testcase to test the values larger than 'int' but smaller
than 'long'. However, for some architectures, 'long' and 'int' are the
same, and the compiler may issue a warning like this:
grub-core/tests/asn1/tests/Test_overflow.c:48:50: error: left shift of negative
value [-Werror=shift-ne
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
For the tpm2_key_protector module, the TCG2 command submission function
is the only difference between a QEMU instance and grub-emu. To test
TPM2 key unsealing with a QEMU instance, it requires an extra OS image
to invoke grub-protect to seal the LUKS key, rather than a simple
grub-shell rescue CD
Some testcases use exit() to end the test. Since all the asn1 testcases
are invoked as functions, this commit replaces exit() with return to
reflect the test results, so that the main test function can check the
results.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Ki
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
GIT repo for v23: https://github.com/lcp/grub2/tree/tpm2-unlock-v23
This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB, and this could be a useful feature for the systems to
implement full disk encryp
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these exclusions we also avoid
This commit handles the TPM2_PolicyAuthorize command from the key file
in TPM 2.0 Key File format.
TPM2_PolicyAuthorize is the essential command to support authorized
policy which allows the users to sign TPM policies with their own keys.
Per TPM 2.0 Key File(*1), CommandPolicy for TPM2_PolicyAuth
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
Reviewed-by: Vladimir Serbinenko
Reviewed-by: Daniel Kiper
---
docs/grub-dev.texi | 35 +++
1 file changed
This commit removes the 'verbose' variables and the unnecessary printf()
to simplify the output.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...e-verbose-and-the-unnecessary-printf.patch | 173 ++
1 file changed, 173 insertions(+)
create
strcat() is not available in GRUB. This commit replaces strcat() with
strcpy() in _asn1_str_cat() as the preparation to replace other strcat()
with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...-strcat-with-strcpy-in-
This commit replaces printf() and fprintf() with grub_printf() to print
the error messages for the testcases. Besides, asn1_strerror() is used
to convert the result code to strings instead of asn1_perror().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...-
This commit changes the main functions in the testcases to the test
names so that the real 'main' test function can invokes them.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...-the-main-functions-to-the-test-name.patch | 129 ++
1 file ch
As the prepartion to support TPM2 Software Stack (TSS2), this commit
implements the TPM2 buffer handling functions to pack data for the TPM2
commands and unpack the data from the response.
Cc: Stefan Berger
Signed-off-by: Hernan Gatta
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
grub
strcat() is not available in GRUB. This commit replaces strcat() and
_asn1_strcat() with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...n1-replace-strcat-with-_asn1_str_cat.patch | 71 +++
1 file change
Replace a 64-bit division with a call to grub_divmod64(), preventing
creation of __udivdi3() calls on 32-bit platforms.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
---
...tasn1-Use-grub_divmod64-for-division.patch | 31 +++
1 file changed, 31
From: Patrick Colp
Currently with the TPM2 protector, only SRK mode is supported and
NV index support is just a stub. Implement the NV index option.
Note: This only extends support on the unseal path. grub-protect
has not been updated. tpm2-tools can be used to insert a key into
the NV index.
A
This commit adds the necessary TPM2 types and structs as the preparation
for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
functions are also added to handle the data structure to be submitted to
TPM2 commands and to be received from the response.
Signed-off-by: Hernan Gatta
Signe
From: Daniel Axtens
Import tests from libtasn1 that use functionality we import.
This test module is integrated into functional_test so that the
user can run the test in grub shell.
This doesn't test the full decoder but that will be exercised in
test suites for coming patch sets.
Add testcase
When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
look like this:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub/sealed.tpm
cryptomount -u -P tpm2
search --fs-uuid --set=root
Since the disk search order is based on the order of module loading, the
attacker coul
In _asn1_tag_der(), the first while loop for the long form may end up
with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
in the second while loop. This commit tweaks the conditional check to
avoid producing a too large 'k'.
This is a quick fix and may differ from the official u
Since libtasn1.h is the header to be included by users, including the
standard POSIX headers in libtasn1.h would force the user to add the
CFLAGS/CPPFLAGS for the POSIX headers.
This commit adjusts the header paths to use the grub headers instead of
the standard POSIX headers, so that users only n
An attacker may insert a malicious disk with the same crypto UUID and
trick GRUB to mount the fake root. Even though the key from the key
protector fails to unlock the fake root, it's not wiped out cleanly so
the attacker could dump the memory to retrieve the secret key. To defend
such attack, wipe
Sorry, I forgot to push an updated string before sending this patch.
Will send the updated patch later. Please ignore this one.
Gary Lin
On Tue, Dec 03, 2024 at 04:36:39PM +0800, Gary Lin wrote:
> PCR mismatching is one common cause of TPM key unsealing fail. Since the
> system may be compromised
PCR mismatching is one common cause of TPM key unsealing fail. Since the
system may be compromised, it is not safe to boot into OS to get the PCR
values and TPM eventlog for the further investigation.
To provide some hints, GRUB now dumps PCRs on policy fail, so the user
can check the current PCR
PCR mismatching is one common cause of TPM key unsealing fail. Since the
system may be compromised, it is not safe to boot into OS to get the PCR
values and TPM eventlog for the further investigation.
To provide some hints, GRUB now dumps PCRs on policy fail, so the user
can check the current PCR
501 - 600 of 690 matches
Mail list logo
