[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] tpm: Disable tpm verifier if tpm is not present
|
From: |
Michael Chang |
|
Subject: |
Re: [PATCH] tpm: Disable tpm verifier if tpm is not present |
|
Date: |
Fri, 7 Oct 2022 13:33:35 +0800 |
|
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Thu, Oct 06, 2022 at 03:40:36PM -0400, Stefan Berger wrote:
>
>
> On 9/8/22 00:23, Michael Chang via Grub-devel wrote:
> > This helps to prevent out of memory error when reading large files via
> > disablig
> > tpm device as verifier has to read all content into memory in one chunk to
> > measure the hash and extend to tpm.
> >
> > Signed-off-by: Michael Chang <mchang@suse.com>
> > ---
> > grub-core/commands/efi/tpm.c | 37 ++++++++++++++++++++++++++++++++++++
> > grub-core/commands/tpm.c | 4 ++++
> > include/grub/tpm.h | 1 +
> > 3 files changed, 42 insertions(+)
> >
> > diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
> > index ae09c1bf8b..4f0011f6f5 100644
> > --- a/grub-core/commands/efi/tpm.c
> > +++ b/grub-core/commands/efi/tpm.c
> > @@ -287,3 +287,40 @@ grub_tpm_measure (unsigned char *buf, grub_size_t
> > size, grub_uint8_t pcr,
> > else
> > return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description);
> > }
> > +
> > +int
> > +grub_tpm_present ()
>
> nit: void
I'll fix in next version.
>
> > +{
> > + grub_efi_handle_t tpm_handle;
> > + grub_efi_uint8_t protocol_version;
> > +
> > + if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
> > + return 0;
> > +
> > + if (protocol_version == 1)
> > + {
> > + grub_efi_tpm_protocol_t *tpm;
> > +
> > + tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
> > + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
> > + if (!tpm)
> > + {
> > + grub_dprintf ("tpm", "Cannot open TPM protocol\n");
> > + return 0;
> > + }
> > + return grub_tpm1_present (tpm);
> > + }
> > + else
> > + {
> > + grub_efi_tpm2_protocol_t *tpm;
> > +
> > + tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
> > + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
> > + if (!tpm)
> > + {
> > + grub_dprintf ("tpm", "Cannot open TPM protocol\n");
> > + return 0;
> > + }
> > + return grub_tpm2_present (tpm);
> > + }
> > +}
> > diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
> > index 2052c36eab..cb8ed6b949 100644
> > --- a/grub-core/commands/tpm.c
> > +++ b/grub-core/commands/tpm.c
> > @@ -86,10 +86,14 @@ struct grub_file_verifier grub_tpm_verifier = {
> > GRUB_MOD_INIT (tpm)
> > {
> > + if (!grub_tpm_present())
> > + return;
> > grub_verifier_register (&grub_tpm_verifier);
> > }
> > GRUB_MOD_FINI (tpm)
> > {
> > + if (!grub_tpm_present())
> > + return;
> > grub_verifier_unregister (&grub_tpm_verifier);
> > }
> > diff --git a/include/grub/tpm.h b/include/grub/tpm.h
> > index 5c285cbc52..c19fcbd0a6 100644
> > --- a/include/grub/tpm.h
> > +++ b/include/grub/tpm.h
> > @@ -36,4 +36,5 @@
> > grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size,
> > grub_uint8_t pcr, const char *description);
> > +int grub_tpm_present (void);
> > #endif
>
> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
I will add your Reviewed-by in next version too.
Thanks,
Michael