Re: [PATCH v10 00/20] Automatic Disk Unlock with TPM2

[Gary Lin]

On Tue, Apr 09, 2024 at 04:30:32PM +0800, Gary Lin wrote:
> GIT repo for v10: https://github.com/lcp/grub2/tree/tpm2-unlock-v10
> 
> This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
> Hernan Gatta to introduce the key protector framework and TPM2 stack
> to GRUB2, and this could be a useful feature for the systems to
> implement full disk encryption.
> 
-->8--
> 
> v10:
> - Fixing the coverity issues: CID 435775, CID 435771, CID 435770, CID
>   435769, CID 435767, CID 435761
>   https://lists.gnu.org/archive/html/grub-devel/2024-02/txtKIuUb5lf3O.txt
>   - Fixing the potential memory leak (CID 435775)
>   - Removing the unnecessary grub_protect_get_grub_drive_for_file() from
>     util/grub-protect.c (CID 435771)
>   - Using the grub_tpm2_mu_TPM2B_*_Unmarshal functions to unmarshal the
>     TPM2B structs instead of a generic grub_tpm2_mu_TPM2B_Unmarshal
>     (CID 435770)
>   - Fixing Null pointer dereference (CID 435769)
>   - Adding bound checks to grub_tpm2_mu_TPML_DIGEST_Unmarshal()
>     (CID 435767)
>   - Improving the check for the return value of ftell() (CID 435761)
> - Adding a quick fix for CID 435762
> - Removing the empty ending line in tests/asn1_test.in
> - Fixing docs/grub-dev.texi and updating the libtasn1 patches in
>   grub-core/lib/libtasn1-patches/
> - Merging all the TPM2 TSS stack patches into one to reduce the total
>   patch number
> - Switching the default asymmetric algorithm from RSA2048 to
>   TPM_ECC_NIST_P256 for the faster key generation
I forgot to update the help messages to reflect the change.
Will fix the help in v11...

> - Adding the fallback SRK templates to try a few more SRK types in case
>   grub2 failed to associate the sealed key with the SRK in the persistent
>   handle or the default SRK
> - Improving the test script to add tests for the persistent handle and
>   the fallback SRKs

Gary Lin