[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v12 00/20] Automatic Disk Unlock with TPM2
|
From: |
Gary Lin |
|
Subject: |
[PATCH v12 00/20] Automatic Disk Unlock with TPM2 |
|
Date: |
Fri, 19 Apr 2024 16:30:44 +0800 |
GIT repo for v12: https://github.com/lcp/grub2/tree/tpm2-unlock-v12
This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB2, and this could be a useful feature for the systems to
implement full disk encryption.
To support TPM 2.0 Key File format(*2), patch 1~5,7 are grabbed from
Daniel Axtens's "appended signature secure boot support" (*3) to import
libtasn1 into grub2. Besides, the libtasn1 version is upgraded to
4.19.0 instead of 4.16.0 in the original patch.
Patch 6 fixes a potential buffer overrun in libtasn1.
(https://gitlab.com/gnutls/libtasn1/-/issues/49)
Patch 8 adds the document for libtasn1 and the steps to upgrade the
library.
Patch 9~13 are Hernan Gatta's patches with the follow-up fixes and
improvements:
- Converting 8 spaces into 1 tab
- Merging the minor build fix from Michael Chang
- Replacing "lu" with "PRIuGRUB_SIZE" for grub_dprintf
- Adding "enable = efi" to the tpm2 module in grub-core/Makefile.core.def
- Rebasing "cryptodisk: Support key protectors" to the git master
- Removing the measurement on the sealed key
- Based on the patch from Olaf Kirch <OKir@suse.com>
- Adjusting the input parameters of TPM2_EvictControl to match the order
in "TCG TPM2 Part3 Commands"
- Declaring the input arguments of TPM2 functions as const
- Resending TPM2 commands on TPM_RC_RETRY
- Adding checks for the parameters of TPM2 commands
- Packing the missing authorization command for TPM2_PCR_Read
- Tweaking the TPM2 command functions to allow some parameters to be
NULL so that we don't have to declare empty variables
- Only enabling grub-protect for "efi" since the TPM2 stack currently
relies on the EFI TCG2 protocol to send TPM2 commands
- Using grub_cpu_to_be*() in the TPM2 stack instead of grub_swap_bytes*()
which may cause problems in big-indian machines
- Changing the short name of "--protector" of "cryptomount" from "-k" to
"-P" to avoid the conflict with "--key-file"
- Supporting TPM 2.0 Key File Format besides the raw sealed key
- Adding the external libtasn1 dependency to grub-protect to write the
TPM 2.0 Key files
- Extending the TPM2 TSS stack to support authorized policy
Patch 14 implements the authorized policy support.
Patch 15 implements the missing NV index mode. (Thanks to Patrick Colp)
Patch 16 improves the 'cryptomount' command to fall back to the
passphrase mode when the key protector fails to unlock the encrypted
partition. (Another patch from Patrick Colp)
Patch 17 and 18 fix the potential security issues spotted by Fabian Vogt.
Patch 19 and 20 implement the TPM key unsealing testcases.
To utilize the TPM2 key protector to unlock the encrypted partition
(sdb1), here are the sample steps:
1. Add an extra random key for LUKS (luks-key)
$ dd if=/dev/urandom of=luks-key bs=1 count=32
$ sudo cryptsetup luksAddKey /dev/sdb1 luks-key --pbkdf=pbkdf2
2. Seal the key
$ sudo grub-protect --action=add \
--protector=tpm2 \
--tpm2key \
--tpm2-keyfile=luks-key \
--tpm2-outfile=/boot/efi/boot/grub2/sealed.tpm
3. Unseal the key with the proper commands in grub.cfg:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u <SDB1_UUID> -P tpm2
(*1) https://lists.gnu.org/archive/html/grub-devel/2022-02/msg00006.html
(*2) https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
(*3) https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00044.html
v12:
- Fixing typos and indentation
- Removing the unused TPM commands: TPM2_HashSequenceStart,
TPM2_SequenceUpdate, and TPM2_SequenceComplete,
- Following the TCG EK templates to set the parameters of SRK
- Removing ECC_BN_P256 and ECC_BN_P638 from the SRK algorithm list since
those two algorithms are not mentioned in the TCG EK templates
- Updating the help messages of the tpm2 module and grub-protect
- Removing the unnecessary NULL checks
- Adding the manpage for grub-protect
- Replacing grub_crypto_hash() with TPM2_Hash() in grub-protect to
support SHA384 PCR banks
- Using 'swtpm chardev' to start swtpm instead of 'swtpm_cuse' since
some distros may not build swtpm with cuse
- Adding a new testcase without specifying the SRK type to test the
default SRK settings
- Amending tpm2_test to remove the duplicate error checking code
- Silencing the tpm2-tools commands in tpm2_test
- Fixing the exit trap of tpm2_test to removing the working directory
on success
v11:
- https://lists.gnu.org/archive/html/grub-devel/2024-04/msg00052.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v11
- Adding the missing default: handlers in grub-core/tpm2/mu.c
- Updating the help messages and commit messages to reflect the change
of the default SRK algorithm (RSA2048 -> ECC_NIST_P256)
- Adding the testcase for the NV index mode
v10:
- https://lists.gnu.org/archive/html/grub-devel/2024-04/msg00019.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v10
- Fixing the coverity issues: CID 435775, CID 435771, CID 435770, CID
435769, CID 435767, CID 435761
https://lists.gnu.org/archive/html/grub-devel/2024-02/txtKIuUb5lf3O.txt
- Fixing the potential memory leak (CID 435775)
- Removing the unnecessary grub_protect_get_grub_drive_for_file() from
util/grub-protect.c (CID 435771)
- Using the grub_tpm2_mu_TPM2B_*_Unmarshal functions to unmarshal the
TPM2B structs instead of a generic grub_tpm2_mu_TPM2B_Unmarshal
(CID 435770)
- Fixing Null pointer dereference (CID 435769)
- Adding bound checks to grub_tpm2_mu_TPML_DIGEST_Unmarshal()
(CID 435767)
- Improving the check for the return value of ftell() (CID 435761)
- Adding a quick fix for CID 435762
- Removing the empty ending line in tests/asn1_test.in
- Fixing docs/grub-dev.texi and updating the libtasn1 patches in
grub-core/lib/libtasn1-patches/
- Merging all the TPM2 TSS stack patches into one to reduce the total
patch number
- Switching the default asymmetric algorithm from RSA2048 to
TPM_ECC_NIST_P256 for the faster key generation
- Adding the fallback SRK templates to try a few more SRK types in case
grub2 failed to associate the sealed key with the SRK in the persistent
handle or the default SRK
- Improving the test script to add tests for the persistent handle and
the fallback SRKs
v9:
- https://lists.gnu.org/archive/html/grub-devel/2024-02/msg00007.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v9
- Introducing c-ctype.h to posix_wrap and implementing strncat
- Adding the descriptive comments to the disabled code in libtasn1
- Replacing strcat with the bound-checked _asn1_str_cat in libtasn1 and
including c-ctype.h directly
- Integrating the asn1 testcases into "functional_test"
- Updating the libtasn1 patches mentioned in the documentation
- Moving the key protector to a module
- Amending configure.ac to enable/disable grub-protect
- Fixing an timeout issue in the tpm2_test script by feeding the config
through stdin
v8:
- https://lists.gnu.org/archive/html/grub-devel/2024-01/msg00013.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v8
- Introducing TPM device support to grub-emu and adding the TPM key
unsealing testcase
v7:
- https://lists.gnu.org/archive/html/grub-devel/2023-11/msg00127.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v7
- Stopping reading SRK from the well-known persistent handle (TPM2_SRK_HANDLE,
i.e. 0x81000001) by default since the persistent handle may be created
by other OS and causes unsealing failure due to SRK mismatching
- The user now has to specify the persistent handle with "--srk"
explicitly.
- Utilizing grub_error() to print more error messages
- Unifying the format of the error messages from TPM2 commands
v6:
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00026.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v6
- Supporting more SRK types than RSA2048 and ECC_NIST_P256
- Documenting SHA512 as the supported PCR bank type in the tpm2
protector
- Removing the redundant error message for grub_tpm2_protector_srk_get()
since it may overwrite the real error message.
- Updating the supported SRK types and PCR bank types in grub-protect
- Removing the unused type: TPM2_ECC_CURVE
v5:
- https://lists.gnu.org/archive/html/grub-devel/2023-08/msg00113.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v5
- Rebasing to the latest git HEAD and improving the commit messages
- Implementing authorized poilcy support
- Implementing NV index mode
- Improving the 'cryptomount' command to fall back to the passphrase
mode when the key protector fails to unlock the encrypted partition
- Fixing the potential security issues
v4:
- https://lists.gnu.org/archive/html/grub-devel/2023-04/msg00104.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v4
- Improving the error condition checks in cryptodisk.c
- Moving the code to unseal with the standalone policy sequence below
the code for authpolicy sequence
- The standalone policy sequence was mistakenly prepended to to the
authpolicy sequence with grub_list_push() while it should be
appended.
- Pushing the error messages from the authpolicy sequence into the
grub_error stack so that we can list all errors from the sequence
- Improving the error messages in the TPM2 protector
- Amending the calculation of the max string lengths of 'Policy',
'CommandCode' and 'CommandPolicy'
- Skipping the error path in grub_tpm2key_get_authpolicy_seq() on
success to avoid freeing the authpolicy sequence
v3:
- https://lists.gnu.org/archive/html/grub-devel/2023-04/msg00055.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v3
- Adding the document for libtasn1
- Improving the error condition checks
ex: "if (!ptr)" ==> "if (ptr == NULL)"
"if (err)" ==> "if (err != GRUB_ERR_NONE)"
"if (rc)" ==> "if (rc != TPM_RC_SUCCESS)"
- Supporting the "TPMPolicy" and "TPMAuthPolicy" sequence in the TPM 2.0
key File
- Refactoring the key recover function to support "TPMPolicy" and
"TPMAuthPolicy" sequence
- Using TPMS_PCR_SELECTION_SelectPCR() to set the PCR bit mask
- Also dropping TPM2_PCR_TO_SELECT() and TPM2_PCR_TO_BIT() which are
not necessary anymore
- Removing the redundant variable, 'crd', from
grub_cryptodisk_scan_device_real()
- Fixing the spaces/tabs in cryptodisk.c
- Fixing the comment format in cryptodisk.h
- Adding the defensive check for "cargs->protectors" in
grub_cryptodisk_scan_device()
- Improving 'grub-protect' for the better support of TPM 2.0 Key File
- Adding more comments
v2:
- https://lists.gnu.org/archive/html/grub-devel/2023-03/msg00094.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v2
v1:
- https://lists.gnu.org/archive/html/grub-devel/2023-02/msg00130.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock
Daniel Axtens (6):
posix_wrap: tweaks in preparation for libtasn1
libtasn1: import libtasn1-4.19.0
libtasn1: disable code not needed in grub
libtasn1: changes for grub compatibility
libtasn1: compile into asn1 module
asn1_test: test module for libtasn1
Gary Lin (7):
libtasn1: fix the potential buffer overrun
libtasn1: Add the documentation
tpm2: Support authorized policy
cryptodisk: wipe out the cached keys from protectors
diskfilter: look up cryptodisk devices first
tpm2: Enable tpm2 module for grub-emu
tests: Add tpm2_test
Hernan Gatta (5):
key_protector: Add key protectors framework
tpm2: Add TPM Software Stack (TSS)
key_protector: Add TPM2 Key Protector
cryptodisk: Support key protectors
util/grub-protect: Add new tool
Patrick Colp (2):
tpm2: Implement NV index
cryptodisk: Fallback to passphrase
.gitignore | 2 +
Makefile.util.def | 37 +
configure.ac | 30 +
docs/grub-dev.texi | 28 +
docs/man/grub-protect.h2m | 4 +
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def | 48 +
grub-core/disk/cryptodisk.c | 183 +-
grub-core/disk/diskfilter.c | 35 +-
grub-core/disk/key_protector.c | 78 +
grub-core/kern/emu/main.c | 11 +-
grub-core/kern/emu/misc.c | 51 +
...asn1-disable-code-not-needed-in-grub.patch | 320 +++
...tasn1-changes-for-grub-compatibility.patch | 135 +
...sn1-fix-the-potential-buffer-overrun.patch | 35 +
grub-core/lib/libtasn1/COPYING | 16 +
grub-core/lib/libtasn1/README.md | 98 +
grub-core/lib/libtasn1/lib/coding.c | 1433 ++++++++++
grub-core/lib/libtasn1/lib/decoding.c | 2503 +++++++++++++++++
grub-core/lib/libtasn1/lib/element.c | 1109 ++++++++
grub-core/lib/libtasn1/lib/element.h | 42 +
grub-core/lib/libtasn1/lib/errors.c | 103 +
grub-core/lib/libtasn1/lib/gstr.c | 74 +
grub-core/lib/libtasn1/lib/gstr.h | 50 +
grub-core/lib/libtasn1/lib/int.h | 220 ++
grub-core/lib/libtasn1/lib/parser_aux.c | 1178 ++++++++
grub-core/lib/libtasn1/lib/parser_aux.h | 172 ++
grub-core/lib/libtasn1/lib/structure.c | 1227 ++++++++
grub-core/lib/libtasn1/lib/structure.h | 46 +
grub-core/lib/libtasn1_wrap/wrap.c | 26 +
grub-core/lib/posix_wrap/c-ctype.h | 114 +
grub-core/lib/posix_wrap/limits.h | 1 +
grub-core/lib/posix_wrap/stdlib.h | 8 +
grub-core/lib/posix_wrap/string.h | 21 +
grub-core/lib/posix_wrap/sys/types.h | 1 +
.../tests/asn1/CVE-2018-1000654-1_asn1_tab.h | 32 +
.../tests/asn1/CVE-2018-1000654-2_asn1_tab.h | 36 +
grub-core/tests/asn1/CVE-2018-1000654.c | 58 +
grub-core/tests/asn1/Test_overflow.c | 134 +
grub-core/tests/asn1/Test_simple.c | 205 ++
grub-core/tests/asn1/Test_strings.c | 142 +
grub-core/tests/asn1/asn1_test.c | 49 +
grub-core/tests/asn1/asn1_test.h | 44 +
grub-core/tests/asn1/object-id-decoding.c | 109 +
grub-core/tests/asn1/object-id-encoding.c | 114 +
grub-core/tests/asn1/octet-string.c | 199 ++
grub-core/tests/asn1/reproducers.c | 80 +
grub-core/tests/lib/functional_test.c | 1 +
grub-core/tpm2/args.c | 179 ++
grub-core/tpm2/buffer.c | 145 +
grub-core/tpm2/module.c | 1318 +++++++++
grub-core/tpm2/mu.c | 1168 ++++++++
grub-core/tpm2/tcg2-emu.c | 52 +
grub-core/tpm2/tcg2.c | 143 +
grub-core/tpm2/tpm2.c | 1048 +++++++
grub-core/tpm2/tpm2key.asn | 31 +
grub-core/tpm2/tpm2key.c | 443 +++
grub-core/tpm2/tpm2key_asn1_tab.c | 41 +
include/grub/cryptodisk.h | 16 +
include/grub/emu/misc.h | 5 +
include/grub/key_protector.h | 46 +
include/grub/libtasn1.h | 657 +++++
include/grub/tpm2/buffer.h | 65 +
include/grub/tpm2/internal/args.h | 51 +
include/grub/tpm2/internal/functions.h | 156 +
include/grub/tpm2/internal/structs.h | 768 +++++
include/grub/tpm2/internal/types.h | 403 +++
include/grub/tpm2/mu.h | 396 +++
include/grub/tpm2/tcg2.h | 34 +
include/grub/tpm2/tpm2.h | 34 +
include/grub/tpm2/tpm2key.h | 83 +
tests/asn1_test.in | 11 +
tests/tpm2_test.in | 311 ++
tests/util/grub-shell.in | 6 +-
util/grub-protect.c | 1378 +++++++++
75 files changed, 19588 insertions(+), 43 deletions(-)
create mode 100644 docs/man/grub-protect.h2m
create mode 100644 grub-core/disk/key_protector.c
create mode 100644
grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
create mode 100644
grub-core/lib/libtasn1-patches/0002-libtasn1-changes-for-grub-compatibility.patch
create mode 100644
grub-core/lib/libtasn1-patches/0003-libtasn1-fix-the-potential-buffer-overrun.patch
create mode 100644 grub-core/lib/libtasn1/COPYING
create mode 100644 grub-core/lib/libtasn1/README.md
create mode 100644 grub-core/lib/libtasn1/lib/coding.c
create mode 100644 grub-core/lib/libtasn1/lib/decoding.c
create mode 100644 grub-core/lib/libtasn1/lib/element.c
create mode 100644 grub-core/lib/libtasn1/lib/element.h
create mode 100644 grub-core/lib/libtasn1/lib/errors.c
create mode 100644 grub-core/lib/libtasn1/lib/gstr.c
create mode 100644 grub-core/lib/libtasn1/lib/gstr.h
create mode 100644 grub-core/lib/libtasn1/lib/int.h
create mode 100644 grub-core/lib/libtasn1/lib/parser_aux.c
create mode 100644 grub-core/lib/libtasn1/lib/parser_aux.h
create mode 100644 grub-core/lib/libtasn1/lib/structure.c
create mode 100644 grub-core/lib/libtasn1/lib/structure.h
create mode 100644 grub-core/lib/libtasn1_wrap/wrap.c
create mode 100644 grub-core/lib/posix_wrap/c-ctype.h
create mode 100644 grub-core/tests/asn1/CVE-2018-1000654-1_asn1_tab.h
create mode 100644 grub-core/tests/asn1/CVE-2018-1000654-2_asn1_tab.h
create mode 100644 grub-core/tests/asn1/CVE-2018-1000654.c
create mode 100644 grub-core/tests/asn1/Test_overflow.c
create mode 100644 grub-core/tests/asn1/Test_simple.c
create mode 100644 grub-core/tests/asn1/Test_strings.c
create mode 100644 grub-core/tests/asn1/asn1_test.c
create mode 100644 grub-core/tests/asn1/asn1_test.h
create mode 100644 grub-core/tests/asn1/object-id-decoding.c
create mode 100644 grub-core/tests/asn1/object-id-encoding.c
create mode 100644 grub-core/tests/asn1/octet-string.c
create mode 100644 grub-core/tests/asn1/reproducers.c
create mode 100644 grub-core/tpm2/args.c
create mode 100644 grub-core/tpm2/buffer.c
create mode 100644 grub-core/tpm2/module.c
create mode 100644 grub-core/tpm2/mu.c
create mode 100644 grub-core/tpm2/tcg2-emu.c
create mode 100644 grub-core/tpm2/tcg2.c
create mode 100644 grub-core/tpm2/tpm2.c
create mode 100644 grub-core/tpm2/tpm2key.asn
create mode 100644 grub-core/tpm2/tpm2key.c
create mode 100644 grub-core/tpm2/tpm2key_asn1_tab.c
create mode 100644 include/grub/key_protector.h
create mode 100644 include/grub/libtasn1.h
create mode 100644 include/grub/tpm2/buffer.h
create mode 100644 include/grub/tpm2/internal/args.h
create mode 100644 include/grub/tpm2/internal/functions.h
create mode 100644 include/grub/tpm2/internal/structs.h
create mode 100644 include/grub/tpm2/internal/types.h
create mode 100644 include/grub/tpm2/mu.h
create mode 100644 include/grub/tpm2/tcg2.h
create mode 100644 include/grub/tpm2/tpm2.h
create mode 100644 include/grub/tpm2/tpm2key.h
create mode 100644 tests/asn1_test.in
create mode 100644 tests/tpm2_test.in
create mode 100644 util/grub-protect.c
Range-diff against v11:
1: c1343113c = 1: c6a7b2a55 posix_wrap: tweaks in preparation for libtasn1
2: 1c60bdbbe = 2: c2dfb28d9 libtasn1: import libtasn1-4.19.0
3: 715f65934 = 3: f5c15acce libtasn1: disable code not needed in grub
4: d13793c21 = 4: 60cf41fa3 libtasn1: changes for grub compatibility
5: 8f7c3c3b2 = 5: ce32406ca libtasn1: fix the potential buffer overrun
6: 8515ccc24 = 6: 6410e21d8 libtasn1: compile into asn1 module
7: 24c129e64 = 7: a94e1b32c asn1_test: test module for libtasn1
8: 7a1aced55 = 8: 0e6041be0 libtasn1: Add the documentation
9: 957b048f2 ! 9: 386e4c04b key_protector: Add key protectors framework
@@ Commit message
Cc: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
## grub-core/Makefile.am ##
@@ grub-core/Makefile.am: endif
@@ grub-core/disk/key_protector.c (new)
+grub_err_t
+grub_key_protector_register (struct grub_key_protector *protector)
+{
-+ if (protector == NULL || protector->name == NULL ||
grub_strlen(protector->name) == 0)
++ if (protector == NULL || protector->name == NULL || grub_strlen
(protector->name) == 0)
+ return GRUB_ERR_BAD_ARGUMENT;
+
+ if (grub_key_protectors &&
10: cbeaf8472 ! 10: ba40ad414 tpm2: Add TPM Software Stack (TSS)
@@ Commit message
tpm2: Add TPM Software Stack (TSS)
A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
- compose, submit, and parse TPM commands and responses.
+ compose and submit TPM commands and parse reponses.
A limited number of TPM commands may be accessed via the EFI TCG2
protocol. This protocol exposes functionality that is primarily geared
@@ Commit message
Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
- TPM2_LoadExternal, TPM2_HashSequenceStart, TPM2_SequenceUpdate,
- TPM2_SequenceComplete, TPM2_Hash, TPM2_VerifySignature,
+ TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature,
TPM2_PolicyAuthorize, TPM2_TestParms
Cc: Stefan Berger <stefanb@linux.ibm.com>
@@ grub-core/tpm2/tpm2.c (new)
+}
+
+TPM_RC
-+TPM2_HashSequenceStart (const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_AUTH *auth,
-+ const TPMI_ALG_HASH hashAlg,
-+ TPMI_DH_OBJECT *sequenceHandle,
-+ TPMS_AUTH_RESPONSE *authResponse)
-+{
-+ struct grub_tpm2_buffer in;
-+ struct grub_tpm2_buffer out;
-+ TPMI_DH_OBJECT sequenceHandleTmp;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
-+ TPM_RC rc;
-+ grub_uint32_t parameterSize;
-+
-+ if (!auth)
-+ return TPM_RC_VALUE;
-+
-+ if (!sequenceHandle)
-+ sequenceHandle = &sequenceHandleTmp;
-+ if (!authResponse)
-+ authResponse = &authResponseTmp;
-+
-+ grub_memset (sequenceHandle, 0, sizeof (*sequenceHandle));
-+ grub_memset (authResponse, 0, sizeof (*authResponse));
-+
-+ /* Marshal */
-+ grub_tpm2_buffer_init (&in);
-+ if (authCommand)
-+ grub_tpm2_mu_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
-+ grub_tpm2_mu_TPM2B_Marshal (&in, auth->size, auth->buffer);
-+ grub_tpm2_buffer_pack_u16 (&in, hashAlg);
-+ if (in.error)
-+ return TPM_RC_FAILURE;
-+
-+ /* Submit */
-+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_HashSequenceStart,
&responseCode, &in,
-+ &out);
-+ if (rc != TPM_RC_SUCCESS)
-+ return rc;
-+ if (responseCode != TPM_RC_SUCCESS)
-+ return responseCode;
-+
-+ /* Unmarshal */
-+ grub_tpm2_buffer_unpack_u32 (&out, sequenceHandle);
-+ if (tag == TPM_ST_SESSIONS)
-+ {
-+ grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize);
-+ grub_tpm2_mu_TPMS_AUTH_RESPONSE_Unmarshal(&out, authResponse);
-+ }
-+ if (out.error)
-+ return TPM_RC_FAILURE;
-+
-+ return TPM_RC_SUCCESS;
-+}
-+
-+TPM_RC
-+TPM2_SequenceUpdate (const TPMI_DH_OBJECT sequenceHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_MAX_BUFFER *buffer,
-+ TPMS_AUTH_RESPONSE *authResponse)
-+{
-+ struct grub_tpm2_buffer in;
-+ struct grub_tpm2_buffer out;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPM_RC responseCode;
-+ TPM_RC rc;
-+ grub_uint32_t parameterSize;
-+
-+ if (!authCommand)
-+ return TPM_RC_VALUE;
-+
-+ if (!authResponse)
-+ authResponse = &authResponseTmp;
-+
-+ grub_memset (authResponse, 0, sizeof (*authResponse));
-+
-+ /* Marshal */
-+ grub_tpm2_buffer_init (&in);
-+ grub_tpm2_buffer_pack_u32 (&in, sequenceHandle);
-+ grub_tpm2_mu_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
-+ if (buffer)
-+ grub_tpm2_mu_TPM2B_Marshal (&in, buffer->size, buffer->buffer);
-+ else
-+ grub_tpm2_buffer_pack_u16 (&in, 0);
-+ if (in.error)
-+ return TPM_RC_FAILURE;
-+
-+ /* Submit */
-+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (TPM_ST_SESSIONS, TPM_CC_SequenceUpdate,
-+ &responseCode, &in, &out);
-+ if (rc != TPM_RC_SUCCESS)
-+ return rc;
-+ if (responseCode != TPM_RC_SUCCESS)
-+ return responseCode;
-+
-+ /* Unmarshal */
-+ grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize);
-+ grub_tpm2_mu_TPMS_AUTH_RESPONSE_Unmarshal(&out, authResponse);
-+ if (out.error)
-+ return TPM_RC_FAILURE;
-+
-+ return TPM_RC_SUCCESS;
-+}
-+
-+TPM_RC
-+TPM2_SequenceComplete (const TPMI_DH_OBJECT sequenceHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_MAX_BUFFER *buffer,
-+ const TPMI_RH_HIERARCHY hierarchy,
-+ TPM2B_DIGEST *result,
-+ TPMT_TK_HASHCHECK *validation,
-+ TPMS_AUTH_RESPONSE *authResponse)
-+{
-+ struct grub_tpm2_buffer in;
-+ struct grub_tpm2_buffer out;
-+ TPM2B_DIGEST resultTmp;
-+ TPMT_TK_HASHCHECK validationTmp;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPM_RC responseCode;
-+ TPM_RC rc;
-+ grub_uint32_t parameterSize;
-+
-+ if (!authCommand)
-+ return TPM_RC_VALUE;
-+
-+ if (!result)
-+ result = &resultTmp;
-+ if (!validation)
-+ validation = &validationTmp;
-+ if (!authResponse)
-+ authResponse = &authResponseTmp;
-+
-+ grub_memset (result, 0, sizeof (*result));
-+ grub_memset (validation, 0, sizeof (*validation));
-+ grub_memset (authResponse, 0, sizeof (*authResponse));
-+
-+ /* Marshal */
-+ grub_tpm2_buffer_init (&in);
-+ grub_tpm2_buffer_pack_u32 (&in, sequenceHandle);
-+ grub_tpm2_mu_TPMS_AUTH_COMMAND_Marshal (&in, authCommand);
-+ if (buffer)
-+ grub_tpm2_mu_TPM2B_Marshal (&in, buffer->size, buffer->buffer);
-+ else
-+ grub_tpm2_buffer_pack_u16 (&in, 0);
-+ grub_tpm2_buffer_pack_u32 (&in, hierarchy);
-+
-+ if (in.error)
-+ return TPM_RC_FAILURE;
-+
-+ /* Submit */
-+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (TPM_ST_SESSIONS, TPM_CC_SequenceComplete,
-+ &responseCode, &in, &out);
-+ if (rc != TPM_RC_SUCCESS)
-+ return rc;
-+ if (responseCode != TPM_RC_SUCCESS)
-+ return responseCode;
-+
-+ /* Unmarshal */
-+ grub_tpm2_buffer_unpack_u32 (&out, ¶meterSize);
-+ grub_tpm2_mu_TPM2B_DIGEST_Unmarshal (&out, result);
-+ grub_tpm2_mu_TPMT_TK_HASHCHECK_Unmarshal (&out, validation);
-+ grub_tpm2_mu_TPMS_AUTH_RESPONSE_Unmarshal(&out, authResponse);
-+ if (out.error)
-+ return TPM_RC_FAILURE;
-+
-+ return TPM_RC_SUCCESS;
-+}
-+
-+TPM_RC
+TPM2_Hash (const TPMS_AUTH_COMMAND *authCommand,
+ const TPM2B_MAX_BUFFER *data,
+ const TPMI_ALG_HASH hashAlg,
@@ include/grub/tpm2/internal/functions.h (new)
+ TPMS_AUTH_RESPONSE *authResponse);
+
+TPM_RC
-+TPM2_HashSequenceStart (const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_AUTH *auth,
-+ const TPMI_ALG_HASH hashAlg,
-+ TPMI_DH_OBJECT *sequenceHandle,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_SequenceUpdate (const TPMI_DH_OBJECT sequenceHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_MAX_BUFFER *buffer,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_SequenceComplete (const TPMI_DH_OBJECT sequenceHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_MAX_BUFFER *buffer,
-+ const TPMI_RH_HIERARCHY hierarchy,
-+ TPM2B_DIGEST *result,
-+ TPMT_TK_HASHCHECK *validation,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
+TPM2_Hash (const TPMS_AUTH_COMMAND *authCommand,
+ const TPM2B_MAX_BUFFER *data,
+ const TPMI_ALG_HASH hashAlg,
@@ include/grub/tpm2/internal/types.h (new)
+/* TPM_CC Constants */
+typedef grub_uint32_t TPM_CC;
+
-+#define TPM_CC_EvictControl ((TPM_CC) 0x00000120)
-+#define TPM_CC_CreatePrimary ((TPM_CC) 0x00000131)
-+#define TPM_CC_Create ((TPM_CC) 0x00000153)
-+#define TPM_CC_FlushContext ((TPM_CC) 0x00000165)
-+#define TPM_CC_ReadPublic ((TPM_CC) 0x00000173)
-+#define TPM_CC_StartAuthSession ((TPM_CC) 0x00000176)
-+#define TPM_CC_PolicyPCR ((TPM_CC) 0x0000017f)
-+#define TPM_CC_NV_Read ((TPM_CC) 0x0000014e)
-+#define TPM_CC_NV_ReadPublic ((TPM_CC) 0x00000169)
-+#define TPM_CC_GetCapability ((TPM_CC) 0x0000017a)
-+#define TPM_CC_PCR_Read ((TPM_CC) 0x0000017e)
-+#define TPM_CC_Load ((TPM_CC) 0x00000157)
-+#define TPM_CC_LoadExternal ((TPM_CC) 0x00000167)
-+#define TPM_CC_Unseal ((TPM_CC) 0x0000015e)
-+#define TPM_CC_PolicyGetDigest ((TPM_CC) 0x00000189)
-+#define TPM_CC_HashSequenceStart ((TPM_CC) 0x00000186)
-+#define TPM_CC_SequenceUpdate ((TPM_CC) 0x0000015c)
-+#define TPM_CC_SequenceComplete ((TPM_CC) 0x0000013e)
-+#define TPM_CC_Hash ((TPM_CC) 0x0000017d)
-+#define TPM_CC_VerifySignature ((TPM_CC) 0x00000177)
-+#define TPM_CC_PolicyAuthorize ((TPM_CC) 0x0000016a)
-+#define TPM_CC_TestParms ((TPM_CC) 0x0000018a)
++#define TPM_CC_EvictControl ((TPM_CC) 0x00000120)
++#define TPM_CC_CreatePrimary ((TPM_CC) 0x00000131)
++#define TPM_CC_Create ((TPM_CC) 0x00000153)
++#define TPM_CC_FlushContext ((TPM_CC) 0x00000165)
++#define TPM_CC_ReadPublic ((TPM_CC) 0x00000173)
++#define TPM_CC_StartAuthSession ((TPM_CC) 0x00000176)
++#define TPM_CC_PolicyPCR ((TPM_CC) 0x0000017f)
++#define TPM_CC_NV_Read ((TPM_CC) 0x0000014e)
++#define TPM_CC_NV_ReadPublic ((TPM_CC) 0x00000169)
++#define TPM_CC_GetCapability ((TPM_CC) 0x0000017a)
++#define TPM_CC_PCR_Read ((TPM_CC) 0x0000017e)
++#define TPM_CC_Load ((TPM_CC) 0x00000157)
++#define TPM_CC_LoadExternal ((TPM_CC) 0x00000167)
++#define TPM_CC_Unseal ((TPM_CC) 0x0000015e)
++#define TPM_CC_PolicyGetDigest ((TPM_CC) 0x00000189)
++#define TPM_CC_Hash ((TPM_CC) 0x0000017d)
++#define TPM_CC_VerifySignature ((TPM_CC) 0x00000177)
++#define TPM_CC_PolicyAuthorize ((TPM_CC) 0x0000016a)
++#define TPM_CC_TestParms ((TPM_CC) 0x0000018a)
+
+/* Hash algorithm sizes */
+#define TPM_SHA1_DIGEST_SIZE 20
11: d65a0631d ! 11: e40320b73 key_protector: Add TPM2 Key Protector
@@ Commit message
command set will be extended to support advanced features, such as
authorized policy, in the later commits.
+ Cc: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
Signed-off-by: Gary Lin <glin@suse.com>
@@ grub-core/tpm2/args.c (new)
+ grub_strcasecmp (value, "ECC_NIST_P256") == 0)
+ {
+ srk_type->type = TPM_ALG_ECC;
++ srk_type->nameAlg = TPM_ALG_SHA256;
++ srk_type->aes_bits = 128;
+ srk_type->detail.ecc_curve = TPM_ECC_NIST_P256;
+ }
+ else if (grub_strcasecmp (value, "RSA") == 0 ||
+ grub_strcasecmp (value, "RSA2048") == 0)
+ {
+ srk_type->type = TPM_ALG_RSA;
++ srk_type->nameAlg = TPM_ALG_SHA256;
++ srk_type->aes_bits = 128;
+ srk_type->detail.rsa_bits = 2048;
+ }
+ else if (grub_strcasecmp (value, "RSA3072") == 0)
+ {
+ srk_type->type = TPM_ALG_RSA;
++ srk_type->nameAlg = TPM_ALG_SHA384;
++ srk_type->aes_bits = 256;
+ srk_type->detail.rsa_bits = 3072;
+ }
+ else if (grub_strcasecmp (value, "RSA4096") == 0)
+ {
+ srk_type->type = TPM_ALG_RSA;
++ srk_type->nameAlg = TPM_ALG_SHA384;
++ srk_type->aes_bits = 256;
+ srk_type->detail.rsa_bits = 4096;
+ }
+ else if (grub_strcasecmp (value, "ECC_NIST_P384") == 0)
+ {
+ srk_type->type = TPM_ALG_ECC;
++ srk_type->nameAlg = TPM_ALG_SHA384;
++ srk_type->aes_bits = 256;
+ srk_type->detail.ecc_curve = TPM_ECC_NIST_P384;
+ }
+ else if (grub_strcasecmp (value, "ECC_NIST_P521") == 0)
+ {
+ srk_type->type = TPM_ALG_ECC;
++ srk_type->nameAlg = TPM_ALG_SHA512;
++ srk_type->aes_bits = 256;
+ srk_type->detail.ecc_curve = TPM_ECC_NIST_P521;
+ }
-+ else if (grub_strcasecmp (value, "ECC_BN_P256") == 0)
-+ {
-+ srk_type->type = TPM_ALG_ECC;
-+ srk_type->detail.ecc_curve = TPM_ECC_BN_P256;
-+ }
-+ else if (grub_strcasecmp (value, "ECC_BN_P638") == 0)
-+ {
-+ srk_type->type = TPM_ALG_ECC;
-+ srk_type->detail.ecc_curve = TPM_ECC_BN_P638;
-+ }
+ else if (grub_strcasecmp (value, "ECC_SM2_P256") == 0)
+ {
+ srk_type->type = TPM_ALG_ECC;
++ srk_type->nameAlg = TPM_ALG_SM3_256;
++ srk_type->aes_bits = 128;
+ srk_type->detail.ecc_curve = TPM_ECC_SM2_P256;
+ }
+ else
@@ grub-core/tpm2/module.c (new)
+ .type = ARG_TYPE_STRING,
+ .doc =
+ N_("Comma-separated list of PCRs used to authorize key release "
-+ "(e.g., '7,11', default is 7."),
++ "e.g., '7,11'. (default: 7)"),
+ },
+ {
+ .longarg = "bank",
@@ grub-core/tpm2/module.c (new)
+ .type = ARG_TYPE_STRING,
+ .doc =
+ N_("Bank of PCRs used to authorize key release: "
-+ "SHA1, SHA256 (default), SHA384 or SHA512."),
++ "SHA1, SHA256, SHA384 or SHA512. (default: SHA256)"),
+ },
+ /* SRK-mode options */
+ {
@@ grub-core/tpm2/module.c (new)
+ .arg = NULL,
+ .type = ARG_TYPE_STRING,
+ .doc =
-+ N_("Required in SRK mode, path to the key file in TPM 2.0 Key File
Format "
-+ "to unseal using the TPM (e.g., (hd0,gpt1)/boot/grub2/secret.tpm)."),
++ N_("In SRK mode, path to the key file in the TPM 2.0 Key File format "
++ "to unseal using the TPM (e.g., (hd0,gpt1)/boot/grub2/sealed.tpm)."),
+ },
+ {
+ .longarg = "keyfile",
@@ grub-core/tpm2/module.c (new)
+ .arg = NULL,
+ .type = ARG_TYPE_STRING,
+ .doc =
-+ N_("Required in SRK mode, path to the sealed key file to unseal using "
-+ "the TPM (e.g., (hd0,gpt1)/boot/grub2/sealed_key). "
-+ "Use '-tpm2key' instead"),
++ N_("In SRK mode, path to the key file in the raw format to unseal "
++ "using the TPM (e.g., (hd0,gpt1)/boot/grub2/sealed.key). "
++ "(Mainly for backward compatibility. Please use '--tpm2key'.)"),
+ },
+ {
+ .longarg = "srk",
@@ grub-core/tpm2/module.c (new)
+ .doc =
+ N_("In SRK mode, the type of SRK: RSA (RSA2048), RSA3072, "
+ "RSA4096, ECC (ECC_NIST_P256), ECC_NIST_P384, "
-+ "ECC_NIST_P521, ECC_BN_P256, ECC_BN_P638, and ECC_SM2_P256. "
-+ "(default is ECC_NIST_P256)"),
++ "ECC_NIST_P521, and ECC_SM2_P256. (default: ECC)"),
+ },
+ /* NV Index-mode options */
+ {
@@ grub-core/tpm2/module.c (new)
+ TPM_HANDLE tmp_handle = 0;
+
+ inPublic.publicArea.type = srk_type.type;
-+ inPublic.publicArea.nameAlg = TPM_ALG_SHA256;
++ inPublic.publicArea.nameAlg = srk_type.nameAlg;
+ inPublic.publicArea.objectAttributes.restricted = 1;
+ inPublic.publicArea.objectAttributes.userWithAuth = 1;
+ inPublic.publicArea.objectAttributes.decrypt = 1;
@@ grub-core/tpm2/module.c (new)
+ if (srk_type.type == TPM_ALG_RSA)
+ {
+ inPublic.publicArea.parameters.rsaDetail.symmetric.algorithm =
TPM_ALG_AES;
-+ inPublic.publicArea.parameters.rsaDetail.symmetric.keyBits.aes =
128;
++ inPublic.publicArea.parameters.rsaDetail.symmetric.keyBits.aes =
srk_type.aes_bits;
+ inPublic.publicArea.parameters.rsaDetail.symmetric.mode.aes =
TPM_ALG_CFB;
+ inPublic.publicArea.parameters.rsaDetail.scheme.scheme =
TPM_ALG_NULL;
+ inPublic.publicArea.parameters.rsaDetail.keyBits =
srk_type.detail.rsa_bits;
@@ grub-core/tpm2/module.c (new)
+ else if (srk_type.type == TPM_ALG_ECC)
+ {
+ inPublic.publicArea.parameters.eccDetail.symmetric.algorithm =
TPM_ALG_AES;
-+ inPublic.publicArea.parameters.eccDetail.symmetric.keyBits.aes =
128;
++ inPublic.publicArea.parameters.eccDetail.symmetric.keyBits.aes =
srk_type.aes_bits;
+ inPublic.publicArea.parameters.eccDetail.symmetric.mode.aes =
TPM_ALG_CFB;
+ inPublic.publicArea.parameters.eccDetail.scheme.scheme =
TPM_ALG_NULL;
+ inPublic.publicArea.parameters.eccDetail.curveID =
srk_type.detail.ecc_curve;
@@ grub-core/tpm2/module.c (new)
+ Return values:
+ * GRUB_ERR_NONE: Everything is fine.
+ * GRUB_ERR_BAD_ARGUMENT: The SRK doesn't match. Try another one.
-+ * Other: Something goes wrong.
++ * Other: Something went wrong.
+*/
+static grub_err_t
+grub_tpm2_protector_srk_load (const grub_srk_type_t srk_type,
@@ grub-core/tpm2/module.c (new)
+ {
+ switch (srk_type.detail.ecc_curve)
+ {
-+ case TPM_ECC_NIST_P256:
-+ return "ECC_NIST_P256";
++ case TPM_ECC_NIST_P256:
++ return "ECC_NIST_P256";
+ }
+ }
+ else if (srk_type.type == TPM_ALG_RSA)
@@ grub-core/tpm2/module.c (new)
+ return "RSA2048";
+ case 3072:
+ return "RSA3072";
-+ case 4096:
-+ return "RSA4096";
+ }
+ }
+
@@ grub-core/tpm2/module.c (new)
+ grub_srk_type_t fallback_srks[] = {
+ {
+ .type = TPM_ALG_ECC,
++ .nameAlg = TPM_ALG_SHA256,
++ .aes_bits = 128,
+ .detail.ecc_curve = TPM_ECC_NIST_P256,
+ },
+ {
+ .type = TPM_ALG_RSA,
++ .nameAlg = TPM_ALG_SHA256,
++ .aes_bits = 128,
+ .detail.rsa_bits = 2048,
+ },
+ {
+ .type = TPM_ALG_RSA,
++ .nameAlg = TPM_ALG_SHA384,
++ .aes_bits = 256,
+ .detail.rsa_bits = 3072,
+ },
+ {
@@ grub-core/tpm2/module.c (new)
+ if (ctx->srk_type.type == TPM_ALG_ERROR)
+ {
+ ctx->srk_type.type = TPM_ALG_ECC;
++ ctx->srk_type.nameAlg = TPM_ALG_SHA256;
++ ctx->srk_type.aes_bits = 128;
+ ctx->srk_type.detail.ecc_curve = TPM_ECC_NIST_P256;
+ }
+ }
@@ grub-core/tpm2/tpm2key.c (new)
+ err = GRUB_ERR_NONE;
+
+error:
-+ if (type_oid)
-+ grub_free (type_oid);
-+
-+ if (empty_auth)
-+ grub_free (empty_auth);
++ grub_free (type_oid);
++ grub_free (empty_auth);
+
+ return err;
+}
@@ grub-core/tpm2/tpm2key.c (new)
+void
+grub_tpm2key_end_parsing (asn1_node tpm2key)
+{
-+ if (tpm2key)
-+ asn1_delete_structure (&tpm2key);
++ asn1_delete_structure (&tpm2key);
+ tpm2key = NULL;
+}
+
@@ grub-core/tpm2/tpm2key.c (new)
+ /* Limit the number of authPolicy elements to two digits (99) */
+ if (authpol_n > 100 || authpol_n < 1)
+ return grub_error (GRUB_ERR_OUT_OF_RANGE,
-+ N_("Invalid number of autoPolicy elements"));
++ N_("Invalid number of authPolicy elements"));
+
+ /*
+ * Iterate the authPolicy elements backwards since grub_list_push()
prepends
@@ include/grub/tpm2/internal/args.h (new)
+
+struct grub_srk_type
+{
-+ TPM_ALG_ID type;
++ TPMI_ALG_PUBLIC type;
++ TPMI_ALG_HASH nameAlg;
++ TPM_KEY_BITS aes_bits;
+ union {
+ TPM_KEY_BITS rsa_bits;
+ TPM_ECC_CURVE ecc_curve;
12: 0d9998ab2 ! 12: 7e1d2591d cryptodisk: Support key protectors
@@ Commit message
Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Glenn Washburn <development@efficientek.com>
+ Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
## Makefile.util.def ##
@@ Makefile.util.def: library = {
@@ grub-core/disk/cryptodisk.c: grub_cryptodisk_scan_device_real (const
char *name,
+
+ cargs->key_data = cargs->key_cache[i].key;
+ cargs->key_len = cargs->key_cache[i].key_len;
-
-- ret = grub_cryptodisk_insert (dev, name, source);
-- if (ret != GRUB_ERR_NONE)
++
+ ret = cr->recover_key (source, dev, cargs);
+ if (ret != GRUB_ERR_NONE)
+ {
@@ grub-core/disk/cryptodisk.c: grub_cryptodisk_scan_device_real (const
char *name,
+ cargs->protectors[i], source->name,
+ source->partition != NULL ? "," : "",
+ part != NULL ? part : N_("UNKNOWN"), dev->uuid);
-+ grub_free (part);
-+ continue;
++ grub_free (part);
++ continue;
++ }
++ else
++ {
++ ret = grub_cryptodisk_insert (dev, name, source);
++ if (ret != GRUB_ERR_NONE)
++ goto error;
++ goto cleanup;
+ }
-+ else
-+ {
-+ ret = grub_cryptodisk_insert (dev, name, source);
-+ if (ret != GRUB_ERR_NONE)
-+ goto error;
-+ goto cleanup;
-+ }
+ }
-+
+
+- ret = grub_cryptodisk_insert (dev, name, source);
+- if (ret != GRUB_ERR_NONE)
+ part = grub_partition_get_name (source->partition);
+ grub_error (GRUB_ERR_ACCESS_DENIED,
+ N_("no key protector provided a usable key for %s%s%s (%s)"),
13: 0ce5fc0e6 ! 13: 4fe88cae7 util/grub-protect: Add new tool
@@ Commit message
written in the key file, so there is no need to specify PCRs when
invoking tpm2_key_protector_init.
+ Cc: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
Signed-off-by: Gary Lin <glin@suse.com>
@@ Makefile.util.def: program = {
+program = {
+ name = grub-protect;
++ mansection = 1;
+
++ common = grub-core/kern/emu/argp_common.c;
+ common = grub-core/osdep/init.c;
+ common = grub-core/tpm2/args.c;
+ common = grub-core/tpm2/buffer.c;
@@ configure.ac: echo grub-mount: Yes
echo starfield theme: Yes
echo With DejaVuSans font from $DJVU_FONT_SOURCE
+ ## docs/man/grub-protect.h2m (new) ##
+@@
++[NAME]
++grub-protect \- protect a disk key with a key protector
++[DESCRIPTION]
++grub-protect helps to pretect a disk encryption key with a specified key
protector.
+
## util/grub-protect.c (new) ##
@@
+/*
@@ util/grub-protect.c (new)
+#include <string.h>
+#include <unistd.h>
+
-+#include <grub/crypto.h>
-+#include <grub/emu/getroot.h>
+#include <grub/emu/hostdisk.h>
+#include <grub/emu/misc.h>
+#include <grub/tpm2/buffer.h>
@@ util/grub-protect.c (new)
+ .arg = "FILE",
+ .flags = 0,
+ .doc =
-+ N_("Path to the TPM2 device (default is /dev/tpm0)."),
++ N_("Path to the TPM2 device. (default: /dev/tpm0)"),
+ .group = 0
+ },
+ {
@@ util/grub-protect.c (new)
+ .flags = 0,
+ .doc =
+ N_("Comma-separated list of PCRs used to authorize key release "
-+ "(e.g., '7,11', default is 7."),
++ "e.g., '7,11'. Please be aware that PCR 0~7 are used by the "
++ "firmware and the measurement result may change after a "
++ "firmware update (for baremetal systems) or a package "
++ "(OVMF/SeaBIOS/SLOF) update in the VM host. This may lead to"
++ "the failure of key unsealing. (default: 7)"),
+ .group = 0
+ },
+ {
@@ util/grub-protect.c (new)
+ .flags = 0,
+ .doc =
+ N_("Bank of PCRs used to authorize key release: "
-+ "SHA1, SHA256 (default), or SHA512."),
++ "SHA1, SHA256, SHA384, or SHA512. (default: SHA256)"),
+ .group = 0
+ },
+ {
@@ util/grub-protect.c (new)
+ .doc =
+ N_("The type of SRK: RSA (RSA2048), RSA3072, RSA4096, "
+ "ECC (ECC_NIST_P256), ECC_NIST_P384, ECC_NIST_P521, "
-+ "ECC_BN_P256, ECC_BN_P638, and ECC_SM2_P256. "
-+ "(default is ECC_NIST_P256)"),
++ "and ECC_SM2_P256. (default: ECC)"),
+ .group = 0
+ },
+ {
@@ util/grub-protect.c (new)
+ };
+ TPML_PCR_SELECTION pcr_sel_out = { 0 };
+ TPML_DIGEST pcr_values = { 0 };
-+ grub_uint8_t *pcr_digest;
++ TPM2B_DIGEST pcr_digest = { 0 };
+ grub_size_t pcr_digest_len;
-+ grub_uint8_t *pcr_concat;
++ TPM2B_MAX_BUFFER pcr_concat = { 0 };
+ grub_size_t pcr_concat_len;
+ grub_uint8_t *pcr_cursor;
-+ const gcry_md_spec_t *hash_spec;
+ TPM2B_NONCE nonce = { 0 };
+ TPM2B_ENCRYPTED_SECRET salt = { 0 };
+ TPMT_SYM_DEF symmetric = { 0 };
+ TPMI_SH_AUTH_SESSION session = 0;
-+ TPM2B_DIGEST pcr_digest_in = {
-+ .size = TPM_SHA256_DIGEST_SIZE,
-+ .buffer = { 0 }
-+ };
+ TPM2B_DIGEST policy_digest = { 0 };
+ grub_uint8_t i;
+ grub_err_t err;
@@ util/grub-protect.c (new)
+ {
+ case TPM_ALG_SHA1:
+ pcr_digest_len = TPM_SHA1_DIGEST_SIZE;
-+ hash_spec = GRUB_MD_SHA1;
+ break;
+ case TPM_ALG_SHA256:
+ pcr_digest_len = TPM_SHA256_DIGEST_SIZE;
-+ hash_spec = GRUB_MD_SHA256;
++ break;
++ case TPM_ALG_SHA384:
++ pcr_digest_len = TPM_SHA384_DIGEST_SIZE;
+ break;
+ case TPM_ALG_SHA512:
+ pcr_digest_len = TPM_SHA512_DIGEST_SIZE;
-+ hash_spec = GRUB_MD_SHA512;
+ break;
-+ /* Although SHA384 can be parsed by grub_tpm2_protector_parse_bank(),
-+ it's not supported by the built-in libgcrypt, and we won't be able
to
-+ calculate the PCR digest, so SHA384 is marked as unsupported. */
+ default:
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
-+ pcr_digest = grub_malloc (pcr_digest_len);
-+ if (!pcr_digest)
-+ {
-+ fprintf (stderr, _("Failed to allocate PCR digest buffer.\n"));
-+ return GRUB_ERR_OUT_OF_MEMORY;
-+ }
-+
+ pcr_concat_len = pcr_digest_len * args->tpm2_pcr_count;
-+ pcr_concat = grub_malloc (pcr_concat_len);
-+ if (pcr_concat == NULL)
++ if (pcr_concat_len > TPM_MAX_DIGEST_BUFFER)
+ {
-+ err = GRUB_ERR_OUT_OF_MEMORY;
-+ fprintf (stderr, _("Failed to allocate PCR concatenation
buffer.\n"));
-+ goto exit1;
++ fprintf (stderr, _("PCR concatenation buffer not enough.\n"));
++ return GRUB_ERR_OUT_OF_RANGE;
+ }
+
-+ pcr_cursor = pcr_concat;
++ pcr_cursor = pcr_concat.buffer;
+ for (i = 0; i < args->tpm2_pcr_count; i++)
+ {
+ if (pcr_values.digests[i].size != pcr_digest_len)
@@ util/grub-protect.c (new)
+ fprintf (stderr,
+ _("Bad PCR value size: expected %" PRIuGRUB_SIZE " bytes but
got %u bytes.\n"),
+ pcr_digest_len, pcr_values.digests[i].size);
-+ goto exit2;
++ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
+ grub_memcpy (pcr_cursor, pcr_values.digests[i].buffer,
pcr_digest_len);
+ pcr_cursor += pcr_digest_len;
+ }
++ pcr_concat.size = pcr_concat_len;
+
-+ grub_crypto_hash (hash_spec, pcr_digest, pcr_concat, pcr_concat_len);
++ rc = TPM2_Hash (NULL, &pcr_concat, args->tpm2_bank, TPM_RH_NULL,
&pcr_digest,
++ NULL, NULL);
++ if (rc != TPM_RC_SUCCESS)
++ {
++ fprintf (stderr, _("Failed to generate PCR digest (TPM2_Hash:
0x%x)\n"), rc);
++ return GRUB_ERR_BAD_DEVICE;
++ }
+
+ /* Start Trial Session */
+ nonce.size = TPM_SHA256_DIGEST_SIZE;
@@ util/grub-protect.c (new)
+ fprintf (stderr,
+ _("Failed to start trial policy session (TPM2_StartAuthSession:
0x%x).\n"),
+ rc);
-+ err = GRUB_ERR_BAD_DEVICE;
-+ goto exit2;
++ return GRUB_ERR_BAD_DEVICE;
+ }
+
+ /* PCR Policy */
-+ memcpy (pcr_digest_in.buffer, pcr_digest, TPM_SHA256_DIGEST_SIZE);
-+
-+ rc = TPM2_PolicyPCR (session, NULL, &pcr_digest_in, &pcr_sel, NULL);
++ rc = TPM2_PolicyPCR (session, NULL, &pcr_digest, &pcr_sel, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
+ fprintf (stderr, _("Failed to submit PCR policy (TPM2_PolicyPCR:
0x%x).\n"),
+ rc);
+ err = GRUB_ERR_BAD_DEVICE;
-+ goto exit3;
++ goto error;
+ }
+
+ /* Retrieve Policy Digest */
@@ util/grub-protect.c (new)
+ fprintf (stderr, _("Failed to get policy digest
(TPM2_PolicyGetDigest: 0x%x).\n"),
+ rc);
+ err = GRUB_ERR_BAD_DEVICE;
-+ goto exit3;
++ goto error;
+ }
+
+ /* Epilogue */
+ *digest = policy_digest;
+ err = GRUB_ERR_NONE;
+
-+exit3:
++error:
+ TPM2_FlushContext (session);
+
-+exit2:
-+ grub_free (pcr_concat);
-+
-+exit1:
-+ grub_free (pcr_digest);
-+
+ return err;
+}
+
@@ util/grub-protect.c (new)
+ /* Create SRK */
+ authCommand.sessionHandle = TPM_RS_PW;
+ inPublic.publicArea.type = args->srk_type.type;
-+ inPublic.publicArea.nameAlg = TPM_ALG_SHA256;
++ inPublic.publicArea.nameAlg = args->srk_type.nameAlg;
+ inPublic.publicArea.objectAttributes.restricted = 1;
+ inPublic.publicArea.objectAttributes.userWithAuth = 1;
+ inPublic.publicArea.objectAttributes.decrypt = 1;
@@ util/grub-protect.c (new)
+ {
+ case TPM_ALG_RSA:
+ inPublic.publicArea.parameters.rsaDetail.symmetric.algorithm =
TPM_ALG_AES;
-+ inPublic.publicArea.parameters.rsaDetail.symmetric.keyBits.aes =
128;
++ inPublic.publicArea.parameters.rsaDetail.symmetric.keyBits.aes =
args->srk_type.aes_bits;
+ inPublic.publicArea.parameters.rsaDetail.symmetric.mode.aes =
TPM_ALG_CFB;
+ inPublic.publicArea.parameters.rsaDetail.scheme.scheme =
TPM_ALG_NULL;
+ inPublic.publicArea.parameters.rsaDetail.keyBits =
args->srk_type.detail.rsa_bits;
@@ util/grub-protect.c (new)
+
+ case TPM_ALG_ECC:
+ inPublic.publicArea.parameters.eccDetail.symmetric.algorithm =
TPM_ALG_AES;
-+ inPublic.publicArea.parameters.eccDetail.symmetric.keyBits.aes =
128;
++ inPublic.publicArea.parameters.eccDetail.symmetric.keyBits.aes =
args->srk_type.aes_bits;
+ inPublic.publicArea.parameters.eccDetail.symmetric.mode.aes =
TPM_ALG_CFB;
+ inPublic.publicArea.parameters.eccDetail.scheme.scheme =
TPM_ALG_NULL;
+ inPublic.publicArea.parameters.eccDetail.curveID =
args->srk_type.detail.ecc_curve;
@@ util/grub-protect.c (new)
+ if (args->srk_type.type == TPM_ALG_ERROR)
+ {
+ args->srk_type.type = TPM_ALG_ECC;
-+ args->srk_type.detail.rsa_bits = TPM_ECC_NIST_P256;
++ args->srk_type.nameAlg = TPM_ALG_SHA256;
++ args->srk_type.aes_bits = 128;
++ args->srk_type.detail.ecc_curve = TPM_ECC_NIST_P256;
+ }
+
+ if (args->tpm2_bank == TPM_ALG_ERROR)
@@ util/grub-protect.c (new)
+ grub_util_biosdisk_init (NULL);
+
+ grub_init_all ();
-+ grub_gcry_init_all ();
+
+ grub_lvm_fini ();
+ grub_mdraid09_fini ();
@@ util/grub-protect.c (new)
+static void
+grub_protect_fini (void)
+{
-+ grub_gcry_fini_all ();
+ grub_fini_all ();
+ grub_util_biosdisk_fini ();
+}
14: 7e3dcf00f ! 14: 0593d5901 tpm2: Support authorized policy
@@ Commit message
--after \
--input sealed.key \
--output sealed.tpm \
- sign 0,2,4,7.9
+ sign 0,2,4,7,9
Then specify the key file and the key protector to grub.cfg in the EFI
system partition:
@@ Commit message
(*2) https://github.com/okirch/pcr-oracle
Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
## grub-core/tpm2/module.c ##
@@ grub-core/tpm2/module.c: grub_tpm2_protector_policypcr
(TPMI_SH_AUTH_SESSION session,
15: fe01fa1e8 ! 15: 8ef188c56 tpm2: Implement NV index
@@ Commit message
Signed-off-by: Patrick Colp <patrick.colp@oracle.com>
Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
## grub-core/tpm2/module.c ##
@@ grub-core/tpm2/module.c: static grub_err_t
16: dfe806dc0 ! 16: 462ad79ed cryptodisk: Fallback to passphrase
@@ Commit message
`grub_errno` is now set. Print the existing errors out first, before
proceeding with the passphrase.
+ Cc: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Patrick Colp <patrick.colp@oracle.com>
Signed-off-by: Gary Lin <glin@suse.com>
17: b9f27bfba ! 17: 1f78c792c cryptodisk: wipe out the cached keys from
protectors
@@ Commit message
the attacker could dump the memory to retrieve the secret key. To
defend
such attack, wipe out the cached key when we don't need it.
- Signed-off-by: Gary Lin <glin@suse.com>
Cc: Fabian Vogt <fvogt@suse.com>
+ Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
## grub-core/disk/cryptodisk.c ##
@@ grub-core/disk/cryptodisk.c: grub_cryptodisk_clear_key_cache (struct
grub_cryptomount_args *cargs)
18: b7eb5c903 = 18: 2952ceced diskfilter: look up cryptodisk devices first
19: 624a8583f ! 19: add1027ed tpm2: Enable tpm2 module for grub-emu
@@ Commit message
further test TPM key unsealing with grub-emu.
Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
## grub-core/Makefile.core.def ##
@@ grub-core/Makefile.core.def: module = {
20: ce096c966 ! 20: a149dab00 tests: Add tpm2_test
@@ Commit message
Based on the idea from Michael Chang.
Cc: Michael Chang <mchang@suse.com>
+ Cc: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Gary Lin <glin@suse.com>
## Makefile.util.def ##
@@ tests/tpm2_test.in (new)
+ exit 99
+fi
+
++if ! grep -q tpm_vtpm_proxy /proc/modules && ! modprobe tpm_vtpm_proxy;
then
++ echo "no tpm_vtpm_proxy support; cannot test tpm2."
++ exit 99
++fi
++
+if ! which swtpm >/dev/null 2>&1; then
+ echo "swtpm not installed; cannot test tpm2."
+ exit 99
@@ tests/tpm2_test.in (new)
+# Choose a low iteration number to reduce the time to decrypt the disk
+csopt="--type luks2 --pbkdf pbkdf2 --iter-time 1000"
+
-+tpm2devname="vtpm-test0"
+tpm2statedir=${tpm2testdir}/tpm
-+tpm2dev="/dev/${tpm2devname}"
++tpm2ctrl=${tpm2statedir}/ctrl
++tpm2log=${tpm2statedir}/logfile
+
+sealedkey=${tpm2testdir}/sealed.tpm
+
@@ tests/tpm2_test.in (new)
+
+# Shutdown the swtpm instance on exit
+cleanup() {
-+ if [ -e "$tpm2dev" ]; then
-+ swtpm_ioctl -s ${tpm2dev}
++ RET=$?
++ if [ -e "$tpm2ctrl" ]; then
++ swtpm_ioctl -s --unix ${tpm2ctrl}
+ fi
-+ if [ "${RET:-1}" -eq 0 ]; then
++ if [ "${RET}" -eq 0 ]; then
+ rm -rf "$tpm2testdir" || :
+ fi
+}
+trap cleanup EXIT INT TERM KILL QUIT
+
-+# Shutdown the previous swtpm instance if exists
-+if [ -c "${tpm2dev}" ]; then
-+ swtpm_ioctl -s ${tpm2dev}
-+fi
++mkdir -p ${tpm2statedir}
+
-+# Create the swtpm cuse instannce
-+swtpm_cuse -n ${tpm2devname} --tpm2 --tpmstate dir=${tpm2statedir}
++# Create the swtpm chardev instannce
++swtpm chardev --vtpm-proxy --tpmstate dir=${tpm2statedir} \
++ --tpm2 --ctrl type=unixio,path=${tpm2ctrl} \
++ --flags startup-clear --daemon > ${tpm2log}
+ret=$?
+if [ "$ret" -ne 0 ]; then
+ exit $ret
+fi
+
-+# Initialize swtpm device
-+swtpm_ioctl -i ${tpm2dev}
-+ret=$?
-+if [ "$ret" -ne 0 ]; then
-+ exit $ret
++tpm2dev=$(grep "New TPM device" ${tpm2log} | cut -d' ' -f 4)
++if [ -z "${tpm2dev}" ]; then
++ exit QUIT
++fi
++
++# Wait for tpm2 chardev
++wait=3
++while [ "${wait}" -gt 0 ]; do
++ if [ -c "${tpm2dev}" ]; then
++ break;
++ fi
++ sleep 1
++ ((wait--))
++done
++if [ "$wait" -le 0 ]; then
++ exit QUIT
+fi
+
+# Export the TCTI variable for tpm2-tools
+export TPM2TOOLS_TCTI="device:${tpm2dev}"
+
-+# Send the startup command
-+tpm2_startup -c
-+ret=$?
-+if [ "$ret" -ne 0 ]; then
-+ exit $ret
-+fi
-+
+# Extend PCR 0
+tpm2_pcrextend 0:sha256=$(sha256sum <<< "test0" | cut -d ' ' -f 1)
+ret=$?
@@ tests/tpm2_test.in (new)
+fi
+
+tpm2_seal_unseal() {
-+ local tpm2_alg="$1"
++ local srk_alg="$1"
+ local handle_type="$2"
+ local srk_test="$3"
+
-+ local grub_tpm2_alg=${tpm2_alg}
++ local grub_srk_alg=${srk_alg}
+
+ local extra_opt=""
+ local extra_grub_opt=""
@@ tests/tpm2_test.in (new)
+ extra_opt="--tpm2-srk=${persistent_handle}"
+ fi
+
++ if [ "${srk_alg}" != "default" ]; then
++ extra_opt="${extra_opt} --tpm2-asymmetric=${srk_alg}"
++ fi
++
+ # Seal the password with grub-protect
+ grub-protect ${extra_opt} \
+ --tpm2-device=${tpm2dev} \
+ --action=add \
+ --protector=tpm2 \
+ --tpm2key \
-+ --tpm2-asymmetric=${tpm2_alg} \
+ --tpm2-bank=sha256 \
+ --tpm2-pcrs=0,1 \
+ --tpm2-keyfile=${lukskeyfile} \
@@ tests/tpm2_test.in (new)
+
+ # Flip the asymmetric algorithm in grub.cfg to trigger fallback SRKs
+ if [ "${srk_test}" == "fallback_srk" ]; then
-+ if [[ "${tpm2_alg}" == RSA* ]]; then
-+ grub_tpm2_alg="ECC"
-+ elif [[ "${tpm2_alg}" == ECC* ]]; then
-+ grub_tpm2_alg="RSA"
++ if [[ "${srk_alg}" == RSA* ]]; then
++ grub_srk_alg="ECC"
++ elif [[ "${srk_alg}" == ECC* ]]; then
++ grub_srk_alg="RSA"
+ fi
+ fi
+
-+ if [ "${handle_type}" != "persistent" ]; then
-+ extra_grub_opt="-a ${grub_tpm2_alg}"
++ if [ "${grub_srk_alg}" != "default" ] && [ "${handle_type}" !=
"persistent" ]; then
++ extra_grub_opt="-a ${grub_srk_alg}"
+ fi
+
+ # Write the TPM unsealing script
@@ tests/tpm2_test.in (new)
+ --tpm2-evict
+ fi
+
-+ return $ret
++ if [ "$ret" -eq 0 ]; then
++ if ! grep -q "^${vtext}$" "$testoutput"; then
++ echo "error: test not verified [`cat $testoutput`]" >&2
++ exit 1
++ fi
++ else
++ echo "grub-emu exited with error: $ret" >&2
++ exit $ret
++ fi
+}
+
+tpm2_seal_unseal_nv() {
@@ tests/tpm2_test.in (new)
+ # Ref:
https://github.com/tpm2-software/tpm2-tools/issues/1338#issuecomment-469689398
+
+ # Create the primary object
-+ tpm2_createprimary -C o -g sha256 -G ecc -c ${primary_file}
++ tpm2_createprimary -C o -g sha256 -G ecc -c ${primary_file} -Q
+ tpm2_flushcontext -t
+
+ # Create the policy object
+ tpm2_startauthsession -S ${session_file}
-+ tpm2_policypcr -S ${session_file} -l sha256:0,1 -L ${policy_file}
++ tpm2_policypcr -S ${session_file} -l sha256:0,1 -L ${policy_file} -Q
+ tpm2_flushcontext ${session_file}
+
+ # Seal the key into TPM
-+ tpm2_create -C ${primary_file} -u ${keypub_file} -r ${keypriv_file}
-L ${policy_file} -i ${lukskeyfile}
++ tpm2_create -C ${primary_file} -u ${keypub_file} -r ${keypriv_file}
-L ${policy_file} -i ${lukskeyfile} -Q
+ tpm2_flushcontext -t
+ tpm2_load -C ${primary_file} -u ${keypub_file} -r ${keypriv_file} -n
${name_file} -c ${sealing_ctx_file}
+ tpm2_flushcontext -t
-+ tpm2_evictcontrol -C o -c ${sealing_ctx_file} ${persistent_handle}
++ tpm2_evictcontrol -C o -c ${sealing_ctx_file} ${persistent_handle} -Q
+
+ # Write the TPM unsealing script
+ cat > ${tpm2testdir}/testcase.cfg <<EOF
@@ tests/tpm2_test.in (new)
+ --tpm2-srk=${persistent_handle} \
+ --tpm2-evict
+
-+ return $ret
++ if [ "$ret" -eq 0 ]; then
++ if ! grep -q "^${vtext}$" "$testoutput"; then
++ echo "error: test not verified [`cat $testoutput`]" >&2
++ exit 1
++ fi
++ else
++ echo "grub-emu exited with error: $ret" >&2
++ exit $ret
++ fi
+}
+
++tpm2_seal_unseal default transient no_fallback_srk
++
+tpm2_seal_unseal RSA transient no_fallback_srk
-+ret=$?
-+if [ "$ret" -eq 0 ]; then
-+ if ! grep -q "^${vtext}$" "$testoutput"; then
-+ echo "error: test not verified [`cat $testoutput`]" >&2
-+ exit 1
-+ fi
-+else
-+ echo "grub-emu exited with error: $ret" >&2
-+ exit $ret
-+fi
+
+tpm2_seal_unseal ECC transient no_fallback_srk
-+ret=$?
-+if [ "$ret" -eq 0 ]; then
-+ if ! grep -q "^${vtext}$" "$testoutput"; then
-+ echo "error: test not verified [`cat $testoutput`]" >&2
-+ exit 1
-+ fi
-+else
-+ echo "grub-emu exited with error: $ret" >&2
-+ exit $ret
-+fi
+
+tpm2_seal_unseal RSA persistent no_fallback_srk
-+ret=$?
-+if [ "$ret" -eq 0 ]; then
-+ if ! grep -q "^${vtext}$" "$testoutput"; then
-+ echo "error: test not verified [`cat $testoutput`]" >&2
-+ exit 1
-+ fi
-+else
-+ echo "grub-emu exited with error: $ret" >&2
-+ exit $ret
-+fi
+
+tpm2_seal_unseal ECC persistent no_fallback_srk
-+ret=$?
-+if [ "$ret" -eq 0 ]; then
-+ if ! grep -q "^${vtext}$" "$testoutput"; then
-+ echo "error: test not verified [`cat $testoutput`]" >&2
-+ exit 1
-+ fi
-+else
-+ echo "grub-emu exited with error: $ret" >&2
-+ exit $ret
-+fi
+
+tpm2_seal_unseal RSA transient fallback_srk
-+ret=$?
-+if [ "$ret" -eq 0 ]; then
-+ if ! grep -q "^${vtext}$" "$testoutput"; then
-+ echo "error: test not verified [`cat $testoutput`]" >&2
-+ exit 1
-+ fi
-+else
-+ echo "grub-emu exited with error: $ret" >&2
-+ exit $ret
-+fi
+
+tpm2_seal_unseal ECC transient fallback_srk
-+ret=$?
-+if [ "$ret" -eq 0 ]; then
-+ if ! grep -q "^${vtext}$" "$testoutput"; then
-+ echo "error: test not verified [`cat $testoutput`]" >&2
-+ exit 1
-+ fi
-+else
-+ echo "grub-emu exited with error: $ret" >&2
-+ exit $ret
-+fi
+
+tpm2_seal_unseal_nv
-+ret=$?
-+if [ "$ret" -eq 0 ]; then
-+ if ! grep -q "^${vtext}$" "$testoutput"; then
-+ echo "error: test not verified [`cat $testoutput`]" >&2
-+ exit 1
-+ fi
-+else
-+ echo "grub-emu exited with error: $ret" >&2
-+ exit $ret
-+fi
+
-+exit $ret
++exit 0
## tests/util/grub-shell.in ##
@@ tests/util/grub-shell.in: work_directory=${WORKDIR:-`mktemp -d
"${TMPDIR:-/tmp}/grub-shell.XXXXXXXXXX"`} |
--
2.35.3
- [PATCH v12 00/20] Automatic Disk Unlock with TPM2,
Gary Lin <=
- [PATCH v12 01/20] posix_wrap: tweaks in preparation for libtasn1, Gary Lin, 2024/04/19
- [PATCH v12 03/20] libtasn1: disable code not needed in grub, Gary Lin, 2024/04/19
- [PATCH v12 02/20] libtasn1: import libtasn1-4.19.0, Gary Lin, 2024/04/19
- [PATCH v12 04/20] libtasn1: changes for grub compatibility, Gary Lin, 2024/04/19
- [PATCH v12 05/20] libtasn1: fix the potential buffer overrun, Gary Lin, 2024/04/19
- [PATCH v12 09/20] key_protector: Add key protectors framework, Gary Lin, 2024/04/19
- [PATCH v12 06/20] libtasn1: compile into asn1 module, Gary Lin, 2024/04/19
- [PATCH v12 10/20] tpm2: Add TPM Software Stack (TSS), Gary Lin, 2024/04/19
- [PATCH v12 18/20] diskfilter: look up cryptodisk devices first, Gary Lin, 2024/04/19