On Mon, Jun 3, 2024 at 2:37 PM Hector Cao <hector....@canonical.com> wrote: > > The measurements for confidential computing has been introduced in the commit > 4c76565b6 (efi/tpm: Add EFI_CC_MEASUREMENT_PROTOCOL support). Recently > this patch 30708dfe3 (tpm: Disable the tpm verifier if the TPM device > is not present) has been introduced to optimize the memory usage when > TPM device is not available on the platform. This patch will prevent the > tpm module to be loaded on confidential computing platform (for example > Intel TDX) where no TPM device is available. > > In this patch, we propose to load the tpm module for this use case > by generalizing the tpm feature detection in order to cover CC platforms. > Basically, do we it by detecting the availability of the EFI protocol > EFI_CC_MEASUREMENT_PROTOCOL. > > Fixes bug : https://savannah.gnu.org/bugs/?65821 > > Signed-off-by: Hector Cao <hector....@canonical.com> > ---
Looks good to me Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppusw...@linux.intel.com> > grub-core/commands/efi/tpm.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c > index f250c30db..40845af7a 100644 > --- a/grub-core/commands/efi/tpm.c > +++ b/grub-core/commands/efi/tpm.c > @@ -292,6 +292,13 @@ grub_tpm_present (void) > { > grub_efi_handle_t tpm_handle; > grub_efi_uint8_t protocol_version; > + grub_efi_cc_protocol_t *cc; > + > + /* if confidential computing measurement protocol is enabled > + we consider TPM is present */ > + cc = grub_efi_locate_protocol (&cc_measurement_guid, NULL); > + if (cc != NULL) > + return 1; > > if (!grub_tpm_handle_find (&tpm_handle, &protocol_version)) > return 0; > -- > 2.39.2 > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel