Hi, Khaalid
This series adds basic support for the Trusted Platform Control Module
(TPCM) to the EFI build of GRUB. TPCM is an open specification
(GB/T 40650-2021) that extends TPM with active runtime measurement,
enabling continuous attestation on devices that must comply with the
"Level-3 Enhanced Security" guideline in china. Reference link:
https://std.samr.gov.cn/gb/search/gbDetailed?id=CE1E6A1DD5DA58F6E0539
7BE0A0A68DF
If tpcm related protocol is not implemented in UEFI, then tpcm module
directly returns NONE, keep compatible with non-measurement-support
UEFI. TPCM is still developing, and we will actively push tpcm function
into UEFI specification in the near future.
Some BIOS manufacturers such as Insyde, Byo, etc. have added support
for tpcm, and some OEM manufacturers such as Lenovo, Inspur, H3C, etc.
have enabled tpcm on related products.
### Key capabilities introduced:
* Probe the EFI TPCM protocol (GUID F89AB5CD-2829-422F-A5F3-0328E06C
FCBB)
* Provide `grub_tpcm_verify_init`, `grub_tpcm_verify_write`,
`grub_tpcm_verify_string` commands
### Changes since v1
* Split monolithic patch into 2 logical pieces
Thanks for the review and split suggestion.
Feedback welcome!
Best regards
chench246 (2):
efi/tpcm: Add UEFI interface for TPCM module
efi/tpcm: Add complete support of TPCM module
grub-core/Makefile.core.def | 7 ++
grub-core/commands/efi/tpcm.c | 163 ++++++++++++++++++++++++++++++++++
grub-core/commands/tpcm.c | 99 +++++++++++++++++++++
include/grub/efi/tpcm.h | 60 +++++++++++++
include/grub/err.h | 3 +-
5 files changed, 331 insertions(+), 1 deletion(-)
create mode 100755 grub-core/commands/efi/tpcm.c
create mode 100755 grub-core/commands/tpcm.c
create mode 100644 include/grub/efi/tpcm.h
--
2.17.1
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
