On Tue, Apr 09, 2024 at 04:30:32PM +0800, Gary Lin wrote: > GIT repo for v10: https://github.com/lcp/grub2/tree/tpm2-unlock-v10 > > This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by > Hernan Gatta to introduce the key protector framework and TPM2 stack > to GRUB2, and this could be a useful feature for the systems to > implement full disk encryption. > -->8-- > > v10: > - Fixing the coverity issues: CID 435775, CID 435771, CID 435770, CID > 435769, CID 435767, CID 435761 > https://lists.gnu.org/archive/html/grub-devel/2024-02/txtKIuUb5lf3O.txt > - Fixing the potential memory leak (CID 435775) > - Removing the unnecessary grub_protect_get_grub_drive_for_file() from > util/grub-protect.c (CID 435771) > - Using the grub_tpm2_mu_TPM2B_*_Unmarshal functions to unmarshal the > TPM2B structs instead of a generic grub_tpm2_mu_TPM2B_Unmarshal > (CID 435770) > - Fixing Null pointer dereference (CID 435769) > - Adding bound checks to grub_tpm2_mu_TPML_DIGEST_Unmarshal() > (CID 435767) > - Improving the check for the return value of ftell() (CID 435761) > - Adding a quick fix for CID 435762 > - Removing the empty ending line in tests/asn1_test.in > - Fixing docs/grub-dev.texi and updating the libtasn1 patches in > grub-core/lib/libtasn1-patches/ > - Merging all the TPM2 TSS stack patches into one to reduce the total > patch number > - Switching the default asymmetric algorithm from RSA2048 to > TPM_ECC_NIST_P256 for the faster key generation I forgot to update the help messages to reflect the change. Will fix the help in v11...
> - Adding the fallback SRK templates to try a few more SRK types in case > grub2 failed to associate the sealed key with the SRK in the persistent > handle or the default SRK > - Improving the test script to add tests for the persistent handle and > the fallback SRKs Gary Lin _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel