On Tue, Oct 08, 2024 at 10:14:59AM GMT, Vladimir 'phcoder' Serbinenko wrote:
> Le mar. 8 oct. 2024, 09:53, Michael Chang via Grub-devel
> a écrit :
>
> > On Tue, Oct 08, 2024 at 08:07:17AM GMT, Vladimir 'phcoder' Serbinenko
> > wrote:
> > > Agai
fig)
> + {
> + grub_file_t file;
> +
> + file = grub_file_open (config, GRUB_FILE_TYPE_CONFIG);
> + if (file)
> + {
> + grub_file_close (file);
> + grub_enter_normal_mode (config);
> + }
> + else
> +
key->object_id = grub_cpu_to_le64_compile_time
> > (GRUB_BTRFS_OBJECT_ID_CHUNK);
> > - key->type = GRUB_BTRFS_ITEM_TYPE_DIR_ITEM;
> > - key->offset = 0;
> > + if (data->fs_tree)
> > + {
> > +
EGIN $i ###"
-"$i"
-echo "### END $i ###"
+echo "" >> "${NEW_GRUBCFG}"
+echo "### BEGIN $i ###" >> "${NEW_GRUBCFG}"
+if ! "$i" >> "${NEW_GRUBCFG}";then
+ echo "[ERROR] '$i' failed !" >&2
+ exit 99
+fi
+echo "### END $i ###" >> "${NEW_GRUBCFG}"
fi
;;
esac
@@ -299,7 +303,7 @@ if test "x${grub_cfg}" != "x" ; then
gettext_printf "Syntax errors are detected in generated GRUB config file.
Ensure that there are no errors in /etc/default/grub
and /etc/grub.d/* files or please file a bug report with
-%s file attached." "${grub_cfg}.new" >&2
+%s file attached." "${NEW_GRUBCFG}" >&2
echo >&2
exit 1
else
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
re/kern/misc.c
index 465a8e74e..b1d399d37 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -1303,7 +1303,7 @@ void __attribute__ ((noreturn))
grub_abort (void)
{
#ifndef GRUB_UTIL
-#if defined(__i386__) || defined(__x86_64__)
+#if (defined(__i386__) || defined(__x86_64__))
;
}
- p = q = (char *)ptr;
-
- if (grub_add (ptr, (grub_size_t) grub_le_to_cpu64 (rlocn->size), &ptr))
-goto error_parsing_metadata;
-
mda_end = (char *)ptr;
while (*q != ' ' && q < mda_end)
--
2.46.1
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
On Mon, Oct 07, 2024 at 11:49:51AM GMT, ross.philip...@oracle.com wrote:
> On 10/3/24 8:40 PM, Michael Chang via Grub-devel wrote:
> > On Thu, Oct 03, 2024 at 10:30:15AM GMT, ross.philip...@oracle.com wrote:
> > > On 10/3/24 12:23 AM, Michael Chang via Grub-devel wrote:
>
"Vladimir 'phcoder' Serbinenko" writes:
> Reviewed-by: phco...@gmail.com
>
Thanks. Can this be picked up, please?
Rasmus
> Le jeu. 29 août 2024, 14:07, Rasmus Villemoes via Grub-devel <
> grub-devel@gnu.org> a écrit :
>
>> Unlike files accesse
On Tue, Oct 01, 2024 at 04:48:34PM +0200, Daniel Kiper wrote:
> On Wed, Sep 18, 2024 at 03:28:44PM +0800, Gary Lin via Grub-devel wrote:
> > On Tue, Sep 17, 2024 at 11:14:33PM -0400, Stefan Berger wrote:
> > > On 9/6/24 5:11 AM, Gary Lin wrote:
> > > > A Trusted
ress in the code that rogue return values are really
intended to prevent deletion of the test data.
Have a nice day
Thomas
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
ing the paragragh like this:
> >
> > @command{pcr-oracle} also supports ``authorized policy'' which allows the
> > PCR policy to be updated with a valid signature, so that the user only seals
> > the random disk key once. For the later changes, the user just needs
On Thu, Oct 03, 2024 at 05:58:41PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:10:52PM +0800, Gary Lin via Grub-devel wrote:
> > GIT repo for v19: https://github.com/lcp/grub2/tree/tpm2-unlock-v19
> >
> > This patch series is based on "Automatic TPM
On Tue, Oct 01, 2024 at 04:48:34PM +0200, Daniel Kiper wrote:
> On Wed, Sep 18, 2024 at 03:28:44PM +0800, Gary Lin via Grub-devel wrote:
> > On Tue, Sep 17, 2024 at 11:14:33PM -0400, Stefan Berger wrote:
> > > On 9/6/24 5:11 AM, Gary Lin wrote:
> > > > A Trusted
On 10/3/24 8:40 PM, Michael Chang via Grub-devel wrote:
On Thu, Oct 03, 2024 at 10:30:15AM GMT, ross.philip...@oracle.com wrote:
On 10/3/24 12:23 AM, Michael Chang via Grub-devel wrote:
Previously, the buffer for LVM metadata parsing was set to twice the
size of the metadata area, which caused
p; [ "$RET" -ne 0 ]; then
rm -rf "$lukstestdir" || :
elif [ -z "$debug" ] && [ "$xfail" -eq 0 ] && [ "$RET" -eq 0 ]; then
rm -rf "$lukstestdir" || :
fi
Have a nice day :)
Thomas
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
+110,14 @@ wildcard_unescape (const char *s)
i = 0;
while ((ch = *s++))
{
- if (ch == '\\')
+ if (ch == '\\' && s[0] == 'x' && is_hex(s[1]) && is_hex(s[2]))
+ {
+ p[i++] = '\\';
+ p[i++] = *s
sed)),
grub_free (file_path);
if (address)
-b->free_pages (address, pages);
+grub_efi_free_pages (address, pages);
if (image_handle != NULL)
b->unload_image (image_handle);
_______
Grub-devel mailing list
Grub-devel@gnu.
On Fri, Oct 18, 2024 at 08:08:28AM GMT, zhangqiumiao wrote:
> > On Thu, Oct 03, 2024 at 03:23:15PM +0800, Michael Chang via Grub-devel
> > wrote:
> >> Similar to the fix in commit "c52ae4057 efinet: skip virtual IPv4 and
> >> IPv6 devices during card enumer
for (; s; s--, ptr++)
{
struct grub_acpi_table_header *tbl;
___
Grub-devel mailing list
Grub-devel@gnu.org
https://urldefense.com/v3/__https://lists.gnu.org/mailman/listinfo/grub-devel__;!!ACWV
x86_64__) && !defined(__riscv) && \
!defined (__loongarch__)
- grub_size_t arch_addralign = GRUB_DL_ALIGN;
+ grub_size_t arch_addralign = DL_ALIGN;
grub_addr_t tgaddr;
grub_size_t tgsz;
#endif
___
Grub-devel mailing list
ub_size_t arch_addralign = GRUB_DL_ALIGN;
+ grub_size_t arch_addralign = DL_ALIGN;
grub_addr_t tgaddr;
grub_size_t tgsz;
#endif
--
2.11.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
ly)
> > +output = grub_xasprintf("%s%"PRIuGRUB_UINT64_T"\n",
> > + old ?: "", key_out.offset);
> > + else if (path_only)
> > +
boot/grub/i386-pc, making it
accessible in place.
[1] https://lists.gnu.org/archive/html/grub-devel/2024-10/msg00089.html
Thanks,
Michael
>
> Le lun. 14 oct. 2024, 20:09, Leo Sandoval a écrit :
>
> > From: Michael Chang
> >
> > We should export btrfs_subvol and b
t;disk_iterate) (scan_disk_hook, NULL, pull))
+ return;
+ if (arname && is_lv_readable (find_lv (arname), 1))
+ return;
+ }
+}
scan_depth = 0;
need_rescan = 1;
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
p/sys/types.h
@@ -50,6 +50,7 @@ typedef grub_uint8_t byte;
typedef grub_addr_t uintptr_t;
#define SIZEOF_UNSIGNED_LONG GRUB_CPU_SIZEOF_LONG
+#define SIZEOF_UNSIGNED_LONG_INT GRUB_CPU_SIZEOF_LONG
#define SIZEOF_UNSIGNED_INT 4
#define SIZEOF_UNSIGNED_LONG_LONG 8
#define SIZEOF_UNSIGNED_SHORT 2
(1U<<29)
+
+ /* produces endless loop (fixed by d4b624b2):
+ * The following translates into a single node with all pointers
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
(dest_tot_size - dest_size > str_size)
+ {
+- strcat (dest, src);
++ strcpy (dest + dest_size, src);
+ }
+ else
+ {
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/g
asn1_tab, &definitions, errorDescription);
+ if (result != ASN1_SUCCESS)
+ {
+@@ -79,8 +76,5 @@ test_reproducers (void)
+
+ asn1_delete_structure (&definitions);
+
+- if (verbose)
+-printf ("Success\n");
+-
+ return 0;
+ }
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
signed int tag_value,
+ temp[k++] = tag_value & 0x7F;
+ tag_value >>= 7;
+
+-if (k > ASN1_MAX_TAG_SIZE - 1)
++if (k >= ASN1_MAX_TAG_SIZE - 1)
+ break; /* will not encode larger tags */
+ }
+ *ans_len = k + 1;
+--
+2.43
grub_uint8_t **key,
+ grub_size_t *key_size);
+
+#endif /* ! GRUB_PROTECTOR_HEADER */
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
INT == 8
+ # define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b)
+--
+2.43.0
+
--
2.43.0
_______
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Success\n");
+
+- exit (EXIT_SUCCESS);
++ return 0;
+ }
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
tp://www.gnu.org/licenses/>.
+ */
+
+#include
+
+/*
+ * libtasn1 is provided under LGPL2.1+, which is compatible
+ * with GPL3+. As GRUB as a whole is under GPL3+, this module
+ * is therefore under GPL3+ also.
+ */
+GRUB_MOD_LICENSE ("GPLv3+");
--
2.43.0
___
tv[i].len; j++)
+- fprintf (stderr, "%.2x", tv[i].string[j]);
+-fprintf (stderr, "\n");
++ grub_printf ("%.2x", tv[i].string[j]);
++ grub_printf ("\n");
+ return 1;
+ }
+ free (tmp);
+diff --git a/grub-core/tests/asn1/tests/reproducers.c
b/grub-core/tests/asn1/tests/reproducers.c
+index fa3cea762..0e3c9fd65 100644
+--- a/grub-core/tests/asn1/tests/reproducers.c
b/grub-core/tests/asn1/tests/reproducers.c
+@@ -58,8 +58,7 @@ test_reproducers (void)
+ result = asn1_array2tree (endless_asn1_tab, &definitions, errorDescription);
+ if (result != ASN1_SUCCESS)
+ {
+- asn1_perror (result);
+- printf ("ErrorDescription = %s\n\n", errorDescription);
++ grub_printf ("Error: %s\nErrorDescription = %s\n\n", asn1_strerror
(result), errorDescription);
+ return 1;
+ }
+
+@@ -69,8 +68,7 @@ test_reproducers (void)
+ result = asn1_array2tree (tab, &definitions, errorDescription);
+ if (result != ASN1_SUCCESS)
+ {
+- asn1_perror (result);
+- printf ("ErrorDescription = %s\n\n", errorDescription);
++ grub_printf ("Error: %s\nErrorDescription = %s\n\n", asn1_strerror
(result), errorDescription);
+ return 1;
+ }
+
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
+-# include/* for FILE* */
++# include
++# include
+
+ # ifdef __cplusplus
+ extern "C"
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
@chapter Debugging
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
rub_err_t
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
PMS_AUTH_RESPONSE_t *authResponse);
+
+extern TPM_RC_t
+grub_tpm2_testparms (const TPMT_PUBLIC_PARMS_t *parms,
+const TPMS_AUTH_COMMAND_t
@kbd{--tpm2-srk} and @kbd{--tpm2-evict}.
+
+@example
+@group
+# @kbd{grub-protect --action=remove \
+ --protector=tpm2 \
+ --tpm2-srk 0x8100 \
+ --tpm2-evict}
+@end group
+@end example
+
+
@node Invoking grub-script-check
@section Invoking grub-script-check
--
2.43.0
key_cache[i].key);
+{
+ if (cargs->key_cache[i].key)
+ grub_memset (cargs->key_cache[i].key, 0, cargs->key_cache[i].key_len);
+ grub_free (cargs->key_cache[i].key);
+}
grub_free (cargs->key_cache);
}
--
2.43.0
____
94df68b6..59b461e7a 100644
--- a/include/grub/cryptodisk.h
+++ b/include/grub/cryptodisk.h
@@ -70,6 +70,18 @@ typedef gcry_err_code_t
(*grub_cryptodisk_rekey_func_t) (struct grub_cryptodisk *dev,
grub_uint64_t zoneno);
+struct grub_cryptomount_cached_key
+{
+ grub_uint8_t *key;
+ grub_size_t key_len;
+
+ /*
+ * The key protector associated with this cache entry failed, so avoid it
+ * even if the cached entry (an instance of this structure) is empty.
+ */
+ bool invalid;
+};
+
struct grub_cryptomount_args
{
/* scan: Flag to indicate that only bootable volumes should be decrypted */
@@ -81,6 +93,10 @@ struct grub_cryptomount_args
/* recover_key: Length of key_data */
grub_size_t key_len;
grub_file_t hdr_file;
+ /* recover_key: Names of the key protectors to use (NULL-terminated) */
+ char **protectors;
+ /* recover_key: Key cache to avoid invoking the same key protector twice */
+ struct grub_cryptomount_cached_key *key_cache;
};
typedef struct grub_cryptomount_args *grub_cryptomount_args_t;
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
);
+
+extern void
+grub_tpm2_buffer_unpack (grub_tpm2_buffer_t buffer, void *data, grub_size_t
size);
+
+extern void
+grub_tpm2_buffer_unpack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t *value);
+
+extern void
+grub_tpm2_buffer_unpack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t *value);
+
+extern void
olicy_t policy,
TPMI_SH_AUTH_SESSION_t s
case TPM_CC_PolicyPCR:
err = tpm2_protector_policypcr (session, &buf);
break;
+case TPM_CC_PolicyAuthorize:
+ err = tpm2_protector_policyauthorize (session, &buf);
+ break;
default:
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown TPM Command: 0x%x",
policy->cmd_code);
}
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
a/tests/asn1_test.in b/tests/asn1_test.in
new file mode 100644
index 0..8f18ee6bb
--- /dev/null
+++ b/tests/asn1_test.in
@@ -0,0 +1,11 @@
+#! @BUILD_SHEBANG@
+set -e
+
+. "@builddir@/grub-core/modinfo.sh"
+
+out=`echo functional_test asn1_test | @builddir@/grub-shell`
+
+if
6,7 @@ test_octet_string (void)
+ return 1;
+ }
+
+- if (str_size != tv[i].len || memcmp (tv[i].string, tmp, tv[i].len) != 0)
++ if (str_size != tv[i].len || grub_memcmp (tv[i].string, tmp, tv[i].len)
!= 0)
+ {
+ grub_printf ("%d: memcmp: %s: got invalid decoding\n", __LINE__,
tv[i].name);
+ grub_printf ("\nGot:\t\t");
+@@ -209,7 +209,7 @@ test_octet_string (void)
+ grub_printf ("\n");
+ return 1;
+ }
+- free (tmp);
++ grub_free (tmp);
+ tmp = NULL;
+
+ }
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
asn1_static_node tab[] = {
+ };
+
+ int
+-main (int argc, char *argv[])
++test_reproducers (void)
+ {
+ int result, verbose = 0;
+ asn1_node definitions = NULL;
+--
+2.43.0
+
--
2.43.0
_______
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
This commit adds the necessary TPM2 types and structs as the preparation
for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
functions are also added to handle the data structure to be submitted to
TPM2 commands and to be received from the response.
Cc: Stefan Berger
Signed-off-by:
open (const char *tpm_dev);
+grub_err_t grub_util_tpm_close (void);
+grub_size_t EXPORT_FUNC(grub_util_tpm_read) (void *output, grub_size_t size);
+grub_size_t EXPORT_FUNC(grub_util_tpm_write) (const void *input, grub_size_t
size);
+
#endif /* GRUB_EMU_MISC_H */
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
, N_("--tpm2-tpm2key can only be specified once.\n"));
+ return EINVAL;
+ }
+
+ args->tpm2_tpm2key = 1;
+ args->args |= PROTECT_ARG_TPM2_TPM2KEY;
+ break;
+
+default:
+ return ARGP_ERR_UNKNOWN;
+}
+
+ return 0;
+}
+
+static grub_err_t
+protect_args_verify (protect_args_t *args)
+{
+ if (args->action == PROTECT_ACTION_ERROR)
+{
+ fprintf (stderr, N_("--action is mandatory.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+}
+
+ /* At the moment, the only configurable key protector is the TPM2 one, so it
+ * is the only key protector supported by this tool. */
+ if (args->protector != PROTECT_TYPE_TPM2)
+{
+ fprintf (stderr, N_("--protector is mandatory and only 'tpm2' is
currently supported.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+}
+
+ switch (args->protector)
+{
+case PROTECT_TYPE_TPM2:
+ return protect_tpm2_args_verify (args);
+default:
+ return GRUB_ERR_BAD_ARGUMENT;
+}
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+protect_dispatch (protect_args_t *args)
+{
+ switch (args->protector)
+{
+case PROTECT_TYPE_TPM2:
+ return protect_tpm2_run (args);
+default:
+ return GRUB_ERR_BAD_ARGUMENT;
+}
+}
+
+static void
+protect_init (int *argc, char **argv[])
+{
+ grub_util_host_init (argc, argv);
+
+ grub_util_biosdisk_init (NULL);
+
+ grub_init_all ();
+
+ grub_lvm_fini ();
+ grub_mdraid09_fini ();
+ grub_mdraid1x_fini ();
+ grub_diskfilter_fini ();
+ grub_diskfilter_init ();
+ grub_mdraid09_init ();
+ grub_mdraid1x_init ();
+ grub_lvm_init ();
+}
+
+static void
+protect_fini (void)
+{
+ grub_fini_all ();
+ grub_util_biosdisk_fini ();
+}
+
+static struct argp protect_argp =
+{
+ .options = protect_options,
+ .parser = protect_argp_parser,
+ .args_doc= NULL,
+ .doc =
+N_("Protect a cleartext key using a GRUB key protector that can retrieve "
+ "the key during boot to unlock fully-encrypted disks automatically."),
+ .children= NULL,
+ .help_filter = NULL,
+ .argp_domain = NULL
+};
+
+int
+main (int argc, char *argv[])
+{
+ grub_err_t err;
+ protect_args_t args = {0};
+
+ if (argp_parse (&protect_argp, argc, argv, 0, 0, &args) != 0)
+{
+ fprintf (stderr, N_("Could not parse arguments.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+}
+
+ protect_init (&argc, &argv);
+
+ err = protect_args_verify (&args);
+ if (err != GRUB_ERR_NONE)
+goto exit;
+
+ err = protect_dispatch (&args);
+ if (err != GRUB_ERR_NONE)
+goto exit;
+
+ exit:
+ protect_fini ();
+
+ return err;
+}
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
+srktests+=("ECC transient no_fallback_srk")
+srktests+=("RSA persistent no_fallback_srk")
+srktests+=("ECC persistent no_fallback_srk")
+srktests+=("RSA transient fallback_srk")
+srktests+=("ECC transient fallback_srk")
+
+for i in "${!srktests[@]}"; do
+tpm2_seal_unseal ${srktests[$i]} || ret=$?
+if [ "${ret}" -eq 0 ]; then
+echo "TPM2 [${srktests[$i]}]: PASS"
+elif [ "${ret}" -eq 1 ]; then
+echo "TPM2 [${srktests[$i]}]: FAIL"
+else
+ echo "Unexpected failure [${srktests[$i]}]" >&2
+ exit ${ret}
+fi
+done
+
+# Testcase for NV index mode
+tpm2_seal_unseal_nv || ret=$?
+if [ "${ret}" -eq 0 ]; then
+echo "TPM2 [NV Index]: PASS"
+elif [ "${ret}" -eq 1 ]; then
+echo "TPM2 [NV Index]: FAIL"
+else
+echo "Unexpected failure [NV index]" >&2
+exit ${ret}
+fi
+
+exit 0
diff --git a/tests/util/grub-shell.in b/tests/util/grub-shell.in
index ae5f711fe..15c5f45a5 100644
--- a/tests/util/grub-shell.in
+++ b/tests/util/grub-shell.in
@@ -75,6 +75,7 @@ work_directory=${WORKDIR:-`mktemp -d
"${TMPDIR:-/tmp}/grub-shell.XX"`} |
. "${builddir}/grub-core/modinfo.sh"
qemuopts=
+emuopts=
serial_port=com0
serial_null=
halt_cmd=halt
@@ -376,6 +377,9 @@ for option in "$@"; do
--qemu-opts=*)
qs=`echo "$option" | sed -e 's/--qemu-opts=//'`
qemuopts="$qemuopts $qs" ;;
+--emu-opts=*)
+ qs=`echo "$option" | sed -e 's/--emu-opts=//'`
+ emuopts="$emuopts $qs" ;;
--disk=*)
dsk=`echo "$option" | sed -e 's/--disk=//'`
if [ ${grub_modinfo_platform} = emu ]; then
@@ -674,7 +678,7 @@ elif [ x$boot = xemu ]; then
cat >"$work_directory/run.sh" <"$work_directory/run.sh" <https://lists.gnu.org/mailman/listinfo/grub-devel
input string are
+ rejected. This problem was fixed in libtasn1 2.12. */
+--
+2.43.0
+
--
2.43.0
_______
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
ave a fresh start.
+ */
+ if (grub_errno != GRUB_ERR_NONE)
+ {
+ grub_print_error ();
+ grub_errno = GRUB_ERR_NONE;
+ }
+
askpass = 1;
cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
if (cargs->key_data == NULL)
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
tern ASN1_API const char *asn1_check_version (const char *req_version);
++# endif
+
+ __LIBTASN1_PURE__ extern ASN1_API const char *asn1_strerror (int error);
+
++# if 0 /* GRUB SKIPPED IMPORTING */
+ extern ASN1_API void asn1_perror (int error);
++# endif
+
+ # define ASN1_MAX_TAG_SIZE 4
+
-
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
On Wed, Oct 16, 2024 at 06:04:43PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:16PM +0800, Gary Lin via Grub-devel wrote:
> > From: Hernan Gatta
> >
> > To utilize the key protectors framework, there must be a way to protect
> > full-disk encryption k
On Wed, Oct 16, 2024 at 06:19:33PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:21PM +0800, Gary Lin via Grub-devel wrote:
> > When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
> > look like this:
> >
> > tpm2_key_protector_init --tp
On Wed, Oct 16, 2024 at 06:11:49PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:18PM +0800, Gary Lin via Grub-devel wrote:
> > From: Patrick Colp
> >
> > Currently with the TPM2 protector, only SRK mode is supported and
> > NV index support is just a s
On Thu, Oct 17, 2024 at 07:57:11PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:22PM +0800, Gary Lin via Grub-devel wrote:
> > As a preparation to test tpm2_key_protector with grub-emu, the new
> > option, --tpm-device, is introduced to specify the TPM device for
>
371,15 @@ main (int argc, char *argv[])
> >relative_grubdir = xstrdup ("/");
> > }
> >
> > + if (config.is_suse_btrfs_snapshot_enabled
> > + && grub_strncmp(grub_fs->name, "btrfs", sizeof ("btrfs") - 1) == 0)
> &
}
> >
> > +
> > +char *
> > +grub_util_get_btrfs_subvol (const char *path, char **mount_path)
> > +{
> > + char *mp = NULL;
> > +
> > + if (mount_path)
> > +*mount_path = NULL;
> > +
> > + auto void
> > + mount_p
On Thu, Oct 03, 2024 at 09:17:46PM GMT, Askar Safin wrote:
> On Thu, 03 Oct 2024 11:23:08 +0400 Michael Chang via Grub-devel wrote
> ---
> > A regression in grub 2.12 causes the grub screen to become cluttered
>
> I just tested. Your patch doesn't fix anything
On Thu, Oct 03, 2024 at 10:30:15AM GMT, ross.philip...@oracle.com wrote:
> On 10/3/24 12:23 AM, Michael Chang via Grub-devel wrote:
> > Previously, the buffer for LVM metadata parsing was set to twice the
> > size of the metadata area, which caused excessive memory use.
> >
&
sh:
- cmdpath=(hd0,1) - Either the image is booted from the first (raw)
partition, or the firmware failed to provide the path part.
- cmdpath=(hd0,1)/ - The image is booted from the root directory in the
first partition.
As a side note, the fix is similar to [1], but without the renaming
par
On Fri, Oct 18, 2024 at 07:48:24PM +0800, Michael Chang wrote:
> On Fri, Oct 18, 2024 at 08:08:28AM GMT, zhangqiumiao wrote:
> > > On Thu, Oct 03, 2024 at 03:23:15PM +0800, Michael Chang via Grub-devel
> > > wrote:
> > >> Similar to the fix in commit "c
put_size (grub_size_t *size)
> > +{
> > + if (size == NULL)
> > +return GRUB_ERR_BAD_ARGUMENT;
> > +
> > + *size = GRUB_TPM2_BUFFER_CAPACITY;
> > +
> > + return GRUB_ERR_NONE;
> > +}
> > +
> > +grub_err_t
> > +grub_tcg2_submit_command (grub_size_t input_size, grub_uint8_t *input,
> > + grub_size_t output_size, grub_uint8_t *output)
> > +{
> > + static const grub_size_t header_size = sizeof (grub_uint16_t) +
> > +(2 * sizeof(grub_uint32_t));
> > +
> > + if (write (protector_tpm2_fd, input, input_size) != input_size)
>
> Also here ...
>
> > +return GRUB_ERR_BAD_DEVICE;
> > +
> > + if (read (protector_tpm2_fd, output, output_size) < header_size)
>
> ... and here since the (single) caller does not print an error.
>
I'll add error messages for write()/read() here.
Thanks,
Gary Lin
> > +return GRUB_ERR_BAD_DEVICE;
> > +
> > + return GRUB_ERR_NONE;
> > +}
> > +
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
(stderr, N_("--tpm2-keyfile is invalid when --action is
> > 'remove'.\n"));
> > + return GRUB_ERR_BAD_ARGUMENT;
> > + }
> > +
> > + if (args->args & PROTECT_ARG_TPM2_OUTFILE)
> > + {
> > + fprintf (stderr, N_("--tpm2-outfile is invalid when --action is
> > 'remove'.\n"));
> > + return GRUB_ERR_BAD_ARGUMENT;
> > + }
> > +
> > + if (args->args & PROTECT_ARG_TPM2_PCRS)
> > + {
> > + fprintf (stderr, N_("--tpm2-pcrs is invalid when --action is
> > 'remove'.\n"));
> > + return GRUB_ERR_BAD_ARGUMENT;
> > + }
> > +
> > + if (args->tpm2_srk == 0)
> > + {
> > + fprintf (stderr, N_("--tpm2-srk is not specified when --action is
> > 'remove'.\n"));
> > + return GRUB_ERR_BAD_ARGUMENT;
> > + }
> > +
> > + if (args->tpm2_device == NULL)
> > + args->tpm2_device = "/dev/tpm0";
>
> ... I mean from here...
>
> > + break;
> > +
> > +default:
> > + fprintf (stderr, N_("The TPM2 key protector only supports the
> > following actions: add, remove.\n"));
> > + return GRUB_ERR_BAD_ARGUMENT;
> > +}
> > +
> > + return GRUB_ERR_NONE;
> > +}
>
> [...]
>
> > +static grub_err_t
> > +protect_args_verify (protect_args_t *args)
> > +{
> > + if (args->action == PROTECT_ACTION_ERROR)
> > +{
> > + fprintf (stderr, N_("--action is mandatory.\n"));
> > + return GRUB_ERR_BAD_ARGUMENT;
> > +}
> > +
> > + /* At the moment, the only configurable key protector is the TPM2 one,
> > so it
> > + * is the only key protector supported by this tool. */
>
> Wrong coding style for the comment...
>
Will fix it in the next version.
> > + if (args->protector != PROTECT_TYPE_TPM2)
> > +{
> > + fprintf (stderr, N_("--protector is mandatory and only 'tpm2' is
> > currently supported.\n"));
> > + return GRUB_ERR_BAD_ARGUMENT;
> > +}
> > +
> > + switch (args->protector)
> > +{
> > +case PROTECT_TYPE_TPM2:
> > + return protect_tpm2_args_verify (args);
> > +default:
> > + return GRUB_ERR_BAD_ARGUMENT;
> > +}
> > +
> > + return GRUB_ERR_NONE;
> > +}
>
> [...]
>
> > +int
> > +main (int argc, char *argv[])
> > +{
> > + grub_err_t err;
>
> s/grub_err_t/int/
>
> > + protect_args_t args = {0};
> > +
> > + if (argp_parse (&protect_argp, argc, argv, 0, 0, &args) != 0)
> > +{
> > + fprintf (stderr, N_("Could not parse arguments.\n"));
> > + return GRUB_ERR_BAD_ARGUMENT;
>
> You expose GRUB internals to the user space and mix types. There is no
> guarantee GRUB_ERR_BAD_ARGUMENT value will not change in the future.
> So, I think you should return EXIT_FAILURE here.
>
Will fix it in the next version.
> > +}
> > +
> > + protect_init (&argc, &argv);
> > +
> > + err = protect_args_verify (&args);
>
> Ditto... The EXIT_SUCCESS and EXIT_FAILURE are your friends...
>
> > + if (err != GRUB_ERR_NONE)
> > +goto exit;
> > +
> > + err = protect_dispatch (&args);
>
> Ditto...
>
> I did not check other patches but if you do the same thing elsewhere
> please fix it.
>
Will check other patches.
> > + if (err != GRUB_ERR_NONE)
> > +goto exit;
> > +
> > + exit:
> > + protect_fini ();
> > +
> > + return err;
I would like to handle 'err' like this:
if (err != GRUB_ERR_NONE)
return EXIT_FAILURE;
return EXIT_SUCCESS;
Gary Lin
> > +}
>
> Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
>tpm2_pcr_count = 1;
> > > + }
> > > +
> > > + if (args->srk_type.type == TPM_ALG_ERROR)
> > > + {
> > > + args->srk_type.type = TPM_ALG_ECC;
> > > + args->srk_type.detail.ecc_curve = TPM_ECC_NIST_P256;
> > > + }
>
sues mentioned by Stefan. If you do that
feel free to add Reviewed-by: Daniel Kiper .
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
"tpm2_args.h"
> > +
> > +grub_err_t
> > +grub_tpm2_protector_parse_pcrs (char *value, grub_uint8_t *pcrs,
> > + grub_uint8_t *pcr_count)
> > +{
> > + char *current_pcr = value;
> > + char *next_pcr;
> > + const char *pcr_end;
> > + grub_uint64_t pcr;
> > + grub_uint8_t i;
> > +
> > + if (grub_strlen (value) == 0)
> > +return GRUB_ERR_BAD_ARGUMENT;
> > +
> > + *pcr_count = 0;
> > + for (i = 0; i < TPM_MAX_PCRS; i++)
> > +{
> > + next_pcr = grub_strchr (current_pcr, ',');
> > + if (next_pcr == current_pcr)
> > + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("empty entry in PCR
> > list"));
> > + if (next_pcr != NULL)
> > + *next_pcr = '\0';
> > +
> > + pcr = grub_strtoul (current_pcr, &pcr_end, 10);
> > + if (*current_pcr == '\0' || *pcr_end != '\0')
> > + return grub_error (GRUB_ERR_BAD_NUMBER, N_("entry '%s' in PCR list is
> > not a number"), current_pcr);
> > +
> > + if (pcr > TPM_MAX_PCRS)
> > + return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("entry %llu in PCR list is
> > too large to be a PCR number, PCR numbers range from 0 to %u"), (unsigned
> > long long)pcr, TPM_MAX_PCRS);
>
> This should be TPM_MAX_PCRS - 1.
I'll fix it in the next verion.
Thanks,
Gary Lin
> I just saw you defined TPM_MAX_PCRS to be 32. This should be 24, at least
> for any TPM 2 that I know of.
>
> ./grub-core/lib/tss2/tss2_types.h:#define TPM_MAX_PCRS32
>
> With this fix: Reviewed-by: Stefan Berger
>
>
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
size == NULL)
> > +return GRUB_ERR_BAD_ARGUMENT;
> > +
> > + *size = GRUB_TPM2_BUFFER_CAPACITY;
> > +
> > + return GRUB_ERR_NONE;
> > +}
> > +
> > +grub_err_t
> > +grub_tcg2_submit_command (grub_size_t input_size, grub_uint8_t *input,
>
On Tue, Nov 05, 2024 at 10:58:47AM +0800, Gary Lin wrote:
> On Mon, Nov 04, 2024 at 01:20:45PM -0500, Stefan Berger wrote:
> >
> >
> > On 11/4/24 2:31 AM, Gary Lin via Grub-devel wrote:
> > > This commit adds the necessary TPM2 types and structs as the preparati
ified once.\n"));
> + return EINVAL;
> + }
> +
> + if (grub_strcmp (arg, "add") == 0)
> + args->action = PROTECT_ACTION_ADD;
> + else if (grub_strcmp (arg, "remove") == 0)
> + args->action = PROTECT_ACTION_REMOVE;
> + else
> + {
> + fprintf (stderr, N_("'%s' is not a valid action.\n"), arg);
> + return EINVAL;
> + }
> +
> + args->args |= PROTECT_ARG_ACTION;
> + break;
> +
> +case PROTECT_OPT_PROTECTOR:
> + if (args->args & PROTECT_ARG_PROTECTOR)
> + {
> + fprintf (stderr, N_("--protector|-p can only be specified once.\n"));
> + return EINVAL;
> + }
> +
> + if (grub_strcmp (arg, "tpm2") == 0)
> + args->protector = PROTECT_TYPE_TPM2;
> + else
> + {
> + fprintf (stderr, N_("'%s' is not a valid protector.\n"), arg);
> + return EINVAL;
> + }
> +
> + args->args |= PROTECT_ARG_PROTECTOR;
> + break;
> +
> +case PROTECT_OPT_TPM2_DEVICE:
> + if (args->args & PROTECT_ARG_TPM2_DEVICE)
> + {
> + fprintf (stderr, N_("--tpm2-device can only be specified once.\n"));
> + return EINVAL;
> + }
> +
> + args->tpm2_device = xstrdup(arg);
Missing space before "(". Please fix this here and in other places too.
If you fix these minor issues and problems mentioned by Stefan you can
add Reviewed-by: Daniel Kiper .
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
olicy_t policy,
TPMI_SH_AUTH_SESSION_t s
case TPM_CC_PolicyPCR:
err = tpm2_protector_policypcr (session, &buf);
break;
+case TPM_CC_PolicyAuthorize:
+ err = tpm2_protector_policyauthorize (session, &buf);
+ break;
default:
return grub_error (GRUB_ERR_BAD_ARGUMENT, "unknown TPM Command: 0x%x",
policy->cmd_code);
}
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
@chapter Debugging
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
This commit adds the necessary TPM2 types and structs as the preparation
for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal
functions are also added to handle the data structure to be submitted to
TPM2 commands and to be received from the response.
Cc: Stefan Berger
Signed-off-by:
grub_uint8_t **key,
+ grub_size_t *key_size);
+
+#endif /* ! GRUB_PROTECTOR_HEADER */
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
+srktests+=("ECC transient no_fallback_srk")
+srktests+=("RSA persistent no_fallback_srk")
+srktests+=("ECC persistent no_fallback_srk")
+srktests+=("RSA transient fallback_srk")
+srktests+=("ECC transient fallback_srk")
+
+for i in "${!srktests[@]}"; do
+tpm2_seal_unseal ${srktests[$i]} || ret=$?
+if [ "${ret}" -eq 0 ]; then
+echo "TPM2 [${srktests[$i]}]: PASS"
+elif [ "${ret}" -eq 1 ]; then
+echo "TPM2 [${srktests[$i]}]: FAIL"
+else
+ echo "Unexpected failure [${srktests[$i]}]" >&2
+ exit ${ret}
+fi
+done
+
+# Testcase for NV index mode
+tpm2_seal_unseal_nv || ret=$?
+if [ "${ret}" -eq 0 ]; then
+echo "TPM2 [NV Index]: PASS"
+elif [ "${ret}" -eq 1 ]; then
+echo "TPM2 [NV Index]: FAIL"
+else
+echo "Unexpected failure [NV index]" >&2
+exit ${ret}
+fi
+
+exit 0
diff --git a/tests/util/grub-shell.in b/tests/util/grub-shell.in
index ae5f711fe..15c5f45a5 100644
--- a/tests/util/grub-shell.in
+++ b/tests/util/grub-shell.in
@@ -75,6 +75,7 @@ work_directory=${WORKDIR:-`mktemp -d
"${TMPDIR:-/tmp}/grub-shell.XX"`} |
. "${builddir}/grub-core/modinfo.sh"
qemuopts=
+emuopts=
serial_port=com0
serial_null=
halt_cmd=halt
@@ -376,6 +377,9 @@ for option in "$@"; do
--qemu-opts=*)
qs=`echo "$option" | sed -e 's/--qemu-opts=//'`
qemuopts="$qemuopts $qs" ;;
+--emu-opts=*)
+ qs=`echo "$option" | sed -e 's/--emu-opts=//'`
+ emuopts="$emuopts $qs" ;;
--disk=*)
dsk=`echo "$option" | sed -e 's/--disk=//'`
if [ ${grub_modinfo_platform} = emu ]; then
@@ -674,7 +678,7 @@ elif [ x$boot = xemu ]; then
cat >"$work_directory/run.sh" <"$work_directory/run.sh" <https://lists.gnu.org/mailman/listinfo/grub-devel
;args |= PROTECT_ARG_TPM2_EVICT;
+ break;
+
+case PROTECT_OPT_TPM2_TPM2KEY:
+ if (args->args & PROTECT_ARG_TPM2_TPM2KEY)
+ {
+ fprintf (stderr, N_("--tpm2-tpm2key can only be specified once.\n"));
+ return EINVAL;
+ }
+
+ args->tpm2_tpm2key = 1;
+ args->args |= PROTECT_ARG_TPM2_TPM2KEY;
+ break;
+
+default:
+ return ARGP_ERR_UNKNOWN;
+}
+
+ return 0;
+}
+
+static grub_err_t
+protect_args_verify (protect_args_t *args)
+{
+ if (args->action == PROTECT_ACTION_ERROR)
+{
+ fprintf (stderr, N_("--action is mandatory.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+}
+
+ /*
+ * At the moment, the only configurable key protector is the TPM2 one, so it
+ * is the only key protector supported by this tool.
+ */
+ if (args->protector != PROTECT_TYPE_TPM2)
+{
+ fprintf (stderr, N_("--protector is mandatory and only 'tpm2' is
currently supported.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+}
+
+ switch (args->protector)
+{
+case PROTECT_TYPE_TPM2:
+ return protect_tpm2_args_verify (args);
+default:
+ return GRUB_ERR_BAD_ARGUMENT;
+}
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
+protect_dispatch (protect_args_t *args)
+{
+ switch (args->protector)
+{
+case PROTECT_TYPE_TPM2:
+ return protect_tpm2_run (args);
+default:
+ return GRUB_ERR_BAD_ARGUMENT;
+}
+}
+
+static void
+protect_init (int *argc, char **argv[])
+{
+ grub_util_host_init (argc, argv);
+
+ grub_util_biosdisk_init (NULL);
+
+ grub_init_all ();
+
+ grub_lvm_fini ();
+ grub_mdraid09_fini ();
+ grub_mdraid1x_fini ();
+ grub_diskfilter_fini ();
+ grub_diskfilter_init ();
+ grub_mdraid09_init ();
+ grub_mdraid1x_init ();
+ grub_lvm_init ();
+}
+
+static void
+protect_fini (void)
+{
+ grub_fini_all ();
+ grub_util_biosdisk_fini ();
+}
+
+static struct argp protect_argp =
+{
+ .options = protect_options,
+ .parser = protect_argp_parser,
+ .args_doc= NULL,
+ .doc =
+N_("Protect a cleartext key using a GRUB key protector that can retrieve "
+ "the key during boot to unlock fully-encrypted disks automatically."),
+ .children= NULL,
+ .help_filter = NULL,
+ .argp_domain = NULL
+};
+
+int
+main (int argc, char *argv[])
+{
+ grub_err_t err;
+ protect_args_t args = {0};
+
+ if (argp_parse (&protect_argp, argc, argv, 0, 0, &args) != 0)
+{
+ fprintf (stderr, N_("Could not parse arguments.\n"));
+ return EXIT_FAILURE;
+}
+
+ protect_init (&argc, &argv);
+
+ err = protect_args_verify (&args);
+ if (err != GRUB_ERR_NONE)
+goto exit;
+
+ err = protect_dispatch (&args);
+
+ exit:
+ protect_fini ();
+
+ if (err != GRUB_ERR_NONE)
+return EXIT_FAILURE;
+
+ return EXIT_SUCCESS;
+}
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
signed int tag_value,
+ temp[k++] = tag_value & 0x7F;
+ tag_value >>= 7;
+
+-if (k > ASN1_MAX_TAG_SIZE - 1)
++if (k >= ASN1_MAX_TAG_SIZE - 1)
+ break; /* will not encode larger tags */
+ }
+ *ans_len = k + 1;
+--
+2.43
p/sys/types.h
@@ -50,6 +50,7 @@ typedef grub_uint8_t byte;
typedef grub_addr_t uintptr_t;
#define SIZEOF_UNSIGNED_LONG GRUB_CPU_SIZEOF_LONG
+#define SIZEOF_UNSIGNED_LONG_INT GRUB_CPU_SIZEOF_LONG
#define SIZEOF_UNSIGNED_INT 4
#define SIZEOF_UNSIGNED_LONG_LONG 8
#define SIZEOF_UNSIGNED_SHORT 2
asn1_static_node tab[] = {
+ };
+
+ int
+-main (int argc, char *argv[])
++test_reproducers (void)
+ {
+ int result, verbose = 0;
+ asn1_node definitions = NULL;
+--
+2.43.0
+
--
2.43.0
_______
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
(dest_tot_size - dest_size > str_size)
+ {
+- strcat (dest, src);
++ strcpy (dest + dest_size, src);
+ }
+ else
+ {
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/g
6,7 @@ test_octet_string (void)
+ return 1;
+ }
+
+- if (str_size != tv[i].len || memcmp (tv[i].string, tmp, tv[i].len) != 0)
++ if (str_size != tv[i].len || grub_memcmp (tv[i].string, tmp, tv[i].len)
!= 0)
+ {
+ grub_printf ("%d: memcmp: %s: got invalid decoding\n", __LINE__,
tv[i].name);
+ grub_printf ("\nGot:\t\t");
+@@ -209,7 +209,7 @@ test_octet_string (void)
+ grub_printf ("\n");
+ return 1;
+ }
+- free (tmp);
++ grub_free (tmp);
+ tmp = NULL;
+
+ }
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
(1U<<29)
+
+ /* produces endless loop (fixed by d4b624b2):
+ * The following translates into a single node with all pointers
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
tern ASN1_API const char *asn1_check_version (const char *req_version);
++# endif
+
+ __LIBTASN1_PURE__ extern ASN1_API const char *asn1_strerror (int error);
+
++# if 0 /* GRUB SKIPPED IMPORTING */
+ extern ASN1_API void asn1_perror (int error);
++# endif
+
+ # define ASN1_MAX_TAG_SIZE 4
+
} and @kbd{--tpm2-evict}.
+
+@example
+@group
+# @kbd{grub-protect --action=remove \
+ --protector=tpm2 \
+ --tpm2-srk 0x8100 \
+ --tpm2-evict}
+@end group
+@end example
+
+
@node Invoking grub-script-check
@section Invoking grub-script-check
--
2.43.0
___
);
+
+extern void
+grub_tpm2_buffer_unpack (grub_tpm2_buffer_t buffer, void *data, grub_size_t
size);
+
+extern void
+grub_tpm2_buffer_unpack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t *value);
+
+extern void
+grub_tpm2_buffer_unpack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t *value);
+
+extern void
rub_err_t
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
PMS_AUTH_RESPONSE_t *authResponse);
+
+extern TPM_RC_t
+grub_tpm2_testparms (const TPMT_PUBLIC_PARMS_t *parms,
+const TPMS_AUTH_COMMAND_t
INT == 8
+ # define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b)
+--
+2.43.0
+
--
2.43.0
_______
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
-
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
key_cache[i].key);
+{
+ if (cargs->key_cache[i].key)
+ grub_memset (cargs->key_cache[i].key, 0, cargs->key_cache[i].key_len);
+ grub_free (cargs->key_cache[i].key);
+}
grub_free (cargs->key_cache);
}
--
2.43.0
____
--- a/include/grub/emu/misc.h
+++ b/include/grub/emu/misc.h
@@ -75,4 +75,9 @@ grub_util_fopen (const char *path, const char *mode);
int grub_util_file_sync (FILE *f);
+grub_err_t grub_util_tpm_open (const char *tpm_dev);
+grub_err_t grub_util_tpm_close (void);
+grub_size_t EXPORT_FUNC(grub_util_tpm_read)
tp://www.gnu.org/licenses/>.
+ */
+
+#include
+
+/*
+ * libtasn1 is provided under LGPL2.1+, which is compatible
+ * with GPL3+. As GRUB as a whole is under GPL3+, this module
+ * is therefore under GPL3+ also.
+ */
+GRUB_MOD_LICENSE ("GPLv3+");
--
2.43.0
___
asn1_tab, &definitions, errorDescription);
+ if (result != ASN1_SUCCESS)
+ {
+@@ -79,8 +76,5 @@ test_reproducers (void)
+
+ asn1_delete_structure (&definitions);
+
+- if (verbose)
+-printf ("Success\n");
+-
+ return 0;
+ }
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
+-# include/* for FILE* */
++# include
++# include
+
+ # ifdef __cplusplus
+ extern "C"
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
94df68b6..59b461e7a 100644
--- a/include/grub/cryptodisk.h
+++ b/include/grub/cryptodisk.h
@@ -70,6 +70,18 @@ typedef gcry_err_code_t
(*grub_cryptodisk_rekey_func_t) (struct grub_cryptodisk *dev,
grub_uint64_t zoneno);
+struct grub_cryptomount_cached_key
+{
+ grub_uint8_t *key;
+ grub_size_t key_len;
+
+ /*
+ * The key protector associated with this cache entry failed, so avoid it
+ * even if the cached entry (an instance of this structure) is empty.
+ */
+ bool invalid;
+};
+
struct grub_cryptomount_args
{
/* scan: Flag to indicate that only bootable volumes should be decrypted */
@@ -81,6 +93,10 @@ struct grub_cryptomount_args
/* recover_key: Length of key_data */
grub_size_t key_len;
grub_file_t hdr_file;
+ /* recover_key: Names of the key protectors to use (NULL-terminated) */
+ char **protectors;
+ /* recover_key: Key cache to avoid invoking the same key protector twice */
+ struct grub_cryptomount_cached_key *key_cache;
};
typedef struct grub_cryptomount_args *grub_cryptomount_args_t;
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Success\n");
+
+- exit (EXIT_SUCCESS);
++ return 0;
+ }
+--
+2.43.0
+
--
2.43.0
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
1001 - 1100 of 1985 matches
Mail list logo
