[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v14 19/20] tpm2: Enable tpm2 module for grub-emu
From: |
Gary Lin |
Subject: |
[PATCH v14 19/20] tpm2: Enable tpm2 module for grub-emu |
Date: |
Fri, 3 May 2024 14:48:55 +0800 |
As a preparation to test TPM 2.0 TSS stack with grub-emu, the new
option, --tpm-device, is introduced to specify the TPM device for
grub-emu so that grub-emu can share the emulated TPM device with
the host.
Since grub-emu can directly access the device node on host, it's easy to
implement the essential TCG2 command submission function with the
read/write functions and enable tpm2 module for grub-emu, so that we can
further test TPM key unsealing with grub-emu.
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
---
grub-core/Makefile.core.def | 2 ++
grub-core/kern/emu/main.c | 11 +++++++-
grub-core/kern/emu/misc.c | 51 ++++++++++++++++++++++++++++++++++++
grub-core/tpm2/tcg2-emu.c | 52 +++++++++++++++++++++++++++++++++++++
include/grub/emu/misc.h | 5 ++++
5 files changed, 120 insertions(+), 1 deletion(-)
create mode 100644 grub-core/tpm2/tcg2-emu.c
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 85aaadf68..b2456a07e 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -2571,7 +2571,9 @@ module = {
common = tpm2/tpm2key.c;
common = tpm2/tpm2key_asn1_tab.c;
efi = tpm2/tcg2.c;
+ emu = tpm2/tcg2-emu.c;
enable = efi;
+ enable = emu;
};
module = {
diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c
index 855b11c3d..c10838613 100644
--- a/grub-core/kern/emu/main.c
+++ b/grub-core/kern/emu/main.c
@@ -55,7 +55,7 @@
static jmp_buf main_env;
/* Store the prefix specified by an argument. */
-static char *root_dev = NULL, *dir = NULL;
+static char *root_dev = NULL, *dir = NULL, *tpm_dev = NULL;
grub_addr_t grub_modbase = 0;
@@ -108,6 +108,7 @@ static struct argp_option options[] = {
{"verbose", 'v', 0, 0, N_("print verbose messages."), 0},
{"hold", 'H', N_("SECS"), OPTION_ARG_OPTIONAL, N_("wait until a
debugger will attach"), 0},
{"kexec", 'X', 0, 0, N_("use kexec to boot Linux kernels via
systemctl (pass twice to enable dangerous fallback to non-systemctl)."), 0},
+ {"tpm-device", 't', N_("DEV"), 0, N_("Set TPM device."), 0},
{ 0, 0, 0, 0, 0, 0 }
};
@@ -168,6 +169,10 @@ argp_parser (int key, char *arg, struct argp_state *state)
case 'X':
grub_util_set_kexecute ();
break;
+ case 't':
+ free (tpm_dev);
+ tpm_dev = xstrdup (arg);
+ break;
case ARGP_KEY_ARG:
{
@@ -276,6 +281,9 @@ main (int argc, char *argv[])
dir = xstrdup (dir);
+ if (tpm_dev)
+ grub_util_tpm_open (tpm_dev);
+
/* Start GRUB! */
if (setjmp (main_env) == 0)
grub_main ();
@@ -283,6 +291,7 @@ main (int argc, char *argv[])
grub_fini_all ();
grub_hostfs_fini ();
grub_host_fini ();
+ grub_util_tpm_close ();
grub_machine_fini (GRUB_LOADER_FLAG_NORETURN);
diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
index 521220b49..1db24fde7 100644
--- a/grub-core/kern/emu/misc.c
+++ b/grub-core/kern/emu/misc.c
@@ -28,6 +28,8 @@
#include <string.h>
#include <sys/time.h>
#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
#include <grub/mm.h>
#include <grub/err.h>
@@ -41,6 +43,8 @@
int verbosity;
int kexecute;
+static int grub_util_tpm_fd = -1;
+
void
grub_util_warn (const char *fmt, ...)
{
@@ -230,3 +234,50 @@ grub_util_get_kexecute (void)
{
return kexecute;
}
+
+grub_err_t
+grub_util_tpm_open (const char *tpm_dev)
+{
+ if (grub_util_tpm_fd != -1)
+ return GRUB_ERR_NONE;
+
+ grub_util_tpm_fd = open (tpm_dev, O_RDWR);
+ if (grub_util_tpm_fd == -1)
+ grub_util_error (_("cannot open TPM device '%s': %s"), tpm_dev, strerror
(errno));
+
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
+grub_util_tpm_close (void)
+{
+ int err;
+
+ if (grub_util_tpm_fd == -1)
+ return GRUB_ERR_NONE;
+
+ err = close (grub_util_tpm_fd);
+ if (err != GRUB_ERR_NONE)
+ grub_util_error (_("cannot close TPM device: %s"), strerror (errno));
+
+ grub_util_tpm_fd = -1;
+ return GRUB_ERR_NONE;
+}
+
+grub_size_t
+grub_util_tpm_read (void *output, grub_size_t size)
+{
+ if (grub_util_tpm_fd == -1)
+ return -1;
+
+ return read (grub_util_tpm_fd, output, size);
+}
+
+grub_size_t
+grub_util_tpm_write (const void *input, grub_size_t size)
+{
+ if (grub_util_tpm_fd == -1)
+ return -1;
+
+ return write (grub_util_tpm_fd, input, size);
+}
diff --git a/grub-core/tpm2/tcg2-emu.c b/grub-core/tpm2/tcg2-emu.c
new file mode 100644
index 000000000..0d7b8b16e
--- /dev/null
+++ b/grub-core/tpm2/tcg2-emu.c
@@ -0,0 +1,52 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2024 SUSE LLC
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/efi/api.h>
+#include <grub/efi/efi.h>
+#include <grub/efi/tpm.h>
+#include <grub/mm.h>
+#include <grub/tpm2/buffer.h>
+#include <grub/tpm2/tcg2.h>
+#include <grub/emu/misc.h>
+
+grub_err_t
+grub_tcg2_get_max_output_size (grub_size_t *size)
+{
+ if (size == NULL)
+ return GRUB_ERR_BAD_ARGUMENT;
+
+ *size = GRUB_TPM2_BUFFER_CAPACITY;
+
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
+grub_tcg2_submit_command (grub_size_t input_size, grub_uint8_t *input,
+ grub_size_t output_size, grub_uint8_t *output)
+{
+ static const grub_size_t header_size = sizeof (grub_uint16_t) +
+ (2 * sizeof(grub_uint32_t));
+
+ if (grub_util_tpm_write (input, input_size) != input_size)
+ return GRUB_ERR_BAD_DEVICE;
+
+ if (grub_util_tpm_read (output, output_size) < header_size)
+ return GRUB_ERR_BAD_DEVICE;
+
+ return GRUB_ERR_NONE;
+}
diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
index 01056954b..1ab8152be 100644
--- a/include/grub/emu/misc.h
+++ b/include/grub/emu/misc.h
@@ -75,4 +75,9 @@ grub_util_fopen (const char *path, const char *mode);
int grub_util_file_sync (FILE *f);
+grub_err_t grub_util_tpm_open (const char *tpm_dev);
+grub_err_t grub_util_tpm_close (void);
+grub_size_t EXPORT_FUNC(grub_util_tpm_read) (void *output, grub_size_t size);
+grub_size_t EXPORT_FUNC(grub_util_tpm_write) (const void *input, grub_size_t
size);
+
#endif /* GRUB_EMU_MISC_H */
--
2.35.3
- [PATCH v14 08/20] libtasn1: Add the documentation, (continued)
- [PATCH v14 08/20] libtasn1: Add the documentation, Gary Lin, 2024/05/03
- [PATCH v14 11/20] key_protector: Add TPM2 Key Protector, Gary Lin, 2024/05/03
- [PATCH v14 14/20] tpm2: Support authorized policy, Gary Lin, 2024/05/03
- [PATCH v14 13/20] util/grub-protect: Add new tool, Gary Lin, 2024/05/03
- [PATCH v14 16/20] cryptodisk: Fallback to passphrase, Gary Lin, 2024/05/03
- [PATCH v14 18/20] diskfilter: look up cryptodisk devices first, Gary Lin, 2024/05/03
- [PATCH v14 09/20] key_protector: Add key protectors framework, Gary Lin, 2024/05/03
- [PATCH v14 10/20] tpm2: Add TPM Software Stack (TSS), Gary Lin, 2024/05/03
- [PATCH v14 15/20] tpm2: Implement NV index, Gary Lin, 2024/05/03
- [PATCH v14 12/20] cryptodisk: Support key protectors, Gary Lin, 2024/05/03
- [PATCH v14 19/20] tpm2: Enable tpm2 module for grub-emu,
Gary Lin <=
- [PATCH v14 20/20] tests: Add tpm2_test, Gary Lin, 2024/05/03