[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v17 11/20] key_protector: Add TPM2 Key Protector
From: |
Daniel Kiper |
Subject: |
Re: [PATCH v17 11/20] key_protector: Add TPM2 Key Protector |
Date: |
Wed, 19 Jun 2024 18:34:13 +0200 |
On Fri, Jun 14, 2024 at 02:45:44PM +0800, Gary Lin wrote:
> From: Hernan Gatta <hegatta@linux.microsoft.com>
>
> The TPM2 key protector is a module that enables the automatic retrieval
> of a fully-encrypted disk's unlocking key from a TPM 2.0.
>
> The theory of operation is such that the module accepts various
> arguments, most of which are optional and therefore possess reasonable
> defaults. One of these arguments is the keyfile/tpm2key parameter, which
> is mandatory. There are two supported key formats:
>
> 1. Raw Sealed Key (--keyfile)
> When sealing a key with TPM2_Create, the public portion of the sealed
> key is stored in TPM2B_PUBLIC, and the private portion is in
> TPM2B_PRIVATE. The raw sealed key glues the fully marshalled
> TPM2B_PUBLIC and TPM2B_PRIVATE into one file.
>
> 2. TPM 2.0 Key (--tpm2key)
> The following is the ASN.1 definition of TPM 2.0 Key File:
>
> TPMPolicy ::= SEQUENCE {
> CommandCode [0] EXPLICIT INTEGER
> CommandPolicy [1] EXPLICIT OCTET STRING
> }
>
> TPMAuthPolicy ::= SEQUENCE {
> Name [0] EXPLICIT UTF8STRING OPTIONAL
> Policy [1] EXPLICIT SEQUENCE OF TPMPolicy
> }
>
> TPMKey ::= SEQUENCE {
> type OBJECT IDENTIFIER
> emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL
> policy [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL
> secret [2] EXPLICIT OCTET STRING OPTIONAL
> authPolicy [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL
> description [4] EXPLICIT UTF8String OPTIONAL,
> rsaParent [5] EXPLICIT BOOLEAN OPTIONAL,
> parent INTEGER
> pubkey OCTET STRING
> privkey OCTET STRING
> }
>
> The TPM2 key protector only expects a "sealed" key in DER encoding,
> so 'type' is always 2.23.133.10.1.5, 'emptyAuth' is 'TRUE', and
> 'secret' is empty. 'policy' and 'authPolicy' are the possible policy
> command sequences to construst the policy digest to unseal the key.
> Similar to the raw sealed key, the public portion (TPM2B_PUBLIC) of
> the sealed key is stored in 'pubkey', and the private portion
> (TPM2B_PRIVATE) is in 'privkey'.
>
> For more details:
> https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
>
> This sealed key file is created via the grub-protect tool. The tool
> utilizes the TPM's sealing functionality to seal (i.e., encrypt) an
> unlocking key using a Storage Root Key (SRK) to the values of various
> Platform Configuration Registers (PCRs). These PCRs reflect the state
> of the system as it boots. If the values are as expected, the system
> may be considered trustworthy, at which point the TPM allows for a
> caller to utilize the private component of the SRK to unseal (i.e.,
> decrypt) the sealed key file. The caller, in this case, is this key
> protector.
>
> The TPM2 key protector registers two commands:
>
> - tpm2_key_protector_init: Initializes the state of the TPM2 key
> protector for later usage, clearing any
> previous state, too, if any.
>
> - tpm2_key_protector_clear: Clears any state set by tpm2_key_protector_init.
>
> The way this is expected to be used requires the user to, either
> interactively or, normally, via a boot script, initialize/configure
> the key protector and then specify that it be used by the 'cryptomount'
> command (modifications to this command are in a different patch).
>
> For instance, to unseal the raw sealed key file:
>
> tpm2_key_protector_init --keyfile=(hd0,gpt1)/efi/grub2/sealed-1.key
> cryptomount -u <PART1_UUID> -P tpm2
>
> tpm2_key_protector_init --keyfile=(hd0,gpt1)/efi/grub2/sealed-2.key
> --pcrs=7,11
> cryptomount -u <PART2_UUID> -P tpm2
>
> Or, to unseal the TPM 2.0 Key file:
>
> tpm2_key_protector_init --tpm2key=(hd0,gpt1)/efi/grub2/sealed-1.tpm
> cryptomount -u <PART1_UUID> -P tpm2
>
> tpm2_key_protector_init --tpm2key=(hd0,gpt1)/efi/grub2/sealed-2.tpm
> --pcrs=7,11
> cryptomount -u <PART2_UUID> -P tpm2
>
> If a user does not initialize the key protector and attempts to use it
> anyway, the protector returns an error.
>
> Before unsealing the key, the TPM2 key protector follows the "TPMPolicy"
> sequences to enforce the TPM policy commands to construct a valid policy
> digest to unseal the key.
>
> For the TPM 2.0 Key files, 'authPolicy' may contain multiple "TPMPolicy"
> sequences, the TPM2 key protector iterates 'authPolicy' to find a valid
> sequence to unseal key. If 'authPolicy' is empty or all sequences in
> 'authPolicy' fail, the protector tries the one from 'policy'. In case
> 'policy' is also empty, the protector creates a "TPMPolicy" sequence
> based on the given PCR selection.
>
> For the raw sealed key, the TPM2 key protector treats the key file as a
> TPM 2.0 Key file without 'authPolicy' and 'policy', so the "TPMPolicy"
> sequence is always based on the PCR selection from the command
> parameters.
>
> This commit only supports one policy command: TPM2_PolicyPCR. The
> command set will be extended to support advanced features, such as
> authorized policy, in the later commits.
>
> Cc: Stefan Berger <stefanb@linux.ibm.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
> Signed-off-by: Gary Lin <glin@suse.com>
> ---
> grub-core/Makefile.core.def | 14 +
> grub-core/tpm2/args.c | 140 ++++
> grub-core/tpm2/module.c | 1225 +++++++++++++++++++++++++++++
> grub-core/tpm2/tpm2key.asn | 33 +
> grub-core/tpm2/tpm2key.c | 475 +++++++++++
> grub-core/tpm2/tpm2key_asn1_tab.c | 45 ++
> include/grub/tpm2/internal/args.h | 49 ++
> include/grub/tpm2/tpm2key.h | 86 ++
> 8 files changed, 2067 insertions(+)
> create mode 100644 grub-core/tpm2/args.c
> create mode 100644 grub-core/tpm2/module.c
> create mode 100644 grub-core/tpm2/tpm2key.asn
> create mode 100644 grub-core/tpm2/tpm2key.c
> create mode 100644 grub-core/tpm2/tpm2key_asn1_tab.c
> create mode 100644 include/grub/tpm2/internal/args.h
> create mode 100644 include/grub/tpm2/tpm2key.h
>
> diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
> index 457eb2e41..4adfbd175 100644
> --- a/grub-core/Makefile.core.def
> +++ b/grub-core/Makefile.core.def
> @@ -2566,6 +2566,20 @@ module = {
> enable = efi;
> };
>
> +module = {
> + name = tpm2;
> + common = tpm2/args.c;
> + common = tpm2/buffer.c;
> + common = tpm2/module.c;
> + common = tpm2/mu.c;
> + common = tpm2/tpm2.c;
> + common = tpm2/tpm2key.c;
> + common = tpm2/tpm2key_asn1_tab.c;
> + efi = tpm2/tcg2.c;
> + enable = efi;
> + cppflags = '-I$(srcdir)/lib/libtasn1-grub';
> +};
> +
I think the TPM2 key protector should be in separate GRUB module,
i.e. not integrated with tss2 and tpm2 modules.
> module = {
> name = tr;
> common = commands/tr.c;
> diff --git a/grub-core/tpm2/args.c b/grub-core/tpm2/args.c
> new file mode 100644
> index 000000000..c11280ab9
> --- /dev/null
> +++ b/grub-core/tpm2/args.c
> @@ -0,0 +1,140 @@
> +/*
> + * GRUB -- GRand Unified Bootloader
> + * Copyright (C) 2022 Microsoft Corporation
> + *
> + * GRUB is free software: you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation, either version 3 of the License, or
> + * (at your option) any later version.
> + *
> + * GRUB is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <grub/err.h>
> +#include <grub/mm.h>
> +#include <grub/misc.h>
> +#include <grub/tpm2/internal/args.h>
> +
> +grub_err_t
> +grub_tpm2_protector_parse_pcrs (char *value, grub_uint8_t *pcrs,
> + grub_uint8_t *pcr_count)
> +{
> + char *current_pcr = value;
> + char *next_pcr;
> + unsigned long pcr;
> + grub_uint8_t i;
> +
> + if (grub_strlen (value) == 0)
> + return GRUB_ERR_BAD_ARGUMENT;
> +
> + *pcr_count = 0;
> + for (i = 0; i < TPM_MAX_PCRS; i++)
> + {
> + next_pcr = grub_strchr (current_pcr, ',');
> + if (next_pcr == current_pcr)
> + return grub_error (GRUB_ERR_BAD_ARGUMENT,
> + N_("Empty entry in PCR list"));
> + if (next_pcr)
> + *next_pcr = '\0';
> +
> + grub_errno = GRUB_ERR_NONE;
> + pcr = grub_strtoul (current_pcr, NULL, 10);
> + if (grub_errno != GRUB_ERR_NONE)
This check is unreliable. Please take a look at commit ac8a37dda
(net/http: Allow use of non-standard TCP/IP ports) how is should
be done properly.
> + return grub_error (grub_errno,
> + N_("Entry '%s' in PCR list is not a number"),
> + current_pcr);
> +
> + if (pcr > TPM_MAX_PCRS)
> + return grub_error (GRUB_ERR_OUT_OF_RANGE,
> + N_("Entry %lu in PCR list is too large to be a PCR "
> + "number, PCR numbers range from 0 to %u"),
> + pcr, TPM_MAX_PCRS);
> +
> + pcrs[i] = (grub_uint8_t)pcr;
Missing space after ")".
> + *pcr_count += 1;
++(*pcr_count); ???
> +
> + if (next_pcr == NULL)
> + break;
> +
> + current_pcr = next_pcr + 1;
> + if (*current_pcr == '\0')
> + return grub_error (GRUB_ERR_BAD_ARGUMENT,
> + N_("Trailing comma at the end of PCR list"));
> + }
> +
> + if (i == TPM_MAX_PCRS)
> + return grub_error (GRUB_ERR_OUT_OF_RANGE,
> + N_("Too many PCRs in PCR list, the maximum number of "
> + "PCRs is %u"), TPM_MAX_PCRS);
> +
> + return GRUB_ERR_NONE;
> +}
> +
> +grub_err_t
> +grub_tpm2_protector_parse_asymmetric (const char *value,
> + grub_srk_type_t *srk_type)
> +{
> + if (grub_strcasecmp (value, "ECC") == 0 ||
> + grub_strcasecmp (value, "ECC_NIST_P256") == 0)
> + {
> + srk_type->type = TPM_ALG_ECC;
> + srk_type->detail.ecc_curve = TPM_ECC_NIST_P256;
> + }
> + else if (grub_strcasecmp (value, "RSA") == 0 ||
> + grub_strcasecmp (value, "RSA2048") == 0)
> + {
> + srk_type->type = TPM_ALG_RSA;
> + srk_type->detail.rsa_bits = 2048;
> + }
> + else
> + return grub_error (GRUB_ERR_OUT_OF_RANGE,
> + N_("Value '%s' is not a valid asymmetric key type"),
> + value);
> +
> + return GRUB_ERR_NONE;
> +}
> +
> +grub_err_t
> +grub_tpm2_protector_parse_bank (const char *value, TPM_ALG_ID *bank)
> +{
> + if (grub_strcasecmp (value, "SHA1") == 0)
> + *bank = TPM_ALG_SHA1;
> + else if (grub_strcasecmp (value, "SHA256") == 0)
> + *bank = TPM_ALG_SHA256;
> + else if (grub_strcasecmp (value, "SHA384") == 0)
> + *bank = TPM_ALG_SHA384;
> + else if (grub_strcasecmp (value, "SHA512") == 0)
> + *bank = TPM_ALG_SHA512;
> + else
> + return grub_error (GRUB_ERR_OUT_OF_RANGE,
> + N_("Value '%s' is not a valid PCR bank"), value);
> +
> + return GRUB_ERR_NONE;
> +}
> +
> +grub_err_t
> +grub_tpm2_protector_parse_tpm_handle (const char *value, TPM_HANDLE *handle)
> +{
> + unsigned long num;
> +
> + grub_errno = GRUB_ERR_NONE;
> + num = grub_strtoul (value, NULL, 0);
> + if (grub_errno != GRUB_ERR_NONE)
Again, please fix this check.
> + return grub_error (grub_errno, N_("TPM handle value '%s' is not a
> number"),
> + value);
> +
> + if (num > GRUB_UINT_MAX)
> + return grub_error (GRUB_ERR_OUT_OF_RANGE,
> + N_("Value %lu is too large to be a TPM handle, TPM "
> + "handles are unsigned 32-bit integers"), num);
> +
> + *handle = (TPM_HANDLE)num;
All casts should have space after last ")". Please fix this.
> +
> + return GRUB_ERR_NONE;
> +}
> diff --git a/grub-core/tpm2/module.c b/grub-core/tpm2/module.c
> new file mode 100644
> index 000000000..d85e5fb8c
> --- /dev/null
> +++ b/grub-core/tpm2/module.c
> @@ -0,0 +1,1225 @@
> +/*
> + * GRUB -- GRand Unified Bootloader
> + * Copyright (C) 2022 Microsoft Corporation
> + *
> + * GRUB is free software: you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation, either version 3 of the License, or
> + * (at your option) any later version.
> + *
> + * GRUB is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <grub/dl.h>
> +#include <grub/extcmd.h>
> +#include <grub/file.h>
> +#include <grub/list.h>
> +#include <grub/misc.h>
> +#include <grub/mm.h>
> +#include <grub/key_protector.h>
> +#include <grub/tpm2/buffer.h>
> +#include <grub/tpm2/internal/args.h>
> +#include <grub/tpm2/internal/types.h>
> +#include <grub/tpm2/mu.h>
> +#include <grub/tpm2/tpm2.h>
> +#include <grub/tpm2/tpm2key.h>
> +
> +GRUB_MOD_LICENSE ("GPLv3+");
> +
> +typedef enum grub_tpm2_protector_mode
> +{
> + GRUB_TPM2_PROTECTOR_MODE_UNSET,
> + GRUB_TPM2_PROTECTOR_MODE_SRK,
> + GRUB_TPM2_PROTECTOR_MODE_NV
> +} grub_tpm2_protector_mode_t;
> +
> +enum grub_tpm2_protector_options
> +{
> + OPTION_MODE,
> + OPTION_PCRS,
> + OPTION_BANK,
> + OPTION_TPM2KEY,
> + OPTION_KEYFILE,
> + OPTION_SRK,
> + OPTION_ASYMMETRIC,
> + OPTION_NVINDEX
> +};
> +
> +struct grub_tpm2_protector_context
> +{
> + grub_tpm2_protector_mode_t mode;
> + grub_uint8_t pcrs[TPM_MAX_PCRS];
> + grub_uint8_t pcr_count;
> + grub_srk_type_t srk_type;
> + TPM_ALG_ID bank;
> + const char *tpm2key;
> + const char *keyfile;
> + TPM_HANDLE srk;
> + TPM_HANDLE nv;
> +};
> +
> +static const struct grub_arg_option grub_tpm2_protector_init_cmd_options[] =
> + {
> + /* Options for all modes */
> + {
> + .longarg = "mode",
> + .shortarg = 'm',
> + .flags = 0,
> + .arg = NULL,
> + .type = ARG_TYPE_STRING,
> + .doc =
> + N_("Unseal key using SRK ('srk') (default) or retrieve it from an NV "
> + "Index ('nv')."),
> + },
> + {
> + .longarg = "pcrs",
> + .shortarg = 'p',
> + .flags = 0,
> + .arg = NULL,
> + .type = ARG_TYPE_STRING,
> + .doc =
> + N_("Comma-separated list of PCRs used to authorize key release "
> + "e.g., '7,11'. (default: 7)"),
> + },
> + {
> + .longarg = "bank",
> + .shortarg = 'b',
> + .flags = 0,
> + .arg = NULL,
> + .type = ARG_TYPE_STRING,
> + .doc =
> + N_("Bank of PCRs used to authorize key release: "
> + "SHA1, SHA256, SHA384 or SHA512. (default: SHA256)"),
> + },
> + /* SRK-mode options */
> + {
> + .longarg = "tpm2key",
> + .shortarg = 'T',
> + .flags = 0,
> + .arg = NULL,
> + .type = ARG_TYPE_STRING,
> + .doc =
> + N_("In SRK mode, path to the key file in the TPM 2.0 Key File format "
> + "to unseal using the TPM (e.g., (hd0,gpt1)/boot/grub2/sealed.tpm)."),
> + },
> + {
> + .longarg = "keyfile",
> + .shortarg = 'k',
> + .flags = 0,
> + .arg = NULL,
> + .type = ARG_TYPE_STRING,
> + .doc =
> + N_("In SRK mode, path to the key file in the raw format to unseal "
> + "using the TPM (e.g., (hd0,gpt1)/boot/grub2/sealed.key). "
> + "(Mainly for backward compatibility. Please use '--tpm2key'.)"),
> + },
> + {
> + .longarg = "srk",
> + .shortarg = 's',
> + .flags = 0,
> + .arg = NULL,
> + .type = ARG_TYPE_STRING,
> + .doc =
> + N_("In SRK mode, the SRK handle if the SRK is persistent."),
> + },
> + {
> + .longarg = "asymmetric",
> + .shortarg = 'a',
> + .flags = 0,
> + .arg = NULL,
> + .type = ARG_TYPE_STRING,
> + .doc =
> + N_("In SRK mode, the type of SRK: RSA (RSA2048) and ECC (ECC_NIST_P256)"
> + "(default: ECC)"),
> + },
> + /* NV Index-mode options */
> + {
> + .longarg = "nvindex",
> + .shortarg = 'n',
> + .flags = 0,
> + .arg = NULL,
> + .type = ARG_TYPE_STRING,
> + .doc =
> + N_("Required in NV Index mode, the NV handle to read which must "
> + "readily exist on the TPM and which contains the key."),
> + },
> + /* End of list */
> + {0, 0, 0, 0, 0, 0}
> + };
> +
> +static grub_extcmd_t grub_tpm2_protector_init_cmd;
> +static grub_extcmd_t grub_tpm2_protector_clear_cmd;
> +static struct grub_tpm2_protector_context grub_tpm2_protector_ctx = { 0 };
s/ 0 /0/
> +
> +static grub_err_t
> +grub_tpm2_protector_srk_read_file (const char *filepath, void **buffer,
> + grub_size_t *buffer_size)
> +{
> + grub_file_t file;
> + grub_off_t file_size;
> + void *read_buffer;
> + grub_off_t read_n;
> + grub_err_t err;
> +
> + /* Using GRUB_FILE_TYPE_SIGNATURE ensures we do not hash the keyfile into
> PCR9
> + * otherwise we'll never be able to predict the value of PCR9 at unseal
> time */
> + file = grub_file_open (filepath, GRUB_FILE_TYPE_SIGNATURE);
> + if (file == NULL)
> + {
> + /* Push errno from grub_file_open() into the error message stack */
> + grub_error_push();
> + err = grub_error (GRUB_ERR_FILE_NOT_FOUND,
> + N_("Could not open file: %s\n"),
> + filepath);
> + goto error;
> + }
> +
> + file_size = grub_file_size (file);
> + if (file_size == 0)
> + {
> + err = grub_error (GRUB_ERR_OUT_OF_RANGE,
> + N_("Could not read file size: %s"),
> + filepath);
> + goto error;
> + }
> +
> + read_buffer = grub_malloc (file_size);
> + if (read_buffer == NULL)
> + {
> + err = grub_error (GRUB_ERR_OUT_OF_MEMORY,
> + N_("Could not allocate buffer for %s"),
> + filepath);
> + goto error;
> + }
> +
> + read_n = grub_file_read (file, read_buffer, file_size);
> + if (read_n != file_size)
> + {
> + grub_free (read_buffer);
> + err = grub_error (GRUB_ERR_FILE_READ_ERROR,
> + N_("Could not retrieve file contents: %s"),
> + filepath);
I would avoid wrapping lines in many places to increase readability of
this patch set, e.g.:
err = grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Could not retrieve file
contents: %s"), filepath);
In general I am OK with lines (a bit) longer than 80.
> + goto error;
> + }
> +
> + *buffer = read_buffer;
> + *buffer_size = file_size;
> +
> + err = GRUB_ERR_NONE;
> +
> +error:
> + if (file != NULL)
> + grub_file_close (file);
> +
> + return err;
> +}
> +
> +static grub_err_t
> +grub_tpm2_protector_srk_unmarshal_keyfile (void *sealed_key,
> + grub_size_t sealed_key_size,
> + TPM2_SEALED_KEY *sk)
> +{
> + struct grub_tpm2_buffer buf;
> +
> + grub_tpm2_buffer_init (&buf);
> + if (sealed_key_size > buf.cap)
> + return grub_error (GRUB_ERR_BAD_ARGUMENT,
> + N_("Sealed key larger than %" PRIuGRUB_SIZE " bytes"),
> + buf.cap);
> +
> + grub_memcpy (buf.data, sealed_key, sealed_key_size);
> + buf.size = sealed_key_size;
> +
> + grub_tpm2_mu_TPM2B_PUBLIC_Unmarshal (&buf, &sk->public);
> + grub_tpm2_mu_TPM2B_PRIVATE_Unmarshal (&buf, &sk->private);
> +
> + if (buf.error)
> + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Malformed TPM wire key
> file"));
> +
> + return GRUB_ERR_NONE;
> +}
> +
> +static grub_err_t
> +grub_tpm2_protector_srk_unmarshal_tpm2key (void *sealed_key,
> + grub_size_t sealed_key_size,
> + tpm2key_policy_t *policy_seq,
> + tpm2key_authpolicy_t *authpol_seq,
> + grub_uint8_t *rsaparent,
> + grub_uint32_t *parent,
> + TPM2_SEALED_KEY *sk)
> +{
> + asn1_node tpm2key = NULL;
> + grub_uint8_t rsaparent_tmp;
> + grub_uint32_t parent_tmp;
> + void *sealed_pub = NULL;
> + grub_size_t sealed_pub_size;
> + void *sealed_priv = NULL;
> + grub_size_t sealed_priv_size;
> + struct grub_tpm2_buffer buf;
> + grub_err_t err;
> +
> + /*
> + * Start to parse the tpm2key file
> + * TPMKey ::= SEQUENCE {
> + * type OBJECT IDENTIFIER,
> + * emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL,
> + * policy [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL,
> + * secret [2] EXPLICIT OCTET STRING OPTIONAL,
> + * authPolicy [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL,
> + * description [4] EXPLICIT UTF8String OPTIONAL,
> + * rsaParent [5] EXPLICIT BOOLEAN OPTIONAL,
> + * parent INTEGER,
> + * pubkey OCTET STRING,
> + * privkey OCTET STRING
> + * }
> + */
> + err = grub_tpm2key_start_parsing (&tpm2key, sealed_key, sealed_key_size);
> + if (err != GRUB_ERR_NONE)
> + return err;
> +
> + /*
> + * Retrieve the policy sequence from 'policy'
> + * policy_seq will be NULL when 'policy' is not available
> + */
> + err = grub_tpm2key_get_policy_seq (tpm2key, policy_seq);
> + if (err != GRUB_ERR_NONE)
> + goto error;
> +
> + /*
> + * Retrieve the authpolicy sequence from 'authPolicy'
> + * authpol_seq will be NULL when 'authPolicy' is not available
> + */
> + err = grub_tpm2key_get_authpolicy_seq (tpm2key, authpol_seq);
> + if (err != GRUB_ERR_NONE)
> + goto error;
> +
> + /* Retrieve rsaParent */
> + err = grub_tpm2key_get_rsaparent (tpm2key, &rsaparent_tmp);
> + if (err != GRUB_ERR_NONE)
> + goto error;
> +
> + *rsaparent = rsaparent_tmp;
> +
> + /* Retrieve the parent handle */
> + err = grub_tpm2key_get_parent (tpm2key, &parent_tmp);
> + if (err != GRUB_ERR_NONE)
> + goto error;
> +
> + /* The parent handle should be either PERMANENT or PERSISTENT. */
> + if (!TPM_HT_IS_PERMANENT (parent_tmp) && !TPM_HT_IS_PERSISTENT
> (parent_tmp))
> + {
> + err = GRUB_ERR_OUT_OF_RANGE;
> + goto error;
> + }
> +
> + *parent = parent_tmp;
> +
> + /* Retrieve the public part of the sealed key */
> + err = grub_tpm2key_get_pubkey (tpm2key, &sealed_pub, &sealed_pub_size);
> + if (err != GRUB_ERR_NONE)
> + goto error;
> +
> + /* Retrieve the private part of the sealed key */
> + err = grub_tpm2key_get_privkey (tpm2key, &sealed_priv, &sealed_priv_size);
> + if (err != GRUB_ERR_NONE)
> + goto error;
> +
> + /* Unmarshal the sealed key */
> + grub_tpm2_buffer_init (&buf);
> + if (sealed_pub_size + sealed_priv_size > buf.cap)
> + {
> + err = grub_error (GRUB_ERR_BAD_ARGUMENT,
> + N_("Sealed key larger than %" PRIuGRUB_SIZE " bytes"),
> + buf.cap);
> + goto error;
> + }
> +
> + grub_tpm2_buffer_pack (&buf, sealed_pub, sealed_pub_size);
> + grub_tpm2_buffer_pack (&buf, sealed_priv, sealed_priv_size);
> +
> + buf.offset = 0;
> +
> + grub_tpm2_mu_TPM2B_PUBLIC_Unmarshal (&buf, &sk->public);
> + grub_tpm2_mu_TPM2B_PRIVATE_Unmarshal (&buf, &sk->private);
> +
> + if (buf.error)
> + {
> + err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Malformed TPM 2.0 key
> file"));
> + goto error;
> + }
> +
> + err = GRUB_ERR_NONE;
> +
> +error:
> + /* End the parsing */
> + grub_tpm2key_end_parsing (tpm2key);
> + grub_free (sealed_pub);
> + grub_free (sealed_priv);
> +
> + return err;
> +}
> +
> +/* Check if the SRK exists in the specified handle */
> +static grub_err_t
> +grub_tpm2_protector_srk_check (const TPM_HANDLE srk_handle)
> +{
> + TPM_RC rc;
> + TPM2B_PUBLIC public;
> +
> + /* Find SRK */
> + rc = TPM2_ReadPublic (srk_handle, NULL, &public);
> + if (rc == TPM_RC_SUCCESS)
> + return GRUB_ERR_NONE;
> +
> + return grub_error (GRUB_ERR_BAD_ARGUMENT,
> + N_("Failed to retrieve SRK from 0x%x (TPM2_ReadPublic:
> 0x%x)"),
> + srk_handle, rc);
> +}
> +
> +/* Get the SRK with the template */
> +static grub_err_t
> +grub_tpm2_protector_srk_get (const grub_srk_type_t srk_type,
> + const TPM_HANDLE parent,
> + TPM_HANDLE *srk_handle)
> +{
> + TPM_RC rc;
> + TPMT_PUBLIC_PARMS parms = { 0 };
s/ 0 /0/ and in general everywhere please...
> + TPMS_AUTH_COMMAND authCommand = { 0 };
> + TPM2B_SENSITIVE_CREATE inSensitive = { 0 };
> + TPM2B_PUBLIC inPublic = { 0 };
> + TPM2B_DATA outsideInfo = { 0 };
> + TPML_PCR_SELECTION creationPcr = { 0 };
> + TPM2B_PUBLIC outPublic = { 0 };
> + TPM2B_CREATION_DATA creationData = { 0 };
> + TPM2B_DIGEST creationHash = { 0 };
> + TPMT_TK_CREATION creationTicket = { 0 };
> + TPM2B_NAME srkName = { 0 };
> + TPM_HANDLE tmp_handle = 0;
> +
> + inPublic.publicArea.type = srk_type.type;
> + inPublic.publicArea.nameAlg = TPM_ALG_SHA256;
> + inPublic.publicArea.objectAttributes.restricted = 1;
> + inPublic.publicArea.objectAttributes.userWithAuth = 1;
> + inPublic.publicArea.objectAttributes.decrypt = 1;
> + inPublic.publicArea.objectAttributes.fixedTPM = 1;
> + inPublic.publicArea.objectAttributes.fixedParent = 1;
> + inPublic.publicArea.objectAttributes.sensitiveDataOrigin = 1;
> + inPublic.publicArea.objectAttributes.noDA = 1;
> +
> + if (srk_type.type == TPM_ALG_RSA)
> + {
> + inPublic.publicArea.parameters.rsaDetail.symmetric.algorithm =
> TPM_ALG_AES;
> + inPublic.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
> + inPublic.publicArea.parameters.rsaDetail.symmetric.mode.aes =
> TPM_ALG_CFB;
> + inPublic.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
> + inPublic.publicArea.parameters.rsaDetail.keyBits =
> srk_type.detail.rsa_bits;
> + inPublic.publicArea.parameters.rsaDetail.exponent = 0;
> + }
> + else if (srk_type.type == TPM_ALG_ECC)
> + {
> + inPublic.publicArea.parameters.eccDetail.symmetric.algorithm =
> TPM_ALG_AES;
> + inPublic.publicArea.parameters.eccDetail.symmetric.keyBits.aes = 128;
> + inPublic.publicArea.parameters.eccDetail.symmetric.mode.aes =
> TPM_ALG_CFB;
> + inPublic.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
> + inPublic.publicArea.parameters.eccDetail.curveID =
> srk_type.detail.ecc_curve;
> + inPublic.publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
> + }
> + else
> + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Unknown SRK algorithm"));
> +
> + /* Test the parameters before SRK generation */
> + parms.type = srk_type.type;
> + grub_memcpy (&parms.parameters, &inPublic.publicArea.parameters,
> + sizeof (TPMU_PUBLIC_PARMS));
> +
> + rc = TPM2_TestParms (&parms, NULL);
> + if (rc != TPM_RC_SUCCESS)
> + return grub_error (GRUB_ERR_BAD_ARGUMENT,
> + N_("Unsupported SRK template (TPM2_TestParms: 0x%x)"),
> + rc);
> +
> + /* Create SRK */
> + authCommand.sessionHandle = TPM_RS_PW;
> + rc = TPM2_CreatePrimary (parent, &authCommand, &inSensitive, &inPublic,
> + &outsideInfo, &creationPcr, &tmp_handle, &outPublic,
> + &creationData, &creationHash, &creationTicket,
> + &srkName, NULL);
> + if (rc != TPM_RC_SUCCESS)
> + return grub_error (GRUB_ERR_BAD_DEVICE,
> + N_("Could not create SRK (TPM2_CreatePrimary: 0x%x)"),
> + rc);
> +
> + *srk_handle = tmp_handle;
> +
> + return GRUB_ERR_NONE;
> +}
> +
> +/* Load the SRK from the persistent handle or create one with a given type of
> + template, and then associate the sealed key with the SRK
> + Return values:
> + * GRUB_ERR_NONE: Everything is fine.
> + * GRUB_ERR_BAD_ARGUMENT: The SRK doesn't match. Try another one.
> + * Other: Something went wrong.
> +*/
Wrong coding style for comments. Please take a look here [1].
> +static grub_err_t
> +grub_tpm2_protector_srk_load (const grub_srk_type_t srk_type,
> + const TPM2_SEALED_KEY *sealed_key,
> + const TPM_HANDLE parent,
> + TPM_HANDLE *sealed_handle,
> + TPM_HANDLE *srk_handle)
> +{
> + TPMS_AUTH_COMMAND authCmd = { 0 };
> + TPM2B_NAME name = { 0 };
> + TPM_RC rc;
> + grub_err_t err;
> +
> + if (srk_handle == NULL)
> + return GRUB_ERR_BUG;
> +
> + if (*srk_handle != 0)
> + {
> + err = grub_tpm2_protector_srk_check (*srk_handle);
> + if (err != GRUB_ERR_NONE)
> + return err;
> + }
> + else
> + {
> + err = grub_tpm2_protector_srk_get (srk_type, parent, srk_handle);
> + if (err != GRUB_ERR_NONE)
> + return err;
> + }
> +
> + /* Load the sealed key and associate it with the SRK */
> + authCmd.sessionHandle = TPM_RS_PW;
> + rc = TPM2_Load (*srk_handle, &authCmd, &sealed_key->private,
> &sealed_key->public,
> + sealed_handle, &name, NULL);
> + /* If TPM2_Load returns (TPM_RC_INTEGRITY | TPM_RC_P | TPM_RC_1), then it
> + implies the wrong SRK is used. */
Ditto.
> + if (rc == (TPM_RC_INTEGRITY | TPM_RC_P | TPM_RC_1))
> + {
> + err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("SRK not matched"));
> + goto error;
> + }
> + else if (rc != TPM_RC_SUCCESS)
> + {
> + err = grub_error (GRUB_ERR_BAD_DEVICE,
> + N_("Failed to load sealed key (TPM2_Load: 0x%x)"),
> + rc);
> + goto error;
> + }
> +
> + return GRUB_ERR_NONE;
> +
> +error:
> + if (!TPM_HT_IS_PERSISTENT (*srk_handle))
> + TPM2_FlushContext (*srk_handle);
> +
> + return err;
> +}
> +
> +static const char *
> +srk_type_to_name (grub_srk_type_t srk_type)
> +{
> + if (srk_type.type == TPM_ALG_ECC)
> + {
> + switch (srk_type.detail.ecc_curve)
> + {
> + case TPM_ECC_NIST_P256:
> + return "ECC_NIST_P256";
> + }
I would use "if" instead of "switch" here.
> + }
> + else if (srk_type.type == TPM_ALG_RSA)
> + {
> + switch (srk_type.detail.rsa_bits)
> + {
> + case 2048:
> + return "RSA2048";
Ditto.
> + }
> + }
> +
> + return "Unknown";
> +}
[...]
> +static grub_err_t
> +grub_tpm2_protector_simple_policy_seq (const struct
> grub_tpm2_protector_context *ctx,
> + tpm2key_policy_t *policy_seq)
> +{
> + tpm2key_policy_t policy = NULL;
> + struct grub_tpm2_buffer buf;
> + TPML_PCR_SELECTION pcr_sel = {
> + .count = 1,
> + .pcrSelections = {
> + {
> + .hash = ctx->bank,
> + .sizeOfSelect = 3,
> + .pcrSelect = { 0 }
> + },
> + }
> + };
> + grub_uint8_t i;
> + grub_err_t err;
> +
> + if (policy_seq == NULL)
> + return GRUB_ERR_BAD_ARGUMENT;
> +
> + grub_tpm2_buffer_init (&buf);
> +
> + for (i = 0; i < ctx->pcr_count; i++)
> + TPMS_PCR_SELECTION_SelectPCR (&pcr_sel.pcrSelections[0], ctx->pcrs[i]);
> +
> + grub_tpm2_buffer_pack_u16 (&buf, 0);
> + grub_tpm2_mu_TPML_PCR_SELECTION_Marshal (&buf, &pcr_sel);
> +
> + if (buf.error)
If you define buf.error as a bool please use "if (buf.error == true)",
etc. for checks.
> + return GRUB_ERR_BAD_ARGUMENT;
> +
> + policy = grub_malloc (sizeof(struct tpm2key_policy));
> + if (policy == NULL)
> + {
> + err = GRUB_ERR_OUT_OF_MEMORY;
> + goto error;
> + }
> + policy->cmd_code = TPM_CC_PolicyPCR;
> + policy->cmd_policy = grub_malloc (buf.size);
> + if (policy->cmd_policy == NULL)
> + {
> + err = GRUB_ERR_OUT_OF_MEMORY;
> + goto error;
> + }
> + grub_memcpy (policy->cmd_policy, buf.data, buf.size);
> + policy->cmd_policy_len = buf.size;
> +
> + grub_list_push (GRUB_AS_LIST_P (policy_seq), GRUB_AS_LIST (policy));
> +
> + return GRUB_ERR_NONE;
> +
> +error:
> + grub_free (policy);
> +
> + return err;
> +}
[...]
> +static grub_err_t
> +grub_tpm2_protector_nv_recover (const struct grub_tpm2_protector_context
> *ctx,
> + grub_uint8_t **key, grub_size_t *key_size)
> +{
> + (void)ctx;
> + (void)key;
> + (void)key_size;
"__attribute__ ((unused)" is your friend.
> +
> + return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
> + N_("NV Index mode is not implemented yet"));
> +}
[...]
> +GRUB_MOD_FINI (tpm2)
> +{
> + grub_free ((void *) grub_tpm2_protector_ctx.keyfile);
> + grub_memset (&grub_tpm2_protector_ctx, 0, sizeof
> (grub_tpm2_protector_ctx));
I think this grub_memset() is redundant just before module unload.
> + grub_key_protector_unregister (&grub_tpm2_key_protector);
> + grub_unregister_extcmd (grub_tpm2_protector_clear_cmd);
> + grub_unregister_extcmd (grub_tpm2_protector_init_cmd);
> +}
> diff --git a/grub-core/tpm2/tpm2key.asn b/grub-core/tpm2/tpm2key.asn
> new file mode 100644
> index 000000000..7ad4b6a2a
> --- /dev/null
> +++ b/grub-core/tpm2/tpm2key.asn
> @@ -0,0 +1,33 @@
Missing license...
> +--
> +-- TPM 2.0 key file format
> +-- To generate tpm2key_asn1_tab.c: asn1Parser tpm2key.asn
> +--
> +TPM2KEY {}
> +DEFINITIONS IMPLICIT TAGS ::=
> +
> +BEGIN
> +
> +TPMPolicy ::= SEQUENCE {
> + CommandCode [0] EXPLICIT INTEGER,
> + CommandPolicy [1] EXPLICIT OCTET STRING
> +}
> +
> +TPMAuthPolicy ::= SEQUENCE {
> + Name [0] EXPLICIT UTF8String OPTIONAL,
> + Policy [1] EXPLICIT SEQUENCE OF TPMPolicy
> +}
> +
> +TPMKey ::= SEQUENCE {
> + type OBJECT IDENTIFIER,
> + emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL,
> + policy [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL,
> + secret [2] EXPLICIT OCTET STRING OPTIONAL,
> + authPolicy [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL,
> + description [4] EXPLICIT UTF8String OPTIONAL,
> + rsaParent [5] EXPLICIT BOOLEAN OPTIONAL,
> + parent INTEGER,
> + pubkey OCTET STRING,
> + privkey OCTET STRING
> +}
> +
> +END
> diff --git a/grub-core/tpm2/tpm2key.c b/grub-core/tpm2/tpm2key.c
> new file mode 100644
> index 000000000..5972a40a9
> --- /dev/null
> +++ b/grub-core/tpm2/tpm2key.c
> @@ -0,0 +1,475 @@
> +/*
> + * GRUB -- GRand Unified Bootloader
> + * Copyright (C) 2023 SUSE LLC
> + *
> + * GRUB is free software: you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation, either version 3 of the License, or
> + * (at your option) any later version.
> + *
> + * GRUB is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <grub/list.h>
> +#include <grub/misc.h>
> +#include <grub/mm.h>
> +#include <grub/tpm2/buffer.h>
> +#include <grub/tpm2/tpm2key.h>
> +
> +extern asn1_static_node tpm2key_asn1_tab[];
> +const char *sealed_key_oid = "2.23.133.10.1.5";
> +
> +static int
> +asn1_allocate_and_read (asn1_node node, const char *name, void **content,
> grub_size_t *content_size)
> +{
> + grub_uint8_t *tmpstr = NULL;
> + int tmpstr_size = 0;
> + int ret;
> +
> + if (content == NULL)
> + return ASN1_MEM_ERROR;
> +
> + ret = asn1_read_value (node, name, NULL, &tmpstr_size);
> + if (ret != ASN1_MEM_ERROR)
> + return ret;
> +
> + tmpstr = grub_malloc (tmpstr_size);
> + if (tmpstr == NULL)
> + return ASN1_MEM_ERROR;
> +
> + ret = asn1_read_value (node, name, tmpstr, &tmpstr_size);
> + if (ret != ASN1_SUCCESS)
> + return ret;
> +
> + *content = tmpstr;
> + *content_size = tmpstr_size;
> +
> + return ASN1_SUCCESS;
> +}
> +
> +static int
> +asn1_read_uint32 (asn1_node node, const char *name, grub_uint32_t *out)
> +{
> + grub_uint32_t tmp = 0;
> + grub_uint8_t *ptr;
> + void *data = NULL;
> + grub_size_t data_size;
> + int ret;
> +
> + ret = asn1_allocate_and_read (node, name, &data, &data_size);
> + if (ret != ASN1_SUCCESS)
> + return ret;
> +
> + if (data_size > 4)
Is it possible to get 3 or less here? If yes then we should check for
this too. Or s/>/!=/...
> + {
> + ret = ASN1_MEM_ERROR;
> + goto error;
> + }
> +
> + /* convert the big-endian integer to host uint32 */
> + ptr = (grub_uint8_t *)&tmp + (4 - data_size);
> + grub_memcpy (ptr, data, data_size);
Could you explain this? Why grub_be_to_cpu32() is not enough?
Is it related to alignment? If yes you could use grub_get_unaligned32().
> + tmp = grub_be_to_cpu32 (tmp);
> +
> + *out = tmp;
> +error:
> + if (data)
> + grub_free (data);
> + return ret;
> +}
[...]
> +grub_err_t
> +grub_tpm2key_get_authpolicy_seq (asn1_node tpm2key, tpm2key_authpolicy_t
> *authpol_seq)
> +{
> + tpm2key_authpolicy_t tmp_seq = NULL;
> + tpm2key_authpolicy_t authpol = NULL;
> + int authpol_n;
> + char authpol_pol[AUTHPOLICY_POL_MAX];
> + int i;
> + int ret;
> + grub_err_t err;
> +
> + ret = asn1_number_of_elements (tpm2key, "authPolicy", &authpol_n);
> + if (ret == ASN1_ELEMENT_NOT_FOUND)
> + {
> + /* "authPolicy" is optional, so it may not be available */
> + *authpol_seq = NULL;
> + return GRUB_ERR_NONE;
> + }
> + else if (ret != ASN1_SUCCESS)
> + return grub_error (GRUB_ERR_READ_ERROR, N_("Failed to retrieve
> authPolicy"));
> +
> + /* Limit the number of authPolicy elements to two digits (99) */
> + if (authpol_n > 100 || authpol_n < 1)
I would define high/low policy limits as constants and use them everywhere.
> + return grub_error (GRUB_ERR_OUT_OF_RANGE,
> + N_("Invalid number of authPolicy elements"));
> +
> + /*
> + * Iterate the authPolicy elements backwards since grub_list_push()
> prepends
> + * the item into the list.
> + */
> + for (i = authpol_n; i >= 1; i--) {
> + authpol = grub_zalloc (sizeof (struct tpm2key_authpolicy));
> + if (authpol == NULL)
> + {
> + err = grub_error (GRUB_ERR_OUT_OF_MEMORY,
> + N_("Failed to allocate memory for authPolicy"));
> + goto error;
> + }
> + grub_snprintf (authpol_pol, AUTHPOLICY_POL_MAX, "authPolicy.?%d.Policy",
> i);
> +
> + ret = tpm2key_get_policy_seq (tpm2key, authpol_pol,
> &authpol->policy_seq);
> + if (ret != ASN1_SUCCESS)
> + {
> + err = grub_error (GRUB_ERR_READ_ERROR,
> + N_("Failed to retrieve policy from authPolicy"));
> + goto error;
> + }
> +
> + /* Prepend the authPolicy element into the sequence */
> + grub_list_push (GRUB_AS_LIST_P (&tmp_seq), GRUB_AS_LIST (authpol));
> + }
> +
> + *authpol_seq = tmp_seq;
> +
> + return GRUB_ERR_NONE;
> +
> +error:
> + if (authpol)
> + {
> + grub_tpm2key_free_policy_seq (authpol->policy_seq);
> + grub_free (authpol);
> + }
> +
> + grub_tpm2key_free_authpolicy_seq (tmp_seq);
> +
> + return err;
> +}
> +
> +void
> +grub_tpm2key_free_authpolicy_seq (tpm2key_authpolicy_t authpol_seq)
> +{
> + tpm2key_authpolicy_t authpol;
> + tpm2key_authpolicy_t next;
> +
> + if (authpol_seq == NULL)
> + return;
> +
> + FOR_LIST_ELEMENTS_SAFE (authpol, next, authpol_seq)
> + {
> + grub_tpm2key_free_policy_seq (authpol->policy_seq);
> + grub_free (authpol);
> + }
> +}
> diff --git a/grub-core/tpm2/tpm2key_asn1_tab.c
> b/grub-core/tpm2/tpm2key_asn1_tab.c
> new file mode 100644
> index 000000000..8710c7ae9
> --- /dev/null
> +++ b/grub-core/tpm2/tpm2key_asn1_tab.c
> @@ -0,0 +1,45 @@
Missing license here.
> +/*
> + * This file is generated by 'asn1Parser tpm2key.asn' and the '#include'
> + * headers are replaced with the ones in grub2.
> + * - 'grub/mm.h' for the definition of 'NULL'
> + * - 'libtasn1.h' for the definition of 'asn1_static_node'
> + */
> +
> +#include <grub/mm.h>
> +#include <libtasn1.h>
> +
> +const asn1_static_node tpm2key_asn1_tab[] = {
> + { "TPM2KEY", 536875024, NULL },
> + { NULL, 1073741836, NULL },
> + { "TPMPolicy", 1610612741, NULL },
> + { "CommandCode", 1610620931, NULL },
> + { NULL, 2056, "0"},
> + { "CommandPolicy", 536879111, NULL },
> + { NULL, 2056, "1"},
> + { "TPMAuthPolicy", 1610612741, NULL },
> + { "Name", 1610637346, NULL },
> + { NULL, 2056, "0"},
> + { "Policy", 536879115, NULL },
> + { NULL, 1073743880, "1"},
> + { NULL, 2, "TPMPolicy"},
> + { "TPMKey", 536870917, NULL },
> + { "type", 1073741836, NULL },
> + { "emptyAuth", 1610637316, NULL },
> + { NULL, 2056, "0"},
> + { "policy", 1610637323, NULL },
> + { NULL, 1073743880, "1"},
> + { NULL, 2, "TPMPolicy"},
> + { "secret", 1610637319, NULL },
> + { NULL, 2056, "2"},
> + { "authPolicy", 1610637323, NULL },
> + { NULL, 1073743880, "3"},
> + { NULL, 2, "TPMAuthPolicy"},
> + { "description", 1610637346, NULL },
> + { NULL, 2056, "4"},
> + { "rsaParent", 1610637316, NULL },
> + { NULL, 2056, "5"},
> + { "parent", 1073741827, NULL },
> + { "pubkey", 1073741831, NULL },
> + { "privkey", 7, NULL },
> + { NULL, 0, NULL }
> +};
Daniel
[1] https://www.gnu.org/software/grub/manual/grub-dev/grub-dev.html#Comments
- [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS), (continued)
Re: [PATCH v17 10/20] tpm2: Add TPM Software Stack (TSS), Daniel Kiper, 2024/06/18
[PATCH v17 11/20] key_protector: Add TPM2 Key Protector, Gary Lin, 2024/06/14
- Re: [PATCH v17 11/20] key_protector: Add TPM2 Key Protector,
Daniel Kiper <=
[PATCH v17 12/20] cryptodisk: Support key protectors, Gary Lin, 2024/06/14
[PATCH v17 13/20] util/grub-protect: Add new tool, Gary Lin, 2024/06/14
[PATCH v17 14/20] tpm2: Support authorized policy, Gary Lin, 2024/06/14
[PATCH v17 15/20] tpm2: Implement NV index, Gary Lin, 2024/06/14
[PATCH v17 16/20] cryptodisk: Fallback to passphrase, Gary Lin, 2024/06/14
[PATCH v17 17/20] cryptodisk: wipe out the cached keys from protectors, Gary Lin, 2024/06/14
[PATCH v17 18/20] diskfilter: look up cryptodisk devices first, Gary Lin, 2024/06/14
[PATCH v17 19/20] tpm2: Enable tpm2 module for grub-emu, Gary Lin, 2024/06/14