grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v17 11/20] key_protector: Add TPM2 Key Protector


From: Daniel Kiper
Subject: Re: [PATCH v17 11/20] key_protector: Add TPM2 Key Protector
Date: Wed, 19 Jun 2024 18:34:13 +0200

On Fri, Jun 14, 2024 at 02:45:44PM +0800, Gary Lin wrote:
> From: Hernan Gatta <hegatta@linux.microsoft.com>
>
> The TPM2 key protector is a module that enables the automatic retrieval
> of a fully-encrypted disk's unlocking key from a TPM 2.0.
>
> The theory of operation is such that the module accepts various
> arguments, most of which are optional and therefore possess reasonable
> defaults. One of these arguments is the keyfile/tpm2key parameter, which
> is mandatory. There are two supported key formats:
>
> 1. Raw Sealed Key (--keyfile)
>    When sealing a key with TPM2_Create, the public portion of the sealed
>    key is stored in TPM2B_PUBLIC, and the private portion is in
>    TPM2B_PRIVATE. The raw sealed key glues the fully marshalled
>    TPM2B_PUBLIC and TPM2B_PRIVATE into one file.
>
> 2. TPM 2.0 Key (--tpm2key)
>    The following is the ASN.1 definition of TPM 2.0 Key File:
>
>    TPMPolicy ::= SEQUENCE {
>      CommandCode   [0] EXPLICIT INTEGER
>      CommandPolicy [1] EXPLICIT OCTET STRING
>    }
>
>    TPMAuthPolicy ::= SEQUENCE {
>      Name    [0] EXPLICIT UTF8STRING OPTIONAL
>      Policy  [1] EXPLICIT SEQUENCE OF TPMPolicy
>    }
>
>    TPMKey ::= SEQUENCE {
>      type        OBJECT IDENTIFIER
>      emptyAuth   [0] EXPLICIT BOOLEAN OPTIONAL
>      policy      [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL
>      secret      [2] EXPLICIT OCTET STRING OPTIONAL
>      authPolicy  [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL
>      description [4] EXPLICIT UTF8String OPTIONAL,
>      rsaParent   [5] EXPLICIT BOOLEAN OPTIONAL,
>      parent      INTEGER
>      pubkey      OCTET STRING
>      privkey     OCTET STRING
>    }
>
>   The TPM2 key protector only expects a "sealed" key in DER encoding,
>   so 'type' is always 2.23.133.10.1.5, 'emptyAuth' is 'TRUE', and
>   'secret' is empty. 'policy' and 'authPolicy' are the possible policy
>   command sequences to construst the policy digest to unseal the key.
>   Similar to the raw sealed key, the public portion (TPM2B_PUBLIC) of
>   the sealed key is stored in 'pubkey', and the private portion
>   (TPM2B_PRIVATE) is in 'privkey'.
>
>   For more details: 
> https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
>
> This sealed key file is created via the grub-protect tool. The tool
> utilizes the TPM's sealing functionality to seal (i.e., encrypt) an
> unlocking key using a Storage Root Key (SRK) to the values of various
> Platform Configuration Registers (PCRs). These PCRs reflect the state
> of the system as it boots. If the values are as expected, the system
> may be considered trustworthy, at which point the TPM allows for a
> caller to utilize the private component of the SRK to unseal (i.e.,
> decrypt) the sealed key file. The caller, in this case, is this key
> protector.
>
> The TPM2 key protector registers two commands:
>
> - tpm2_key_protector_init: Initializes the state of the TPM2 key
>                            protector for later usage, clearing any
>                            previous state, too, if any.
>
> - tpm2_key_protector_clear: Clears any state set by tpm2_key_protector_init.
>
> The way this is expected to be used requires the user to, either
> interactively or, normally, via a boot script, initialize/configure
> the key protector and then specify that it be used by the 'cryptomount'
> command (modifications to this command are in a different patch).
>
> For instance, to unseal the raw sealed key file:
>
> tpm2_key_protector_init --keyfile=(hd0,gpt1)/efi/grub2/sealed-1.key
> cryptomount -u <PART1_UUID> -P tpm2
>
> tpm2_key_protector_init --keyfile=(hd0,gpt1)/efi/grub2/sealed-2.key 
> --pcrs=7,11
> cryptomount -u <PART2_UUID> -P tpm2
>
> Or, to unseal the TPM 2.0 Key file:
>
> tpm2_key_protector_init --tpm2key=(hd0,gpt1)/efi/grub2/sealed-1.tpm
> cryptomount -u <PART1_UUID> -P tpm2
>
> tpm2_key_protector_init --tpm2key=(hd0,gpt1)/efi/grub2/sealed-2.tpm 
> --pcrs=7,11
> cryptomount -u <PART2_UUID> -P tpm2
>
> If a user does not initialize the key protector and attempts to use it
> anyway, the protector returns an error.
>
> Before unsealing the key, the TPM2 key protector follows the "TPMPolicy"
> sequences to enforce the TPM policy commands to construct a valid policy
> digest to unseal the key.
>
> For the TPM 2.0 Key files, 'authPolicy' may contain multiple "TPMPolicy"
> sequences, the TPM2 key protector iterates 'authPolicy' to find a valid
> sequence to unseal key. If 'authPolicy' is empty or all sequences in
> 'authPolicy' fail, the protector tries the one from 'policy'. In case
> 'policy' is also empty, the protector creates a "TPMPolicy" sequence
> based on the given PCR selection.
>
> For the raw sealed key, the TPM2 key protector treats the key file as a
> TPM 2.0 Key file without 'authPolicy' and 'policy', so the "TPMPolicy"
> sequence is always based on the PCR selection from the command
> parameters.
>
> This commit only supports one policy command: TPM2_PolicyPCR. The
> command set will be extended to support advanced features, such as
> authorized policy, in the later commits.
>
> Cc: Stefan Berger <stefanb@linux.ibm.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
> Signed-off-by: Gary Lin <glin@suse.com>
> ---
>  grub-core/Makefile.core.def       |   14 +
>  grub-core/tpm2/args.c             |  140 ++++
>  grub-core/tpm2/module.c           | 1225 +++++++++++++++++++++++++++++
>  grub-core/tpm2/tpm2key.asn        |   33 +
>  grub-core/tpm2/tpm2key.c          |  475 +++++++++++
>  grub-core/tpm2/tpm2key_asn1_tab.c |   45 ++
>  include/grub/tpm2/internal/args.h |   49 ++
>  include/grub/tpm2/tpm2key.h       |   86 ++
>  8 files changed, 2067 insertions(+)
>  create mode 100644 grub-core/tpm2/args.c
>  create mode 100644 grub-core/tpm2/module.c
>  create mode 100644 grub-core/tpm2/tpm2key.asn
>  create mode 100644 grub-core/tpm2/tpm2key.c
>  create mode 100644 grub-core/tpm2/tpm2key_asn1_tab.c
>  create mode 100644 include/grub/tpm2/internal/args.h
>  create mode 100644 include/grub/tpm2/tpm2key.h
>
> diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
> index 457eb2e41..4adfbd175 100644
> --- a/grub-core/Makefile.core.def
> +++ b/grub-core/Makefile.core.def
> @@ -2566,6 +2566,20 @@ module = {
>    enable = efi;
>  };
>
> +module = {
> +  name = tpm2;
> +  common = tpm2/args.c;
> +  common = tpm2/buffer.c;
> +  common = tpm2/module.c;
> +  common = tpm2/mu.c;
> +  common = tpm2/tpm2.c;
> +  common = tpm2/tpm2key.c;
> +  common = tpm2/tpm2key_asn1_tab.c;
> +  efi = tpm2/tcg2.c;
> +  enable = efi;
> +  cppflags = '-I$(srcdir)/lib/libtasn1-grub';
> +};
> +

I think the TPM2 key protector should be in separate GRUB module,
i.e. not integrated with tss2 and tpm2 modules.

>  module = {
>    name = tr;
>    common = commands/tr.c;
> diff --git a/grub-core/tpm2/args.c b/grub-core/tpm2/args.c
> new file mode 100644
> index 000000000..c11280ab9
> --- /dev/null
> +++ b/grub-core/tpm2/args.c
> @@ -0,0 +1,140 @@
> +/*
> + *  GRUB  --  GRand Unified Bootloader
> + *  Copyright (C) 2022 Microsoft Corporation
> + *
> + *  GRUB is free software: you can redistribute it and/or modify
> + *  it under the terms of the GNU General Public License as published by
> + *  the Free Software Foundation, either version 3 of the License, or
> + *  (at your option) any later version.
> + *
> + *  GRUB is distributed in the hope that it will be useful,
> + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + *  GNU General Public License for more details.
> + *
> + *  You should have received a copy of the GNU General Public License
> + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <grub/err.h>
> +#include <grub/mm.h>
> +#include <grub/misc.h>
> +#include <grub/tpm2/internal/args.h>
> +
> +grub_err_t
> +grub_tpm2_protector_parse_pcrs (char *value, grub_uint8_t *pcrs,
> +                             grub_uint8_t *pcr_count)
> +{
> +  char *current_pcr = value;
> +  char *next_pcr;
> +  unsigned long pcr;
> +  grub_uint8_t i;
> +
> +  if (grub_strlen (value) == 0)
> +    return GRUB_ERR_BAD_ARGUMENT;
> +
> +  *pcr_count = 0;
> +  for (i = 0; i < TPM_MAX_PCRS; i++)
> +    {
> +      next_pcr = grub_strchr (current_pcr, ',');
> +      if (next_pcr == current_pcr)
> +     return grub_error (GRUB_ERR_BAD_ARGUMENT,
> +                        N_("Empty entry in PCR list"));
> +      if (next_pcr)
> +     *next_pcr = '\0';
> +
> +      grub_errno = GRUB_ERR_NONE;
> +      pcr = grub_strtoul (current_pcr, NULL, 10);
> +      if (grub_errno != GRUB_ERR_NONE)

This check is unreliable. Please take a look at commit ac8a37dda
(net/http: Allow use of non-standard TCP/IP ports) how is should
be done properly.

> +     return grub_error (grub_errno,
> +                        N_("Entry '%s' in PCR list is not a number"),
> +                        current_pcr);
> +
> +      if (pcr > TPM_MAX_PCRS)
> +     return grub_error (GRUB_ERR_OUT_OF_RANGE,
> +                        N_("Entry %lu in PCR list is too large to be a PCR "
> +                           "number, PCR numbers range from 0 to %u"),
> +                        pcr, TPM_MAX_PCRS);
> +
> +      pcrs[i] = (grub_uint8_t)pcr;

Missing space after ")".

> +      *pcr_count += 1;

++(*pcr_count); ???

> +
> +      if (next_pcr == NULL)
> +     break;
> +
> +      current_pcr = next_pcr + 1;
> +      if (*current_pcr == '\0')
> +     return grub_error (GRUB_ERR_BAD_ARGUMENT,
> +                        N_("Trailing comma at the end of PCR list"));
> +    }
> +
> +  if (i == TPM_MAX_PCRS)
> +    return grub_error (GRUB_ERR_OUT_OF_RANGE,
> +                    N_("Too many PCRs in PCR list, the maximum number of "
> +                       "PCRs is %u"), TPM_MAX_PCRS);
> +
> +  return GRUB_ERR_NONE;
> +}
> +
> +grub_err_t
> +grub_tpm2_protector_parse_asymmetric (const char *value,
> +                                   grub_srk_type_t *srk_type)
> +{
> +  if (grub_strcasecmp (value, "ECC") == 0 ||
> +      grub_strcasecmp (value, "ECC_NIST_P256") == 0)
> +    {
> +      srk_type->type = TPM_ALG_ECC;
> +      srk_type->detail.ecc_curve = TPM_ECC_NIST_P256;
> +    }
> +  else if (grub_strcasecmp (value, "RSA") == 0 ||
> +        grub_strcasecmp (value, "RSA2048") == 0)
> +    {
> +      srk_type->type = TPM_ALG_RSA;
> +      srk_type->detail.rsa_bits = 2048;
> +    }
> +  else
> +    return grub_error (GRUB_ERR_OUT_OF_RANGE,
> +                    N_("Value '%s' is not a valid asymmetric key type"),
> +                    value);
> +
> +  return GRUB_ERR_NONE;
> +}
> +
> +grub_err_t
> +grub_tpm2_protector_parse_bank (const char *value, TPM_ALG_ID *bank)
> +{
> +  if (grub_strcasecmp (value, "SHA1") == 0)
> +    *bank = TPM_ALG_SHA1;
> +  else if (grub_strcasecmp (value, "SHA256") == 0)
> +    *bank = TPM_ALG_SHA256;
> +  else if (grub_strcasecmp (value, "SHA384") == 0)
> +    *bank = TPM_ALG_SHA384;
> +  else if (grub_strcasecmp (value, "SHA512") == 0)
> +    *bank = TPM_ALG_SHA512;
> +  else
> +    return grub_error (GRUB_ERR_OUT_OF_RANGE,
> +                    N_("Value '%s' is not a valid PCR bank"), value);
> +
> +  return GRUB_ERR_NONE;
> +}
> +
> +grub_err_t
> +grub_tpm2_protector_parse_tpm_handle (const char *value, TPM_HANDLE *handle)
> +{
> +  unsigned long num;
> +
> +  grub_errno = GRUB_ERR_NONE;
> +  num = grub_strtoul (value, NULL, 0);
> +  if (grub_errno != GRUB_ERR_NONE)

Again, please fix this check.

> +    return grub_error (grub_errno, N_("TPM handle value '%s' is not a 
> number"),
> +                    value);
> +
> +  if (num > GRUB_UINT_MAX)
> +    return grub_error (GRUB_ERR_OUT_OF_RANGE,
> +                    N_("Value %lu is too large to be a TPM handle, TPM "
> +                       "handles are unsigned 32-bit integers"), num);
> +
> +  *handle = (TPM_HANDLE)num;

All casts should have space after last ")". Please fix this.

> +
> +  return GRUB_ERR_NONE;
> +}
> diff --git a/grub-core/tpm2/module.c b/grub-core/tpm2/module.c
> new file mode 100644
> index 000000000..d85e5fb8c
> --- /dev/null
> +++ b/grub-core/tpm2/module.c
> @@ -0,0 +1,1225 @@
> +/*
> + *  GRUB  --  GRand Unified Bootloader
> + *  Copyright (C) 2022 Microsoft Corporation
> + *
> + *  GRUB is free software: you can redistribute it and/or modify
> + *  it under the terms of the GNU General Public License as published by
> + *  the Free Software Foundation, either version 3 of the License, or
> + *  (at your option) any later version.
> + *
> + *  GRUB is distributed in the hope that it will be useful,
> + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + *  GNU General Public License for more details.
> + *
> + *  You should have received a copy of the GNU General Public License
> + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <grub/dl.h>
> +#include <grub/extcmd.h>
> +#include <grub/file.h>
> +#include <grub/list.h>
> +#include <grub/misc.h>
> +#include <grub/mm.h>
> +#include <grub/key_protector.h>
> +#include <grub/tpm2/buffer.h>
> +#include <grub/tpm2/internal/args.h>
> +#include <grub/tpm2/internal/types.h>
> +#include <grub/tpm2/mu.h>
> +#include <grub/tpm2/tpm2.h>
> +#include <grub/tpm2/tpm2key.h>
> +
> +GRUB_MOD_LICENSE ("GPLv3+");
> +
> +typedef enum grub_tpm2_protector_mode
> +{
> +  GRUB_TPM2_PROTECTOR_MODE_UNSET,
> +  GRUB_TPM2_PROTECTOR_MODE_SRK,
> +  GRUB_TPM2_PROTECTOR_MODE_NV
> +} grub_tpm2_protector_mode_t;
> +
> +enum grub_tpm2_protector_options
> +{
> +  OPTION_MODE,
> +  OPTION_PCRS,
> +  OPTION_BANK,
> +  OPTION_TPM2KEY,
> +  OPTION_KEYFILE,
> +  OPTION_SRK,
> +  OPTION_ASYMMETRIC,
> +  OPTION_NVINDEX
> +};
> +
> +struct grub_tpm2_protector_context
> +{
> +  grub_tpm2_protector_mode_t mode;
> +  grub_uint8_t pcrs[TPM_MAX_PCRS];
> +  grub_uint8_t pcr_count;
> +  grub_srk_type_t srk_type;
> +  TPM_ALG_ID bank;
> +  const char *tpm2key;
> +  const char *keyfile;
> +  TPM_HANDLE srk;
> +  TPM_HANDLE nv;
> +};
> +
> +static const struct grub_arg_option grub_tpm2_protector_init_cmd_options[] =
> +  {
> +    /* Options for all modes */
> +    {
> +      .longarg  = "mode",
> +      .shortarg = 'm',
> +      .flags    = 0,
> +      .arg      = NULL,
> +      .type     = ARG_TYPE_STRING,
> +      .doc      =
> +     N_("Unseal key using SRK ('srk') (default) or retrieve it from an NV "
> +        "Index ('nv')."),
> +    },
> +    {
> +      .longarg  = "pcrs",
> +      .shortarg = 'p',
> +      .flags    = 0,
> +      .arg      = NULL,
> +      .type     = ARG_TYPE_STRING,
> +      .doc      =
> +     N_("Comma-separated list of PCRs used to authorize key release "
> +        "e.g., '7,11'. (default: 7)"),
> +    },
> +    {
> +      .longarg  = "bank",
> +      .shortarg = 'b',
> +      .flags    = 0,
> +      .arg      = NULL,
> +      .type     = ARG_TYPE_STRING,
> +      .doc      =
> +     N_("Bank of PCRs used to authorize key release: "
> +        "SHA1, SHA256, SHA384 or SHA512. (default: SHA256)"),
> +    },
> +    /* SRK-mode options */
> +    {
> +      .longarg  = "tpm2key",
> +      .shortarg = 'T',
> +      .flags    = 0,
> +      .arg      = NULL,
> +      .type     = ARG_TYPE_STRING,
> +      .doc      =
> +     N_("In SRK mode, path to the key file in the TPM 2.0 Key File format "
> +        "to unseal using the TPM (e.g., (hd0,gpt1)/boot/grub2/sealed.tpm)."),
> +    },
> +    {
> +      .longarg  = "keyfile",
> +      .shortarg = 'k',
> +      .flags    = 0,
> +      .arg      = NULL,
> +      .type     = ARG_TYPE_STRING,
> +      .doc      =
> +     N_("In SRK mode, path to the key file in the raw format to unseal "
> +        "using the TPM (e.g., (hd0,gpt1)/boot/grub2/sealed.key). "
> +        "(Mainly for backward compatibility. Please use '--tpm2key'.)"),
> +    },
> +    {
> +      .longarg  = "srk",
> +      .shortarg = 's',
> +      .flags    = 0,
> +      .arg      = NULL,
> +      .type     = ARG_TYPE_STRING,
> +      .doc      =
> +     N_("In SRK mode, the SRK handle if the SRK is persistent."),
> +    },
> +    {
> +      .longarg  = "asymmetric",
> +      .shortarg = 'a',
> +      .flags    = 0,
> +      .arg      = NULL,
> +      .type     = ARG_TYPE_STRING,
> +      .doc      =
> +     N_("In SRK mode, the type of SRK: RSA (RSA2048) and ECC (ECC_NIST_P256)"
> +        "(default: ECC)"),
> +    },
> +    /* NV Index-mode options */
> +    {
> +      .longarg  = "nvindex",
> +      .shortarg = 'n',
> +      .flags    = 0,
> +      .arg      = NULL,
> +      .type     = ARG_TYPE_STRING,
> +      .doc      =
> +     N_("Required in NV Index mode, the NV handle to read which must "
> +        "readily exist on the TPM and which contains the key."),
> +    },
> +    /* End of list */
> +    {0, 0, 0, 0, 0, 0}
> +  };
> +
> +static grub_extcmd_t grub_tpm2_protector_init_cmd;
> +static grub_extcmd_t grub_tpm2_protector_clear_cmd;
> +static struct grub_tpm2_protector_context grub_tpm2_protector_ctx = { 0 };

s/ 0 /0/

> +
> +static grub_err_t
> +grub_tpm2_protector_srk_read_file (const char *filepath, void **buffer,
> +                                grub_size_t *buffer_size)
> +{
> +  grub_file_t file;
> +  grub_off_t file_size;
> +  void *read_buffer;
> +  grub_off_t read_n;
> +  grub_err_t err;
> +
> +  /* Using GRUB_FILE_TYPE_SIGNATURE ensures we do not hash the keyfile into 
> PCR9
> +   * otherwise we'll never be able to predict the value of PCR9 at unseal 
> time */
> +  file = grub_file_open (filepath, GRUB_FILE_TYPE_SIGNATURE);
> +  if (file == NULL)
> +    {
> +      /* Push errno from grub_file_open() into the error message stack */
> +      grub_error_push();
> +      err = grub_error (GRUB_ERR_FILE_NOT_FOUND,
> +                     N_("Could not open file: %s\n"),
> +                     filepath);
> +      goto error;
> +    }
> +
> +  file_size = grub_file_size (file);
> +  if (file_size == 0)
> +    {
> +      err = grub_error (GRUB_ERR_OUT_OF_RANGE,
> +                     N_("Could not read file size: %s"),
> +                     filepath);
> +      goto error;
> +    }
> +
> +  read_buffer = grub_malloc (file_size);
> +  if (read_buffer == NULL)
> +    {
> +      err = grub_error (GRUB_ERR_OUT_OF_MEMORY,
> +                     N_("Could not allocate buffer for %s"),
> +                     filepath);
> +      goto error;
> +    }
> +
> +  read_n = grub_file_read (file, read_buffer, file_size);
> +  if (read_n != file_size)
> +    {
> +      grub_free (read_buffer);
> +      err = grub_error (GRUB_ERR_FILE_READ_ERROR,
> +                     N_("Could not retrieve file contents: %s"),
> +                     filepath);

I would avoid wrapping lines in many places to increase readability of
this patch set, e.g.:

  err = grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Could not retrieve file 
contents: %s"), filepath);

In general I am OK with lines (a bit) longer than 80.

> +      goto error;
> +    }
> +
> +  *buffer = read_buffer;
> +  *buffer_size = file_size;
> +
> +  err = GRUB_ERR_NONE;
> +
> +error:
> +  if (file != NULL)
> +    grub_file_close (file);
> +
> +  return err;
> +}
> +
> +static grub_err_t
> +grub_tpm2_protector_srk_unmarshal_keyfile (void *sealed_key,
> +                                        grub_size_t sealed_key_size,
> +                                        TPM2_SEALED_KEY *sk)
> +{
> +  struct grub_tpm2_buffer buf;
> +
> +  grub_tpm2_buffer_init (&buf);
> +  if (sealed_key_size > buf.cap)
> +    return grub_error (GRUB_ERR_BAD_ARGUMENT,
> +                    N_("Sealed key larger than %" PRIuGRUB_SIZE " bytes"),
> +                    buf.cap);
> +
> +  grub_memcpy (buf.data, sealed_key, sealed_key_size);
> +  buf.size = sealed_key_size;
> +
> +  grub_tpm2_mu_TPM2B_PUBLIC_Unmarshal (&buf, &sk->public);
> +  grub_tpm2_mu_TPM2B_PRIVATE_Unmarshal (&buf, &sk->private);
> +
> +  if (buf.error)
> +    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Malformed TPM wire key 
> file"));
> +
> +  return GRUB_ERR_NONE;
> +}
> +
> +static grub_err_t
> +grub_tpm2_protector_srk_unmarshal_tpm2key (void *sealed_key,
> +                                        grub_size_t sealed_key_size,
> +                                        tpm2key_policy_t *policy_seq,
> +                                        tpm2key_authpolicy_t *authpol_seq,
> +                                        grub_uint8_t *rsaparent,
> +                                        grub_uint32_t *parent,
> +                                        TPM2_SEALED_KEY *sk)
> +{
> +  asn1_node tpm2key = NULL;
> +  grub_uint8_t rsaparent_tmp;
> +  grub_uint32_t parent_tmp;
> +  void *sealed_pub = NULL;
> +  grub_size_t sealed_pub_size;
> +  void *sealed_priv = NULL;
> +  grub_size_t sealed_priv_size;
> +  struct grub_tpm2_buffer buf;
> +  grub_err_t err;
> +
> +  /*
> +   * Start to parse the tpm2key file
> +   * TPMKey ::= SEQUENCE {
> +   *     type        OBJECT IDENTIFIER,
> +   *     emptyAuth   [0] EXPLICIT BOOLEAN OPTIONAL,
> +   *     policy      [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL,
> +   *     secret      [2] EXPLICIT OCTET STRING OPTIONAL,
> +   *     authPolicy  [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL,
> +   *     description [4] EXPLICIT UTF8String OPTIONAL,
> +   *     rsaParent   [5] EXPLICIT BOOLEAN OPTIONAL,
> +   *     parent      INTEGER,
> +   *     pubkey      OCTET STRING,
> +   *     privkey     OCTET STRING
> +   * }
> +   */
> +  err = grub_tpm2key_start_parsing (&tpm2key, sealed_key, sealed_key_size);
> +  if (err != GRUB_ERR_NONE)
> +    return err;
> +
> +  /*
> +   * Retrieve the policy sequence from 'policy'
> +   * policy_seq will be NULL when 'policy' is not available
> +   */
> +  err = grub_tpm2key_get_policy_seq (tpm2key, policy_seq);
> +  if (err != GRUB_ERR_NONE)
> +    goto error;
> +
> +  /*
> +   * Retrieve the authpolicy sequence from 'authPolicy'
> +   * authpol_seq will be NULL when 'authPolicy' is not available
> +   */
> +  err = grub_tpm2key_get_authpolicy_seq (tpm2key, authpol_seq);
> +  if (err != GRUB_ERR_NONE)
> +    goto error;
> +
> +  /* Retrieve rsaParent */
> +  err = grub_tpm2key_get_rsaparent (tpm2key, &rsaparent_tmp);
> +  if (err != GRUB_ERR_NONE)
> +    goto error;
> +
> +  *rsaparent = rsaparent_tmp;
> +
> +  /* Retrieve the parent handle */
> +  err = grub_tpm2key_get_parent (tpm2key, &parent_tmp);
> +  if (err != GRUB_ERR_NONE)
> +    goto error;
> +
> +  /*  The parent handle should be either PERMANENT or PERSISTENT. */
> +  if (!TPM_HT_IS_PERMANENT (parent_tmp) && !TPM_HT_IS_PERSISTENT 
> (parent_tmp))
> +    {
> +      err = GRUB_ERR_OUT_OF_RANGE;
> +      goto error;
> +    }
> +
> +  *parent = parent_tmp;
> +
> +  /* Retrieve the public part of the sealed key */
> +  err = grub_tpm2key_get_pubkey (tpm2key, &sealed_pub, &sealed_pub_size);
> +  if (err != GRUB_ERR_NONE)
> +    goto error;
> +
> +  /* Retrieve the private part of the sealed key */
> +  err = grub_tpm2key_get_privkey (tpm2key, &sealed_priv, &sealed_priv_size);
> +  if (err != GRUB_ERR_NONE)
> +    goto error;
> +
> +  /* Unmarshal the sealed key */
> +  grub_tpm2_buffer_init (&buf);
> +  if (sealed_pub_size + sealed_priv_size > buf.cap)
> +    {
> +      err = grub_error (GRUB_ERR_BAD_ARGUMENT,
> +                     N_("Sealed key larger than %" PRIuGRUB_SIZE " bytes"),
> +                     buf.cap);
> +      goto error;
> +    }
> +
> +  grub_tpm2_buffer_pack (&buf, sealed_pub, sealed_pub_size);
> +  grub_tpm2_buffer_pack (&buf, sealed_priv, sealed_priv_size);
> +
> +  buf.offset = 0;
> +
> +  grub_tpm2_mu_TPM2B_PUBLIC_Unmarshal (&buf, &sk->public);
> +  grub_tpm2_mu_TPM2B_PRIVATE_Unmarshal (&buf, &sk->private);
> +
> +  if (buf.error)
> +    {
> +      err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Malformed TPM 2.0 key 
> file"));
> +      goto error;
> +    }
> +
> +  err = GRUB_ERR_NONE;
> +
> +error:
> +  /* End the parsing */
> +  grub_tpm2key_end_parsing (tpm2key);
> +  grub_free (sealed_pub);
> +  grub_free (sealed_priv);
> +
> +  return err;
> +}
> +
> +/* Check if the SRK exists in the specified handle */
> +static grub_err_t
> +grub_tpm2_protector_srk_check (const TPM_HANDLE srk_handle)
> +{
> +  TPM_RC rc;
> +  TPM2B_PUBLIC public;
> +
> +  /* Find SRK */
> +  rc = TPM2_ReadPublic (srk_handle, NULL, &public);
> +  if (rc == TPM_RC_SUCCESS)
> +    return GRUB_ERR_NONE;
> +
> +  return grub_error (GRUB_ERR_BAD_ARGUMENT,
> +                  N_("Failed to retrieve SRK from 0x%x (TPM2_ReadPublic: 
> 0x%x)"),
> +                  srk_handle, rc);
> +}
> +
> +/* Get the SRK with the template */
> +static grub_err_t
> +grub_tpm2_protector_srk_get (const grub_srk_type_t srk_type,
> +                          const TPM_HANDLE parent,
> +                          TPM_HANDLE *srk_handle)
> +{
> +  TPM_RC rc;
> +  TPMT_PUBLIC_PARMS parms = { 0 };

s/ 0 /0/ and in general everywhere please...

> +  TPMS_AUTH_COMMAND authCommand = { 0 };
> +  TPM2B_SENSITIVE_CREATE inSensitive = { 0 };
> +  TPM2B_PUBLIC inPublic = { 0 };
> +  TPM2B_DATA outsideInfo = { 0 };
> +  TPML_PCR_SELECTION creationPcr = { 0 };
> +  TPM2B_PUBLIC outPublic = { 0 };
> +  TPM2B_CREATION_DATA creationData = { 0 };
> +  TPM2B_DIGEST creationHash = { 0 };
> +  TPMT_TK_CREATION creationTicket = { 0 };
> +  TPM2B_NAME srkName = { 0 };
> +  TPM_HANDLE tmp_handle = 0;
> +
> +  inPublic.publicArea.type = srk_type.type;
> +  inPublic.publicArea.nameAlg = TPM_ALG_SHA256;
> +  inPublic.publicArea.objectAttributes.restricted = 1;
> +  inPublic.publicArea.objectAttributes.userWithAuth = 1;
> +  inPublic.publicArea.objectAttributes.decrypt = 1;
> +  inPublic.publicArea.objectAttributes.fixedTPM = 1;
> +  inPublic.publicArea.objectAttributes.fixedParent = 1;
> +  inPublic.publicArea.objectAttributes.sensitiveDataOrigin = 1;
> +  inPublic.publicArea.objectAttributes.noDA = 1;
> +
> +  if (srk_type.type == TPM_ALG_RSA)
> +    {
> +      inPublic.publicArea.parameters.rsaDetail.symmetric.algorithm = 
> TPM_ALG_AES;
> +      inPublic.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
> +      inPublic.publicArea.parameters.rsaDetail.symmetric.mode.aes = 
> TPM_ALG_CFB;
> +      inPublic.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL;
> +      inPublic.publicArea.parameters.rsaDetail.keyBits = 
> srk_type.detail.rsa_bits;
> +      inPublic.publicArea.parameters.rsaDetail.exponent = 0;
> +    }
> +  else if (srk_type.type == TPM_ALG_ECC)
> +    {
> +      inPublic.publicArea.parameters.eccDetail.symmetric.algorithm = 
> TPM_ALG_AES;
> +      inPublic.publicArea.parameters.eccDetail.symmetric.keyBits.aes = 128;
> +      inPublic.publicArea.parameters.eccDetail.symmetric.mode.aes = 
> TPM_ALG_CFB;
> +      inPublic.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
> +      inPublic.publicArea.parameters.eccDetail.curveID = 
> srk_type.detail.ecc_curve;
> +      inPublic.publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
> +    }
> +  else
> +    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Unknown SRK algorithm"));
> +
> +  /* Test the parameters before SRK generation */
> +  parms.type = srk_type.type;
> +  grub_memcpy (&parms.parameters, &inPublic.publicArea.parameters,
> +            sizeof (TPMU_PUBLIC_PARMS));
> +
> +  rc = TPM2_TestParms (&parms, NULL);
> +  if (rc != TPM_RC_SUCCESS)
> +    return grub_error (GRUB_ERR_BAD_ARGUMENT,
> +                    N_("Unsupported SRK template (TPM2_TestParms: 0x%x)"),
> +                    rc);
> +
> +  /* Create SRK */
> +  authCommand.sessionHandle = TPM_RS_PW;
> +  rc = TPM2_CreatePrimary (parent, &authCommand, &inSensitive, &inPublic,
> +                        &outsideInfo, &creationPcr, &tmp_handle, &outPublic,
> +                        &creationData, &creationHash, &creationTicket,
> +                        &srkName, NULL);
> +  if (rc != TPM_RC_SUCCESS)
> +    return grub_error (GRUB_ERR_BAD_DEVICE,
> +                    N_("Could not create SRK (TPM2_CreatePrimary: 0x%x)"),
> +                    rc);
> +
> +  *srk_handle = tmp_handle;
> +
> +  return GRUB_ERR_NONE;
> +}
> +
> +/* Load the SRK from the persistent handle or create one with a given type of
> +   template, and then associate the sealed key with the SRK
> +   Return values:
> +   * GRUB_ERR_NONE: Everything is fine.
> +   * GRUB_ERR_BAD_ARGUMENT: The SRK doesn't match. Try another one.
> +   * Other: Something went wrong.
> +*/

Wrong coding style for comments. Please take a look here [1].

> +static grub_err_t
> +grub_tpm2_protector_srk_load (const grub_srk_type_t srk_type,
> +                           const TPM2_SEALED_KEY *sealed_key,
> +                           const TPM_HANDLE parent,
> +                           TPM_HANDLE *sealed_handle,
> +                           TPM_HANDLE *srk_handle)
> +{
> +  TPMS_AUTH_COMMAND authCmd = { 0 };
> +  TPM2B_NAME name = { 0 };
> +  TPM_RC rc;
> +  grub_err_t err;
> +
> +  if (srk_handle == NULL)
> +    return GRUB_ERR_BUG;
> +
> +  if (*srk_handle != 0)
> +    {
> +      err = grub_tpm2_protector_srk_check (*srk_handle);
> +      if (err != GRUB_ERR_NONE)
> +     return err;
> +    }
> +  else
> +    {
> +      err = grub_tpm2_protector_srk_get (srk_type, parent, srk_handle);
> +      if (err != GRUB_ERR_NONE)
> +     return err;
> +    }
> +
> +  /* Load the sealed key and associate it with the SRK */
> +  authCmd.sessionHandle = TPM_RS_PW;
> +  rc = TPM2_Load (*srk_handle, &authCmd, &sealed_key->private, 
> &sealed_key->public,
> +               sealed_handle, &name, NULL);
> +  /* If TPM2_Load returns (TPM_RC_INTEGRITY | TPM_RC_P | TPM_RC_1), then it
> +     implies the wrong SRK is used. */

Ditto.

> +  if (rc == (TPM_RC_INTEGRITY | TPM_RC_P | TPM_RC_1))
> +    {
> +      err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("SRK not matched"));
> +      goto error;
> +    }
> +  else if (rc != TPM_RC_SUCCESS)
> +    {
> +      err = grub_error (GRUB_ERR_BAD_DEVICE,
> +                     N_("Failed to load sealed key (TPM2_Load: 0x%x)"),
> +                     rc);
> +      goto error;
> +    }
> +
> +  return GRUB_ERR_NONE;
> +
> +error:
> +  if (!TPM_HT_IS_PERSISTENT (*srk_handle))
> +    TPM2_FlushContext (*srk_handle);
> +
> +  return err;
> +}
> +
> +static const char *
> +srk_type_to_name (grub_srk_type_t srk_type)
> +{
> +  if (srk_type.type == TPM_ALG_ECC)
> +    {
> +      switch (srk_type.detail.ecc_curve)
> +        {
> +       case TPM_ECC_NIST_P256:
> +         return "ECC_NIST_P256";
> +        }

I would use "if" instead of "switch" here.

> +    }
> +  else if (srk_type.type == TPM_ALG_RSA)
> +   {
> +      switch (srk_type.detail.rsa_bits)
> +     {
> +       case 2048:
> +         return "RSA2048";

Ditto.

> +     }
> +   }
> +
> +  return "Unknown";
> +}

[...]

> +static grub_err_t
> +grub_tpm2_protector_simple_policy_seq (const struct 
> grub_tpm2_protector_context *ctx,
> +                                    tpm2key_policy_t *policy_seq)
> +{
> +  tpm2key_policy_t policy = NULL;
> +  struct grub_tpm2_buffer buf;
> +  TPML_PCR_SELECTION pcr_sel = {
> +    .count = 1,
> +    .pcrSelections = {
> +      {
> +     .hash = ctx->bank,
> +     .sizeOfSelect = 3,
> +     .pcrSelect = { 0 }
> +      },
> +    }
> +  };
> +  grub_uint8_t i;
> +  grub_err_t err;
> +
> +  if (policy_seq == NULL)
> +    return GRUB_ERR_BAD_ARGUMENT;
> +
> +  grub_tpm2_buffer_init (&buf);
> +
> +  for (i = 0; i < ctx->pcr_count; i++)
> +    TPMS_PCR_SELECTION_SelectPCR (&pcr_sel.pcrSelections[0], ctx->pcrs[i]);
> +
> +  grub_tpm2_buffer_pack_u16 (&buf, 0);
> +  grub_tpm2_mu_TPML_PCR_SELECTION_Marshal (&buf, &pcr_sel);
> +
> +  if (buf.error)

If you define buf.error as a bool please use "if (buf.error == true)",
etc. for checks.

> +    return GRUB_ERR_BAD_ARGUMENT;
> +
> +  policy = grub_malloc (sizeof(struct tpm2key_policy));
> +  if (policy == NULL)
> +    {
> +      err = GRUB_ERR_OUT_OF_MEMORY;
> +      goto error;
> +    }
> +  policy->cmd_code = TPM_CC_PolicyPCR;
> +  policy->cmd_policy = grub_malloc (buf.size);
> +  if (policy->cmd_policy == NULL)
> +    {
> +      err = GRUB_ERR_OUT_OF_MEMORY;
> +      goto error;
> +    }
> +  grub_memcpy (policy->cmd_policy, buf.data, buf.size);
> +  policy->cmd_policy_len = buf.size;
> +
> +  grub_list_push (GRUB_AS_LIST_P (policy_seq), GRUB_AS_LIST (policy));
> +
> +  return GRUB_ERR_NONE;
> +
> +error:
> +  grub_free (policy);
> +
> +  return err;
> +}

[...]

> +static grub_err_t
> +grub_tpm2_protector_nv_recover (const struct grub_tpm2_protector_context 
> *ctx,
> +                             grub_uint8_t **key, grub_size_t *key_size)
> +{
> +  (void)ctx;
> +  (void)key;
> +  (void)key_size;

"__attribute__ ((unused)" is your friend.

> +
> +  return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
> +                  N_("NV Index mode is not implemented yet"));
> +}

[...]

> +GRUB_MOD_FINI (tpm2)
> +{
> +  grub_free ((void *) grub_tpm2_protector_ctx.keyfile);
> +  grub_memset (&grub_tpm2_protector_ctx, 0, sizeof 
> (grub_tpm2_protector_ctx));

I think this grub_memset() is redundant just before module unload.

> +  grub_key_protector_unregister (&grub_tpm2_key_protector);
> +  grub_unregister_extcmd (grub_tpm2_protector_clear_cmd);
> +  grub_unregister_extcmd (grub_tpm2_protector_init_cmd);
> +}
> diff --git a/grub-core/tpm2/tpm2key.asn b/grub-core/tpm2/tpm2key.asn
> new file mode 100644
> index 000000000..7ad4b6a2a
> --- /dev/null
> +++ b/grub-core/tpm2/tpm2key.asn
> @@ -0,0 +1,33 @@

Missing license...

> +--
> +-- TPM 2.0 key file format
> +--  To generate tpm2key_asn1_tab.c: asn1Parser tpm2key.asn
> +--
> +TPM2KEY {}
> +DEFINITIONS IMPLICIT TAGS ::=
> +
> +BEGIN
> +
> +TPMPolicy ::= SEQUENCE {
> +    CommandCode   [0] EXPLICIT INTEGER,
> +    CommandPolicy [1] EXPLICIT OCTET STRING
> +}
> +
> +TPMAuthPolicy ::= SEQUENCE {
> +    Name    [0] EXPLICIT UTF8String OPTIONAL,
> +    Policy  [1] EXPLICIT SEQUENCE OF TPMPolicy
> +}
> +
> +TPMKey ::= SEQUENCE {
> +    type        OBJECT IDENTIFIER,
> +    emptyAuth   [0] EXPLICIT BOOLEAN OPTIONAL,
> +    policy      [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL,
> +    secret      [2] EXPLICIT OCTET STRING OPTIONAL,
> +    authPolicy  [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL,
> +    description [4] EXPLICIT UTF8String OPTIONAL,
> +    rsaParent   [5] EXPLICIT BOOLEAN OPTIONAL,
> +    parent      INTEGER,
> +    pubkey      OCTET STRING,
> +    privkey     OCTET STRING
> +}
> +
> +END
> diff --git a/grub-core/tpm2/tpm2key.c b/grub-core/tpm2/tpm2key.c
> new file mode 100644
> index 000000000..5972a40a9
> --- /dev/null
> +++ b/grub-core/tpm2/tpm2key.c
> @@ -0,0 +1,475 @@
> +/*
> + *  GRUB  --  GRand Unified Bootloader
> + *  Copyright (C) 2023 SUSE LLC
> + *
> + *  GRUB is free software: you can redistribute it and/or modify
> + *  it under the terms of the GNU General Public License as published by
> + *  the Free Software Foundation, either version 3 of the License, or
> + *  (at your option) any later version.
> + *
> + *  GRUB is distributed in the hope that it will be useful,
> + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + *  GNU General Public License for more details.
> + *
> + *  You should have received a copy of the GNU General Public License
> + *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <grub/list.h>
> +#include <grub/misc.h>
> +#include <grub/mm.h>
> +#include <grub/tpm2/buffer.h>
> +#include <grub/tpm2/tpm2key.h>
> +
> +extern asn1_static_node tpm2key_asn1_tab[];
> +const char *sealed_key_oid = "2.23.133.10.1.5";
> +
> +static int
> +asn1_allocate_and_read (asn1_node node, const char *name, void **content, 
> grub_size_t *content_size)
> +{
> +  grub_uint8_t *tmpstr = NULL;
> +  int tmpstr_size = 0;
> +  int ret;
> +
> +  if (content == NULL)
> +    return ASN1_MEM_ERROR;
> +
> +  ret = asn1_read_value (node, name, NULL, &tmpstr_size);
> +  if (ret != ASN1_MEM_ERROR)
> +    return ret;
> +
> +  tmpstr = grub_malloc (tmpstr_size);
> +  if (tmpstr == NULL)
> +    return ASN1_MEM_ERROR;
> +
> +  ret = asn1_read_value (node, name, tmpstr, &tmpstr_size);
> +  if (ret != ASN1_SUCCESS)
> +    return ret;
> +
> +  *content = tmpstr;
> +  *content_size = tmpstr_size;
> +
> +  return ASN1_SUCCESS;
> +}
> +
> +static int
> +asn1_read_uint32 (asn1_node node, const char *name, grub_uint32_t *out)
> +{
> +  grub_uint32_t tmp = 0;
> +  grub_uint8_t *ptr;
> +  void *data = NULL;
> +  grub_size_t data_size;
> +  int ret;
> +
> +  ret = asn1_allocate_and_read (node, name, &data, &data_size);
> +  if (ret != ASN1_SUCCESS)
> +    return ret;
> +
> +  if (data_size > 4)

Is it possible to get 3 or less here? If yes then we should check for
this too. Or s/>/!=/...

> +    {
> +      ret = ASN1_MEM_ERROR;
> +      goto error;
> +    }
> +
> +  /* convert the big-endian integer to host uint32 */
> +  ptr = (grub_uint8_t *)&tmp + (4 - data_size);
> +  grub_memcpy (ptr, data, data_size);

Could you explain this? Why grub_be_to_cpu32() is not enough?
Is it related to alignment? If yes you could use grub_get_unaligned32().

> +  tmp = grub_be_to_cpu32 (tmp);
> +
> +  *out = tmp;
> +error:
> +  if (data)
> +    grub_free (data);
> +  return ret;
> +}

[...]

> +grub_err_t
> +grub_tpm2key_get_authpolicy_seq (asn1_node tpm2key, tpm2key_authpolicy_t 
> *authpol_seq)
> +{
> +  tpm2key_authpolicy_t tmp_seq = NULL;
> +  tpm2key_authpolicy_t authpol = NULL;
> +  int authpol_n;
> +  char authpol_pol[AUTHPOLICY_POL_MAX];
> +  int i;
> +  int ret;
> +  grub_err_t err;
> +
> +  ret = asn1_number_of_elements (tpm2key, "authPolicy", &authpol_n);
> +  if (ret == ASN1_ELEMENT_NOT_FOUND)
> +    {
> +      /* "authPolicy" is optional, so it may not be available */
> +      *authpol_seq = NULL;
> +      return GRUB_ERR_NONE;
> +    }
> +  else if (ret != ASN1_SUCCESS)
> +    return grub_error (GRUB_ERR_READ_ERROR, N_("Failed to retrieve 
> authPolicy"));
> +
> +  /* Limit the number of authPolicy elements to two digits (99) */
> +  if (authpol_n > 100 || authpol_n < 1)

I would define high/low policy limits as constants and use them everywhere.

> +    return grub_error (GRUB_ERR_OUT_OF_RANGE,
> +                    N_("Invalid number of authPolicy elements"));
> +
> +  /*
> +   * Iterate the authPolicy elements backwards since grub_list_push() 
> prepends
> +   * the item into the list.
> +   */
> +  for (i = authpol_n; i >= 1; i--) {
> +    authpol = grub_zalloc (sizeof (struct tpm2key_authpolicy));
> +    if (authpol == NULL)
> +      {
> +     err = grub_error (GRUB_ERR_OUT_OF_MEMORY,
> +                       N_("Failed to allocate memory for authPolicy"));
> +     goto error;
> +      }
> +    grub_snprintf (authpol_pol, AUTHPOLICY_POL_MAX, "authPolicy.?%d.Policy", 
> i);
> +
> +    ret = tpm2key_get_policy_seq (tpm2key, authpol_pol, 
> &authpol->policy_seq);
> +    if (ret != ASN1_SUCCESS)
> +      {
> +        err = grub_error (GRUB_ERR_READ_ERROR,
> +                       N_("Failed to retrieve policy from authPolicy"));
> +        goto error;
> +      }
> +
> +    /* Prepend the authPolicy element into the sequence */
> +    grub_list_push (GRUB_AS_LIST_P (&tmp_seq), GRUB_AS_LIST (authpol));
> +  }
> +
> +  *authpol_seq = tmp_seq;
> +
> +  return GRUB_ERR_NONE;
> +
> +error:
> +  if (authpol)
> +    {
> +      grub_tpm2key_free_policy_seq (authpol->policy_seq);
> +      grub_free (authpol);
> +    }
> +
> +  grub_tpm2key_free_authpolicy_seq (tmp_seq);
> +
> +  return err;
> +}
> +
> +void
> +grub_tpm2key_free_authpolicy_seq (tpm2key_authpolicy_t authpol_seq)
> +{
> +  tpm2key_authpolicy_t authpol;
> +  tpm2key_authpolicy_t next;
> +
> +  if (authpol_seq == NULL)
> +    return;
> +
> +  FOR_LIST_ELEMENTS_SAFE (authpol, next, authpol_seq)
> +    {
> +      grub_tpm2key_free_policy_seq (authpol->policy_seq);
> +      grub_free (authpol);
> +    }
> +}
> diff --git a/grub-core/tpm2/tpm2key_asn1_tab.c 
> b/grub-core/tpm2/tpm2key_asn1_tab.c
> new file mode 100644
> index 000000000..8710c7ae9
> --- /dev/null
> +++ b/grub-core/tpm2/tpm2key_asn1_tab.c
> @@ -0,0 +1,45 @@

Missing license here.

> +/*
> + * This file is generated by 'asn1Parser tpm2key.asn' and the '#include'
> + * headers are replaced with the ones in grub2.
> + * - 'grub/mm.h' for the definition of 'NULL'
> + * - 'libtasn1.h' for the definition of 'asn1_static_node'
> + */
> +
> +#include <grub/mm.h>
> +#include <libtasn1.h>
> +
> +const asn1_static_node tpm2key_asn1_tab[] = {
> +  { "TPM2KEY", 536875024, NULL },
> +  { NULL, 1073741836, NULL },
> +  { "TPMPolicy", 1610612741, NULL },
> +  { "CommandCode", 1610620931, NULL },
> +  { NULL, 2056, "0"},
> +  { "CommandPolicy", 536879111, NULL },
> +  { NULL, 2056, "1"},
> +  { "TPMAuthPolicy", 1610612741, NULL },
> +  { "Name", 1610637346, NULL },
> +  { NULL, 2056, "0"},
> +  { "Policy", 536879115, NULL },
> +  { NULL, 1073743880, "1"},
> +  { NULL, 2, "TPMPolicy"},
> +  { "TPMKey", 536870917, NULL },
> +  { "type", 1073741836, NULL },
> +  { "emptyAuth", 1610637316, NULL },
> +  { NULL, 2056, "0"},
> +  { "policy", 1610637323, NULL },
> +  { NULL, 1073743880, "1"},
> +  { NULL, 2, "TPMPolicy"},
> +  { "secret", 1610637319, NULL },
> +  { NULL, 2056, "2"},
> +  { "authPolicy", 1610637323, NULL },
> +  { NULL, 1073743880, "3"},
> +  { NULL, 2, "TPMAuthPolicy"},
> +  { "description", 1610637346, NULL },
> +  { NULL, 2056, "4"},
> +  { "rsaParent", 1610637316, NULL },
> +  { NULL, 2056, "5"},
> +  { "parent", 1073741827, NULL },
> +  { "pubkey", 1073741831, NULL },
> +  { "privkey", 7, NULL },
> +  { NULL, 0, NULL }
> +};

Daniel

[1] https://www.gnu.org/software/grub/manual/grub-dev/grub-dev.html#Comments



reply via email to

[Prev in Thread] Current Thread [Next in Thread]