[PATCH 00/10] TPM2 key protector follow-up patches

[Gary Lin]

git: https://github.com/lcp/grub2/tree/tpm2-follow-up

This patchset is the collection of several enhancements for TPM2 key
protector.

* Patch 1 introduces the PCR dump to help debugging policy fail.
* Patch 2~3 adds the new command to dump PCRs in GRUB shell and the
* documentation of the command.
* Patch 4 fixes a minor issue in tss2.
* Patch 5~8 extends the NV index mode to support 'NV index' handles
  and TPM 2.0 Key File format.
  - Thanks to James Bottomley for how to detect TPM 2.0 Key File format.
    https://lists.gnu.org/archive/html/grub-devel/2024-11/msg00078.html
* Patch 9~10 update the test cases and the documentation for NV index
  mode.

Gary Lin (10):
  tpm2_key_protector: dump PCRs on policy fail
  tpm2_key_protector: Add 'tpm2_dump_pcr' command
  docs: Document tpm2_dump_pcr
  tss2: Fix the missing authCommand
  tss2: Add TPM 2.0 NV index commands
  tpm2_key_protector: Unseal key from a buffer
  tpm2_key_protector: Support NV index handles
  util/grub-protect: Support NV index mode
  tests/tpm2_key_protector_test: Amend the NV index mode test
  docs: Update NV index mode of TPM2 key protector

 docs/grub.texi                                | 198 ++++++++--
 .../commands/tpm2_key_protector/module.c      | 347 ++++++++++++++---
 grub-core/lib/tss2/tpm2_cmd.c                 | 211 ++++++++++-
 grub-core/lib/tss2/tpm2_cmd.h                 |  32 ++
 grub-core/lib/tss2/tss2_mu.c                  |  39 ++
 grub-core/lib/tss2/tss2_mu.h                  |  12 +
 grub-core/lib/tss2/tss2_types.h               |   6 +
 tests/tpm2_key_protector_test.in              | 151 +++-----
 util/grub-protect.c                           | 358 +++++++++++++++---
 9 files changed, 1122 insertions(+), 232 deletions(-)

-- 
2.43.0