[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v19 00/33] Automatic Disk Unlock with TPM2
From: |
Gary Lin |
Subject: |
[PATCH v19 00/33] Automatic Disk Unlock with TPM2 |
Date: |
Fri, 6 Sep 2024 17:10:52 +0800 |
GIT repo for v19: https://github.com/lcp/grub2/tree/tpm2-unlock-v19
This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB2, and this could be a useful feature for the systems to
implement full disk encryption.
To support TPM 2.0 Key File format(*2), patch 1~7,9-16 are grabbed from
Daniel Axtens's "appended signature secure boot support" (*3) to import
libtasn1 into grub2. Besides, the libtasn1 version is upgraded to
4.19.0 instead of 4.16.0 in the original patch.
Patch 8 fixes a potential buffer overrun in libtasn1.
(https://gitlab.com/gnutls/libtasn1/-/issues/49)
Patch 17 adds the document for libtasn1 and the steps to upgrade the
library.
Patch 18~24 are based on Hernan Gatta's patches with the follow-up fixes
and improvements:
- Converting 8 spaces into 1 tab
- Merging the minor build fix from Michael Chang
- Replacing "lu" with "PRIuGRUB_SIZE" for grub_dprintf
- Adding "enable = efi" to the tpm2 module in grub-core/Makefile.core.def
- Rebasing "cryptodisk: Support key protectors" to the git master
- Removing the measurement on the sealed key
- Based on the patch from Olaf Kirch <OKir@suse.com>
- Adjusting the input parameters of TPM2_EvictControl to match the order
in "TCG TPM2 Part3 Commands"
- Declaring the input arguments of TPM2 functions as const
- Resending TPM2 commands on TPM_RC_RETRY
- Adding checks for the parameters of TPM2 commands
- Packing the missing authorization command for TPM2_PCR_Read
- Tweaking the TPM2 command functions to allow some parameters to be
NULL so that we don't have to declare empty variables
- Using grub_cpu_to_be*() in the TPM2 stack instead of grub_swap_bytes*()
which may cause problems in big-indian machines
- Changing the short name of "--protector" of "cryptomount" from "-k" to
"-P" to avoid the conflict with "--key-file"
- Supporting TPM 2.0 Key File Format besides the raw sealed key
- Adding the external libtasn1 dependency to grub-protect to write the
TPM 2.0 Key files
- Extending the TPM2 TSS stack to support authorized policy
Patch 25 implements the authorized policy support.
Patch 26 implements the missing NV index mode. (Thanks to Patrick Colp)
Patch 27 improves the 'cryptomount' command to fall back to the
passphrase mode when the key protector fails to unlock the encrypted
partition. (Another patch from Patrick Colp)
Patch 28 and 29 fix the potential security issues spotted by Fabian Vogt.
Patch 30 and 31 implement the TPM2 key unsealing testcases.
Patch 32 document the new "-P" option for "cryptomount"
Patch 33 document TPM2 key protector including the new GRUB commands and
the user-space utility.
To utilize the TPM2 key protector to unlock the encrypted partition
(sdb1), here are the sample steps:
1. Add an extra random key for LUKS (luks-key)
$ dd if=/dev/urandom of=luks-key bs=1 count=32
$ sudo cryptsetup luksAddKey /dev/sdb1 luks-key --pbkdf=pbkdf2
2. Seal the key
$ sudo grub-protect --action=add \
--protector=tpm2 \
--tpm2key \
--tpm2-keyfile=luks-key \
--tpm2-outfile=/boot/efi/boot/grub2/sealed.tpm
3. Unseal the key with the proper commands in grub.cfg:
tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
cryptomount -u <SDB1_UUID> -P tpm2
(*1) https://lists.gnu.org/archive/html/grub-devel/2022-02/msg00006.html
(*2) https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
(*3) https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00044.html
v19:
- Updating the coverity report for libtasn1
- Splitting the strcat() patch for libtasn1
- Addressing why the header paths are adjusted in libtasn1.h
- Fixing the order of the copyright headers
- Breaking down the patch for asn1 tests into the smaller patches
- libtasn1 patches are created by the following repo against the
libtasn1-4.19.0-base-v3 tag:
https://github.com/lcp/grub2/tree/import-libtasn1-4.19.0-v3
- Marking the 'extern' functions
- Amending the string length checks
- Unmarking the technical strings for translation
- Fixing more line foldings and coding style issues
- Renaming the TPM2 types to add the '_t' postfix for typedefs
- Adding the 'grub_' prefix to the global functions from tss2 and
removing the 'grub_' prefix from the location functions
- Adding more comments about the passphrase fallback
- Simplying the diskfilter check
- Documenting TPM2 key protector in the user manual
v18:
- https://lists.gnu.org/archive/html/grub-devel/2024-06/msg00228.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v18
- Updating the steps to import libtasn1
- Importing test cases from libtasn1 and then applying the follow-up
patch by autogen.sh
- The patch files in patch 3~8 are created with the following repo
against the libtasn1-4.19.0-base-v2 tag:
https://github.com/lcp/grub2/tree/import-libtasn1-4.19.0-v2
- Splitting the grub compatibility patch for libtasn1
- Moving the TSS2 code to grub-core/lib/tss2 and renaming
grub_tpm2_mu_*() functions to grub_Tss2_MU_*()
- Splitting the TSS2 patch into 3 patches
- Fixing the types of TPMA_SESSION, TPMA_OBJECT, and TPMA_LOCALITY
- Renaming the tpm2 module to tpm2_key_protector
- Adding more comments to asn1_read_uint32() and defining the lower and
upper bounds for tpm2key elements
- Also fixing a bug that allows 100 elements in the key file
- Fixing the copyright headers
- Fixing the coding style
v17:
- https://lists.gnu.org/archive/html/grub-devel/2024-06/msg00108.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v17
- Fixing the missing space in strncat()
- Updating the steps to import libtasn1
- Moving libtasn1.h to grub-core/lib/libtasn1/ and fixing the affected
patches
- libtasn1.h is included in tpm2key.h, so there is no need to include
the header again in module.c and tpm2key.c.
- Applying the libtasn1 patches in a different way
- Instead of applying the patches directly in the grub2 source code,
libtasn1 is copied to grub-core/lib/libtasn1-grub by autogen.sh and
then the script applies the libtasn1 patches to libtasn1-grub.
- The patch files in patch 3, 4, and 5 are created by the following
repo against the libtasn1-4.19.0-base tag.
https://github.com/lcp/grub2/tree/import-libtasn1-4.19.0
- Correcting the description of the tpm2_test commit to replace
swtpm_cuse with "swtpm chardev"
v16:
- https://lists.gnu.org/archive/html/grub-devel/2024-05/msg00093.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v16
- Rebasing patch 6, 12, and 16 to fix the conflicts with the latest
master branch
- Changes in cryptodisk:
- Disallowing that both OPTION_KEYFILE and OPTION_PROTECTOR are set
since the key data for "--key-file" would be overwritten by the key
protectors
- Resetting the cargs key data when the key from a key protector
doesn't work for the disk to ensure the passphrase prompt will be
triggered later
- Adding the comment to address why grub_errno is only cleared for
cargs->key_len == 0
v15:
- https://lists.gnu.org/archive/html/grub-devel/2024-05/msg00059.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v15
- Changes in tpm2_test
- Quoting the variables which contain file paths
- Correcting the exit code for several commands
- Writing the verification text directly into the LUKS device
- Amending the waiting loop for swtpm
- Replacing exit with return in tpm2_seal_unseal() and
tpm2_seal_unseal_nv()
- Collecting the parameters for the SRK mode testcases in an array
and invoking tpm2_seal_unseal() with a for loop
- Moving the tpm2-tools commands for the NV index mode to a separate
function
- Using tpm2_evictcontrol to remove the object from the NV index to
match the key sealing commands
- Printing the test results
- Printing error messages to stderr
v14:
- https://lists.gnu.org/archive/html/grub-devel/2024-05/msg00011.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v14
- Addressing the libtasn1 patches more in the document
- Various improvements in tpm2_test
- Verifying the test inside the LUKS device
- Improving the return status checks and the waiting loop for swtpm
- Fixing the portability issues
- Making all variables braced
- Renaming grub-emu-opts to --emu-opts (grub-shell)
v13:
- https://lists.gnu.org/archive/html/grub-devel/2024-04/msg00155.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v13
- Fixing typos and a few multi-line comments
- Improving the conditional checks for the arguments of
tpm2_key_protector_init
- Updating to the latest TPM 2.0 Key File format
- Adding the new optional fields: description and rsaParent
- Handling "rsaParent == TRUE" when unsealing the tpm2key
- Setting "rsaParent" to "TRUE" when sealing the key with RSA SRK
- Removing non-standard SRKs: RSA3072, RSA4096, ECC_NIST_P384,
ECC_NIST_P521, and ECC_SM2_P256
- Adding more error messages to grub-protect
- Improving the error checking for the swtpm chardev instance
- Exiting the tpm2_test script if grub-protect failed to seal the key
v12:
- https://lists.gnu.org/archive/html/grub-devel/2024-04/msg00108.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v12
- Fixing typos and indentation
- Removing the unused TPM commands: TPM2_HashSequenceStart,
TPM2_SequenceUpdate, and TPM2_SequenceComplete,
- Following the TCG EK templates to set the parameters of SRK
- Removing ECC_BN_P256 and ECC_BN_P638 from the SRK algorithm list since
those two algorithms are not mentioned in the TCG EK templates
- Updating the help messages of the tpm2 module and grub-protect
- Removing the unnecessary NULL checks
- Adding the manpage for grub-protect
- Replacing grub_crypto_hash() with TPM2_Hash() in grub-protect to
support SHA384 PCR banks
- Using 'swtpm chardev' to start swtpm instead of 'swtpm_cuse' since
some distros may not build swtpm with cuse
- Adding a new testcase without specifying the SRK type to test the
default SRK settings
- Amending tpm2_test to remove the duplicate error checking code
- Silencing the tpm2-tools commands in tpm2_test
- Fixing the exit trap of tpm2_test to removing the working directory
on success
v11:
- https://lists.gnu.org/archive/html/grub-devel/2024-04/msg00052.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v11
- Adding the missing default: handlers in grub-core/tpm2/mu.c
- Updating the help messages and commit messages to reflect the change
of the default SRK algorithm (RSA2048 -> ECC_NIST_P256)
- Adding the testcase for the NV index mode
v10:
- https://lists.gnu.org/archive/html/grub-devel/2024-04/msg00019.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v10
- Fixing the coverity issues: CID 435775, CID 435771, CID 435770, CID
435769, CID 435767, CID 435761
https://lists.gnu.org/archive/html/grub-devel/2024-02/txtKIuUb5lf3O.txt
- Fixing the potential memory leak (CID 435775)
- Removing the unnecessary grub_protect_get_grub_drive_for_file() from
util/grub-protect.c (CID 435771)
- Using the grub_tpm2_mu_TPM2B_*_Unmarshal functions to unmarshal the
TPM2B structs instead of a generic grub_tpm2_mu_TPM2B_Unmarshal
(CID 435770)
- Fixing Null pointer dereference (CID 435769)
- Adding bound checks to grub_tpm2_mu_TPML_DIGEST_Unmarshal()
(CID 435767)
- Improving the check for the return value of ftell() (CID 435761)
- Adding a quick fix for CID 435762
- Removing the empty ending line in tests/asn1_test.in
- Fixing docs/grub-dev.texi and updating the libtasn1 patches in
grub-core/lib/libtasn1-patches/
- Merging all the TPM2 TSS stack patches into one to reduce the total
patch number
- Switching the default asymmetric algorithm from RSA2048 to
TPM_ECC_NIST_P256 for the faster key generation
- Adding the fallback SRK templates to try a few more SRK types in case
grub2 failed to associate the sealed key with the SRK in the persistent
handle or the default SRK
- Improving the test script to add tests for the persistent handle and
the fallback SRKs
v9:
- https://lists.gnu.org/archive/html/grub-devel/2024-02/msg00007.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v9
- Introducing c-ctype.h to posix_wrap and implementing strncat
- Adding the descriptive comments to the disabled code in libtasn1
- Replacing strcat with the bound-checked _asn1_str_cat in libtasn1 and
including c-ctype.h directly
- Integrating the asn1 testcases into "functional_test"
- Updating the libtasn1 patches mentioned in the documentation
- Moving the key protector to a module
- Amending configure.ac to enable/disable grub-protect
- Fixing an timeout issue in the tpm2_test script by feeding the config
through stdin
v8:
- https://lists.gnu.org/archive/html/grub-devel/2024-01/msg00013.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v8
- Introducing TPM device support to grub-emu and adding the TPM key
unsealing testcase
v7:
- https://lists.gnu.org/archive/html/grub-devel/2023-11/msg00127.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v7
- Stopping reading SRK from the well-known persistent handle (TPM2_SRK_HANDLE,
i.e. 0x81000001) by default since the persistent handle may be created
by other OS and causes unsealing failure due to SRK mismatching
- The user now has to specify the persistent handle with "--srk"
explicitly.
- Utilizing grub_error() to print more error messages
- Unifying the format of the error messages from TPM2 commands
v6:
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00026.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v6
- Supporting more SRK types than RSA2048 and ECC_NIST_P256
- Documenting SHA512 as the supported PCR bank type in the tpm2
protector
- Removing the redundant error message for grub_tpm2_protector_srk_get()
since it may overwrite the real error message.
- Updating the supported SRK types and PCR bank types in grub-protect
- Removing the unused type: TPM2_ECC_CURVE
v5:
- https://lists.gnu.org/archive/html/grub-devel/2023-08/msg00113.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v5
- Rebasing to the latest git HEAD and improving the commit messages
- Implementing authorized poilcy support
- Implementing NV index mode
- Improving the 'cryptomount' command to fall back to the passphrase
mode when the key protector fails to unlock the encrypted partition
- Fixing the potential security issues
v4:
- https://lists.gnu.org/archive/html/grub-devel/2023-04/msg00104.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v4
- Improving the error condition checks in cryptodisk.c
- Moving the code to unseal with the standalone policy sequence below
the code for authpolicy sequence
- The standalone policy sequence was mistakenly prepended to to the
authpolicy sequence with grub_list_push() while it should be
appended.
- Pushing the error messages from the authpolicy sequence into the
grub_error stack so that we can list all errors from the sequence
- Improving the error messages in the TPM2 protector
- Amending the calculation of the max string lengths of 'Policy',
'CommandCode' and 'CommandPolicy'
- Skipping the error path in grub_tpm2key_get_authpolicy_seq() on
success to avoid freeing the authpolicy sequence
v3:
- https://lists.gnu.org/archive/html/grub-devel/2023-04/msg00055.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v3
- Adding the document for libtasn1
- Improving the error condition checks
ex: "if (!ptr)" ==> "if (ptr == NULL)"
"if (err)" ==> "if (err != GRUB_ERR_NONE)"
"if (rc)" ==> "if (rc != TPM_RC_SUCCESS)"
- Supporting the "TPMPolicy" and "TPMAuthPolicy" sequence in the TPM 2.0
key File
- Refactoring the key recover function to support "TPMPolicy" and
"TPMAuthPolicy" sequence
- Using TPMS_PCR_SELECTION_SelectPCR() to set the PCR bit mask
- Also dropping TPM2_PCR_TO_SELECT() and TPM2_PCR_TO_BIT() which are
not necessary anymore
- Removing the redundant variable, 'crd', from
grub_cryptodisk_scan_device_real()
- Fixing the spaces/tabs in cryptodisk.c
- Fixing the comment format in cryptodisk.h
- Adding the defensive check for "cargs->protectors" in
grub_cryptodisk_scan_device()
- Improving 'grub-protect' for the better support of TPM 2.0 Key File
- Adding more comments
v2:
- https://lists.gnu.org/archive/html/grub-devel/2023-03/msg00094.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v2
v1:
- https://lists.gnu.org/archive/html/grub-devel/2023-02/msg00130.html
- GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock
*********************************************
* Anaylses for Coverity issuses on libtasn1 *
*********************************************
2 Memory corruptions: CID 435762, CID 435766
________________________________________________________________________________________________________
*** CID 435762: Memory - corruptions (OVERRUN)
/grub-core/lib/libtasn1/lib/coding.c: 152 in _asn1_tag_der()
146 if (k > ASN1_MAX_TAG_SIZE - 1)
147 break; /* will not encode larger tags */
148 }
149 *ans_len = k + 1;
150 while (k--)
151 ans[*ans_len - 1 - k] = temp[k] + 128;
>>> CID 435762: Memory - corruptions (OVERRUN)
>>> Overrunning array of 4 bytes at byte offset 4 by dereferencing pointer
>>> "ans + (*ans_len - 1)".
152 ans[*ans_len - 1] -= 128;
153 }
154 }
155
156 /**
157 * asn1_octet_der:
Reported to upstream: https://gitlab.com/gnutls/libtasn1/-/issues/49
________________________________________________________________________________________________________
*** CID 435766: Memory - corruptions (OVERRUN)
/grub-core/lib/libtasn1/lib/decoding.c: 1204 in asn1_der_decoding2()
1198 }
1199
1200 DECR_LEN (ider_len, len2);
1201
1202 tlen = strlen (temp);
1203 if (tlen > 0)
>>> CID 435766: Memory - corruptions (OVERRUN)
>>> Allocating insufficient memory for the terminating null of the string.
1204 _asn1_set_value (p, temp, tlen);
1205
1206 counter += len2;
1207 move = RIGHT;
1208 break;
1209 case ASN1_ETYPE_OCTET_STRING:
False positive?
https://gitlab.com/gnutls/libtasn1/-/issues/50
==
7 Integer handling issues:
CID 435774, CID 435773, CID 435772, CID 435768, CID 435765, CID 435764, CID
435763
________________________________________________________________________________________________________
*** CID 435774: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/grub-core/lib/libtasn1/lib/decoding.c: 481 in asn1_get_object_id_der()
475 */
476 if (leading != 0 && der[len_len + k] == 0x80)
477 return ASN1_DER_ERROR;
478 leading = 0;
479
480 /* check for wrap around */
>>> CID 435774: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "val < ((((1 ? 0 : val) - 1 < 0) ? ~((((1 ? 0 : val) + 1 << 62UL /*
>>> sizeof (+val) * 8 - 2 */) - 1) * 2 + 1) : ((1 ? 0 : val) + 0)) >> 7)" is
>>> always false regardless of the values of its operands. This occurs as the
>>> second operand of "?:".
481 if (INT_LEFT_SHIFT_OVERFLOW (val, 7))
482 return ASN1_DER_ERROR;
483
484 val = val << 7;
485 val |= der[len_len + k] & 0x7F;
486
/grub-core/lib/libtasn1/lib/decoding.c: 481 in asn1_get_object_id_der()
Here are the related macros from gnulib:
#define _GL_INT_NEGATE_CONVERT(e, v) ((1 ? 0 : (e)) - (v))
#define EXPR_SIGNED(e) (_GL_INT_NEGATE_CONVERT (e, 1) < 0)
#define _GL_INT_CONVERT(e, v) ((1 ? 0 : (e)) + (v))
#define TYPE_WIDTH(t) (sizeof (t) * CHAR_BIT)
#define _GL_SIGNED_INT_MAXIMUM(e) \
(((_GL_INT_CONVERT (e, 1) << (TYPE_WIDTH (+ (e)) - 2)) - 1) * 2 + 1)
#define _GL_INT_MINIMUM(e) \
(EXPR_SIGNED (e) \
? ~ _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_CONVERT (e, 0))
#define _GL_INT_MAXIMUM(e) \
(EXPR_SIGNED (e) \
? _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_NEGATE_CONVERT (e, 1))
#define INT_LEFT_SHIFT_RANGE_OVERFLOW(a, b, min, max) \
((a) < 0 \
? (a) < (min) >> (b) \
: (max) >> (b) < (a))
#define INT_LEFT_SHIFT_OVERFLOW(a, b) \
INT_LEFT_SHIFT_RANGE_OVERFLOW (a, b, \
_GL_INT_MINIMUM (a), _GL_INT_MAXIMUM (a))
The statement in question is expanded "(a) < (min) >> (b)" from
'INT_LEFT_SHIFT_RANGE_OVERFLOW'.
'(a) < (min) >> (b)'
=> '(val) < _GL_INT_MINIMUM (val) >> (7)'
=> '(val) < \
(EXPR_SIGNED (val) \
? ~ _GL_SIGNED_INT_MAXIMUM (val) \
: _GL_INT_CONVERT (val, 0)) \
>> (7)'
=> '(val) < \
((_GL_INT_NEGATE_CONVERT (val, 1) < 0) \
? ~ _GL_SIGNED_INT_MAXIMUM (val) \
: _GL_INT_CONVERT (val, 0)) \
>> (7)'
=> '(val) < \
((((1 ? 0 : (val)) - (1)) < 0) \
? ~ _GL_SIGNED_INT_MAXIMUM (val) \
: _GL_INT_CONVERT (val, 0)) \
>> (7)'
=> '(val) < \
((((1 ? 0 : (val)) - (1)) < 0) \
? ~ (((_GL_INT_CONVERT (val, 1) << (TYPE_WIDTH (+ (val)) - 2)) - 1) * 2 +
1) \
: _GL_INT_CONVERT (val, 0)) \
>> (7)'
=> '(val) < \
((((1 ? 0 : (val)) - (1)) < 0) \
? ~ (((((1 ? 0 : (val)) + (1)) << (TYPE_WIDTH (+ (val)) - 2)) - 1) * 2 +
1) \
: _GL_INT_CONVERT (val, 0)) \
>> (7)'
=> '(val) < \
((((1 ? 0 : (val)) - (1)) < 0) \
? ~ (((((1 ? 0 : (val)) + (1)) << ((sizeof (val) * CHAR_BIT) - 2)) - 1) *
2 + 1) \
: _GL_INT_CONVERT (val, 0)) \
>> (7)'
=> '(val) < \
((((1 ? 0 : (val)) - (1)) < 0) \
? ~ (((((1 ? 0 : (val)) + (1)) << ((sizeof (val) * CHAR_BIT) - 2)) - 1) *
2 + 1) \
: ((1 ? 0 : (val)) + (0))) \
>> (7)'
'_GL_INT_MINIMUM' returns the minimum value of the given type. Since 'val' is
'uint64_t', '_GL_INT_MINIMUM (val)' is 0
'(val) < _GL_INT_MINIMUM (val) >> (7)' => '(val) < 0 >> (7)' => '(val) < 0'
For 'uint64_t val', the result is always false.
However, in 'INT_LEFT_SHIFT_RANGE_OVERFLOW':
((a) < 0 \
? (a) < (min) >> (b) \
: (max) >> (b) < (a))
'(a) < 0' is false for 'uint64_t val', so the second operand, '(a) < (min) >>
(b)',
is always skipped. Thus, the result of the second operand doesn't matter.
________________________________________________________________________________________________________
*** CID 435773: Integer handling issues (NO_EFFECT)
/grub-core/lib/libtasn1/lib/decoding.c: 439 in asn1_get_object_id_der()
433 return ASN1_DER_ERROR;
434
435 val0 = 0;
436
437 for (k = 0; k < len; k++)
438 {
>>> CID 435773: Integer handling issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "(1
>>> ? 0UL : val0) - 1UL < 0UL".
439 if (INT_LEFT_SHIFT_OVERFLOW (val0, 7))
440 return ASN1_DER_ERROR;
441
442 val0 <<= 7;
443 val0 |= der[len_len + k] & 0x7F;
444 if (!(der[len_len + k] & 0x80))
Here are the related macros from gnulib:
#define _GL_INT_NEGATE_CONVERT(e, v) ((1 ? 0 : (e)) - (v))
#define EXPR_SIGNED(e) (_GL_INT_NEGATE_CONVERT (e, 1) < 0)
#define _GL_INT_CONVERT(e, v) ((1 ? 0 : (e)) + (v))
#define TYPE_WIDTH(t) (sizeof (t) * CHAR_BIT)
#define _GL_SIGNED_INT_MAXIMUM(e) \
(((_GL_INT_CONVERT (e, 1) << (TYPE_WIDTH (+ (e)) - 2)) - 1) * 2 + 1)
#define _GL_INT_MINIMUM(e) \
(EXPR_SIGNED (e) \
? ~ _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_CONVERT (e, 0))
#define _GL_INT_MAXIMUM(e) \
(EXPR_SIGNED (e) \
? _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_NEGATE_CONVERT (e, 1))
#define INT_LEFT_SHIFT_RANGE_OVERFLOW(a, b, min, max) \
((a) < 0 \
? (a) < (min) >> (b) \
: (max) >> (b) < (a))
#define INT_LEFT_SHIFT_OVERFLOW(a, b) \
INT_LEFT_SHIFT_RANGE_OVERFLOW (a, b, \
_GL_INT_MINIMUM (a), _GL_INT_MAXIMUM (a))
The statement in question is the expanded 'EXPR_SIGNED (val0)' from either
'_GL_INT_MAXIMUM' or '_GL_INT_MINIMUM'
'EXPR_SIGNED (val0)'
=> '(_GL_INT_NEGATE_CONVERT (val0, 1) < 0)'
=> '(((1 ? 0 : (val0)) - (1)) < 0)'
'EXPR_SIGNED' is designed to test if the given expression is signed, and
'EXPR_SIGNED (val0)' is expected to be false for 'uint64_t val0'. The macro
dutifully reflects the fact.
________________________________________________________________________________________________________
*** CID 435772: Integer handling issues (NO_EFFECT)
/grub-core/lib/libtasn1/lib/decoding.c: 204 in asn1_get_tag_der()
198 /* Long form */
199 punt = 1;
200 ris = 0;
201 while (punt < der_len && der[punt] & 128)
202 {
203
>>> CID 435772: Integer handling issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "(1
>>> ? 0U : ((1 ? 0U : ris) + 128U)) - 1U < 0U".
204 if (INT_MULTIPLY_OVERFLOW (ris, 128))
205 return ASN1_DER_ERROR;
206 ris *= 128;
207
208 if (INT_ADD_OVERFLOW (ris, ((unsigned) (der[punt] & 0x7F))))
209 return ASN1_DER_ERROR;
Here are the related macros gnulib:
#define _GL_INT_NEGATE_CONVERT(e, v) ((1 ? 0 : (e)) - (v))
#define _GL_INT_CONVERT(e, v) ((1 ? 0 : (e)) + (v))
#define EXPR_SIGNED(e) (_GL_INT_NEGATE_CONVERT (e, 1) < 0)
#define TYPE_WIDTH(t) (sizeof (t) * CHAR_BIT)
#define _GL_SIGNED_INT_MAXIMUM(e) \
(((_GL_INT_CONVERT (e, 1) << (TYPE_WIDTH (+ (e)) - 2)) - 1) * 2 + 1)
#define _GL_INT_MINIMUM(e) \
(EXPR_SIGNED (e) \
? ~ _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_CONVERT (e, 0))
#define _GL_INT_MAXIMUM(e) \
(EXPR_SIGNED (e) \
? _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_NEGATE_CONVERT (e, 1))
#define INT_MULTIPLY_RANGE_OVERFLOW(a, b, min, max) \
((b) < 0 \
? ((a) < 0 \
? (a) < (max) / (b) \
: (b) == -1 \
? 0 \
: (min) / (b) < (a)) \
: (b) == 0 \
? 0 \
: ((a) < 0 \
? (a) < (min) / (b) \
: (max) / (b) < (a)))
# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) \
(((min) == 0 && (((a) < 0 && 0 < (b)) || ((b) < 0 && 0 < (a)))) \
|| INT_MULTIPLY_RANGE_OVERFLOW (a, b, min, max))
#define _GL_BINARY_OP_OVERFLOW(a, b, op_result_overflow) \
op_result_overflow (a, b, \
_GL_INT_MINIMUM (_GL_INT_CONVERT (a, b)), \
_GL_INT_MAXIMUM (_GL_INT_CONVERT (a, b)))
#define INT_MULTIPLY_OVERFLOW(a, b) \
_GL_BINARY_OP_OVERFLOW (a, b, _GL_MULTIPLY_OVERFLOW)
The statement in question is the expanded 'EXPR_SIGNED (_GL_INT_CONVERT (ris,
128))'
from either '_GL_INT_MINIMUM' or '_GL_INT_MAXIMUM'.
'EXPR_SIGNED (_GL_INT_CONVERT (ris, 128))'
=> 'EXPR_SIGNED ((1 ? 0 : (ris)) + (128))'
=> '(_GL_INT_NEGATE_CONVERT (((1 ? 0 : (ris)) + (128), 1) < 0))'
=> '((1 ? 0 : ((1 ? 0 : ris) + 128)) - 1 < 0)'
'_GL_INT_CONVERT(e, v)' returns a value with the common real type of 'e' and
'v' and
the value of 'v'. Since the common type of 'unsigned int ris' and '128' is
'unsigned int', '_GL_INT_CONVERT (ris, 128)' is '128U'.
'EXPR_SIGNED' is designed to check if the given expression is signed. Thus,
'EXPR_SIGNED (128U)' is expected to be false.
The combination of 'EXPR_SIGNED(e)' and '_GL_INT_CONVERT(e, v)' is used to test
if
the common type of the given two variables is signed, and those macros dutifully
reflect the fact: the common type of 'ris' and '128' is unsigned.
________________________________________________________________________________________________________
*** CID 435768: (CONSTANT_EXPRESSION_RESULT)
/grub-core/lib/libtasn1/lib/decoding.c: 204 in asn1_get_tag_der()
198 /* Long form */
199 punt = 1;
200 ris = 0;
201 while (punt < der_len && der[punt] & 128)
202 {
203
>>> CID 435768: (CONSTANT_EXPRESSION_RESULT)
>>> "ris < (((1 ? 0 : ((1 ? 0 : ris) + 128)) - 1 < 0) ? ~((((1 ? 0 : ((1 ?
>>> 0 : ris) + 128)) + 1 << 30UL /* sizeof (+((1 ? 0 : ris) + 128)) * 8 - 2 */)
>>> - 1) * 2 + 1) : ((1 ? 0 : ((1 ? 0 : ris) + 128)) + 0)) / 128" is always
>>> false regardless of the values of its operands. This occurs as the second
>>> operand of "?:".
204 if (INT_MULTIPLY_OVERFLOW (ris, 128))
205 return ASN1_DER_ERROR;
206 ris *= 128;
207
208 if (INT_ADD_OVERFLOW (ris, ((unsigned) (der[punt] & 0x7F))))
209 return ASN1_DER_ERROR;
/grub-core/lib/libtasn1/lib/decoding.c: 217 in asn1_get_tag_der()
211 punt++;
212 }
213
214 if (punt >= der_len)
215 return ASN1_DER_ERROR;
216
>>> CID 435768: (CONSTANT_EXPRESSION_RESULT)
>>> "ris < (((1 ? 0 : ((1 ? 0 : ris) + 128)) - 1 < 0) ? ~((((1 ? 0 : ((1 ?
>>> 0 : ris) + 128)) + 1 << 30UL /* sizeof (+((1 ? 0 : ris) + 128)) * 8 - 2 */)
>>> - 1) * 2 + 1) : ((1 ? 0 : ((1 ? 0 : ris) + 128)) + 0)) / 128" is always
>>> false regardless of the values of its operands. This occurs as the second
>>> operand of "?:".
217 if (INT_MULTIPLY_OVERFLOW (ris, 128))
218 return ASN1_DER_ERROR;
219 ris *= 128;
220
221 if (INT_ADD_OVERFLOW (ris, ((unsigned) (der[punt] & 0x7F))))
222 return ASN1_DER_ERROR;
Here are the related macros gnulib:
#define _GL_INT_NEGATE_CONVERT(e, v) ((1 ? 0 : (e)) - (v))
#define _GL_INT_CONVERT(e, v) ((1 ? 0 : (e)) + (v))
#define EXPR_SIGNED(e) (_GL_INT_NEGATE_CONVERT (e, 1) < 0)
#define TYPE_WIDTH(t) (sizeof (t) * CHAR_BIT)
#define _GL_SIGNED_INT_MAXIMUM(e) \
(((_GL_INT_CONVERT (e, 1) << (TYPE_WIDTH (+ (e)) - 2)) - 1) * 2 + 1)
#define _GL_INT_MINIMUM(e) \
(EXPR_SIGNED (e) \
? ~ _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_CONVERT (e, 0))
#define _GL_INT_MAXIMUM(e) \
(EXPR_SIGNED (e) \
? _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_NEGATE_CONVERT (e, 1))
#define INT_MULTIPLY_RANGE_OVERFLOW(a, b, min, max) \
((b) < 0 \
? ((a) < 0 \
? (a) < (max) / (b) \
: (b) == -1 \
? 0 \
: (min) / (b) < (a)) \
: (b) == 0 \
? 0 \
: ((a) < 0 \
? (a) < (min) / (b) \
: (max) / (b) < (a)))
# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) \
(((min) == 0 && (((a) < 0 && 0 < (b)) || ((b) < 0 && 0 < (a)))) \
|| INT_MULTIPLY_RANGE_OVERFLOW (a, b, min, max))
#define _GL_BINARY_OP_OVERFLOW(a, b, op_result_overflow) \
op_result_overflow (a, b, \
_GL_INT_MINIMUM (_GL_INT_CONVERT (a, b)), \
_GL_INT_MAXIMUM (_GL_INT_CONVERT (a, b)))
#define INT_MULTIPLY_OVERFLOW(a, b) \
_GL_BINARY_OP_OVERFLOW (a, b, _GL_MULTIPLY_OVERFLOW)
The statement in question is the expanded '(a) < (min) / (b)' from
'INT_MULTIPLY_RANGE_OVERFLOW'.
'(a) < (min) / (b)'
=> '(a) < (_GL_INT_MINIMUM (_GL_INT_CONVERT (a, b))) / (b)'
=> '(ris) < (_GL_INT_MINIMUM (_GL_INT_CONVERT (ris, 128))) / (128)'
=> '(ris) < \
(EXPR_SIGNED (_GL_INT_CONVERT (ris, 128)) \
? ~ _GL_SIGNED_INT_MAXIMUM (_GL_INT_CONVERT (ris, 128)) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ris, 128), 0)) \
/ (128)'
=> '(ris) < \
((_GL_INT_NEGATE_CONVERT (_GL_INT_CONVERT (ris, 128), 1) < 0) \
? ~ _GL_SIGNED_INT_MAXIMUM (_GL_INT_CONVERT (ris, 128)) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ris, 128), 0)) \
/ (128)'
=> '(ris) < \
((((1 ? 0 : (_GL_INT_CONVERT (ris, 128))) - (1)) < 0) \
? ~ _GL_SIGNED_INT_MAXIMUM (_GL_INT_CONVERT (ris, 128)) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ris, 128), 0)) \
/ (128)'
=> '(ris) < \
((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) - (1)) < 0) \
? ~ _GL_SIGNED_INT_MAXIMUM (_GL_INT_CONVERT (ris, 128)) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ris, 128), 0)) \
/ (128)'
=> '(ris) < \
((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) - (1)) < 0) \
? ~ (((_GL_INT_CONVERT (_GL_INT_CONVERT (ris, 128), 1) << (TYPE_WIDTH (+
(_GL_INT_CONVERT (ris, 128))) - 2)) - 1) * 2 + 1) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ris, 128), 0)) \
/ (128)'
=> '(ris) < \
((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) - (1)) < 0) \
? ~ (((((1 ? 0 : (_GL_INT_CONVERT (ris, 128))) + (1)) << (TYPE_WIDTH (+
(_GL_INT_CONVERT (ris, 128))) - 2)) - 1) * 2 + 1) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ris, 128), 0)) \
/ (128)'
=> '(ris) < \
((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) - (1)) < 0) \
? ~ (((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) + (1)) << (TYPE_WIDTH (+
(_GL_INT_CONVERT (ris, 128))) - 2)) - 1) * 2 + 1) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ris, 128), 0)) \
/ (128)'
=> '(ris) < \
((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) - (1)) < 0) \
? ~ (((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) + (1)) << ((sizeof (+
(_GL_INT_CONVERT (ris, 128))) * CHAR_BIT) - 2)) - 1) * 2 + 1) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ris, 128), 0)) \
/ (128)'
=> '(ris) < \
((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) - (1)) < 0) \
? ~ (((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) + (1)) << ((sizeof (+ ((1 ? 0
: (ris)) + (128))) * CHAR_BIT) - 2)) - 1) * 2 + 1) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ris, 128), 0)) \
/ (128)'
=> '(ris) < \
((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) - (1)) < 0) \
? ~ (((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) + (1)) << ((sizeof (+ ((1 ? 0
: (ris)) + (128))) * CHAR_BIT) - 2)) - 1) * 2 + 1) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ris, 128), 0)) \
/ (128)'
=> '(ris) < \
((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) - (1)) < 0) \
? ~ (((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) + (1)) << ((sizeof (+ ((1 ? 0
: (ris)) + (128))) * CHAR_BIT) - 2)) - 1) * 2 + 1) \
: ((1 ? 0 : (_GL_INT_CONVERT (ris, 128)) + (0)) \
/ (128)'
=> '(ris) < \
((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) - (1)) < 0) \
? ~ (((((1 ? 0 : ((1 ? 0 : (ris)) + (128))) + (1)) << ((sizeof (+ ((1 ? 0
: (ris)) + (128))) * CHAR_BIT) - 2)) - 1) * 2 + 1) \
: ((1 ? 0 : ((1 ? 0 : (ris)) + (128)) + (0)) \
/ (128)'
'_GL_INT_CONVERT(e, v)' returns a value with the common real type of 'e' and
'v' and
the value of 'v'. Since the common type of 'unsigned int ris' and '128' is
'unsigned int', '_GL_INT_CONVERT (ris, 128)' is '128U'.
'_GL_INT_MINIMUM (128U)' returns the minimum value of 'unsigned int', i.e. 0.
'(ris) < (_GL_INT_MINIMUM (_GL_INT_CONVERT (ris, 128))) / (128)' => '(ris) < 0
/ (128)' => '(ris) < 0'
For 'unsigned int ris', the result is always false.
However, in 'INT_MULTIPLY_RANGE_OVERFLOW', 'a' is 'unsigned int ris' and 'b' is
'128'.
We can skip the statements for 'b < 0' and 'b == 0' and reduce the macro to
(a) < 0 \
? (a) < (min) / (b) \
: (max) / (b) < (a))) \
Since '(a) < 0' is false for 'unsigned int ris', the statement in question,
'(a) < (min) / (b)', is always skipped. Thus, the result of the statement
doesn't
matter.
________________________________________________________________________________________________________
*** CID 435765: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/grub-core/lib/libtasn1/lib/decoding.c: 439 in asn1_get_object_id_der()
433 return ASN1_DER_ERROR;
434
435 val0 = 0;
436
437 for (k = 0; k < len; k++)
438 {
>>> CID 435765: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "val0 < ((((1 ? 0 : val0) - 1 < 0) ? ~((((1 ? 0 : val0) + 1 << 62UL /*
>>> sizeof (+val0) * 8 - 2 */) - 1) * 2 + 1) : ((1 ? 0 : val0) + 0)) >> 7)" is
>>> always false regardless of the values of its operands. This occurs as the
>>> second operand of "?:".
439 if (INT_LEFT_SHIFT_OVERFLOW (val0, 7))
440 return ASN1_DER_ERROR;
441
442 val0 <<= 7;
443 val0 |= der[len_len + k] & 0x7F;
444 if (!(der[len_len + k] & 0x80))
Here are the related macros from gnulib:
#define _GL_INT_NEGATE_CONVERT(e, v) ((1 ? 0 : (e)) - (v))
#define EXPR_SIGNED(e) (_GL_INT_NEGATE_CONVERT (e, 1) < 0)
#define _GL_INT_CONVERT(e, v) ((1 ? 0 : (e)) + (v))
#define TYPE_WIDTH(t) (sizeof (t) * CHAR_BIT)
#define _GL_SIGNED_INT_MAXIMUM(e) \
(((_GL_INT_CONVERT (e, 1) << (TYPE_WIDTH (+ (e)) - 2)) - 1) * 2 + 1)
#define _GL_INT_MINIMUM(e) \
(EXPR_SIGNED (e) \
? ~ _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_CONVERT (e, 0))
#define _GL_INT_MAXIMUM(e) \
(EXPR_SIGNED (e) \
? _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_NEGATE_CONVERT (e, 1))
#define INT_LEFT_SHIFT_RANGE_OVERFLOW(a, b, min, max) \
((a) < 0 \
? (a) < (min) >> (b) \
: (max) >> (b) < (a))
#define INT_LEFT_SHIFT_OVERFLOW(a, b) \
INT_LEFT_SHIFT_RANGE_OVERFLOW (a, b, \
_GL_INT_MINIMUM (a), _GL_INT_MAXIMUM (a))
The statement in question is expanded '(a) < (min) >> (b)' from
INT_LEFT_SHIFT_RANGE_OVERFLOW.
'(a) < (min) >> (b)'
=> '(val) < (_GL_INT_MINIMUM (val)) >> (7)'
=> '(val) < \
(EXPR_SIGNED (val) \
? ~ _GL_SIGNED_INT_MAXIMUM (val) \
: _GL_INT_CONVERT (val, 0)) \
>> (7)'
=> '(val) < \
((_GL_INT_NEGATE_CONVERT (val, 1) < 0) \
? ~ _GL_SIGNED_INT_MAXIMUM (val) \
: _GL_INT_CONVERT (val, 0)) \
>> (7)'
=> '(val) < \
((((1 ? 0 : (val)) - (1)) < 0) \
? ~ _GL_SIGNED_INT_MAXIMUM (val) \
: _GL_INT_CONVERT (val, 0)) \
>> (7)'
=> '(val) < \
((((1 ? 0 : (val)) - (1)) < 0) \
? ~ (((_GL_INT_CONVERT (val, 1) << (TYPE_WIDTH (+ (val)) - 2)) - 1) * 2 +
1) \
: _GL_INT_CONVERT (val, 0)) \
>> (7)'
=> '(val) < \
((((1 ? 0 : (val)) - (1)) < 0) \
? ~ (((((1 ? 0 : (val)) + (1)) << (TYPE_WIDTH (+ (val)) - 2)) - 1) * 2 +
1) \
: _GL_INT_CONVERT (val, 0)) \
>> (7)'
=> '(val) < \
((((1 ? 0 : (val)) - (1)) < 0) \
? ~ (((((1 ? 0 : (val)) + (1)) << ((sizeof (+ (val)) * CHAR_BIT) - 2)) -
1) * 2 + 1) \
: _GL_INT_CONVERT (val, 0)) \
>> (7)'
=> '(val) < \
((((1 ? 0 : (val)) - (1)) < 0) \
? ~ (((((1 ? 0 : (val)) + (1)) << ((sizeof (+ (val)) * CHAR_BIT) - 2)) -
1) * 2 + 1) \
: ((1 ? 0 : (val)) + (0))) \
>> (7)'
'_GL_INT_MINIMUM' returns the minimum value of the given type. For 'uint64_t
val',
'_GL_INT_MINIMUM (val)' is 0.
'(val) < (_GL_INT_MINIMUM (val)) >> (7)' => '(val) < 0 >> (7)' => '(val) < 0'
For 'uint64_t val', the result is always false.
However, in 'INT_LEFT_SHIFT_RANGE_OVERFLOW':
((a) < 0 \
? (a) < (min) >> (b) \
: (max) >> (b) < (a))
'(a) < 0' is false for 'uint64_t val', so the statement in question,
'(a) < (min) >> (b)', is always skipped. Thus, the result of the statement
doesn't
matter.
________________________________________________________________________________________________________
*** CID 435764: Integer handling issues (NO_EFFECT)
/grub-core/lib/libtasn1/lib/decoding.c: 137 in asn1_get_length_der()
131 punt = 1;
132 if (k)
133 { /* definite length method */
134 ans = 0;
135 while (punt <= k && punt < der_len)
136 {
>>> CID 435764: Integer handling issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "(1
>>> ? 0U : ((1 ? 0U : ans) + 256U)) - 1U < 0U".
137 if (INT_MULTIPLY_OVERFLOW (ans, 256))
138 return -2;
139 ans *= 256;
140
141 if (INT_ADD_OVERFLOW (ans, ((unsigned) der[punt])))
142 return -2;
Here are the related macros from gnulib:
#define _GL_INT_NEGATE_CONVERT(e, v) ((1 ? 0 : (e)) - (v))
#define _GL_INT_CONVERT(e, v) ((1 ? 0 : (e)) + (v))
#define EXPR_SIGNED(e) (_GL_INT_NEGATE_CONVERT (e, 1) < 0)
#define TYPE_WIDTH(t) (sizeof (t) * CHAR_BIT)
#define _GL_SIGNED_INT_MAXIMUM(e) \
(((_GL_INT_CONVERT (e, 1) << (TYPE_WIDTH (+ (e)) - 2)) - 1) * 2 + 1)
#define _GL_INT_MINIMUM(e) \
(EXPR_SIGNED (e) \
? ~ _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_CONVERT (e, 0))
#define _GL_INT_MAXIMUM(e) \
(EXPR_SIGNED (e) \
? _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_NEGATE_CONVERT (e, 1))
#define INT_MULTIPLY_RANGE_OVERFLOW(a, b, min, max) \
((b) < 0 \
? ((a) < 0 \
? (a) < (max) / (b) \
: (b) == -1 \
? 0 \
: (min) / (b) < (a)) \
: (b) == 0 \
? 0 \
: ((a) < 0 \
? (a) < (min) / (b) \
: (max) / (b) < (a)))
# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) \
(((min) == 0 && (((a) < 0 && 0 < (b)) || ((b) < 0 && 0 < (a)))) \
|| INT_MULTIPLY_RANGE_OVERFLOW (a, b, min, max))
#define _GL_BINARY_OP_OVERFLOW(a, b, op_result_overflow) \
op_result_overflow (a, b, \
_GL_INT_MINIMUM (_GL_INT_CONVERT (a, b)), \
_GL_INT_MAXIMUM (_GL_INT_CONVERT (a, b)))
#define INT_MULTIPLY_OVERFLOW(a, b) \
_GL_BINARY_OP_OVERFLOW (a, b, _GL_MULTIPLY_OVERFLOW)
The statement in question is expanded 'EXPR_SIGNED (_GL_INT_CONVERT (ans, 256))'
from either '_GL_INT_MINIMUM' or '_GL_INT_MAXIMUM'.
'EXPR_SIGNED (_GL_INT_CONVERT (ans, 256))'
=> 'EXPR_SIGNED ((1 ? 0 : (ans)) + (256))'
=> '(_GL_INT_NEGATE_CONVERT (((1 ? 0 : (ans)) + (256)), 1) < 0)'
=> '((1 ? 0 : ((1 ? 0 : (ans)) + (256))) - (1))'
'_GL_INT_CONVERT(e, v)' returns a value with the common real type of 'e' and
'v' and
the value of 'v'. Since the common type of 'unsigned int ans' and '256' is
'unsigned int', '_GL_INT_CONVERT (ans, 256)' is '256U'.
'EXPR_SIGNED' is designed to check if the given expression is signed. Thus,
'EXPR_SIGNED (256U)' is expected to be false.
The combination of 'EXPR_SIGNED(e)' and '_GL_INT_CONVERT(e, v)' is used to test
if
the common type of the given two variables is signed, and those macros dutifully
reflect the fact: the common type of 'ans' and '256' is unsigned.
________________________________________________________________________________________________________
*** CID 435763: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/grub-core/lib/libtasn1/lib/decoding.c: 137 in asn1_get_length_der()
131 punt = 1;
132 if (k)
133 { /* definite length method */
134 ans = 0;
135 while (punt <= k && punt < der_len)
136 {
>>> CID 435763: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "ans < (((1 ? 0 : ((1 ? 0 : ans) + 256)) - 1 < 0) ? ~((((1 ? 0 : ((1 ?
>>> 0 : ans) + 256)) + 1 << 30UL /* sizeof (+((1 ? 0 : ans) + 256)) * 8 - 2 */)
>>> - 1) * 2 + 1) : ((1 ? 0 : ((1 ? 0 : ans) + 256)) + 0)) / 256" is always
>>> false regardless of the values of its operands. This occurs as the second
>>> operand of "?:".
137 if (INT_MULTIPLY_OVERFLOW (ans, 256))
138 return -2;
139 ans *= 256;
140
141 if (INT_ADD_OVERFLOW (ans, ((unsigned) der[punt])))
142 return -2;
Here are the related macros from gnulib:
#define _GL_INT_NEGATE_CONVERT(e, v) ((1 ? 0 : (e)) - (v))
#define _GL_INT_CONVERT(e, v) ((1 ? 0 : (e)) + (v))
#define EXPR_SIGNED(e) (_GL_INT_NEGATE_CONVERT (e, 1) < 0)
#define TYPE_WIDTH(t) (sizeof (t) * CHAR_BIT)
#define _GL_SIGNED_INT_MAXIMUM(e) \
(((_GL_INT_CONVERT (e, 1) << (TYPE_WIDTH (+ (e)) - 2)) - 1) * 2 + 1)
#define _GL_INT_MINIMUM(e) \
(EXPR_SIGNED (e) \
? ~ _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_CONVERT (e, 0))
#define _GL_INT_MAXIMUM(e) \
(EXPR_SIGNED (e) \
? _GL_SIGNED_INT_MAXIMUM (e) \
: _GL_INT_NEGATE_CONVERT (e, 1))
#define INT_MULTIPLY_RANGE_OVERFLOW(a, b, min, max) \
((b) < 0 \
? ((a) < 0 \
? (a) < (max) / (b) \
: (b) == -1 \
? 0 \
: (min) / (b) < (a)) \
: (b) == 0 \
? 0 \
: ((a) < 0 \
? (a) < (min) / (b) \
: (max) / (b) < (a)))
# define _GL_MULTIPLY_OVERFLOW(a, b, min, max) \
(((min) == 0 && (((a) < 0 && 0 < (b)) || ((b) < 0 && 0 < (a)))) \
|| INT_MULTIPLY_RANGE_OVERFLOW (a, b, min, max))
#define _GL_BINARY_OP_OVERFLOW(a, b, op_result_overflow) \
op_result_overflow (a, b, \
_GL_INT_MINIMUM (_GL_INT_CONVERT (a, b)), \
_GL_INT_MAXIMUM (_GL_INT_CONVERT (a, b)))
#define INT_MULTIPLY_OVERFLOW(a, b) \
_GL_BINARY_OP_OVERFLOW (a, b, _GL_MULTIPLY_OVERFLOW)
The statement in question is the expanded '(a) < (min) / (b)' from
INT_MULTIPLY_RANGE_OVERFLOW.
'(a) < (min) / (b)'
=> '(a) < (_GL_INT_MINIMUM (_GL_INT_CONVERT (a, b))) / (b)'
=> '(ans) < (_GL_INT_MINIMUM (_GL_INT_CONVERT (ans, 256))) / (256)'
=> '(ans) < \
(EXPR_SIGNED (_GL_INT_CONVERT (ans, 256)) \
? ~ _GL_SIGNED_INT_MAXIMUM (_GL_INT_CONVERT (ans, 256)) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ans, 256), 0)) \
/ (256)'
=> '(ans) < \
(_GL_INT_NEGATE_CONVERT (_GL_INT_CONVERT (ans, 256), 1) < 0) \
? ~ _GL_SIGNED_INT_MAXIMUM (_GL_INT_CONVERT (ans, 256)) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ans, 256), 0)) \
/ (256)'
=> '(ans) < \
(((1 ? 0 : (_GL_INT_CONVERT (ans, 256))) - (1)) < 0) \
? ~ _GL_SIGNED_INT_MAXIMUM (_GL_INT_CONVERT (ans, 256)) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ans, 256), 0)) \
/ (256)'
=> '(ans) < \
(((1 ? 0 : ((1 ? 0 : (ans)) + (256))) - (1)) < 0) \
? ~ (((_GL_INT_CONVERT (_GL_INT_CONVERT (ans, 256), 1) << (TYPE_WIDTH (+
(_GL_INT_CONVERT (ans, 256))) - 2)) - 1) * 2 + 1) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ans, 256), 0)) \
/ (256)'
=> '(ans) < \
(((1 ? 0 : ((1 ? 0 : (ans)) + (256))) - (1)) < 0) \
? ~ ((((1 ? 0 : (_GL_INT_CONVERT (ans, 256))) + (1)) << (TYPE_WIDTH (+
(_GL_INT_CONVERT (ans, 256))) - 2)) - 1) * 2 + 1) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ans, 256), 0)) \
/ (256)'
=> '(ans) < \
(((1 ? 0 : ((1 ? 0 : (ans)) + (256))) - (1)) < 0) \
? ~ ((((1 ? 0 : ((1 ? 0 : (ans)) + (256))) + (1)) << (TYPE_WIDTH (+
(_GL_INT_CONVERT (ans, 256))) - 2)) - 1) * 2 + 1) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ans, 256), 0)) \
/ (256)'
=> '(ans) < \
(((1 ? 0 : ((1 ? 0 : (ans)) + (256))) - (1)) < 0) \
? ~ ((((1 ? 0 : ((1 ? 0 : (ans)) + (256))) + (1)) << ((sizeof (+
(_GL_INT_CONVERT (ans, 256))) * CHAR_BIT) - 2)) - 1) * 2 + 1) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ans, 256), 0)) \
/ (256)'
=> '(ans) < \
(((1 ? 0 : ((1 ? 0 : (ans)) + (256))) - (1)) < 0) \
? ~ ((((1 ? 0 : ((1 ? 0 : (ans)) + (256))) + (1)) << ((sizeof (+ ((1 ? 0
: (ans)) + (1))) * CHAR_BIT) - 2)) - 1) * 2 + 1) \
: _GL_INT_CONVERT (_GL_INT_CONVERT (ans, 256), 0)) \
/ (256)'
=> '(ans) < \
(((1 ? 0 : ((1 ? 0 : (ans)) + (256))) - (1)) < 0) \
? ~ ((((1 ? 0 : ((1 ? 0 : (ans)) + (256))) + (1)) << ((sizeof (+ ((1 ? 0
: (ans)) + (1))) * CHAR_BIT) - 2)) - 1) * 2 + 1) \
: ((1 ? 0 : (_GL_INT_CONVERT (ans, 256))) + (0)) ) \
/ (256)'
=> '(ans) < \
(((1 ? 0 : ((1 ? 0 : (ans)) + (256))) - (1)) < 0) \
? ~ ((((1 ? 0 : ((1 ? 0 : (ans)) + (256))) + (1)) << ((sizeof (+ ((1 ? 0
: (ans)) + (1))) * CHAR_BIT) - 2)) - 1) * 2 + 1) \
: ((1 ? 0 : ((1 ? 0 : (ans)) + (256))) + (0)) ) \
/ (256)'
'_GL_INT_CONVERT(e, v)' returns a value with the common real type of 'e' and
'v' and
the value of 'v'. Since the common type of 'unsigned int ans' and '256' is
'unsigned int', '_GL_INT_CONVERT (ans, 256)' is '256U'.
'_GL_INT_MINIMUM (256U)' returns the minimum value of 'unsigned int', i.e. 0.
'(ans) < (_GL_INT_MINIMUM (_GL_INT_CONVERT (ans, 256))) / (256)' => '(ans) < 0
/ (256)' => '(ans) < 0'
For 'unsigned int ans', the result is always false.
However, in 'INT_MULTIPLY_RANGE_OVERFLOW', 'a' is 'unsigned int ans' and 'b' is
'256'.
We can skip the statements for 'b < 0' and 'b == 0' and reduce the macro to
(a) < 0 \
? (a) < (min) / (b) \
: (max) / (b) < (a))) \
Since '(ans) < 0' is false for 'unsigned int ans', the statement in question,
'(a) < (min) / (b)', is always skipped. Thus, the result of the statement
doesn't
matter.
Daniel Axtens (4):
posix_wrap: tweaks in preparation for libtasn1
libtasn1: import libtasn1-4.19.0
libtasn1: compile into asn1 module
asn1_test: test module for libtasn1
Gary Lin (23):
libtasn1: disable code not needed in grub
libtasn1: replace strcat() with strcpy() in _asn1_str_cat()
libtasn1: replace strcat() with _asn1_str_cat()
libtasn1: adjust the header paths in libtasn1.h
libtasn1: Use grub_divmod64() for division
libtasn1: fix the potential buffer overrun
asn1_test: include asn1_test.h only
asn1_test: rename the main functions to the test names
asn1_test: remove 'verbose' and the unnecessary printf()
asn1_test: print the error messages with grub_printf()
asn1_test: return either 0 or 1 to reflect the results
asn1_test: use the grub-specific functions and types
libtasn1: Add the documentation
tss2: Add TPM2 buffer handling functions
tss2: Add TPM2 types and Marshal/Unmarshal functions
tss2: Add TPM2 Software Stack (TSS2) support
tpm2_key_protector: Support authorized policy
cryptodisk: wipe out the cached keys from protectors
diskfilter: look up cryptodisk devices first
tpm2_key_protector: Add grub-emu support
tests: Add tpm2_key_protector_test
cryptodisk: Document the '-P' option
docs: Document TPM2 key protector
Hernan Gatta (4):
key_protector: Add key protectors framework
key_protector: Add TPM2 Key Protector
cryptodisk: Support key protectors
util/grub-protect: Add new tool
Patrick Colp (2):
tpm2_key_protector: Implement NV index
cryptodisk: Fallback to passphrase
.gitignore | 2 +
Makefile.util.def | 39 +
autogen.sh | 32 +
configure.ac | 30 +
docs/grub-dev.texi | 35 +
docs/grub.texi | 512 +++-
docs/man/grub-protect.h2m | 4 +
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def | 60 +
grub-core/commands/tpm2_key_protector/args.c | 129 +
.../commands/tpm2_key_protector/module.c | 1238 ++++++++
grub-core/commands/tpm2_key_protector/tpm2.h | 36 +
.../commands/tpm2_key_protector/tpm2_args.h | 49 +
.../commands/tpm2_key_protector/tpm2key.asn | 49 +
.../commands/tpm2_key_protector/tpm2key.c | 499 ++++
.../commands/tpm2_key_protector/tpm2key.h | 87 +
.../tpm2_key_protector/tpm2key_asn1_tab.c | 63 +
grub-core/disk/cryptodisk.c | 268 +-
grub-core/disk/diskfilter.c | 31 +-
grub-core/disk/key_protector.c | 73 +
grub-core/kern/emu/main.c | 11 +-
grub-core/kern/emu/misc.c | 51 +
grub-core/lib/efi/tcg2.c | 143 +
...asn1-disable-code-not-needed-in-grub.patch | 320 +++
...-strcat-with-strcpy-in-_asn1_str_cat.patch | 32 +
...n1-replace-strcat-with-_asn1_str_cat.patch | 70 +
...djust-the-header-paths-in-libtasn1.h.patch | 38 +
...tasn1-Use-grub_divmod64-for-division.patch | 31 +
...sn1-fix-the-potential-buffer-overrun.patch | 36 +
...7-asn1_test-include-asn1_test.h-only.patch | 163 ++
...-the-main-functions-to-the-test-name.patch | 128 +
...e-verbose-and-the-unnecessary-printf.patch | 172 ++
...-the-error-messages-with-grub_printf.patch | 484 ++++
...-either-0-or-1-to-reflect-the-result.patch | 72 +
...he-grub-specific-functions-and-types.patch | 262 ++
grub-core/lib/libtasn1/COPYING | 16 +
grub-core/lib/libtasn1/README.md | 98 +
grub-core/lib/libtasn1/lib/coding.c | 1425 ++++++++++
grub-core/lib/libtasn1/lib/decoding.c | 2501 +++++++++++++++++
grub-core/lib/libtasn1/lib/element.c | 1109 ++++++++
grub-core/lib/libtasn1/lib/element.h | 42 +
grub-core/lib/libtasn1/lib/errors.c | 100 +
grub-core/lib/libtasn1/lib/gstr.c | 74 +
grub-core/lib/libtasn1/lib/gstr.h | 50 +
grub-core/lib/libtasn1/lib/int.h | 221 ++
grub-core/lib/libtasn1/lib/parser_aux.c | 1178 ++++++++
grub-core/lib/libtasn1/lib/parser_aux.h | 172 ++
grub-core/lib/libtasn1/lib/structure.c | 1225 ++++++++
grub-core/lib/libtasn1/lib/structure.h | 46 +
grub-core/lib/libtasn1/libtasn1.h | 643 +++++
.../tests/CVE-2018-1000654-1_asn1_tab.h | 32 +
.../tests/CVE-2018-1000654-2_asn1_tab.h | 36 +
.../lib/libtasn1/tests/CVE-2018-1000654.c | 72 +
grub-core/lib/libtasn1/tests/Test_overflow.c | 168 ++
grub-core/lib/libtasn1/tests/Test_simple.c | 226 ++
grub-core/lib/libtasn1/tests/Test_strings.c | 156 +
.../lib/libtasn1/tests/object-id-decoding.c | 121 +
.../lib/libtasn1/tests/object-id-encoding.c | 133 +
grub-core/lib/libtasn1/tests/octet-string.c | 230 ++
grub-core/lib/libtasn1/tests/reproducers.c | 90 +
grub-core/lib/libtasn1_wrap/wrap.c | 27 +
grub-core/lib/posix_wrap/c-ctype.h | 114 +
grub-core/lib/posix_wrap/limits.h | 1 +
grub-core/lib/posix_wrap/stdlib.h | 8 +
grub-core/lib/posix_wrap/string.h | 21 +
grub-core/lib/posix_wrap/sys/types.h | 1 +
grub-core/lib/tss2/buffer.c | 147 +
grub-core/lib/tss2/tcg2.h | 35 +
grub-core/lib/tss2/tcg2_emu.c | 54 +
grub-core/lib/tss2/tpm2_cmd.c | 1043 +++++++
grub-core/lib/tss2/tpm2_cmd.h | 157 ++
grub-core/lib/tss2/tss2.c | 21 +
grub-core/lib/tss2/tss2_buffer.h | 64 +
grub-core/lib/tss2/tss2_mu.c | 1174 ++++++++
grub-core/lib/tss2/tss2_mu.h | 397 +++
grub-core/lib/tss2/tss2_structs.h | 773 +++++
grub-core/lib/tss2/tss2_types.h | 404 +++
grub-core/tests/asn1/asn1_test.c | 50 +
grub-core/tests/asn1/asn1_test.h | 45 +
grub-core/tests/lib/functional_test.c | 1 +
include/grub/cryptodisk.h | 16 +
include/grub/emu/misc.h | 5 +
include/grub/key_protector.h | 47 +
tests/asn1_test.in | 11 +
tests/tpm2_key_protector_test.in | 389 +++
tests/util/grub-shell.in | 6 +-
util/grub-protect.c | 1394 +++++++++
87 files changed, 21742 insertions(+), 77 deletions(-)
create mode 100644 docs/man/grub-protect.h2m
create mode 100644 grub-core/commands/tpm2_key_protector/args.c
create mode 100644 grub-core/commands/tpm2_key_protector/module.c
create mode 100644 grub-core/commands/tpm2_key_protector/tpm2.h
create mode 100644 grub-core/commands/tpm2_key_protector/tpm2_args.h
create mode 100644 grub-core/commands/tpm2_key_protector/tpm2key.asn
create mode 100644 grub-core/commands/tpm2_key_protector/tpm2key.c
create mode 100644 grub-core/commands/tpm2_key_protector/tpm2key.h
create mode 100644 grub-core/commands/tpm2_key_protector/tpm2key_asn1_tab.c
create mode 100644 grub-core/disk/key_protector.c
create mode 100644 grub-core/lib/efi/tcg2.c
create mode 100644
grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
create mode 100644
grub-core/lib/libtasn1-patches/0002-libtasn1-replace-strcat-with-strcpy-in-_asn1_str_cat.patch
create mode 100644
grub-core/lib/libtasn1-patches/0003-libtasn1-replace-strcat-with-_asn1_str_cat.patch
create mode 100644
grub-core/lib/libtasn1-patches/0004-libtasn1-adjust-the-header-paths-in-libtasn1.h.patch
create mode 100644
grub-core/lib/libtasn1-patches/0005-libtasn1-Use-grub_divmod64-for-division.patch
create mode 100644
grub-core/lib/libtasn1-patches/0006-libtasn1-fix-the-potential-buffer-overrun.patch
create mode 100644
grub-core/lib/libtasn1-patches/0007-asn1_test-include-asn1_test.h-only.patch
create mode 100644
grub-core/lib/libtasn1-patches/0008-asn1_test-rename-the-main-functions-to-the-test-name.patch
create mode 100644
grub-core/lib/libtasn1-patches/0009-asn1_test-remove-verbose-and-the-unnecessary-printf.patch
create mode 100644
grub-core/lib/libtasn1-patches/0010-asn1_test-print-the-error-messages-with-grub_printf.patch
create mode 100644
grub-core/lib/libtasn1-patches/0011-asn1_test-return-either-0-or-1-to-reflect-the-result.patch
create mode 100644
grub-core/lib/libtasn1-patches/0012-asn1_test-use-the-grub-specific-functions-and-types.patch
create mode 100644 grub-core/lib/libtasn1/COPYING
create mode 100644 grub-core/lib/libtasn1/README.md
create mode 100644 grub-core/lib/libtasn1/lib/coding.c
create mode 100644 grub-core/lib/libtasn1/lib/decoding.c
create mode 100644 grub-core/lib/libtasn1/lib/element.c
create mode 100644 grub-core/lib/libtasn1/lib/element.h
create mode 100644 grub-core/lib/libtasn1/lib/errors.c
create mode 100644 grub-core/lib/libtasn1/lib/gstr.c
create mode 100644 grub-core/lib/libtasn1/lib/gstr.h
create mode 100644 grub-core/lib/libtasn1/lib/int.h
create mode 100644 grub-core/lib/libtasn1/lib/parser_aux.c
create mode 100644 grub-core/lib/libtasn1/lib/parser_aux.h
create mode 100644 grub-core/lib/libtasn1/lib/structure.c
create mode 100644 grub-core/lib/libtasn1/lib/structure.h
create mode 100644 grub-core/lib/libtasn1/libtasn1.h
create mode 100644 grub-core/lib/libtasn1/tests/CVE-2018-1000654-1_asn1_tab.h
create mode 100644 grub-core/lib/libtasn1/tests/CVE-2018-1000654-2_asn1_tab.h
create mode 100644 grub-core/lib/libtasn1/tests/CVE-2018-1000654.c
create mode 100644 grub-core/lib/libtasn1/tests/Test_overflow.c
create mode 100644 grub-core/lib/libtasn1/tests/Test_simple.c
create mode 100644 grub-core/lib/libtasn1/tests/Test_strings.c
create mode 100644 grub-core/lib/libtasn1/tests/object-id-decoding.c
create mode 100644 grub-core/lib/libtasn1/tests/object-id-encoding.c
create mode 100644 grub-core/lib/libtasn1/tests/octet-string.c
create mode 100644 grub-core/lib/libtasn1/tests/reproducers.c
create mode 100644 grub-core/lib/libtasn1_wrap/wrap.c
create mode 100644 grub-core/lib/posix_wrap/c-ctype.h
create mode 100644 grub-core/lib/tss2/buffer.c
create mode 100644 grub-core/lib/tss2/tcg2.h
create mode 100644 grub-core/lib/tss2/tcg2_emu.c
create mode 100644 grub-core/lib/tss2/tpm2_cmd.c
create mode 100644 grub-core/lib/tss2/tpm2_cmd.h
create mode 100644 grub-core/lib/tss2/tss2.c
create mode 100644 grub-core/lib/tss2/tss2_buffer.h
create mode 100644 grub-core/lib/tss2/tss2_mu.c
create mode 100644 grub-core/lib/tss2/tss2_mu.h
create mode 100644 grub-core/lib/tss2/tss2_structs.h
create mode 100644 grub-core/lib/tss2/tss2_types.h
create mode 100644 grub-core/tests/asn1/asn1_test.c
create mode 100644 grub-core/tests/asn1/asn1_test.h
create mode 100644 include/grub/key_protector.h
create mode 100644 tests/asn1_test.in
create mode 100644 tests/tpm2_key_protector_test.in
create mode 100644 util/grub-protect.c
Range-diff against v18:
1: 77d52a5b7 = 1: 7ddef18d2 posix_wrap: tweaks in preparation for libtasn1
2: 931fccd49 = 2: f27ad35a7 libtasn1: import libtasn1-4.19.0
3: 1ca207217 ! 3: 86f8e472e libtasn1: disable code not needed in grub
@@ Commit message
##
grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.patch
(new) ##
@@
-+From 6b61d48782dc67bed72af70aa5db5b9cb1b4f1d0 Mon Sep 17 00:00:00 2001
++From b927f1b24fe10c57edc9711ff4baa12b013ce351 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 1 May 2020 17:12:23 +1000
-+Subject: [PATCH 1/6] libtasn1: disable code not needed in grub
++Subject: [PATCH 01/12] libtasn1: disable code not needed in grub
+
+We don't expect to be able to write ASN.1, only read it,
+so we can disable some code.
@@
grub-core/lib/libtasn1-patches/0001-libtasn1-disable-code-not-needed-in-grub.pat
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Gary Lin <glin@suse.com>
++Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/lib/libtasn1-grub/lib/coding.c | 12 ++++++++++--
+ grub-core/lib/libtasn1-grub/lib/decoding.c | 2 ++
-: --------- > 4: 455cee6e0 libtasn1: replace strcat() with strcpy() in
_asn1_str_cat()
4: bf48cf8f8 ! 5: 6c2df83bd libtasn1: use bound-checked _asn1_str_cat()
@@ Metadata
Author: Gary Lin <glin@suse.com>
## Commit message ##
- libtasn1: use bound-checked _asn1_str_cat()
+ libtasn1: replace strcat() with _asn1_str_cat()
- Remove _asn1_strcat() and replace strcat() with the bound-checked
- _asn1_str_cat() except the one inside _asn1_str_cat(). That strcat
- is replaced with strcpy.
+ strcat() is not available in GRUB. This commit replaces strcat() and
+ _asn1_strcat() with the bounds-checking _asn1_str_cat().
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Gary Lin <glin@suse.com>
- ##
grub-core/lib/libtasn1-patches/0002-libtasn1-use-bound-checked-_asn1_str_cat.patch
(new) ##
+ ##
grub-core/lib/libtasn1-patches/0003-libtasn1-replace-strcat-with-_asn1_str_cat.patch
(new) ##
@@
-+From d87d8e78371e3afbdd876193295ab9e3f60c140b Mon Sep 17 00:00:00 2001
++From 8aa07d427966fbb560871a0a87e0af876920002c Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
-+Date: Tue, 25 Jun 2024 16:27:57 +0800
-+Subject: [PATCH 2/6] libtasn1: use bound-checked _asn1_str_cat()
++Date: Tue, 20 Aug 2024 16:26:45 +0800
++Subject: [PATCH 03/12] libtasn1: replace strcat() with _asn1_str_cat()
+
-+Remove _asn1_strcat() and replace strcat() with the bound-checked
-+_asn1_str_cat() except the one inside _asn1_str_cat(). That strcat
-+is replaced with strcpy.
++strcat() is not available in GRUB. This commit replaces strcat() and
++_asn1_strcat() with the bounds-checking _asn1_str_cat().
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Gary Lin <glin@suse.com>
+---
+ grub-core/lib/libtasn1-grub/lib/decoding.c | 8 ++++----
+ grub-core/lib/libtasn1-grub/lib/element.c | 2 +-
-+ grub-core/lib/libtasn1-grub/lib/gstr.c | 2 +-
+ grub-core/lib/libtasn1-grub/lib/int.h | 1 -
-+ 4 files changed, 6 insertions(+), 7 deletions(-)
++ 3 files changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/grub-core/lib/libtasn1-grub/lib/decoding.c
b/grub-core/lib/libtasn1-grub/lib/decoding.c
+index bf9cb13ac..51859fe36 100644
@@ -688,7 +688,7 @@ asn1_write_value (asn1_node node_root, const char *name,
+ }
+
+ /**
-+diff --git a/grub-core/lib/libtasn1-grub/lib/gstr.c
b/grub-core/lib/libtasn1-grub/lib/gstr.c
-+index eef419554..a9c16f5d3 100644
-+--- a/grub-core/lib/libtasn1-grub/lib/gstr.c
-++++ b/grub-core/lib/libtasn1-grub/lib/gstr.c
-+@@ -36,7 +36,7 @@ _asn1_str_cat (char *dest, size_t dest_tot_size, const
char *src)
-+
-+ if (dest_tot_size - dest_size > str_size)
-+ {
-+- strcat (dest, src);
-++ strcpy (dest + dest_size, src);
-+ }
-+ else
-+ {
+diff --git a/grub-core/lib/libtasn1-grub/lib/int.h
b/grub-core/lib/libtasn1-grub/lib/int.h
+index d94d51c8c..cadd80df6 100644
+--- a/grub-core/lib/libtasn1-grub/lib/int.h
5: 0f93bcdf5 ! 6: 626894626 libtasn1: adjust the header paths in libtasn1.h
@@ Metadata
## Commit message ##
libtasn1: adjust the header paths in libtasn1.h
- Use the grub headers instead of the standard POSIX headers.
+ Since libtasn1.h is the header to be included by users, including the
+ standard POSIX headers in libtasn1.h would force the user to add the
+ CFLAGS/CPPFLAGS for the POSIX headers.
+
+ This commit adjusts the header paths to use the grub headers instead of
+ the standard POSIX headers, so that users only need to include
+ libtasn1.h to use libtasn1 functions.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Gary Lin <glin@suse.com>
- ##
grub-core/lib/libtasn1-patches/0003-libtasn1-adjust-the-header-paths-in-libtasn1.h.patch
(new) ##
+ ##
grub-core/lib/libtasn1-patches/0004-libtasn1-adjust-the-header-paths-in-libtasn1.h.patch
(new) ##
@@
-+From da7ac4d6dff8876fc18f006de3c72da3c93833f5 Mon Sep 17 00:00:00 2001
++From 3ea2376db98e99a4461411fc476850de33822999 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Tue, 25 Jun 2024 16:30:40 +0800
-+Subject: [PATCH 3/6] libtasn1: adjust the header paths in libtasn1.h
++Subject: [PATCH 04/12] libtasn1: adjust the header paths in libtasn1.h
++
++Since libtasn1.h is the header to be included by users, including the
++standard POSIX headers in libtasn1.h would force the user to add the
++CFLAGS/CPPFLAGS for the POSIX headers.
+
-+Use the grub headers instead of the standard POSIX headers.
++This commit adjusts the header paths to use the grub headers instead of
++the standard POSIX headers, so that users only need to include
++libtasn1.h to use libtasn1 functions.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Gary Lin <glin@suse.com>
6: ab1fdab6f ! 7: 9805bc603 libtasn1: Use grub_divmod64() for division
@@ Metadata
## Commit message ##
libtasn1: Use grub_divmod64() for division
- Replace a 64 bit division with a call to grub_divmod64, preventing
- creation of __udivdi3 calls on 32 bit platforms.
+ Replace a 64-bit division with a call to grub_divmod64(), preventing
+ creation of __udivdi3() calls on 32-bit platforms.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
- ##
grub-core/lib/libtasn1-patches/0004-libtasn1-Use-grub_divmod64-for-division.patch
(new) ##
+ ##
grub-core/lib/libtasn1-patches/0005-libtasn1-Use-grub_divmod64-for-division.patch
(new) ##
@@
-+From 52ad4fb6a023f27fdcea490d8e4956ce3957b1f9 Mon Sep 17 00:00:00 2001
++From f4d086cc829544a33fd6fd705538cd8d820d6c40 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Tue, 25 Jun 2024 16:32:50 +0800
-+Subject: [PATCH 4/6] libtasn1: Use grub_divmod64() for division
++Subject: [PATCH 05/12] libtasn1: Use grub_divmod64() for division
+
-+Replace a 64 bit division with a call to grub_divmod64, preventing
-+creation of __udivdi3 calls on 32 bit platforms.
++Replace a 64-bit division with a call to grub_divmod64(), preventing
++creation of __udivdi3() calls on 32-bit platforms.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Gary Lin <glin@suse.com>
++Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/lib/libtasn1-grub/lib/parser_aux.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
7: caa413fd4 ! 8: 15b0caaaf libtasn1: fix the potential buffer overrun
@@ Commit message
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
- ##
grub-core/lib/libtasn1-patches/0005-libtasn1-fix-the-potential-buffer-overrun.patch
(new) ##
+ ##
grub-core/lib/libtasn1-patches/0006-libtasn1-fix-the-potential-buffer-overrun.patch
(new) ##
@@
-+From 38cc5e33cf89ed5d3152923fbedd9869bf566bb5 Mon Sep 17 00:00:00 2001
++From 66f5485a9b4ea02f7d2796c5f245fcbf7c88b390 Mon Sep 17 00:00:00 2001
+From: Gary Lin <glin@suse.com>
+Date: Mon, 8 Apr 2024 14:57:21 +0800
-+Subject: [PATCH 5/6] libtasn1: fix the potential buffer overrun
++Subject: [PATCH 06/12] libtasn1: fix the potential buffer overrun
+
+In _asn1_tag_der(), the first while loop for the long form may end up
+with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
@@
grub-core/lib/libtasn1-patches/0005-libtasn1-fix-the-potential-buffer-overrun.pa
+libtasn1 issue: https://gitlab.com/gnutls/libtasn1/-/issues/49
+
+Signed-off-by: Gary Lin <glin@suse.com>
++Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/lib/libtasn1-grub/lib/coding.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
8: 28045abf2 < -: --------- asn1_test: changes for grub compatibility
-: --------- > 9: 96da6bf0d asn1_test: include asn1_test.h only
-: --------- > 10: e00a23d87 asn1_test: rename the main functions to the
test names
-: --------- > 11: 6e91722f6 asn1_test: remove 'verbose' and the unnecessary
printf()
-: --------- > 12: c717d8585 asn1_test: print the error messages with
grub_printf()
-: --------- > 13: a1a1f32a6 asn1_test: return either 0 or 1 to reflect the
results
-: --------- > 14: 8e33e1600 asn1_test: use the grub-specific functions and
types
9: 87b0b3860 ! 15: 9731f42c9 libtasn1: compile into asn1 module
@@ autogen.sh: for x in mpi-asm-defs.h mpih-add1.c mpih-sub1.c mpih-mul1.c
mpih-mul
+
+for patch in \
+ 0001-libtasn1-disable-code-not-needed-in-grub.patch \
-+ 0002-libtasn1-use-bound-checked-_asn1_str_cat.patch \
-+ 0003-libtasn1-adjust-the-header-paths-in-libtasn1.h.patch \
-+ 0004-libtasn1-Use-grub_divmod64-for-division.patch \
-+ 0005-libtasn1-fix-the-potential-buffer-overrun.patch ; do
++ 0002-libtasn1-replace-strcat-with-strcpy-in-_asn1_str_cat.patch \
++ 0003-libtasn1-replace-strcat-with-_asn1_str_cat.patch \
++ 0004-libtasn1-adjust-the-header-paths-in-libtasn1.h.patch \
++ 0005-libtasn1-Use-grub_divmod64-for-division.patch \
++ 0006-libtasn1-fix-the-potential-buffer-overrun.patch ; do
+ patch -p1 -i grub-core/lib/libtasn1-patches/$patch
+done
+
@@ grub-core/lib/libtasn1_wrap/wrap.c (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2020 IBM Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
10: 6e39c7766 ! 16: 6fd2a949c asn1_test: test module for libtasn1
@@ Metadata
## Commit message ##
asn1_test: test module for libtasn1
- Import tests from libtasn1 that don't use functionality we don't
- import. This test module is integrated into functional_test so that the
+ Import tests from libtasn1 that use functionality we import.
+ This test module is integrated into functional_test so that the
user can run the test in grub shell.
This doesn't test the full decoder but that will be exercised in
@@ Commit message
Cc: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
## Makefile.util.def ##
@@ Makefile.util.def: script = {
@@ autogen.sh: mkdir -p grub-core/lib/libtasn1-grub/lib
+
for patch in \
0001-libtasn1-disable-code-not-needed-in-grub.patch \
- 0002-libtasn1-use-bound-checked-_asn1_str_cat.patch \
- 0003-libtasn1-adjust-the-header-paths-in-libtasn1.h.patch \
- 0004-libtasn1-Use-grub_divmod64-for-division.patch \
-- 0005-libtasn1-fix-the-potential-buffer-overrun.patch ; do
-+ 0005-libtasn1-fix-the-potential-buffer-overrun.patch \
-+ 0006-asn1_test-changes-for-grub-compatibility.patch ; do
+ 0002-libtasn1-replace-strcat-with-strcpy-in-_asn1_str_cat.patch \
+ 0003-libtasn1-replace-strcat-with-_asn1_str_cat.patch \
+ 0004-libtasn1-adjust-the-header-paths-in-libtasn1.h.patch \
+ 0005-libtasn1-Use-grub_divmod64-for-division.patch \
+- 0006-libtasn1-fix-the-potential-buffer-overrun.patch ; do
++ 0006-libtasn1-fix-the-potential-buffer-overrun.patch \
++ 0007-asn1_test-include-asn1_test.h-only.patch \
++ 0008-asn1_test-rename-the-main-functions-to-the-test-name.patch \
++ 0009-asn1_test-remove-verbose-and-the-unnecessary-printf.patch \
++ 0010-asn1_test-print-the-error-messages-with-grub_printf.patch \
++ 0011-asn1_test-return-either-0-or-1-to-reflect-the-result.patch \
++ 0012-asn1_test-use-the-grub-specific-functions-and-types.patch ; do
patch -p1 -i grub-core/lib/libtasn1-patches/$patch
done
@@ grub-core/tests/asn1/asn1_test.c (new)
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 IBM Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/tests/asn1/asn1_test.h (new)
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 IBM Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/tests/asn1/asn1_test.h (new)
+#include <grub/misc.h>
+#include <grub/types.h>
+
-+int test_CVE_2018_1000654 (void);
++extern int test_CVE_2018_1000654 (void);
+
-+int test_object_id_encoding (void);
++extern int test_object_id_encoding (void);
+
-+int test_object_id_decoding (void);
++extern int test_object_id_decoding (void);
+
-+int test_octet_string (void);
++extern int test_octet_string (void);
+
-+int test_overflow (void);
++extern int test_overflow (void);
+
-+int test_reproducers (void);
++extern int test_reproducers (void);
+
-+int test_simple (void);
++extern int test_simple (void);
+
-+int test_strings (void);
++extern int test_strings (void);
+
+#endif
11: 5a8b24309 ! 17: a7ae94e27 libtasn1: Add the documentation
@@ Commit message
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
+ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
## docs/grub-dev.texi ##
@@ docs/grub-dev.texi: to update it.
12: 3059a8df6 ! 18: 53342acde key_protector: Add key protectors framework
@@ grub-core/disk/key_protector.c (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/disk/key_protector.c (new)
+grub_err_t
+grub_key_protector_register (struct grub_key_protector *protector)
+{
-+ if (protector == NULL || protector->name == NULL || grub_strlen
(protector->name) == 0)
-+ return GRUB_ERR_BAD_ARGUMENT;
++ if (protector == NULL || protector->name == NULL || protector->name[0]
== '\0')
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid key protector for
registration");
+
-+ if (grub_key_protectors &&
-+ grub_named_list_find (GRUB_AS_NAMED_LIST (grub_key_protectors),
-+ protector->name))
-+ return GRUB_ERR_BAD_ARGUMENT;
++ if (grub_key_protectors != NULL &&
++ grub_named_list_find (GRUB_AS_NAMED_LIST (grub_key_protectors),
protector->name) != NULL)
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Key protector '%s' already
registered", protector->name);
+
-+ grub_list_push (GRUB_AS_LIST_P (&grub_key_protectors),
-+ GRUB_AS_LIST (protector));
++ grub_list_push (GRUB_AS_LIST_P (&grub_key_protectors), GRUB_AS_LIST
(protector));
+
+ return GRUB_ERR_NONE;
+}
@@ grub-core/disk/key_protector.c (new)
+grub_key_protector_unregister (struct grub_key_protector *protector)
+{
+ if (protector == NULL)
-+ return GRUB_ERR_BAD_ARGUMENT;
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid key protector for
unregistration");
+
+ grub_list_remove (GRUB_AS_LIST (protector));
+
@@ grub-core/disk/key_protector.c (new)
+ struct grub_key_protector *kp = NULL;
+
+ if (grub_key_protectors == NULL)
-+ return GRUB_ERR_OUT_OF_RANGE;
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "No key protector
registered");
+
-+ if (protector == NULL || grub_strlen (protector) == 0)
-+ return GRUB_ERR_BAD_ARGUMENT;
++ if (protector == NULL || protector[0] == '\0')
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid key protector");
+
-+ kp = grub_named_list_find (GRUB_AS_NAMED_LIST (grub_key_protectors),
-+ protector);
++ kp = grub_named_list_find (GRUB_AS_NAMED_LIST (grub_key_protectors),
protector);
+ if (kp == NULL)
-+ return grub_error (GRUB_ERR_OUT_OF_RANGE,
-+ N_("A key protector with name '%s' could not be found. "
-+ "Is the name spelled correctly and is the "
-+ "corresponding module loaded?"), protector);
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "Key protector '%s' not
found", protector);
+
+ return kp->recover_key (key, key_size);
+}
@@ include/grub/key_protector.h (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
13: 584346494 ! 19: db99647d5 tss2: Add TPM2 buffer handling functions
@@ Commit message
Cc: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
## grub-core/lib/tss2/buffer.c (new) ##
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/lib/tss2/buffer.c (new)
+}
+
+void
-+grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void* data,
-+ grub_size_t size)
++grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void *data,
grub_size_t size)
+{
+ grub_uint32_t r = buffer->cap - buffer->size;
+
@@ grub-core/lib/tss2/buffer.c (new)
+ return;
+ }
+
-+ grub_memcpy (&buffer->data[buffer->size], (void*) data, size);
++ grub_memcpy (&buffer->data[buffer->size], (void *) data, size);
+ buffer->size += size;
+}
+
+void
+grub_tpm2_buffer_pack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t value)
+{
-+ grub_tpm2_buffer_pack (buffer, (const char*) &value, sizeof (value));
++ grub_tpm2_buffer_pack (buffer, (const void *) &value, sizeof (value));
+}
+
+void
@@ grub-core/lib/tss2/buffer.c (new)
+{
+ grub_uint16_t tmp = grub_cpu_to_be16 (value);
+
-+ grub_tpm2_buffer_pack (buffer, (const char*) &tmp, sizeof (tmp));
++ grub_tpm2_buffer_pack (buffer, (const void *) &tmp, sizeof (tmp));
+}
+
+void
@@ grub-core/lib/tss2/buffer.c (new)
+{
+ grub_uint32_t tmp = grub_cpu_to_be32 (value);
+
-+ grub_tpm2_buffer_pack (buffer, (const char*) &tmp, sizeof (tmp));
++ grub_tpm2_buffer_pack (buffer, (const void *) &tmp, sizeof (tmp));
+}
+
+void
-+grub_tpm2_buffer_unpack (grub_tpm2_buffer_t buffer, void* data,
-+ grub_size_t size)
++grub_tpm2_buffer_unpack (grub_tpm2_buffer_t buffer, void *data,
grub_size_t size)
+{
+ grub_uint32_t r = buffer->size - buffer->offset;
+
@@ grub-core/lib/tss2/buffer.c (new)
+}
+
+void
-+grub_tpm2_buffer_unpack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t*
value)
++grub_tpm2_buffer_unpack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t
*value)
+{
+ grub_uint32_t r = buffer->size - buffer->offset;
+
@@ grub-core/lib/tss2/buffer.c (new)
+}
+
+void
-+grub_tpm2_buffer_unpack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t*
value)
++grub_tpm2_buffer_unpack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t
*value)
+{
+ grub_uint16_t tmp;
+ grub_uint32_t r = buffer->size - buffer->offset;
@@ grub-core/lib/tss2/buffer.c (new)
+}
+
+void
-+grub_tpm2_buffer_unpack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t*
value)
++grub_tpm2_buffer_unpack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t
*value)
+{
+ grub_uint32_t tmp;
+ grub_uint32_t r = buffer->size - buffer->offset;
@@ grub-core/lib/tss2/tss2_buffer.h (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/lib/tss2/tss2_buffer.h (new)
+ grub_size_t size;
+ grub_size_t offset;
+ grub_size_t cap;
-+ grub_uint8_t error;
++ bool error;
+};
+typedef struct grub_tpm2_buffer *grub_tpm2_buffer_t;
+
-+void
++extern void
+grub_tpm2_buffer_init (grub_tpm2_buffer_t buffer);
+
-+void
-+grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void* data,
-+ grub_size_t size);
++extern void
++grub_tpm2_buffer_pack (grub_tpm2_buffer_t buffer, const void *data,
grub_size_t size);
+
-+void
++extern void
+grub_tpm2_buffer_pack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t value);
+
-+void
++extern void
+grub_tpm2_buffer_pack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t
value);
+
-+void
++extern void
+grub_tpm2_buffer_pack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t
value);
+
-+void
-+grub_tpm2_buffer_unpack (grub_tpm2_buffer_t buffer, void* data,
-+ grub_size_t size);
++extern void
++grub_tpm2_buffer_unpack (grub_tpm2_buffer_t buffer, void *data,
grub_size_t size);
+
-+void
-+grub_tpm2_buffer_unpack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t*
value);
++extern void
++grub_tpm2_buffer_unpack_u8 (grub_tpm2_buffer_t buffer, grub_uint8_t
*value);
+
-+void
-+grub_tpm2_buffer_unpack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t*
value);
++extern void
++grub_tpm2_buffer_unpack_u16 (grub_tpm2_buffer_t buffer, grub_uint16_t
*value);
+
-+void
-+grub_tpm2_buffer_unpack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t*
value);
++extern void
++grub_tpm2_buffer_unpack_u32 (grub_tpm2_buffer_t buffer, grub_uint32_t
*value);
+
+#endif /* ! GRUB_TPM2_BUFFER_HEADER */
14: c2c071d9c < -: --------- tss2: Add TPM2 types and Marshal/Unmarshal
functions
-: --------- > 20: a5e494bb2 tss2: Add TPM2 types and Marshal/Unmarshal
functions
15: c3161e49b ! 21: 47cc29d2d tss2: Add TPM2 Software Stack (TSS2) support
@@ Commit message
necessary to, first, possess knowledge of the various TPM structures,
and,
second, of the TPM wire protocol itself.
- As such, this patch includes implementations of various TPM2_*
functions
+ As such, this patch includes implementations of various grub_tpm2_*
functions
(inventoried below), and logic to write and read command and response
buffers, respectively, using the TPM wire protocol.
- Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
- TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
- TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
- TPM2_LoadExternal, TPM2_Hash, TPM2_VerifySignature,
- TPM2_PolicyAuthorize, TPM2_TestParms
+ Functions:
+ * grub_tpm2_create()
+ * grub_tpm2_createprimary()
+ * grub_tpm2_evictcontrol()
+ * grub_tpm2_flushcontext()
+ * grub_tpm2_load()
+ * grub_tpm2_pcr_read()
+ * grub_tpm2_policygetdigest()
+ * grub_tpm2_policypcr()
+ * grub_tpm2_readpublic()
+ * grub_tpm2_startauthsession()
+ * grub_tpm2_unseal()
+ * grub_tpm2_loadexternal()
+ * grub_tpm2_hash()
+ * grub_tpm2_verifysignature()
+ * grub_tpm2_policyauthorize()
+ * grub_tpm2_testparms()
Cc: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
## grub-core/Makefile.core.def ##
@@ grub-core/Makefile.core.def: module = {
@@ grub-core/lib/efi/tcg2.c (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/lib/efi/tcg2.c (new)
+#include <tcg2.h>
+
+static grub_err_t
-+grub_tcg2_get_caps (grub_efi_tpm2_protocol_t *protocol, int *tpm2,
-+ grub_size_t *max_output_size)
++tcg2_get_caps (grub_efi_tpm2_protocol_t *protocol, int *tpm2, grub_size_t
*max_output_size)
+{
+ grub_efi_status_t status;
-+ static int has_caps = 0;
++ static bool has_caps = 0;
+ static EFI_TCG2_BOOT_SERVICE_CAPABILITY caps =
+ {
+ .Size = (grub_uint8_t) sizeof (caps)
@@ grub-core/lib/efi/tcg2.c (new)
+}
+
+static grub_err_t
-+grub_tcg2_get_protocol (grub_efi_tpm2_protocol_t **protocol)
++tcg2_get_protocol (grub_efi_tpm2_protocol_t **protocol)
+{
+ static grub_guid_t tpm2_guid = EFI_TPM2_GUID;
+ static grub_efi_tpm2_protocol_t *tpm2_protocol = NULL;
@@ grub-core/lib/efi/tcg2.c (new)
+ if (tpm2_protocol == NULL)
+ goto exit;
+
-+ err = grub_tcg2_get_caps (tpm2_protocol, &tpm2, NULL);
++ err = tcg2_get_caps (tpm2_protocol, &tpm2, NULL);
+ if (err != GRUB_ERR_NONE || tpm2 == 0)
+ goto exit;
+
@@ grub-core/lib/efi/tcg2.c (new)
+ if (size == NULL)
+ return GRUB_ERR_BAD_ARGUMENT;
+
-+ err = grub_tcg2_get_protocol (&protocol);
++ err = tcg2_get_protocol (&protocol);
+ if (err != GRUB_ERR_NONE)
+ return err;
+
-+ err = grub_tcg2_get_caps (protocol, NULL, &max);
++ err = tcg2_get_caps (protocol, NULL, &max);
+ if (err != GRUB_ERR_NONE)
+ return err;
+
@@ grub-core/lib/efi/tcg2.c (new)
+ output_size == 0 || output == NULL)
+ return GRUB_ERR_BAD_ARGUMENT;
+
-+ err = grub_tcg2_get_protocol (&protocol);
++ err = tcg2_get_protocol (&protocol);
+ if (err != GRUB_ERR_NONE)
+ return err;
+
@@ grub-core/lib/tss2/tcg2.h (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/lib/tss2/tcg2.h (new)
+#include <grub/err.h>
+#include <grub/types.h>
+
-+grub_err_t
++extern grub_err_t
+grub_tcg2_get_max_output_size (grub_size_t *size);
+
-+grub_err_t
++extern grub_err_t
+grub_tcg2_submit_command (grub_size_t input_size,
+ grub_uint8_t *input,
+ grub_size_t output_size,
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+#include <tcg2.h>
+#include <tpm2_cmd.h>
+
-+static TPM_RC
-+grub_tpm2_submit_command_real (const TPMI_ST_COMMAND_TAG tag,
-+ const TPM_CC commandCode,
-+ TPM_RC *responseCode,
-+ const struct grub_tpm2_buffer *in,
-+ struct grub_tpm2_buffer *out)
++static TPM_RC_t
++tpm2_submit_command_real (const TPMI_ST_COMMAND_TAG_t tag,
++ const TPM_CC_t commandCode,
++ TPM_RC_t *responseCode,
++ const struct grub_tpm2_buffer *in,
++ struct grub_tpm2_buffer *out)
+{
+ grub_err_t err;
+ struct grub_tpm2_buffer buf;
-+ TPMI_ST_COMMAND_TAG tag_out;
++ TPMI_ST_COMMAND_TAG_t tag_out;
+ grub_uint32_t command_size;
+ grub_size_t max_output_size;
+
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ max_output_size = out->cap - 1;
+
+ /* Submit */
-+ err = grub_tcg2_submit_command (buf.size, buf.data, max_output_size,
-+ out->data);
++ err = grub_tcg2_submit_command (buf.size, buf.data, max_output_size,
out->data);
+ if (err != GRUB_ERR_NONE)
+ return TPM_RC_FAILURE;
+
+ /* Unmarshal */
-+ out->size = sizeof (grub_uint16_t) + sizeof (grub_uint32_t) +
-+ sizeof (grub_uint32_t);
++ out->size = sizeof (grub_uint16_t) + sizeof (grub_uint32_t) + sizeof
(grub_uint32_t);
+ grub_tpm2_buffer_unpack_u16 (out, &tag_out);
+ grub_tpm2_buffer_unpack_u32 (out, &command_size);
+ grub_tpm2_buffer_unpack_u32 (out, responseCode);
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+static TPM_RC
-+grub_tpm2_submit_command (const TPMI_ST_COMMAND_TAG tag,
-+ const TPM_CC commandCode,
-+ TPM_RC *responseCode,
-+ const struct grub_tpm2_buffer *in,
-+ struct grub_tpm2_buffer *out)
++static TPM_RC_t
++tpm2_submit_command (const TPMI_ST_COMMAND_TAG_t tag,
++ const TPM_CC_t commandCode,
++ TPM_RC_t *responseCode,
++ const struct grub_tpm2_buffer *in,
++ struct grub_tpm2_buffer *out)
+{
-+ TPM_RC err;
++ TPM_RC_t err;
+ int retry_cnt = 0;
+
+ /* Catch TPM_RC_RETRY and send the command again */
+ do {
-+ err = grub_tpm2_submit_command_real (tag, commandCode, responseCode,
-+ in, out);
++ err = tpm2_submit_command_real (tag, commandCode, responseCode, in,
out);
+ if (*responseCode != TPM_RC_RETRY)
+ break;
+
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return err;
+}
+
-+TPM_RC
-+TPM2_CreatePrimary (const TPMI_RH_HIERARCHY primaryHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_SENSITIVE_CREATE *inSensitive,
-+ const TPM2B_PUBLIC *inPublic,
-+ const TPM2B_DATA *outsideInfo,
-+ const TPML_PCR_SELECTION *creationPCR,
-+ TPM_HANDLE *objectHandle,
-+ TPM2B_PUBLIC *outPublic,
-+ TPM2B_CREATION_DATA *creationData,
-+ TPM2B_DIGEST *creationHash,
-+ TPMT_TK_CREATION *creationTicket,
-+ TPM2B_NAME *name,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_createprimary (const TPMI_RH_HIERARCHY_t primaryHandle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_SENSITIVE_CREATE_t *inSensitive,
++ const TPM2B_PUBLIC_t *inPublic,
++ const TPM2B_DATA_t *outsideInfo,
++ const TPML_PCR_SELECTION_t *creationPCR,
++ TPM_HANDLE_t *objectHandle,
++ TPM2B_PUBLIC_t *outPublic,
++ TPM2B_CREATION_DATA_t *creationData,
++ TPM2B_DIGEST_t *creationHash,
++ TPMT_TK_CREATION_t *creationTicket,
++ TPM2B_NAME_t *name,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPM_HANDLE objectHandleTmp;
-+ TPM2B_PUBLIC outPublicTmp;
-+ TPM2B_CREATION_DATA creationDataTmp;
-+ TPM2B_DIGEST creationHashTmp;
-+ TPMT_TK_CREATION creationTicketTmp;
-+ TPM2B_NAME nameTmp;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
++ TPM_HANDLE_t objectHandleTmp;
++ TPM2B_PUBLIC_t outPublicTmp;
++ TPM2B_CREATION_DATA_t creationDataTmp;
++ TPM2B_DIGEST_t creationHashTmp;
++ TPMT_TK_CREATION_t creationTicketTmp;
++ TPM2B_NAME_t nameTmp;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
+ grub_uint32_t parameterSize;
+
+ if (inSensitive == NULL || inPublic == NULL || outsideInfo == NULL ||
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_CreatePrimary,
&responseCode, &in,
-+ &out);
++ rc = tpm2_submit_command (tag, TPM_CC_CreatePrimary, &responseCode,
&in, &out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_StartAuthSession (const TPMI_DH_OBJECT tpmKey,
-+ const TPMI_DH_ENTITY bind,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_NONCE *nonceCaller,
-+ const TPM2B_ENCRYPTED_SECRET *encryptedSalt,
-+ const TPM_SE sessionType,
-+ const TPMT_SYM_DEF *symmetric,
-+ const TPMI_ALG_HASH authHash,
-+ TPMI_SH_AUTH_SESSION *sessionHandle,
-+ TPM2B_NONCE *nonceTpm,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_startauthsession (const TPMI_DH_OBJECT_t tpmKey,
++ const TPMI_DH_ENTITY_t bind,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_NONCE_t *nonceCaller,
++ const TPM2B_ENCRYPTED_SECRET_t *encryptedSalt,
++ const TPM_SE_t sessionType,
++ const TPMT_SYM_DEF_t *symmetric,
++ const TPMI_ALG_HASH_t authHash,
++ TPMI_SH_AUTH_SESSION_t *sessionHandle,
++ TPM2B_NONCE_t *nonceTpm,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPMI_SH_AUTH_SESSION sessionHandleTmp;
-+ TPM2B_NONCE nonceTpmTmp;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
++ TPMI_SH_AUTH_SESSION_t sessionHandleTmp;
++ TPM2B_NONCE_t nonceTpmTmp;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
+ grub_uint32_t param_size;
+
+ if (nonceCaller == NULL || symmetric == NULL)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_StartAuthSession,
&responseCode,
++ rc = tpm2_submit_command (tag, TPM_CC_StartAuthSession, &responseCode,
+ &in, &out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_PolicyPCR (const TPMI_SH_POLICY policySessions,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_DIGEST *pcrDigest,
-+ const TPML_PCR_SELECTION *pcrs,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_policypcr (const TPMI_SH_POLICY_t policySessions,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_DIGEST_t *pcrDigest,
++ const TPML_PCR_SELECTION_t *pcrs,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
+ grub_uint32_t param_size;
+
+ if (pcrs == NULL)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_PolicyPCR, &responseCode,
&in,
-+ &out);
++ rc = tpm2_submit_command (tag, TPM_CC_PolicyPCR, &responseCode, &in,
&out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_ReadPublic (const TPMI_DH_OBJECT objectHandle,
-+ const TPMS_AUTH_COMMAND* authCommand,
-+ TPM2B_PUBLIC *outPublic)
++TPM_RC_t
++grub_tpm2_readpublic (const TPMI_DH_OBJECT_t objectHandle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ TPM2B_PUBLIC_t *outPublic)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
+ grub_uint32_t parameterSize;
+
+ /* Marshal */
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_ReadPublic, &responseCode,
&in,
-+ &out);
++ rc = tpm2_submit_command (tag, TPM_CC_ReadPublic, &responseCode, &in,
&out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_Load (const TPMI_DH_OBJECT parent_handle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_PRIVATE *inPrivate,
-+ const TPM2B_PUBLIC *inPublic,
-+ TPM_HANDLE *objectHandle,
-+ TPM2B_NAME *name,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_load (const TPMI_DH_OBJECT_t parent_handle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_PRIVATE_t *inPrivate,
++ const TPM2B_PUBLIC_t *inPublic,
++ TPM_HANDLE_t *objectHandle,
++ TPM2B_NAME_t *name,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPM_HANDLE objectHandleTmp;
-+ TPM2B_NAME nameTmp;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
++ TPM_HANDLE_t objectHandleTmp;
++ TPM2B_NAME_t nameTmp;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
+ grub_uint32_t param_size;
+
+ if (inPrivate == NULL || inPublic == NULL)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_Load, &responseCode, &in,
&out);
++ rc = tpm2_submit_command (tag, TPM_CC_Load, &responseCode, &in, &out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_LoadExternal (const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_SENSITIVE *inPrivate,
-+ const TPM2B_PUBLIC *inPublic,
-+ const TPMI_RH_HIERARCHY hierarchy,
-+ TPM_HANDLE *objectHandle,
-+ TPM2B_NAME *name,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_loadexternal (const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_SENSITIVE_t *inPrivate,
++ const TPM2B_PUBLIC_t *inPublic,
++ const TPMI_RH_HIERARCHY_t hierarchy,
++ TPM_HANDLE_t *objectHandle,
++ TPM2B_NAME_t *name,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPM_HANDLE objectHandleTmp;
-+ TPM2B_NAME nameTmp;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
++ TPM_HANDLE_t objectHandleTmp;
++ TPM2B_NAME_t nameTmp;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
+ grub_uint32_t param_size;
+
+ if (inPublic == NULL)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_LoadExternal, &responseCode,
&in, &out);
++ rc = tpm2_submit_command (tag, TPM_CC_LoadExternal, &responseCode, &in,
&out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_Unseal (const TPMI_DH_OBJECT itemHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ TPM2B_SENSITIVE_DATA *outData,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_unseal (const TPMI_DH_OBJECT_t itemHandle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ TPM2B_SENSITIVE_DATA_t *outData,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPM2B_SENSITIVE_DATA outDataTmp;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
++ TPM2B_SENSITIVE_DATA_t outDataTmp;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
+ grub_uint32_t param_size;
+
+ if (outData == NULL)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_Unseal, &responseCode, &in,
&out);
++ rc = tpm2_submit_command (tag, TPM_CC_Unseal, &responseCode, &in, &out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_FlushContext (const TPMI_DH_CONTEXT handle)
++TPM_RC_t
++grub_tpm2_flushcontext (const TPMI_DH_CONTEXT_t handle)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPM_RC responseCode;
++ TPM_RC_t responseCode;
+
+ /* Marshal */
+ grub_tpm2_buffer_init (&in);
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (TPM_ST_NO_SESSIONS, TPM_CC_FlushContext,
-+ &responseCode, &in, &out);
++ rc = tpm2_submit_command (TPM_ST_NO_SESSIONS, TPM_CC_FlushContext,
&responseCode, &in, &out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_PCR_Read (const TPMS_AUTH_COMMAND *authCommand,
-+ const TPML_PCR_SELECTION *pcrSelectionIn,
-+ grub_uint32_t *pcrUpdateCounter,
-+ TPML_PCR_SELECTION *pcrSelectionOut,
-+ TPML_DIGEST *pcrValues,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_pcr_read (const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPML_PCR_SELECTION_t *pcrSelectionIn,
++ grub_uint32_t *pcrUpdateCounter,
++ TPML_PCR_SELECTION_t *pcrSelectionOut,
++ TPML_DIGEST_t *pcrValues,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
+ grub_uint32_t pcrUpdateCounterTmp;
-+ TPML_PCR_SELECTION pcrSelectionOutTmp;
-+ TPML_DIGEST pcrValuesTmp;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
++ TPML_PCR_SELECTION_t pcrSelectionOutTmp;
++ TPML_DIGEST_t pcrValuesTmp;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
+ grub_uint32_t parameterSize;
+
+ if (pcrSelectionIn == NULL)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_PCR_Read, &responseCode, &in,
-+ &out);
++ rc = tpm2_submit_command (tag, TPM_CC_PCR_Read, &responseCode, &in,
&out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_PolicyGetDigest (const TPMI_SH_POLICY policySession,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ TPM2B_DIGEST *policyDigest,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_policygetdigest (const TPMI_SH_POLICY_t policySession,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ TPM2B_DIGEST_t *policyDigest,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPM2B_DIGEST policyDigestTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPM2B_DIGEST_t policyDigestTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
+ grub_uint32_t parameterSize;
+
+ if (authResponse == NULL)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_PolicyGetDigest,
&responseCode,
-+ &in, &out);
++ rc = tpm2_submit_command (tag, TPM_CC_PolicyGetDigest, &responseCode,
&in, &out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_Create (const TPMI_DH_OBJECT parentHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_SENSITIVE_CREATE *inSensitive,
-+ const TPM2B_PUBLIC *inPublic,
-+ const TPM2B_DATA *outsideInfo,
-+ const TPML_PCR_SELECTION *creationPCR,
-+ TPM2B_PRIVATE *outPrivate,
-+ TPM2B_PUBLIC *outPublic,
-+ TPM2B_CREATION_DATA *creationData,
-+ TPM2B_DIGEST *creationHash,
-+ TPMT_TK_CREATION *creationTicket,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_create (const TPMI_DH_OBJECT_t parentHandle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_SENSITIVE_CREATE_t *inSensitive,
++ const TPM2B_PUBLIC_t *inPublic,
++ const TPM2B_DATA_t *outsideInfo,
++ const TPML_PCR_SELECTION_t *creationPCR,
++ TPM2B_PRIVATE_t *outPrivate,
++ TPM2B_PUBLIC_t *outPublic,
++ TPM2B_CREATION_DATA_t *creationData,
++ TPM2B_DIGEST_t *creationHash,
++ TPMT_TK_CREATION_t *creationTicket,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPM2B_PUBLIC outPublicTmp;
-+ TPM2B_PRIVATE outPrivateTmp;
-+ TPM2B_CREATION_DATA creationDataTmp;
-+ TPM2B_DIGEST creationHashTmp;
-+ TPMT_TK_CREATION creationTicketTmp;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ?
TPM_ST_SESSIONS:TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
-+ TPM_RC rc;
++ TPM2B_PUBLIC_t outPublicTmp;
++ TPM2B_PRIVATE_t outPrivateTmp;
++ TPM2B_CREATION_DATA_t creationDataTmp;
++ TPM2B_DIGEST_t creationHashTmp;
++ TPMT_TK_CREATION_t creationTicketTmp;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ?
TPM_ST_SESSIONS:TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
++ TPM_RC_t rc;
+ grub_uint32_t parameterSize;
+
+ if (inSensitive == NULL || inPublic == NULL || outsideInfo == NULL ||
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_Create, &responseCode, &in,
-+ &out);
++ rc = tpm2_submit_command (tag, TPM_CC_Create, &responseCode, &in, &out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_EvictControl (const TPMI_RH_PROVISION auth,
-+ const TPMI_DH_OBJECT objectHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPMI_DH_PERSISTENT persistentHandle,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_evictcontrol (const TPMI_RH_PROVISION_t auth,
++ const TPMI_DH_OBJECT_t objectHandle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPMI_DH_PERSISTENT_t persistentHandle,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
-+ TPM_RC rc;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
++ TPM_RC_t rc;
+ grub_uint32_t parameterSize;
+
+ if (authResponse == NULL)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_EvictControl, &responseCode,
&in,
-+ &out);
++ rc = tpm2_submit_command (tag, TPM_CC_EvictControl, &responseCode, &in,
&out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_Hash (const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_MAX_BUFFER *data,
-+ const TPMI_ALG_HASH hashAlg,
-+ const TPMI_RH_HIERARCHY hierarchy,
-+ TPM2B_DIGEST *outHash,
-+ TPMT_TK_HASHCHECK *validation,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_hash (const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_MAX_BUFFER_t *data,
++ const TPMI_ALG_HASH_t hashAlg,
++ const TPMI_RH_HIERARCHY_t hierarchy,
++ TPM2B_DIGEST_t *outHash,
++ TPMT_TK_HASHCHECK_t *validation,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPM2B_DIGEST outHashTmp;
-+ TPMT_TK_HASHCHECK validationTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPM2B_DIGEST_t outHashTmp;
++ TPMT_TK_HASHCHECK_t validationTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
+ grub_uint32_t param_size;
+
+ if (hashAlg == TPM_ALG_NULL)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_Hash, &responseCode, &in,
&out);
++ rc = tpm2_submit_command (tag, TPM_CC_Hash, &responseCode, &in, &out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_VerifySignature (const TPMI_DH_OBJECT keyHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_DIGEST *digest,
-+ const TPMT_SIGNATURE *signature,
-+ TPMT_TK_VERIFIED *validation,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_verifysignature (const TPMI_DH_OBJECT_t keyHandle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_DIGEST_t *digest,
++ const TPMT_SIGNATURE_t *signature,
++ TPMT_TK_VERIFIED_t *validation,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPMT_TK_VERIFIED validationTmp;
-+ TPM_RC responseCode;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPMT_TK_VERIFIED_t validationTmp;
++ TPM_RC_t responseCode;
+ grub_uint32_t param_size;
+
+ if (digest == NULL || signature == NULL)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_VerifySignature,
&responseCode, &in, &out);
++ rc = tpm2_submit_command (tag, TPM_CC_VerifySignature, &responseCode,
&in, &out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_PolicyAuthorize (const TPMI_SH_POLICY policySession,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_DIGEST *approvedPolicy,
-+ const TPM2B_NONCE *policyRef,
-+ const TPM2B_NAME *keySign,
-+ const TPMT_TK_VERIFIED *checkTicket,
-+ TPMS_AUTH_RESPONSE *authResponse)
++TPM_RC_t
++grub_tpm2_policyauthorize (const TPMI_SH_POLICY_t policySession,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_DIGEST_t *approvedPolicy,
++ const TPM2B_NONCE_t *policyRef,
++ const TPM2B_NAME_t *keySign,
++ const TPMT_TK_VERIFIED_t *checkTicket,
++ TPMS_AUTH_RESPONSE_t *authResponse)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPMS_AUTH_RESPONSE authResponseTmp;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
++ TPMS_AUTH_RESPONSE_t authResponseTmp;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
+ grub_uint32_t param_size;
+
+ if (approvedPolicy == NULL || keySign == NULL || checkTicket == NULL)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_PolicyAuthorize,
&responseCode, &in, &out);
++ rc = tpm2_submit_command (tag, TPM_CC_PolicyAuthorize, &responseCode,
&in, &out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
+ if (responseCode != TPM_RC_SUCCESS)
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+ return TPM_RC_SUCCESS;
+}
+
-+TPM_RC
-+TPM2_TestParms (const TPMT_PUBLIC_PARMS *parms,
-+ const TPMS_AUTH_COMMAND* authCommand)
++TPM_RC_t
++grub_tpm2_testparms (const TPMT_PUBLIC_PARMS_t *parms,
++ const TPMS_AUTH_COMMAND_t *authCommand)
+{
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ struct grub_tpm2_buffer in;
+ struct grub_tpm2_buffer out;
-+ TPMI_ST_COMMAND_TAG tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
-+ TPM_RC responseCode;
++ TPMI_ST_COMMAND_TAG_t tag = authCommand ? TPM_ST_SESSIONS :
TPM_ST_NO_SESSIONS;
++ TPM_RC_t responseCode;
+
+ if (parms == NULL)
+ return TPM_RC_VALUE;
@@ grub-core/lib/tss2/tpm2_cmd.c (new)
+
+ /* Submit */
+ grub_tpm2_buffer_init (&out);
-+ rc = grub_tpm2_submit_command (tag, TPM_CC_TestParms, &responseCode,
&in,
++ rc = tpm2_submit_command (tag, TPM_CC_TestParms, &responseCode, &in,
+ &out);
+ if (rc != TPM_RC_SUCCESS)
+ return rc;
@@ grub-core/lib/tss2/tpm2_cmd.h (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/lib/tss2/tpm2_cmd.h (new)
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
-+#ifndef GRUB_TPM2_INTERNAL_FUNCTIONS_HEADER
-+#define GRUB_TPM2_INTERNAL_FUNCTIONS_HEADER 1
++#ifndef GRUB_TPM2_COMMANDS_HEADER
++#define GRUB_TPM2_COMMANDS_HEADER 1
+
+#include <tss2_structs.h>
+
-+TPM_RC
-+TPM2_CreatePrimary (const TPMI_RH_HIERARCHY primaryHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_SENSITIVE_CREATE *inSensitive,
-+ const TPM2B_PUBLIC *inPublic,
-+ const TPM2B_DATA *outsideInfo,
-+ const TPML_PCR_SELECTION *creationPCR,
-+ TPM_HANDLE *objectHandle,
-+ TPM2B_PUBLIC *outPublic,
-+ TPM2B_CREATION_DATA *creationData,
-+ TPM2B_DIGEST *creationHash,
-+ TPMT_TK_CREATION *creationTicket,
-+ TPM2B_NAME *name,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_StartAuthSession (const TPMI_DH_OBJECT tpmKey,
-+ const TPMI_DH_ENTITY bind,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_NONCE *nonceCaller,
-+ const TPM2B_ENCRYPTED_SECRET *encryptedSalt,
-+ const TPM_SE sessionType,
-+ const TPMT_SYM_DEF *symmetric,
-+ const TPMI_ALG_HASH authHash,
-+ TPMI_SH_AUTH_SESSION *sessionHandle,
-+ TPM2B_NONCE *nonceTpm,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_PolicyPCR (const TPMI_SH_POLICY policySession,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_DIGEST *pcrDigest,
-+ const TPML_PCR_SELECTION *pcrs,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_ReadPublic (const TPMI_DH_OBJECT objectHandle,
-+ const TPMS_AUTH_COMMAND* authCommand,
-+ TPM2B_PUBLIC *outPublic);
-+
-+TPM_RC
-+TPM2_Load (const TPMI_DH_OBJECT parent_handle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_PRIVATE *inPrivate,
-+ const TPM2B_PUBLIC *inPublic,
-+ TPM_HANDLE *objectHandle,
-+ TPM2B_NAME *name,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_LoadExternal (const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_SENSITIVE *inPrivate,
-+ const TPM2B_PUBLIC *inPublic,
-+ const TPMI_RH_HIERARCHY hierarchy,
-+ TPM_HANDLE *objectHandle,
-+ TPM2B_NAME *name,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_Unseal (const TPMI_DH_OBJECT item_handle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ TPM2B_SENSITIVE_DATA *outData,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_FlushContext (const TPMI_DH_CONTEXT handle);
-+
-+TPM_RC
-+TPM2_PCR_Read (const TPMS_AUTH_COMMAND *authCommand,
-+ const TPML_PCR_SELECTION *pcrSelectionIn,
-+ grub_uint32_t *pcrUpdateCounter,
-+ TPML_PCR_SELECTION *pcrSelectionOut,
-+ TPML_DIGEST *pcrValues,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_PolicyGetDigest (const TPMI_SH_POLICY policySession,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ TPM2B_DIGEST *policyDigest,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_Create (const TPMI_DH_OBJECT parentHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_SENSITIVE_CREATE *inSensitive,
-+ const TPM2B_PUBLIC *inPublic,
-+ const TPM2B_DATA *outsideInfo,
-+ const TPML_PCR_SELECTION *creationPCR,
-+ TPM2B_PRIVATE *outPrivate,
-+ TPM2B_PUBLIC *outPublic,
-+ TPM2B_CREATION_DATA *creationData,
-+ TPM2B_DIGEST *creationHash,
-+ TPMT_TK_CREATION *creationTicket,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_EvictControl (const TPMI_RH_PROVISION auth,
-+ const TPMI_DH_OBJECT objectHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPMI_DH_PERSISTENT persistentHandle,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_Hash (const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_MAX_BUFFER *data,
-+ const TPMI_ALG_HASH hashAlg,
-+ const TPMI_RH_HIERARCHY hierarchy,
-+ TPM2B_DIGEST *outHash,
-+ TPMT_TK_HASHCHECK *validation,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_VerifySignature (const TPMI_DH_OBJECT keyHandle,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_DIGEST *digest,
-+ const TPMT_SIGNATURE *signature,
-+ TPMT_TK_VERIFIED *validation,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_PolicyAuthorize (const TPMI_SH_POLICY policySession,
-+ const TPMS_AUTH_COMMAND *authCommand,
-+ const TPM2B_DIGEST *approvedPolicy,
-+ const TPM2B_NONCE *policyRef,
-+ const TPM2B_NAME *keySign,
-+ const TPMT_TK_VERIFIED *checkTicket,
-+ TPMS_AUTH_RESPONSE *authResponse);
-+
-+TPM_RC
-+TPM2_TestParms (const TPMT_PUBLIC_PARMS *parms,
-+ const TPMS_AUTH_COMMAND* authCommand);
-+
-+#endif /* ! GRUB_TPM2_INTERNAL_FUNCTIONS_HEADER */
++extern TPM_RC_t
++grub_tpm2_createprimary (const TPMI_RH_HIERARCHY_t primaryHandle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_SENSITIVE_CREATE_t *inSensitive,
++ const TPM2B_PUBLIC_t *inPublic,
++ const TPM2B_DATA_t *outsideInfo,
++ const TPML_PCR_SELECTION_t *creationPCR,
++ TPM_HANDLE_t *objectHandle,
++ TPM2B_PUBLIC_t *outPublic,
++ TPM2B_CREATION_DATA_t *creationData,
++ TPM2B_DIGEST_t *creationHash,
++ TPMT_TK_CREATION_t *creationTicket,
++ TPM2B_NAME_t *name,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_startauthsession (const TPMI_DH_OBJECT_t tpmKey,
++ const TPMI_DH_ENTITY_t bind,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_NONCE_t *nonceCaller,
++ const TPM2B_ENCRYPTED_SECRET_t *encryptedSalt,
++ const TPM_SE_t sessionType,
++ const TPMT_SYM_DEF_t *symmetric,
++ const TPMI_ALG_HASH_t authHash,
++ TPMI_SH_AUTH_SESSION_t *sessionHandle,
++ TPM2B_NONCE_t *nonceTpm,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_policypcr (const TPMI_SH_POLICY_t policySession,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_DIGEST_t *pcrDigest,
++ const TPML_PCR_SELECTION_t *pcrs,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_readpublic (const TPMI_DH_OBJECT_t objectHandle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ TPM2B_PUBLIC_t *outPublic);
++
++extern TPM_RC_t
++grub_tpm2_load (const TPMI_DH_OBJECT_t parent_handle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_PRIVATE_t *inPrivate,
++ const TPM2B_PUBLIC_t *inPublic,
++ TPM_HANDLE_t *objectHandle,
++ TPM2B_NAME_t *name,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_loadexternal (const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_SENSITIVE_t *inPrivate,
++ const TPM2B_PUBLIC_t *inPublic,
++ const TPMI_RH_HIERARCHY_t hierarchy,
++ TPM_HANDLE_t *objectHandle,
++ TPM2B_NAME_t *name,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_unseal (const TPMI_DH_OBJECT_t item_handle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ TPM2B_SENSITIVE_DATA_t *outData,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_flushcontext (const TPMI_DH_CONTEXT_t handle);
++
++extern TPM_RC_t
++grub_tpm2_pcr_read (const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPML_PCR_SELECTION_t *pcrSelectionIn,
++ grub_uint32_t *pcrUpdateCounter,
++ TPML_PCR_SELECTION_t *pcrSelectionOut,
++ TPML_DIGEST_t *pcrValues,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_policygetdigest (const TPMI_SH_POLICY_t policySession,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ TPM2B_DIGEST_t *policyDigest,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_create (const TPMI_DH_OBJECT_t parentHandle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_SENSITIVE_CREATE_t *inSensitive,
++ const TPM2B_PUBLIC_t *inPublic,
++ const TPM2B_DATA_t *outsideInfo,
++ const TPML_PCR_SELECTION_t *creationPCR,
++ TPM2B_PRIVATE_t *outPrivate,
++ TPM2B_PUBLIC_t *outPublic,
++ TPM2B_CREATION_DATA_t *creationData,
++ TPM2B_DIGEST_t *creationHash,
++ TPMT_TK_CREATION_t *creationTicket,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_evictcontrol (const TPMI_RH_PROVISION_t auth,
++ const TPMI_DH_OBJECT_t objectHandle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPMI_DH_PERSISTENT_t persistentHandle,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_hash (const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_MAX_BUFFER_t *data,
++ const TPMI_ALG_HASH_t hashAlg,
++ const TPMI_RH_HIERARCHY_t hierarchy,
++ TPM2B_DIGEST_t *outHash,
++ TPMT_TK_HASHCHECK_t *validation,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_verifysignature (const TPMI_DH_OBJECT_t keyHandle,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_DIGEST_t *digest,
++ const TPMT_SIGNATURE_t *signature,
++ TPMT_TK_VERIFIED_t *validation,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_policyauthorize (const TPMI_SH_POLICY_t policySession,
++ const TPMS_AUTH_COMMAND_t *authCommand,
++ const TPM2B_DIGEST_t *approvedPolicy,
++ const TPM2B_NONCE_t *policyRef,
++ const TPM2B_NAME_t *keySign,
++ const TPMT_TK_VERIFIED_t *checkTicket,
++ TPMS_AUTH_RESPONSE_t *authResponse);
++
++extern TPM_RC_t
++grub_tpm2_testparms (const TPMT_PUBLIC_PARMS_t *parms,
++ const TPMS_AUTH_COMMAND_t *authCommand);
++
++#endif /* ! GRUB_TPM2_COMMANDS_HEADER */
## grub-core/lib/tss2/tss2.c (new) ##
@@
16: dd1efc0fe ! 22: 12d09a2c8 key_protector: Add TPM2 Key Protector
@@ grub-core/commands/tpm2_key_protector/args.c (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/commands/tpm2_key_protector/args.c (new)
+ {
+ next_pcr = grub_strchr (current_pcr, ',');
+ if (next_pcr == current_pcr)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Empty entry in PCR
list"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Empty entry in PCR list");
+ if (next_pcr != NULL)
+ *next_pcr = '\0';
+
+ grub_errno = GRUB_ERR_NONE;
+ pcr = grub_strtoul (current_pcr, &pcr_end, 10);
+ if (*current_pcr == '\0' || *pcr_end != '\0')
-+ return grub_error (GRUB_ERR_BAD_NUMBER, N_("Entry '%s' in PCR list is
not a number"), current_pcr);
++ return grub_error (GRUB_ERR_BAD_NUMBER, "Entry '%s' in PCR list is not
a number", current_pcr);
+
+ if (pcr > TPM_MAX_PCRS)
-+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("Entry %lu in PCR list is
too large to be a PCR number, PCR numbers range from 0 to %u"), pcr,
TPM_MAX_PCRS);
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "Entry %" PRIuGRUB_UINT64_T "
in PCR list is too large to be a PCR number, PCR numbers range from 0 to %u",
pcr, TPM_MAX_PCRS);
+
+ pcrs[i] = (grub_uint8_t) pcr;
+ ++(*pcr_count);
@@ grub-core/commands/tpm2_key_protector/args.c (new)
+
+ current_pcr = next_pcr + 1;
+ if (*current_pcr == '\0')
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Trailing comma at the end
of PCR list"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Trailing comma at the end of
PCR list");
+ }
+
+ if (i == TPM_MAX_PCRS)
-+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("Too many PCRs in PCR
list, the maximum number of PCRs is %u"), TPM_MAX_PCRS);
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "Too many PCRs in PCR list,
the maximum number of PCRs is %u", TPM_MAX_PCRS);
+
+ return GRUB_ERR_NONE;
+}
@@ grub-core/commands/tpm2_key_protector/args.c (new)
+ srk_type->detail.rsa_bits = 2048;
+ }
+ else
-+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("Value '%s' is not a
valid asymmetric key type"), value);
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "Value '%s' is not a valid
asymmetric key type", value);
+
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
-+grub_tpm2_protector_parse_bank (const char *value, TPM_ALG_ID *bank)
++grub_tpm2_protector_parse_bank (const char *value, TPM_ALG_ID_t *bank)
+{
+ if (grub_strcasecmp (value, "SHA1") == 0)
+ *bank = TPM_ALG_SHA1;
@@ grub-core/commands/tpm2_key_protector/args.c (new)
+ else if (grub_strcasecmp (value, "SHA512") == 0)
+ *bank = TPM_ALG_SHA512;
+ else
-+ return grub_error (GRUB_ERR_OUT_OF_RANGE,
-+ N_("Value '%s' is not a valid PCR bank"), value);
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "Value '%s' is not a valid
PCR bank", value);
+
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
-+grub_tpm2_protector_parse_tpm_handle (const char *value, TPM_HANDLE
*handle)
++grub_tpm2_protector_parse_tpm_handle (const char *value, TPM_HANDLE_t
*handle)
+{
+ grub_uint64_t num;
+ const char *str_end;
@@ grub-core/commands/tpm2_key_protector/args.c (new)
+ grub_errno = GRUB_ERR_NONE;
+ num = grub_strtoul (value, &str_end, 0);
+ if (*value == '\0' || *str_end != '\0')
-+ return grub_error (GRUB_ERR_BAD_NUMBER, N_("TPM handle value '%s' is
not a number"), value);
++ return grub_error (GRUB_ERR_BAD_NUMBER, "TPM handle value '%s' is not
a number", value);
+
+ if (num > GRUB_UINT_MAX)
-+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("Value %lu is too large
to be a TPM handle, TPM handles are unsigned 32-bit integers"), num);
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "Value %lu is too large to
be a TPM handle, TPM handles are unsigned 32-bit integers", num);
+
-+ *handle = (TPM_HANDLE) num;
++ *handle = (TPM_HANDLE_t) num;
+
+ return GRUB_ERR_NONE;
+}
@@ grub-core/commands/tpm2_key_protector/module.c (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ grub_uint8_t pcrs[TPM_MAX_PCRS];
+ grub_uint8_t pcr_count;
+ grub_srk_type_t srk_type;
-+ TPM_ALG_ID bank;
++ TPM_ALG_ID_t bank;
+ const char *tpm2key;
+ const char *keyfile;
-+ TPM_HANDLE srk;
-+ TPM_HANDLE nv;
++ TPM_HANDLE_t srk;
++ TPM_HANDLE_t nv;
+};
+
+static const struct grub_arg_option
grub_tpm2_protector_init_cmd_options[] =
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+static struct grub_tpm2_protector_context grub_tpm2_protector_ctx = {0};
+
+static grub_err_t
-+grub_tpm2_protector_srk_read_file (const char *filepath, void **buffer,
-+ grub_size_t *buffer_size)
++tpm2_protector_srk_read_file (const char *filepath, void **buffer,
grub_size_t *buffer_size)
+{
+ grub_file_t file;
+ grub_off_t file_size;
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ grub_off_t read_n;
+ grub_err_t err;
+
-+ /* Using GRUB_FILE_TYPE_SIGNATURE ensures we do not hash the keyfile
into PCR9
-+ * otherwise we'll never be able to predict the value of PCR9 at unseal
time */
++ /*
++ * Using GRUB_FILE_TYPE_SIGNATURE ensures we do not hash the keyfile
into PCR9
++ * otherwise we'll never be able to predict the value of PCR9 at unseal
time
++ */
+ file = grub_file_open (filepath, GRUB_FILE_TYPE_SIGNATURE);
+ if (file == NULL)
+ {
+ /* Push errno from grub_file_open() into the error message stack */
+ grub_error_push();
-+ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("Could not open file:
%s\n"), filepath);
++ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, "Could not open file:
%s", filepath);
+ goto error;
+ }
+
+ file_size = grub_file_size (file);
+ if (file_size == 0)
+ {
-+ err = grub_error (GRUB_ERR_OUT_OF_RANGE, N_("Could not read file
size: %s"), filepath);
++ err = grub_error (GRUB_ERR_OUT_OF_RANGE, "Could not read file size:
%s", filepath);
+ goto error;
+ }
+
+ read_buffer = grub_malloc (file_size);
+ if (read_buffer == NULL)
+ {
-+ err = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("Could not allocate
buffer for %s"), filepath);
++ err = grub_error (GRUB_ERR_OUT_OF_MEMORY, "Could not allocate
buffer for %s", filepath);
+ goto error;
+ }
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ if (read_n != file_size)
+ {
+ grub_free (read_buffer);
-+ err = grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Could not retrieve
file contents: %s"), filepath);
++ err = grub_error (GRUB_ERR_FILE_READ_ERROR, "Could not retrieve
file contents: %s", filepath);
+ goto error;
+ }
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+}
+
+static grub_err_t
-+grub_tpm2_protector_srk_unmarshal_keyfile (void *sealed_key,
-+ grub_size_t sealed_key_size,
-+ tpm2_sealed_key_t *sk)
++tpm2_protector_srk_unmarshal_keyfile (void *sealed_key,
++ grub_size_t sealed_key_size,
++ tpm2_sealed_key_t *sk)
+{
+ struct grub_tpm2_buffer buf;
+
+ grub_tpm2_buffer_init (&buf);
+ if (sealed_key_size > buf.cap)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Sealed key larger than
%" PRIuGRUB_SIZE " bytes"), buf.cap);
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Sealed key larger than %"
PRIuGRUB_SIZE " bytes", buf.cap);
+
+ grub_memcpy (buf.data, sealed_key, sealed_key_size);
+ buf.size = sealed_key_size;
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ grub_Tss2_MU_TPM2B_PRIVATE_Unmarshal (&buf, &sk->private);
+
+ if (buf.error != 0)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Malformed TPM wire key
file"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Malformed TPM wire key
file");
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
-+grub_tpm2_protector_srk_unmarshal_tpm2key (void *sealed_key,
-+ grub_size_t sealed_key_size,
-+ tpm2key_policy_t *policy_seq,
-+ tpm2key_authpolicy_t *authpol_seq,
-+ grub_uint8_t *rsaparent,
-+ grub_uint32_t *parent,
-+ tpm2_sealed_key_t *sk)
++tpm2_protector_srk_unmarshal_tpm2key (void *sealed_key,
++ grub_size_t sealed_key_size,
++ tpm2key_policy_t *policy_seq,
++ tpm2key_authpolicy_t *authpol_seq,
++ grub_uint8_t *rsaparent,
++ grub_uint32_t *parent,
++ tpm2_sealed_key_t *sk)
+{
+ asn1_node tpm2key = NULL;
+ grub_uint8_t rsaparent_tmp;
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ grub_tpm2_buffer_init (&buf);
+ if (sealed_pub_size + sealed_priv_size > buf.cap)
+ {
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Sealed key larger than
%" PRIuGRUB_SIZE " bytes"), buf.cap);
++ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "Sealed key larger than %"
PRIuGRUB_SIZE " bytes", buf.cap);
+ goto error;
+ }
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+
+ if (buf.error != 0)
+ {
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Malformed TPM 2.0 key
file"));
++ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "Malformed TPM 2.0 key
file");
+ goto error;
+ }
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+
+/* Check if the SRK exists in the specified handle */
+static grub_err_t
-+grub_tpm2_protector_srk_check (const TPM_HANDLE srk_handle)
++tpm2_protector_srk_check (const TPM_HANDLE_t srk_handle)
+{
-+ TPM_RC rc;
-+ TPM2B_PUBLIC public;
++ TPM_RC_t rc;
++ TPM2B_PUBLIC_t public;
+
+ /* Find SRK */
-+ rc = TPM2_ReadPublic (srk_handle, NULL, &public);
++ rc = grub_tpm2_readpublic (srk_handle, NULL, &public);
+ if (rc == TPM_RC_SUCCESS)
+ return GRUB_ERR_NONE;
+
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Failed to retrieve SRK
from 0x%x (TPM2_ReadPublic: 0x%x)"), srk_handle, rc);
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Failed to retrieve SRK from
0x%x (TPM2_ReadPublic: 0x%x)", srk_handle, rc);
+}
+
+/* Get the SRK with the template */
+static grub_err_t
-+grub_tpm2_protector_srk_get (const grub_srk_type_t srk_type,
-+ const TPM_HANDLE parent,
-+ TPM_HANDLE *srk_handle)
++tpm2_protector_srk_get (const grub_srk_type_t srk_type,
++ const TPM_HANDLE_t parent,
++ TPM_HANDLE_t *srk_handle)
+{
-+ TPM_RC rc;
-+ TPMT_PUBLIC_PARMS parms = {0};
-+ TPMS_AUTH_COMMAND authCommand = {0};
-+ TPM2B_SENSITIVE_CREATE inSensitive = {0};
-+ TPM2B_PUBLIC inPublic = {0};
-+ TPM2B_DATA outsideInfo = {0};
-+ TPML_PCR_SELECTION creationPcr = {0};
-+ TPM2B_PUBLIC outPublic = {0};
-+ TPM2B_CREATION_DATA creationData = {0};
-+ TPM2B_DIGEST creationHash = {0};
-+ TPMT_TK_CREATION creationTicket = {0};
-+ TPM2B_NAME srkName = {0};
-+ TPM_HANDLE tmp_handle = 0;
++ TPM_RC_t rc;
++ TPMT_PUBLIC_PARMS_t parms = {0};
++ TPMS_AUTH_COMMAND_t authCommand = {0};
++ TPM2B_SENSITIVE_CREATE_t inSensitive = {0};
++ TPM2B_PUBLIC_t inPublic = {0};
++ TPM2B_DATA_t outsideInfo = {0};
++ TPML_PCR_SELECTION_t creationPcr = {0};
++ TPM2B_PUBLIC_t outPublic = {0};
++ TPM2B_CREATION_DATA_t creationData = {0};
++ TPM2B_DIGEST_t creationHash = {0};
++ TPMT_TK_CREATION_t creationTicket = {0};
++ TPM2B_NAME_t srkName = {0};
++ TPM_HANDLE_t tmp_handle = 0;
+
+ inPublic.publicArea.type = srk_type.type;
+ inPublic.publicArea.nameAlg = TPM_ALG_SHA256;
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ inPublic.publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
+ }
+ else
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Unknown SRK
algorithm"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown SRK algorithm");
+
+ /* Test the parameters before SRK generation */
+ parms.type = srk_type.type;
+ grub_memcpy (&parms.parameters, &inPublic.publicArea.parameters,
-+ sizeof (TPMU_PUBLIC_PARMS));
++ sizeof (TPMU_PUBLIC_PARMS_t));
+
-+ rc = TPM2_TestParms (&parms, NULL);
++ rc = grub_tpm2_testparms (&parms, NULL);
+ if (rc != TPM_RC_SUCCESS)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Unsupported SRK
template (TPM2_TestParms: 0x%x)"), rc);
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported SRK template
(TPM2_TestParms: 0x%x)", rc);
+
+ /* Create SRK */
+ authCommand.sessionHandle = TPM_RS_PW;
-+ rc = TPM2_CreatePrimary (parent, &authCommand, &inSensitive, &inPublic,
-+ &outsideInfo, &creationPcr, &tmp_handle, &outPublic,
-+ &creationData, &creationHash, &creationTicket,
-+ &srkName, NULL);
++ rc = grub_tpm2_createprimary (parent, &authCommand, &inSensitive,
&inPublic,
++ &outsideInfo, &creationPcr, &tmp_handle,
&outPublic,
++ &creationData, &creationHash, &creationTicket,
++ &srkName, NULL);
+ if (rc != TPM_RC_SUCCESS)
-+ return grub_error (GRUB_ERR_BAD_DEVICE, N_("Could not create SRK
(TPM2_CreatePrimary: 0x%x)"), rc);
++ return grub_error (GRUB_ERR_BAD_DEVICE, "Could not create SRK
(TPM2_CreatePrimary: 0x%x)", rc);
+
+ *srk_handle = tmp_handle;
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ * - Other: Something went wrong.
+ */
+static grub_err_t
-+grub_tpm2_protector_srk_load (const grub_srk_type_t srk_type,
-+ const tpm2_sealed_key_t *sealed_key,
-+ const TPM_HANDLE parent,
-+ TPM_HANDLE *sealed_handle,
-+ TPM_HANDLE *srk_handle)
++tpm2_protector_srk_load (const grub_srk_type_t srk_type,
++ const tpm2_sealed_key_t *sealed_key,
++ const TPM_HANDLE_t parent,
++ TPM_HANDLE_t *sealed_handle,
++ TPM_HANDLE_t *srk_handle)
+{
-+ TPMS_AUTH_COMMAND authCmd = {0};
-+ TPM2B_NAME name = {0};
-+ TPM_RC rc;
++ TPMS_AUTH_COMMAND_t authCmd = {0};
++ TPM2B_NAME_t name = {0};
++ TPM_RC_t rc;
+ grub_err_t err;
+
+ if (srk_handle == NULL)
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+
+ if (*srk_handle != 0)
+ {
-+ err = grub_tpm2_protector_srk_check (*srk_handle);
++ err = tpm2_protector_srk_check (*srk_handle);
+ if (err != GRUB_ERR_NONE)
+ return err;
+ }
+ else
+ {
-+ err = grub_tpm2_protector_srk_get (srk_type, parent, srk_handle);
++ err = tpm2_protector_srk_get (srk_type, parent, srk_handle);
+ if (err != GRUB_ERR_NONE)
+ return err;
+ }
+
+ /* Load the sealed key and associate it with the SRK */
+ authCmd.sessionHandle = TPM_RS_PW;
-+ rc = TPM2_Load (*srk_handle, &authCmd, &sealed_key->private,
&sealed_key->public,
-+ sealed_handle, &name, NULL);
++ rc = grub_tpm2_load (*srk_handle, &authCmd, &sealed_key->private,
&sealed_key->public,
++ sealed_handle, &name, NULL);
+ /*
+ * If TPM2_Load returns (TPM_RC_INTEGRITY | TPM_RC_P | TPM_RC_1), then
it
+ * implies the wrong SRK is used.
+ */
+ if (rc == (TPM_RC_INTEGRITY | TPM_RC_P | TPM_RC_1))
+ {
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("SRK not matched"));
++ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "SRK not matched");
+ goto error;
+ }
+ else if (rc != TPM_RC_SUCCESS)
+ {
-+ err = grub_error (GRUB_ERR_BAD_DEVICE, N_("Failed to load sealed
key (TPM2_Load: 0x%x)"), rc);
++ err = grub_error (GRUB_ERR_BAD_DEVICE, "Failed to load sealed key
(TPM2_Load: 0x%x)", rc);
+ goto error;
+ }
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+
+ error:
+ if (!TPM_HT_IS_PERSISTENT (*srk_handle))
-+ TPM2_FlushContext (*srk_handle);
++ grub_tpm2_flushcontext (*srk_handle);
+
+ return err;
+}
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+}
+
+static grub_err_t
-+grub_tpm2_protector_load_key (const struct grub_tpm2_protector_context
*ctx,
-+ const tpm2_sealed_key_t *sealed_key,
-+ const TPM_HANDLE parent_handle,
-+ TPM_HANDLE *sealed_handle,
-+ TPM_HANDLE *srk_handle)
++tpm2_protector_load_key (const struct grub_tpm2_protector_context *ctx,
++ const tpm2_sealed_key_t *sealed_key,
++ const TPM_HANDLE_t parent_handle,
++ TPM_HANDLE_t *sealed_handle,
++ TPM_HANDLE_t *srk_handle)
+{
+ grub_err_t err;
+ int i;
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ /* Try the given persistent SRK if exists */
+ if (*srk_handle != 0)
+ {
-+ err = grub_tpm2_protector_srk_load (ctx->srk_type, sealed_key,
-+ parent_handle, sealed_handle,
-+ srk_handle);
++ err = tpm2_protector_srk_load (ctx->srk_type, sealed_key,
++ parent_handle, sealed_handle,
++ srk_handle);
+ if (err != GRUB_ERR_BAD_ARGUMENT)
+ return err;
+
+ grub_print_error ();
-+ grub_printf_ (N_("Trying the specified SRK algorithm: %s\n"),
srk_type_to_name (ctx->srk_type));
++ grub_printf ("Trying the specified SRK algorithm: %s\n",
srk_type_to_name (ctx->srk_type));
+ grub_errno = GRUB_ERR_NONE;
+ *srk_handle = 0;
+ }
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ /* Try the specified algorithm for the SRK template */
+ if (*srk_handle == 0)
+ {
-+ err = grub_tpm2_protector_srk_load (ctx->srk_type, sealed_key,
-+ parent_handle, sealed_handle,
-+ srk_handle);
++ err = tpm2_protector_srk_load (ctx->srk_type, sealed_key,
++ parent_handle, sealed_handle,
++ srk_handle);
+ if (err != GRUB_ERR_BAD_ARGUMENT)
+ return err;
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ fallback_srks[i].detail.ecc_curve == ctx->srk_type.detail.ecc_curve))
+ continue;
+
-+ grub_printf_ (N_("Trying fallback %s template\n"), srk_type_to_name
(fallback_srks[i]));
++ grub_printf ("Trying fallback %s template\n", srk_type_to_name
(fallback_srks[i]));
+
+ *srk_handle = 0;
+
-+ err = grub_tpm2_protector_srk_load (fallback_srks[i], sealed_key,
-+ parent_handle, sealed_handle,
-+ srk_handle);
++ err = tpm2_protector_srk_load (fallback_srks[i], sealed_key,
++ parent_handle, sealed_handle,
++ srk_handle);
+ if (err != GRUB_ERR_BAD_ARGUMENT)
+ return err;
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+}
+
+static grub_err_t
-+grub_tpm2_protector_policypcr (TPMI_SH_AUTH_SESSION session,
-+ struct grub_tpm2_buffer *cmd_buf)
++tpm2_protector_policypcr (TPMI_SH_AUTH_SESSION_t session, struct
grub_tpm2_buffer *cmd_buf)
+{
-+ TPM2B_DIGEST pcr_digest;
-+ TPML_PCR_SELECTION pcr_sel;
-+ TPM_RC rc;
++ TPM2B_DIGEST_t pcr_digest;
++ TPML_PCR_SELECTION_t pcr_sel;
++ TPM_RC_t rc;
+
+ grub_Tss2_MU_TPM2B_DIGEST_Unmarshal (cmd_buf, &pcr_digest);
+ grub_Tss2_MU_TPML_PCR_SELECTION_Unmarshal (cmd_buf, &pcr_sel);
+ if (cmd_buf->error != 0)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Failed to unmarshal
CommandPolicy for TPM2_PolicyPCR"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Failed to unmarshal
CommandPolicy for TPM2_PolicyPCR");
+
-+ rc = TPM2_PolicyPCR (session, NULL, &pcr_digest, &pcr_sel, NULL);
++ rc = grub_tpm2_policypcr (session, NULL, &pcr_digest, &pcr_sel, NULL);
+ if (rc != TPM_RC_SUCCESS)
-+ return grub_error (GRUB_ERR_BAD_DEVICE, N_("Failed to submit PCR
policy (TPM2_PolicyPCR: 0x%x)"), rc);
++ return grub_error (GRUB_ERR_BAD_DEVICE, "Failed to submit PCR policy
(TPM2_PolicyPCR: 0x%x)", rc);
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
-+grub_tpm2_protector_enforce_policy (tpm2key_policy_t policy,
TPMI_SH_AUTH_SESSION session)
++tpm2_protector_enforce_policy (tpm2key_policy_t policy,
TPMI_SH_AUTH_SESSION_t session)
+{
+ struct grub_tpm2_buffer buf;
+ grub_err_t err;
+
+ grub_tpm2_buffer_init (&buf);
+ if (policy->cmd_policy_len > buf.cap)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("CommandPolicy larger
than TPM buffer"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "CommandPolicy larger than
TPM buffer");
+
+ grub_memcpy (buf.data, policy->cmd_policy, policy->cmd_policy_len);
+ buf.size = policy->cmd_policy_len;
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ switch (policy->cmd_code)
+ {
+ case TPM_CC_PolicyPCR:
-+ err = grub_tpm2_protector_policypcr (session, &buf);
++ err = tpm2_protector_policypcr (session, &buf);
+ break;
+ default:
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Unknown TPM Command:
0x%x"), policy->cmd_code);
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown TPM Command:
0x%x", policy->cmd_code);
+ }
+
+ return err;
+}
+
+static grub_err_t
-+grub_tpm2_protector_enforce_policy_seq (tpm2key_policy_t policy_seq,
-+ TPMI_SH_AUTH_SESSION session)
++tpm2_protector_enforce_policy_seq (tpm2key_policy_t policy_seq,
TPMI_SH_AUTH_SESSION_t session)
+{
+ tpm2key_policy_t policy;
+ grub_err_t err;
+
+ FOR_LIST_ELEMENTS (policy, policy_seq)
+ {
-+ err = grub_tpm2_protector_enforce_policy (policy, session);
++ err = tpm2_protector_enforce_policy (policy, session);
+ if (err != GRUB_ERR_NONE)
+ return err;
+ }
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+}
+
+static grub_err_t
-+grub_tpm2_protector_simple_policy_seq (const struct
grub_tpm2_protector_context *ctx,
-+ tpm2key_policy_t *policy_seq)
++tpm2_protector_simple_policy_seq (const struct
grub_tpm2_protector_context *ctx,
++ tpm2key_policy_t *policy_seq)
+{
+ tpm2key_policy_t policy = NULL;
+ struct grub_tpm2_buffer buf;
-+ TPML_PCR_SELECTION pcr_sel = {
++ TPML_PCR_SELECTION_t pcr_sel = {
+ .count = 1,
+ .pcrSelections = {
+ {
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+}
+
+static grub_err_t
-+grub_tpm2_protector_unseal (tpm2key_policy_t policy_seq, TPM_HANDLE
sealed_handle,
-+ grub_uint8_t **key, grub_size_t *key_size)
++tpm2_protector_unseal (tpm2key_policy_t policy_seq, TPM_HANDLE_t
sealed_handle,
++ grub_uint8_t **key, grub_size_t *key_size)
+{
-+ TPMS_AUTH_COMMAND authCmd = {0};
-+ TPM2B_SENSITIVE_DATA data;
-+ TPM2B_NONCE nonceCaller = {0};
-+ TPMT_SYM_DEF symmetric = {0};
-+ TPMI_SH_AUTH_SESSION session;
++ TPMS_AUTH_COMMAND_t authCmd = {0};
++ TPM2B_SENSITIVE_DATA_t data;
++ TPM2B_NONCE_t nonceCaller = {0};
++ TPMT_SYM_DEF_t symmetric = {0};
++ TPMI_SH_AUTH_SESSION_t session;
+ grub_uint8_t *key_out;
-+ TPM_RC rc;
++ TPM_RC_t rc;
+ grub_err_t err;
+
+ /* Start Auth Session */
+ nonceCaller.size = TPM_SHA256_DIGEST_SIZE;
+ symmetric.algorithm = TPM_ALG_NULL;
-+ rc = TPM2_StartAuthSession (TPM_RH_NULL, TPM_RH_NULL, NULL,
&nonceCaller, NULL,
-+ TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256,
-+ &session, NULL, NULL);
++ rc = grub_tpm2_startauthsession (TPM_RH_NULL, TPM_RH_NULL, NULL,
&nonceCaller, NULL,
++ TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256,
++ &session, NULL, NULL);
+ if (rc != TPM_RC_SUCCESS)
-+ return grub_error (GRUB_ERR_BAD_DEVICE, N_("Failed to start auth
session (TPM2_StartAuthSession: 0x%x)"), rc);
++ return grub_error (GRUB_ERR_BAD_DEVICE, "Failed to start auth session
(TPM2_StartAuthSession: 0x%x)", rc);
+
+ /* Enforce the policy command sequence */
-+ err = grub_tpm2_protector_enforce_policy_seq (policy_seq, session);
++ err = tpm2_protector_enforce_policy_seq (policy_seq, session);
+ if (err != GRUB_ERR_NONE)
+ goto error;
+
+ /* Unseal Sealed Key */
+ authCmd.sessionHandle = session;
-+ rc = TPM2_Unseal (sealed_handle, &authCmd, &data, NULL);
++ rc = grub_tpm2_unseal (sealed_handle, &authCmd, &data, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ err = grub_error (GRUB_ERR_BAD_DEVICE, N_("Failed to unseal sealed
key (TPM2_Unseal: 0x%x)"), rc);
++ err = grub_error (GRUB_ERR_BAD_DEVICE, "Failed to unseal sealed key
(TPM2_Unseal: 0x%x)", rc);
+ goto error;
+ }
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ key_out = grub_malloc (data.size);
+ if (key_out == NULL)
+ {
-+ err = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("No memory left to
allocate unlock key buffer"));
++ err = grub_error (GRUB_ERR_OUT_OF_MEMORY, "No memory left to
allocate unlock key buffer");
+ goto error;
+ }
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ err = GRUB_ERR_NONE;
+
+ error:
-+ TPM2_FlushContext (session);
++ grub_tpm2_flushcontext (session);
+
+ return err;
+}
+
+static grub_err_t
-+grub_tpm2_protector_srk_recover (const struct grub_tpm2_protector_context
*ctx,
-+ grub_uint8_t **key, grub_size_t *key_size)
++tpm2_protector_srk_recover (const struct grub_tpm2_protector_context *ctx,
++ grub_uint8_t **key, grub_size_t *key_size)
+{
+ tpm2_sealed_key_t sealed_key = {0};
+ void *file_bytes = NULL;
+ grub_size_t file_size = 0;
+ grub_uint8_t rsaparent = 0;
-+ TPM_HANDLE parent_handle = 0;
-+ TPM_HANDLE srk_handle = 0;
-+ TPM_HANDLE sealed_handle = 0;
++ TPM_HANDLE_t parent_handle = 0;
++ TPM_HANDLE_t srk_handle = 0;
++ TPM_HANDLE_t sealed_handle = 0;
+ tpm2key_policy_t policy_seq = NULL;
+ tpm2key_authpolicy_t authpol = NULL;
+ tpm2key_authpolicy_t authpol_seq = NULL;
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ */
+ if (ctx->tpm2key != NULL)
+ {
-+ err = grub_tpm2_protector_srk_read_file (ctx->tpm2key, &file_bytes,
++ err = tpm2_protector_srk_read_file (ctx->tpm2key, &file_bytes,
+ &file_size);
+ if (err != GRUB_ERR_NONE)
+ return err;
+
-+ err = grub_tpm2_protector_srk_unmarshal_tpm2key (file_bytes,
-+ file_size,
-+ &policy_seq,
-+ &authpol_seq,
-+ &rsaparent,
-+ &parent_handle,
-+ &sealed_key);
++ err = tpm2_protector_srk_unmarshal_tpm2key (file_bytes,
++ file_size,
++ &policy_seq,
++ &authpol_seq,
++ &rsaparent,
++ &parent_handle,
++ &sealed_key);
+ if (err != GRUB_ERR_NONE)
+ goto exit1;
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ }
+ else
+ {
-+ err = grub_tpm2_protector_srk_read_file (ctx->keyfile, &file_bytes,
-+ &file_size);
++ err = tpm2_protector_srk_read_file (ctx->keyfile, &file_bytes,
&file_size);
+ if (err != GRUB_ERR_NONE)
+ return err;
+
+ parent_handle = TPM_RH_OWNER;
-+ err = grub_tpm2_protector_srk_unmarshal_keyfile (file_bytes,
-+ file_size,
-+ &sealed_key);
++ err = tpm2_protector_srk_unmarshal_keyfile (file_bytes, file_size,
&sealed_key);
+ if (err != GRUB_ERR_NONE)
+ goto exit1;
+ }
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ srk_handle = parent_handle;
+
+ /* Load the sealed key into TPM and associate it with the SRK */
-+ err = grub_tpm2_protector_load_key (ctx, &sealed_key, parent_handle,
-+ &sealed_handle, &srk_handle);
++ err = tpm2_protector_load_key (ctx, &sealed_key, parent_handle,
&sealed_handle, &srk_handle);
+ if (err != GRUB_ERR_NONE)
+ goto exit1;
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ /* Iterate the authpolicy sequence to find one that unseals the key */
+ FOR_LIST_ELEMENTS (authpol, authpol_seq)
+ {
-+ err = grub_tpm2_protector_unseal (authpol->policy_seq,
sealed_handle,
-+ key, key_size);
++ err = tpm2_protector_unseal (authpol->policy_seq, sealed_handle,
key, key_size);
+ if (err == GRUB_ERR_NONE)
+ break;
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ */
+ if (policy_seq == NULL)
+ {
-+ err = grub_tpm2_protector_simple_policy_seq (ctx, &policy_seq);
++ err = tpm2_protector_simple_policy_seq (ctx, &policy_seq);
+ if (err != GRUB_ERR_NONE)
+ goto exit2;
+ }
+
-+ err = grub_tpm2_protector_unseal (policy_seq, sealed_handle, key,
key_size);
++ err = tpm2_protector_unseal (policy_seq, sealed_handle, key,
key_size);
+ }
+
+ /* Pop error messages on success */
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ while (grub_error_pop ());
+
+ exit2:
-+ TPM2_FlushContext (sealed_handle);
++ grub_tpm2_flushcontext (sealed_handle);
+
+ if (!TPM_HT_IS_PERSISTENT (srk_handle))
-+ TPM2_FlushContext (srk_handle);
++ grub_tpm2_flushcontext (srk_handle);
+
+ exit1:
+ grub_tpm2key_free_policy_seq (policy_seq);
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+}
+
+static grub_err_t
-+grub_tpm2_protector_nv_recover (const struct grub_tpm2_protector_context
*ctx __attribute__ ((unused)),
-+ grub_uint8_t **key __attribute__ ((unused)),
-+ grub_size_t *key_size __attribute__ ((unused)))
++tpm2_protector_nv_recover (const struct grub_tpm2_protector_context *ctx
__attribute__ ((unused)),
++ grub_uint8_t **key __attribute__ ((unused)),
++ grub_size_t *key_size __attribute__ ((unused)))
+{
-+ return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, N_("NV Index mode is
not implemented yet"));
++ return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "NV Index mode is not
implemented yet");
+}
+
+static grub_err_t
-+grub_tpm2_protector_recover (const struct grub_tpm2_protector_context
*ctx,
-+ grub_uint8_t **key, grub_size_t *key_size)
++tpm2_protector_recover (const struct grub_tpm2_protector_context *ctx,
++ grub_uint8_t **key, grub_size_t *key_size)
+{
+ switch (ctx->mode)
+ {
+ case GRUB_TPM2_PROTECTOR_MODE_SRK:
-+ return grub_tpm2_protector_srk_recover (ctx, key, key_size);
++ return tpm2_protector_srk_recover (ctx, key, key_size);
+ case GRUB_TPM2_PROTECTOR_MODE_NV:
-+ return grub_tpm2_protector_nv_recover (ctx, key, key_size);
++ return tpm2_protector_nv_recover (ctx, key, key_size);
+ default:
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+}
+
+static grub_err_t
-+grub_tpm2_protector_recover_key (grub_uint8_t **key, grub_size_t
*key_size)
++tpm2_protector_recover_key (grub_uint8_t **key, grub_size_t *key_size)
+{
+ /* Expect a call to tpm2_protector_init before anybody tries to use us
*/
+ if (grub_tpm2_protector_ctx.mode == GRUB_TPM2_PROTECTOR_MODE_UNSET)
-+ return grub_error (GRUB_ERR_INVALID_COMMAND, N_("Cannot use TPM2 key
protector without initializing it, call tpm2_protector_init first"));
++ return grub_error (GRUB_ERR_INVALID_COMMAND, "Cannot use TPM2 key
protector without initializing it, call tpm2_protector_init first");
+
+ if (key == NULL || key_size == NULL)
+ return GRUB_ERR_BAD_ARGUMENT;
+
-+ return grub_tpm2_protector_recover (&grub_tpm2_protector_ctx, key,
key_size);
++ return tpm2_protector_recover (&grub_tpm2_protector_ctx, key, key_size);
+}
+
+static grub_err_t
-+grub_tpm2_protector_check_args (struct grub_tpm2_protector_context *ctx)
++tpm2_protector_check_args (struct grub_tpm2_protector_context *ctx)
+{
+ if (ctx->mode == GRUB_TPM2_PROTECTOR_MODE_UNSET)
+ ctx->mode = GRUB_TPM2_PROTECTOR_MODE_SRK;
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ /* Checks for SRK mode */
+ if (ctx->mode == GRUB_TPM2_PROTECTOR_MODE_SRK &&
+ (ctx->keyfile == NULL && ctx->tpm2key == NULL))
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("In SRK mode, a key file
must be specified: --tpm2key/-T or --keyfile/-k"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "In SRK mode, a key file
must be specified: --tpm2key/-T or --keyfile/-k");
+
+ if (ctx->mode == GRUB_TPM2_PROTECTOR_MODE_SRK &&
+ (ctx->keyfile != NULL && ctx->tpm2key != NULL))
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("In SRK mode, please
specify a key file with only --tpm2key/-T or --keyfile/-k"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "In SRK mode, please
specify a key file with only --tpm2key/-T or --keyfile/-k");
+
+ if (ctx->mode == GRUB_TPM2_PROTECTOR_MODE_SRK && ctx->nv != 0)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("In SRK mode, an NV
Index cannot be specified"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "In SRK mode, an NV Index
cannot be specified");
+
+ /* Checks for NV mode */
+ if (ctx->mode == GRUB_TPM2_PROTECTOR_MODE_NV && ctx->nv == 0)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("In NV Index mode, an NV
Index must be specified: --nvindex or -n"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "In NV Index mode, an NV
Index must be specified: --nvindex or -n");
+
+ if (ctx->mode == GRUB_TPM2_PROTECTOR_MODE_NV &&
+ (ctx->tpm2key != NULL || ctx->keyfile != NULL))
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("In NV Index mode, a
keyfile cannot be specified"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "In NV Index mode, a
keyfile cannot be specified");
+
+ if (ctx->mode == GRUB_TPM2_PROTECTOR_MODE_NV && ctx->srk != 0)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("In NV Index mode, an
SRK cannot be specified"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "In NV Index mode, an SRK
cannot be specified");
+
+ if (ctx->mode == GRUB_TPM2_PROTECTOR_MODE_NV &&
+ ctx->srk_type.type != TPM_ALG_ERROR)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("In NV Index mode, an
asymmetric key type cannot be specified"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "In NV Index mode, an
asymmetric key type cannot be specified");
+
+ /* Defaults assignment */
+ if (ctx->bank == TPM_ALG_ERROR)
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+}
+
+static grub_err_t
-+grub_tpm2_protector_parse_file (const char *value, const char **file)
++tpm2_protector_parse_file (const char *value, const char **file)
+{
+ if (grub_strlen (value) == 0)
+ return GRUB_ERR_BAD_ARGUMENT;
+
+ *file = grub_strdup (value);
+ if (*file == NULL)
-+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("No memory to duplicate
file path"));
++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "No memory to duplicate
file path");
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
-+grub_tpm2_protector_parse_mode (const char *value,
-+ grub_tpm2_protector_mode_t *mode)
++tpm2_protector_parse_mode (const char *value, grub_tpm2_protector_mode_t
*mode)
+{
+ if (grub_strcmp (value, "srk") == 0)
+ *mode = GRUB_TPM2_PROTECTOR_MODE_SRK;
+ else if (grub_strcmp (value, "nv") == 0)
+ *mode = GRUB_TPM2_PROTECTOR_MODE_NV;
+ else
-+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("Value '%s' is not a
valid TPM2 key protector mode"), value);
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "Value '%s' is not a valid
TPM2 key protector mode", value);
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
-+grub_tpm2_protector_init_cmd_handler (grub_extcmd_context_t ctxt, int
argc,
-+ char **args __attribute__ ((unused)))
++tpm2_protector_init_cmd_handler (grub_extcmd_context_t ctxt, int argc,
++ char **args __attribute__ ((unused)))
+{
+ struct grub_arg_list *state = ctxt->state;
+ grub_err_t err;
+
+ if (argc)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("The TPM2 key protector
does not accept any non-option arguments (i.e., like -o and/or --option
only)"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "The TPM2 key protector
does not accept any non-option arguments (i.e., like -o and/or --option only)");
+
+ grub_free ((void *) grub_tpm2_protector_ctx.keyfile);
+ grub_memset (&grub_tpm2_protector_ctx, 0, sizeof
(grub_tpm2_protector_ctx));
+
+ if (state[OPTION_MODE].set) /* mode */
+ {
-+ err = grub_tpm2_protector_parse_mode (state[OPTION_MODE].arg,
-+ &grub_tpm2_protector_ctx.mode);
++ err = tpm2_protector_parse_mode (state[OPTION_MODE].arg,
&grub_tpm2_protector_ctx.mode);
+ if (err != GRUB_ERR_NONE)
+ return err;
+ }
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+
+ if (state[OPTION_TPM2KEY].set) /* tpm2key */
+ {
-+ err = grub_tpm2_protector_parse_file (state[OPTION_TPM2KEY].arg,
-+ &grub_tpm2_protector_ctx.tpm2key);
++ err = tpm2_protector_parse_file (state[OPTION_TPM2KEY].arg,
++ &grub_tpm2_protector_ctx.tpm2key);
+ if (err != GRUB_ERR_NONE)
+ return err;
+ }
+
+ if (state[OPTION_KEYFILE].set) /* keyfile */
+ {
-+ err = grub_tpm2_protector_parse_file (state[OPTION_KEYFILE].arg,
-+ &grub_tpm2_protector_ctx.keyfile);
++ err = tpm2_protector_parse_file (state[OPTION_KEYFILE].arg,
++ &grub_tpm2_protector_ctx.keyfile);
+ if (err != GRUB_ERR_NONE)
+ return err;
+ }
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ return err;
+ }
+
-+ err = grub_tpm2_protector_check_args (&grub_tpm2_protector_ctx);
++ err = tpm2_protector_check_args (&grub_tpm2_protector_ctx);
+
+ /* This command only initializes the protector, so nothing else to do.
*/
+
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+}
+
+static grub_err_t
-+grub_tpm2_protector_clear_cmd_handler (grub_extcmd_context_t ctxt
__attribute__ ((unused)),
-+ int argc,
-+ char **args __attribute__ ((unused)))
++tpm2_protector_clear_cmd_handler (grub_extcmd_context_t ctxt
__attribute__ ((unused)),
++ int argc, char **args __attribute__
((unused)))
+{
+ if (argc)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
N_("tpm2_key_protector_clear accepts no arguments"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "tpm2_key_protector_clear
accepts no arguments");
+
+ grub_free ((void *) grub_tpm2_protector_ctx.keyfile);
+ grub_memset (&grub_tpm2_protector_ctx, 0, sizeof
(grub_tpm2_protector_ctx));
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+static struct grub_key_protector grub_tpm2_key_protector =
+ {
+ .name = "tpm2",
-+ .recover_key = grub_tpm2_protector_recover_key
++ .recover_key = tpm2_protector_recover_key
+ };
+
+GRUB_MOD_INIT (tpm2_key_protector)
+{
+ grub_tpm2_protector_init_cmd =
+ grub_register_extcmd ("tpm2_key_protector_init",
-+ grub_tpm2_protector_init_cmd_handler, 0,
++ tpm2_protector_init_cmd_handler, 0,
+ N_("[-m mode] "
+ "[-p pcr_list] "
+ "[-b pcr_bank] "
@@ grub-core/commands/tpm2_key_protector/module.c (new)
+ grub_tpm2_protector_init_cmd_options);
+ grub_tpm2_protector_clear_cmd =
+ grub_register_extcmd ("tpm2_key_protector_clear",
-+ grub_tpm2_protector_clear_cmd_handler, 0, NULL,
++ tpm2_protector_clear_cmd_handler, 0, NULL,
+ N_("Clear the TPM2 key protector if previously
initialized."),
+ NULL);
+ grub_key_protector_register (&grub_tpm2_key_protector);
@@ grub-core/commands/tpm2_key_protector/tpm2.h (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/commands/tpm2_key_protector/tpm2.h (new)
+#define TPM2_SRK_HANDLE 0x81000001
+
+struct tpm2_sealed_key {
-+ TPM2B_PUBLIC public;
-+ TPM2B_PRIVATE private;
++ TPM2B_PUBLIC_t public;
++ TPM2B_PRIVATE_t private;
+};
+typedef struct tpm2_sealed_key tpm2_sealed_key_t;
+
@@ grub-core/commands/tpm2_key_protector/tpm2_args.h (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/commands/tpm2_key_protector/tpm2_args.h (new)
+
+struct grub_srk_type
+{
-+ TPMI_ALG_PUBLIC type;
++ TPMI_ALG_PUBLIC_t type;
+ union {
-+ TPM_KEY_BITS rsa_bits;
-+ TPM_ECC_CURVE ecc_curve;
++ TPM_KEY_BITS_t rsa_bits;
++ TPM_ECC_CURVE_t ecc_curve;
+ } detail;
+};
+typedef struct grub_srk_type grub_srk_type_t;
+
+grub_err_t
-+grub_tpm2_protector_parse_pcrs (char *value, grub_uint8_t *pcrs,
-+ grub_uint8_t *pcr_count);
++grub_tpm2_protector_parse_pcrs (char *value, grub_uint8_t *pcrs,
grub_uint8_t *pcr_count);
+
+grub_err_t
-+grub_tpm2_protector_parse_asymmetric (const char *value,
-+ grub_srk_type_t *srk_type);
++grub_tpm2_protector_parse_asymmetric (const char *value, grub_srk_type_t
*srk_type);
+
+grub_err_t
-+grub_tpm2_protector_parse_bank (const char *value, TPM_ALG_ID *bank);
++grub_tpm2_protector_parse_bank (const char *value, TPM_ALG_ID_t *bank);
+
+grub_err_t
-+grub_tpm2_protector_parse_tpm_handle (const char *value, TPM_HANDLE
*handle);
++grub_tpm2_protector_parse_tpm_handle (const char *value, TPM_HANDLE_t
*handle);
+
+#endif /* ! GRUB_TPM2_INTERNAL_ARGS_HEADER */
@@ grub-core/commands/tpm2_key_protector/tpm2key.c (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2023 SUSE LLC
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ grub-core/commands/tpm2_key_protector/tpm2key.c (new)
+ */
+ ret = asn1_array2tree (tpm2key_asn1_tab, &tpm2key_asn1, NULL);
+ if (ret != ASN1_SUCCESS)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Failed to parse TPM2KEY
ASN.1 array"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Failed to parse TPM2KEY
ASN.1 array");
+
+ ret = asn1_create_element (tpm2key_asn1, "TPM2KEY.TPMKey", &tpm2key);
+ if (ret != ASN1_SUCCESS)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Failed to create
TPM2KEY.TPMKey"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Failed to create
TPM2KEY.TPMKey");
+
+ ret = asn1_der_decoding (&tpm2key, data, size, NULL);
+ if (ret != ASN1_SUCCESS)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Failed to decode
TPM2KEY DER"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Failed to decode TPM2KEY
DER");
+
+ /* Check if 'type' is Sealed Key or not */
+ ret = asn1_allocate_and_read (tpm2key, "type", &type_oid,
&type_oid_size);
+ if (ret != ASN1_SUCCESS)
-+ return grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("Not a valid TPM2KEY
file"));
++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "Not a valid TPM2KEY
file");
+
+ if (grub_memcmp (sealed_key_oid, type_oid, type_oid_size) != 0)
+ {
-+ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("Not a valid TPM2KEY
file"));
++ err = grub_error (GRUB_ERR_BAD_FILE_TYPE, "Not a valid TPM2KEY
file");
+ goto error;
+ }
+
@@ grub-core/commands/tpm2_key_protector/tpm2key.c (new)
+ ret = asn1_allocate_and_read (tpm2key, "emptyAuth", &empty_auth,
&empty_auth_size);
+ if (ret != ASN1_SUCCESS || grub_strncmp ("TRUE", empty_auth,
empty_auth_size) != 0)
+ {
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("emptyAuth not TRUE"));
++ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "emptyAuth not TRUE");
+ goto error;
+ }
+
@@ grub-core/commands/tpm2_key_protector/tpm2key.c (new)
+ ret = asn1_read_value (tpm2key, "secret", NULL, &tmp_size);
+ if (ret != ASN1_ELEMENT_NOT_FOUND)
+ {
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, N_("\"secret\" not allowed
for Sealed Key"));
++ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "\"secret\" not allowed
for Sealed Key");
+ goto error;
+ }
+
@@ grub-core/commands/tpm2_key_protector/tpm2key.c (new)
+ int ret;
+
+ if (rsaparent == NULL)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("NULL pointer
detected"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "NULL pointer detected");
+
+ if (tpm2key == NULL)
-+ return grub_error (GRUB_ERR_READ_ERROR, N_("Invalid parent node"));
++ return grub_error (GRUB_ERR_READ_ERROR, "Invalid parent node");
+
+ ret = asn1_allocate_and_read (tpm2key, "rsaParent", &bool_str,
&bool_str_size);
+ if (ret == ASN1_SUCCESS)
@@ grub-core/commands/tpm2_key_protector/tpm2key.c (new)
+ else if (ret == ASN1_ELEMENT_NOT_FOUND)
+ *rsaparent = 0;
+ else
-+ return grub_error (GRUB_ERR_READ_ERROR, N_("Failed to retrieve
rsaParent"));
++ return grub_error (GRUB_ERR_READ_ERROR, "Failed to retrieve
rsaParent");
+
+ grub_free (bool_str);
+
@@ grub-core/commands/tpm2_key_protector/tpm2key.c (new)
+ int ret;
+
+ if (parent == NULL)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("NULL pointer
detected"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "NULL pointer detected");
+
+ if (tpm2key == NULL)
-+ return grub_error (GRUB_ERR_READ_ERROR, N_("Invalid parent node"));
++ return grub_error (GRUB_ERR_READ_ERROR, "Invalid parent node");
+
+ ret = asn1_read_uint32 (tpm2key, "parent", parent);
+ if (ret != ASN1_SUCCESS)
-+ return grub_error (GRUB_ERR_READ_ERROR, N_("Failed to retrieve
parent"));
++ return grub_error (GRUB_ERR_READ_ERROR, "Failed to retrieve parent");
+
+ return GRUB_ERR_NONE;
+}
@@ grub-core/commands/tpm2_key_protector/tpm2key.c (new)
+ int ret;
+
+ if (name == NULL || data == NULL || size == NULL)
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Invalid parameter(s)"));
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid parameter(s)");
+
+ if (tpm2key == NULL)
-+ return grub_error (GRUB_ERR_READ_ERROR, N_("Invalid %s node"), name);
++ return grub_error (GRUB_ERR_READ_ERROR, "Invalid %s node", name);
+
+ ret = asn1_allocate_and_read (tpm2key, name, data, size);
+ if (ret != ASN1_SUCCESS)
-+ return grub_error (GRUB_ERR_READ_ERROR, N_("Failed to retrieve %s"),
name);
++ return grub_error (GRUB_ERR_READ_ERROR, "Failed to retrieve %s",
name);
+
+ return GRUB_ERR_NONE;
+}
@@ grub-core/commands/tpm2_key_protector/tpm2key.c (new)
+ return GRUB_ERR_NONE;
+ }
+ else if (ret != ASN1_SUCCESS)
-+ return grub_error (GRUB_ERR_READ_ERROR, N_("Failed to retrieve
policy"));
++ return grub_error (GRUB_ERR_READ_ERROR, "Failed to retrieve policy");
+
+ return GRUB_ERR_NONE;
+}
@@ grub-core/commands/tpm2_key_protector/tpm2key.c (new)
+ return GRUB_ERR_NONE;
+ }
+ else if (ret != ASN1_SUCCESS)
-+ return grub_error (GRUB_ERR_READ_ERROR, N_("Failed to retrieve
authPolicy"));
++ return grub_error (GRUB_ERR_READ_ERROR, "Failed to retrieve
authPolicy");
+
+ /* Limit the number of authPolicy elements to two digits (99) */
+ if (authpol_n > TPM2KEY_ELEMENTS_MAX || authpol_n <
TPM2KEY_ELEMENTS_MIN)
-+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("Invalid number of
authPolicy elements"));
++ return grub_error (GRUB_ERR_OUT_OF_RANGE, "Invalid number of
authPolicy elements");
+
+ /*
+ * Iterate the authPolicy elements backwards since grub_list_push()
prepends
@@ grub-core/commands/tpm2_key_protector/tpm2key.c (new)
+ authpol = grub_zalloc (sizeof (struct tpm2key_authpolicy));
+ if (authpol == NULL)
+ {
-+ err = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("Failed to allocate memory
for authPolicy"));
++ err = grub_error (GRUB_ERR_OUT_OF_MEMORY, "Failed to allocate memory
for authPolicy");
+ goto error;
+ }
+ grub_snprintf (authpol_pol, AUTHPOLICY_POL_MAX,
"authPolicy.?%d.Policy", i);
@@ grub-core/commands/tpm2_key_protector/tpm2key.c (new)
+ ret = tpm2key_get_policy_seq (tpm2key, authpol_pol,
&authpol->policy_seq);
+ if (ret != ASN1_SUCCESS)
+ {
-+ err = grub_error (GRUB_ERR_READ_ERROR, N_("Failed to retrieve
policy from authPolicy"));
++ err = grub_error (GRUB_ERR_READ_ERROR, "Failed to retrieve policy
from authPolicy");
+ goto error;
+ }
+
@@ grub-core/commands/tpm2_key_protector/tpm2key.h (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2023 SUSE LLC
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
17: 5e8d2abed ! 23: 9f346b58e cryptodisk: Support key protectors
@@ Commit message
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
+ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
## Makefile.util.def ##
@@ Makefile.util.def: library = {
@@ include/grub/cryptodisk.h: typedef gcry_err_code_t
+ * The key protector associated with this cache entry failed, so avoid
it
+ * even if the cached entry (an instance of this structure) is empty.
+ */
-+ int invalid;
++ bool invalid;
+};
+
struct grub_cryptomount_args
18: 37c33fa02 ! 24: 08eab00ac util/grub-protect: Add new tool
@@ docs/man/grub-protect.h2m (new)
+[NAME]
+grub-protect \- protect a disk key with a key protector
+[DESCRIPTION]
-+grub-protect helps to pretect a disk encryption key with a specified key
protector.
++grub-protect helps to protect a disk encryption key with a specified key
protector.
## util/grub-protect.c (new) ##
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
-+ * Copyright (C) 2023 SUSE LLC
+ * Copyright (C) 2022 Microsoft Corporation
++ * Copyright (C) 2023 SUSE LLC
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
@@ util/grub-protect.c (new)
+ grub_uint8_t tpm2_pcrs[TPM_MAX_PCRS];
+ grub_uint8_t tpm2_pcr_count;
+ grub_srk_type_t srk_type;
-+ TPM_ALG_ID tpm2_bank;
-+ TPM_HANDLE tpm2_srk;
++ TPM_ALG_ID_t tpm2_bank;
++ TPM_HANDLE_t tpm2_srk;
+ const char *tpm2_keyfile;
+ const char *tpm2_outfile;
+ int tpm2_evict;
@@ util/grub-protect.c (new)
+ .arg = "tpm2",
+ .flags = 0,
+ .doc =
-+ N_("Key protector to use (only tpm2 is currently supported)."),
++ N_("Set key protector to use (only tpm2 is currently supported)."),
+ .group = 0
+ },
+ /* TPM2 key protector options */
@@ util/grub-protect.c (new)
+ .arg = "FILE",
+ .flags = 0,
+ .doc =
-+ N_("Path to the TPM2 device. (default: /dev/tpm0)"),
++ N_("Set the path to the TPM2 device. (default: /dev/tpm0)"),
+ .group = 0
+ },
+ {
@@ util/grub-protect.c (new)
+ .arg = "0[,1]...",
+ .flags = 0,
+ .doc =
-+ N_("Comma-separated list of PCRs used to authorize key release "
++ N_("Set a comma-separated list of PCRs used to authorize key release "
+ "e.g., '7,11'. Please be aware that PCR 0~7 are used by the "
+ "firmware and the measurement result may change after a "
+ "firmware update (for baremetal systems) or a package "
-+ "(OVMF/SeaBIOS/SLOF) update in the VM host. This may lead to"
++ "(OVMF/SeaBIOS/SLOF) update in the VM host. This may lead to "
+ "the failure of key unsealing. (default: 7)"),
+ .group = 0
+ },
@@ util/grub-protect.c (new)
+ .arg = "ALG",
+ .flags = 0,
+ .doc =
-+ N_("Bank of PCRs used to authorize key release: "
++ N_("Set the bank of PCRs used to authorize key release: "
+ "SHA1, SHA256, SHA384, or SHA512. (default: SHA256)"),
+ .group = 0
+ },
@@ util/grub-protect.c (new)
+ .arg = "FILE",
+ .flags = 0,
+ .doc =
-+ N_("Path to a file that contains the cleartext key to protect."),
++ N_("Set the path to a file that contains the cleartext key to
protect."),
+ .group = 0
+ },
+ {
@@ util/grub-protect.c (new)
+ .arg = "FILE",
+ .flags = 0,
+ .doc =
-+ N_("Path to the file that will contain the key after sealing (must be "
-+ "accessible to GRUB during boot)."),
++ N_("Set the path to the file that will contain the key after sealing "
++ "(must be accessible to GRUB during boot)."),
+ .group = 0
+ },
+ {
@@ util/grub-protect.c (new)
+ .arg = "NUM",
+ .flags = 0,
+ .doc =
-+ N_("The SRK handle if the SRK is to be made persistent."),
++ N_("Set the SRK handle if the SRK is to be made persistent."),
+ .group = 0
+ },
+ {
@@ util/grub-protect.c (new)
+ .arg = "TYPE",
+ .flags = 0,
+ .doc =
-+ N_("The type of SRK: RSA (RSA2048) and ECC (ECC_NIST_P256)."
++ N_("Set the type of SRK: RSA (RSA2048) and ECC (ECC_NIST_P256)."
+ "(default: ECC)"),
+ .group = 0
+ },
@@ util/grub-protect.c (new)
+ { 0, 0, 0, 0, 0, 0 }
+ };
+
-+static int grub_protector_tpm2_fd = -1;
++static int protector_tpm2_fd = -1;
+
+static grub_err_t
-+grub_protect_read_file (const char *filepath, void **buffer,
-+ size_t *buffer_size)
++protect_read_file (const char *filepath, void **buffer, size_t
*buffer_size)
+{
+ grub_err_t err;
+ FILE *f;
@@ util/grub-protect.c (new)
+ buf = NULL;
+ err = GRUB_ERR_NONE;
+
-+exit2:
++ exit2:
+ grub_free (buf);
+
-+exit1:
++ exit1:
+ fclose (f);
+
+ return err;
+}
+
+static grub_err_t
-+grub_protect_write_file (const char *filepath, void *buffer, size_t
buffer_size)
++protect_write_file (const char *filepath, void *buffer, size_t
buffer_size)
+{
+ grub_err_t err;
+ FILE *f;
@@ util/grub-protect.c (new)
+
+ err = GRUB_ERR_NONE;
+
-+exit1:
++ exit1:
+ fclose (f);
+
+ return err;
@@ util/grub-protect.c (new)
+ static const grub_size_t header_size = sizeof (grub_uint16_t) +
+ (2 * sizeof(grub_uint32_t));
+
-+ if (write (grub_protector_tpm2_fd, input, input_size) != input_size)
++ if (write (protector_tpm2_fd, input, input_size) != input_size)
+ return GRUB_ERR_BAD_DEVICE;
+
-+ if (read (grub_protector_tpm2_fd, output, output_size) < header_size)
++ if (read (protector_tpm2_fd, output, output_size) < header_size)
+ return GRUB_ERR_BAD_DEVICE;
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
-+grub_protect_tpm2_open_device (const char *dev_node)
++protect_tpm2_open_device (const char *dev_node)
+{
-+ if (grub_protector_tpm2_fd != -1)
++ if (protector_tpm2_fd != -1)
+ return GRUB_ERR_NONE;
+
-+ grub_protector_tpm2_fd = open (dev_node, O_RDWR);
-+ if (grub_protector_tpm2_fd == -1)
++ protector_tpm2_fd = open (dev_node, O_RDWR);
++ if (protector_tpm2_fd == -1)
+ {
-+ fprintf (stderr, _("Could not open TPM device (%s).\n"), strerror
(errno));
++ fprintf (stderr, "Could not open TPM device (%s).\n", strerror
(errno));
+ return GRUB_ERR_FILE_NOT_FOUND;
+ }
+
@@ util/grub-protect.c (new)
+}
+
+static grub_err_t
-+grub_protect_tpm2_close_device (void)
++protect_tpm2_close_device (void)
+{
+ int err;
+
-+ if (grub_protector_tpm2_fd == -1)
++ if (protector_tpm2_fd == -1)
+ return GRUB_ERR_NONE;
+
-+ err = close (grub_protector_tpm2_fd);
++ err = close (protector_tpm2_fd);
+ if (err != GRUB_ERR_NONE)
+ {
-+ fprintf (stderr, _("Could not close TPM device (Error: %u).\n"),
errno);
++ fprintf (stderr, "Could not close TPM device (Error: %u).\n", errno);
+ return GRUB_ERR_IO;
+ }
+
-+ grub_protector_tpm2_fd = -1;
++ protector_tpm2_fd = -1;
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
-+grub_protect_tpm2_get_policy_digest (struct grub_protect_args *args,
-+ TPM2B_DIGEST *digest)
++protect_tpm2_get_policy_digest (struct grub_protect_args *args,
TPM2B_DIGEST_t *digest)
+{
-+ TPM_RC rc;
-+ TPML_PCR_SELECTION pcr_sel = {
++ TPM_RC_t rc;
++ TPML_PCR_SELECTION_t pcr_sel = {
+ .count = 1,
+ .pcrSelections = {
+ {
@@ util/grub-protect.c (new)
+ },
+ }
+ };
-+ TPML_PCR_SELECTION pcr_sel_out = { 0 };
-+ TPML_DIGEST pcr_values = { 0 };
-+ TPM2B_DIGEST pcr_digest = { 0 };
++ TPML_PCR_SELECTION_t pcr_sel_out = { 0 };
++ TPML_DIGEST_t pcr_values = { 0 };
++ TPM2B_DIGEST_t pcr_digest = { 0 };
+ grub_size_t pcr_digest_len;
-+ TPM2B_MAX_BUFFER pcr_concat = { 0 };
++ TPM2B_MAX_BUFFER_t pcr_concat = { 0 };
+ grub_size_t pcr_concat_len;
+ grub_uint8_t *pcr_cursor;
-+ TPM2B_NONCE nonce = { 0 };
-+ TPM2B_ENCRYPTED_SECRET salt = { 0 };
-+ TPMT_SYM_DEF symmetric = { 0 };
-+ TPMI_SH_AUTH_SESSION session = 0;
-+ TPM2B_DIGEST policy_digest = { 0 };
++ TPM2B_NONCE_t nonce = { 0 };
++ TPM2B_ENCRYPTED_SECRET_t salt = { 0 };
++ TPMT_SYM_DEF_t symmetric = { 0 };
++ TPMI_SH_AUTH_SESSION_t session = 0;
++ TPM2B_DIGEST_t policy_digest = { 0 };
+ grub_uint8_t i;
+ grub_err_t err;
+
@@ util/grub-protect.c (new)
+ for (i = 0; i < args->tpm2_pcr_count; i++)
+ TPMS_PCR_SELECTION_SelectPCR (&pcr_sel.pcrSelections[0],
args->tpm2_pcrs[i]);
+
-+ rc = TPM2_PCR_Read (NULL, &pcr_sel, NULL, &pcr_sel_out, &pcr_values,
NULL);
++ rc = grub_tpm2_pcr_read (NULL, &pcr_sel, NULL, &pcr_sel_out,
&pcr_values, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to read PCRs (TPM2_PCR_Read: 0x%x).\n"),
rc);
++ fprintf (stderr, "Failed to read PCRs (TPM2_PCR_Read: 0x%x).\n",
rc);
+ return GRUB_ERR_BAD_DEVICE;
+ }
+
@@ util/grub-protect.c (new)
+ (pcr_sel.pcrSelections[0].sizeOfSelect !=
+ pcr_sel_out.pcrSelections[0].sizeOfSelect))
+ {
-+ fprintf (stderr, _("Could not read all the specified PCRs.\n"));
++ fprintf (stderr, "Could not read all the specified PCRs.\n");
+ return GRUB_ERR_BAD_DEVICE;
+ }
+
@@ util/grub-protect.c (new)
+ pcr_concat_len = pcr_digest_len * args->tpm2_pcr_count;
+ if (pcr_concat_len > TPM_MAX_DIGEST_BUFFER)
+ {
-+ fprintf (stderr, _("PCR concatenation buffer not enough.\n"));
++ fprintf (stderr, "PCR concatenation buffer not enough.\n");
+ return GRUB_ERR_OUT_OF_RANGE;
+ }
+
@@ util/grub-protect.c (new)
+ if (pcr_values.digests[i].size != pcr_digest_len)
+ {
+ fprintf (stderr,
-+ _("Bad PCR value size: expected %" PRIuGRUB_SIZE " bytes but
got %u bytes.\n"),
++ "Bad PCR value size: expected %" PRIuGRUB_SIZE " bytes but
got %u bytes.\n",
+ pcr_digest_len, pcr_values.digests[i].size);
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
@@ util/grub-protect.c (new)
+ }
+ pcr_concat.size = pcr_concat_len;
+
-+ rc = TPM2_Hash (NULL, &pcr_concat, args->tpm2_bank, TPM_RH_NULL,
&pcr_digest,
-+ NULL, NULL);
++ rc = grub_tpm2_hash (NULL, &pcr_concat, args->tpm2_bank, TPM_RH_NULL,
&pcr_digest, NULL, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to generate PCR digest (TPM2_Hash:
0x%x)\n"), rc);
++ fprintf (stderr, "Failed to generate PCR digest (TPM2_Hash:
0x%x)\n", rc);
+ return GRUB_ERR_BAD_DEVICE;
+ }
+
@@ util/grub-protect.c (new)
+ nonce.size = TPM_SHA256_DIGEST_SIZE;
+ symmetric.algorithm = TPM_ALG_NULL;
+
-+ rc = TPM2_StartAuthSession (TPM_RH_NULL, TPM_RH_NULL, 0, &nonce, &salt,
-+ TPM_SE_TRIAL, &symmetric, TPM_ALG_SHA256,
-+ &session, NULL, 0);
++ rc = grub_tpm2_startauthsession (TPM_RH_NULL, TPM_RH_NULL, 0, &nonce,
&salt,
++ TPM_SE_TRIAL, &symmetric, TPM_ALG_SHA256,
++ &session, NULL, 0);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr,
-+ _("Failed to start trial policy session (TPM2_StartAuthSession:
0x%x).\n"),
-+ rc);
++ fprintf (stderr, "Failed to start trial policy session
(TPM2_StartAuthSession: 0x%x).\n", rc);
+ return GRUB_ERR_BAD_DEVICE;
+ }
+
+ /* PCR Policy */
-+ rc = TPM2_PolicyPCR (session, NULL, &pcr_digest, &pcr_sel, NULL);
++ rc = grub_tpm2_policypcr (session, NULL, &pcr_digest, &pcr_sel, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to submit PCR policy (TPM2_PolicyPCR:
0x%x).\n"),
-+ rc);
++ fprintf (stderr, "Failed to submit PCR policy (TPM2_PolicyPCR:
0x%x).\n", rc);
+ err = GRUB_ERR_BAD_DEVICE;
+ goto error;
+ }
+
+ /* Retrieve Policy Digest */
-+ rc = TPM2_PolicyGetDigest (session, NULL, &policy_digest, NULL);
++ rc = grub_tpm2_policygetdigest (session, NULL, &policy_digest, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to get policy digest
(TPM2_PolicyGetDigest: 0x%x).\n"),
-+ rc);
++ fprintf (stderr, "Failed to get policy digest
(TPM2_PolicyGetDigest: 0x%x).\n", rc);
+ err = GRUB_ERR_BAD_DEVICE;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ *digest = policy_digest;
+ err = GRUB_ERR_NONE;
+
-+error:
-+ TPM2_FlushContext (session);
++ error:
++ grub_tpm2_flushcontext (session);
+
+ return err;
+}
+
+static grub_err_t
-+grub_protect_tpm2_get_srk (struct grub_protect_args *args, TPM_HANDLE
*srk)
++protect_tpm2_get_srk (struct grub_protect_args *args, TPM_HANDLE_t *srk)
+{
-+ TPM_RC rc;
-+ TPM2B_PUBLIC public;
-+ TPMS_AUTH_COMMAND authCommand = { 0 };
-+ TPM2B_SENSITIVE_CREATE inSensitive = { 0 };
-+ TPM2B_PUBLIC inPublic = { 0 };
-+ TPM2B_DATA outsideInfo = { 0 };
-+ TPML_PCR_SELECTION creationPcr = { 0 };
-+ TPM2B_PUBLIC outPublic = { 0 };
-+ TPM2B_CREATION_DATA creationData = { 0 };
-+ TPM2B_DIGEST creationHash = { 0 };
-+ TPMT_TK_CREATION creationTicket = { 0 };
-+ TPM2B_NAME srkName = { 0 };
-+ TPM_HANDLE srkHandle;
++ TPM_RC_t rc;
++ TPM2B_PUBLIC_t public;
++ TPMS_AUTH_COMMAND_t authCommand = { 0 };
++ TPM2B_SENSITIVE_CREATE_t inSensitive = { 0 };
++ TPM2B_PUBLIC_t inPublic = { 0 };
++ TPM2B_DATA_t outsideInfo = { 0 };
++ TPML_PCR_SELECTION_t creationPcr = { 0 };
++ TPM2B_PUBLIC_t outPublic = { 0 };
++ TPM2B_CREATION_DATA_t creationData = { 0 };
++ TPM2B_DIGEST_t creationHash = { 0 };
++ TPMT_TK_CREATION_t creationTicket = { 0 };
++ TPM2B_NAME_t srkName = { 0 };
++ TPM_HANDLE_t srkHandle;
+
+ if (args->tpm2_srk != 0)
+ {
+ /* Find SRK */
-+ rc = TPM2_ReadPublic (args->tpm2_srk, NULL, &public);
++ rc = grub_tpm2_readpublic (args->tpm2_srk, NULL, &public);
+ if (rc == TPM_RC_SUCCESS)
+ {
-+ printf (_("Read SRK from 0x%x\n"), args->tpm2_srk);
++ printf ("Read SRK from 0x%x\n", args->tpm2_srk);
+ *srk = args->tpm2_srk;
+ return GRUB_ERR_NONE;
+ }
@@ util/grub-protect.c (new)
+ /* The handle exists but its public area could not be read. */
+ if ((rc & ~TPM_RC_N_MASK) != TPM_RC_HANDLE)
+ {
-+ fprintf (stderr,
-+ _("Failed to retrieve SRK from 0x%x (TPM2_ReadPublic:
0x%x).\n"),
-+ args->tpm2_srk, rc);
++ fprintf (stderr, "Failed to retrieve SRK from 0x%x (TPM2_ReadPublic:
0x%x).\n", args->tpm2_srk, rc);
+ return GRUB_ERR_BAD_DEVICE;
+ }
+ }
@@ util/grub-protect.c (new)
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
-+ rc = TPM2_CreatePrimary (TPM_RH_OWNER, &authCommand, &inSensitive,
&inPublic,
-+ &outsideInfo, &creationPcr, &srkHandle, &outPublic,
-+ &creationData, &creationHash, &creationTicket,
-+ &srkName, NULL);
++ rc = grub_tpm2_createprimary (TPM_RH_OWNER, &authCommand, &inSensitive,
&inPublic,
++ &outsideInfo, &creationPcr, &srkHandle,
&outPublic,
++ &creationData, &creationHash, &creationTicket,
++ &srkName, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to create SRK (TPM2_CreatePrimary:
0x%x).\n"), rc);
++ fprintf (stderr, "Failed to create SRK (TPM2_CreatePrimary:
0x%x).\n", rc);
+ return GRUB_ERR_BAD_DEVICE;
+ }
+
+ /* Persist SRK */
+ if (args->tpm2_srk != 0)
+ {
-+ rc = TPM2_EvictControl (TPM_RH_OWNER, srkHandle, &authCommand,
-+ args->tpm2_srk, NULL);
++ rc = grub_tpm2_evictcontrol (TPM_RH_OWNER, srkHandle, &authCommand,
args->tpm2_srk, NULL);
+ if (rc == TPM_RC_SUCCESS)
+ {
-+ TPM2_FlushContext (srkHandle);
++ grub_tpm2_flushcontext (srkHandle);
+ srkHandle = args->tpm2_srk;
+ }
+ else
+ fprintf (stderr,
-+ _("Warning: Failed to persist SRK (0x%x) (TPM2_EvictControl:
0x%x\n). "
-+ "Continuing anyway...\n"), args->tpm2_srk, rc);
++ "Warning: Failed to persist SRK (0x%x) (TPM2_EvictControl:
0x%x).\n"
++ "Continuing anyway...\n", args->tpm2_srk, rc);
+ }
+
+ /* Epilogue */
@@ util/grub-protect.c (new)
+}
+
+static grub_err_t
-+grub_protect_tpm2_seal (TPM2B_DIGEST *policyDigest, TPM_HANDLE srk,
-+ grub_uint8_t *clearText, grub_size_t clearTextLength,
-+ tpm2_sealed_key_t *sealed_key)
++protect_tpm2_seal (TPM2B_DIGEST_t *policyDigest, TPM_HANDLE_t srk,
++ grub_uint8_t *clearText, grub_size_t clearTextLength,
++ tpm2_sealed_key_t *sealed_key)
+{
-+ TPM_RC rc;
-+ TPMS_AUTH_COMMAND authCommand = { 0 };
-+ TPM2B_SENSITIVE_CREATE inSensitive = { 0 };
-+ TPM2B_PUBLIC inPublic = { 0 };
-+ TPM2B_DATA outsideInfo = { 0 };
-+ TPML_PCR_SELECTION pcr_sel = { 0 };
-+ TPM2B_PRIVATE outPrivate = { 0 };
-+ TPM2B_PUBLIC outPublic = { 0 };
++ TPM_RC_t rc;
++ TPMS_AUTH_COMMAND_t authCommand = { 0 };
++ TPM2B_SENSITIVE_CREATE_t inSensitive = { 0 };
++ TPM2B_PUBLIC_t inPublic = { 0 };
++ TPM2B_DATA_t outsideInfo = { 0 };
++ TPML_PCR_SELECTION_t pcr_sel = { 0 };
++ TPM2B_PRIVATE_t outPrivate = { 0 };
++ TPM2B_PUBLIC_t outPublic = { 0 };
+
+ /* Seal Data */
+ authCommand.sessionHandle = TPM_RS_PW;
@@ util/grub-protect.c (new)
+ inPublic.publicArea.parameters.keyedHashDetail.scheme.scheme =
TPM_ALG_NULL;
+ inPublic.publicArea.authPolicy = *policyDigest;
+
-+ rc = TPM2_Create (srk, &authCommand, &inSensitive, &inPublic,
&outsideInfo,
-+ &pcr_sel, &outPrivate, &outPublic, NULL, NULL, NULL, NULL);
++ rc = grub_tpm2_create (srk, &authCommand, &inSensitive, &inPublic,
&outsideInfo,
++ &pcr_sel, &outPrivate, &outPublic, NULL, NULL, NULL,
NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to seal key (TPM2_Create: 0x%x).\n"),
rc);
++ fprintf (stderr, "Failed to seal key (TPM2_Create: 0x%x).\n", rc);
+ return GRUB_ERR_BAD_DEVICE;
+ }
+
@@ util/grub-protect.c (new)
+extern asn1_static_node tpm2key_asn1_tab[];
+
+static grub_err_t
-+grub_protect_tpm2_export_tpm2key (const struct grub_protect_args *args,
-+ tpm2_sealed_key_t *sealed_key)
++protect_tpm2_export_tpm2key (const struct grub_protect_args *args,
++ tpm2_sealed_key_t *sealed_key)
+{
+ const char *sealed_key_oid = "2.23.133.10.1.5";
+ asn1_node asn1_def = NULL;
@@ util/grub-protect.c (new)
+ grub_uint32_t parent;
+ grub_uint32_t cmd_code;
+ struct grub_tpm2_buffer pol_buf;
-+ TPML_PCR_SELECTION pcr_sel = {
++ TPML_PCR_SELECTION_t pcr_sel = {
+ .count = 1,
+ .pcrSelections = {
+ {
@@ util/grub-protect.c (new)
+ ret = asn1_write_value (tpm2key, "type", sealed_key_oid, 1);
+ if (ret != ASN1_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to set 'type': 0x%u\n"), ret);
++ fprintf (stderr, "Failed to set 'type': 0x%u\n", ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ ret = asn1_write_value (tpm2key, "emptyAuth", "TRUE", 1);
+ if (ret != ASN1_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to set 'emptyAuth': 0x%x\n"), ret);
++ fprintf (stderr, "Failed to set 'emptyAuth': 0x%x\n", ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ ret = asn1_write_value (tpm2key, "policy", "NEW", 1);
+ if (ret != ASN1_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to set 'policy': 0x%x\n"), ret);
++ fprintf (stderr, "Failed to set 'policy': 0x%x\n", ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ sizeof (cmd_code));
+ if (ret != ASN1_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to set 'policy CommandCode': 0x%x\n"),
ret);
++ fprintf (stderr, "Failed to set 'policy CommandCode': 0x%x\n", ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ pol_buf.size);
+ if (ret != ASN1_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to set 'policy CommandPolicy': 0x%x\n"),
ret);
++ fprintf (stderr, "Failed to set 'policy CommandPolicy': 0x%x\n",
ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ ret = asn1_write_value (tpm2key, "secret", NULL, 0);
+ if (ret != ASN1_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to remove 'secret': 0x%x\n"), ret);
++ fprintf (stderr, "Failed to remove 'secret': 0x%x\n", ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ ret = asn1_write_value (tpm2key, "authPolicy", NULL, 0);
+ if (ret != ASN1_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to remove 'authPolicy': 0x%x\n"), ret);
++ fprintf (stderr, "Failed to remove 'authPolicy': 0x%x\n", ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ ret = asn1_write_value (tpm2key, "description", NULL, 0);
+ if (ret != ASN1_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to remove 'description': 0x%x\n"), ret);
++ fprintf (stderr, "Failed to remove 'description': 0x%x\n", ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ ret = asn1_write_value (tpm2key, "parent", &parent, sizeof (parent));
+ if (ret != ASN1_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to set 'parent': 0x%x\n"), ret);
++ fprintf (stderr, "Failed to set 'parent': 0x%x\n", ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+
+ if (ret != ASN1_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to set 'rsaParent': 0x%x\n"), ret);
++ fprintf (stderr, "Failed to set 'rsaParent': 0x%x\n", ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ ret = asn1_write_value (tpm2key, "pubkey", pub_buf.data, pub_buf.size);
+ if (ret != ASN1_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to set 'pubkey': 0x%x\n"), ret);
++ fprintf (stderr, "Failed to set 'pubkey': 0x%x\n", ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ ret = asn1_write_value (tpm2key, "privkey", priv_buf.data,
priv_buf.size);
+ if (ret != ASN1_SUCCESS)
+ {
-+ fprintf (stderr, _("Failed to set 'privkey': 0x%x\n"), ret);
++ fprintf (stderr, "Failed to set 'privkey': 0x%x\n", ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ ret = asn1_der_coding (tpm2key, "", NULL, &der_buf_size, NULL);
+ if (ret != ASN1_MEM_ERROR)
+ {
-+ fprintf (stderr, _("Failed to get DER size: 0x%x\n"), ret);
++ fprintf (stderr, "Failed to get DER size: 0x%x\n", ret);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ der_buf = grub_malloc (der_buf_size);
+ if (der_buf == NULL)
+ {
-+ fprintf (stderr, _("Failed to allocate memory for DER encoding\n"));
++ fprintf (stderr, "Failed to allocate memory for DER encoding\n");
+ err = GRUB_ERR_OUT_OF_MEMORY;
+ goto error;
+ }
@@ util/grub-protect.c (new)
+ goto error;
+ }
+
-+ err = grub_protect_write_file (args->tpm2_outfile, der_buf,
der_buf_size);
++ err = protect_write_file (args->tpm2_outfile, der_buf, der_buf_size);
+ if (err != GRUB_ERR_NONE)
-+ fprintf (stderr, _("Could not write tpm2key file (Error: %u).\n"),
-+ errno);
++ fprintf (stderr, "Could not write tpm2key file (Error: %u).\n",
errno);
+
+ error:
+ grub_free (der_buf);
@@ util/grub-protect.c (new)
+}
+
+static grub_err_t
-+grub_protect_tpm2_export_sealed_key (const char *filepath,
-+ tpm2_sealed_key_t *sealed_key)
++protect_tpm2_export_sealed_key (const char *filepath,
++ tpm2_sealed_key_t *sealed_key)
+{
+ grub_err_t err;
+ struct grub_tpm2_buffer buf;
@@ util/grub-protect.c (new)
+ if (buf.error != 0)
+ return GRUB_ERR_BAD_ARGUMENT;
+
-+ err = grub_protect_write_file (filepath, buf.data, buf.size);
++ err = protect_write_file (filepath, buf.data, buf.size);
+ if (err != GRUB_ERR_NONE)
-+ fprintf (stderr, _("Could not write sealed key file (Error: %u).\n"),
-+ errno);
++ fprintf (stderr, "Could not write sealed key file (Error: %u).\n",
errno);
+
+ return err;
+}
+
+static grub_err_t
-+grub_protect_tpm2_add (struct grub_protect_args *args)
++protect_tpm2_add (struct grub_protect_args *args)
+{
+ grub_err_t err;
+ grub_uint8_t *key = NULL;
+ grub_size_t key_size;
-+ TPM_HANDLE srk;
-+ TPM2B_DIGEST policy_digest;
++ TPM_HANDLE_t srk;
++ TPM2B_DIGEST_t policy_digest;
+ tpm2_sealed_key_t sealed_key;
+
-+ err = grub_protect_tpm2_open_device (args->tpm2_device);
++ err = protect_tpm2_open_device (args->tpm2_device);
+ if (err != GRUB_ERR_NONE)
+ return err;
+
-+ err = grub_protect_read_file (args->tpm2_keyfile, (void **)&key,
&key_size);
++ err = protect_read_file (args->tpm2_keyfile, (void **)&key, &key_size);
+ if (err != GRUB_ERR_NONE)
+ goto exit1;
+
+ if (key_size > TPM_MAX_SYM_DATA)
+ {
-+ fprintf (stderr,
-+ _("Input key is too long, maximum allowed size is %u bytes.\n"),
-+ TPM_MAX_SYM_DATA);
++ fprintf (stderr, "Input key size larger than %u bytes.\n",
TPM_MAX_SYM_DATA);
+ err = GRUB_ERR_OUT_OF_RANGE;
+ goto exit2;
+ }
+
-+ err = grub_protect_tpm2_get_srk (args, &srk);
++ err = protect_tpm2_get_srk (args, &srk);
+ if (err != GRUB_ERR_NONE)
+ goto exit2;
+
-+ err = grub_protect_tpm2_get_policy_digest (args, &policy_digest);
++ err = protect_tpm2_get_policy_digest (args, &policy_digest);
+ if (err != GRUB_ERR_NONE)
+ goto exit3;
+
-+ err = grub_protect_tpm2_seal (&policy_digest, srk, key, key_size,
-+ &sealed_key);
++ err = protect_tpm2_seal (&policy_digest, srk, key, key_size,
&sealed_key);
+ if (err != GRUB_ERR_NONE)
+ goto exit3;
+
+ if (args->tpm2_tpm2key != 0)
-+ err = grub_protect_tpm2_export_tpm2key (args, &sealed_key);
++ err = protect_tpm2_export_tpm2key (args, &sealed_key);
+ else
-+ err = grub_protect_tpm2_export_sealed_key (args->tpm2_outfile,
&sealed_key);
++ err = protect_tpm2_export_sealed_key (args->tpm2_outfile,
&sealed_key);
+ if (err != GRUB_ERR_NONE)
+ goto exit3;
+
+ exit3:
-+ TPM2_FlushContext (srk);
++ grub_tpm2_flushcontext (srk);
+
+ exit2:
+ grub_free (key);
+
+ exit1:
-+ grub_protect_tpm2_close_device ();
++ protect_tpm2_close_device ();
+
+ return err;
+}
+
+static grub_err_t
-+grub_protect_tpm2_remove (struct grub_protect_args *args)
++protect_tpm2_remove (struct grub_protect_args *args)
+{
-+ TPM_RC rc;
-+ TPM2B_PUBLIC public;
-+ TPMS_AUTH_COMMAND authCommand = { 0 };
++ TPM_RC_t rc;
++ TPM2B_PUBLIC_t public;
++ TPMS_AUTH_COMMAND_t authCommand = { 0 };
+ grub_err_t err;
+
+ if (args->tpm2_evict == 0)
+ {
-+ printf (_("--tpm2-evict not specified, nothing to do.\n"));
++ printf ("--tpm2-evict not specified, nothing to do.\n");
+ return GRUB_ERR_NONE;
+ }
+
-+ err = grub_protect_tpm2_open_device (args->tpm2_device);
++ err = protect_tpm2_open_device (args->tpm2_device);
+ if (err != GRUB_ERR_NONE)
+ return err;
+
+ /* Find SRK */
-+ rc = TPM2_ReadPublic (args->tpm2_srk, NULL, &public);
++ rc = grub_tpm2_readpublic (args->tpm2_srk, NULL, &public);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr, _("SRK with handle 0x%x not found.\n"),
args->tpm2_srk);
++ fprintf (stderr, "SRK with handle 0x%x not found.\n",
args->tpm2_srk);
+ err = GRUB_ERR_BAD_ARGUMENT;
+ goto exit1;
+ }
@@ util/grub-protect.c (new)
+ /* Evict SRK */
+ authCommand.sessionHandle = TPM_RS_PW;
+
-+ rc = TPM2_EvictControl (TPM_RH_OWNER, args->tpm2_srk, &authCommand,
-+ args->tpm2_srk, NULL);
++ rc = grub_tpm2_evictcontrol (TPM_RH_OWNER, args->tpm2_srk,
&authCommand, args->tpm2_srk, NULL);
+ if (rc != TPM_RC_SUCCESS)
+ {
-+ fprintf (stderr,
-+ _("Failed to evict SRK with handle 0x%x (TPM2_EvictControl:
0x%x).\n"),
-+ args->tpm2_srk, rc);
++ fprintf (stderr, "Failed to evict SRK with handle 0x%x
(TPM2_EvictControl: 0x%x).\n", args->tpm2_srk, rc);
+ err = GRUB_ERR_BAD_DEVICE;
+ goto exit2;
+ }
@@ util/grub-protect.c (new)
+ err = GRUB_ERR_NONE;
+
+ exit2:
-+ TPM2_FlushContext (args->tpm2_srk);
++ grub_tpm2_flushcontext (args->tpm2_srk);
+
+ exit1:
-+ grub_protect_tpm2_close_device ();
++ protect_tpm2_close_device ();
+
+ return GRUB_ERR_NONE;
+}
+
+static grub_err_t
-+grub_protect_tpm2_run (struct grub_protect_args *args)
++protect_tpm2_run (struct grub_protect_args *args)
+{
+ switch (args->action)
+ {
+ case GRUB_PROTECT_ACTION_ADD:
-+ return grub_protect_tpm2_add (args);
++ return protect_tpm2_add (args);
+
+ case GRUB_PROTECT_ACTION_REMOVE:
-+ return grub_protect_tpm2_remove (args);
++ return protect_tpm2_remove (args);
+
+ default:
+ return GRUB_ERR_BAD_ARGUMENT;
@@ util/grub-protect.c (new)
+}
+
+static grub_err_t
-+grub_protect_tpm2_args_verify (struct grub_protect_args *args)
++protect_tpm2_args_verify (struct grub_protect_args *args)
+{
+ switch (args->action)
+ {
+ case GRUB_PROTECT_ACTION_ADD:
+ if (args->args & GRUB_PROTECT_ARG_TPM2_EVICT)
+ {
-+ fprintf (stderr,
-+ _("--tpm2-evict is invalid when --action is 'add'.\n"));
++ fprintf (stderr, N_("--tpm2-evict is invalid when --action is
'add'.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
+ if (args->tpm2_keyfile == NULL)
+ {
-+ fprintf (stderr, _("--tpm2-keyfile must be specified.\n"));
++ fprintf (stderr, N_("--tpm2-keyfile must be specified.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
+ if (args->tpm2_outfile == NULL)
+ {
-+ fprintf (stderr, _("--tpm2-outfile must be specified.\n"));
++ fprintf (stderr, N_("--tpm2-outfile must be specified.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
@@ util/grub-protect.c (new)
+ case GRUB_PROTECT_ACTION_REMOVE:
+ if (args->args & GRUB_PROTECT_ARG_TPM2_ASYMMETRIC)
+ {
-+ fprintf (stderr,
-+ _("--tpm2-asymmetric is invalid when --action is
'remove'.\n"));
++ fprintf (stderr, N_("--tpm2-asymmetric is invalid when --action is
'remove'.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
+ if (args->args & GRUB_PROTECT_ARG_TPM2_BANK)
+ {
-+ fprintf (stderr,
-+ _("--tpm2-bank is invalid when --action is 'remove'.\n"));
++ fprintf (stderr, N_("--tpm2-bank is invalid when --action is
'remove'.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
+ if (args->args & GRUB_PROTECT_ARG_TPM2_KEYFILE)
+ {
-+ fprintf (stderr,
-+ _("--tpm2-keyfile is invalid when --action is 'remove'.\n"));
++ fprintf (stderr, N_("--tpm2-keyfile is invalid when --action is
'remove'.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
+ if (args->args & GRUB_PROTECT_ARG_TPM2_OUTFILE)
+ {
-+ fprintf (stderr,
-+ _("--tpm2-outfile is invalid when --action is 'remove'.\n"));
++ fprintf (stderr, N_("--tpm2-outfile is invalid when --action is
'remove'.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
+ if (args->args & GRUB_PROTECT_ARG_TPM2_PCRS)
+ {
-+ fprintf (stderr,
-+ _("--tpm2-pcrs is invalid when --action is 'remove'.\n"));
++ fprintf (stderr, N_("--tpm2-pcrs is invalid when --action is
'remove'.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
+ if (args->tpm2_srk == 0)
+ {
-+ fprintf (stderr,
-+ _("--tpm2-srk is not specified when --action is
'remove'.\n"));
++ fprintf (stderr, N_("--tpm2-srk is not specified when --action is
'remove'.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
@@ util/grub-protect.c (new)
+ break;
+
+ default:
-+ fprintf (stderr,
-+ _("The TPM2 key protector only supports the following actions: "
-+ "add, remove.\n"));
++ fprintf (stderr, N_("The TPM2 key protector only supports the
following actions: add, remove.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
@@ util/grub-protect.c (new)
+}
+
+static error_t
-+grub_protect_argp_parser (int key, char *arg, struct argp_state *state)
++protect_argp_parser (int key, char *arg, struct argp_state *state)
+{
+ grub_err_t err;
+ struct grub_protect_args *args = state->input;
@@ util/grub-protect.c (new)
+ case GRUB_PROTECT_OPT_ACTION:
+ if (args->args & GRUB_PROTECT_ARG_ACTION)
+ {
-+ fprintf (stderr, _("--action|-a can only be specified once.\n"));
++ fprintf (stderr, N_("--action|-a can only be specified once.\n"));
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+ args->action = GRUB_PROTECT_ACTION_REMOVE;
+ else
+ {
-+ fprintf (stderr, _("'%s' is not a valid action.\n"), arg);
++ fprintf (stderr, N_("'%s' is not a valid action.\n"), arg);
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+ case GRUB_PROTECT_OPT_PROTECTOR:
+ if (args->args & GRUB_PROTECT_ARG_PROTECTOR)
+ {
-+ fprintf (stderr, _("--protector|-p can only be specified once.\n"));
++ fprintf (stderr, N_("--protector|-p can only be specified once.\n"));
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+ args->protector = GRUB_PROTECT_TYPE_TPM2;
+ else
+ {
-+ fprintf (stderr, _("'%s' is not a valid protector.\n"), arg);
++ fprintf (stderr, N_("'%s' is not a valid protector.\n"), arg);
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+ case GRUB_PROTECT_OPT_TPM2_DEVICE:
+ if (args->args & GRUB_PROTECT_ARG_TPM2_DEVICE)
+ {
-+ fprintf (stderr, _("--tpm2-device can only be specified once.\n"));
++ fprintf (stderr, N_("--tpm2-device can only be specified once.\n"));
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+ case GRUB_PROTECT_OPT_TPM2_PCRS:
+ if (args->args & GRUB_PROTECT_ARG_TPM2_PCRS)
+ {
-+ fprintf (stderr, _("--tpm2-pcrs can only be specified once.\n"));
++ fprintf (stderr, N_("--tpm2-pcrs can only be specified once.\n"));
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+ case GRUB_PROTECT_OPT_TPM2_SRK:
+ if (args->args & GRUB_PROTECT_ARG_TPM2_SRK)
+ {
-+ fprintf (stderr, _("--tpm2-srk can only be specified once.\n"));
++ fprintf (stderr, N_("--tpm2-srk can only be specified once.\n"));
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+ case GRUB_PROTECT_OPT_TPM2_ASYMMETRIC:
+ if (args->args & GRUB_PROTECT_ARG_TPM2_ASYMMETRIC)
+ {
-+ fprintf (stderr, _("--tpm2-asymmetric can only be specified
once.\n"));
++ fprintf (stderr, N_("--tpm2-asymmetric can only be specified
once.\n"));
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+ case GRUB_PROTECT_OPT_TPM2_BANK:
+ if (args->args & GRUB_PROTECT_ARG_TPM2_BANK)
+ {
-+ fprintf (stderr, _("--tpm2-bank can only be specified once.\n"));
++ fprintf (stderr, N_("--tpm2-bank can only be specified once.\n"));
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+ case GRUB_PROTECT_OPT_TPM2_KEYFILE:
+ if (args->args & GRUB_PROTECT_ARG_TPM2_KEYFILE)
+ {
-+ fprintf (stderr, _("--tpm2-keyfile can only be specified once.\n"));
++ fprintf (stderr, N_("--tpm2-keyfile can only be specified once.\n"));
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+ case GRUB_PROTECT_OPT_TPM2_OUTFILE:
+ if (args->args & GRUB_PROTECT_ARG_TPM2_OUTFILE)
+ {
-+ fprintf (stderr, _("--tpm2-outfile can only be specified once.\n"));
++ fprintf (stderr, N_("--tpm2-outfile can only be specified once.\n"));
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+ case GRUB_PROTECT_OPT_TPM2_EVICT:
+ if (args->args & GRUB_PROTECT_ARG_TPM2_EVICT)
+ {
-+ fprintf (stderr, _("--tpm2-evict can only be specified once.\n"));
++ fprintf (stderr, N_("--tpm2-evict can only be specified once.\n"));
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+ case GRUB_PROTECT_OPT_TPM2_TPM2KEY:
+ if (args->args & GRUB_PROTECT_ARG_TPM2_TPM2KEY)
+ {
-+ fprintf (stderr, _("--tpm2-tpm2key can only be specified once.\n"));
++ fprintf (stderr, N_("--tpm2-tpm2key can only be specified once.\n"));
+ return EINVAL;
+ }
+
@@ util/grub-protect.c (new)
+}
+
+static grub_err_t
-+grub_protect_args_verify (struct grub_protect_args *args)
++protect_args_verify (struct grub_protect_args *args)
+{
+ if (args->action == GRUB_PROTECT_ACTION_ERROR)
+ {
-+ fprintf (stderr, "--action is mandatory.\n");
++ fprintf (stderr, N_("--action is mandatory.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
@@ util/grub-protect.c (new)
+ * is the only key protector supported by this tool. */
+ if (args->protector != GRUB_PROTECT_TYPE_TPM2)
+ {
-+ fprintf (stderr,
-+ _("--protector is mandatory and only 'tpm2' is currently "
-+ "supported.\n"));
++ fprintf (stderr, N_("--protector is mandatory and only 'tpm2' is
currently supported.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
+ switch (args->protector)
+ {
+ case GRUB_PROTECT_TYPE_TPM2:
-+ return grub_protect_tpm2_args_verify (args);
++ return protect_tpm2_args_verify (args);
+ default:
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
@@ util/grub-protect.c (new)
+}
+
+static grub_err_t
-+grub_protect_dispatch (struct grub_protect_args *args)
++protect_dispatch (struct grub_protect_args *args)
+{
+ switch (args->protector)
+ {
+ case GRUB_PROTECT_TYPE_TPM2:
-+ return grub_protect_tpm2_run (args);
++ return protect_tpm2_run (args);
+ default:
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+}
+
+static void
-+grub_protect_init (int *argc, char **argv[])
++protect_init (int *argc, char **argv[])
+{
+ grub_util_host_init (argc, argv);
+
@@ util/grub-protect.c (new)
+}
+
+static void
-+grub_protect_fini (void)
++protect_fini (void)
+{
+ grub_fini_all ();
+ grub_util_biosdisk_fini ();
@@ util/grub-protect.c (new)
+static struct argp grub_protect_argp =
+{
+ .options = grub_protect_options,
-+ .parser = grub_protect_argp_parser,
++ .parser = protect_argp_parser,
+ .args_doc = NULL,
+ .doc =
+ N_("Protect a cleartext key using a GRUB key protector that can
retrieve "
@@ util/grub-protect.c (new)
+
+ if (argp_parse (&grub_protect_argp, argc, argv, 0, 0, &args) != 0)
+ {
-+ fprintf (stderr, _("Could not parse arguments.\n"));
++ fprintf (stderr, N_("Could not parse arguments.\n"));
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
-+ grub_protect_init (&argc, &argv);
++ protect_init (&argc, &argv);
+
-+ err = grub_protect_args_verify (&args);
++ err = protect_args_verify (&args);
+ if (err != GRUB_ERR_NONE)
+ goto exit;
+
-+ err = grub_protect_dispatch (&args);
++ err = protect_dispatch (&args);
+ if (err != GRUB_ERR_NONE)
+ goto exit;
+
+ exit:
-+ grub_protect_fini ();
++ protect_fini ();
+
+ return err;
+}
19: e7191a5d9 < -: --------- tpm2_key_protector: Support authorized policy
20: 8543bec1c < -: --------- tpm2_key_protector: Implement NV index
-: --------- > 25: b5e60d579 tpm2_key_protector: Support authorized policy
-: --------- > 26: 784a1954c tpm2_key_protector: Implement NV index
21: 4fdd0da55 ! 27: bf64c4c21 cryptodisk: Fallback to passphrase
@@ Commit message
cryptodisk: Fallback to passphrase
If a protector is specified, but it fails to unlock the disk, fall back
- to asking for the passphrase. However, an error was set indicating that
- the protector(s) failed. Later code (e.g., LUKS code) fails as
- `grub_errno` is now set. Print the existing errors out first, before
- proceeding with the passphrase.
+ to asking for the passphrase.
+
+ Before requesting the passphrase, the error from the key protector(s)
+ has to be cleared, or the later code (e.g., LUKS code) may stop as
+ 'grub_errno' is set. This commit prints error from the key protector(s)
+ and sets 'grub_errno' to 'GRUB_ERR_NONE' to have a fresh start.
Signed-off-by: Patrick Colp <patrick.colp@oracle.com>
Signed-off-by: Gary Lin <glin@suse.com>
@@ grub-core/disk/cryptodisk.c: grub_cryptodisk_scan_device_real (const
char *name,
+ /*
+ * Print the error from key protectors and clear grub_errno.
-+ * Since '--protector' doesn't not coexist with '--password' and
-+ * '--key-file', only "cargs->key_len == 0" is expected if all
-+ * key protectors fail.
++ *
++ * Since '--protector' cannot coexist with '--password' and
++ * '--key-file', in case key protectors fail, only
++ * "cargs->key_len == 0" is expected, so cryptomount falls back
++ * here to request the passphrase.
++ *
++ * To avoid the error from key protectors stops the further code,
++ * print the error to notify the user why key protectors fail and
++ * clear grub_errno to have a fresh start.
+ */
-+ if (grub_errno)
++ if (grub_errno != GRUB_ERR_NONE)
+ {
+ grub_print_error ();
+ grub_errno = GRUB_ERR_NONE;
22: fa2ed9dc6 ! 28: e1d67e568 cryptodisk: wipe out the cached keys from
protectors
@@ Commit message
Cc: Fabian Vogt <fvogt@suse.com>
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
+ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
## grub-core/disk/cryptodisk.c ##
@@ grub-core/disk/cryptodisk.c: grub_cryptodisk_clear_key_cache (struct
grub_cryptomount_args *cargs)
23: daa2fe5d6 ! 29: 89452b2c0 diskfilter: look up cryptodisk devices first
@@ grub-core/disk/diskfilter.c: scan_devices (const char *arname)
+ {
+ /* look up the crytodisk devices first */
+ for (p = grub_disk_dev_list; p; p = p->next)
-+ if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID
-+ && p->disk_iterate)
++ if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID && p->disk_iterate)
+ {
+ if ((p->disk_iterate) (scan_disk_hook, NULL, pull))
+ return;
@@ grub-core/disk/diskfilter.c: scan_devices (const char *arname)
+
+ /* check the devices other than crytodisk */
+ for (p = grub_disk_dev_list; p; p = p->next)
-+ if (p->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)
-+ continue;
-+ else if (p->id != GRUB_DISK_DEVICE_DISKFILTER_ID
-+ && p->disk_iterate)
++ if (p->id != GRUB_DISK_DEVICE_DISKFILTER_ID && p->disk_iterate)
+ {
+ if ((p->disk_iterate) (scan_disk_hook, NULL, pull))
+ return;
24: 7622fa1bd ! 30: 37dfe60a8 tpm2_key_protector: Add grub-emu support
@@ grub-core/lib/tss2/tcg2_emu.c (new)
@@
+/*
+ * GRUB -- GRand Unified Bootloader
-+ * Copyright (C) 2024 Free Software Foundation, Inc.
+ * Copyright (C) 2024 SUSE LLC
++ * Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
25: e9847cf50 ! 31: 66969ccc9 tests: Add tpm2_key_protector_test
@@ Commit message
Cc: Stefan Berger <stefanb@linux.ibm.com>
Cc: Glenn Washburn <development@efficientek.com>
Signed-off-by: Gary Lin <glin@suse.com>
+ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
## Makefile.util.def ##
@@ Makefile.util.def: script = {
-: --------- > 32: 48c991a37 cryptodisk: Document the '-P' option
-: --------- > 33: b9d90b33e docs: Document TPM2 key protector
--
2.35.3
- [PATCH v19 00/33] Automatic Disk Unlock with TPM2,
Gary Lin <=
- [PATCH v19 01/33] posix_wrap: tweaks in preparation for libtasn1, Gary Lin, 2024/09/06
- [PATCH v19 03/33] libtasn1: disable code not needed in grub, Gary Lin, 2024/09/06
- [PATCH v19 04/33] libtasn1: replace strcat() with strcpy() in _asn1_str_cat(), Gary Lin, 2024/09/06
- [PATCH v19 05/33] libtasn1: replace strcat() with _asn1_str_cat(), Gary Lin, 2024/09/06
- [PATCH v19 02/33] libtasn1: import libtasn1-4.19.0, Gary Lin, 2024/09/06
- [PATCH v19 07/33] libtasn1: Use grub_divmod64() for division, Gary Lin, 2024/09/06
- [PATCH v19 06/33] libtasn1: adjust the header paths in libtasn1.h, Gary Lin, 2024/09/06
- [PATCH v19 08/33] libtasn1: fix the potential buffer overrun, Gary Lin, 2024/09/06
- [PATCH v19 09/33] asn1_test: include asn1_test.h only, Gary Lin, 2024/09/06
- [PATCH v19 10/33] asn1_test: rename the main functions to the test names, Gary Lin, 2024/09/06