[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v19 00/33] Automatic Disk Unlock with TPM2
From: |
Gary Lin |
Subject: |
Re: [PATCH v19 00/33] Automatic Disk Unlock with TPM2 |
Date: |
Mon, 16 Sep 2024 11:35:43 +0800 |
On Mon, Sep 16, 2024 at 10:24:03AM +0800, Gary Lin wrote:
> On Fri, Sep 13, 2024 at 10:32:39AM -0400, Stefan Berger wrote:
> >
> >
> > On 9/6/24 5:10 AM, Gary Lin wrote:
> > > GIT repo for v19: https://github.com/lcp/grub2/tree/tpm2-unlock-v19
> > >
> > > This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
> > > Hernan Gatta to introduce the key protector framework and TPM2 stack
> > > to GRUB2, and this could be a useful feature for the systems to
> > > implement full disk encryption.
> > >
> > > To support TPM 2.0 Key File format(*2), patch 1~7,9-16 are grabbed from
> > > Daniel Axtens's "appended signature secure boot support" (*3) to import
> > > libtasn1 into grub2. Besides, the libtasn1 version is upgraded to
> > > 4.19.0 instead of 4.16.0 in the original patch.
> >
> >
> > I was going to try it out now (on a ppc64 machine) but fail to configure it.
> > The configure and build work on tip of master.
> >
> > > git clean -xdf ; ./bootstrap && ./configure --prefix=/usr
> > [...]
> > Using python3...
> > Importing unicode...
> > Importing libgcrypt...
> > Importing libtasn1...
> > cp: cannot stat 'grub-core/lib/libtasn1/lib/*.[ch]': No such file or
> > directory
> That's weird. The second patch, "libtasn1: import libtasn1-4.19.0",
> imports the libtasn1 files into grub-core/lib/libtasn1/, and those
> source files are supposed to exist when applying the patch mentioned
> below.
>
> I'll do a thorough check for that...
>
I successfully built the patches on a freshly-cloned grub git repo.
Since you mentioned ppc64, I wonder if it's caused by the conflicts with
the PowerPC Secure Boot patches?
Gary Lin
> Gary Lin
>
> > running: AUTOPOINT=true LIBTOOLIZE=true autoreconf --verbose --install
> > --force -I m4 --no-recursive
> > autoreconf: Entering directory `.'
> > autoreconf: running: true --force
> > autoreconf: running: aclocal -I m4 --force -I m4
> > autoreconf: configure.ac: tracing
> > autoreconf: configure.ac: not using Libtool
> > autoreconf: running: /usr/bin/autoconf --include=m4 --force
> > autoreconf: running: /usr/bin/autoheader --include=m4 --force
> > autoreconf: running: automake --add-missing --copy --force-missing
> > configure.ac:50: installing 'build-aux/config.guess'
> > configure.ac:50: installing 'build-aux/config.sub'
> > configure.ac:56: installing 'build-aux/install-sh'
> > configure.ac:56: installing 'build-aux/missing'
> > automake: error: cannot open < Makefile.util.am: No such file or directory
> > autoreconf: automake failed with exit status: 1
> > ./bootstrap: autoreconf failed
> >
> >
> >
> > Bisecting the series of patches with the above command line run at each step
> > leads to:
> >
> > 70fff1f0d04f576921619fddaf066d1f2c73255c is the first bad commit
> > commit 70fff1f0d04f576921619fddaf066d1f2c73255c
> > Author: Daniel Axtens <dja@axtens.net>
> > Date: Fri Sep 6 17:11:07 2024 +0800
> >
> > libtasn1: compile into asn1 module
> >
> > Create a wrapper file that specifies the module license.
> > Set up the makefile so it is built.
> >
> > Signed-off-by: Daniel Axtens <dja@axtens.net>
> > Signed-off-by: Gary Lin <glin@suse.com>
> > Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> >
> > autogen.sh | 19 +++++++++++++++++++
> > grub-core/Makefile.core.def | 15 +++++++++++++++
> > grub-core/lib/libtasn1_wrap/wrap.c | 27 +++++++++++++++++++++++++++
> > 3 files changed, 61 insertions(+)
> > create mode 100644 grub-core/lib/libtasn1_wrap/wrap.c
> >
- [PATCH v19 29/33] diskfilter: look up cryptodisk devices first, (continued)
- [PATCH v19 29/33] diskfilter: look up cryptodisk devices first, Gary Lin, 2024/09/06
- [PATCH v19 30/33] tpm2_key_protector: Add grub-emu support, Gary Lin, 2024/09/06
- [PATCH v19 31/33] tests: Add tpm2_key_protector_test, Gary Lin, 2024/09/06
- [PATCH v19 32/33] cryptodisk: Document the '-P' option, Gary Lin, 2024/09/06
- [PATCH v19 33/33] docs: Document TPM2 key protector, Gary Lin, 2024/09/06
- Re: [PATCH v19 00/33] Automatic Disk Unlock with TPM2, Stefan Berger, 2024/09/13
- Re: [PATCH v19 00/33] Automatic Disk Unlock with TPM2, Gary Lin, 2024/09/19