[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 02/10] tpm2_key_protector: Add 'tpm2_dump_pcr' command
|
From: |
Gary Lin |
|
Subject: |
[PATCH v2 02/10] tpm2_key_protector: Add 'tpm2_dump_pcr' command |
|
Date: |
Thu, 9 Jan 2025 11:58:27 +0800 |
The user may need to inspect the TPM 2.0 PCR values with the GRUB shell,
so the new 'tpm2_dump_pcr' command is added to print all PCRs of the
specified bank.
Signed-off-by: Gary Lin <glin@suse.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
---
.../commands/tpm2_key_protector/module.c | 35 +++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/grub-core/commands/tpm2_key_protector/module.c
b/grub-core/commands/tpm2_key_protector/module.c
index d5e530f77..0a5d81e4c 100644
--- a/grub-core/commands/tpm2_key_protector/module.c
+++ b/grub-core/commands/tpm2_key_protector/module.c
@@ -160,6 +160,8 @@ static grub_extcmd_t tpm2_protector_init_cmd;
static grub_extcmd_t tpm2_protector_clear_cmd;
static tpm2_protector_context_t tpm2_protector_ctx = {0};
+static grub_command_t tpm2_dump_pcr_cmd;
+
static grub_err_t
tpm2_protector_srk_read_file (const char *filepath, void **buffer, grub_size_t
*buffer_size)
{
@@ -1315,6 +1317,33 @@ static struct grub_key_protector tpm2_key_protector =
.recover_key = tpm2_protector_recover_key
};
+static grub_err_t
+tpm2_dump_pcr (grub_command_t cmd __attribute__((__unused__)),
+ int argc, char *argv[])
+{
+ TPM_ALG_ID_t pcr_bank;
+
+ if (argc == 0)
+ pcr_bank = TPM_ALG_SHA256;
+ else if (grub_strcmp (argv[0], "sha1") == 0)
+ pcr_bank = TPM_ALG_SHA1;
+ else if (grub_strcmp (argv[0], "sha256") == 0)
+ pcr_bank = TPM_ALG_SHA256;
+ else if (grub_strcmp (argv[0], "sha384") == 0)
+ pcr_bank = TPM_ALG_SHA384;
+ else if (grub_strcmp (argv[0], "sha512") == 0)
+ pcr_bank = TPM_ALG_SHA512;
+ else
+ {
+ grub_printf ("Unknown PCR bank\n");
+ return GRUB_ERR_BAD_ARGUMENT;
+ }
+
+ tpm2_protector_dump_pcr (pcr_bank);
+
+ return GRUB_ERR_NONE;
+}
+
GRUB_MOD_INIT (tpm2_key_protector)
{
tpm2_protector_init_cmd =
@@ -1336,6 +1365,10 @@ GRUB_MOD_INIT (tpm2_key_protector)
N_("Clear the TPM2 key protector if previously
initialized."),
NULL);
grub_key_protector_register (&tpm2_key_protector);
+
+ tpm2_dump_pcr_cmd =
+ grub_register_command ("tpm2_dump_pcr", tpm2_dump_pcr, N_("Dump TPM2
PCRs"),
+ N_("Print all PCRs of the specified TPM 2.0 bank"));
}
GRUB_MOD_FINI (tpm2_key_protector)
@@ -1345,4 +1378,6 @@ GRUB_MOD_FINI (tpm2_key_protector)
grub_key_protector_unregister (&tpm2_key_protector);
grub_unregister_extcmd (tpm2_protector_clear_cmd);
grub_unregister_extcmd (tpm2_protector_init_cmd);
+
+ grub_unregister_command (tpm2_dump_pcr_cmd);
}
--
2.43.0
- [PATCH v2 00/10] TPM2 key protector follow-up patches, Gary Lin, 2025/01/08
- [PATCH v2 01/10] tpm2_key_protector: dump PCRs on policy fail, Gary Lin, 2025/01/08
- [PATCH v2 02/10] tpm2_key_protector: Add 'tpm2_dump_pcr' command,
Gary Lin <=
- [PATCH v2 03/10] docs: Document tpm2_dump_pcr, Gary Lin, 2025/01/08
- [PATCH v2 04/10] tss2: Fix the missing authCommand, Gary Lin, 2025/01/08
- [PATCH v2 05/10] tss2: Add TPM 2.0 NV index commands, Gary Lin, 2025/01/08
- [PATCH v2 06/10] tpm2_key_protector: Unseal key from a buffer, Gary Lin, 2025/01/08
- [PATCH v2 07/10] tpm2_key_protector: Support NV index handles, Gary Lin, 2025/01/08
- [PATCH v2 08/10] util/grub-protect: Support NV index mode, Gary Lin, 2025/01/08