Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:BenniBrunner:branches:home:okir:FDE
grub2
grub-unseal-debug.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File grub-unseal-debug.patch of Package grub2
--- grub-2.06.orig/grub-core/commands/efi/tpm.c 2022-08-08 11:12:36.603526002 +0200 +++ grub-2.06/grub-core/commands/efi/tpm.c 2022-08-08 10:55:02.133526002 +0200 @@ -27,6 +27,7 @@ #include <grub/mm.h> #include <grub/tpm.h> #include <grub/term.h> +#include <grub/time.h> typedef TCG_PCR_EVENT grub_tpm_event_t; @@ -198,6 +199,37 @@ pcr->pcrSelect[TPM2_PCR_TO_SELECT(pcrIndex)] |= TPM2_PCR_TO_BIT(pcrIndex); } +#ifdef notyet +static TPMI_SH_AUTH_SESSION +get_auth_session(void) +{ + static TPMI_SH_AUTH_SESSION session; + static int initialized = 0; + TPM2B_NONCE nonceCaller = { 0 }; + TPMT_SYM_DEF symmetric = { 0 }; + TPM2B_NONCE nonceTPM = { 0 }; + TPM2B_ENCRYPTED_SECRET salt = { 0 }; + int rc; + + if (!initialized) { + initialized = 1; + + nonceCaller.size = TPM_SHA256_DIGEST_SIZE; + symmetric.algorithm = TPM_ALG_NULL; + + rc = TPM2_StartAuthSession(TPM_RH_NULL, TPM_RH_NULL, 0, &nonceCaller, &salt, + TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256, + &session, &nonceTPM, 0); + if (rc) { + grub_error (GRUB_ERR_IO, "Failed to start auth session (error %u/0x%x)", rc, rc); + return 0; + } + grub_printf ("TPM2_StartAuthSession() returns session handle 0x%x", (unsigned int) session); + } + return session; +} +#endif + struct grub_tpm_hash_info { const char *name; grub_size_t size; @@ -272,6 +304,26 @@ grub_free (d); } +static void +display_pcr(const char *what, grub_uint8_t pcrIndex, const char *algo) +{ + struct grub_tpm_digest *d; + unsigned int offset; + + if (grub_tpm2_read_pcr (pcrIndex, algo, &d)) + return; + + grub_printf (" %-8s: hash=", what); + for (offset = 0; offset < d->size; offset += 2) { + if (offset) + grub_printf (":"); + grub_printf ("%02x%02x", d->value[offset], d->value[offset + 1]); + } + + grub_tpm_digest_free (d); + grub_printf ("\n"); +} + static grub_err_t grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf, grub_size_t size, grub_uint8_t pcr, @@ -287,6 +339,8 @@ if (!grub_tpm2_present (tpm)) return 0; + grub_printf ("PCR %u: %s\n", pcr, description); + event = grub_zalloc (sizeof (EFI_TCG2_EVENT) + grub_strlen (description) + 1); if (!event) @@ -305,6 +359,11 @@ (grub_uint64_t) size, event); grub_free (event); + if (0) { + display_pcr("after", 0, NULL); + grub_millisleep(100); + } + return grub_efi_log_event_status (status); } diff -ur ../grub-2.06/grub-core/tpm2/module.c ../grub-2.06.patched/grub-core/tpm2/module.c --- grub-2.06.orig/grub-core/tpm2/module.c 2022-08-08 11:22:05.103526002 +0200 +++ grub-2.06/grub-core/tpm2/module.c 2022-08-08 10:55:02.183526002 +0200 @@ -22,6 +22,7 @@ #include <grub/misc.h> #include <grub/mm.h> #include <grub/protector.h> +#include <grub/time.h> #include <grub/tpm2/buffer.h> #include <grub/tpm2/internal/args.h> #include <grub/tpm2/mu.h> @@ -449,6 +450,7 @@ { grub_error (err, N_("Failed to unseal sealed key (TPM2_Unseal failed " "with TSS/TPM error %u)"), rc); + grub_millisleep(500); goto exit4; } @@ -461,6 +463,14 @@ goto exit4; } + grub_printf(" managed to unseal %u bytes of data\n", data.size); + { + grub_printf(" data: "); + for (i = 0; i < (unsigned int) data.size && i < 16; ++i) + grub_printf(" %02x", data.buffer[i]); + grub_printf("\n"); + } + if (ctx->efivar) { rc = grub_tpm2_protector_publish_key (data.buffer, data.size, ctx->efivar); Only in ../grub-2.06: grub-unseal-debug.patch Only in ../grub-2.06: patches Only in ../grub-2.06: .pc
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor