File test-no-default-srk.patch of Package grub2

Overview Repositories Revisions Requests Users Attributes Meta

File test-no-default-srk.patch of Package grub2

diff --git a/grub-core/tpm2/module.c b/grub-core/tpm2/module.c
index 57e6eda56..8ec16e1e5 100644
--- a/grub-core/tpm2/module.c
+++ b/grub-core/tpm2/module.c
@@ -372,21 +372,19 @@ grub_tpm2_protector_srk_get (const struct grub_tpm2_protector_context *ctx,
   TPM2B_NAME srkName = { 0 };
   TPM_HANDLE srkHandle;
 
-  /* Find SRK */
-  rc = TPM2_ReadPublic (ctx->srk, NULL, &public);
-  if (rc == TPM_RC_SUCCESS)
+  if (ctx->srk != 0)
     {
-      *srk = ctx->srk;
-      return GRUB_ERR_NONE;
-    }
+      /* Find SRK */
+      rc = TPM2_ReadPublic (ctx->srk, NULL, &public);
+      if (rc == TPM_RC_SUCCESS)
+	{
+	  *srk = ctx->srk;
+	  return GRUB_ERR_NONE;
+	}
 
-  /* The handle exists but its public area could not be read. */
-  if ((rc & ~TPM_RC_N_MASK) != TPM_RC_HANDLE)
-    {
-      grub_dprintf ("tpm2", "The SRK handle (0x%x) exists on the TPM but its "
-			    "public area could not be read (TPM2_ReadPublic "
-			    "failed with TSS/TPM error %u).\n", ctx->srk, rc);
-      return GRUB_ERR_BAD_DEVICE;
+      return grub_error (GRUB_ERR_BAD_DEVICE,
+			 N_("Failed to retrieve SRK (TPM2_ReadPublic: 0x%x)"),
+			 rc);
     }
 
   /* Create SRK */
@@ -965,9 +963,6 @@ grub_tpm2_protector_check_args (struct grub_tpm2_protector_context *ctx)
 
   if (ctx->mode == GRUB_TPM2_PROTECTOR_MODE_SRK)
     {
-      if (!ctx->srk)
-	ctx->srk = TPM2_SRK_HANDLE;
-
       if (!ctx->asymmetric)
         {
 	  ctx->asymmetric = TPM_ALG_RSA;
diff --git a/util/grub-protect.c b/util/grub-protect.c
index aa19e2004..8ad6b4746 100644
--- a/util/grub-protect.c
+++ b/util/grub-protect.c
@@ -193,8 +193,7 @@ static struct argp_option grub_protect_options[] =
       .arg   = "NUM",
       .flags = 0,
       .doc   =
-	N_("The SRK handle if the SRK is to be made persistent "
-	   "(default is 0x81000001)."),
+	N_("The SRK handle if the SRK is to be made persistent."),
       .group = 0
     },
     {
@@ -647,25 +646,24 @@ grub_protect_tpm2_get_srk (struct grub_protect_args *args, TPM_HANDLE *srk)
   TPM2B_NAME srkName = { 0 };
   TPM_HANDLE srkHandle;
 
-  /* Find SRK */
-  rc = TPM2_ReadPublic (args->tpm2_srk, NULL, &public);
-  if (rc == TPM_RC_SUCCESS)
+  if (args->tpm2_srk != 0)
     {
-      if (args->tpm2_persist)
-	fprintf (stderr,
-		 _("Warning: --tpm2-persist was specified but the SRK already "
-		   "exists on the TPM. Continuing anyway...\n"));
+      /* Find SRK */
+      rc = TPM2_ReadPublic (args->tpm2_srk, NULL, &public);
+      if (rc == TPM_RC_SUCCESS)
+	{
+	  if (args->tpm2_persist)
+	    fprintf (stderr,
+		     _("Warning: --tpm2-persist was specified but the SRK already "
+		       "exists on the TPM. Continuing anyway...\n"));
 
-      *srk = TPM2_SRK_HANDLE;
-      return GRUB_ERR_NONE;
-    }
+	  *srk = TPM2_SRK_HANDLE;
+	  return GRUB_ERR_NONE;
+	}
 
-  /* The handle exists but its public area could not be read. */
-  if ((rc & ~TPM_RC_N_MASK) != TPM_RC_HANDLE)
-    {
       fprintf (stderr,
-	       _("The SRK exists on the TPM but its public area cannot be read "
-		 "(TPM error: 0x%x).\n"), rc);
+	       _("Failed to retrieve SRK from 0x%x (TPM error: 0x%x).\n"),
+	       args->tpm2_srk, rc);
       return GRUB_ERR_BAD_DEVICE;
     }
 
@@ -1144,9 +1142,6 @@ grub_protect_tpm2_args_verify (struct grub_protect_args *args)
 	  args->tpm2_pcr_count = 1;
 	}
 
-      if (args->tpm2_srk == 0)
-	args->tpm2_srk = TPM2_SRK_HANDLE;
-
       if (args->tpm2_asymmetric == TPM_ALG_ERROR)
 	{
 	  args->tpm2_asymmetric = TPM_ALG_RSA;
@@ -1204,9 +1199,6 @@ grub_protect_tpm2_args_verify (struct grub_protect_args *args)
       if (args->tpm2_device == NULL)
 	args->tpm2_device = "/dev/tpm0";
 
-      if (args->tpm2_srk == 0)
-	args->tpm2_srk = TPM2_SRK_HANDLE;
-
       break;
 
     default:

Places

File test-no-default-srk.patch of Package grub2

Places