Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:gary_lin:tpm2-srk
grub2
test-no-default-srk.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File test-no-default-srk.patch of Package grub2
diff --git a/grub-core/tpm2/module.c b/grub-core/tpm2/module.c index 57e6eda56..8ec16e1e5 100644 --- a/grub-core/tpm2/module.c +++ b/grub-core/tpm2/module.c @@ -372,21 +372,19 @@ grub_tpm2_protector_srk_get (const struct grub_tpm2_protector_context *ctx, TPM2B_NAME srkName = { 0 }; TPM_HANDLE srkHandle; - /* Find SRK */ - rc = TPM2_ReadPublic (ctx->srk, NULL, &public); - if (rc == TPM_RC_SUCCESS) + if (ctx->srk != 0) { - *srk = ctx->srk; - return GRUB_ERR_NONE; - } + /* Find SRK */ + rc = TPM2_ReadPublic (ctx->srk, NULL, &public); + if (rc == TPM_RC_SUCCESS) + { + *srk = ctx->srk; + return GRUB_ERR_NONE; + } - /* The handle exists but its public area could not be read. */ - if ((rc & ~TPM_RC_N_MASK) != TPM_RC_HANDLE) - { - grub_dprintf ("tpm2", "The SRK handle (0x%x) exists on the TPM but its " - "public area could not be read (TPM2_ReadPublic " - "failed with TSS/TPM error %u).\n", ctx->srk, rc); - return GRUB_ERR_BAD_DEVICE; + return grub_error (GRUB_ERR_BAD_DEVICE, + N_("Failed to retrieve SRK (TPM2_ReadPublic: 0x%x)"), + rc); } /* Create SRK */ @@ -965,9 +963,6 @@ grub_tpm2_protector_check_args (struct grub_tpm2_protector_context *ctx) if (ctx->mode == GRUB_TPM2_PROTECTOR_MODE_SRK) { - if (!ctx->srk) - ctx->srk = TPM2_SRK_HANDLE; - if (!ctx->asymmetric) { ctx->asymmetric = TPM_ALG_RSA; diff --git a/util/grub-protect.c b/util/grub-protect.c index aa19e2004..8ad6b4746 100644 --- a/util/grub-protect.c +++ b/util/grub-protect.c @@ -193,8 +193,7 @@ static struct argp_option grub_protect_options[] = .arg = "NUM", .flags = 0, .doc = - N_("The SRK handle if the SRK is to be made persistent " - "(default is 0x81000001)."), + N_("The SRK handle if the SRK is to be made persistent."), .group = 0 }, { @@ -647,25 +646,24 @@ grub_protect_tpm2_get_srk (struct grub_protect_args *args, TPM_HANDLE *srk) TPM2B_NAME srkName = { 0 }; TPM_HANDLE srkHandle; - /* Find SRK */ - rc = TPM2_ReadPublic (args->tpm2_srk, NULL, &public); - if (rc == TPM_RC_SUCCESS) + if (args->tpm2_srk != 0) { - if (args->tpm2_persist) - fprintf (stderr, - _("Warning: --tpm2-persist was specified but the SRK already " - "exists on the TPM. Continuing anyway...\n")); + /* Find SRK */ + rc = TPM2_ReadPublic (args->tpm2_srk, NULL, &public); + if (rc == TPM_RC_SUCCESS) + { + if (args->tpm2_persist) + fprintf (stderr, + _("Warning: --tpm2-persist was specified but the SRK already " + "exists on the TPM. Continuing anyway...\n")); - *srk = TPM2_SRK_HANDLE; - return GRUB_ERR_NONE; - } + *srk = TPM2_SRK_HANDLE; + return GRUB_ERR_NONE; + } - /* The handle exists but its public area could not be read. */ - if ((rc & ~TPM_RC_N_MASK) != TPM_RC_HANDLE) - { fprintf (stderr, - _("The SRK exists on the TPM but its public area cannot be read " - "(TPM error: 0x%x).\n"), rc); + _("Failed to retrieve SRK from 0x%x (TPM error: 0x%x).\n"), + args->tpm2_srk, rc); return GRUB_ERR_BAD_DEVICE; } @@ -1144,9 +1142,6 @@ grub_protect_tpm2_args_verify (struct grub_protect_args *args) args->tpm2_pcr_count = 1; } - if (args->tpm2_srk == 0) - args->tpm2_srk = TPM2_SRK_HANDLE; - if (args->tpm2_asymmetric == TPM_ALG_ERROR) { args->tpm2_asymmetric = TPM_ALG_RSA; @@ -1204,9 +1199,6 @@ grub_protect_tpm2_args_verify (struct grub_protect_args *args) if (args->tpm2_device == NULL) args->tpm2_device = "/dev/tpm0"; - if (args->tpm2_srk == 0) - args->tpm2_srk = TPM2_SRK_HANDLE; - break; default:
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor