[PATCH] tpm: Disable tpm verifier if tpm is not present

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] tpm: Disable tpm verifier if tpm is not present
@ 2022-09-08  4:23 Michael Chang
  2022-10-06 19:40 ` Stefan Berger
  0 siblings, 1 reply; 3+ messages in thread
From: Michael Chang @ 2022-09-08  4:23 UTC (permalink / raw)
  To: The development of GNU GRUB

This helps to prevent out of memory error when reading large files via disablig
tpm device as verifier has to read all content into memory in one chunk to
measure the hash and extend to tpm.

Signed-off-by: Michael Chang <mchang@suse.com>
---
 grub-core/commands/efi/tpm.c | 37 ++++++++++++++++++++++++++++++++++++
 grub-core/commands/tpm.c     |  4 ++++
 include/grub/tpm.h           |  1 +
 3 files changed, 42 insertions(+)

diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
index ae09c1bf8b..4f0011f6f5 100644
--- a/grub-core/commands/efi/tpm.c
+++ b/grub-core/commands/efi/tpm.c
@@ -287,3 +287,40 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
   else
     return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description);
 }
+
+int
+grub_tpm_present ()
+{
+  grub_efi_handle_t tpm_handle;
+  grub_efi_uint8_t protocol_version;
+
+  if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
+    return 0;
+
+  if (protocol_version == 1)
+    {
+      grub_efi_tpm_protocol_t *tpm;
+
+      tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
+				    GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+      if (!tpm)
+	{
+	  grub_dprintf ("tpm", "Cannot open TPM protocol\n");
+	  return 0;
+	}
+      return grub_tpm1_present (tpm);
+    }
+  else
+    {
+      grub_efi_tpm2_protocol_t *tpm;
+
+      tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
+				    GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+      if (!tpm)
+	{
+	  grub_dprintf ("tpm", "Cannot open TPM protocol\n");
+	  return 0;
+	}
+      return grub_tpm2_present (tpm);
+    }
+}
diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
index 2052c36eab..cb8ed6b949 100644
--- a/grub-core/commands/tpm.c
+++ b/grub-core/commands/tpm.c
@@ -86,10 +86,14 @@ struct grub_file_verifier grub_tpm_verifier = {
 
 GRUB_MOD_INIT (tpm)
 {
+  if (!grub_tpm_present())
+    return;
   grub_verifier_register (&grub_tpm_verifier);
 }
 
 GRUB_MOD_FINI (tpm)
 {
+  if (!grub_tpm_present())
+    return;
   grub_verifier_unregister (&grub_tpm_verifier);
 }
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
index 5c285cbc52..c19fcbd0a6 100644
--- a/include/grub/tpm.h
+++ b/include/grub/tpm.h
@@ -36,4 +36,5 @@
 
 grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size,
 			     grub_uint8_t pcr, const char *description);
+int grub_tpm_present (void);
 #endif
-- 
2.35.3



^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] tpm: Disable tpm verifier if tpm is not present
  2022-09-08  4:23 [PATCH] tpm: Disable tpm verifier if tpm is not present Michael Chang
@ 2022-10-06 19:40 ` Stefan Berger
  2022-10-07  5:33   ` Michael Chang
  0 siblings, 1 reply; 3+ messages in thread
From: Stefan Berger @ 2022-10-06 19:40 UTC (permalink / raw)
  To: The development of GNU GRUB; +Cc: Michael Chang



On 9/8/22 00:23, Michael Chang via Grub-devel wrote:
> This helps to prevent out of memory error when reading large files via disablig
> tpm device as verifier has to read all content into memory in one chunk to
> measure the hash and extend to tpm.
> 
> Signed-off-by: Michael Chang <mchang@suse.com>
> ---
>   grub-core/commands/efi/tpm.c | 37 ++++++++++++++++++++++++++++++++++++
>   grub-core/commands/tpm.c     |  4 ++++
>   include/grub/tpm.h           |  1 +
>   3 files changed, 42 insertions(+)
> 
> diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
> index ae09c1bf8b..4f0011f6f5 100644
> --- a/grub-core/commands/efi/tpm.c
> +++ b/grub-core/commands/efi/tpm.c
> @@ -287,3 +287,40 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
>     else
>       return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description);
>   }
> +
> +int
> +grub_tpm_present ()

nit: void

> +{
> +  grub_efi_handle_t tpm_handle;
> +  grub_efi_uint8_t protocol_version;
> +
> +  if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
> +    return 0;
> +
> +  if (protocol_version == 1)
> +    {
> +      grub_efi_tpm_protocol_t *tpm;
> +
> +      tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
> +				    GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
> +      if (!tpm)
> +	{
> +	  grub_dprintf ("tpm", "Cannot open TPM protocol\n");
> +	  return 0;
> +	}
> +      return grub_tpm1_present (tpm);
> +    }
> +  else
> +    {
> +      grub_efi_tpm2_protocol_t *tpm;
> +
> +      tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
> +				    GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
> +      if (!tpm)
> +	{
> +	  grub_dprintf ("tpm", "Cannot open TPM protocol\n");
> +	  return 0;
> +	}
> +      return grub_tpm2_present (tpm);
> +    }
> +}
> diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
> index 2052c36eab..cb8ed6b949 100644
> --- a/grub-core/commands/tpm.c
> +++ b/grub-core/commands/tpm.c
> @@ -86,10 +86,14 @@ struct grub_file_verifier grub_tpm_verifier = {
>   
>   GRUB_MOD_INIT (tpm)
>   {
> +  if (!grub_tpm_present())
> +    return;
>     grub_verifier_register (&grub_tpm_verifier);
>   }
>   
>   GRUB_MOD_FINI (tpm)
>   {
> +  if (!grub_tpm_present())
> +    return;
>     grub_verifier_unregister (&grub_tpm_verifier);
>   }
> diff --git a/include/grub/tpm.h b/include/grub/tpm.h
> index 5c285cbc52..c19fcbd0a6 100644
> --- a/include/grub/tpm.h
> +++ b/include/grub/tpm.h
> @@ -36,4 +36,5 @@
>   
>   grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size,
>   			     grub_uint8_t pcr, const char *description);
> +int grub_tpm_present (void);
>   #endif

Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] tpm: Disable tpm verifier if tpm is not present
  2022-10-06 19:40 ` Stefan Berger
@ 2022-10-07  5:33   ` Michael Chang
  0 siblings, 0 replies; 3+ messages in thread
From: Michael Chang @ 2022-10-07  5:33 UTC (permalink / raw)
  To: Stefan Berger; +Cc: The development of GNU GRUB

On Thu, Oct 06, 2022 at 03:40:36PM -0400, Stefan Berger wrote:
> 
> 
> On 9/8/22 00:23, Michael Chang via Grub-devel wrote:
> > This helps to prevent out of memory error when reading large files via disablig
> > tpm device as verifier has to read all content into memory in one chunk to
> > measure the hash and extend to tpm.
> > 
> > Signed-off-by: Michael Chang <mchang@suse.com>
> > ---
> >   grub-core/commands/efi/tpm.c | 37 ++++++++++++++++++++++++++++++++++++
> >   grub-core/commands/tpm.c     |  4 ++++
> >   include/grub/tpm.h           |  1 +
> >   3 files changed, 42 insertions(+)
> > 
> > diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
> > index ae09c1bf8b..4f0011f6f5 100644
> > --- a/grub-core/commands/efi/tpm.c
> > +++ b/grub-core/commands/efi/tpm.c
> > @@ -287,3 +287,40 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
> >     else
> >       return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description);
> >   }
> > +
> > +int
> > +grub_tpm_present ()
> 
> nit: void

I'll fix in next version.

> 
> > +{
> > +  grub_efi_handle_t tpm_handle;
> > +  grub_efi_uint8_t protocol_version;
> > +
> > +  if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
> > +    return 0;
> > +
> > +  if (protocol_version == 1)
> > +    {
> > +      grub_efi_tpm_protocol_t *tpm;
> > +
> > +      tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
> > +				    GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
> > +      if (!tpm)
> > +	{
> > +	  grub_dprintf ("tpm", "Cannot open TPM protocol\n");
> > +	  return 0;
> > +	}
> > +      return grub_tpm1_present (tpm);
> > +    }
> > +  else
> > +    {
> > +      grub_efi_tpm2_protocol_t *tpm;
> > +
> > +      tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
> > +				    GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
> > +      if (!tpm)
> > +	{
> > +	  grub_dprintf ("tpm", "Cannot open TPM protocol\n");
> > +	  return 0;
> > +	}
> > +      return grub_tpm2_present (tpm);
> > +    }
> > +}
> > diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
> > index 2052c36eab..cb8ed6b949 100644
> > --- a/grub-core/commands/tpm.c
> > +++ b/grub-core/commands/tpm.c
> > @@ -86,10 +86,14 @@ struct grub_file_verifier grub_tpm_verifier = {
> >   GRUB_MOD_INIT (tpm)
> >   {
> > +  if (!grub_tpm_present())
> > +    return;
> >     grub_verifier_register (&grub_tpm_verifier);
> >   }
> >   GRUB_MOD_FINI (tpm)
> >   {
> > +  if (!grub_tpm_present())
> > +    return;
> >     grub_verifier_unregister (&grub_tpm_verifier);
> >   }
> > diff --git a/include/grub/tpm.h b/include/grub/tpm.h
> > index 5c285cbc52..c19fcbd0a6 100644
> > --- a/include/grub/tpm.h
> > +++ b/include/grub/tpm.h
> > @@ -36,4 +36,5 @@
> >   grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size,
> >   			     grub_uint8_t pcr, const char *description);
> > +int grub_tpm_present (void);
> >   #endif
> 
> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>

I will add your Reviewed-by in next version too.

Thanks,
Michael



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-10-07  5:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-09-08  4:23 [PATCH] tpm: Disable tpm verifier if tpm is not present Michael Chang
2022-10-06 19:40 ` Stefan Berger
2022-10-07  5:33   ` Michael Chang

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.