From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1ogg4g-0008Mr-MI for mharc-grub-devel@gnu.org; Fri, 07 Oct 2022 01:39:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48006) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ogg4T-0008LB-Lb for grub-devel@gnu.org; Fri, 07 Oct 2022 01:38:54 -0400 Received: from mail-ve1eur02on061f.outbound.protection.outlook.com ([2a01:111:f400:fe06::61f]:11801 helo=EUR02-VE1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ogg4Q-00020i-8m for grub-devel@gnu.org; Fri, 07 Oct 2022 01:38:51 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aP/waAGT08iXf6NKnLvdDYp22uu63KJP1+pJ7ZP1d5qPLlBwrh8m5CU4UzEWLIdzWpus8TmNFRLNGS6Bt1GkKKJAAR6MAx3t/GbY3gebpJuecy2TXj+pFAanR0Oj/V6WlXf1Qs/o58+VwoRxw0wg+o84CSL/4hlpRaOMOTmDfg0YHqKqXHN8EYWo/scMUS/Gi+UcziIea2OvCg6GZz/IrjOP+wXRbD/lgvUlU2sHcuS6AvknxNk7C6qxlLB/hJLGRinWY+zfpwLfuIpiLlh9KPbYPMD7KSrkviJCf7jad6Unuwl5DvqyokYhppEYEHa6wepJMTed9fMHDgy4mcDKLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lH+miEEVsCl9CsdBfFbPbjAw4h0vqxHDYWnfm560XSE=; b=K1dM4V9JcBolnPFs5bfkAJzPVVjF63TJc/2nPh6X6gQMdMnvcTq61A1tQhdA5XQSuBqjKAYaCLiG4lGxOoIFjla43cPDisCffG17Pq3cUM4j1/3uEFU3cuTaCn6dC55im+cR5SHVKiC1o3D3TAZ/4BhTBmBKwkGdUUNQTNf9SbVmrb11/X8GFkSoUkRyRtQi2WRJs+Hq4rFYK9wFEYG8KBCTzvEmFahdNEj8qNKiPtJx2vIXrL3F56Zf9qRhZN7WQXcbNRTh3hvj/A/0D+YoEnlW9+Zqz/IPw0CLdm9NHutfwCfJgGmPOKnmUJRGLWho2acFkUjKzQRz05364JnatQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lH+miEEVsCl9CsdBfFbPbjAw4h0vqxHDYWnfm560XSE=; b=yMN9b4Vv+Ntkjau0eZfaTcPGIMGvOdh7R3fXQwXird0OsI7CRU9aklE+Gw5eTxBc4xYuqbLokZXxlAJUybuXtmMGi7Rstx8bhZmUr9AyEaLlgVPOpgv3zZiA+UnKcBUEUWQ0hmnbQ8BFEpSjtJwkzUyssZznJJEWbQI9mWbBZAk9irrNJVYeLj/y71dYKauh+/gm+iWSwxZU7bHDt2L0zkrCtXl17cCYUmKboGjfowXhzVuVMj7hL7bqkaoreUOW7wcmPnQMwtdp5eCExnY6bT+8xcNR5HXJIJggxKcP1v3UwQ2d0L6mBOb+6ldTK3Bw2A1zAW1nlOXEgTbGClq+vw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from DU2PR04MB9081.eurprd04.prod.outlook.com (2603:10a6:10:2f0::13) by DU0PR04MB9658.eurprd04.prod.outlook.com (2603:10a6:10:31f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5709.15; Fri, 7 Oct 2022 05:33:40 +0000 Received: from DU2PR04MB9081.eurprd04.prod.outlook.com ([fe80::4cfe:2bbe:ccb9:caf7]) by DU2PR04MB9081.eurprd04.prod.outlook.com ([fe80::4cfe:2bbe:ccb9:caf7%6]) with mapi id 15.20.5709.015; Fri, 7 Oct 2022 05:33:40 +0000 Date: Fri, 7 Oct 2022 13:33:35 +0800 From: Michael Chang To: Stefan Berger Cc: The development of GNU GRUB Subject: Re: [PATCH] tpm: Disable tpm verifier if tpm is not present Message-ID: <20221007053335.GA9595@mazu> References: <20220908042301.12515-1-mchang@suse.com> <5cf6c3ac-bb22-97d6-e11d-be4032601c03@linux.ibm.com> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5cf6c3ac-bb22-97d6-e11d-be4032601c03@linux.ibm.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-ClientProxiedBy: FR0P281CA0041.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:48::6) To DU2PR04MB9081.eurprd04.prod.outlook.com (2603:10a6:10:2f0::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB9081:EE_|DU0PR04MB9658:EE_ X-MS-Office365-Filtering-Correlation-Id: 906cfb10-8ec0-471d-4c7a-08daa8257cf7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: q/7DUj4jhsIEpgv0nJTxvtT/6VRGy8JV2Qki2agJTovRMvBV1qDW+ddIioAASuGjCiZlSZmwP0OCSY0VR86t27459cEfjcfyRPGOPaOUz94agzmt4FmCsLRiaQbttSZArfcd65+5fU6TQ3GCGIDOdTxJwV9DtjPiyOnGQbBv+qeY/amTzNVECbXBh7GAlasjwFN3m86FKgDM0BVlhPzPsBzPIELIO137d2lIhJ79pChP8C7Zz1C421IIx/Np3RinI5gZCeJOEwNiePM2SVN9xqQ998Dtj771DRiasHklW4v/Ig1ke/9Q3n8eP6pHUlEu/c+Mb9G8x+i3PS/0/IcNuEmzyXJ/TOI85Ev4/xQ5KuwUhya7cr8ttBoJ6ra7q/L6cGcCl0msjm26kz7E3HgIBZQlDMEP6dKDpt03n78ryrwqOMCSWGCyVueUtd67vhQcxQnU7sxuLdR1nP/7xLJ78H1B5NeBeW+6kYs4FvJYY7EPbADmzzo1UXiPRzY4UKLYCV9MW9558PpnkedCVdAJAMdwuRIAPUzFoVoB9CZNnxZNDfrm+VZB++PFsgtX/WXU/eKr55qqolUkQUV8bWruRdE053Y8CAwUCV/7DDjA6NFGSEzKhEsBj44GeTGwMP+5UKvmzWL8zAjX1DKJ8IbayBnNxzHoJ7oUZU6TuRX8ZMZkTLTNZ4/VU5HEL/lh3U4H80jq773X1sW0mKmJB9zDXQ== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU2PR04MB9081.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(7916004)(39860400002)(396003)(366004)(136003)(376002)(346002)(451199015)(8936002)(8676002)(5660300002)(2906002)(33656002)(41300700001)(4326008)(33716001)(66476007)(66556008)(86362001)(316002)(66946007)(6916009)(6486002)(478600001)(6506007)(6666004)(53546011)(6512007)(9686003)(1076003)(186003)(38100700002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?QTp7kEBQBhkaOfxWKrefzeXNV74IT+M/9tJEiorK3FWvogJwRkJrDSw9PtqW?= =?us-ascii?Q?FZRTD+1yAyGkEihiLSqnRZmdvebmwWjWGk8F+LKD3jW/e4bQpJwQAZCRzKE0?= =?us-ascii?Q?lvnczRUBjcYhtY6dYMNMp9EwHC1PqahjlkDzEeksRMlLwXBLE6aZyBWaRbRQ?= =?us-ascii?Q?8QrWDg012JB5D3G6rG/b43wp3DSQpByAEwl/6KuJ0+4kb4t5kpPvGZPpeKNY?= =?us-ascii?Q?hzLGdzhfjvikFgK/n3K1wxD7ZZMYDAV8lyS7K+vR6uUAV/TQEW+Fj6y4dITR?= =?us-ascii?Q?GkiOL6Yj8xc3B3bcjV2gLTIxP8hBf8wCn/6QXIDlGCOflMvFQkcjHkYNjWNz?= =?us-ascii?Q?rTd0QPKiQDqywVSz+gphlkjNpRqxsQv2Br26ZrLtSC0FoSadQsLZia00qUo3?= =?us-ascii?Q?qQXDprTn5v7PVPjb/Xz1cNYs7Nf9yzWT63qh1NKaLvpcRrXHbrWn7F4EfKb4?= =?us-ascii?Q?RxDgy/NcYAwyVTN2CS2purGNTyclnmoFtXMUi4SG0oDMsx1eB3h5bgxZkPhR?= =?us-ascii?Q?8eFOVPRrj+MrbdXX+Rcwdp4cdtNPcqj0XCc8vBu8pxAVR3z7aaqjZBi/FGPM?= =?us-ascii?Q?Djb/Ky0IuZ+/O5BB+P1tlQZQgJkjW1fTEt0xzhhEj7PTdK1cLMzS+H79mJDg?= =?us-ascii?Q?ZknzrMyoqip1GrHaQDgGQaU7j9vKtBVWejHPggv0c0xCfw9fXPl/G56UKarj?= =?us-ascii?Q?9yn4lsNlVimTw3bvsSVx7eYQsd8OTxeQbpnrF7ZsFmHeOxhxCVVtWApaSJMt?= =?us-ascii?Q?eUsFLunkEdGbpS5veIdBmR5R20KpkFTyxBa6e2MLEu+m61pr7+HtJokGTR3o?= =?us-ascii?Q?aO0LUliVo5dz55A68WEM9G3yPfZVRxz/IozkjAB3rM5nviy3u0h8OegBIrsn?= =?us-ascii?Q?GWVEa96IMIohyXxFKb2qF4Z1w5gZXECO/xT0kCzwqGYM+iAUeBk+A0YTAGK0?= =?us-ascii?Q?B0lhmVKOhpI38tUOQWMoBfU6vyYTj1+W35uc4qXVQejtIaEJnBPnTNiwqPe1?= =?us-ascii?Q?DgeSp0oBsaa5kqBp32sDrkNgUsife6zdmkz8bH4uuuz5Sg2mHLBFN/RiOhLl?= =?us-ascii?Q?mCKVPQ+ces18DYvgmNa2+H8Evz9GwbJGldPJxGbXW5FFybIEAJ/5GuJty+6K?= =?us-ascii?Q?7pX81okcgF+wcX/vRX15rPWQ1LybT3pzrAY2dcmlKA9aDCdMUxFPWnBgHVSo?= =?us-ascii?Q?RvoCyaLkzk7+vKvdXrV89oufYj9EotxV6ouu5yc/Ej6xhZr//woEFBDmvde5?= =?us-ascii?Q?khmzzN+ROWSg2we39rBTDH7AhF2Xa4hk1TWCD8Lpc0CQC9jjp1eyjuU+yqMg?= =?us-ascii?Q?KDfGtU5KfNYh66z/wZV3IsqnSMarXaGbpiQj1mp3/hz7MEeGS31Ofxfozw02?= =?us-ascii?Q?ex5TPG3Q+mJmrbTRjQiVdRbEukzxiKOIKhDnLyOxq8NEGGfJ7cCG5RHQ4eve?= =?us-ascii?Q?03Aon6rIO+9OyrHa0o/lu7MeJcIR4JXSkMeGLnGXvUUhPYkazg3RWvI4IdGR?= =?us-ascii?Q?YoZDmaVE8oV6qPEpxlQYe2tLkvVc3movS5iPVdB62mTgesWWAVKzWEmNA4Ua?= =?us-ascii?Q?Quwg3ZUawym5gZnCGwD037yEqmPatzkGF2hI6KW3SynWKi/UXvc9PV6t24WJ?= =?us-ascii?Q?vB3ueOBMG5PJ/NDdW9XamPY9oKqhIVfIGZ8cq7KkZnT0?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 906cfb10-8ec0-471d-4c7a-08daa8257cf7 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB9081.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Oct 2022 05:33:40.0933 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: l0lq1KYEuIqLwwSHIKp/bFB/SnB2uBj/PGWPP60/eBWrhtgFUEGackqxE/v0tIT8 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR04MB9658 Received-SPF: pass client-ip=2a01:111:f400:fe06::61f; envelope-from=MChang@suse.com; helo=EUR02-VE1-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Oct 2022 05:38:59 -0000 On Thu, Oct 06, 2022 at 03:40:36PM -0400, Stefan Berger wrote: > > > On 9/8/22 00:23, Michael Chang via Grub-devel wrote: > > This helps to prevent out of memory error when reading large files via disablig > > tpm device as verifier has to read all content into memory in one chunk to > > measure the hash and extend to tpm. > > > > Signed-off-by: Michael Chang > > --- > > grub-core/commands/efi/tpm.c | 37 ++++++++++++++++++++++++++++++++++++ > > grub-core/commands/tpm.c | 4 ++++ > > include/grub/tpm.h | 1 + > > 3 files changed, 42 insertions(+) > > > > diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c > > index ae09c1bf8b..4f0011f6f5 100644 > > --- a/grub-core/commands/efi/tpm.c > > +++ b/grub-core/commands/efi/tpm.c > > @@ -287,3 +287,40 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, > > else > > return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description); > > } > > + > > +int > > +grub_tpm_present () > > nit: void I'll fix in next version. > > > +{ > > + grub_efi_handle_t tpm_handle; > > + grub_efi_uint8_t protocol_version; > > + > > + if (!grub_tpm_handle_find (&tpm_handle, &protocol_version)) > > + return 0; > > + > > + if (protocol_version == 1) > > + { > > + grub_efi_tpm_protocol_t *tpm; > > + > > + tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid, > > + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); > > + if (!tpm) > > + { > > + grub_dprintf ("tpm", "Cannot open TPM protocol\n"); > > + return 0; > > + } > > + return grub_tpm1_present (tpm); > > + } > > + else > > + { > > + grub_efi_tpm2_protocol_t *tpm; > > + > > + tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid, > > + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); > > + if (!tpm) > > + { > > + grub_dprintf ("tpm", "Cannot open TPM protocol\n"); > > + return 0; > > + } > > + return grub_tpm2_present (tpm); > > + } > > +} > > diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c > > index 2052c36eab..cb8ed6b949 100644 > > --- a/grub-core/commands/tpm.c > > +++ b/grub-core/commands/tpm.c > > @@ -86,10 +86,14 @@ struct grub_file_verifier grub_tpm_verifier = { > > GRUB_MOD_INIT (tpm) > > { > > + if (!grub_tpm_present()) > > + return; > > grub_verifier_register (&grub_tpm_verifier); > > } > > GRUB_MOD_FINI (tpm) > > { > > + if (!grub_tpm_present()) > > + return; > > grub_verifier_unregister (&grub_tpm_verifier); > > } > > diff --git a/include/grub/tpm.h b/include/grub/tpm.h > > index 5c285cbc52..c19fcbd0a6 100644 > > --- a/include/grub/tpm.h > > +++ b/include/grub/tpm.h > > @@ -36,4 +36,5 @@ > > grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size, > > grub_uint8_t pcr, const char *description); > > +int grub_tpm_present (void); > > #endif > > Reviewed-by: Stefan Berger I will add your Reviewed-by in next version too. Thanks, Michael