From: Michael Chang <mchang@suse.com>
To: The development of GNU GRUB <grub-devel@gnu.org>
Subject: [PATCH v2] tpm: Disable tpm verifier if tpm is not present
Date: Fri, 7 Oct 2022 13:37:10 +0800 [thread overview]
Message-ID: <20221007053710.18345-1-mchang@suse.com> (raw)
This helps to prevent out of memory error when reading large files via disabling
tpm device as verifier has to read all content into memory in one chunk to
measure the hash and extend to tpm.
Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
---
grub-core/commands/efi/tpm.c | 37 ++++++++++++++++++++++++++++++++++++
grub-core/commands/tpm.c | 4 ++++
include/grub/tpm.h | 1 +
3 files changed, 42 insertions(+)
diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
index ae09c1bf8..e1f343fea 100644
--- a/grub-core/commands/efi/tpm.c
+++ b/grub-core/commands/efi/tpm.c
@@ -287,3 +287,40 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
else
return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description);
}
+
+int
+grub_tpm_present (void)
+{
+ grub_efi_handle_t tpm_handle;
+ grub_efi_uint8_t protocol_version;
+
+ if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
+ return 0;
+
+ if (protocol_version == 1)
+ {
+ grub_efi_tpm_protocol_t *tpm;
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ if (!tpm)
+ {
+ grub_dprintf ("tpm", "Cannot open TPM protocol\n");
+ return 0;
+ }
+ return grub_tpm1_present (tpm);
+ }
+ else
+ {
+ grub_efi_tpm2_protocol_t *tpm;
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ if (!tpm)
+ {
+ grub_dprintf ("tpm", "Cannot open TPM protocol\n");
+ return 0;
+ }
+ return grub_tpm2_present (tpm);
+ }
+}
diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
index 2052c36ea..cb8ed6b94 100644
--- a/grub-core/commands/tpm.c
+++ b/grub-core/commands/tpm.c
@@ -86,10 +86,14 @@ struct grub_file_verifier grub_tpm_verifier = {
GRUB_MOD_INIT (tpm)
{
+ if (!grub_tpm_present())
+ return;
grub_verifier_register (&grub_tpm_verifier);
}
GRUB_MOD_FINI (tpm)
{
+ if (!grub_tpm_present())
+ return;
grub_verifier_unregister (&grub_tpm_verifier);
}
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
index 5c285cbc5..c19fcbd0a 100644
--- a/include/grub/tpm.h
+++ b/include/grub/tpm.h
@@ -36,4 +36,5 @@
grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size,
grub_uint8_t pcr, const char *description);
+int grub_tpm_present (void);
#endif
--
2.35.3
next reply other threads:[~2022-10-07 5:37 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-07 5:37 Michael Chang [this message]
2022-10-14 9:40 ` [PATCH v2] tpm: Disable tpm verifier if tpm is not present Daniel Kiper
2022-10-17 5:19 ` Michael Chang
2022-11-24 16:04 ` Daniel Kiper
2022-11-25 7:00 ` Michael Chang
2022-11-29 15:11 ` Daniel Kiper
2023-02-20 4:57 ` Michael Chang
2023-02-23 13:22 ` Daniel Kiper
2023-02-28 3:22 ` Michael Chang
2023-03-02 18:59 ` Daniel Kiper
2023-03-03 4:18 ` Michael Chang
2023-03-03 18:19 ` Daniel Kiper
2023-03-06 3:58 ` Michael Chang
2023-02-16 18:02 ` Stefan Berger
2023-02-20 4:39 ` Michael Chang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221007053710.18345-1-mchang@suse.com \
--to=mchang@suse.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.