From: Stefan Berger <stefanb@linux.ibm.com>
To: Gary Lin <glin@suse.com>
Cc: The development of GNU GRUB <grub-devel@gnu.org>,
Daniel Kiper <daniel.kiper@oracle.com>,
Hernan Gatta <hegatta@linux.microsoft.com>,
Daniel Axtens <dja@axtens.net>,
shkhisti@microsoft.com, jaskaran.khurana@microsoft.com,
christopher.co@microsoft.com, daniel.mihai@microsoft.com,
jaredz@redhat.com, development@efficientek.com,
jejb@linux.ibm.com, mchang@suse.com, patrick.colp@oracle.com,
Vladimir Serbinenko <phcoder@gmail.com>
Subject: Re: [PATCH v19 00/33] Automatic Disk Unlock with TPM2
Date: Wed, 18 Sep 2024 10:09:19 -0400 [thread overview]
Message-ID: <441b8b34-bfe2-4a75-8d7d-e3d63ecaef77@linux.ibm.com> (raw)
In-Reply-To: <20240918030529.6nu6ftomlgkdw7c4@GaryLaptop>
On 9/17/24 11:05 PM, Gary Lin wrote:
> On Mon, Sep 16, 2024 at 01:42:18PM -0400, Stefan Berger wrote:
>> tests/asn1/tests/Test_overflow.c: In function ‘test_overflow’:
>> tests/asn1/tests/Test_overflow.c:48:50: error: left shift of negative value
>> [-Werror=shift-negative-value]
>> 48 | unsigned long num = ((long) GRUB_UINT_MAX) << 2;
>> | ^~
>> cc1: all warnings being treated as errors
>>
>> It's the cast to 'long' that this gcc complains about. If I remove the cast
>> then it works.
>>
> Urgh, the cast looks wrong. I'll remove the cast.
While I am trying things out...
grub-protect should display an error message when it cannot find
--tpm2-keyfile. It exits with status code 5 but an error message is missing.
I also seem to have an issue with --tpm2key parameter passed to
grub-protect per the documentation but then grub using
'tpm2_key_protector_init --keyfile=(hd0,gpt1)/boot/grub2/sealed.tp'
complains about the TPM wire format not being correct. I had to omit
this parameter from grub-protect for the key to be unmarshall'able. I
also haven't looked whether there's a parameter to
tpm2_key_protectore_init to hint at the different key format. Ideally it
would figure this out by itself or there was only one format...
ppc64 runs grub in big endian mode, so there may be some issues due to
that -- with bitfields for sure: Currently trying to figure out how it
is unmarshalling the PCR selection (not a bitfield). When sealing to pcr
0 it marshalled 0x01 0x00 0x00, which is correct but when unmarshalling
it is unmarshalls 0x80 0x00 0x00 - odd.
>
> Gary Lin
>
>> $ gcc --version
>> gcc (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0
>> Copyright (C) 2019 Free Software Foundation, Inc.
>> This is free software; see the source for copying conditions. There is NO
>> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>>
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
next prev parent reply other threads:[~2024-09-18 14:52 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-06 9:10 [PATCH v19 00/33] Automatic Disk Unlock with TPM2 Gary Lin via Grub-devel
2024-09-06 9:10 ` [PATCH v19 01/33] posix_wrap: tweaks in preparation for libtasn1 Gary Lin via Grub-devel
2024-09-06 9:10 ` [PATCH v19 02/33] libtasn1: import libtasn1-4.19.0 Gary Lin via Grub-devel
2024-09-06 9:10 ` [PATCH v19 03/33] libtasn1: disable code not needed in grub Gary Lin via Grub-devel
2024-09-06 9:10 ` [PATCH v19 04/33] libtasn1: replace strcat() with strcpy() in _asn1_str_cat() Gary Lin via Grub-devel
2024-10-03 16:03 ` Daniel Kiper
2024-09-06 9:10 ` [PATCH v19 05/33] libtasn1: replace strcat() with _asn1_str_cat() Gary Lin via Grub-devel
2024-10-03 16:06 ` Daniel Kiper
2024-09-06 9:10 ` [PATCH v19 06/33] libtasn1: adjust the header paths in libtasn1.h Gary Lin via Grub-devel
2024-10-03 16:08 ` Daniel Kiper
2024-09-06 9:10 ` [PATCH v19 07/33] libtasn1: Use grub_divmod64() for division Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 08/33] libtasn1: fix the potential buffer overrun Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 09/33] asn1_test: include asn1_test.h only Gary Lin via Grub-devel
2024-10-04 15:38 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 10/33] asn1_test: rename the main functions to the test names Gary Lin via Grub-devel
2024-10-04 15:43 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 11/33] asn1_test: remove 'verbose' and the unnecessary printf() Gary Lin via Grub-devel
2024-10-04 16:28 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 12/33] asn1_test: print the error messages with grub_printf() Gary Lin via Grub-devel
2024-10-04 16:31 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 13/33] asn1_test: return either 0 or 1 to reflect the results Gary Lin via Grub-devel
2024-10-04 16:34 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 14/33] asn1_test: use the grub-specific functions and types Gary Lin via Grub-devel
2024-10-04 16:36 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 15/33] libtasn1: compile into asn1 module Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 16/33] asn1_test: test module for libtasn1 Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 17/33] libtasn1: Add the documentation Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 18/33] key_protector: Add key protectors framework Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 19/33] tss2: Add TPM2 buffer handling functions Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 20/33] tss2: Add TPM2 types and Marshal/Unmarshal functions Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 21/33] tss2: Add TPM2 Software Stack (TSS2) support Gary Lin via Grub-devel
2024-09-18 3:14 ` Stefan Berger
2024-09-18 7:28 ` Gary Lin via Grub-devel
2024-10-01 14:48 ` Daniel Kiper
2024-10-04 6:14 ` Gary Lin via Grub-devel
2024-10-07 6:06 ` Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 22/33] key_protector: Add TPM2 Key Protector Gary Lin via Grub-devel
2024-09-18 15:22 ` Stefan Berger
2024-09-19 7:45 ` Gary Lin via Grub-devel
2024-09-19 15:05 ` Stefan Berger
2024-09-20 2:17 ` Gary Lin via Grub-devel
2024-10-16 15:44 ` Daniel Kiper
2024-10-17 2:11 ` Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 23/33] cryptodisk: Support key protectors Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 24/33] util/grub-protect: Add new tool Gary Lin via Grub-devel
2024-10-16 16:04 ` Daniel Kiper
2024-10-17 2:39 ` Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 25/33] tpm2_key_protector: Support authorized policy Gary Lin via Grub-devel
2024-10-16 16:08 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 26/33] tpm2_key_protector: Implement NV index Gary Lin via Grub-devel
2024-10-16 16:11 ` Daniel Kiper
2024-10-17 2:54 ` Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 27/33] cryptodisk: Fallback to passphrase Gary Lin via Grub-devel
2024-10-16 16:14 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 28/33] cryptodisk: wipe out the cached keys from protectors Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 29/33] diskfilter: look up cryptodisk devices first Gary Lin via Grub-devel
2024-10-16 16:19 ` Daniel Kiper
2024-10-17 2:56 ` Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 30/33] tpm2_key_protector: Add grub-emu support Gary Lin via Grub-devel
2024-10-17 17:57 ` Daniel Kiper
2024-10-18 9:31 ` Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 31/33] tests: Add tpm2_key_protector_test Gary Lin via Grub-devel
2024-09-06 9:11 ` [PATCH v19 32/33] cryptodisk: Document the '-P' option Gary Lin via Grub-devel
2024-10-17 18:00 ` Daniel Kiper
2024-09-06 9:11 ` [PATCH v19 33/33] docs: Document TPM2 key protector Gary Lin via Grub-devel
2024-09-13 14:25 ` Stefan Berger
2024-09-20 8:16 ` Gary Lin via Grub-devel
2024-09-20 13:42 ` Stefan Berger
2024-10-04 6:12 ` Gary Lin via Grub-devel
2024-09-13 14:32 ` [PATCH v19 00/33] Automatic Disk Unlock with TPM2 Stefan Berger
2024-09-16 2:24 ` Gary Lin via Grub-devel
2024-09-16 3:35 ` Gary Lin via Grub-devel
2024-09-16 17:42 ` Stefan Berger
2024-09-17 19:23 ` Stefan Berger
2024-09-18 3:12 ` Gary Lin via Grub-devel
2024-09-18 3:05 ` Gary Lin via Grub-devel
2024-09-18 14:09 ` Stefan Berger [this message]
2024-09-18 15:17 ` Stefan Berger
2024-09-19 7:59 ` Gary Lin via Grub-devel
2024-10-03 15:58 ` Daniel Kiper
2024-10-04 6:21 ` Gary Lin via Grub-devel
2024-10-17 18:05 ` Daniel Kiper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=441b8b34-bfe2-4a75-8d7d-e3d63ecaef77@linux.ibm.com \
--to=stefanb@linux.ibm.com \
--cc=christopher.co@microsoft.com \
--cc=daniel.kiper@oracle.com \
--cc=daniel.mihai@microsoft.com \
--cc=development@efficientek.com \
--cc=dja@axtens.net \
--cc=glin@suse.com \
--cc=grub-devel@gnu.org \
--cc=hegatta@linux.microsoft.com \
--cc=jaredz@redhat.com \
--cc=jaskaran.khurana@microsoft.com \
--cc=jejb@linux.ibm.com \
--cc=mchang@suse.com \
--cc=patrick.colp@oracle.com \
--cc=phcoder@gmail.com \
--cc=shkhisti@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.