From: chench246 <chench246@gmail.com>
To: grub-devel@gnu.org
Cc: khaliidcaliy@gmail.com, chench246 <chench246@gmail.com>
Subject: [RFC PATCH v2 0/2] efi/tpcm: Add Trusted Platform Control
Date: Fri, 27 Jun 2025 15:42:27 +0800 [thread overview]
Message-ID: <20250627074229.31458-1-chench246@gmail.com> (raw)
In-Reply-To: <20250515192659.3896-1-khaliidcaliy@gmail.com>
Hi, Khaalid
This series adds basic support for the Trusted Platform Control Module
(TPCM) to the EFI build of GRUB. TPCM is an open specification
(GB/T 40650-2021) that extends TPM with active runtime measurement,
enabling continuous attestation on devices that must comply with the
"Level-3 Enhanced Security" guideline in china. Reference link:
https://std.samr.gov.cn/gb/search/gbDetailed?id=CE1E6A1DD5DA58F6E0539
7BE0A0A68DF
If tpcm related protocol is not implemented in UEFI, then tpcm module
directly returns NONE, keep compatible with non-measurement-support
UEFI. TPCM is still developing, and we will actively push tpcm function
into UEFI specification in the near future.
Some BIOS manufacturers such as Insyde, Byo, etc. have added support
for tpcm, and some OEM manufacturers such as Lenovo, Inspur, H3C, etc.
have enabled tpcm on related products.
### Key capabilities introduced:
* Probe the EFI TPCM protocol (GUID F89AB5CD-2829-422F-A5F3-0328E06C
FCBB)
* Provide `grub_tpcm_verify_init`, `grub_tpcm_verify_write`,
`grub_tpcm_verify_string` commands
### Changes since v1
* Split monolithic patch into 2 logical pieces
Thanks for the review and split suggestion.
Feedback welcome!
Best regards
chench246 (2):
efi/tpcm: Add UEFI interface for TPCM module
efi/tpcm: Add complete support of TPCM module
grub-core/Makefile.core.def | 7 ++
grub-core/commands/efi/tpcm.c | 163 ++++++++++++++++++++++++++++++++++
grub-core/commands/tpcm.c | 99 +++++++++++++++++++++
include/grub/efi/tpcm.h | 60 +++++++++++++
include/grub/err.h | 3 +-
5 files changed, 331 insertions(+), 1 deletion(-)
create mode 100755 grub-core/commands/efi/tpcm.c
create mode 100755 grub-core/commands/tpcm.c
create mode 100644 include/grub/efi/tpcm.h
--
2.17.1
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
next prev parent reply other threads:[~2025-06-27 7:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-31 11:34 [PATCH] efi/tpcm: Add TPCM module support chench246
2025-05-14 12:12 ` Fwd: " hao chen
2025-05-15 19:26 ` Fwd " khaalid cali
2025-06-27 7:42 ` chench246 [this message]
2025-06-27 7:42 ` [PATCH v2 1/2] efi/tpcm: Add UEFI interface for TPCM module chench246
2025-06-27 14:21 ` Sudhakar Kuppusamy
2025-06-27 7:42 ` [PATCH v2 2/2] efi/tpcm: Add complete support of " chench246
2025-06-27 14:39 ` Sudhakar Kuppusamy
-- strict thread matches above, loose matches on Subject: below --
2025-06-28 8:09 [RFC PATCH v2 0/2] efi/tpcm: Add Trusted Platform Control Khalid Ali
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250627074229.31458-1-chench246@gmail.com \
--to=chench246@gmail.com \
--cc=grub-devel@gnu.org \
--cc=khaliidcaliy@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).