Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:Update
grub2.29730
0002-tpm-Disable-tpm-verifier-if-tpm-is-not-pre...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch of Package grub2.29730
From e5bba1012e34597215684aa948bbc30093faa750 Mon Sep 17 00:00:00 2001 From: Michael Chang <mchang@suse.com> Date: Fri, 7 Oct 2022 13:37:10 +0800 Subject: [PATCH 2/2] tpm: Disable tpm verifier if tpm is not present This helps to prevent out of memory error when reading large files via disabling tpm device as verifier has to read all content into memory in one chunk to measure the hash and extend to tpm. For ibmvtpm driver support this change here would be needed. It helps to prevent much memory consuming tpm subsystem from being activated when no vtpm device present. Signed-off-by: Michael Chang <mchang@suse.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- grub-core/commands/efi/tpm.c | 37 +++++++++++++++++++++++++++ grub-core/commands/ieee1275/ibmvtpm.c | 16 +++++++----- grub-core/commands/tpm.c | 4 +++ include/grub/tpm.h | 1 + 4 files changed, 52 insertions(+), 6 deletions(-) diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c index c3f6e00d2..f68c1db1b 100644 --- a/grub-core/commands/efi/tpm.c +++ b/grub-core/commands/efi/tpm.c @@ -288,3 +288,40 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, else return grub_tpm2_log_event (tpm_handle, buf, size, pcr, description); } + +int +grub_tpm_present (void) +{ + grub_efi_handle_t tpm_handle; + grub_efi_uint8_t protocol_version; + + if (!grub_tpm_handle_find (&tpm_handle, &protocol_version)) + return 0; + + if (protocol_version == 1) + { + grub_efi_tpm_protocol_t *tpm; + + tpm = grub_efi_open_protocol (tpm_handle, &tpm_guid, + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if (!tpm) + { + grub_dprintf ("tpm", "Cannot open TPM protocol\n"); + return 0; + } + return grub_tpm1_present (tpm); + } + else + { + grub_efi_tpm2_protocol_t *tpm; + + tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid, + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if (!tpm) + { + grub_dprintf ("tpm", "Cannot open TPM protocol\n"); + return 0; + } + return grub_tpm2_present (tpm); + } +} diff --git a/grub-core/commands/ieee1275/ibmvtpm.c b/grub-core/commands/ieee1275/ibmvtpm.c index e68b8448b..dec4ffec6 100644 --- a/grub-core/commands/ieee1275/ibmvtpm.c +++ b/grub-core/commands/ieee1275/ibmvtpm.c @@ -136,12 +136,6 @@ grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, const char *description) { - grub_err_t err = tpm_init(); - - /* Absence of a TPM isn't a failure. */ - if (err != GRUB_ERR_NONE) - return GRUB_ERR_NONE; - grub_dprintf ("tpm", "log_event, pcr = %d, size = 0x%" PRIxGRUB_SIZE ", %s\n", pcr, size, description); @@ -150,3 +144,13 @@ grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, return GRUB_ERR_NONE; } + +int +grub_tpm_present (void) +{ + /* + * Call tpm_init() 'late' rather than from GRUB_MOD_INIT() so that device nodes + * can be found. + */ + return tpm_init() == GRUB_ERR_NONE; +} diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c index 2052c36ea..cb8ed6b94 100644 --- a/grub-core/commands/tpm.c +++ b/grub-core/commands/tpm.c @@ -86,10 +86,14 @@ struct grub_file_verifier grub_tpm_verifier = { GRUB_MOD_INIT (tpm) { + if (!grub_tpm_present()) + return; grub_verifier_register (&grub_tpm_verifier); } GRUB_MOD_FINI (tpm) { + if (!grub_tpm_present()) + return; grub_verifier_unregister (&grub_tpm_verifier); } diff --git a/include/grub/tpm.h b/include/grub/tpm.h index 5c285cbc5..c19fcbd0a 100644 --- a/include/grub/tpm.h +++ b/include/grub/tpm.h @@ -36,4 +36,5 @@ grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr, const char *description); +int grub_tpm_present (void); #endif -- 2.39.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor