Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:michael-chang:15sp5
grub2
tpm-protector-dont-measure-sealed-key.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tpm-protector-dont-measure-sealed-key.patch of Package grub2
Index: grub-2.06/grub-core/tpm2/module.c =================================================================== --- grub-2.06.orig/grub-core/tpm2/module.c +++ grub-2.06/grub-core/tpm2/module.c @@ -139,7 +139,9 @@ grub_tpm2_protector_srk_read_keyfile (co void *sealed_key_buffer; grub_off_t sealed_key_read; - sealed_key_file = grub_file_open (filepath, GRUB_FILE_TYPE_NONE); + /* Using GRUB_FILE_TYPE_SIGNATURE ensures we do not hash the keyfile into PCR9 + * otherwise we'll never be able to predict the value of PCR9 at unseal time */ + sealed_key_file = grub_file_open (filepath, GRUB_FILE_TYPE_SIGNATURE); if (!sealed_key_file) { grub_dprintf ("tpm2", "Could not open sealed key file.\n");
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor