Re: [PATCH v2 3/7] tss2: Implement grub_tcg2_cap_pcr() for EFI

Thu, 17 Jul 2025 00:15:47 -0700 


> On 15 Jul 2025, at 11:06 AM, Gary Lin <g...@suse.com> wrote:
> 
> This commit implements grub_tcg2_cap_pcr() for EFI by using the UEFI
> TCG2 protocol, HashLogExtendEvent, to extend the specified PCR with an
> EV_SEPARATOR event and ensure the event will be recorded properly in the
> TPM event log.
> 
> Signed-off-by: Gary Lin <g...@suse.com>
> Reviewed-by: Stefan Berger <stef...@linux.ibm.com>
> ---
> grub-core/lib/efi/tcg2.c | 40 ++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 40 insertions(+)
> 
> diff --git a/grub-core/lib/efi/tcg2.c b/grub-core/lib/efi/tcg2.c
> index 841bf50bb..ba2834544 100644
> --- a/grub-core/lib/efi/tcg2.c
> +++ b/grub-core/lib/efi/tcg2.c
> @@ -22,6 +22,7 @@
> #include <grub/efi/tpm.h>
> #include <grub/mm.h>
> 
> +#include <tss2_types.h>
> #include <tcg2.h>
> 
> static grub_err_t
> @@ -141,3 +142,42 @@ grub_tcg2_submit_command (grub_size_t input_size,
> 
>   return GRUB_ERR_NONE;
> }
> +
> +grub_err_t
> +grub_tcg2_cap_pcr (grub_uint8_t pcr)
> +{
> +  grub_err_t err;
> +  grub_efi_status_t status;
> +  grub_efi_tpm2_protocol_t *protocol;
> +  EFI_TCG2_EVENT *event;
> +  grub_uint8_t separator[4] = {0};
> +
> +  if (pcr >= TPM_MAX_PCRS)
> +    return GRUB_ERR_BAD_ARGUMENT;
> +
> +  err = tcg2_get_protocol (&protocol);
> +  if (err != GRUB_ERR_NONE)
> +    return err;
> +
> +  event = grub_zalloc (sizeof (EFI_TCG2_EVENT) + sizeof (separator));
> +  if (!event)

Use event == NULL for pointers

> +    return grub_error (GRUB_ERR_OUT_OF_MEMORY,
> +                    N_("cannot allocate TPM event buffer"));
> +
> +  event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
> +  event->Header.HeaderVersion = 1;
> +  event->Header.PCRIndex = pcr;
> +  event->Header.EventType = EV_SEPARATOR;
> +  event->Size = sizeof (*event) - sizeof (event->Event) + sizeof (separator);
> +  grub_memcpy (event->Event, separator, sizeof (separator));
> +
> +  status = protocol->hash_log_extend_event (protocol, 0,
> +                                         (grub_addr_t) separator,
> +                                         sizeof (separator), event);
> +  grub_free (event);
> +
> +  if (status != GRUB_EFI_SUCCESS)
> +    return grub_error (GRUB_ERR_BAD_DEVICE, N_("cannot cap PCR %u"), pcr);
> +
> +  return GRUB_ERR_NONE;
> +}

With nit fix:

Reviewed-by: Sudhakar Kuppusamy <sudha...@linux.ibm.com 
<mailto:sudha...@linux.ibm.com>>
> -- 
> 2.43.0
> 


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to