Looks good to me, thank you. Reviewed-by: Andrew Hamilton <adham...@gmail.com>
On Sat, Sep 20, 2025 at 8:18 AM <luca.bocca...@gmail.com> wrote: > > From: Luca Boccassi <luca.bocca...@gmail.com> > > The call was added in the 1.1 revision of the spec, 1.0 does > not have it, and there are some machines out there with a TPM2 > and a UEFI firmware that only supports version 1.0, so the > call fails in those cases. > Check the reported version before calling get_active_pcr_banks(). > > See Table 4 in section 6.2 of the TCG EFI Protocol Specification: > > https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf > > Follow-up for f326c5c4753c36a9068ba66036566229a0975908 > > Signed-off-by: Luca Boccassi <luca.bocca...@gmail.com> > --- > Found out the hard way: https://github.com/systemd/systemd/issues/38932 > > grub-core/commands/efi/tpm.c | 31 ++++++++++++++++++++++++++++++- > 1 file changed, 30 insertions(+), 1 deletion(-) > > diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c > index 59d0b6708..7b493c890 100644 > --- a/grub-core/commands/efi/tpm.c > +++ b/grub-core/commands/efi/tpm.c > @@ -39,6 +39,7 @@ static grub_uint8_t grub_tpm_version; > > static grub_int8_t tpm1_present = -1; > static grub_int8_t tpm2_present = -1; > +static grub_int8_t tpm2_pcr_banks_reporting_present = -1; > > static grub_efi_boolean_t > grub_tpm1_present (grub_efi_tpm_protocol_t *tpm) > @@ -89,6 +90,34 @@ grub_tpm2_present (grub_efi_tpm2_protocol_t *tpm) > return (grub_efi_boolean_t) tpm2_present; > } > > +static grub_efi_boolean_t > +grub_tpm2_pcr_banks_reporting_present (grub_efi_tpm2_protocol_t *tpm) > +{ > + grub_efi_status_t status; > + EFI_TCG2_BOOT_SERVICE_CAPABILITY caps; > + > + caps.Size = (grub_uint8_t) sizeof (caps); > + > + if (tpm2_pcr_banks_reporting_present != -1) > + return (grub_efi_boolean_t) tpm2_pcr_banks_reporting_present; > + > + if (!grub_tpm2_present (tpm)) > + return (grub_efi_boolean_t) (tpm2_pcr_banks_reporting_present = 0); > + > + status = tpm->get_capability (tpm, &caps); > + > + if (status != GRUB_EFI_SUCCESS || caps.StructureVersion.Major < 1 > + || (caps.StructureVersion.Major == 1 && caps.StructureVersion.Minor < > 1)) > + tpm2_pcr_banks_reporting_present = 0; > + else > + tpm2_pcr_banks_reporting_present = 1; > + > + grub_dprintf ("tpm", "tpm2 PCR banks reporting%s present\n", > + tpm2_pcr_banks_reporting_present ? "" : " NOT"); > + > + return (grub_efi_boolean_t) tpm2_pcr_banks_reporting_present; > +} > + > static grub_efi_boolean_t > grub_tpm_handle_find (grub_efi_handle_t *tpm_handle, > grub_efi_uint8_t *protocol_version) > @@ -355,7 +384,7 @@ grub_tpm2_active_pcr_banks (void) > return 0; > } > > - if (grub_tpm2_present (tpm)) > + if (grub_tpm2_pcr_banks_reporting_present (tpm)) > { > grub_efi_status_t status = tpm->get_active_pcr_banks (tpm, > &active_pcr_banks); > > -- > 2.47.3 > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
