code?
--
Matthew Garrett | mj...@srcf.ucam.org
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
a/ChangeLog b/ChangeLog
index e5a5d72..028691d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-02-03 Matthew Garrett m...@redhat.com
+
+ * include/grub/i386/linux.h (linux_kernel_header): Update to
+ boot protocol 2.10.
+ (linux_kernel_params): Likewise
+
2012-02-03
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
2012-02-03 Matthew Garrett m...@redhat.com
+ * grub-core/lib/efi/relocator.c (grub_relocator_alloc_chunk_addr):
+ Add argument to fail allocation when target address overlaps
+ firmware regions. All users updated.
+ * grub-core
a/ChangeLog b/ChangeLog
index 313d135..943efe1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-02-06 Matthew Garrett m...@redhat.com
+
+ * include/grub/i386/linux.h (linux_kernel_header): Update to
+ boot protocol 2.10.
+ (linux_kernel_params): Likewise
+
2012-02-05 Vladimir
changed, 44 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ca07786..e662f3d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
2012-02-08 Matthew Garrett m...@redhat.com
+ * grub-core/kern/efi/efi.c (grub_efi_get_variable): Add new function
+
2 files changed, 77 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 26d779b..d46b3d1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2012-02-08 Matthew Garrett m...@redhat.com
+ * grub-core/video/efi_gop.c
changed, 42 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index e662f3d..26d779b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
2012-02-08 Matthew Garrett m...@redhat.com
+ * grub-core/video/efi_gop.c (check_protocol): Prefer GOP devices which
+ implement
--git a/ChangeLog b/ChangeLog
index ede7f8e..ca07786 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2012-02-08 Matthew Garrett m...@redhat.com
+
+ * include/grub/efi/pci.h: New file to define EFI PCI protocols.
+
2012-02-07 Vladimir Serbinenko phco...@gmail.com
* grub
Add support for grabbing the EDID on GOP devices, along with picking the
better GOP device when we have more than one (Thanks, Apple).
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
+
grub-core/loader/i386/linux.c | 67 ++--
2 files changed, 65 insertions(+), 10 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 8bef256..162f82b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2012-02-08 Matthew Garrett m...@redhat.com
a/ChangeLog b/ChangeLog
index ede7f8e..2bdb3a0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-02-08 Matthew Garrett m...@redhat.com
+
+ * include/grub/i386/linux.h (linux_kernel_header): Update to
+ boot protocol 2.10.
+ (linux_kernel_params): Likewise
+
2012-02-07 Vladimir
((GRUB_MAX_UTF16_PER_UTF8 * length
+ 1) * sizeof (var16[0]))
That's not currently exported. Any problem with changing that?
--
Matthew Garrett | mj...@srcf.ucam.org
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub
On Wed, Feb 08, 2012 at 09:09:23PM +0100, Vladimir 'φ-coder/phcoder' Serbinenko
wrote:
On 08.02.2012 21:04, Matthew Garrett wrote:
On Wed, Feb 08, 2012 at 08:55:39PM +0100, Vladimir 'φ-coder/phcoder'
Serbinenko wrote:
+ for (i=0; i(int)grub_strlen((char *)var); i++)
+var16[i] = var[i
to Microsoft every time we update
grub.
--
Matthew Garrett | mj...@srcf.ucam.org
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
in MOK.
2) grub will read the kernel, but the kernel will have to read the
initramfs using EFI calls. That means your initramfs must be on a FAT
partition.
If you're happy with those limitations then just use the chainloader
command. If you're not, use the linuxefi command.
--
Matthew Garrett | mj
;
+};
+
Is it relevant for arm64-efi?
Not at the moment - it still requires architecture-specific knowledge of
the boot protocol, and I don't think that's well-defined for arm64-efi
yet.
--
Matthew Garrett matthew.garr...@nebula.com
___
Grub-devel mailing
g else.
--
Matthew Garrett | mj...@srcf.ucam.org
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
executed gives us some
further assurance in that respect. Calculating the expected values is
still pretty easy, and if they're logged then you can have a regex-based
engine for remote validation.
--
Matthew Garrett | mj...@srcf.ucam.org
___
Grub-de
On Mon, Feb 06, 2017 at 07:58:37PM +, Vladimir 'phcoder' Serbinenko wrote:
> On Mon, 6 Feb 2017, 17:44 Matthew Garrett <mj...@srcf.ucam.org> wrote:
>
> > On Sun, Feb 05, 2017 at 01:28:20PM +, Vladimir 'phcoder' Serbinenko
> > wrote:
> > > See verify.h fo
On Fri, Jan 27, 2017 at 09:08:33PM +, Vladimir 'phcoder' Serbinenko wrote:
> I must have accidentally deleted it on the server. I'll reupload it when
> I'll have access to the laptop in question on Monday
Hi,
Did you have any luck digging this up?
--
Matthew Garrett | mj...@srcf.uc
Add a command to read values from the qemu fwcfg store. This allows data
to be passed from the qemu command line to grub.
Example use:
echo '(hd0,1)' >rootdev
qemu -fw_cfg opt/rootdev,file=rootdev
fwconfig opt/rootdev root
---
docs/grub.texi| 6 +++
On Mon, Jan 23, 2017 at 5:29 PM, Vladimir 'phcoder' Serbinenko
wrote:
> For policy reasons we can't put any TPM code into GNU project. Can we use
> verifiers framework for this rather than custom hooks? This would allow your
> code to be a single module that can be put into a
Various patches that we're using to support network boot in our setup. Only
number 3 is a bugfix.
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel int it
before pulling out the individual blocks later on.
---
grub-core/loader/i386/pc/linux.c | 34 +-
1 file changed, 21
Measure the kernel and initrd at load time
---
grub-core/loader/i386/linux.c| 6 ++
grub-core/loader/i386/pc/linux.c | 4
grub-core/loader/linux.c | 3 +++
3 files changed, 13 insertions(+)
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index
From: Matthew Garrett <mj...@srcf.ucam.org>
Measure each command executed by grub, which includes script execution.
---
grub-core/script/execute.c | 25 +++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/grub-core/script/execute.c b/grub-core/
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel into it
before pulling out the individual blocks later on.
---
grub-core/loader/i386/linux.c | 34 +-
1 file changed, 21
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI and BIOS systems, but
will measure all modules as they're loaded.
---
grub-core/Makefile.am| 1 +
grub-core/Makefile.core.def | 3 +
grub-core/kern/dl.c
---
grub-core/loader/i386/multiboot_mbi.c | 4
grub-core/loader/multiboot.c | 3 +++
grub-core/loader/multiboot_mbi2.c | 4
3 files changed, 11 insertions(+)
diff --git a/grub-core/loader/i386/multiboot_mbi.c
b/grub-core/loader/i386/multiboot_mbi.c
index fd7b41b..42372bf
This patchset adds support for measuring components of grub and what it's
loading into the TPM. It supports both TPM 1.2 and 2.0 devices via the
standard UEFI protocols.
___
Grub-devel mailing list
Grub-devel@gnu.org
Add a command to obtain the contents of EFI firmware variables.
---
docs/grub.texi | 7 ++
grub-core/Makefile.core.def | 7 ++
grub-core/commands/efi/getenv.c | 153
3 files changed, 167 insertions(+)
create mode 100644
Measure the kernel commandline to ensure that it hasn't been modified
---
grub-core/lib/cmdline.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c
index d5e10ee..055b7aa 100644
--- a/grub-core/lib/cmdline.c
+++
The current logic in the DNS resolution code allocates an address buffer
based on the number of addresses in the response packet. If we receive
multiple response packets in response to a single query packet, this means
that we will reallocate a new buffer large enough for only the addresses in
It's helpful to determine that a request was sent by grub in order to permit
the server to provide different information at different stages of the boot
process. Send GRUB2 as a type 77 DHCP option when sending bootp packets in
order to make this possible and tag the request as a DHCP discover to
Some DHCP servers (such as dnsmasq) tokenise parameters with commas, making
it impossible to pass boot files with commas in them. Allow using a
semicolon to separate the protocol from host if a comma wasn't found.
---
grub-core/net/net.c | 4
1 file changed, 4 insertions(+)
diff --git
Add support for passing ports in HTTP requests. This takes the form of:
(http,serverip:portnum)/file
---
grub-core/net/http.c | 8 ++--
grub-core/net/net.c | 10 +-
include/grub/net.h | 1 +
3 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/grub-core/net/http.c
On Mon, Jan 23, 2017 at 6:03 PM, Vladimir 'phcoder' Serbinenko
wrote:
> Ok. Good. Still, can we use verifiers framework ? We can adjust it if
> needed. Also it's still post-release material
Where's the branch? I wasn't able to find it on Savannah.
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel into it
before pulling out the individual blocks later on.
---
grub-core/loader/i386/linux.c | 34 +-
1 file changed, 21
The current logic in the DNS resolution code allocates an address buffer
based on the number of addresses in the response packet. If we receive
multiple response packets in response to a single query packet, this means
that we will reallocate a new buffer large enough for only the addresses in
Add a command to obtain the contents of EFI firmware variables.
---
docs/grub.texi | 7 ++
grub-core/Makefile.core.def | 7 ++
grub-core/commands/efi/getenv.c | 153
3 files changed, 167 insertions(+)
create mode 100644
Measure the kernel and initrd at load time
---
grub-core/loader/i386/linux.c| 6 ++
grub-core/loader/i386/pc/linux.c | 4
grub-core/loader/linux.c | 3 +++
3 files changed, 13 insertions(+)
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index
This patchset adds support for measuring grub components and commands into
TPMs on UEFI systems. It supports both the original TPM and the new TPM 2.0
protocols. Grub will measure each module it loads, along with any Linux
kernels and initrds, multiboot images, the command line passed to Linux and
Measure the kernel commandline to ensure that it hasn't been modified
---
grub-core/lib/cmdline.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c
index d5e10ee..055b7aa 100644
--- a/grub-core/lib/cmdline.c
+++
---
grub-core/loader/i386/multiboot_mbi.c | 4
grub-core/loader/multiboot.c | 3 +++
grub-core/loader/multiboot_mbi2.c | 4
3 files changed, 11 insertions(+)
diff --git a/grub-core/loader/i386/multiboot_mbi.c
b/grub-core/loader/i386/multiboot_mbi.c
index fd7b41b..42372bf
It's helpful to determine that a request was sent by grub in order to permit
the server to provide different information at different stages of the boot
process. Send GRUB2 as a type 77 DHCP option when sending bootp packets in
order to make this possible and tag the request as a DHCP discover to
Add support for passing ports in HTTP requests. This takes the form of:
(http,serverip:portnum)/file
---
grub-core/net/http.c | 8 ++--
grub-core/net/net.c | 10 +-
include/grub/net.h | 1 +
3 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/grub-core/net/http.c
From: Matthew Garrett <mj...@srcf.ucam.org>
Measure each command executed by grub, which includes script execution.
---
grub-core/script/execute.c | 25 +++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/grub-core/script/execute.c b/grub-core/
Add a command to read values from the qemu fwcfg store. This allows data
to be passed from the qemu command line to grub.
Example use:
echo '(hd0,1)' >rootdev
qemu -fw_cfg opt/rootdev,file=rootdev
fwconfig opt/rootdev root
---
docs/grub.texi| 6 +++
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI and BIOS systems, but
will measure all modules as they're loaded.
---
grub-core/Makefile.am| 1 +
grub-core/Makefile.core.def | 3 +
grub-core/kern/dl.c
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel int it
before pulling out the individual blocks later on.
---
grub-core/loader/i386/pc/linux.c | 34 +-
1 file changed, 21
Some DHCP servers (such as dnsmasq) tokenise parameters with commas, making
it impossible to pass boot files with commas in them. Allow using a
semicolon to separate the protocol from host if a comma wasn't found.
---
grub-core/net/net.c | 4
1 file changed, 4 insertions(+)
diff --git
On Mon, Jan 23, 2017 at 8:02 PM, Andrei Borzenkov <arvidj...@gmail.com> wrote:
> 24.01.2017 03:36, Matthew Garrett пишет:
>> Some DHCP servers (such as dnsmasq) tokenise parameters with commas, making
>> it impossible to pass boot files with commas in them. Allow usin
On Mon, Jan 23, 2017 at 7:55 PM, Andrei Borzenkov wrote:
> This was noted previously by Josef, we discussed it and my position is
> that resolver code requires redesign to correctly merge multiple answers
> and prioritize A vs requests.
>
> Do you get actual errors with
On Wed, Jan 25, 2017 at 12:35 AM, Michael Chang <mch...@suse.com> wrote:
> On Tue, Jan 24, 2017 at 10:21:22PM -0800, Matthew Garrett wrote:
>> We're passing the bootfile to grub in order to obtain further
>> configuration, so the firmware isn't relevant here.
>
&g
On Tue, Jan 24, 2017 at 11:37 PM, Andrei Borzenkov <arvidj...@gmail.com> wrote:
> On Wed, Jan 25, 2017 at 10:16 AM, Matthew Garrett <mj...@coreos.com> wrote:
>> My experience is that configfile (http,example.com)grub/config works
>> as you'd expect it t
On Tue, Jan 24, 2017 at 8:15 PM, Andrei Borzenkov <arvidj...@gmail.com> wrote:
> 25.01.2017 07:06, Matthew Garrett пишет:
>> I don't understand - grub_net_open_real() already handles this case:
>
> Because bootfile from DHCP packet is not used to set device part of
> $
On Tue, Jan 24, 2017 at 10:18 PM, Michael Chang <mch...@suse.com> wrote:
> On Tue, Jan 24, 2017 at 12:50:37PM -0800, Matthew Garrett wrote:
>> The DHCP server will return a string in the boot_file field. If you
>> want to indicate that this file should be obtained over htt
On Tue, Jan 24, 2017 at 10:56 PM, Andrei Borzenkov <arvidj...@gmail.com> wrote:
> On Wed, Jan 25, 2017 at 7:25 AM, Matthew Garrett <mj...@coreos.com> wrote:
>> If prefix isn't set then won't bootfile be interpreted as the device plus
>> file?
>>
>
> N
On Wed, Jan 25, 2017 at 9:30 AM, Andrei Borzenkov <arvidj...@gmail.com> wrote:
> 24.01.2017 23:50, Matthew Garrett пишет:
>> The DHCP server will return a string in the boot_file field. If you
>> want to indicate that this file should be obtained over http, the
>
On Tue, Jan 24, 2017 at 7:48 PM, Andrei Borzenkov <arvidj...@gmail.com> wrote:
> 24.01.2017 23:50, Matthew Garrett пишет:
>> On Mon, Jan 23, 2017 at 8:02 PM, Andrei Borzenkov <arvidj...@gmail.com>
>> wrote:
>>> 24.01.2017 03:36, Matthew Garrett пишет:
>
On Wed, Jul 05, 2017 at 02:19:55PM -0700, Matthew Garrett wrote:
> This patchset extends the verifier framework to support verifying commands
> executed by Grub, and makes use of this to add support for measuring files
> and commands executed by grub into the TPM on UEFI-based syst
On Fri, Jul 21, 2017 at 7:39 AM, Vladimir 'phcoder' Serbinenko
wrote:
> This omits all separators. So it considers e.g. ab and a b to be the same.
> Can we have a better array serialization? I.a. following 3 need to be
> distinguished:
> ab
> a b
> "a b"
It inserts a space
Thanks, fixed those up.
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
This patchset extends the verifier framework to support verifying commands
executed by Grub, and makes use of this to add support for measuring files
and commands executed by grub into the TPM on UEFI-based systems.
___
Grub-devel mailing list
Pass commands to the verification code. We want to be able to log these
in the TPM verification case.
---
grub-core/script/execute.c | 27 ---
include/grub/verify.h | 1 +
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/grub-core/script/execute.c
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI.
---
grub-core/Makefile.core.def| 7 +
grub-core/commands/efi/tpm.c | 282 +
grub-core/commands/tpm.c | 87
On Thu, Jun 15, 2017 at 01:52:14AM +, Vladimir 'phcoder' Serbinenko wrote:
> On Thu, Jun 15, 2017, 03:49 Matthew Garrett <mj...@srcf.ucam.org> wrote:
> > if you're making the ordering significant,
> > it's far too easy for someone to mess up and end up with an insecure
&
We want to be able to measure stuff right from the very beginning of
grub execution, so it makes sense for the core verifiers code to be
present in-kernel rather than having it as an external module.
---
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def
This patchset reworks my earlier TPM support to use the verifiers framework.
It only includes UEFI support right now due to the unclear copyright situation
on the BIOS code from trusted-grub.
___
Grub-devel mailing list
Grub-devel@gnu.org
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI.
---
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def| 2 +
grub-core/kern/efi/tpm.c | 282 +
Pass commands to the verification code. We want to be able to log these
in the TPM verification case.
---
grub-core/script/execute.c | 27 ---
include/grub/verify.h | 1 +
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/grub-core/script/execute.c
Pass commands to the verification code. We want to be able to log these
in the TPM verification case.
---
grub-core/script/execute.c | 27 ---
include/grub/verify.h | 1 +
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/grub-core/script/execute.c
Port the TPM code to use the verifiers framework. I'm only including UEFI
support since it's still unclear what the copyright situation is over the
BIOS code, and demand for BIOS support for this has somewhat tailed off
anyway.
___
Grub-devel mailing
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI.
---
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def| 2 +
grub-core/kern/efi/tpm.c | 282 +
We want to be able to measure stuff right from the very beginning of
grub execution, so it makes sense for the core verifiers code to be
present in-kernel rather than having it as an external module.
---
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def
al module, so they need to be built into
the core image in any case (otherwise an attacker just replaces the
verifier module…). And if you're making the ordering significant,
it's far too easy for someone to mess up and end up with an insecure
system as a result.
--
Matthew Garrett | mj...@srcf
AML). So
> that would
> be similar to the TPM1.2 TCPA ACPI table. I guess Linux should need support
> for both?
I really hope that there are no implementations where there's a
difference between the information in ACPI and any other source, but I
guess we'll find out. That's going to end up
On Fri, Aug 03, 2018 at 03:39:54PM +0200, Daniel Kiper wrote:
> +++ b/grub-core/commands/i386/nthibr.c
Should this be a separate patch? It seems to be unrelated new
functionality.
--
Matthew Garrett | mj...@srcf.ucam.org
___
Grub-devel mailing l
g order somehow. However, this
> can be difficult and not reliable.
Yeah, I think standalone images are going to be the right solution for
most users here.
--
Matthew Garrett | mj...@srcf.ucam.org
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
works for us, and delay being able to
provide functionality that people would like to take advantage of. I
think some real-world use would make the process easier.
--
Matthew Garrett | mj...@srcf.ucam.org
___
Grub-devel mailing list
Grub-devel@gnu.org
On Tue, Jan 23, 2018 at 12:45:14PM +0100, Daniel Kiper wrote:
> Sadly yes. Sorry about that. However, this is still on my radar. I hope that
> I come back to work on this in a few weeks.
Hi Daniel,
Any news on this front? Thanks!
--
Matthew Garrett | mj...@srcf.uc
From: Matthew Garrett
Pass all commands executed by grub to the verifiers layer. Most
verifiers will ignore this, but some (such as the TPM verifier) want to
be able to measure and log each command executed in order to ensure that
the boot state is as expected.
---
grub-core/script/execute.c
From: Matthew Garrett
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI. In future we might
want to have some sort of mechanism for choosing which events get logged
to which PCRs, but this seems like a good default policy
Describe the behaviour of grub when the TPM module is in use.
---
docs/grub.texi | 38 ++
1 file changed, 38 insertions(+)
diff --git a/docs/grub.texi b/docs/grub.texi
index 471d97c95..6bd3783a4 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -5545,6
From: Matthew Garrett
Pass all commands executed by grub to the verifiers layer. Most
verifiers will ignore this, but some (such as the TPM verifier) want to
be able to measure and log each command executed in order to ensure that
the boot state is as expected.
---
grub-core/script/execute.c
From: Matthew Garrett
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI. In future we might
want to have some sort of mechanism for choosing which events get logged
to which PCRs, but this seems like a good default policy
Describe the behaviour of grub when the TPM module is in use.
---
docs/grub.texi | 38 ++
1 file changed, 38 insertions(+)
diff --git a/docs/grub.texi b/docs/grub.texi
index 471d97c95..6bd3783a4 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -5545,6
On Thu, Nov 15, 2018 at 6:39 AM Daniel Kiper wrote:
> Could you be more C-ish? E.g. s/Major/major/, s/Minor/minor/, etc.
These are the spec-defined member names, so I've a mild preference for
keeping them that way - it makes it easier to compare with the spec
and update stuff with later spec
From: Matthew Garrett
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI. In future we might
want to have some sort of mechanism for choosing which events get logged
to which PCRs, but this seems like a good default policy
From: Matthew Garrett
Pass all commands executed by grub to the verifiers layer. Most
verifiers will ignore this, but some (such as the TPM verifier) want to
be able to measure and log each command executed in order to ensure that
the boot state is as expected.
Signed-off-by: Matthew Garrett
On Thu, Nov 15, 2018 at 5:45 AM Daniel Kiper wrote:
> Except lack of SOB patch LGTM. May I add your SOB before pushing this
> patch. Or you can repost it with
Feel free to add my SOB.
___
Grub-devel mailing list
Grub-devel@gnu.org
On Tue, Jan 15, 2019 at 3:58 AM Daniel Kiper wrote:
>
> On Mon, Jan 14, 2019 at 11:42:21AM -0800, Matthew Garrett wrote:
> > On Mon, Jan 14, 2019 at 6:09 AM 'Max Tottenham' via mjg59
> > wrote:
> >
> > > I went ahead and did some debugging. Below is a patch t
On Mon, Jan 14, 2019 at 6:09 AM 'Max Tottenham' via mjg59
wrote:
> I went ahead and did some debugging. Below is a patch that seems to fix
> my problem. Although those calls to grub_efi_open_protocol() in the tpm
> module should probably check their return value and do something sane if
> 0x0 is
On Wed, Dec 12, 2018 at 6:31 AM Daniel Kiper wrote:
>
> On Mon, Dec 03, 2018 at 03:48:17PM +0100, Daniel Kiper wrote:
> > On Thu, Nov 29, 2018 at 11:28:10AM -0800, Matthew Garrett wrote:
> > > Describe the behaviour of grub when the TPM module is in use.
> > >
> &
Describe the behaviour of grub when the TPM module is in use.
Signed-off-by: Matthew Garrett
---
docs/grub.texi | 38 ++
1 file changed, 38 insertions(+)
diff --git a/docs/grub.texi b/docs/grub.texi
index 471d97c95..6bd3783a4 100644
--- a/docs/grub.texi
From: Matthew Garrett
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI. In future we might
want to have some sort of mechanism for choosing which events get logged
to which PCRs, but this seems like a good default policy
From: Matthew Garrett
Pass all commands executed by grub to the verifiers layer. Most
verifiers will ignore this, but some (such as the TPM verifier) want to
be able to measure and log each command executed in order to ensure that
the boot state is as expected.
Signed-off-by: Matthew Garrett
On Mon, Nov 19, 2018 at 1:13 AM Daniel P. Smith wrote:
>
> It would be great if the TPM commands that are using EFI protocol and
> exposed to TPM command module be name spaced under efi, e.g.
> grub_efi_tpm_log_event. As I lay in a TIS implementation, I can mimic a
> similar set of tis name
On Mon, Nov 26, 2018 at 4:47 PM Daniel Kiper wrote:
> I have a feeling that both UEFI and TIS TPM implementations can coexists
> together even on UEFI platform. Of course, AIUI, UEFI TPM should be default
> if we play with TPM 2.0. TIS implementation should be used with TPM 1.2
> or if UEFI is
On Tue, Nov 20, 2018 at 10:59 AM Matthew Garrett wrote:
>
> On Mon, Nov 19, 2018 at 1:13 AM Daniel P. Smith wrote:
> >
> > It would be great if the TPM commands that are using EFI protocol and
> > exposed to TPM command module be name spaced under efi, e.g.
> > gr
1 - 100 of 112 matches
Mail list logo