rpms/grub2
7
0
Fork 0
mirror of https://src.fedoraproject.org/rpms/grub2.git synced 2024-11-28 15:46:53 +00:00
Code Issues 24 Projects 4 Releases Packages Wiki Activity Actions
grub2/0228-Make-TPM-errors-less-fatal.patch
Javier Martinez Canillas afb0baacd6
Use BLS fragment filename as menu entry id and for sort criterion 
The BLS config filenames are guaranteed to be unique, so they can be
used as GRUB2 entry id and can also be used to sort the menu entries.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2018-07-02 17:33:09 +02:00

211 lines
6.9 KiB
Diff
Raw Blame History

From 406f7dda0cc2689170f102341a546c87072d1ce5 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com>
Date: Thu, 13 Oct 2016 13:55:26 -0700
Subject: [PATCH 228/250] Make TPM errors less fatal
Handle TPM errors, and stop trying to use the TPM once we hit one.
---
grub-core/kern/dl.c | 1 +
grub-core/kern/i386/pc/tpm.c | 21 +++++++++++++++++----
grub-core/lib/cmdline.c | 1 +
grub-core/loader/i386/efi/linux.c | 2 ++
grub-core/loader/i386/linux.c | 1 +
grub-core/loader/i386/multiboot_mbi.c | 1 +
grub-core/loader/i386/pc/linux.c | 1 +
grub-core/loader/linux.c | 2 ++
grub-core/loader/multiboot.c | 1 +
grub-core/loader/multiboot_mbi2.c | 1 +
grub-core/script/execute.c | 1 +
11 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index d0989573866..91105bc4677 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -831,6 +831,7 @@ grub_dl_load_file (const char *filename)
grub_file_close (file);
grub_tpm_measure(core, size, GRUB_BINARY_PCR, "grub_module", filename);
+ grub_print_error();
mod = grub_dl_load_core (core, size);
grub_free (core);
diff --git a/grub-core/kern/i386/pc/tpm.c b/grub-core/kern/i386/pc/tpm.c
index 8c6c1e6ece2..f6f264aff2e 100644
--- a/grub-core/kern/i386/pc/tpm.c
+++ b/grub-core/kern/i386/pc/tpm.c
@@ -7,21 +7,28 @@
#define TCPA_MAGIC 0x41504354
+static int tpm_presence = -1;
+
int tpm_present(void);
int tpm_present(void)
{
struct grub_bios_int_registers regs;
+ if (tpm_presence != -1)
+ return tpm_presence;
+
regs.flags = GRUB_CPU_INT_FLAGS_DEFAULT;
regs.eax = 0xbb00;
regs.ebx = TCPA_MAGIC;
grub_bios_interrupt (0x1a, &regs);
if (regs.eax == 0)
- return 1;
+ tpm_presence = 1;
+ else
+ tpm_presence = 0;
- return 0;
+ return tpm_presence;
}
grub_err_t
@@ -49,7 +56,10 @@ grub_tpm_execute(PassThroughToTPM_InputParamBlock *inbuf,
grub_bios_interrupt (0x1a, &regs);
if (regs.eax)
- return grub_error (GRUB_ERR_IO, N_("TPM error %x\n"), regs.eax);
+ {
+ tpm_presence = 0;
+ return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax);
+ }
return 0;
}
@@ -126,7 +136,10 @@ grub_tpm_log_event(unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
grub_free(event);
if (regs.eax)
- return grub_error (GRUB_ERR_IO, N_("TPM error %x\n"), regs.eax);
+ {
+ tpm_presence = 0;
+ return grub_error (GRUB_ERR_IO, N_("TPM error %x, disabling TPM"), regs.eax);
+ }
return 0;
}
diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c
index 178f7382f07..d5c12957cad 100644
--- a/grub-core/lib/cmdline.c
+++ b/grub-core/lib/cmdline.c
@@ -128,6 +128,7 @@ int grub_create_loader_cmdline (int argc, char *argv[], char *buf,
grub_tpm_measure ((void *)orig, grub_strlen (orig), GRUB_ASCII_PCR,
"grub_kernel_cmdline", orig);
+ grub_print_error();
return i;
}
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 079e222e972..6c9268f2ff5 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -134,6 +134,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "grub_linuxefi", "Initrd");
+ grub_print_error();
ptr += cursize;
grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4));
ptr += ALIGN_UP_OVERHEAD (cursize, 4);
@@ -199,6 +200,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
}
grub_tpm_measure (kernel, filelen, GRUB_BINARY_PCR, "grub_linuxefi", "Kernel");
+ grub_print_error();
rc = grub_linuxefi_secure_validate (kernel, filelen);
if (rc < 0)
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 32e3bb08e88..daebe0237ff 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -720,6 +720,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
}
grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux", "Kernel");
+ grub_print_error();
grub_memcpy (&lh, kernel, sizeof (lh));
diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c
index 0981a2cfd93..42372bf058b 100644
--- a/grub-core/loader/i386/multiboot_mbi.c
+++ b/grub-core/loader/i386/multiboot_mbi.c
@@ -175,6 +175,7 @@ grub_multiboot_load (grub_file_t file, const char *filename)
}
grub_tpm_measure((unsigned char*)buffer, len, GRUB_BINARY_PCR, "grub_multiboot", filename);
+ grub_print_error();
header = find_header (buffer, len);
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index 7edbc5ea6c4..5b6558c6340 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -163,6 +163,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
}
grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "grub_linux16", "Kernel");
+ grub_print_error();
grub_memcpy (&lh, kernel, sizeof (lh));
kernel_offset = sizeof (lh);
diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
index 78c41e33416..c2c7cfcd0fd 100644
--- a/grub-core/loader/linux.c
+++ b/grub-core/loader/linux.c
@@ -290,6 +290,8 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
return grub_errno;
}
grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "grub_initrd", "Initrd");
+ grub_print_error();
+
ptr += cursize;
}
if (newc)
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
index cc53d429bca..ae308189200 100644
--- a/grub-core/loader/multiboot.c
+++ b/grub-core/loader/multiboot.c
@@ -427,6 +427,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),
grub_file_close (file);
grub_tpm_measure (module, size, GRUB_BINARY_PCR, "grub_multiboot", argv[0]);
+ grub_print_error();
return GRUB_ERR_NONE;
}
diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
index f7e333f56c1..49b8af3f1d8 100644
--- a/grub-core/loader/multiboot_mbi2.c
+++ b/grub-core/loader/multiboot_mbi2.c
@@ -133,6 +133,7 @@ grub_multiboot_load (grub_file_t file, const char *filename)
COMPILE_TIME_ASSERT (MULTIBOOT_HEADER_ALIGN % 4 == 0);
grub_tpm_measure ((unsigned char *)mld.buffer, len, GRUB_BINARY_PCR, "grub_multiboot", filename);
+ grub_print_error();
header = find_header (mld.buffer, len);
if (header == 0)
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index 976643c47b0..93965777138 100644
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -997,6 +997,7 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
cmdstring[cmdlen-1]= '\0';
grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_ASCII_PCR,
"grub_cmd", cmdstring);
+ grub_print_error();
grub_free(cmdstring);
invert = 0;
argc = argv.argc - 1;
--
2.17.1
Reference in a new issue View git blame Copy permalink