#include <grub/misc.h>
#include <grub/mm.h>
#include <grub/partition.h>
+#include <grub/tpm.h>
#include <grub/types.h>
GRUB_MOD_LICENSE ("GPLv3+");
return status;
}
+static grub_err_t
+set_loader_active_pcr_banks (void)
+{
+ grub_efi_uint32_t active_pcr_banks;
+ char *active_pcr_banks_str;
+ grub_err_t status;
+
+ active_pcr_banks = grub_tpm2_active_pcr_banks();
+ active_pcr_banks_str = grub_xasprintf ("0x%08x", active_pcr_banks);
+ if (active_pcr_banks_str == NULL)
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate active PCR banks string"));
+
+ status = grub_efi_set_variable_to_string ("LoaderTpm2ActivePcrBanks",
+ &bli_vendor_guid,
+ active_pcr_banks_str,
+ GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ GRUB_EFI_VARIABLE_RUNTIME_ACCESS);
+ grub_free (active_pcr_banks_str);
+ return status;
+}
+
GRUB_MOD_INIT (bli)
{
grub_efi_set_variable_to_string ("LoaderInfo", &bli_vendor_guid, PACKAGE_STRING,
GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS |
GRUB_EFI_VARIABLE_RUNTIME_ACCESS);
set_loader_device_part_uuid ();
+ set_loader_active_pcr_banks ();
/* No error here is critical, other than being logged */
grub_print_error ();
}
return grub_tpm2_present (tpm);
}
}
+
+grub_uint32_t
+grub_tpm2_active_pcr_banks (void)
+{
+ grub_efi_handle_t tpm_handle;
+ grub_efi_uint8_t protocol_version;
+ grub_efi_tpm2_protocol_t *tpm;
+ grub_efi_uint32_t active_pcr_banks = 0;
+
+ if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
+ return 0;
+
+ if (protocol_version == 1)
+ return 0; /* We report TPM2 status */
+
+ tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
+ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
+ if (tpm == NULL)
+ {
+ grub_dprintf ("tpm", "Cannot open TPM2 protocol\n");
+ return 0;
+ }
+
+ if (grub_tpm2_present (tpm))
+ {
+ grub_efi_status_t status = tpm->get_active_pcr_banks (tpm, &active_pcr_banks);
+
+ if (status != GRUB_EFI_SUCCESS)
+ return 0; /* Assume none available if the call fails. */
+ }
+
+ return active_pcr_banks;
+}
grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size,
grub_uint8_t pcr, const char *description);
int grub_tpm_present (void);
+grub_uint32_t grub_tpm2_active_pcr_banks (void);
static inline bool
grub_is_tpm_fail_fatal (void)
projects / thirdparty / grub.git / commitdiff
