git.ipfire.org Git - thirdparty/grub.git/commit

author	Stefan Berger <stefanb@linux.ibm.com>
	Mon, 6 Feb 2023 15:03:25 +0000 (10:03 -0500)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Tue, 7 Mar 2023 14:28:38 +0000 (15:28 +0100)
commit	9e78ab2b0f277dfd31012ad9df1bb6ba492b4cae
tree	880d81d8e9587c75d2bb5e88b3ed248b84c5c5d4	tree
parent	d8953d07934c6291978cc0fca24e4f18f1b98520	commit \| diff

commands/ieee1275/ibmvtpm: Add support for trusted boot using a vTPM 2.0

Add support for trusted boot using a vTPM 2.0 on the IBM IEEE1275
PowerPC platform. With this patch grub now measures text and binary data
into the TPM's PCRs 8 and 9 in the same way as the x86_64 platform
does.

This patch requires Daniel Axtens's patches for claiming more memory.

Note: The tpm_init() function cannot be called from GRUB_MOD_INIT() since
it does not find the device nodes upon module initialization and
therefore the call to tpm_init() must be deferred to grub_tpm_measure().

For vTPM support to work on PowerVM, system driver levels 1010.30
or 1020.00 are required.

Note: Previous versions of firmware levels with the 2hash-ext-log
API call have a bug that, once this API call is invoked, has the
effect of disabling the vTPM driver under Linux causing an error
message to be displayed in the Linux kernel log. Those users will
have to update their machines to the firmware levels mentioned
above.

Cc: Eric Snowberg <eric.snowberg@oracle.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Nageswara R Sastry <rnsastry@linux.ibm.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>

docs/grub.texi		diff \| blob \| blame \| history
grub-core/Makefile.core.def		diff \| blob \| blame \| history
grub-core/commands/ieee1275/ibmvtpm.c	[new file with mode: 0644]	blob
include/grub/ieee1275/ieee1275.h		diff \| blob \| blame \| history