From: Gary Lin <glin@suse.com>
Date: Fri, 3 Oct 2025 03:22:06 +0000 (+0800)
Subject: tss2: Implement grub_tcg2_cap_pcr() for emu
X-Git-Tag: grub-2.14-rc1~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ae7a399005e055165dbc30b0fa53f3e86df2a882;p=thirdparty%2Fgrub.git

tss2: Implement grub_tcg2_cap_pcr() for emu

Since there is no system firmware for grub-emu, the TPM2_PCR_Event
command becomes the only choice to implement grub_tcg2_cap_pcr().

Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---

diff --git a/grub-core/lib/tss2/tcg2_emu.c b/grub-core/lib/tss2/tcg2_emu.c
index cab930d2b..3713190ac 100644
--- a/grub-core/lib/tss2/tcg2_emu.c
+++ b/grub-core/lib/tss2/tcg2_emu.c
@@ -22,6 +22,7 @@
 
 #include <tss2_buffer.h>
 #include <tss2_structs.h>
+#include <tpm2_cmd.h>
 #include <tcg2.h>
 
 grub_err_t
@@ -47,3 +48,22 @@ grub_tcg2_submit_command (grub_size_t input_size, grub_uint8_t *input,
 
   return GRUB_ERR_NONE;
 }
+
+grub_err_t
+grub_tcg2_cap_pcr (grub_uint8_t pcr)
+{
+  TPMS_AUTH_COMMAND_t authCmd = {
+    .sessionHandle = TPM_RS_PW,
+  };
+  TPM2B_EVENT_t data = {
+    .size = 4,
+  };
+  TPM_RC_t rc;
+
+  /* Submit an EV_SEPARATOR event, i.e. an event with 4 zero-bytes */
+  rc = grub_tpm2_pcr_event (pcr, &authCmd, &data, NULL, NULL);
+  if (rc != TPM_RC_SUCCESS)
+    return grub_error (GRUB_ERR_BAD_DEVICE, N_("cannot cap PCR %u"), pcr);
+
+  return GRUB_ERR_NONE;
+}