util/grub-protect: Fix the hash algorithm of PCR digest
For tpm2_key_protector and grub-protect, SHA-256 is chosen as the hash
algorithm for the TPM session. However, grub-protect mistakenly used the
hash algorithm of the PCR bank to calculate PCR digest. If the user
chose a PCR bank other than SHA-256, grub-protect created a non-SHA-256
PCR digest to seal the key. But, tpm2_key_protector expects a SHA-256
PCR digest to the TPM unsealing session, so it would fail due to digest
mismatch.
This commit fixes the hash algorithm of PCR digest in grub-protect to
avoid the potential unsealing failure.
Fixes: https://github.com/lcp/grub2/issues/4 Signed-off-by: Gary Lin <glin@suse.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
projects / thirdparty / grub.git / commit
