[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 0/5] Automatic TPM Disk Unlock
From: |
Hernan Gatta |
Subject: |
[PATCH v2 0/5] Automatic TPM Disk Unlock |
Date: |
Tue, 1 Feb 2022 05:02:52 -0800 |
Updates since v1:
1. One key can unlock multiple disks:
It is now possible to use key protectors with cryptomount's -a and -b
options.
2. No passphrase prompt on error if key protector(s) specified:
cryptomount no longer prompts for a passphrase if key protectors are
specified but fail to provide a working unlock key seeing as the user
explicitly requested unlocking via key protectors.
3. Key protector parameterization is separate:
Previously, one would parameterize a key protector via a colon-separated
argument list nested within a cryptomount argument. Now, key protectors are
expected to provide an initialization function, if necessary.
As such, instead of:
cryptomount -k tpm2:mode=srk:keyfile=KEYFILE:pcrs=7,11...
one now writes:
tpm2_key_protector_init --mode=srk --keyfile=KEYFILE --pcrs=7,11 ...
cryptomount -k tpm2
Additionally, one may write:
cryptomount -k protector_1 -k protector_2 ...
where cryptomount will try each in order on failure.
4. Standard argument parsing:
The TPM2 key protector now uses 'struct grub_arg_option' and the grub-protect
tool uses 'struct argp_option'. Additionally, common argument parsing
functionality is now shared between the module and the tool.
5. More useful messages:
Both the TPM2 module and the grub-protect tool now provide more useful
messages to help the user learn how to use their functionality (--help and
--usage) as well as to determine what is wrong, if anything. Furthermore, the
module now prints additional debug output to help diagnose problems.
I forgot to mention last time that this patch series intends to address:
https://bugzilla.redhat.com/show_bug.cgi?id=1854177
Previous series:
https://lists.gnu.org/archive/html/grub-devel/2022-01/msg00125.html
Thank you,
Hernan
Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
Hernan Gatta (5):
protectors: Add key protectors framework
tpm2: Add TPM Software Stack (TSS)
protectors: Add TPM2 Key Protector
cryptodisk: Support key protectors
util/grub-protect: Add new tool
.gitignore | 1 +
Makefile.util.def | 19 +
configure.ac | 1 +
grub-core/Makefile.am | 1 +
grub-core/Makefile.core.def | 11 +
grub-core/disk/cryptodisk.c | 166 +++-
grub-core/kern/protectors.c | 75 ++
grub-core/tpm2/args.c | 129 ++++
grub-core/tpm2/buffer.c | 145 ++++
grub-core/tpm2/module.c | 710 +++++++++++++++++
grub-core/tpm2/mu.c | 807 ++++++++++++++++++++
grub-core/tpm2/tcg2.c | 143 ++++
grub-core/tpm2/tpm2.c | 711 +++++++++++++++++
include/grub/cryptodisk.h | 14 +
include/grub/protector.h | 48 ++
include/grub/tpm2/buffer.h | 65 ++
include/grub/tpm2/internal/args.h | 39 +
include/grub/tpm2/internal/functions.h | 117 +++
include/grub/tpm2/internal/structs.h | 675 ++++++++++++++++
include/grub/tpm2/internal/types.h | 372 +++++++++
include/grub/tpm2/mu.h | 292 +++++++
include/grub/tpm2/tcg2.h | 34 +
include/grub/tpm2/tpm2.h | 38 +
util/grub-protect.c | 1314 ++++++++++++++++++++++++++++++++
24 files changed, 5897 insertions(+), 30 deletions(-)
create mode 100644 grub-core/kern/protectors.c
create mode 100644 grub-core/tpm2/args.c
create mode 100644 grub-core/tpm2/buffer.c
create mode 100644 grub-core/tpm2/module.c
create mode 100644 grub-core/tpm2/mu.c
create mode 100644 grub-core/tpm2/tcg2.c
create mode 100644 grub-core/tpm2/tpm2.c
create mode 100644 include/grub/protector.h
create mode 100644 include/grub/tpm2/buffer.h
create mode 100644 include/grub/tpm2/internal/args.h
create mode 100644 include/grub/tpm2/internal/functions.h
create mode 100644 include/grub/tpm2/internal/structs.h
create mode 100644 include/grub/tpm2/internal/types.h
create mode 100644 include/grub/tpm2/mu.h
create mode 100644 include/grub/tpm2/tcg2.h
create mode 100644 include/grub/tpm2/tpm2.h
create mode 100644 util/grub-protect.c
--
1.8.3.1
- [PATCH v2 0/5] Automatic TPM Disk Unlock,
Hernan Gatta <=
- [PATCH v2 4/5] cryptodisk: Support key protectors, Hernan Gatta, 2022/02/01
- [PATCH v2 5/5] util/grub-protect: Add new tool, Hernan Gatta, 2022/02/01
- [PATCH v2 3/5] protectors: Add TPM2 Key Protector, Hernan Gatta, 2022/02/01
- [PATCH v2 1/5] protectors: Add key protectors framework, Hernan Gatta, 2022/02/01
- [PATCH v2 2/5] tpm2: Add TPM Software Stack (TSS), Hernan Gatta, 2022/02/01
- Re: [PATCH v2 0/5] Automatic TPM Disk Unlock, Didier Spaier, 2022/02/01