grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 00/14] Automatic Disk Unlock with TPM2

From: Daniel Kiper
Subject: Re: [PATCH 00/14] Automatic Disk Unlock with TPM2
Date: Wed, 1 Mar 2023 20:27:58 +0100
User-agent: NeoMutt/20170113 (1.7.2) 
Adding folks involved in appended signature secure boot support development...

On Wed, Mar 01, 2023 at 03:16:14PM +0800, Gary Lin via Grub-devel wrote:
> On Tue, Feb 28, 2023 at 06:39:22PM +0100, Daniel Kiper wrote:
> > On Wed, Feb 22, 2023 at 03:00:40PM +0800, Gary Lin via Grub-devel wrote:
> > > The patch series "Automatic TPM Disk Unlock" posted by Hernan Gatta
> > > introduces the key protector framework and TPM2 stack to GRUB2, and it's
> > > a useful feature for the systems to implement full disk encryption.
> > > However, it seems the development was stalled for a while, and I'd like
> > > to push it forward.
> >
> > Thank you for updating this patch set. Certainly I want to have it in
> > the GRUB upstream. Sadly I cannot consider this as a 2.12 release
> > material. So, I will not review these patches immediately due to
> > their low priority. Though I have a few comments below...
> >
> I see.

Thank you!

> > > Patch 1~5 are Hernan Gatta's patch series(*) with a few modifications:
> > > - Converting 8 spaces into 1 tab
> > > - Merging the minor build fix from Michael Chang
> > >   - Replacing "lu" with "PRIuGRUB_SIZE" for grub_dprintf
> > >   - Adding "enable = efi" to the tpm2 module in 
> > > grub-core/Makefile.core.def
> > > - Rebasing "cryptodisk: Support key protectors" to the git master
> >
> > Thank you for doing all of this!
> >
> > > To minimize the changes to Patch 1~5, the follow-up fixes (Patch 6~14)
> > > from my colleagues and me are committed separately. Those patches fix
> > > the problems we found while testing the original patchset.
> >
> > Please merge all patches after #5 into original patch series and add
> > your and your colleagues SOBs to relevant patches.
> >
> Will merge those patchs in V2.

Cool! Thank you!

> > And of course take into account James comments...
> >
> I'm evaluating the effort to adopt the TPM 2.0 key file format. However,
> the libtasn1 patches (*) are still not merged, and it's probably not
> practical to implement my own asn1 parser. It'd be nice if the libtasn1
> patches could be merged soon.

I cannot see any reason to not make libtasn1 patches part of this
series. And potentially this series could be merged earlier because it
is smaller one. Anyway, please coordinate this with folks working on
appended signature...

Daniel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]