Re: [PATCH 00/14] Automatic Disk Unlock with TPM2

[Gary Lin]

On Tue, Feb 28, 2023 at 06:39:22PM +0100, Daniel Kiper wrote:
> On Wed, Feb 22, 2023 at 03:00:40PM +0800, Gary Lin via Grub-devel wrote:
> > The patch series "Automatic TPM Disk Unlock" posted by Hernan Gatta
> > introduces the key protector framework and TPM2 stack to GRUB2, and it's
> > a useful feature for the systems to implement full disk encryption.
> > However, it seems the development was stalled for a while, and I'd like
> > to push it forward.
> 
> Thank you for updating this patch set. Certainly I want to have it in
> the GRUB upstream. Sadly I cannot consider this as a 2.12 release
> material. So, I will not review these patches immediately due to
> their low priority. Though I have a few comments below...
> 
I see.

> > Patch 1~5 are Hernan Gatta's patch series(*) with a few modifications:
> > - Converting 8 spaces into 1 tab
> > - Merging the minor build fix from Michael Chang
> >   - Replacing "lu" with "PRIuGRUB_SIZE" for grub_dprintf
> >   - Adding "enable = efi" to the tpm2 module in grub-core/Makefile.core.def
> > - Rebasing "cryptodisk: Support key protectors" to the git master
> 
> Thank you for doing all of this!
> 
> > To minimize the changes to Patch 1~5, the follow-up fixes (Patch 6~14)
> > from my colleagues and me are committed separately. Those patches fix
> > the problems we found while testing the original patchset.
> 
> Please merge all patches after #5 into original patch series and add
> your and your colleagues SOBs to relevant patches.
> 
Will merge those patchs in V2.

> And of course take into account James comments...
> 
I'm evaluating the effort to adopt the TPM 2.0 key file format. However,
the libtasn1 patches (*) are still not merged, and it's probably not
practical to implement my own asn1 parser. It'd be nice if the libtasn1
patches could be merged soon.

Thanks,

Gary Lin

(*) https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00055.html