[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 6/7] tpm2_key_protector/grub_protect: add noDA parameter in gr
|
From: |
Yann Diorcet |
|
Subject: |
[PATCH v2 6/7] tpm2_key_protector/grub_protect: add noDA parameter in grub_srk_type struct |
|
Date: |
Fri, 14 Mar 2025 14:58:53 +0100 |
Signed-off-by: Yann Diorcet <diorcet.yann@gmail.com>
---
grub-core/commands/tpm2_key_protector/module.c | 4 ++++
grub-core/commands/tpm2_key_protector/tpm2.h | 1 +
grub-core/commands/tpm2_key_protector/tpm2srk.c | 2 +-
util/grub-protect.c | 1 +
4 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/grub-core/commands/tpm2_key_protector/module.c
b/grub-core/commands/tpm2_key_protector/module.c
index 618cc4d32..4f7b6e95d 100644
--- a/grub-core/commands/tpm2_key_protector/module.c
+++ b/grub-core/commands/tpm2_key_protector/module.c
@@ -413,10 +413,12 @@ tpm2_protector_load_key (const tpm2_protector_context_t
*ctx,
{
.type = TPM_ALG_ECC,
.detail.ecc_curve = TPM_ECC_NIST_P256,
+ .noDA = true,
},
{
.type = TPM_ALG_RSA,
.detail.rsa_bits = 2048,
+ .noDA = true,
},
{
.type = TPM_ALG_ERROR,
@@ -858,6 +860,7 @@ tpm2_protector_key_from_buffer (const
tpm2_protector_context_t *ctx,
ctx_w = (tpm2_protector_context_t *)ctx;
ctx_w->srk_type.type = TPM_ALG_RSA;
ctx_w->srk_type.detail.rsa_bits = 2048;
+ ctx_w->srk_type.noDA = true;
}
}
else
@@ -1125,6 +1128,7 @@ tpm2_protector_check_args (tpm2_protector_context_t *ctx)
{
ctx->srk_type.type = TPM_ALG_ECC;
ctx->srk_type.detail.ecc_curve = TPM_ECC_NIST_P256;
+ ctx->srk_type.noDA = true;
}
return GRUB_ERR_NONE;
diff --git a/grub-core/commands/tpm2_key_protector/tpm2.h
b/grub-core/commands/tpm2_key_protector/tpm2.h
index bb86b2e20..1e25a9bdd 100644
--- a/grub-core/commands/tpm2_key_protector/tpm2.h
+++ b/grub-core/commands/tpm2_key_protector/tpm2.h
@@ -40,6 +40,7 @@ struct grub_srk_type
TPM_KEY_BITS_t rsa_bits;
TPM_ECC_CURVE_t ecc_curve;
} detail;
+ bool noDA;
};
typedef struct grub_srk_type grub_srk_type_t;
diff --git a/grub-core/commands/tpm2_key_protector/tpm2srk.c
b/grub-core/commands/tpm2_key_protector/tpm2srk.c
index 8eae091ce..7392addda 100644
--- a/grub-core/commands/tpm2_key_protector/tpm2srk.c
+++ b/grub-core/commands/tpm2_key_protector/tpm2srk.c
@@ -69,7 +69,7 @@ tpm2_protector_srk_get (const grub_srk_type_t srk_type,
inPublic.publicArea.objectAttributes.fixedTPM = 1;
inPublic.publicArea.objectAttributes.fixedParent = 1;
inPublic.publicArea.objectAttributes.sensitiveDataOrigin = 1;
- inPublic.publicArea.objectAttributes.noDA = 1;
+ inPublic.publicArea.objectAttributes.noDA = srk_type.noDA;
if (srk_type.type == TPM_ALG_RSA)
{
diff --git a/util/grub-protect.c b/util/grub-protect.c
index bda7ec239..d5432adf8 100644
--- a/util/grub-protect.c
+++ b/util/grub-protect.c
@@ -1227,6 +1227,7 @@ protect_tpm2_args_verify (protect_args_t *args)
{
args->srk_type.type = TPM_ALG_ECC;
args->srk_type.detail.ecc_curve = TPM_ECC_NIST_P256;
+ args->srk_type.noDA = true;
}
if (args->tpm2_bank == TPM_ALG_ERROR)
--
2.39.5
- [PATCH v2 1/7] luks2: Add token parsing support, Yann Diorcet, 2025/03/14
- [PATCH v2 4/7] base64: Add new module allowing multiple modules to use base64 functions, Yann Diorcet, 2025/03/14
- [PATCH v2 6/7] tpm2_key_protector/grub_protect: add noDA parameter in grub_srk_type struct,
Yann Diorcet <=
- [PATCH v2 5/7] tpm2_key_protector/grub_protect: code factorization for srk functions, Yann Diorcet, 2025/03/14
- [PATCH v2 3/7] tss2: Add some types and mashalling/unmarshalling functions for IESYS, Yann Diorcet, 2025/03/14
- [PATCH v2 7/7] tpm2_key_protector: Add LUKS2 systemd-tpm2 token support, Yann Diorcet, 2025/03/14
- [PATCH v2 2/7] luks: Expose new luks2_iterate_keyslot, Yann Diorcet, 2025/03/14
- Re: [PATCH v2 1/7] luks2: Add token parsing support, Gary Lin, 2025/03/21