|
|
8e15ce |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
8e15ce |
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
8e15ce |
Date: Sat, 16 May 2020 11:33:18 +0200
|
|
|
8e15ce |
Subject: [PATCH] tpm: Don't propagate TPM measurement errors to the verifiers
|
|
|
8e15ce |
layer
|
|
|
8e15ce |
|
|
|
8e15ce |
Currently if the EFI firmware fails to do a TPM measurement for a file,
|
|
|
8e15ce |
the error will be propagated to the verifiers framework and so opening
|
|
|
8e15ce |
the file will not succeed.
|
|
|
8e15ce |
|
|
|
8e15ce |
This mean that buggy firmwares will prevent the system to boot since the
|
|
|
8e15ce |
loader won't be able to open any file. But failing to do TPM measurements
|
|
|
8e15ce |
shouldn't be a fatal error and the system should still be able to boot.
|
|
|
8e15ce |
|
|
|
8e15ce |
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
8e15ce |
---
|
|
|
8e15ce |
grub-core/commands/tpm.c | 14 +++++++-------
|
|
|
8e15ce |
1 file changed, 7 insertions(+), 7 deletions(-)
|
|
|
8e15ce |
|
|
|
8e15ce |
diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
|
|
|
b35c50 |
index 2052c36eab..e287d042e6 100644
|
|
|
8e15ce |
--- a/grub-core/commands/tpm.c
|
|
|
8e15ce |
+++ b/grub-core/commands/tpm.c
|
|
|
8e15ce |
@@ -42,7 +42,8 @@ grub_tpm_verify_init (grub_file_t io,
|
|
|
8e15ce |
static grub_err_t
|
|
|
8e15ce |
grub_tpm_verify_write (void *context, void *buf, grub_size_t size)
|
|
|
8e15ce |
{
|
|
|
8e15ce |
- return grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context);
|
|
|
8e15ce |
+ grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context);
|
|
|
8e15ce |
+ return GRUB_ERR_NONE;
|
|
|
8e15ce |
}
|
|
|
8e15ce |
|
|
|
8e15ce |
static grub_err_t
|
|
|
8e15ce |
@@ -50,7 +51,6 @@ grub_tpm_verify_string (char *str, enum grub_verify_string_type type)
|
|
|
8e15ce |
{
|
|
|
8e15ce |
const char *prefix = NULL;
|
|
|
8e15ce |
char *description;
|
|
|
8e15ce |
- grub_err_t status;
|
|
|
8e15ce |
|
|
|
8e15ce |
switch (type)
|
|
|
8e15ce |
{
|
|
|
8e15ce |
@@ -66,15 +66,15 @@ grub_tpm_verify_string (char *str, enum grub_verify_string_type type)
|
|
|
8e15ce |
}
|
|
|
8e15ce |
description = grub_malloc (grub_strlen (str) + grub_strlen (prefix) + 1);
|
|
|
8e15ce |
if (!description)
|
|
|
8e15ce |
- return grub_errno;
|
|
|
8e15ce |
+ return GRUB_ERR_NONE;
|
|
|
8e15ce |
grub_memcpy (description, prefix, grub_strlen (prefix));
|
|
|
8e15ce |
grub_memcpy (description + grub_strlen (prefix), str,
|
|
|
8e15ce |
grub_strlen (str) + 1);
|
|
|
8e15ce |
- status =
|
|
|
8e15ce |
- grub_tpm_measure ((unsigned char *) str, grub_strlen (str),
|
|
|
8e15ce |
- GRUB_STRING_PCR, description);
|
|
|
8e15ce |
+
|
|
|
8e15ce |
+ grub_tpm_measure ((unsigned char *) str, grub_strlen (str), GRUB_STRING_PCR,
|
|
|
8e15ce |
+ description);
|
|
|
8e15ce |
grub_free (description);
|
|
|
8e15ce |
- return status;
|
|
|
8e15ce |
+ return GRUB_ERR_NONE;
|
|
|
8e15ce |
}
|
|
|
8e15ce |
|
|
|
8e15ce |
struct grub_file_verifier grub_tpm_verifier = {
|