tpm: Enable boot despite unknown firmware failure

Currently booting the system is prevented when call to EFI firmware hash_log_extend_event() returns unknown error. Solve this by following convention used in commit a4356538d (commands/tpm: Don't propagate measurement failures to the verifiers layer). Let the system to be bootable by default when unknown TPM error is encountered. Check environment variable tpm_fail_fatal to fallback to previous behaviour. Signed-off-by: Michał Grzelak <mchl.grzlk@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2023-06-16 00:39:47 +02:00 · 2023-06-16 00:39:47 +02:00 · afdef4a563
commit afdef4a563
parent 5c7578e727
4 changed files with 17 additions and 10 deletions
--- a/docs/grub.texi
+++ b/docs/grub.texi
@ -3841,6 +3841,11 @@ If this variable is set and true (i.e., not set to ``0'', ``false'',
 fatal. Otherwise, they will merely be debug-logged and boot will
 continue.

+Call to EFI firmware, like hash_log_extend_event(), can return an unknown
+error, i.e. due to bug present in firmware. When this variable is set and
+true (same values as with TPM measurements) this situation will be considered
+to be fatal and error-logged as ``unknown TPM error''. If not set, booting
+the OS will be enabled.

@node Environment block
@section The GRUB environment block
--- a/grub-core/commands/efi/tpm.c
+++ b/grub-core/commands/efi/tpm.c
@ -146,7 +146,7 @@ grub_efi_log_event_status (grub_efi_status_t status)
    case GRUB_EFI_NOT_FOUND:
      return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable"));
    default:
-      return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("unknown TPM error"));
+      return grub_error (grub_is_tpm_fail_fatal () ? GRUB_ERR_UNKNOWN_DEVICE : GRUB_ERR_NONE, N_("unknown TPM error"));
    }
 }

--- a/grub-core/commands/tpm.c
+++ b/grub-core/commands/tpm.c
@ -18,7 +18,6 @@
 *  Core TPM support code.
 */

-#include <grub/env.h>
 #include <grub/err.h>
 #include <grub/i18n.h>
 #include <grub/misc.h>
@ -40,12 +39,6 @@ grub_tpm_verify_init (grub_file_t io,
  return GRUB_ERR_NONE;
 }

-static inline bool
-is_tpm_fail_fatal (void)
-{
-  return grub_env_get_bool ("tpm_fail_fatal", false);
-}
-
 static grub_err_t
 grub_tpm_verify_write (void *context, void *buf, grub_size_t size)
 {
@ -55,7 +48,7 @@ grub_tpm_verify_write (void *context, void *buf, grub_size_t size)
    return GRUB_ERR_NONE;

  grub_dprintf ("tpm", "Measuring buffer failed: %d\n", status);
-  return is_tpm_fail_fatal () ? status : GRUB_ERR_NONE;
+  return grub_is_tpm_fail_fatal () ? status : GRUB_ERR_NONE;
 }

 static grub_err_t
@ -91,7 +84,7 @@ grub_tpm_verify_string (char *str, enum grub_verify_string_type type)
    return GRUB_ERR_NONE;

  grub_dprintf ("tpm", "Measuring string %s failed: %d\n", str, status);
-  return is_tpm_fail_fatal () ? status : GRUB_ERR_NONE;
+  return grub_is_tpm_fail_fatal () ? status : GRUB_ERR_NONE;
 }

 struct grub_file_verifier grub_tpm_verifier = {
--- a/include/grub/tpm.h
+++ b/include/grub/tpm.h
@ -19,6 +19,8 @@
 #ifndef GRUB_TPM_HEADER
 #define GRUB_TPM_HEADER 1

+#include <grub/env.h>
+
 #define GRUB_STRING_PCR 8
 #define GRUB_BINARY_PCR 9

@ -37,4 +39,11 @@
 grub_err_t grub_tpm_measure (unsigned char *buf, grub_size_t size,
 			     grub_uint8_t pcr, const char *description);
 int grub_tpm_present (void);
+
+static inline bool
+grub_is_tpm_fail_fatal (void)
+{
+  return grub_env_get_bool ("tpm_fail_fatal", false);
+}
+
 #endif