tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
grub/grub-core/lib/tss2/tcg2.h
Gary Lin d47d261ecd tss2: Introduce grub_tcg2_cap_pcr() 
This commit introduces the definition of grub_tcg2_cap_pcr(), a new
function designed to enhance the security of sealed keys. Its primary
purpose is to "cap" a specific PCR by extending it with an EV_SEPARATOR
event. This action cryptographically alters the PCR value, making it
impossible to unseal any key that was previously sealed to the original
PCR state. Consequently, the sealed key remains protected against
unauthorized unsealing attempts until the associated PCRs are reset to
their initial configuration, typically occurring during a subsequent
system boot.

Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2025-10-11 15:43:58 +02:00

41 lines
1.2 KiB
C
Raw Permalink Blame History

/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2022 Microsoft Corporation
* Copyright (C) 2024 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef GRUB_TPM2_TCG2_HEADER
#define GRUB_TPM2_TCG2_HEADER 1
#include <grub/err.h>
#include <grub/types.h>
#define GRUB_EV_SEPARATOR 0x04
extern grub_err_t
grub_tcg2_get_max_output_size (grub_size_t *size);
extern grub_err_t
grub_tcg2_submit_command (grub_size_t input_size,
grub_uint8_t *input,
grub_size_t output_size,
grub_uint8_t *output);
extern grub_err_t
grub_tcg2_cap_pcr (grub_uint8_t pcr);
#endif /* ! GRUB_TPM2_TCG2_HEADER */
Reference in New Issue View Git Blame Copy Permalink