tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
grub/grub-core/commands
History
Gary Lin cd9cb944d9 tpm2_key_protector: Support NV index handles 
Previously, NV index mode only supported persistent handles which are
only for TPM objects.

On the other hand, the "NV index" handle allows the user-defined data,
so it can be an alternative to the key file and support TPM 2.0 Key
File format immediately.

The following tpm2-tools commands store the given key file, sealed.tpm,
in either TPM 2.0 Key File format or the raw format into the NV index
handle 0x1000000.

  # tpm2_nvdefine -C o \
      -a "ownerread|ownerwrite" \
      -s $(stat -c %s sealed.tpm) \
      0x1000000
  # tpm2_nvwrite -C o -i sealed.tpm 0x1000000

To unseal the key in GRUB, add the "tpm2_key_protector_init" command to
grub.cfg:

  tpm2_key_protector_init --mode=nv --nvindex=0x1000000
  cryptomount -u <UUID> --protector tpm2

To remove the NV index handle:

  # tpm2_nvundefine -C o 0x1000000

Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2025-04-10 18:10:33 +02:00
..
arc
Remove nested functions from device iterators.
2013-01-20 15:52:15 +00:00
efi
commands/efi/tpm: Re-enable measurements on confidential computing platforms
2024-06-06 16:55:16 +02:00
i386
i386/msr: Extract and improve MSR support detection code
2024-10-10 13:09:06 +02:00
ieee1275
ieee1275/tcg2: Refactor grub_ieee1275_tpm_init()
2024-11-28 22:37:50 +01:00
mips/loongson
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
tpm2_key_protector
tpm2_key_protector: Support NV index handles
2025-04-10 18:10:33 +02:00
xen
Correct some translatable strings.
2013-12-21 03:03:31 +01:00
acpi.c
commands/acpi: Use options enum to index command options
2025-03-05 21:24:47 +01:00
acpihalt.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
bli.c
commands/bli: Fix crash in get_part_uuid()
2024-09-05 16:08:17 +02:00
blocklist.c
disk: Allow read hook callback to take read buffer to potentially modify it
2022-07-04 14:43:25 +02:00
boot.c
commands/boot: Add API to pass context to loader
2022-06-07 16:39:31 +02:00
boottime.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
cacheinfo.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
cat.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
cmp.c
commands/cmp: Only return success when both files have the same contents
2023-01-10 16:32:42 +01:00
configfile.c
* grub-core/commands/configfile.c (GRUB_MOD_INIT): Correct
2012-10-12 15:34:33 +01:00
date.c
misc: Make grub_strtol() "end" pointers have safer const qualifiers
2020-02-28 12:41:29 +01:00
echo.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
eval.c
* grub-core/script/execute.c (grub_script_execute_sourcecode): Split
2013-06-07 18:40:37 +02:00
extcmd.c
commands/extcmd: Missing check for failed allocation
2025-02-13 15:45:55 +01:00
file32.c
Implement grub_file tool and use it to implement generating of config
2013-12-17 14:39:48 +01:00
file64.c
Implement grub_file tool and use it to implement generating of config
2013-12-17 14:39:48 +01:00
file.c
commands/file: Fix NULL dereference in the knetbsd tests
2025-02-26 19:34:57 +01:00
fileXX.c
commands/fileXX: Fix remaining memory leak.
2015-01-25 16:36:30 +03:00
gptsync.c
gptsync: Add missing device_close.
2015-01-24 20:52:02 +01:00
halt.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
hashsum.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
hdparm.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
help.c
normal/help: Add paging instructions to normal and help prompts
2022-11-14 17:37:51 +01:00
hexdump.c
commands/hexdump: Disable memory reading in lockdown mode
2025-02-13 15:45:56 +01:00
iorw.c
efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list
2021-03-02 15:54:15 +01:00
keylayouts.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
keystatus.c
kern/term: Make grub_getkeystatus() helper function available everywhere
2020-04-21 22:08:52 +02:00
legacycfg.c
commands/legacycfg: Avoid closing file twice
2024-10-31 16:08:36 +01:00
loadenv.c
disk: Allow read hook callback to take read buffer to potentially modify it
2022-07-04 14:43:25 +02:00
ls.c
commands/ls: Add directory header for dir args
2025-03-05 21:24:48 +01:00
lsacpi.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
lsmmap.c
Translate UEFI persistent memory type
2015-12-15 10:25:34 +03:00
lspci.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
macbless.c
commands/macbless: Remove whitespace between N_ macro and open parenthesis
2022-06-07 12:51:50 +02:00
memrw.c
commands/memrw: Disable memory reading in lockdown mode
2025-02-13 15:45:56 +01:00
memtools.c
commands/memtools: Add memtool module with memory allocation stress-test
2023-03-07 15:26:36 +01:00
menuentry.c
commands/menuentry: Fix quoting in setparams_prefix()
2021-03-02 15:54:17 +01:00
minicmd.c
commands/minicmd: Block the dump command in lockdown mode
2025-02-13 15:45:56 +01:00
nativedisk.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
parttool.c
types: Make bool generally available
2022-11-14 17:17:21 +01:00
password_pbkdf2.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
password.c
Improve gettext support. Stylistic fixes and error handling fixes while
2012-02-08 19:26:01 +01:00
pcidump.c
misc: Make grub_strtol() "end" pointers have safer const qualifiers
2020-02-28 12:41:29 +01:00
pgp.c
commands/pgp: Unregister the "check_signatures" hooks on module unload
2025-02-13 15:45:55 +01:00
probe.c
guid: Make use of GUID printf format specifier
2023-06-01 11:45:00 +02:00
read.c
commands/read: Fix an integer overflow when supplying more than 2^31 characters
2025-02-13 15:45:56 +01:00
reboot.c
Add noreturn attributes and remove unreachable code.
2011-12-13 15:13:51 +01:00
regexp.c
commands/regexp: Fix typo
2023-07-03 14:10:01 +02:00
search_file.c
* grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete
2012-02-03 11:46:18 +01:00
search_label.c
* grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete
2012-02-03 11:46:18 +01:00
search_uuid.c
* grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete
2012-02-03 11:46:18 +01:00
search_wrap.c
commands/search: Add new --efidisk-only option for EFI systems
2022-04-04 18:07:04 +02:00
search.c
commands/search: Add new --efidisk-only option for EFI systems
2022-04-04 18:07:04 +02:00
setpci.c
commands/setpci: Honor write mask argument
2021-09-06 15:08:23 +02:00
sleep.c
kern/term: Accept ESC, F4 and holding SHIFT as user interrupt keys
2020-04-21 22:13:44 +02:00
smbios.c
smbios: Add a --linux argument to apply linux modalias-like filtering
2020-03-10 21:35:02 +01:00
syslinuxcfg.c
commands/syslinux: Add missing free.
2015-01-24 21:23:25 +01:00
terminal.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
test.c
commands/test: Stack overflow due to unlimited recursion depth
2025-02-13 15:45:56 +01:00
testload.c
disk: Allow read hook callback to take read buffer to potentially modify it
2022-07-04 14:43:25 +02:00
testspeed.c
verifiers: File type for fine-grained signature-verification controlling
2018-11-09 13:25:31 +01:00
time.c
Improve string. Gettextize.
2012-02-12 15:25:25 +01:00
tpm.c
commands/tpm: Skip loopback image measurement
2024-10-10 13:04:37 +02:00
tr.c
commands/tr: Simplify and fix missing parameter test.
2015-01-24 21:25:42 +01:00
true.c
* grub-core/commands/acpihalt.c: Add TRANSLATORS comments.
2012-03-03 12:59:28 +01:00
usbtest.c
usbtest: Disable gcc9 -Waddress-of-packed-member
2019-04-23 11:37:08 +02:00
videoinfo.c
commands/videoinfo: Prevent crash when run while video driver already active
2023-08-14 18:04:04 +02:00
videotest.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
wildcard.c
commands: Remove trailing whitespaces
2022-03-14 15:44:26 +01:00
xnu_uuid.c
* grub-core/commands/xnu_uuid.c: Remove variable length arrays.
2013-11-12 01:19:34 +01:00