nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0152-tpm-Don-t-propagate-TPM-measurement-errors-to-the-ve.patch

5593c8
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
5593c8
From: Javier Martinez Canillas <javierm@redhat.com>
5593c8
Date: Sat, 16 May 2020 11:33:18 +0200
5593c8
Subject: [PATCH] tpm: Don't propagate TPM measurement errors to the verifiers
5593c8
 layer
5593c8
5593c8
Currently if the EFI firmware fails to do a TPM measurement for a file,
5593c8
the error will be propagated to the verifiers framework and so opening
5593c8
the file will not succeed.
5593c8
5593c8
This mean that buggy firmwares will prevent the system to boot since the
5593c8
loader won't be able to open any file. But failing to do TPM measurements
5593c8
shouldn't be a fatal error and the system should still be able to boot.
5593c8
5593c8
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
5593c8
---
5593c8
 grub-core/commands/tpm.c | 14 +++++++-------
5593c8
 1 file changed, 7 insertions(+), 7 deletions(-)
5593c8
5593c8
diff --git a/grub-core/commands/tpm.c b/grub-core/commands/tpm.c
d3c3ab
index 2052c36eaba..e287d042e6b 100644
5593c8
--- a/grub-core/commands/tpm.c
5593c8
+++ b/grub-core/commands/tpm.c
5593c8
@@ -42,7 +42,8 @@ grub_tpm_verify_init (grub_file_t io,
5593c8
 static grub_err_t
5593c8
 grub_tpm_verify_write (void *context, void *buf, grub_size_t size)
5593c8
 {
5593c8
-  return grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context);
5593c8
+  grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context);
5593c8
+  return GRUB_ERR_NONE;
5593c8
 }
5593c8
 
5593c8
 static grub_err_t
5593c8
@@ -50,7 +51,6 @@ grub_tpm_verify_string (char *str, enum grub_verify_string_type type)
5593c8
 {
5593c8
   const char *prefix = NULL;
5593c8
   char *description;
5593c8
-  grub_err_t status;
5593c8
 
5593c8
   switch (type)
5593c8
     {
5593c8
@@ -66,15 +66,15 @@ grub_tpm_verify_string (char *str, enum grub_verify_string_type type)
5593c8
     }
5593c8
   description = grub_malloc (grub_strlen (str) + grub_strlen (prefix) + 1);
5593c8
   if (!description)
5593c8
-    return grub_errno;
5593c8
+    return GRUB_ERR_NONE;
5593c8
   grub_memcpy (description, prefix, grub_strlen (prefix));
5593c8
   grub_memcpy (description + grub_strlen (prefix), str,
5593c8
 	       grub_strlen (str) + 1);
5593c8
-  status =
5593c8
-    grub_tpm_measure ((unsigned char *) str, grub_strlen (str),
5593c8
-		      GRUB_STRING_PCR, description);
5593c8
+
5593c8
+  grub_tpm_measure ((unsigned char *) str, grub_strlen (str), GRUB_STRING_PCR,
5593c8
+                    description);
5593c8
   grub_free (description);
5593c8
-  return status;
5593c8
+  return GRUB_ERR_NONE;
5593c8
 }
5593c8
 
5593c8
 struct grub_file_verifier grub_tpm_verifier = {