Attachment 21171 Details for Bug 58785 – patch

[patch] patch

0001-Add-automatic-partition-decryption-using-tpm2-if-sea.patch (text/plain), 1.81 KB, created by Арсений on 2026-04-17 15:27:58 MSK

(hide)

Description:

Filename:

MIME Type:

Creator: Арсений

Created: 2026-04-17 15:27:58 MSK

Size: 1.81 KB

patch

obsolete

>From f30cc7e0392af0f1913ef4e09e37069e656a10f6 Mon Sep 17 00:00:00 2001
>From: Arseniy Romenskiy <romenskiy@altlinux.org>
>Date: Thu, 16 Apr 2026 03:55:39 +0300
>Subject: [PATCH 1/2] Add automatic partition decryption using tpm2 if
> sealed.tpm is available
>
>---
> altlinux/grub-efi-install | 25 +++++++++++++++++++++++--
> 1 file changed, 23 insertions(+), 2 deletions(-)
>
>diff --git a/altlinux/grub-efi-install b/altlinux/grub-efi-install
>index 6e25782ef..1e700e40d 100755
>--- a/altlinux/grub-efi-install
>+++ b/altlinux/grub-efi-install
>@@ -265,11 +265,32 @@ generate_grub_cfg() {
>         local crypto_uuids
>         crypto_uuids="$(grub-probe --target=cryptodisk_uuid "$boot_directory/grub")" \
>             || die $EXIT_PREFLIGHT "failed to determine cryptodisk UUIDs via grub-probe"
>-        local uuid
>+
>+        local sealed_tpm esp_uuid use_tpm2 uuid
>+        sealed_tpm="/boot/efi/EFI/altlinux/sealed.tpm"
>+        use_tpm2=
>+
>+        if [ -f "$sealed_tpm" ]; then
>+            esp_uuid="$(grub-probe --target=fs_uuid /boot/efi)" \
>+                || die $EXIT_PREFLIGHT "failed to determine ESP UUID via grub-probe"
>+
>+            if [ -n "$esp_uuid" ]; then
>+                use_tpm2=1
>+                crypto_content="${crypto_content}search.fs_uuid ${esp_uuid} esp
>+tpm2_key_protector_init -T (\$esp)/EFI/altlinux/sealed.tpm
>+"
>+            fi
>+        fi
>+
>         if [ -n "$crypto_uuids" ]; then
>             while IFS= read -r uuid; do
>-                crypto_content="${crypto_content}cryptomount -A -u ${uuid}
>+                if [ -n "$use_tpm2" ]; then
>+                    crypto_content="${crypto_content}cryptomount -A -u ${uuid} -P tpm2
> "
>+                else
>+                    crypto_content="${crypto_content}cryptomount -A -u ${uuid}
>+"
>+                fi
>             done <<< "$crypto_uuids"
>         fi
>     fi
>-- 
>2.50.1
>

Actions: View | Diff

Attachments on bug 58785: 21171