4cf8c08 Enable tpm module and make system to boot even if TPM measurements fail

Authored and Committed by javierm 3 years ago
    Enable tpm module and make system to boot even if TPM measurements fail
    
    Since GRUB 2.04 there is support for TPM measurements in a tpm module that
    uses the verifiers framework. So this is used now instead of the previous
    downstream patches that we were carrying.
    
    But we forgot to enable this module when rebasing to 2.04 which leads to
    GRUB no longer measuring the kernel, initrd and command line parameters.
    
    One side effect of using the verifiers framework is that if measurements
    fail, GRUB won't be able to open the files since the errors from the tpm
    module are propagated. This means that a firmware with a buggy tpm support
    will prevent the machine to boot, which was not the case with the previous
    downstream patches. Don't propagate the measurement errors to prevent this.
    
    Resolves: rhbz#1836433
    
    Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
    
        
  • Build failed
    failure
    Built as grub2-1:2.04-19.fc33
    3 years ago
file modified
+1 -1
file modified
+1 -0
file modified
+5 -1