| Message ID | 20211126050055.765911-1-ruchika.gupta@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | [v6,1/3] efi_loader: Add check for event log passed from firmware | expand |
On 11/26/21 06:00, Ruchika Gupta wrote: > Platforms may have support to measure their initial firmware components > and pass the event log to u-boot. The event log address can be passed > in property tpm_event_log_addr and tpm_event_log_size of the tpm node. > Platforms may choose their own specific mechanism to do so. A weak > function is added to check if even log has been passed to u-boot > from earlier firmware components. If available, the eventlog is parsed > to check for its correctness and further event logs are appended to the > passed log. > > Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> > Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> > Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> > --- > v6: No change > > v5: > Shift the efi_init_event_log() to a different location in the file. > This help fixes compilation issue introduced by calling efi_append_scrtm_version() > from it. > > v4: > Add SCRTM version to log only if previous firmware doesn't pass the eventlog > > v3: > Return as soon as you detect error > > v2: > Moved firmware eventlog code parsing to tcg2_get_fw_eventlog() > > lib/efi_loader/efi_tcg2.c | 438 ++++++++++++++++++++++++++++++++------ > 1 file changed, 369 insertions(+), 69 deletions(-) > > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c > index 8c1f22e337..a789c44660 100644 > --- a/lib/efi_loader/efi_tcg2.c > +++ b/lib/efi_loader/efi_tcg2.c > @@ -324,6 +324,45 @@ __weak efi_status_t platform_get_tpm2_device(struct udevice **dev) > return EFI_NOT_FOUND; > } > > +/** > + * platform_get_eventlog() - retrieve the eventlog address and size > + * > + * This function retrieves the eventlog address and size if the underlying > + * firmware has done some measurements and passed them. > + * > + * This function may be overridden based on platform specific method of > + * passing the eventlog address and size. > + * > + * @dev: udevice > + * @addr: eventlog address > + * @sz: eventlog size > + * Return: status code > + */ > +__weak efi_status_t platform_get_eventlog(struct udevice *dev, u64 *addr, > + u32 *sz) This function must be declared in a header to be overridden. > +{ > + const u64 *basep; > + const u32 *sizep; > + > + basep = dev_read_prop(dev, "tpm_event_log_addr", NULL); > + if (!basep) > + return EFI_NOT_FOUND; > + > + *addr = be64_to_cpup((__force __be64 *)basep); > + > + sizep = dev_read_prop(dev, "tpm_event_log_size", NULL); > + if (!sizep) > + return EFI_NOT_FOUND; > + > + *sz = be32_to_cpup((__force __be32 *)sizep); > + if (*sz == 0) { > + log_debug("event log empty\n"); > + return EFI_NOT_FOUND; > + } > + > + return EFI_SUCCESS; > +} > + > /** > * tpm2_get_max_command_size() - get the supported max command size > * > @@ -1181,6 +1220,250 @@ static const struct efi_tcg2_protocol efi_tcg2_protocol = { > .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks, > }; > > +/** > + * parse_event_log_header() - Parse and verify the event log header fields > + * > + * @buffer: Pointer to the event header > + * @size: Size of the eventlog > + * @pos: Position in buffer after event log header > + * > + * Return: status code > + */ > +efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos) This function should be declared in a header or be static. Should buffer have type struct tcg_pcr_event *? > +{ > + struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer; > + int i = 0; > + > + if (size < sizeof(*event_header)) > + return EFI_COMPROMISED_DATA; > + > + if (get_unaligned_le32(&event_header->pcr_index) != 0 || > + get_unaligned_le32(&event_header->event_type) != EV_NO_ACTION) > + return EFI_COMPROMISED_DATA; > + > + for (i = 0; i < sizeof(event_header->digest); i++) { > + if (event_header->digest[i] != 0) if (event_header->digest[i]) > + return EFI_COMPROMISED_DATA; > + } > + > + *pos += sizeof(*event_header); Do you re > + > + return EFI_SUCCESS; > +} > + > +/** > + * parse_specid_event() - Parse and verify the specID Event in the eventlog > + * > + * @dev: udevice > + * @buffer: Pointer to the start of the eventlog > + * @log_size: Size of the eventlog > + * @pos: Offset in the evenlog where specID event starts > + * > + * Return: status code > + * @pos Offset in the eventlog where the specID event ends Duplicate line > + * @digest_list: list of digests in the event Misplaced line > + */ > +efi_status_t parse_specid_event(struct udevice *dev, void *buffer, u32 log_size, > + u32 *pos, > + struct tpml_digest_values *digest_list) > +{ This function should be declared in a header or be static. > + struct tcg_efi_spec_id_event *spec_event; > + struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer; > + size_t spec_event_size; > + u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0; > + u32 spec_active = 0; > + u16 hash_alg, hash_sz; > + u8 vendor_sz; > + int err, i; > + > + /* Check specID event data */ > + spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer + *pos); > + /* Check for signature */ > + if (memcmp(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, > + sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) { > + log_err("specID Event: Signature mismatch\n"); > + return EFI_COMPROMISED_DATA; > + } > + > + if (spec_event->spec_version_minor != > + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || > + spec_event->spec_version_major != > + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) > + return EFI_COMPROMISED_DATA; > + > + if (spec_event->number_of_algorithms > MAX_HASH_COUNT || > + spec_event->number_of_algorithms < 1) { > + log_err("specID Event: Number of algorithms incorrect\n"); > + return EFI_COMPROMISED_DATA; > + } > + > + alg_count = spec_event->number_of_algorithms; > + > + err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count); > + if (err) > + return EFI_DEVICE_ERROR; > + > + digest_list->count = 0; > + /* > + * We may need to worry about the order of algs in this structure as %s/algs/algorithms/ > + * subsequent entries in event should be in same order "We need to worry" sounds like a FIXME. Is there anything to fix or do you mean: We have to take care that the sequence of algorithms that we record in digest_list matches the sequence in the event log. > + */ > + for (i = 0; i < alg_count; i++) { > + hash_alg = > + get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id); > + hash_sz = > + get_unaligned_le16(&spec_event->digest_sizes[i].digest_size); > + > + if (!(supported & alg_to_mask(hash_alg))) { > + log_err("specID Event: Unsupported algorithm\n"); > + return EFI_COMPROMISED_DATA; > + } > + digest_list->digests[digest_list->count++].hash_alg = hash_alg; > + > + spec_active |= alg_to_mask(hash_alg); > + } > + > + /* TCG spec expects the event log to have hashes for all active PCR's */ The TCG specification > + if (spec_active != active) { > + /* > + * Previous stage bootloader should know all the active PCR's > + * and use them in the Eventlog. > + */ > + log_err("specID Event: All active hash alg not present\n"); > + return EFI_COMPROMISED_DATA; > + } > + > + /* > + * the size of the spec event and placement of vendor_info_size > + * depends on supported algoriths > + */ > + spec_event_size = > + offsetof(struct tcg_efi_spec_id_event, digest_sizes) + > + alg_count * sizeof(spec_event->digest_sizes[0]); > + > + vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos + spec_event_size); > + > + spec_event_size += sizeof(vendor_sz) + vendor_sz; > + *pos += spec_event_size; > + > + if (get_unaligned_le32(&event_header->event_size) != spec_event_size) { > + log_err("specID event: header event size mismatch\n"); > + /* Right way to handle this can be to call SetActive PCR's */ > + return EFI_COMPROMISED_DATA; > + } > + > + return EFI_SUCCESS; > +} > + Missing function description > +efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer, u32 log_size, > + u32 *offset, struct tpml_digest_values *digest_list, > + u32 *pcr) Exported functions should be declared in a header. Or should this function be static? > +{ > + struct tcg_pcr_event2 *event = NULL; > + u32 event_type, count, size, event_size; > + size_t pos; > + > + if (*offset > log_size) > + return EFI_COMPROMISED_DATA; > + > + event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset); > + > + *pcr = get_unaligned_le32(&event->pcr_index); > + > + event_size = tcg_event_final_size(digest_list); > + > + if (*offset + event_size > log_size) { > + log_err("Event exceeds log size\n"); > + return EFI_COMPROMISED_DATA; > + } > + > + event_type = get_unaligned_le32(&event->event_type); > + > + /* get the count */ > + count = get_unaligned_le32(&event->digests.count); > + if (count != digest_list->count) > + return EFI_COMPROMISED_DATA; > + > + pos = offsetof(struct tcg_pcr_event2, digests); > + pos += offsetof(struct tpml_digest_values, digests); > + > + for (int i = 0; i < digest_list->count; i++) { > + u16 alg; > + u16 hash_alg = digest_list->digests[i].hash_alg; > + u8 *digest = (u8 *)&digest_list->digests[i].digest; > + > + alg = get_unaligned_le16((void *)((uintptr_t)event + pos)); > + > + if (alg != hash_alg) > + return EFI_COMPROMISED_DATA; > + > + pos += offsetof(struct tpmt_ha, digest); > + memcpy(digest, (void *)((uintptr_t)event + pos), alg_to_len(hash_alg)); > + pos += alg_to_len(hash_alg); > + } > + > + size = get_unaligned_le32((void *)((uintptr_t)event + pos)); > + event_size += size; > + pos += sizeof(u32); /* tcg_pcr_event2 event_size*/ > + pos += size; > + > + /* make sure the calculated buffer is what we checked against */ > + if (pos != event_size) > + return EFI_COMPROMISED_DATA; > + > + if (pos > log_size) > + return EFI_COMPROMISED_DATA; > + > + *offset += pos; > + > + return EFI_SUCCESS; > +} > + Missing function description. > +efi_status_t tcg2_get_fw_eventlog(struct udevice *dev, void *log_buffer, > + size_t *log_sz) This function should be declared in a header or should be static. > +{ > + struct tpml_digest_values digest_list; > + void *buffer; > + efi_status_t ret; > + u32 pcr, pos; > + u64 base; > + u32 sz; > + > + ret = platform_get_eventlog(dev, &base, &sz); > + if (ret != EFI_SUCCESS) > + return ret; > + > + if (sz > TPM2_EVENT_LOG_SIZE) > + return EFI_VOLUME_FULL; > + > + buffer = (void *)base; Superfluous conversion. > + pos = 0; > + /* Parse the eventlog to check for its validity */ > + ret = parse_event_log_header(buffer, sz, &pos); > + if (ret || pos > sz) if (ret != EFI_SUCCESS The check pos > sz should be done in the called function to avoid a buffer overlow. > + return EFI_COMPROMISED_DATA; Simply return ret. > + > + ret = parse_specid_event(dev, buffer, sz, &pos, &digest_list); > + if (ret || pos > sz) { ditto > + log_err("Error parsing SPEC ID Event\n"); > + return EFI_COMPROMISED_DATA; > + } > + > + while (pos < sz) { > + ret = tcg2_parse_event(dev, buffer, sz, &pos, &digest_list, > + &pcr); > + if (ret) { > + log_err("Error parsing event\n"); > + return ret; > + } > + } > + > + memcpy(log_buffer, buffer, sz); > + *log_sz = sz; > + > + return ret; > +} > + > /** > * create_specid_event() - Create the first event in the eventlog > * > @@ -1312,69 +1595,6 @@ out: > return ret; > } > > -/** > - * efi_init_event_log() - initialize an eventlog > - */ > -static efi_status_t efi_init_event_log(void) > -{ > - /* > - * vendor_info_size is currently set to 0, we need to change the length > - * and allocate the flexible array member if this changes > - */ > - struct tcg_pcr_event *event_header = NULL; > - struct udevice *dev; > - size_t spec_event_size; > - efi_status_t ret; > - > - ret = platform_get_tpm2_device(&dev); > - if (ret != EFI_SUCCESS) > - goto out; > - > - ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE, > - (void **)&event_log.buffer); > - if (ret != EFI_SUCCESS) > - goto out; > - > - /* > - * initialize log area as 0xff so the OS can easily figure out the > - * last log entry > - */ > - memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); > - event_log.pos = 0; > - event_log.last_event_size = 0; > - event_log.get_event_called = false; > - event_log.ebs_called = false; > - event_log.truncated = false; > - > - /* > - * The log header is defined to be in SHA1 event log entry format. > - * Setup event header > - */ > - event_header = (struct tcg_pcr_event *)event_log.buffer; > - put_unaligned_le32(0, &event_header->pcr_index); > - put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); > - memset(&event_header->digest, 0, sizeof(event_header->digest)); > - ret = create_specid_event(dev, (void *)((uintptr_t)event_log.buffer + sizeof(*event_header)), > - &spec_event_size); > - if (ret != EFI_SUCCESS) > - goto free_pool; > - put_unaligned_le32(spec_event_size, &event_header->event_size); > - event_log.pos = spec_event_size + sizeof(*event_header); > - event_log.last_event_size = event_log.pos; > - > - ret = create_final_event(); > - if (ret != EFI_SUCCESS) > - goto free_pool; > - > -out: > - return ret; > - > -free_pool: > - efi_free_pool(event_log.buffer); > - event_log.buffer = NULL; > - return ret; > -} > - > /** > * tcg2_measure_event() - common function to add event log and extend PCR > * > @@ -1427,6 +1647,92 @@ static efi_status_t efi_append_scrtm_version(struct udevice *dev) > return ret; > } > > +/** > + * efi_init_event_log() - initialize an eventlog Please, add a line describing the return value. > + */ > +static efi_status_t efi_init_event_log(void) > +{ > + /* > + * vendor_info_size is currently set to 0, we need to change the length > + * and allocate the flexible array member if this changes > + */ > + struct tcg_pcr_event *event_header = NULL; > + struct udevice *dev; > + size_t spec_event_size; > + efi_status_t ret; > + > + ret = platform_get_tpm2_device(&dev); > + if (ret != EFI_SUCCESS) > + goto out; return ret; > + > + ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE, > + (void **)&event_log.buffer); > + if (ret != EFI_SUCCESS) > + goto out; return ret; > + > + /* > + * initialize log area as 0xff so the OS can easily figure out the > + * last log entry Where is this standardized? EFI_TCG2_PROTOCOL.GetEventLog() returns EventLogLastEntry to indicate the last log entry. > + */ > + memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); > + > + /* > + * The log header is defined to be in SHA1 event log entry format. > + * Setup event header > + */ > + event_header = (struct tcg_pcr_event *)event_log.buffer; > + event_log.pos = 0; > + event_log.last_event_size = 0; > + event_log.get_event_called = false; > + event_log.ebs_called = false; > + event_log.truncated = false; > + > + /* > + * Check if earlier firmware have passed any eventlog. Different > + * platforms can use different ways to do so > + */ > + ret = tcg2_get_fw_eventlog(dev, event_log.buffer, &event_log.pos); > + /* > + * If earlier firmware hasn't passed any eventlog, go ahead and > + * create the eventlog header %s/header/header./ > + */ > + if (ret == EFI_NOT_FOUND) { > + put_unaligned_le32(0, &event_header->pcr_index); > + put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); > + memset(&event_header->digest, 0, sizeof(event_header->digest)); > + ret = create_specid_event(dev, > + (void *)((uintptr_t)event_log.buffer + > + sizeof(*event_header)), > + &spec_event_size); > + if (ret != EFI_SUCCESS) > + goto free_pool; > + put_unaligned_le32(spec_event_size, &event_header->event_size); > + event_log.pos = spec_event_size + sizeof(*event_header); > + event_log.last_event_size = event_log.pos; > + > + /* > + * Add SCRTM version to the log if previous firmmware > + * doesn't pass an eventlog > + */ > + ret = efi_append_scrtm_version(dev); > + } > + > + if (ret != EFI_SUCCESS) > + goto free_pool; > + > + ret = create_final_event(); > + if (ret != EFI_SUCCESS) > + goto free_pool; > + > +out: > + return ret; As you don't do anything here I would prefer removing the label out: Best regards Heinrich > + > +free_pool: > + efi_free_pool(event_log.buffer); > + event_log.buffer = NULL; > + return ret; > +} > + > /** > * tcg2_measure_variable() - add variable event log and extend PCR > * > @@ -1963,12 +2269,6 @@ efi_status_t efi_tcg2_register(void) > if (ret != EFI_SUCCESS) > goto fail; > > - ret = efi_append_scrtm_version(dev); > - if (ret != EFI_SUCCESS) { > - tcg2_uninit(); > - goto fail; > - } > - > ret = efi_add_protocol(efi_root, &efi_guid_tcg2_protocol, > (void *)&efi_tcg2_protocol); > if (ret != EFI_SUCCESS) { >
Hi Heinrich, > > > + > > + /* > > + * initialize log area as 0xff so the OS can easily figure out the > > + * last log entry > > Where is this standardized? > > EFI_TCG2_PROTOCOL.GetEventLog() returns EventLogLastEntry to indicate > the last log entry. > Indeed. However while I was looking into EDK2 code I found a similar comment [1]. Since EDK2 is used to boot windows as well I assumed that was a good policy to keep. > > + */ > > + memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); > > + > > + /* > > + * The log header is defined to be in SHA1 event log entry format. > > + * Setup event header > > + */ [...] [1] https://github.com/tianocore/edk2/blob/master/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c#L1578 Cheers /Ilias
Hi Heinrich, On Fri, 26 Nov 2021 at 13:01, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote: > On 11/26/21 06:00, Ruchika Gupta wrote: > > Platforms may have support to measure their initial firmware components > > and pass the event log to u-boot. The event log address can be passed > > in property tpm_event_log_addr and tpm_event_log_size of the tpm node. > > Platforms may choose their own specific mechanism to do so. A weak > > function is added to check if even log has been passed to u-boot > > from earlier firmware components. If available, the eventlog is parsed > > to check for its correctness and further event logs are appended to the > > passed log. > > > > Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> > > Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> > > Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> > > --- > > v6: No change > > > > v5: > > Shift the efi_init_event_log() to a different location in the file. > > This help fixes compilation issue introduced by calling > efi_append_scrtm_version() > > from it. > > > > v4: > > Add SCRTM version to log only if previous firmware doesn't pass the > eventlog > > > > v3: > > Return as soon as you detect error > > > > v2: > > Moved firmware eventlog code parsing to tcg2_get_fw_eventlog() > > > > lib/efi_loader/efi_tcg2.c | 438 ++++++++++++++++++++++++++++++++------ > > 1 file changed, 369 insertions(+), 69 deletions(-) > > > > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c > > index 8c1f22e337..a789c44660 100644 > > --- a/lib/efi_loader/efi_tcg2.c > > +++ b/lib/efi_loader/efi_tcg2.c > > @@ -324,6 +324,45 @@ __weak efi_status_t platform_get_tpm2_device(struct > udevice **dev) > > return EFI_NOT_FOUND; > > } > > > > +/** > > + * platform_get_eventlog() - retrieve the eventlog address and size > > + * > > + * This function retrieves the eventlog address and size if the > underlying > > + * firmware has done some measurements and passed them. > > + * > > + * This function may be overridden based on platform specific method of > > + * passing the eventlog address and size. > > + * > > + * @dev: udevice > > + * @addr: eventlog address > > + * @sz: eventlog size > > + * Return: status code > > + */ > > +__weak efi_status_t platform_get_eventlog(struct udevice *dev, u64 > *addr, > > + u32 *sz) > > This function must be declared in a header to be overridden. > > > +{ > > + const u64 *basep; > > + const u32 *sizep; > > + > > + basep = dev_read_prop(dev, "tpm_event_log_addr", NULL); > > + if (!basep) > > + return EFI_NOT_FOUND; > > + > > + *addr = be64_to_cpup((__force __be64 *)basep); > > + > > + sizep = dev_read_prop(dev, "tpm_event_log_size", NULL); > > + if (!sizep) > > + return EFI_NOT_FOUND; > > + > > + *sz = be32_to_cpup((__force __be32 *)sizep); > > + if (*sz == 0) { > > + log_debug("event log empty\n"); > > + return EFI_NOT_FOUND; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > /** > > * tpm2_get_max_command_size() - get the supported max command size > > * > > @@ -1181,6 +1220,250 @@ static const struct efi_tcg2_protocol > efi_tcg2_protocol = { > > .get_result_of_set_active_pcr_banks = > efi_tcg2_get_result_of_set_active_pcr_banks, > > }; > > > > +/** > > + * parse_event_log_header() - Parse and verify the event log header > fields > > + * > > + * @buffer: Pointer to the event header > > + * @size: Size of the eventlog > > + * @pos: Position in buffer after event log header > > + * > > + * Return: status code > > + */ > > +efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos) > > This function should be declared in a header or be static. > > Should buffer have type struct tcg_pcr_event *? > Since buffer points to the complete eventlog, it would be probably better to keep it as it is i.e void *. I will correct the description of this parameter in the function description to avoid confusion. > > +{ > > + struct tcg_pcr_event *event_header = (struct tcg_pcr_event > *)buffer; > > + int i = 0; > > + > > + if (size < sizeof(*event_header)) > > + return EFI_COMPROMISED_DATA; > > + > > + if (get_unaligned_le32(&event_header->pcr_index) != 0 || > > + get_unaligned_le32(&event_header->event_type) != EV_NO_ACTION) > > + return EFI_COMPROMISED_DATA; > > + > > + for (i = 0; i < sizeof(event_header->digest); i++) { > > + if (event_header->digest[i] != 0) > > if (event_header->digest[i]) > > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + *pos += sizeof(*event_header); > > Do you re > Probably you are asking about parameter pos here. pos points to the offset in the buffer where the next event starts (after the event header) > > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + * parse_specid_event() - Parse and verify the specID Event in the > eventlog > > + * > > + * @dev: udevice > > + * @buffer: Pointer to the start of the eventlog > > + * @log_size: Size of the eventlog > > + * @pos: Offset in the evenlog where specID event starts > > + * > > + * Return: status code > > + * @pos Offset in the eventlog where the specID > event ends > > Duplicate line > > > + * @digest_list: list of digests in the event > > Misplaced line > > > + */ > > +efi_status_t parse_specid_event(struct udevice *dev, void *buffer, u32 > log_size, > > + u32 *pos, > > + struct tpml_digest_values *digest_list) > > +{ > > This function should be declared in a header or be static. > > > + struct tcg_efi_spec_id_event *spec_event; > > + struct tcg_pcr_event *event_header = (struct tcg_pcr_event > *)buffer; > > + size_t spec_event_size; > > + u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0; > > + u32 spec_active = 0; > > + u16 hash_alg, hash_sz; > > + u8 vendor_sz; > > + int err, i; > > + > > + /* Check specID event data */ > > + spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer + > *pos); > > + /* Check for signature */ > > + if (memcmp(spec_event->signature, > TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, > > + sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) { > > + log_err("specID Event: Signature mismatch\n"); > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + if (spec_event->spec_version_minor != > > + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || > > + spec_event->spec_version_major != > > + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) > > + return EFI_COMPROMISED_DATA; > > + > > + if (spec_event->number_of_algorithms > MAX_HASH_COUNT || > > + spec_event->number_of_algorithms < 1) { > > + log_err("specID Event: Number of algorithms incorrect\n"); > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + alg_count = spec_event->number_of_algorithms; > > + > > + err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count); > > + if (err) > > + return EFI_DEVICE_ERROR; > > + > > + digest_list->count = 0; > > + /* > > + * We may need to worry about the order of algs in this structure > as > > %s/algs/algorithms/ > > > + * subsequent entries in event should be in same order > > "We need to worry" sounds like a FIXME. Is there anything to fix or do > you mean: > > We have to take care that the sequence of algorithms that we record in > digest_list matches the sequence in the event log. > > > + */ > > + for (i = 0; i < alg_count; i++) { > > + hash_alg = > > + > get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id); > > + hash_sz = > > + > get_unaligned_le16(&spec_event->digest_sizes[i].digest_size); > > + > > + if (!(supported & alg_to_mask(hash_alg))) { > > + log_err("specID Event: Unsupported algorithm\n"); > > + return EFI_COMPROMISED_DATA; > > + } > > + digest_list->digests[digest_list->count++].hash_alg = > hash_alg; > > + > > + spec_active |= alg_to_mask(hash_alg); > > + } > > + > > + /* TCG spec expects the event log to have hashes for all active > PCR's */ > > The TCG specification > > > + if (spec_active != active) { > > + /* > > + * Previous stage bootloader should know all the active > PCR's > > + * and use them in the Eventlog. > > + */ > > + log_err("specID Event: All active hash alg not present\n"); > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + /* > > + * the size of the spec event and placement of vendor_info_size > > + * depends on supported algoriths > > + */ > > + spec_event_size = > > + offsetof(struct tcg_efi_spec_id_event, digest_sizes) + > > + alg_count * sizeof(spec_event->digest_sizes[0]); > > + > > + vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos + > spec_event_size); > > + > > + spec_event_size += sizeof(vendor_sz) + vendor_sz; > > + *pos += spec_event_size; > > + > > + if (get_unaligned_le32(&event_header->event_size) != > spec_event_size) { > > + log_err("specID event: header event size mismatch\n"); > > + /* Right way to handle this can be to call SetActive PCR's > */ > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > Missing function description > > > +efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer, u32 > log_size, > > + u32 *offset, struct tpml_digest_values > *digest_list, > > + u32 *pcr) > > Exported functions should be declared in a header. > Or should this function be static? > > > +{ > > + struct tcg_pcr_event2 *event = NULL; > > + u32 event_type, count, size, event_size; > > + size_t pos; > > + > > + if (*offset > log_size) > > + return EFI_COMPROMISED_DATA; > > + > > + event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset); > > + > > + *pcr = get_unaligned_le32(&event->pcr_index); > > + > > + event_size = tcg_event_final_size(digest_list); > > + > > + if (*offset + event_size > log_size) { > > + log_err("Event exceeds log size\n"); > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + event_type = get_unaligned_le32(&event->event_type); > > + > > + /* get the count */ > > + count = get_unaligned_le32(&event->digests.count); > > + if (count != digest_list->count) > > + return EFI_COMPROMISED_DATA; > > + > > + pos = offsetof(struct tcg_pcr_event2, digests); > > + pos += offsetof(struct tpml_digest_values, digests); > > + > > + for (int i = 0; i < digest_list->count; i++) { > > + u16 alg; > > + u16 hash_alg = digest_list->digests[i].hash_alg; > > + u8 *digest = (u8 *)&digest_list->digests[i].digest; > > + > > + alg = get_unaligned_le16((void *)((uintptr_t)event + pos)); > > + > > + if (alg != hash_alg) > > + return EFI_COMPROMISED_DATA; > > + > > + pos += offsetof(struct tpmt_ha, digest); > > + memcpy(digest, (void *)((uintptr_t)event + pos), > alg_to_len(hash_alg)); > > + pos += alg_to_len(hash_alg); > > + } > > + > > + size = get_unaligned_le32((void *)((uintptr_t)event + pos)); > > + event_size += size; > > + pos += sizeof(u32); /* tcg_pcr_event2 event_size*/ > > + pos += size; > > + > > + /* make sure the calculated buffer is what we checked against */ > > + if (pos != event_size) > > + return EFI_COMPROMISED_DATA; > > + > > + if (pos > log_size) > > + return EFI_COMPROMISED_DATA; > > + > > + *offset += pos; > > + > > + return EFI_SUCCESS; > > +} > > + > > Missing function description. > > > +efi_status_t tcg2_get_fw_eventlog(struct udevice *dev, void *log_buffer, > > + size_t *log_sz) > > This function should be declared in a header or should be static. > > > +{ > > + struct tpml_digest_values digest_list; > > + void *buffer; > > + efi_status_t ret; > > + u32 pcr, pos; > > + u64 base; > > + u32 sz; > > + > > + ret = platform_get_eventlog(dev, &base, &sz); > > + if (ret != EFI_SUCCESS) > > + return ret; > > + > > + if (sz > TPM2_EVENT_LOG_SIZE) > > + return EFI_VOLUME_FULL; > > + > > + buffer = (void *)base; > > Superfluous conversion. > Sorry, I didn't get this comment. If you meant removing the typecast, base is u64 so when assigning it to a void pointer, cast would be needed. On removing the case, I get this warning buffer = base; lib/efi_loader/efi_tcg2.c:1518:9: warning: assignment to ‘void *’ from ‘u64’ {aka ‘long long unsigned int’} makes pointer from integer without a cast [-Wint-conversion] 1518 | buffer = base; [...] Regards, Ruchika
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 8c1f22e337..a789c44660 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -324,6 +324,45 @@ __weak efi_status_t platform_get_tpm2_device(struct udevice **dev) return EFI_NOT_FOUND; } +/** + * platform_get_eventlog() - retrieve the eventlog address and size + * + * This function retrieves the eventlog address and size if the underlying + * firmware has done some measurements and passed them. + * + * This function may be overridden based on platform specific method of + * passing the eventlog address and size. + * + * @dev: udevice + * @addr: eventlog address + * @sz: eventlog size + * Return: status code + */ +__weak efi_status_t platform_get_eventlog(struct udevice *dev, u64 *addr, + u32 *sz) +{ + const u64 *basep; + const u32 *sizep; + + basep = dev_read_prop(dev, "tpm_event_log_addr", NULL); + if (!basep) + return EFI_NOT_FOUND; + + *addr = be64_to_cpup((__force __be64 *)basep); + + sizep = dev_read_prop(dev, "tpm_event_log_size", NULL); + if (!sizep) + return EFI_NOT_FOUND; + + *sz = be32_to_cpup((__force __be32 *)sizep); + if (*sz == 0) { + log_debug("event log empty\n"); + return EFI_NOT_FOUND; + } + + return EFI_SUCCESS; +} + /** * tpm2_get_max_command_size() - get the supported max command size * @@ -1181,6 +1220,250 @@ static const struct efi_tcg2_protocol efi_tcg2_protocol = { .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks, }; +/** + * parse_event_log_header() - Parse and verify the event log header fields + * + * @buffer: Pointer to the event header + * @size: Size of the eventlog + * @pos: Position in buffer after event log header + * + * Return: status code + */ +efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos) +{ + struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer; + int i = 0; + + if (size < sizeof(*event_header)) + return EFI_COMPROMISED_DATA; + + if (get_unaligned_le32(&event_header->pcr_index) != 0 || + get_unaligned_le32(&event_header->event_type) != EV_NO_ACTION) + return EFI_COMPROMISED_DATA; + + for (i = 0; i < sizeof(event_header->digest); i++) { + if (event_header->digest[i] != 0) + return EFI_COMPROMISED_DATA; + } + + *pos += sizeof(*event_header); + + return EFI_SUCCESS; +} + +/** + * parse_specid_event() - Parse and verify the specID Event in the eventlog + * + * @dev: udevice + * @buffer: Pointer to the start of the eventlog + * @log_size: Size of the eventlog + * @pos: Offset in the evenlog where specID event starts + * + * Return: status code + * @pos Offset in the eventlog where the specID event ends + * @digest_list: list of digests in the event + */ +efi_status_t parse_specid_event(struct udevice *dev, void *buffer, u32 log_size, + u32 *pos, + struct tpml_digest_values *digest_list) +{ + struct tcg_efi_spec_id_event *spec_event; + struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer; + size_t spec_event_size; + u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0; + u32 spec_active = 0; + u16 hash_alg, hash_sz; + u8 vendor_sz; + int err, i; + + /* Check specID event data */ + spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer + *pos); + /* Check for signature */ + if (memcmp(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, + sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) { + log_err("specID Event: Signature mismatch\n"); + return EFI_COMPROMISED_DATA; + } + + if (spec_event->spec_version_minor != + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || + spec_event->spec_version_major != + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) + return EFI_COMPROMISED_DATA; + + if (spec_event->number_of_algorithms > MAX_HASH_COUNT || + spec_event->number_of_algorithms < 1) { + log_err("specID Event: Number of algorithms incorrect\n"); + return EFI_COMPROMISED_DATA; + } + + alg_count = spec_event->number_of_algorithms; + + err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count); + if (err) + return EFI_DEVICE_ERROR; + + digest_list->count = 0; + /* + * We may need to worry about the order of algs in this structure as + * subsequent entries in event should be in same order + */ + for (i = 0; i < alg_count; i++) { + hash_alg = + get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id); + hash_sz = + get_unaligned_le16(&spec_event->digest_sizes[i].digest_size); + + if (!(supported & alg_to_mask(hash_alg))) { + log_err("specID Event: Unsupported algorithm\n"); + return EFI_COMPROMISED_DATA; + } + digest_list->digests[digest_list->count++].hash_alg = hash_alg; + + spec_active |= alg_to_mask(hash_alg); + } + + /* TCG spec expects the event log to have hashes for all active PCR's */ + if (spec_active != active) { + /* + * Previous stage bootloader should know all the active PCR's + * and use them in the Eventlog. + */ + log_err("specID Event: All active hash alg not present\n"); + return EFI_COMPROMISED_DATA; + } + + /* + * the size of the spec event and placement of vendor_info_size + * depends on supported algoriths + */ + spec_event_size = + offsetof(struct tcg_efi_spec_id_event, digest_sizes) + + alg_count * sizeof(spec_event->digest_sizes[0]); + + vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos + spec_event_size); + + spec_event_size += sizeof(vendor_sz) + vendor_sz; + *pos += spec_event_size; + + if (get_unaligned_le32(&event_header->event_size) != spec_event_size) { + log_err("specID event: header event size mismatch\n"); + /* Right way to handle this can be to call SetActive PCR's */ + return EFI_COMPROMISED_DATA; + } + + return EFI_SUCCESS; +} + +efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer, u32 log_size, + u32 *offset, struct tpml_digest_values *digest_list, + u32 *pcr) +{ + struct tcg_pcr_event2 *event = NULL; + u32 event_type, count, size, event_size; + size_t pos; + + if (*offset > log_size) + return EFI_COMPROMISED_DATA; + + event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset); + + *pcr = get_unaligned_le32(&event->pcr_index); + + event_size = tcg_event_final_size(digest_list); + + if (*offset + event_size > log_size) { + log_err("Event exceeds log size\n"); + return EFI_COMPROMISED_DATA; + } + + event_type = get_unaligned_le32(&event->event_type); + + /* get the count */ + count = get_unaligned_le32(&event->digests.count); + if (count != digest_list->count) + return EFI_COMPROMISED_DATA; + + pos = offsetof(struct tcg_pcr_event2, digests); + pos += offsetof(struct tpml_digest_values, digests); + + for (int i = 0; i < digest_list->count; i++) { + u16 alg; + u16 hash_alg = digest_list->digests[i].hash_alg; + u8 *digest = (u8 *)&digest_list->digests[i].digest; + + alg = get_unaligned_le16((void *)((uintptr_t)event + pos)); + + if (alg != hash_alg) + return EFI_COMPROMISED_DATA; + + pos += offsetof(struct tpmt_ha, digest); + memcpy(digest, (void *)((uintptr_t)event + pos), alg_to_len(hash_alg)); + pos += alg_to_len(hash_alg); + } + + size = get_unaligned_le32((void *)((uintptr_t)event + pos)); + event_size += size; + pos += sizeof(u32); /* tcg_pcr_event2 event_size*/ + pos += size; + + /* make sure the calculated buffer is what we checked against */ + if (pos != event_size) + return EFI_COMPROMISED_DATA; + + if (pos > log_size) + return EFI_COMPROMISED_DATA; + + *offset += pos; + + return EFI_SUCCESS; +} + +efi_status_t tcg2_get_fw_eventlog(struct udevice *dev, void *log_buffer, + size_t *log_sz) +{ + struct tpml_digest_values digest_list; + void *buffer; + efi_status_t ret; + u32 pcr, pos; + u64 base; + u32 sz; + + ret = platform_get_eventlog(dev, &base, &sz); + if (ret != EFI_SUCCESS) + return ret; + + if (sz > TPM2_EVENT_LOG_SIZE) + return EFI_VOLUME_FULL; + + buffer = (void *)base; + pos = 0; + /* Parse the eventlog to check for its validity */ + ret = parse_event_log_header(buffer, sz, &pos); + if (ret || pos > sz) + return EFI_COMPROMISED_DATA; + + ret = parse_specid_event(dev, buffer, sz, &pos, &digest_list); + if (ret || pos > sz) { + log_err("Error parsing SPEC ID Event\n"); + return EFI_COMPROMISED_DATA; + } + + while (pos < sz) { + ret = tcg2_parse_event(dev, buffer, sz, &pos, &digest_list, + &pcr); + if (ret) { + log_err("Error parsing event\n"); + return ret; + } + } + + memcpy(log_buffer, buffer, sz); + *log_sz = sz; + + return ret; +} + /** * create_specid_event() - Create the first event in the eventlog * @@ -1312,69 +1595,6 @@ out: return ret; } -/** - * efi_init_event_log() - initialize an eventlog - */ -static efi_status_t efi_init_event_log(void) -{ - /* - * vendor_info_size is currently set to 0, we need to change the length - * and allocate the flexible array member if this changes - */ - struct tcg_pcr_event *event_header = NULL; - struct udevice *dev; - size_t spec_event_size; - efi_status_t ret; - - ret = platform_get_tpm2_device(&dev); - if (ret != EFI_SUCCESS) - goto out; - - ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE, - (void **)&event_log.buffer); - if (ret != EFI_SUCCESS) - goto out; - - /* - * initialize log area as 0xff so the OS can easily figure out the - * last log entry - */ - memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); - event_log.pos = 0; - event_log.last_event_size = 0; - event_log.get_event_called = false; - event_log.ebs_called = false; - event_log.truncated = false; - - /* - * The log header is defined to be in SHA1 event log entry format. - * Setup event header - */ - event_header = (struct tcg_pcr_event *)event_log.buffer; - put_unaligned_le32(0, &event_header->pcr_index); - put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); - memset(&event_header->digest, 0, sizeof(event_header->digest)); - ret = create_specid_event(dev, (void *)((uintptr_t)event_log.buffer + sizeof(*event_header)), - &spec_event_size); - if (ret != EFI_SUCCESS) - goto free_pool; - put_unaligned_le32(spec_event_size, &event_header->event_size); - event_log.pos = spec_event_size + sizeof(*event_header); - event_log.last_event_size = event_log.pos; - - ret = create_final_event(); - if (ret != EFI_SUCCESS) - goto free_pool; - -out: - return ret; - -free_pool: - efi_free_pool(event_log.buffer); - event_log.buffer = NULL; - return ret; -} - /** * tcg2_measure_event() - common function to add event log and extend PCR * @@ -1427,6 +1647,92 @@ static efi_status_t efi_append_scrtm_version(struct udevice *dev) return ret; } +/** + * efi_init_event_log() - initialize an eventlog + */ +static efi_status_t efi_init_event_log(void) +{ + /* + * vendor_info_size is currently set to 0, we need to change the length + * and allocate the flexible array member if this changes + */ + struct tcg_pcr_event *event_header = NULL; + struct udevice *dev; + size_t spec_event_size; + efi_status_t ret; + + ret = platform_get_tpm2_device(&dev); + if (ret != EFI_SUCCESS) + goto out; + + ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE, + (void **)&event_log.buffer); + if (ret != EFI_SUCCESS) + goto out; + + /* + * initialize log area as 0xff so the OS can easily figure out the + * last log entry + */ + memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); + + /* + * The log header is defined to be in SHA1 event log entry format. + * Setup event header + */ + event_header = (struct tcg_pcr_event *)event_log.buffer; + event_log.pos = 0; + event_log.last_event_size = 0; + event_log.get_event_called = false; + event_log.ebs_called = false; + event_log.truncated = false; + + /* + * Check if earlier firmware have passed any eventlog. Different + * platforms can use different ways to do so + */ + ret = tcg2_get_fw_eventlog(dev, event_log.buffer, &event_log.pos); + /* + * If earlier firmware hasn't passed any eventlog, go ahead and + * create the eventlog header + */ + if (ret == EFI_NOT_FOUND) { + put_unaligned_le32(0, &event_header->pcr_index); + put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); + memset(&event_header->digest, 0, sizeof(event_header->digest)); + ret = create_specid_event(dev, + (void *)((uintptr_t)event_log.buffer + + sizeof(*event_header)), + &spec_event_size); + if (ret != EFI_SUCCESS) + goto free_pool; + put_unaligned_le32(spec_event_size, &event_header->event_size); + event_log.pos = spec_event_size + sizeof(*event_header); + event_log.last_event_size = event_log.pos; + + /* + * Add SCRTM version to the log if previous firmmware + * doesn't pass an eventlog + */ + ret = efi_append_scrtm_version(dev); + } + + if (ret != EFI_SUCCESS) + goto free_pool; + + ret = create_final_event(); + if (ret != EFI_SUCCESS) + goto free_pool; + +out: + return ret; + +free_pool: + efi_free_pool(event_log.buffer); + event_log.buffer = NULL; + return ret; +} + /** * tcg2_measure_variable() - add variable event log and extend PCR * @@ -1963,12 +2269,6 @@ efi_status_t efi_tcg2_register(void) if (ret != EFI_SUCCESS) goto fail; - ret = efi_append_scrtm_version(dev); - if (ret != EFI_SUCCESS) { - tcg2_uninit(); - goto fail; - } - ret = efi_add_protocol(efi_root, &efi_guid_tcg2_protocol, (void *)&efi_tcg2_protocol); if (ret != EFI_SUCCESS) {