From patchwork Thu Sep 2 08:04:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 505725 Delivered-To: patch@linaro.org Received: by 2002:a02:8629:0:0:0:0:0 with SMTP id e38csp997808jai; Thu, 2 Sep 2021 01:04:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyN7i1uM57stnYstoNHEVb2CRQjz9HNoIdAvhBcixOGIhtrcBPrNYin3j/LJR2/uMsxPo1p X-Received: by 2002:a92:c702:: with SMTP id a2mr1423456ilp.210.1630569888763; Thu, 02 Sep 2021 01:04:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630569888; cv=none; d=google.com; s=arc-20160816; b=PNhP2lr0c63/6xIdkVnwS2Lesk+43EvXtbfkEYnvMhm3qAMv63pZ10kLDIrxK9evr8 HbNFZX+H6gAuZZNG4g7lLp3M1dobTOCJnO+mHnu4osZ3eOkOTKuxRL4q6IF6C8A9mYJ0 Yn41pyMRBlilZhgT7Lb7TwQr9Uhpb6VJA/VntoPG7Tp+WAA9qkSFJzr4UB1Qo5GaAByt gBwjNRrJxClo8n4wjig9Bfhz18ulnCtavY64lFONe86dMfGv74jHi71BompI5HHbiaHs sTqQoLMI0FeNGp08wxr5/aucjsq0ELj/lUMjDHzndr+V8hgMRVGLFeqXYmgQPo33+uWb RASQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=VNuAISIZnNWFu8kZfhm0wKZ7ixf3CUgGFSLF/VYbEXQ=; b=lMEsFXkSml5RjNm4v7KiEm/LGJd90ArG77oxsXNuhjFnW5kzJKRjhAShW1bmEHKjRY GW73z2DRk7mN3blVOCQM+s3JMiR11oI3yAVMMjX65VztjL7z0ZW1HQVyW5VfKQowfe64 wljBXRXFjRSM7VjruvfvZMkCq5WG1FfVZfxBeGqnc+grydq5AfuB4fbLVu6D19IsU/1A nA7R5SFaZ157cvf+fcPodcu0uyGnWShmsicMpUS756wKkzZhZOOZ4kr/CuK6Lb6SniqF brFT988kdC7sqdtjSPRiN+hj7ymdDCCsvv5du0W9N4+S4OnSnGkk1Jl7EUpiCJ6aqICJ hU3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Bn1xQ7Jn; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y13si1257581ioq.14.2021.09.02.01.04.48; Thu, 02 Sep 2021 01:04:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Bn1xQ7Jn; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233362AbhIBIFg (ORCPT + 1 other); Thu, 2 Sep 2021 04:05:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44522 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243834AbhIBIFg (ORCPT ); Thu, 2 Sep 2021 04:05:36 -0400 Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0426EC061757 for ; Thu, 2 Sep 2021 01:04:38 -0700 (PDT) Received: by mail-ej1-x631.google.com with SMTP id i21so2357082ejd.2 for ; Thu, 02 Sep 2021 01:04:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=VNuAISIZnNWFu8kZfhm0wKZ7ixf3CUgGFSLF/VYbEXQ=; b=Bn1xQ7JnxXGGQ5nNAQeS+bhlAvGy4WRICjoAQHYNwEJX9ClOahWYz4pNSZHbOoJNUn ltwdw8Ot9RrTkLC/Kzp2JI+J1yVdKRv/wiHTeuHo1ZnyR5G+BrO4odtjvLYNLBj8O+pr OFYAB1fMpk3FP8Y/AGPrSQVAXQTuJ+qOY/MKmZ+8pmv8pcSOKd75qeQfYmTvYWboVbrE aVWIkgViBRgqPFphn5QhrbMDgG3XlKM2lZsdtMCXNBJiMPnt9HzZPVDV3LaW5MeMCPpA t3rei/nObGCcf4Le/nufMknubT3BmN5n5ljoc1vHcTxqY9gkdV1tExWDMO1xye8SIoFa cy5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VNuAISIZnNWFu8kZfhm0wKZ7ixf3CUgGFSLF/VYbEXQ=; b=iUkcOOEpM+IAXuYrcF3UxJ14zkQO7FV6yvTlXHH5GCHUvxJM8vr0QF8CPvYevwrKac uPkabm0YEUARxXq1TvmWjQ2hj4DrbcHiSWFIe315fFJzct5XsaVix/4AtiGVXZJ+UuN1 i05uMKRHbJtXCF1SiE3Lt05mT8nWz2/JjfJWP1Et7AjSzdDr96b8zh0kH//ixsi0cwZD z5hilh2xq57fkDmliyo88VFf0uey/cGd/0cA2zdsPIQBwvpim+E266qdrOp0FDqw1bdQ iqb+cD5gcYjBJpyLcBNR964YAbgTAEr8WXNo0sKFuSj0JrocuDHhyrxVMpwZdHytnsNf Adcg== X-Gm-Message-State: AOAM532ouo2oswpMRDvWcJXP+pVpXVNeSlye2jake6704SueoJN1rnuS HoCOyqKH1ZI3Y5yObmsKVC3QTKClDCBbHw== X-Received: by 2002:a17:906:265a:: with SMTP id i26mr2470405ejc.522.1630569876556; Thu, 02 Sep 2021 01:04:36 -0700 (PDT) Received: from localhost.localdomain (ppp-94-66-220-137.home.otenet.gr. [94.66.220.137]) by smtp.gmail.com with ESMTPSA id m12sm537105ejd.21.2021.09.02.01.04.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Sep 2021 01:04:36 -0700 (PDT) From: Ilias Apalodimas To: linux-efi@vger.kernel.org, ardb@kernel.org, James.Bottomley@hansenpartnership.com Cc: pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com, daniel.kiper@oracle.com, leif@nuviainc.com, Ilias Apalodimas Subject: [PATCH 1/4 v2] efi/libstub: add prototype of efi_tcg2_protocol::hash_log_extend_event() Date: Thu, 2 Sep 2021 11:04:13 +0300 Message-Id: <20210902080416.5461-2-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.32.0.rc0 In-Reply-To: <20210902080416.5461-1-ilias.apalodimas@linaro.org> References: <20210902080416.5461-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Ard Biesheuvel Define the right prototype for efi_tcg2_protocol::hash_log_extend_event() and add the required structs so we can start using it to measure the initrd into the TPM if it was loaded by the EFI stub itself. Co-developed-by: Ilias Apalodimas Signed-off-by: Ilias Apalodimas Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/efi.h | 4 ++++ drivers/firmware/efi/libstub/efistub.h | 29 +++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) -- 2.32.0.rc0 diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h index 4d0b126835b8..85f156f8ef81 100644 --- a/arch/x86/include/asm/efi.h +++ b/arch/x86/include/asm/efi.h @@ -308,6 +308,10 @@ static inline u32 efi64_convert_status(efi_status_t status) #define __efi64_argmap_query_mode(gop, mode, size, info) \ ((gop), (mode), efi64_zero_upper(size), efi64_zero_upper(info)) +/* TCG2 protocol */ +#define __efi64_argmap_hash_log_extend_event(prot, fl, addr, size, ev) \ + ((prot), (fl), 0ULL, (u64)(addr), 0ULL, (u64)(size), 0ULL, ev) + /* * The macros below handle the plumbing for the argument mapping. To add a * mapping for a specific EFI method, simply define a macro diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index cde0a2ef507d..a2825c435158 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -667,6 +667,29 @@ union apple_properties_protocol { typedef u32 efi_tcg2_event_log_format; +#define INITRD_EVENT_TAG_ID 0x8F3B22ECU +#define EV_EVENT_TAG 0x00000006U +#define EFI_TCG2_EVENT_HEADER_VERSION 0x1 + +struct efi_tcg2_event { + u32 event_size; + struct { + u32 header_size; + u16 header_version; + u32 pcr_index; + u32 event_type; + } __packed event_header; + /* u8[] event follows here */ +} __packed; + +struct efi_tcg2_tagged_event { + u32 tagged_event_id; + u32 tagged_event_data_size; + /* u8 tagged event data follows here */ +} __packed; + +typedef struct efi_tcg2_event efi_tcg2_event_t; +typedef struct efi_tcg2_tagged_event efi_tcg2_tagged_event_t; typedef union efi_tcg2_protocol efi_tcg2_protocol_t; union efi_tcg2_protocol { @@ -677,7 +700,11 @@ union efi_tcg2_protocol { efi_physical_addr_t *, efi_physical_addr_t *, efi_bool_t *); - void *hash_log_extend_event; + efi_status_t (__efiapi *hash_log_extend_event)(efi_tcg2_protocol_t *, + u64, + efi_physical_addr_t, + u64, + const efi_tcg2_event_t *); void *submit_command; void *get_active_pcr_banks; void *set_active_pcr_banks; From patchwork Thu Sep 2 08:04:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 505726 Delivered-To: patch@linaro.org Received: by 2002:a02:8629:0:0:0:0:0 with SMTP id e38csp998068jai; Thu, 2 Sep 2021 01:05:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy/fiIxY4gSVOItxTw7H4jSjGESS+ZhasqmgbTvNjEdGVCm6ua9+f53AogTh73fAjexlWyj X-Received: by 2002:a05:6638:2284:: with SMTP id y4mr1811906jas.75.1630569914110; Thu, 02 Sep 2021 01:05:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630569914; cv=none; d=google.com; s=arc-20160816; b=gke4N/xju9yM6XAu6nn9dTY2KSe1WEDAC2Nmhgr7eZddU/dEEiQskiBLFKQbtGV7FC 2eP2U8kRMSuq1oHMRFclmLTAMRzHYfCe3F0yMcygzCWSkUvIIm5PoFvdGH0iabhNvGth uwfXsXfNKvRQAaQLiYEykNkGENtZkGxyvy7RZlSSPmwwyhdENs2yAtH9MqoDfNgOGWuS +f1suKyHER/V34Rf1lxjLR6zVjQZbAAbmcQTBENiuo1cElNxLJ5e+PtgUcr6wGY+DKXp m7Cp7bRyu8dMkSjWzz/WwNORc09chF55t/Ae70rt42j5Hh9TKQuG3W+NMdTVkqOIb15f KE7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=2iiIateKTBWZjYnp/KWTI57EARQY66xop+0IjqBRQms=; b=lbYrFZArn+YeIFQB7lV29giLBtQ7iH/8QG9ZoyUry1S/2I++nz9E4FWgychiQaF8Jd xrxyrHt84YINxZEakCM/6MAVmqN6ip9LE0Wk5GZFE7RLn9EP53ZQkh1dxf1BQ8T4KhDa UIco9lgT9NpJyDvrm3qqSRe+n+ShcvXgG6ClV1SGdk2rrIy6YCzOja+bpp1AJ5/ILhUz dD3UciGlMzm8cYKHwSfUpsSB3PJ1gin+RPeJj5hvhQS8jo1fobewuVTJRlqABm816EXj W70GyQJxnQgcXSanSI83bdX1qQNTyZHxHCpkYpKQHgQNzsJWHnIbge7vNS2PoHCilkMy TDOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hR+d5ry0; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y13si1257581ioq.14.2021.09.02.01.05.13; Thu, 02 Sep 2021 01:05:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=hR+d5ry0; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243979AbhIBIGC (ORCPT + 1 other); Thu, 2 Sep 2021 04:06:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44526 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243834AbhIBIFh (ORCPT ); Thu, 2 Sep 2021 04:05:37 -0400 Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F26FC061575 for ; Thu, 2 Sep 2021 01:04:39 -0700 (PDT) Received: by mail-ej1-x62c.google.com with SMTP id bt14so2358205ejb.3 for ; Thu, 02 Sep 2021 01:04:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2iiIateKTBWZjYnp/KWTI57EARQY66xop+0IjqBRQms=; b=hR+d5ry0uVSHfzVzl/epW0T7mbhbdzoFJYYGEK1aOvt2vRqE8tVGyF6Or0Vl1KfgIX mhdhHKriiHzK155761637Uc8dBDh5S6u/9qWHrKZ07d0eD6ByTKRpBxLUNaDgovzPUkS /l9jCVMNZjtoUPFNDFnwYJZgF0BCZzf8xFh/vufRE5SzSbiuPNZlQgBBoXC9R6JBuVeF 6U7pE0WvB40+wQFJRyF0mqsIWwz0hjTwGaCxHa+x6nI7xNz8uetZleQ/onwVk/JPW/Wa ry/ATjkqZ8Vn33WXJepLIK0jkSKO0ZK9kXWjeyh1dlLv1bsdQgnKVCSR4ZKpYU5OK1Zb iQpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2iiIateKTBWZjYnp/KWTI57EARQY66xop+0IjqBRQms=; b=XnAvcMuTNEW7+ms74QyXSH3b7fGWcYH0rKn055wpCnUXRsin42QMmkZEXnwfsuGC5L lBYP0Ji/atwRP/wbh6W9IiDOiP/FXzzhDAX31ffjM+V4LxVkq1+eJtQpXhi5Obd/Egm1 DAIhKMHrJXPEP9Ffpkwdfk2JFkoOfhwB8VdJ2bpkKjCvFHeB8MCL0dV10AaNrqly2wiR cVYUlsI0eiJAKKx6GPXdjnJGgTINPepAB/nDAbJe6yYGDLTiKzSBkhLYgtHBMUDDpx5N ITsA+/ofWOIdDnGYO4g9drvvmefpPBzTM/Rsy5G1hr3CBVYEZ4nQxHcSI4sXebwJh+H0 8K/Q== X-Gm-Message-State: AOAM531NqrMQZYLNr0Sw7F1hwcp0T/oMqTg/q+zOIZXpdPrDE4BJ+CV7 LTYalB/da+G+50Y9+BKqeFSjaKEmnvEcUA== X-Received: by 2002:a17:906:2c07:: with SMTP id e7mr2509215ejh.87.1630569877956; Thu, 02 Sep 2021 01:04:37 -0700 (PDT) Received: from localhost.localdomain (ppp-94-66-220-137.home.otenet.gr. [94.66.220.137]) by smtp.gmail.com with ESMTPSA id m12sm537105ejd.21.2021.09.02.01.04.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Sep 2021 01:04:37 -0700 (PDT) From: Ilias Apalodimas To: linux-efi@vger.kernel.org, ardb@kernel.org, James.Bottomley@hansenpartnership.com Cc: pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com, daniel.kiper@oracle.com, leif@nuviainc.com, Ilias Apalodimas Subject: [PATCH 2/4 v2] efi/libstub: x86/mixed: increase supported argument count Date: Thu, 2 Sep 2021 11:04:14 +0300 Message-Id: <20210902080416.5461-3-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.32.0.rc0 In-Reply-To: <20210902080416.5461-1-ilias.apalodimas@linaro.org> References: <20210902080416.5461-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Ard Biesheuvel Increase the number of arguments supported by mixed mode calls, so that we will be able to call into the TCG2 protocol to measure the initrd and extend the associated PCR. This involves the TCG2 protocol's hash_log_extend_event() method, which takes five arguments, three of which are u64 and need to be split, producing a total of 8 outgoing arguments. Signed-off-by: Ard Biesheuvel Signed-off-by: Ilias Apalodimas --- arch/x86/boot/compressed/efi_thunk_64.S | 17 ++++++++++++----- arch/x86/include/asm/efi.h | 10 ++++++---- arch/x86/platform/efi/efi_thunk_64.S | 14 ++++++++++++-- 3 files changed, 30 insertions(+), 11 deletions(-) -- 2.32.0.rc0 diff --git a/arch/x86/boot/compressed/efi_thunk_64.S b/arch/x86/boot/compressed/efi_thunk_64.S index 95a223b3e56a..fec6c48d6b30 100644 --- a/arch/x86/boot/compressed/efi_thunk_64.S +++ b/arch/x86/boot/compressed/efi_thunk_64.S @@ -27,8 +27,6 @@ SYM_FUNC_START(__efi64_thunk) push %rbp push %rbx - leaq 1f(%rip), %rbp - movl %ds, %eax push %rax movl %es, %eax @@ -36,19 +34,28 @@ SYM_FUNC_START(__efi64_thunk) movl %ss, %eax push %rax + movq 0x30(%rsp), %rbp + movq 0x38(%rsp), %rbx + movq 0x40(%rsp), %rax + /* * Convert x86-64 ABI params to i386 ABI */ - subq $32, %rsp + subq $48, %rsp movl %esi, 0x0(%rsp) movl %edx, 0x4(%rsp) movl %ecx, 0x8(%rsp) movl %r8d, 0xc(%rsp) movl %r9d, 0x10(%rsp) + movl %ebp, 0x14(%rsp) + movl %ebx, 0x18(%rsp) + movl %eax, 0x1c(%rsp) - leaq 0x14(%rsp), %rbx + leaq 0x20(%rsp), %rbx sgdt (%rbx) + leaq 1f(%rip), %rbp + /* * Switch to gdt with 32-bit segments. This is the firmware GDT * that was installed when the kernel started executing. This @@ -67,7 +74,7 @@ SYM_FUNC_START(__efi64_thunk) pushq %rax lretq -1: addq $32, %rsp +1: addq $48, %rsp movq %rdi, %rax pop %rbx diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h index 85f156f8ef81..a323dbac9182 100644 --- a/arch/x86/include/asm/efi.h +++ b/arch/x86/include/asm/efi.h @@ -46,13 +46,14 @@ extern unsigned long efi_mixed_mode_stack_pa; #define __efi_nargs(...) __efi_nargs_(__VA_ARGS__) #define __efi_nargs_(...) __efi_nargs__(0, ##__VA_ARGS__, \ + __efi_arg_sentinel(9), __efi_arg_sentinel(8), \ __efi_arg_sentinel(7), __efi_arg_sentinel(6), \ __efi_arg_sentinel(5), __efi_arg_sentinel(4), \ __efi_arg_sentinel(3), __efi_arg_sentinel(2), \ __efi_arg_sentinel(1), __efi_arg_sentinel(0)) -#define __efi_nargs__(_0, _1, _2, _3, _4, _5, _6, _7, n, ...) \ +#define __efi_nargs__(_0, _1, _2, _3, _4, _5, _6, _7, _8, _9, n, ...) \ __take_second_arg(n, \ - ({ BUILD_BUG_ON_MSG(1, "__efi_nargs limit exceeded"); 8; })) + ({ BUILD_BUG_ON_MSG(1, "__efi_nargs limit exceeded"); 10; })) #define __efi_arg_sentinel(n) , n /* @@ -176,8 +177,9 @@ extern u64 efi_setup; extern efi_status_t __efi64_thunk(u32, ...); #define efi64_thunk(...) ({ \ - __efi_nargs_check(efi64_thunk, 6, __VA_ARGS__); \ - __efi64_thunk(__VA_ARGS__); \ + u64 __pad[3]; /* must have space for 3 args on the stack */ \ + __efi_nargs_check(efi64_thunk, 9, __VA_ARGS__); \ + __efi64_thunk(__VA_ARGS__, __pad); \ }) static inline bool efi_is_mixed(void) diff --git a/arch/x86/platform/efi/efi_thunk_64.S b/arch/x86/platform/efi/efi_thunk_64.S index fd3dd1708eba..5b7c6e09954e 100644 --- a/arch/x86/platform/efi/efi_thunk_64.S +++ b/arch/x86/platform/efi/efi_thunk_64.S @@ -36,6 +36,17 @@ SYM_CODE_START(__efi64_thunk) movq efi_mixed_mode_stack_pa(%rip), %rsp push %rax + /* + * Copy args passed via the stack + */ + subq $0x24, %rsp + movq 0x18(%rax), %rbp + movq 0x20(%rax), %rbx + movq 0x28(%rax), %rax + movl %ebp, 0x18(%rsp) + movl %ebx, 0x1c(%rsp) + movl %eax, 0x20(%rsp) + /* * Calculate the physical address of the kernel text. */ @@ -47,7 +58,6 @@ SYM_CODE_START(__efi64_thunk) subq %rax, %rbp subq %rax, %rbx - subq $28, %rsp movl %ebx, 0x0(%rsp) /* return address */ movl %esi, 0x4(%rsp) movl %edx, 0x8(%rsp) @@ -60,7 +70,7 @@ SYM_CODE_START(__efi64_thunk) pushq %rdi /* EFI runtime service address */ lretq -1: movq 24(%rsp), %rsp +1: movq 0x20(%rsp), %rsp pop %rbx pop %rbp retq From patchwork Thu Sep 2 08:04:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 505727 Delivered-To: patch@linaro.org Received: by 2002:a02:8629:0:0:0:0:0 with SMTP id e38csp998640jai; Thu, 2 Sep 2021 01:05:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx3yImVttHs02sBmeL9JRl9G2CV95TV7aeQecFISDutCqnGjKc0pnmSlnnliAZtH/gUwzEm X-Received: by 2002:a05:6e02:1846:: with SMTP id b6mr1511952ilv.264.1630569957943; Thu, 02 Sep 2021 01:05:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630569957; cv=none; d=google.com; s=arc-20160816; b=kpxE9mK5s4kK5hftSdHxoRZXgNurugNe5Uw0OJ13OGummqFuDBr0/eqOrbfProW2GK gD3jVPqpsKInFsiJdL9mQkUzwu/jGsCF+4GHICEcCN8Xh8/HYdhdXG24utzCLOKFzLSV n4tjwvsGrJb5naYPONKyz8l0PvdBNBUTKcAZ55m02aqFFLy5zSOQ6rDWMciwdxpYT4Cx UyD350xNIeQn6NWQHanIJkwXch7RncXuuRQkGZtxyGQSZrM/6RavM6F1/eJpUT5BMDQC NLGiNPYvcZvWuGhn7mJ1Chqa/9kdu6v+Ceep9G5S2uxrlKgync5Ls95GZe0gHO40YhFS iRJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=18nH28vGnxJ4QKA30bgcGFqPpjpwglz++tL/h7U6UkM=; b=B5r6yTR53C7ro7wLeJxHZD7fOGvPO1mc23kiUfzaU+iBKQqxDfiV2HmUk39cIe0PEd XozpHvXnQRoKAZInQWRiYLYN/7LpCgVCPJjutBB6OYcUvaQ7RZ1uWsWzaHV06RrjWbYj 8neZPfXxF3fxbBsbt51btnQAgNnkwvUiL9fpQJYQVCQuDYtz9KeRYa0DftetvImHx0kD rkwL63F4VqiE2KIPKb7I2OmP1d9aWG+htuM2FKGYhPJLLpner5vXUhxvjMkiowVxOpL0 rp11q0A3ow3q8tdU6xxRMFxqLRvdlKS2RbzLrpcMuuMYN8oeq0WzVbEyOeA7WwjeF7Uj KUwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=oLHM9Sc7; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y13si1257581ioq.14.2021.09.02.01.05.57; Thu, 02 Sep 2021 01:05:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=oLHM9Sc7; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243834AbhIBIGL (ORCPT + 1 other); Thu, 2 Sep 2021 04:06:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243881AbhIBIFi (ORCPT ); Thu, 2 Sep 2021 04:05:38 -0400 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BDBDBC061757 for ; Thu, 2 Sep 2021 01:04:40 -0700 (PDT) Received: by mail-ej1-x62a.google.com with SMTP id h9so2354021ejs.4 for ; Thu, 02 Sep 2021 01:04:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=18nH28vGnxJ4QKA30bgcGFqPpjpwglz++tL/h7U6UkM=; b=oLHM9Sc7pSG710u3govuiUTVZb+WGiFvUIpnKaLa8whEVq9oU4UXYh4FdAwBsLmeJ8 LkjPsbG8GvcyFF5RR6G7h4sZFU2/H3eatl2NgEYS8z8pj1GPdEIw2bKmlyP5H44nYaE+ JdadjWbGb40gsQCeHmRR9Pe9NeHcep8zU90TnaaAmoO+gyRHRo9K8N/O+c77iYEbMAyH /E5DnBuSuzp3cPk1LkI9hyxtAFeL2tbSMznqDvc27Q55reKIQUby2Jf+PyxlJyXvtvtf StuEhKY6xcD2Gia/kBvOZUvkNzBHd3Q2UJX+Ug0IIuFKR4cxeIOesVPqIoMox9Wj1Tuk z9rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=18nH28vGnxJ4QKA30bgcGFqPpjpwglz++tL/h7U6UkM=; b=WbBZ2nSu9Jb3mFwJXinwCfiWJ01SQID4Y8jO30rM/t8Ltvo5dpU4JsHj8EEVjg7Xkz kcU0rJ6g8yfHTuvqKASeNjLWf4B6nEZTUXCrnnRb8gn9mtARPvpGkQVEhUBsqDjIfwbo 0PuWbtIXGjl4j4QTPNZ5IeDhZefAiGCvyaLNkoh7pO2B0wZ2dmce+NkZSOSSwdYPCOj5 J6AoHOJu92skGx7Viz74OSjwyy09P3Mfh5uBLKbk9ZD5tq7SQtOrUrU3bAOaHx3Pv4Kc XjyZGk4i7KqrMieM5+B4i+cCBvMTJmyPH0hCC7Cef89RqLFQz73J43ncIisedQbPLviM Hlcw== X-Gm-Message-State: AOAM530mLGeGQDi8QLU7py9EWfAX+qNpilmV4GJxOB4S3/u4nhTIRN8F mPUo/NADcJQRJQDJ9au2/SWAOoaMIasAVQ== X-Received: by 2002:a17:907:923:: with SMTP id au3mr2409454ejc.482.1630569879297; Thu, 02 Sep 2021 01:04:39 -0700 (PDT) Received: from localhost.localdomain (ppp-94-66-220-137.home.otenet.gr. [94.66.220.137]) by smtp.gmail.com with ESMTPSA id m12sm537105ejd.21.2021.09.02.01.04.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Sep 2021 01:04:39 -0700 (PDT) From: Ilias Apalodimas To: linux-efi@vger.kernel.org, ardb@kernel.org, James.Bottomley@hansenpartnership.com Cc: pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com, daniel.kiper@oracle.com, leif@nuviainc.com, Ilias Apalodimas Subject: [PATCH 3/4 v2] efi/libstub: consolidate initrd handling across architectures Date: Thu, 2 Sep 2021 11:04:15 +0300 Message-Id: <20210902080416.5461-4-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.32.0.rc0 In-Reply-To: <20210902080416.5461-1-ilias.apalodimas@linaro.org> References: <20210902080416.5461-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Ard Biesheuvel Before adding TPM measurement of the initrd contents, refactor the initrd handling slightly to be more self-contained and consistent. Signed-off-by: Ard Biesheuvel Signed-off-by: Ilias Apalodimas --- .../firmware/efi/libstub/efi-stub-helper.c | 13 +++++++--- drivers/firmware/efi/libstub/efi-stub.c | 10 ++----- drivers/firmware/efi/libstub/efistub.h | 1 - drivers/firmware/efi/libstub/x86-stub.c | 26 +++++++------------ 4 files changed, 21 insertions(+), 29 deletions(-) -- 2.32.0.rc0 diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index aa8da0a49829..72a7e7c4d403 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -20,10 +20,10 @@ bool efi_nochunk; bool efi_nokaslr = !IS_ENABLED(CONFIG_RANDOMIZE_BASE); -bool efi_noinitrd; int efi_loglevel = CONSOLE_LOGLEVEL_DEFAULT; bool efi_novamap; +static bool efi_noinitrd; static bool efi_nosoftreserve; static bool efi_disable_pci_dma = IS_ENABLED(CONFIG_EFI_DISABLE_PCI_DMA); @@ -643,8 +643,10 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image, { efi_status_t status; - if (!load_addr || !load_size) - return EFI_INVALID_PARAMETER; + if (efi_noinitrd) { + *load_addr = *load_size = 0; + return EFI_SUCCESS; + } status = efi_load_initrd_dev_path(load_addr, load_size, hard_limit); if (status == EFI_SUCCESS) { @@ -655,7 +657,10 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image, if (status == EFI_SUCCESS && *load_size > 0) efi_info("Loaded initrd from command line option\n"); } - + if (status != EFI_SUCCESS) { + efi_err("Failed to load initrd: 0x%lx\n", status); + *load_addr = *load_size = 0; + } return status; } diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c index 26e69788f27a..e87e7f1b1a33 100644 --- a/drivers/firmware/efi/libstub/efi-stub.c +++ b/drivers/firmware/efi/libstub/efi-stub.c @@ -134,7 +134,6 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, enum efi_secureboot_mode secure_boot; struct screen_info *si; efi_properties_table_t *prop_tbl; - unsigned long max_addr; efi_system_table = sys_table_arg; @@ -240,13 +239,8 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, if (!fdt_addr) efi_info("Generating empty DTB\n"); - if (!efi_noinitrd) { - max_addr = efi_get_max_initrd_addr(image_addr); - status = efi_load_initrd(image, &initrd_addr, &initrd_size, - ULONG_MAX, max_addr); - if (status != EFI_SUCCESS) - efi_err("Failed to load initrd!\n"); - } + efi_load_initrd(image, &initrd_addr, &initrd_size, ULONG_MAX, + efi_get_max_initrd_addr(image_addr)); efi_random_get_seed(); diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index a2825c435158..edb77b0621ea 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -31,7 +31,6 @@ extern bool efi_nochunk; extern bool efi_nokaslr; -extern bool efi_noinitrd; extern int efi_loglevel; extern bool efi_novamap; diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index f14c4ff5839f..01ddd4502e28 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -673,6 +673,7 @@ unsigned long efi_main(efi_handle_t handle, unsigned long bzimage_addr = (unsigned long)startup_32; unsigned long buffer_start, buffer_end; struct setup_header *hdr = &boot_params->hdr; + unsigned long addr, size; efi_status_t status; efi_system_table = sys_table_arg; @@ -761,22 +762,15 @@ unsigned long efi_main(efi_handle_t handle, * arguments will be processed only if image is not NULL, which will be * the case only if we were loaded via the PE entry point. */ - if (!efi_noinitrd) { - unsigned long addr, size; - - status = efi_load_initrd(image, &addr, &size, - hdr->initrd_addr_max, ULONG_MAX); - - if (status != EFI_SUCCESS) { - efi_err("Failed to load initrd!\n"); - goto fail; - } - if (size > 0) { - efi_set_u64_split(addr, &hdr->ramdisk_image, - &boot_params->ext_ramdisk_image); - efi_set_u64_split(size, &hdr->ramdisk_size, - &boot_params->ext_ramdisk_size); - } + status = efi_load_initrd(image, &addr, &size, hdr->initrd_addr_max, + ULONG_MAX); + if (status != EFI_SUCCESS) + goto fail; + if (size > 0) { + efi_set_u64_split(addr, &hdr->ramdisk_image, + &boot_params->ext_ramdisk_image); + efi_set_u64_split(size, &hdr->ramdisk_size, + &boot_params->ext_ramdisk_size); } /* From patchwork Thu Sep 2 08:04:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 505728 Delivered-To: patch@linaro.org Received: by 2002:a02:8629:0:0:0:0:0 with SMTP id e38csp998846jai; Thu, 2 Sep 2021 01:06:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxlFjnENqcKAqtH+RgzcOWztjiuXXITaLXOXGLnfbrVNvDE1LFS9nRLp/3sx6E7rny+McO2 X-Received: by 2002:a5d:9253:: with SMTP id e19mr1814001iol.35.1630569973670; Thu, 02 Sep 2021 01:06:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630569973; cv=none; d=google.com; s=arc-20160816; b=EqZFiioEgPAHaId/L6AJjwSpoIHXyUYpd99yATyrhjSQCrnVSzbhuXHHBchhkUlRw5 qEWT7vV6/LzLtVygQl6rWYwg0XSxF2Az0LGC2VNx4ZbkomiCJ3LiJoPQaBKfpySOZnSK KiRfat10028+txbHkNtXufGRMqQ2Yt1kaBj0+tET/d1Jmhn40zIAKntdXMdbFyTuNZSK OuGsKxhOvbsj65Pj26bBKDFWiSVF6N9Nx09EcaAn2JULEL+k1tgvsBHES6nFIbeZdbTM UELs0G40YlmyWj40JKnpQZQf5OEeYhGVm6cgdwVJogTkyvOnGGKdx8BDF/yzYXbO/hhQ aopg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=8maSlXDpYERJw6UOL+RiwtHzep+cI9f9tKiwdyBJAFY=; b=Kkfik461CN5oFvSAsh0CzRJXrvX7u0WbGQxSKw2VPtt75YviFtmxP7zyh4SNWsLVnh 0wRMEFWsv7fZ4bzKW7sm5sRn+yuY6tVJGqN4UeogzjYZ+N1uCyNHkdLfTTmRqa+i2oLr pIQKHg0eOJVLz7y9HfL2N//CbEpnPbGsqQAhsxWvj9EhVt1GxMSBS+EN6VVeJDwIpwN/ acIAzVsumq2BPDaJ8/dgTkK0Hij3I6JmLueHcl/4TbCAwTyNsfh23lvNWeP1f7bGbWPC X76x6Q1vWrOoIZaIAx5gDXEGKMCvNYrmYoqWAfudSgtIrY2sdEHbY/Lnhgrwnh+N0TTv 6oqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=IwZvCtCq; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y13si1257581ioq.14.2021.09.02.01.06.13; Thu, 02 Sep 2021 01:06:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=IwZvCtCq; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243881AbhIBIGa (ORCPT + 1 other); Thu, 2 Sep 2021 04:06:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44542 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243886AbhIBIFk (ORCPT ); Thu, 2 Sep 2021 04:05:40 -0400 Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44A50C061760 for ; Thu, 2 Sep 2021 01:04:42 -0700 (PDT) Received: by mail-ej1-x630.google.com with SMTP id mf2so2325947ejb.9 for ; Thu, 02 Sep 2021 01:04:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8maSlXDpYERJw6UOL+RiwtHzep+cI9f9tKiwdyBJAFY=; b=IwZvCtCqZdLoWYyw9rVO/a2y1lt8vOPEdBrbiliUOtyqajravul6qPpMJdabGMGXCT aI7ldrP3a6KNvaInziobgZEMRa5a8FTzQgtLPvuDZyzuyMe9qDeRWq+t81gb8cUHgvDE pnKeePFHBggS3acziEJWMYtSTg4Z2qHSNy9b5mS2GmyxoRXpHhaH3HHAAEoEOjl9uh35 +NYKxK7ENWM3BYv2M3nPZ2jzRHGxGVRxTJ06eGOKmkas88rl8Ks0l+s13uWmgBjzT9g0 4LfyWUfwMXAqP4Wj1+bjRZJ5nvZinIqUVmWn8PzN7fOJ7WFrPziDSz9xmcESIX2KZ8Jt i/0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8maSlXDpYERJw6UOL+RiwtHzep+cI9f9tKiwdyBJAFY=; b=NEIdoSujg9shk4cSvuu2ZeeWqRJwGb3pi1ZDlPzUp/Z2Z/6ABLOPF6cEuQ7hUmLPQq nrAITzePymXKG+3y3LwCv7dqzI+d3NTvjQ6KlssaSYHDzee04Wk7HBBfJrU5qw1yoF9x CRemAZQVKCfLgxneUauk7y8wKi7/IUTfABPZw02oEFQUYKMo65M0hNcSQ7hlGXIOPF+u pVeREyQuFzVR6T1oliCfC2H/r4rtT6I6V0Lor4uK1liXvKHKcqfz9jb5ZAL/5xILFhHK gCp3FYMLIClejzykKHEZqS5aOdnVcYbHSzKn+1NL0uP8Lhh1I/PALZDeh55FCh0Gf+kI WEeQ== X-Gm-Message-State: AOAM531c23zixODtz8I9vDKA5MtpXn7ac+nyQAxmyYFdvLKRQs/8G/bL o80C9VE8o7iCa43OfQgMMRhDV4TckiueeA== X-Received: by 2002:a17:906:2c14:: with SMTP id e20mr2461701ejh.46.1630569880658; Thu, 02 Sep 2021 01:04:40 -0700 (PDT) Received: from localhost.localdomain (ppp-94-66-220-137.home.otenet.gr. [94.66.220.137]) by smtp.gmail.com with ESMTPSA id m12sm537105ejd.21.2021.09.02.01.04.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Sep 2021 01:04:40 -0700 (PDT) From: Ilias Apalodimas To: linux-efi@vger.kernel.org, ardb@kernel.org, James.Bottomley@hansenpartnership.com Cc: pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com, daniel.kiper@oracle.com, leif@nuviainc.com, Ilias Apalodimas Subject: [PATCH 4/4 v2] efi/libstub: measure loaded initrd info into the TPM Date: Thu, 2 Sep 2021 11:04:16 +0300 Message-Id: <20210902080416.5461-5-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.32.0.rc0 In-Reply-To: <20210902080416.5461-1-ilias.apalodimas@linaro.org> References: <20210902080416.5461-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org In an effort to ensure the initrd observed and used by the OS is the same one that was meant to be loaded, which is difficult to guarantee otherwise, let's measure the initrd if the EFI stub and specifically the newly introduced LOAD_FILE2 protocol was used. Modify the initrd loading sequence so that the contents of the initrd are measured into PCR9. Note that the patch is currently using EV_EVENT_TAG to create the eventlog entry instead of EV_IPL. According to the TCP PC Client specification this is used for PCRs defined for OS and application usage. Co-developed-by: Ard Biesheuvel Signed-off-by: Ard Biesheuvel Signed-off-by: Ilias Apalodimas --- .../firmware/efi/libstub/efi-stub-helper.c | 72 +++++++++++++++---- 1 file changed, 58 insertions(+), 14 deletions(-) -- 2.32.0.rc0 diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index 72a7e7c4d403..c1d415bb534b 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -625,6 +625,47 @@ efi_status_t efi_load_initrd_cmdline(efi_loaded_image_t *image, load_addr, load_size); } +static const struct { + efi_tcg2_event_t event_data; + efi_tcg2_tagged_event_t tagged_event; + u8 tagged_event_data[]; +} initrd_tcg2_event = { + { + sizeof(initrd_tcg2_event) + sizeof("Linux initrd"), + { + sizeof(initrd_tcg2_event.event_data.event_header), + EFI_TCG2_EVENT_HEADER_VERSION, + 9, + EV_EVENT_TAG, + }, + }, + { + INITRD_EVENT_TAG_ID, + sizeof("Linux initrd"), + }, + "Linux initrd", +}; + +void efi_measure_initrd(unsigned long load_addr, unsigned long load_size) +{ + efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID; + efi_tcg2_protocol_t *tcg2 = NULL; + efi_status_t status; + + efi_bs_call(locate_protocol, &tcg2_guid, NULL, (void **)&tcg2); + if (tcg2) { + status = efi_call_proto(tcg2, hash_log_extend_event, + 0, load_addr, load_size, + &initrd_tcg2_event.event_data); + if (status != EFI_SUCCESS) + efi_warn("Failed to measure initrd data: 0x%lx\n", + status); + else + efi_info("Measured initrd data into PCR %d\n", + initrd_tcg2_event.event_data.event_header.pcr_index); + } +} + /** * efi_load_initrd() - Load initial RAM disk * @image: EFI loaded image protocol @@ -645,22 +686,25 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image, if (efi_noinitrd) { *load_addr = *load_size = 0; - return EFI_SUCCESS; + status = EFI_SUCCESS; + } else { + status = efi_load_initrd_dev_path(load_addr, load_size, hard_limit); + if (status == EFI_SUCCESS) { + efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n"); + if (*load_size > 0) + efi_measure_initrd(*load_addr, *load_size); + } else if (status == EFI_NOT_FOUND) { + status = efi_load_initrd_cmdline(image, load_addr, load_size, + soft_limit, hard_limit); + if (status == EFI_SUCCESS && *load_size > 0) + efi_info("Loaded initrd from command line option\n"); + } + if (status != EFI_SUCCESS) { + efi_err("Failed to load initrd: 0x%lx\n", status); + *load_addr = *load_size = 0; + } } - status = efi_load_initrd_dev_path(load_addr, load_size, hard_limit); - if (status == EFI_SUCCESS) { - efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n"); - } else if (status == EFI_NOT_FOUND) { - status = efi_load_initrd_cmdline(image, load_addr, load_size, - soft_limit, hard_limit); - if (status == EFI_SUCCESS && *load_size > 0) - efi_info("Loaded initrd from command line option\n"); - } - if (status != EFI_SUCCESS) { - efi_err("Failed to load initrd: 0x%lx\n", status); - *load_addr = *load_size = 0; - } return status; }