From patchwork Wed Sep 15 05:15:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 512183 Delivered-To: patch@linaro.org Received: by 2002:a02:c816:0:0:0:0:0 with SMTP id p22csp2207740jao; Tue, 14 Sep 2021 22:13:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwq7yPfZHaPHNbAjaCM7Jrl5EUSwfnAidBoV8LfpJtYXYmSXf+mhS0XTM/YiiEn9LTXs60Q X-Received: by 2002:a05:6402:4d1:: with SMTP id n17mr23845953edw.337.1631682826716; Tue, 14 Sep 2021 22:13:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631682826; cv=none; d=google.com; s=arc-20160816; b=JqAn1Ytex72jUr7Y1Fg7ZKT11NK2/hjarrYE4jaPBDY+bpKT575RbOig+Oiyz8BgWj RepFJ6cd+MBjyEnv2OLNOzl3VQQflJYMQNZZsMyMYOj6CfQpDqr3hn3NHiXI9JGoRCo6 IZHOMXo4fnkLo/R444gKMdmTmg6lnxgjcCvHkof0ZGRl/hkBioTe5SWj5frBJQkmbFD6 pf2IrOGEAOnAzeEHsxcGsXT7+UatOOViGXSzKbIQqbzLqJxQOgleJ8KjRhZleWD/FGah lH9wG4NpA1xFdJ0o/DUXZgobT633GxZc7NLd/9y2W9M2OuqiyyLmkeT6Cn0sFa/xc/dN t+4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=wcxwlHp05rX0KvGRAXblWlLGRQiQ8w05IiB77whmtLo=; b=dGUP90qvXuy6WI86mVFqHzcFyjOSH0itVdKd8KSl3M37UpUv4kjbM7MW+ABlUicvl9 opij8bwYNg0CPRDGFdZ16haVUJzwTVA+w3/Ea70Khx+xT3wNrBqr16iLKVnjYeNgWOLH HBhMtBQd4rYEnehUsXelrvjlGmkdwWy6g8Be1IQ/xxFh3LMv2wdz2K1JNakNHtVdgOZL IICBAFWCiM1W7JzG/i9q8KMd++i++C5N9Rwc/aNXr5KshspjtTPnkC9xRoUEAdu8INFb lGnF5cqJ0daOQ68BL44OKzXv/ZiF/CCwZXtGZYodz80Dlg/KnpPqsvjZULR/QWBhh7jS FZTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=daxR+iJk; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id dn20si5809609edb.294.2021.09.14.22.13.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Sep 2021 22:13:46 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=daxR+iJk; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id DAB6E81468; Wed, 15 Sep 2021 07:13:34 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="daxR+iJk"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 587C582BB4; Wed, 15 Sep 2021 07:13:19 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A5E3981468 for ; Wed, 15 Sep 2021 07:13:11 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pl1-x62a.google.com with SMTP id n4so884888plh.9 for ; Tue, 14 Sep 2021 22:13:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=wcxwlHp05rX0KvGRAXblWlLGRQiQ8w05IiB77whmtLo=; b=daxR+iJkg+qTXpdzOSERzvr1oEYBqCLXJZ/EcCDCdWfJvVF0fFbwR5zsRDoCujtBuX e0HQMJQvnApiy7xssh1DCwJASomd/vmDtHDlUJ/z5naR2Ar09Yodx8m42nt3jormqFq0 BO7pN5Io67vmSVPQOoDynS9hkhAqb0tuLkp1FcL/FR+tfCWGos74B9L92lM5RH0w04Fs Xqu0WMjJoeOoG7Te2IJfQCkXNp7zdvvMT4ZSNMX1ZqqZhWvW4alMS3KxRUCIyrCJU/q6 /EaUAQoeEv6RZn6k30U9E173FccXg3NdWuTlc7R9ZV5+NaKEFNzYDbtmvs0yDJOEQoJW V90Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=wcxwlHp05rX0KvGRAXblWlLGRQiQ8w05IiB77whmtLo=; b=s4gISFmVSypvyCKzE6gKlhFHoFvMyAygWxvhftx6Jhr98CpbM/i6oZYbpep0lADy5C Ah5H1ATfkMl1m61OBu8jzz+/qdeQ1s2sJ7NyX4iHYUYSLYfLqO4J11cPnkhP5TuKCwXZ t3jCdh5wNV7r/VuuLA+ZUFlBRSOYSGm/yI/11ARFPTbpjI/WQ1ywBCm/8bcn8V6DjuZk waeHZK/E8Xyq05qlWsPIX84c6dTnSX3kURuRRtjppSrakw24eO8hB9g0IeLpBg/PT2O5 eS2BAKn7hkJwdbY9u7XVffdeojiWG1v61sSYxYx9/sv5QT+CU56wmMfGV+TvLd8BbvUB IRrw== X-Gm-Message-State: AOAM532741IAc2p/XD01oNKtNhBCeR4oZ+PctL476gP8i5OmMFFvlv2H AkP5dBwbjSjFe8EahCcggi+rDg== X-Received: by 2002:a17:90a:5d95:: with SMTP id t21mr6238412pji.77.1631682789745; Tue, 14 Sep 2021 22:13:09 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id a10sm11858154pfo.75.2021.09.14.22.13.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Sep 2021 22:13:09 -0700 (PDT) From: Masahisa Kojima To: Heinrich Schuchardt , Ilias Apalodimas Cc: Alexander Graf , Simon Glass , Bin Meng , Christian Gmeiner , u-boot@lists.denx.de Subject: [PATCH 1/3] efi_loader: add SMBIOS table measurement Date: Wed, 15 Sep 2021 14:15:44 +0900 Message-Id: <20210915051546.500-2-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210915051546.500-1-masahisa.kojima@linaro.org> References: <20210915051546.500-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean TCG PC Client spec requires to measure the SMBIOS table that contain static configuration information (e.g. Platform Manufacturer Enterprise Number assigned by IANA, platform model number, Vendor and Device IDs for each SMBIOS table). The device and environment dependent information such as serial number is cleared to zero or space character for the measurement. This commit also fixes the following compiler warning: lib/smbios-parser.c:59:39: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address; Signed-off-by: Masahisa Kojima --- include/efi_loader.h | 2 + include/efi_tcg2.h | 15 ++++ include/smbios.h | 13 ++++ lib/efi_loader/Kconfig | 1 + lib/efi_loader/efi_boottime.c | 2 + lib/efi_loader/efi_smbios.c | 2 - lib/efi_loader/efi_tcg2.c | 84 ++++++++++++++++++++++ lib/smbios-parser.c | 127 +++++++++++++++++++++++++++++++++- 8 files changed, 243 insertions(+), 3 deletions(-) -- 2.17.1 diff --git a/include/efi_loader.h b/include/efi_loader.h index c440962fe5..13f0c24058 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -308,6 +308,8 @@ extern const efi_guid_t efi_guid_capsule_report; extern const efi_guid_t efi_guid_firmware_management_protocol; /* GUID for the ESRT */ extern const efi_guid_t efi_esrt_guid; +/* GUID of the SMBIOS table */ +extern const efi_guid_t smbios_guid; extern char __efi_runtime_start[], __efi_runtime_stop[]; extern char __efi_runtime_rel_start[], __efi_runtime_rel_stop[]; diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index 5a1a36212e..da33f8a1d0 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -215,6 +215,21 @@ struct efi_tcg2_uefi_variable_data { u8 variable_data[1]; }; +/** + * struct tdUEFI_HANDOFF_TABLE_POINTERS2 - event log structure of SMBOIS tables + * @table_description_size: size of table description + * @table_description: table description + * @number_of_tables: number of uefi configuration table + * @table_entry: uefi configuration table entry + */ +#define SMBIOS_HANDOFF_TABLE_DESC "SmbiosTable" +struct smbios_handoff_table_pointers2 { + u8 table_description_size; + u8 table_description[sizeof(SMBIOS_HANDOFF_TABLE_DESC)]; + u64 number_of_tables; + struct efi_configuration_table table_entry[1]; +} __packed; + struct efi_tcg2_protocol { efi_status_t (EFIAPI * get_capability)(struct efi_tcg2_protocol *this, struct efi_tcg2_boot_service_capability *capability); diff --git a/include/smbios.h b/include/smbios.h index aa6b6f3849..0c22c0c489 100644 --- a/include/smbios.h +++ b/include/smbios.h @@ -292,4 +292,17 @@ int smbios_update_version(const char *version); */ int smbios_update_version_full(void *smbios_tab, const char *version); +/** + * smbios_prepare_measurement() - Update smbios table for the measurement + * + * TCG specification requires to measure static configuration information. + * This function clear the device dependent parameters such as + * serial number for the measurement. + * + * @entry: pointer to a struct smbios_entry + * @header: pointer to a struct smbios_header + */ +void smbios_prepare_measurement(const struct smbios_entry *entry, + struct smbios_header *header); + #endif /* _SMBIOS_H_ */ diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index dacc3b5881..ac1a281a36 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -327,6 +327,7 @@ config EFI_TCG2_PROTOCOL select SHA384 select SHA512 select HASH + select SMBIOS_PARSER help Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware of the platform. diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index f0283b539e..701e2212c8 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -86,6 +86,8 @@ const efi_guid_t efi_guid_event_group_reset_system = /* GUIDs of the Load File and Load File2 protocols */ const efi_guid_t efi_guid_load_file_protocol = EFI_LOAD_FILE_PROTOCOL_GUID; const efi_guid_t efi_guid_load_file2_protocol = EFI_LOAD_FILE2_PROTOCOL_GUID; +/* GUID of the SMBIOS table */ +const efi_guid_t smbios_guid = SMBIOS_TABLE_GUID; static efi_status_t EFIAPI efi_disconnect_controller( efi_handle_t controller_handle, diff --git a/lib/efi_loader/efi_smbios.c b/lib/efi_loader/efi_smbios.c index 2eb4cb1c1a..fc0b23397c 100644 --- a/lib/efi_loader/efi_smbios.c +++ b/lib/efi_loader/efi_smbios.c @@ -13,8 +13,6 @@ #include #include -static const efi_guid_t smbios_guid = SMBIOS_TABLE_GUID; - /* * Install the SMBIOS table as a configuration table. * diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index cb48919223..7f47998a55 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -1449,6 +1450,81 @@ error: return ret; } +/** + * tcg2_measure_smbios() - measure smbios table + * + * @dev: TPM device + * @entry: pointer to the smbios_entry structure + * + * Return: status code + */ +static efi_status_t +tcg2_measure_smbios(struct udevice *dev, + const struct smbios_entry *entry) +{ + efi_status_t ret; + struct smbios_header *smbios_copy; + struct smbios_handoff_table_pointers2 *event = NULL; + u32 event_size; + + /* + * TCG PC Client PFP Spec says + * "SMBIOS structures that contain static configuration information + * (e.g. Platform Manufacturer Enterprise Number assigned by IANA, + * platform model number, Vendor and Device IDs for each SMBIOS table) + * that is relevant to the security of the platform MUST be measured". + * Device dependent parameters such as serial number are cleared to + * zero or spaces for the measurement. + */ + event_size = sizeof(struct smbios_handoff_table_pointers2) + + entry->struct_table_length - + FIELD_SIZEOF(struct efi_configuration_table, table); + event = calloc(1, event_size); + if (!event) { + ret = EFI_OUT_OF_RESOURCES; + goto out; + } + + event->table_description_size = sizeof(SMBIOS_HANDOFF_TABLE_DESC); + memcpy(event->table_description, SMBIOS_HANDOFF_TABLE_DESC, + sizeof(SMBIOS_HANDOFF_TABLE_DESC)); + put_unaligned_le64(1, &event->number_of_tables); + guidcpy(&event->table_entry[0].guid, &smbios_guid); + smbios_copy = (struct smbios_header *)((uintptr_t)&event->table_entry[0].table); + memcpy(&event->table_entry[0].table, + (void *)((uintptr_t)entry->struct_table_address), + entry->struct_table_length); + + smbios_prepare_measurement(entry, smbios_copy); + + ret = tcg2_measure_event(dev, 1, EV_EFI_HANDOFF_TABLES2, event_size, + (u8 *)event); + if (ret != EFI_SUCCESS) + goto out; + +out: + free(event); + + return ret; +} + +/** + * search_smbios_table() - search smbios table + * + * Return: pointer to the smbios table + */ +static void *search_smbios_table(void) +{ + u32 i; + + for (i = 0; i < systab.nr_tables; i++) { + if (!guidcmp(&smbios_guid, &systab.tables[i].guid)) + return systab.tables[i].table; + } + + return NULL; +} + /** * efi_tcg2_measure_efi_app_invocation() - measure efi app invocation * @@ -1460,6 +1536,7 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(void) u32 pcr_index; struct udevice *dev; u32 event = 0; + struct smbios_entry *entry; if (tcg2_efi_app_invoked) return EFI_SUCCESS; @@ -1485,6 +1562,13 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(void) goto out; } + entry = (struct smbios_entry *)search_smbios_table(); + if (entry) { + ret = tcg2_measure_smbios(dev, entry); + if (ret != EFI_SUCCESS) + goto out; + } + tcg2_efi_app_invoked = true; out: return ret; diff --git a/lib/smbios-parser.c b/lib/smbios-parser.c index 34203f952c..5e0bd8f4ca 100644 --- a/lib/smbios-parser.c +++ b/lib/smbios-parser.c @@ -56,7 +56,7 @@ static const struct smbios_header *next_header(const struct smbios_header *curr) const struct smbios_header *smbios_header(const struct smbios_entry *entry, int type) { const unsigned int num_header = entry->struct_count; - const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address; + const struct smbios_header *header = (struct smbios_header *)((uintptr_t)entry->struct_table_address); for (unsigned int i = 0; i < num_header; i++) { if (header->type == type) @@ -132,3 +132,128 @@ int smbios_update_version_full(void *smbios_tab, const char *version) return 0; } + +struct smbios_filter_param { + u32 offset; + u32 size; + bool is_string; +}; + +struct smbios_filter_table { + int type; + struct smbios_filter_param *params; + u32 count; +}; + +struct smbios_filter_param smbios_type1_filter_params[] = { + {offsetof(struct smbios_type1, serial_number), + FIELD_SIZEOF(struct smbios_type1, serial_number), true}, + {offsetof(struct smbios_type1, uuid), + FIELD_SIZEOF(struct smbios_type1, uuid), false}, + {offsetof(struct smbios_type1, wakeup_type), + FIELD_SIZEOF(struct smbios_type1, wakeup_type), false}, +}; + +struct smbios_filter_param smbios_type2_filter_params[] = { + {offsetof(struct smbios_type2, serial_number), + FIELD_SIZEOF(struct smbios_type2, serial_number), true}, + {offsetof(struct smbios_type2, chassis_location), + FIELD_SIZEOF(struct smbios_type2, chassis_location), false}, +}; + +struct smbios_filter_param smbios_type3_filter_params[] = { + {offsetof(struct smbios_type3, serial_number), + FIELD_SIZEOF(struct smbios_type3, serial_number), true}, + {offsetof(struct smbios_type3, asset_tag_number), + FIELD_SIZEOF(struct smbios_type3, asset_tag_number), true}, +}; + +struct smbios_filter_param smbios_type4_filter_params[] = { + {offsetof(struct smbios_type4, serial_number), + FIELD_SIZEOF(struct smbios_type4, serial_number), true}, + {offsetof(struct smbios_type4, asset_tag), + FIELD_SIZEOF(struct smbios_type4, asset_tag), true}, + {offsetof(struct smbios_type4, part_number), + FIELD_SIZEOF(struct smbios_type4, part_number), true}, + {offsetof(struct smbios_type4, core_count), + FIELD_SIZEOF(struct smbios_type4, core_count), false}, + {offsetof(struct smbios_type4, core_enabled), + FIELD_SIZEOF(struct smbios_type4, core_enabled), false}, + {offsetof(struct smbios_type4, thread_count), + FIELD_SIZEOF(struct smbios_type4, thread_count), false}, + {offsetof(struct smbios_type4, core_count2), + FIELD_SIZEOF(struct smbios_type4, core_count2), false}, + {offsetof(struct smbios_type4, core_enabled2), + FIELD_SIZEOF(struct smbios_type4, core_enabled2), false}, + {offsetof(struct smbios_type4, thread_count), + FIELD_SIZEOF(struct smbios_type4, thread_count2), false}, + {offsetof(struct smbios_type4, voltage), + FIELD_SIZEOF(struct smbios_type4, voltage), false}, +}; + +struct smbios_filter_table smbios_filter_tables[] = { + {SMBIOS_SYSTEM_INFORMATION, smbios_type1_filter_params, + ARRAY_SIZE(smbios_type1_filter_params)}, + {SMBIOS_BOARD_INFORMATION, smbios_type2_filter_params, + ARRAY_SIZE(smbios_type2_filter_params)}, + {SMBIOS_SYSTEM_ENCLOSURE, smbios_type3_filter_params, + ARRAY_SIZE(smbios_type3_filter_params)}, + {SMBIOS_PROCESSOR_INFORMATION, smbios_type4_filter_params, + ARRAY_SIZE(smbios_type4_filter_params)}, +}; + +static void clear_smbios_table(struct smbios_header *header, + struct smbios_filter_param *filter, + u32 count) +{ + u32 i; + char *str; + u8 string_id; + + for (i = 0; i < count; i++) { + if (filter[i].is_string) { + string_id = *((u8 *)header + filter[i].offset); + if (string_id == 0) /* string is empty */ + continue; + /* + * smbios_string() returns const value, but this + * function needs to clear the string. + */ + str = (char *)smbios_string(header, string_id); + if (!str) + continue; + /* string is cleared to space */ + memset(str, ' ', strlen(str)); + + } else { + memset((void *)((u8 *)header + filter[i].offset), + 0, filter[i].size); + } + } +} + +void smbios_prepare_measurement(const struct smbios_entry *entry, + struct smbios_header *smbios_copy) +{ + u32 i, j; + struct smbios_header *header; + + for (i = 0; i < ARRAY_SIZE(smbios_filter_tables); i++) { + header = smbios_copy; + for (j = 0; j < entry->struct_count; j++) { + if (header->type == smbios_filter_tables[i].type) + break; + /* + * next_header() returns the const value, but some + * members need to be cleared for the measurement. + */ + header = (struct smbios_header *)next_header(header); + } + if (j >= entry->struct_count) + continue; + + clear_smbios_table(header, + smbios_filter_tables[i].params, + smbios_filter_tables[i].count); + } +} From patchwork Wed Sep 15 05:15:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 512182 Delivered-To: patch@linaro.org Received: by 2002:a02:c816:0:0:0:0:0 with SMTP id p22csp2207630jao; Tue, 14 Sep 2021 22:13:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzykj/ZjEM3l9Uii2oHeEk2yGpqxNcJq+4NrT3JrfZWkxk3QeINCK3oT83XkEAeaqDEimyg X-Received: by 2002:a17:906:38c8:: with SMTP id r8mr22470182ejd.172.1631682815312; Tue, 14 Sep 2021 22:13:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631682815; cv=none; d=google.com; s=arc-20160816; b=mGRGFLeAi/MbVnmc18wxwGYtVsLLLB8BYmZ2r6vPCCFuGj+O3Co14UkfoOgvC54tpq mv01w204LjrgPzv8wqWGk/e68Ac0VGCeS+tO8ZqSW8I6lNMud1y5RYHcTmQ3HxVMuJZJ 6LSLmdUiQwewwfqBOhN/QHPTrf04GgFFHHIrNXwmmavTJ/hRIzt6MrGrbThCs6is/ie9 vgD/1+KUvhSAjT/AuEDE9+TYGCeiqFE93kPcvVIvuHM4Vw0DJJrNMlGZ2JTsqBHAVMuZ BR4SD2vXElSd59ymYpsuc4jibFeVv+jxEHdrTAmv38WNarc9UmyGy33IGXIfjyOBW0OD gK5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=i6ZAl+vYfHhSOSFeaI2g9m9SDuHMGbUrI0tiwSqmAog=; b=yjS7cZKWFXTavVyMvxQyOHF0y4ysshY0tHJgQ/udxC6Z2yQbfNqk1/1DM15HeHYcet gyy2/5nIFYGLwNp4HFy+vPro0ZWq3zz9IWkYm9Cb+XIN600wrVHkn+JmR+ckk2zb434x 8PADhs7XzQz7hJQnUatIghjW2C/1MMK4RsrZ5zNGi16gNWUj9othhN3k6lxT2TEcr9Io soZzoli08pJXBLFt+WshRTWZPVgBCs4btPUDhE2X/WpxToCL0JEChs8wQpaxn8o4pvM2 VswcXCWCUSh9tbplOFMTdqHxgdPISBbXxSluip8wdh0vyqk7n2RmsF7wOYaBtM6WocfB uC2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=C+SpuH65; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id bs18si13160512ejb.674.2021.09.14.22.13.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Sep 2021 22:13:35 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=C+SpuH65; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4862382952; Wed, 15 Sep 2021 07:13:25 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="C+SpuH65"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5591582039; Wed, 15 Sep 2021 07:13:21 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 9400180796 for ; Wed, 15 Sep 2021 07:13:13 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x42e.google.com with SMTP id x7so1568624pfa.8 for ; Tue, 14 Sep 2021 22:13:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=i6ZAl+vYfHhSOSFeaI2g9m9SDuHMGbUrI0tiwSqmAog=; b=C+SpuH65ofHLwkvbbG6Lp9UOldd/fNX/cr3Rr83F7Wt/GHW5qNtsuXvzVlJasm/5LY k6luFHsyeRJzLe4yQiymXCHvhF7I9W8CIItHGpcP1HPP4x9zNMLUh7F7FLSeM69MRhNm 6N5c4ItXEEjdUHO2tEnjQinKXuHcnEOF8gjmsji01UUoa03+5XZiPfFL7wHrM3OwNYMu Iw1mmH2q4tAT/lhIpHj+ZpP95xza1SKlCz/hHMvkqdLWS6zz+I/RTx835NXsS59Q2J3+ nDG/C4JNHppftYKaEdjL1f7qmWxl/WPAyPlSrFE+eGjK5g2osn1O4sMWrl1Hr3sxBXNp XKPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=i6ZAl+vYfHhSOSFeaI2g9m9SDuHMGbUrI0tiwSqmAog=; b=Ze3+bKl7Kod0xM1qru0VzVXTs1qmktXTWYn1/7irpSbprtxvWgKLtZBUi6kD2DMuEJ hmTs7AVrPpSp3Wkf9f5QRrB5OPRGkhxOzJhT9eSW0aVlA3YiL0CHuZAkjPKJ3TpeJyp0 y/MTpymLw9bcztCkiYY3fB5DNKWopyM04atqnilqekjkawJViqutTVDWYw4Ml33Ue0/V 8EEt/o6FFkbBc/H2lEcGYxsLVvYVqtY6hhZOaARk5wRT3p1pGDVdfOt/i5zZ9019icyd uVQcg/GXd+e13qVf4uvPK1uffSrjGoP242UewfkHeuMmiXFxofEYG5XiIMIgic72k+Co CEuw== X-Gm-Message-State: AOAM531lJRk+7W5kY/o9wx/g9fPkTNnmCcnF9emU6TG+Tn0bb9Off+I/ u6Welhxr6Bmk7MWGrXEyhzNYiGMr5cjurkWC X-Received: by 2002:a63:d80c:: with SMTP id b12mr18627238pgh.331.1631682791890; Tue, 14 Sep 2021 22:13:11 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id a10sm11858154pfo.75.2021.09.14.22.13.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Sep 2021 22:13:11 -0700 (PDT) From: Masahisa Kojima To: Heinrich Schuchardt , Ilias Apalodimas Cc: Alexander Graf , Simon Glass , Bin Meng , Christian Gmeiner , u-boot@lists.denx.de Subject: [PATCH 2/3] efi_loader: add UEFI GPT measurement Date: Wed, 15 Sep 2021 14:15:45 +0900 Message-Id: <20210915051546.500-3-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210915051546.500-1-masahisa.kojima@linaro.org> References: <20210915051546.500-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This commit adds the UEFI GPT disk partition topology measurement required in TCG PC Client PFP Spec. Signed-off-by: Masahisa Kojima --- include/blk.h | 3 + include/efi_loader.h | 2 +- include/efi_tcg2.h | 12 +++ lib/efi_loader/efi_boottime.c | 2 +- lib/efi_loader/efi_tcg2.c | 175 +++++++++++++++++++++++++++++++++- 5 files changed, 191 insertions(+), 3 deletions(-) -- 2.17.1 diff --git a/include/blk.h b/include/blk.h index 19bab081c2..f0cc7ca1a2 100644 --- a/include/blk.h +++ b/include/blk.h @@ -45,6 +45,9 @@ enum if_type { #define BLK_PRD_SIZE 20 #define BLK_REV_SIZE 8 +#define PART_FORMAT_PCAT 0x1 +#define PART_FORMAT_GPT 0x2 + /* * Identifies the partition table type (ie. MBR vs GPT GUID) signature */ diff --git a/include/efi_loader.h b/include/efi_loader.h index 13f0c24058..dbcc296e01 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -503,7 +503,7 @@ efi_status_t efi_init_variables(void); void efi_variables_boot_exit_notify(void); efi_status_t efi_tcg2_notify_exit_boot_services_failed(void); /* Measure efi application invocation */ -efi_status_t efi_tcg2_measure_efi_app_invocation(void); +efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *handle); /* Measure efi application exit */ efi_status_t efi_tcg2_measure_efi_app_exit(void); /* Called by bootefi to initialize root node */ diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index da33f8a1d0..33257fa96b 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -230,6 +230,18 @@ struct smbios_handoff_table_pointers2 { struct efi_configuration_table table_entry[1]; } __packed; +/** + * struct tdUEFI_GPT_DATA - event log structure of industry standard tables + * @uefi_partition_header: gpt partition header + * @number_of_partitions: the number of partition + * @partitions: partition entries + */ +struct efi_gpt_data { + gpt_header uefi_partition_header; + u64 number_of_partitions; + gpt_entry partitions[]; +} __packed; + struct efi_tcg2_protocol { efi_status_t (EFIAPI * get_capability)(struct efi_tcg2_protocol *this, struct efi_tcg2_boot_service_capability *capability); diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index 701e2212c8..bf5661e1ee 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -3003,7 +3003,7 @@ efi_status_t EFIAPI efi_start_image(efi_handle_t image_handle, if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) { if (image_obj->image_type == IMAGE_SUBSYSTEM_EFI_APPLICATION) { - ret = efi_tcg2_measure_efi_app_invocation(); + ret = efi_tcg2_measure_efi_app_invocation(image_obj); if (ret != EFI_SUCCESS) { log_warning("tcg2 measurement fails(0x%lx)\n", ret); diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 7f47998a55..35810615ed 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -1525,12 +1525,181 @@ static void *search_smbios_table(void) return NULL; } +/** + * search_gpt_dp_node() - search gpt device path node + * + * @device_path: device path + * + * Return: pointer to the gpt device path node + */ +static struct +efi_device_path *search_gpt_dp_node(struct efi_device_path *device_path) +{ + struct efi_device_path *dp = device_path; + + while (dp) { + if (dp->type == DEVICE_PATH_TYPE_MEDIA_DEVICE && + dp->sub_type == DEVICE_PATH_SUB_TYPE_HARD_DRIVE_PATH) { + struct efi_device_path_hard_drive_path *hd_dp = + (struct efi_device_path_hard_drive_path *)dp; + + if (hd_dp->partmap_type == PART_FORMAT_GPT && + hd_dp->signature_type == SIG_TYPE_GUID) + return dp; + } + dp = efi_dp_next(dp); + } + + return NULL; +} + +/** + * tcg2_measure_gpt_table() - measure gpt table + * + * @dev: TPM device + * @loaded_image: handle to the loaded image + * + * Return: status code + */ +static efi_status_t +tcg2_measure_gpt_data(struct udevice *dev, + struct efi_loaded_image_obj *loaded_image) +{ + efi_status_t ret; + efi_handle_t handle; + struct efi_handler *dp_handler; + struct efi_device_path *orig_device_path; + struct efi_device_path *device_path; + struct efi_device_path *dp; + struct efi_block_io *block_io; + struct efi_gpt_data *event = NULL; + efi_guid_t null_guid = NULL_GUID; + gpt_header *orig_gpt_h = NULL; + gpt_entry *orig_gpt_e = NULL; + gpt_header *gpt_h = NULL; + gpt_entry *entry = NULL; + gpt_entry *gpt_e; + u32 num_of_valid_entry = 0; + u32 event_size; + u32 i; + u32 total_gpt_entry_size; + + ret = efi_search_protocol(&loaded_image->header, + &efi_guid_loaded_image_device_path, + &dp_handler); + if (ret != EFI_SUCCESS) + return ret; + + orig_device_path = dp_handler->protocol_interface; + device_path = efi_dp_dup(orig_device_path); + if (!device_path) + return EFI_OUT_OF_RESOURCES; + + dp = search_gpt_dp_node(device_path); + if (!dp) { + /* no GPT device path node found, skip GPT measurement */ + ret = EFI_SUCCESS; + goto out1; + } + + /* read GPT header */ + dp->type = DEVICE_PATH_TYPE_END; + dp->sub_type = DEVICE_PATH_SUB_TYPE_END; + dp = device_path; + ret = EFI_CALL(systab.boottime->locate_device_path(&efi_block_io_guid, + &dp, &handle)); + if (ret != EFI_SUCCESS) + goto out1; + + ret = EFI_CALL(efi_handle_protocol(handle, + &efi_block_io_guid, (void **)&block_io)); + if (ret != EFI_SUCCESS) + goto out1; + + orig_gpt_h = calloc(1, (block_io->media->block_size + block_io->media->io_align)); + if (!orig_gpt_h) { + ret = EFI_OUT_OF_RESOURCES; + goto out2; + } + + gpt_h = (gpt_header *)ALIGN((uintptr_t)orig_gpt_h, block_io->media->io_align); + ret = block_io->read_blocks(block_io, block_io->media->media_id, 1, + block_io->media->block_size, gpt_h); + if (ret != EFI_SUCCESS) + goto out2; + + /* read GPT entry */ + total_gpt_entry_size = gpt_h->num_partition_entries * + gpt_h->sizeof_partition_entry; + orig_gpt_e = calloc(1, total_gpt_entry_size + block_io->media->io_align); + entry = (void *)ALIGN((uintptr_t)orig_gpt_e, block_io->media->io_align); + if (!entry) { + ret = EFI_OUT_OF_RESOURCES; + goto out2; + } + + ret = block_io->read_blocks(block_io, block_io->media->media_id, + gpt_h->partition_entry_lba, + total_gpt_entry_size, entry); + if (ret != EFI_SUCCESS) + goto out2; + + /* count valid GPT entry */ + gpt_e = entry; + for (i = 0; i < gpt_h->num_partition_entries; i++) { + if (guidcmp(&null_guid, &gpt_e->partition_type_guid)) + num_of_valid_entry++; + + gpt_e = (gpt_entry *)((u8 *)gpt_e + gpt_h->sizeof_partition_entry); + } + + /* prepare event data for measurement */ + event_size = sizeof(struct efi_gpt_data) + + (num_of_valid_entry * gpt_h->sizeof_partition_entry); + event = calloc(1, event_size); + if (!event) { + ret = EFI_OUT_OF_RESOURCES; + goto out2; + } + memcpy(event, gpt_h, sizeof(gpt_header)); + put_unaligned_le64(num_of_valid_entry, &event->number_of_partitions); + + /* copy valid GPT entry */ + gpt_e = entry; + num_of_valid_entry = 0; + for (i = 0; i < gpt_h->num_partition_entries; i++) { + if (guidcmp(&null_guid, &gpt_e->partition_type_guid)) { + memcpy((u8 *)event->partitions + + (num_of_valid_entry * gpt_h->sizeof_partition_entry), + gpt_e, gpt_h->sizeof_partition_entry); + num_of_valid_entry++; + } + + gpt_e = (gpt_entry *)((u8 *)gpt_e + gpt_h->sizeof_partition_entry); + } + + ret = tcg2_measure_event(dev, 5, EV_EFI_GPT_EVENT, event_size, (u8 *)event); + if (ret != EFI_SUCCESS) + goto out2; + +out2: + EFI_CALL(efi_close_protocol((efi_handle_t)block_io, &efi_block_io_guid, + NULL, NULL)); + free(orig_gpt_h); + free(orig_gpt_e); + free(event); +out1: + efi_free_pool(device_path); + + return ret; +} + /** * efi_tcg2_measure_efi_app_invocation() - measure efi app invocation * * Return: status code */ -efi_status_t efi_tcg2_measure_efi_app_invocation(void) +efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *handle) { efi_status_t ret; u32 pcr_index; @@ -1569,6 +1738,10 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(void) goto out; } + ret = tcg2_measure_gpt_data(dev, handle); + if (ret != EFI_SUCCESS) + goto out; + tcg2_efi_app_invoked = true; out: return ret; From patchwork Wed Sep 15 05:15:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 512184 Delivered-To: patch@linaro.org Received: by 2002:a02:c816:0:0:0:0:0 with SMTP id p22csp2207868jao; Tue, 14 Sep 2021 22:13:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy5XiR2V3nZ7exFJz/3OPnAqguRcmKwPwhSYSCnty3dnVlXJkjpYuy10bJR14E5GxW2azKJ X-Received: by 2002:a17:906:dbdc:: with SMTP id yc28mr6398384ejb.558.1631682837265; Tue, 14 Sep 2021 22:13:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631682837; cv=none; d=google.com; s=arc-20160816; b=ENiJbryLHEwU+wn5LEeyqwTFGwel4ONZ7TzbkIINbELZkH/rcxZOMo3eEcKEii7npg ZD6Z+T5wpY/y9OjfvAIL5XAmIEiSrsMKOf0XkDeznpZoLXs/bPNU6fThRgKO0SJT8kT0 VrJBxfM4qzA1vaKrALZhj9HaHj+8fuXdVH2jc7g6BPvKswjcazEQ9+iThziFj13ZsKAR v/5fVah8VcP95Z+ufB4Oj83eGKxnJB5HKiNIIJNx+yqnLodnVZotRP3CY2q20dCAcuTU xSMzdNa+8TQzvcBh67B+D3imfY3Dbhxgt72lZY4BIfnTMJeCqbbnul3yFsrnKmwY3AS9 ixfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=UsEBoTAMzj7nhFauMsSNt1jZ1/ThA0+NCnnPMqPBPvg=; b=VpkYlY9vCem9Y7gwuMwAR6cGzgA5bmRS9NuWrjBoRkC0HM4QuB1m825NQ2By5t8cCC jbjHphHIIbqLiC6BCa7PaNhWEmMB3CF5+Qx23ZAJEr4aSvfz2PpNGTNFQhHECtbWDgRB Fu9skMXIc5yiWJYiSHF/X20NPGTmK02AGOwbEAT5VJ9F9RDf6jWd+nNaIlUG49noG+hC qJFLE/kjOSGZupPze7zZanbCCEX3fU/d3lF9e0Lb4fZ+dau22FZgo4/KYgCachT+bHB1 CpLFsWf8vYPiHyQ5p0aFVGefl5DR3aqtRZBKw2e2hqmtOQ9Y1DDwBIH4LKLcJMtttnz6 ASHA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=zAF93gEB; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id u19si16170400edo.600.2021.09.14.22.13.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Sep 2021 22:13:57 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=zAF93gEB; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4275082C84; Wed, 15 Sep 2021 07:13:40 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="zAF93gEB"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A534480796; Wed, 15 Sep 2021 07:13:24 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 980A082952 for ; Wed, 15 Sep 2021 07:13:15 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x102a.google.com with SMTP id c13-20020a17090a558d00b00198e6497a4fso4047579pji.4 for ; Tue, 14 Sep 2021 22:13:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=UsEBoTAMzj7nhFauMsSNt1jZ1/ThA0+NCnnPMqPBPvg=; b=zAF93gEBNNF9OCLW7rYMGcS17Sx1It58VG6rhuyJF9UboQJ0WG0BZB+ZQnvnFMOeSV ZhykN5Yo8ZT0zuo7JuvOJ/NWraRvOEpJ2yHIzYw1gvZkv+7J0dnkX607kofplxU3+HRp luPpF3y25vXQ80nZoV6y4S2IN4KlJHPePNYaEwXzdBzcUBT+nzb6mVPzQD8H99Rnttso mLlJydaylM6EQvBS6AATaljQGWuWc6MVskBZRplN3UdZwhsE74G42rHlcnhg8qIvi1po cd35d24M4tRlNxtLrzgBcAiNMUuoqWJNVGRpoEAeyljQe5MQiMvWDVSLYHfBrWDRPd1a YGVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=UsEBoTAMzj7nhFauMsSNt1jZ1/ThA0+NCnnPMqPBPvg=; b=6W+67GVCewNGsUptiYYfaU8xSYVorhumR47kSJkORIIr9D3yloJpzZa0uJruVVH6Xc aVbKT1YodRhCOWNBm93vWatzm97aoJjVfkBzawO6V4CAapG1vXpSy7ImES8K3053flUh FXWj5CFT/gJw/KuxwZ26Ht55BDK3ggCysAoTKAlXDhoJHiuf7LkAkyCmipiyVZZEyFYf 13ttpHIBKKwNVIrcYPpqgyJBC67G0Mke5oi6sKNzX/u+gIjKc5+P9OUjE7lRF/Be7lfO wU2w4uigMGcUsqsA4KyPkqSDHrWZbJr3wM8M1CxgpTBXWNU9llIvgmeH6kMtBMb72n1Z DJYg== X-Gm-Message-State: AOAM532FuFyncl9fT2cYYBj00FKaMvj2rd7KgmPiMIovXcJixhVwBUWZ Ew+6W0ILMSAIEFsmlEr0n2qaRw== X-Received: by 2002:a17:902:ea11:b0:13a:db38:cfcf with SMTP id s17-20020a170902ea1100b0013adb38cfcfmr18170340plg.3.1631682794006; Tue, 14 Sep 2021 22:13:14 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id a10sm11858154pfo.75.2021.09.14.22.13.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Sep 2021 22:13:13 -0700 (PDT) From: Masahisa Kojima To: Heinrich Schuchardt , Ilias Apalodimas Cc: Alexander Graf , Simon Glass , Bin Meng , Christian Gmeiner , u-boot@lists.denx.de Subject: [PATCH 3/3] efi_loader: add DeployedMode and AuditMode variable measurement Date: Wed, 15 Sep 2021 14:15:46 +0900 Message-Id: <20210915051546.500-4-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210915051546.500-1-masahisa.kojima@linaro.org> References: <20210915051546.500-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This commit adds the DeployedMode and AuditMode variable measurement required in TCG PC Client PFP Spec. Signed-off-by: Masahisa Kojima --- lib/efi_loader/efi_tcg2.c | 47 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) -- 2.17.1 diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 35810615ed..427d6e22b1 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -1828,6 +1829,50 @@ out: return ret; } +/** + * tcg2_measure_deployed_audit_mode() - measure deployedmode and auditmode + * + * @dev: TPM device + * + * Return: status code + */ +static efi_status_t tcg2_measure_deployed_audit_mode(struct udevice *dev) +{ + u8 deployed_mode; + u8 audit_mode; + efi_uintn_t size; + efi_status_t ret; + u32 pcr_index; + + size = sizeof(deployed_mode); + ret = efi_get_variable_int(L"DeployedMode", &efi_global_variable_guid, + NULL, &size, &deployed_mode, NULL); + if (ret != EFI_SUCCESS) + return ret; + + pcr_index = (deployed_mode ? 1 : 7); + + ret = tcg2_measure_variable(dev, pcr_index, + EV_EFI_VARIABLE_DRIVER_CONFIG, + L"DeployedMode", + &efi_global_variable_guid, + size, &deployed_mode); + + size = sizeof(audit_mode); + ret = efi_get_variable_int(L"AuditMode", &efi_global_variable_guid, + NULL, &size, &audit_mode, NULL); + if (ret != EFI_SUCCESS) + return ret; + + ret = tcg2_measure_variable(dev, pcr_index, + EV_EFI_VARIABLE_DRIVER_CONFIG, + L"AuditMode", + &efi_global_variable_guid, + size, &audit_mode); + + return ret; +} + /** * tcg2_measure_secure_boot_variable() - measure secure boot variables * @@ -1891,6 +1936,8 @@ static efi_status_t tcg2_measure_secure_boot_variable(struct udevice *dev) free(data); } + ret = tcg2_measure_deployed_audit_mode(dev); + error: return ret; }