From patchwork Sat Jan 25 00:15:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mauro S. M. Rodrigues" X-Patchwork-Id: 1229136 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 484Gpt3vcSz9sRV for ; Sat, 25 Jan 2020 11:19:34 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 484Gpt29mKzDqgk for ; Sat, 25 Jan 2020 11:19:34 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=maurosr@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 484GmP1pkWzDqgl for ; Sat, 25 Jan 2020 11:17:25 +1100 (AEDT) Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 00P07JUx142979 for ; Fri, 24 Jan 2020 19:17:23 -0500 Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xr61dfyt3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 24 Jan 2020 19:17:22 -0500 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 00P0DuJf011370 for ; Sat, 25 Jan 2020 00:17:22 GMT Received: from b01cxnp22036.gho.pok.ibm.com (b01cxnp22036.gho.pok.ibm.com [9.57.198.26]) by ppma02dal.us.ibm.com with ESMTP id 2xksn81ey7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sat, 25 Jan 2020 00:17:22 +0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp22036.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 00P0HLbY28573956 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sat, 25 Jan 2020 00:17:21 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 327A1AC060; Sat, 25 Jan 2020 00:17:21 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B4335AC059; Sat, 25 Jan 2020 00:17:20 +0000 (GMT) Received: from localhost (unknown [9.85.157.37]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Sat, 25 Jan 2020 00:17:20 +0000 (GMT) From: "Mauro S. M. Rodrigues" To: skiboot@lists.ozlabs.org Date: Fri, 24 Jan 2020 21:15:06 -0300 Message-Id: <20200125001510.708149-12-maurosr@linux.vnet.ibm.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200125001510.708149-1-maurosr@linux.vnet.ibm.com> References: <20200125001510.708149-1-maurosr@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-01-24_08:2020-01-24, 2020-01-24 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 mlxscore=0 malwarescore=0 impostorscore=0 mlxlogscore=999 lowpriorityscore=0 spamscore=0 suspectscore=3 bulkscore=0 clxscore=1015 priorityscore=1501 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1911200001 definitions=main-2001250000 Subject: [Skiboot] [PATCH 11/15] libstb/trustedboot: Introduce new eventlog implementation X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: grimm@linux.ibm.com, nayna@linux.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" This new implementation uses the recently introduced standard TSS library, reducing maintenance burden in skiboot side. We have yet to switch over this new implementation and to remove the old one in future commits. Signed-off-by: Mauro S. M. Rodrigues --- libstb/tss2/eventlog.c | 127 +++++++++++++++++++++++++++++++++++++++++ libstb/tss2/eventlog.h | 27 +++++++++ 2 files changed, 154 insertions(+) create mode 100644 libstb/tss2/eventlog.c create mode 100644 libstb/tss2/eventlog.h diff --git a/libstb/tss2/eventlog.c b/libstb/tss2/eventlog.c new file mode 100644 index 000000000..30a76e1e8 --- /dev/null +++ b/libstb/tss2/eventlog.c @@ -0,0 +1,127 @@ +#include + +#include +#include +#include + + +/* + * NOTE(maurosr): I wonder if any lock is necessary to manage eventlog. By what + * I've seen so far, this is just sequential setup code. A lock would be + * necessary if this code was dynamically - and concurrently - called through + * opal call by the OS. + */ +int load_eventlog(TpmLogMgr *logmgr, uint8_t *eventlog_ptr, + uint32_t eventlog_size) +{ + TCG_PCR_EVENT2 *event2 = NULL; + TCG_PCR_EVENT *event = NULL; + uint8_t *log_ptr, *ptr; + uint32_t size; + int rc = 0; + + event = calloc(1, sizeof(TCG_PCR_EVENT)); + if(!event) + return 1; + + event2 = calloc(1, sizeof(TCG_PCR_EVENT2)); + if(!event2){ + rc = 1; + goto fail; + } + + logmgr->logMaxSize = eventlog_size; + logmgr->eventLogInMem = eventlog_ptr; + logmgr->logSize = 0; + + log_ptr = logmgr->eventLogInMem; + size = sizeof(TCG_PCR_EVENT); + + //first event in the log is a header + rc = TSS_EVENT_Line_LE_Unmarshal(event, &log_ptr, &size); + if(rc) + { + prlog(PR_INFO, "Couldn't read event log header event, rc=%d", + rc); + rc = 1; + goto cleanup; + } + //now iterate through all events + ptr = log_ptr; + do { + size = sizeof(TCG_PCR_EVENT2); + rc = TSS_EVENT2_Line_LE_Unmarshal(event2, &ptr, &size); + /* something went wrong in parsing (invalid values) or + * digest.count is 0 - which doesn't make sense - we stop. + */ + if (rc || event2->digests.count == 0 ) + break; + log_ptr = ptr; + } while(1); + logmgr->logSize = log_ptr - logmgr->eventLogInMem; + logmgr->newEventPtr = log_ptr; + +cleanup: + free(event); +fail: + free(event2); + return rc; +} + +int add_to_eventlog(TpmLogMgr *logmgr, TCG_PCR_EVENT2 *event) +{ + uint32_t size = sizeof(TCG_PCR_EVENT2), rc = 0; + uint16_t written = 0, ev_size =0; + + /* Calling Marshal function with a NULL buffer to obtain the event size. + * It's a well known and safe pattern used in TSS code. + * Then check if an event that larger will fit in evenlog buffer, and + * only after success here marshal it to eventlog buffer pointed by + * logmgr->newEventPtr. + */ + TSS_EVENT2_Line_LE_Marshal(event, &ev_size, NULL, &size); + if(logmgr->logSize + ev_size > logmgr->logMaxSize){ + return 1; + } + rc = TSS_EVENT2_Line_LE_Marshal(event, &written, + &(logmgr->newEventPtr), &size); + if(rc) + return rc; + logmgr->logSize += ev_size; + + return rc; +} + +int build_event(TCG_PCR_EVENT2 *event, TPMI_DH_PCR pcrHandle, + TPMI_ALG_HASH *hashes, uint8_t hashes_len, const char *digest, + uint32_t event_type, const char* logmsg) +{ + uint16_t alg_digest_size; + uint32_t size; + + memset(event, 0, sizeof(TCG_PCR_EVENT2)); + event->pcrIndex = pcrHandle; + event->eventType = event_type; + event->digests.count = hashes_len; + + size = sizeof(TPMI_ALG_HASH); + for (int i=0; i < event->digests.count; i++){ + event->digests.digests[i].hashAlg = hashes[i]; + + TSS_TPMI_ALG_HASH_Marshalu(hashes+i, &alg_digest_size, NULL, &size); + + if (alg_digest_size == 0) + return 1; + memcpy(&(event->digests.digests[i].digest), digest, + strlen(digest) > alg_digest_size ? + strlen(digest) : alg_digest_size); + + } + + event->eventSize = strlen(logmsg); + memset(&(event->event), 0, sizeof(event->event)); + memcpy(&(event->event), logmsg, + event->eventSize > TCG_EVENT_LEN_MAX ? + TCG_EVENT_LEN_MAX - 1: event->eventSize); + return 0; +} diff --git a/libstb/tss2/eventlog.h b/libstb/tss2/eventlog.h new file mode 100644 index 000000000..49f303f21 --- /dev/null +++ b/libstb/tss2/eventlog.h @@ -0,0 +1,27 @@ +#ifndef __EVENTLOG_H +#define __EVENTLOG_H + +#include +#include +#include + +#define MAX_TPM_LOG_MSG 128 +#define MAX_VENDOR_INFO_LEN 255 + +struct _TpmLogMgr +{ + uint32_t logSize; + uint32_t logMaxSize; + uint8_t* newEventPtr; + uint8_t* eventLogInMem; +}; +typedef struct _TpmLogMgr TpmLogMgr; + + +int load_eventlog(TpmLogMgr *logmgr, uint8_t* eventlog_ptr, + uint32_t eventlog_size); +int add_to_eventlog(TpmLogMgr *logmgr, TCG_PCR_EVENT2 *event); +int build_event(TCG_PCR_EVENT2 *event, TPMI_DH_PCR pcrHandle, + TPMI_ALG_HASH *hashes, uint8_t hashes_len, const char *digest, + uint32_t event_type, const char* logmsg); +#endif //__EVENTLOG_H