Message ID | 20200401145755.891080-1-stefanb@linux.vnet.ibm.com |
---|---|
Headers | show
Return-Path: <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48sq7g6Nbrz9sSb for <incoming@patchwork.ozlabs.org>; Thu, 2 Apr 2020 01:58:07 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 48sq7g4BgHzDr9M for <incoming@patchwork.ozlabs.org>; Thu, 2 Apr 2020 01:58:07 +1100 (AEDT) X-Original-To: slof@lists.ozlabs.org Delivered-To: slof@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=stefanb@linux.vnet.ibm.com; receiver=<UNKNOWN>) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 48sq7Z4ZHZzDr94 for <slof@lists.ozlabs.org>; Thu, 2 Apr 2020 01:58:01 +1100 (AEDT) Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 031EYalr061978; Wed, 1 Apr 2020 10:57:59 -0400 Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0b-001b2d01.pphosted.com with ESMTP id 304vc69snw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Apr 2020 10:57:59 -0400 Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 031EtMUe025256; Wed, 1 Apr 2020 14:57:58 GMT Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma04dal.us.ibm.com with ESMTP id 301x76t5gh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 01 Apr 2020 14:57:58 +0000 Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 031EvvHG10879254 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 1 Apr 2020 14:57:57 GMT Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4148C136053; Wed, 1 Apr 2020 14:57:57 +0000 (GMT) Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EE65413605E; Wed, 1 Apr 2020 14:57:56 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Wed, 1 Apr 2020 14:57:56 +0000 (GMT) From: Stefan Berger <stefanb@linux.vnet.ibm.com> To: slof@lists.ozlabs.org, aik@ozlabs.ru Date: Wed, 1 Apr 2020 10:57:52 -0400 Message-Id: <20200401145755.891080-1-stefanb@linux.vnet.ibm.com> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-01_01:2020-03-31, 2020-03-31 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 mlxlogscore=999 suspectscore=9 clxscore=1015 phishscore=0 mlxscore=0 spamscore=0 bulkscore=0 adultscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004010127 Subject: [SLOF] [PATCH v2 0/3] vTPM: Measure the bootloader X-BeenThere: slof@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches for https://github.com/aik/SLOF" <slof.lists.ozlabs.org> List-Unsubscribe: <https://lists.ozlabs.org/options/slof>, <mailto:slof-request@lists.ozlabs.org?subject=unsubscribe> List-Archive: <http://lists.ozlabs.org/pipermail/slof/> List-Post: <mailto:slof@lists.ozlabs.org> List-Help: <mailto:slof-request@lists.ozlabs.org?subject=help> List-Subscribe: <https://lists.ozlabs.org/listinfo/slof>, <mailto:slof-request@lists.ozlabs.org?subject=subscribe> Cc: Stefan Berger <stefanb@linux.ibm.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> |
Series | vTPM: Measure the bootloader | expand |
This series of patches adds support for measuring the booloader read from a GPT partition. Since the boot loader is read into a buffer much bigger (0x700000 bytes) than the original file, we need a way to determine the original file size of the boot loader so that we measure only those bytes from the buffer that are also found in the file. The file is assumed to be an ELF file. We do this by extending libelf with a function that allows us to determine the ELF file's original file size by walking the ELF headers and looking for the farthest offset. In the normal case this will result in the same hash calculated as if one does for example 'sha256sum grub'. However, it could lead to a different measurement if the user intentionately appended bytes to the file, which are not referenced by any ELF section. We cannot solve this case. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> v1->v2: - Followed Alexey's comments - Renamed new function suffix from '_file' to '_buffer' to be more generic Stefan Berger (3): elf: Implement elf_get_file_size to determine size of an ELF image tcgbios: Implement tpm_hash_log_extend_event_buffer tcgbios: Measure the bootloader file read from disk include/helpers.h | 2 + include/libelf.h | 14 +++++++ lib/libelf/elf.c | 26 +++++++++++++ lib/libelf/elf32.c | 68 ++++++++++++++++++++++++++++++++++ lib/libelf/elf64.c | 56 ++++++++++++++++++++++++++++ lib/libtpm/tcgbios.c | 47 +++++++++++++++++++++++ lib/libtpm/tcgbios.h | 5 +++ lib/libtpm/tpm.code | 19 ++++++++++ lib/libtpm/tpm.in | 1 + slof/fs/packages/disk-label.fs | 19 +++++++++- 10 files changed, 256 insertions(+), 1 deletion(-)