From patchwork Tue May 12 15:44:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 1288569 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49M2G03p6Xz9sRR for ; Wed, 13 May 2020 01:46:00 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 49M2G022pFzDqjh for ; Wed, 13 May 2020 01:46:00 +1000 (AEST) X-Original-To: slof@lists.ozlabs.org Delivered-To: slof@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=stefanb@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 49M2F118jzzDqX3 for ; Wed, 13 May 2020 01:45:02 +1000 (AEST) Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04CFZIYA006464; Tue, 12 May 2020 11:44:59 -0400 Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com with ESMTP id 30yv20wmkt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 May 2020 11:44:58 -0400 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 04CFfp9l023699; Tue, 12 May 2020 15:44:58 GMT Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma03dal.us.ibm.com with ESMTP id 30wm56rytq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 May 2020 15:44:58 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 04CFivma19661132 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 12 May 2020 15:44:57 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C8994C6059; Tue, 12 May 2020 15:44:56 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6DC2CC6055; Tue, 12 May 2020 15:44:56 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 12 May 2020 15:44:56 +0000 (GMT) From: Stefan Berger To: aik@ozlabs.ru, slof@lists.ozlabs.org Date: Tue, 12 May 2020 11:44:49 -0400 Message-Id: <20200512154452.1702985-1-stefanb@linux.vnet.ibm.com> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.676 definitions=2020-05-12_04:2020-05-11, 2020-05-12 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 mlxscore=0 suspectscore=9 bulkscore=0 clxscore=1011 spamscore=0 phishscore=0 priorityscore=1501 mlxlogscore=999 adultscore=0 impostorscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2005120115 Subject: [SLOF] [PATCH 0/3] vTPM: Measure the bootloader X-BeenThere: slof@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches for https://github.com/aik/SLOF" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" This series of patches adds support for measuring the booloader read from a GPT partition. Since the boot loader is read into a buffer much bigger (0x700000 bytes) than the original file, we need a way to determine the original file size of the boot loader so that we measure only those bytes from the buffer that are also found in the file. The file is assumed to be an ELF file. We do this by extending libelf with a function that allows us to determine the ELF file's original file size by walking the ELF headers and looking for the farthest offset. In the normal case this will result in the same hash calculated as if one does for example 'sha256sum grub'. However, it could lead to a different measurement if the user intentionately appended bytes to the file, which are not referenced by any ELF section. We cannot solve this case. Stefan v2->v3: - addressed nits v1->v2: - Followed Alexey's comments - Renamed new function suffix from '_file' to '_buffer' to be more generic Stefan Berger (3): elf: Implement elf_get_file_size to determine size of an ELF image tcgbios: Implement tpm_hash_log_extend_event_buffer tcgbios: Measure the bootloader file read from disk include/helpers.h | 2 + include/libelf.h | 14 +++++++ lib/libelf/elf.c | 26 +++++++++++++ lib/libelf/elf32.c | 69 ++++++++++++++++++++++++++++++++++ lib/libelf/elf64.c | 57 ++++++++++++++++++++++++++++ lib/libtpm/tcgbios.c | 44 ++++++++++++++++++++++ lib/libtpm/tcgbios.h | 5 +++ lib/libtpm/tpm.code | 19 ++++++++++ lib/libtpm/tpm.in | 1 + slof/fs/packages/disk-label.fs | 19 +++++++++- 10 files changed, 255 insertions(+), 1 deletion(-)