From patchwork Thu Mar 26 20:20:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Berger X-Patchwork-Id: 1262281 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48pGbb0G84z9sSH for ; Fri, 27 Mar 2020 07:21:31 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 48pGbZ5mhhzDqBL for ; Fri, 27 Mar 2020 07:21:30 +1100 (AEDT) X-Original-To: slof@lists.ozlabs.org Delivered-To: slof@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=linux.vnet.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=stefanb@linux.vnet.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.vnet.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 48pGb00WyhzDqNW for ; Fri, 27 Mar 2020 07:20:59 +1100 (AEDT) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 02QK3M6j120358; Thu, 26 Mar 2020 16:20:56 -0400 Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0b-001b2d01.pphosted.com with ESMTP id 2ywd2une7s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2020 16:20:56 -0400 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 02QKAJW6005647; Thu, 26 Mar 2020 20:20:56 GMT Received: from b01cxnp23032.gho.pok.ibm.com (b01cxnp23032.gho.pok.ibm.com [9.57.198.27]) by ppma03wdc.us.ibm.com with ESMTP id 2ywawacf1k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 26 Mar 2020 20:20:56 +0000 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 02QKKtVu53019050 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 26 Mar 2020 20:20:55 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9D4CE112061; Thu, 26 Mar 2020 20:20:55 +0000 (GMT) Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8BC75112066; Thu, 26 Mar 2020 20:20:55 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP; Thu, 26 Mar 2020 20:20:55 +0000 (GMT) From: Stefan Berger To: slof@lists.ozlabs.org, aik@ozlabs.ru Date: Thu, 26 Mar 2020 16:20:53 -0400 Message-Id: <20200326202054.826301-3-stefanb@linux.vnet.ibm.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200326202054.826301-1-stefanb@linux.vnet.ibm.com> References: <20200326202054.826301-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.645 definitions=2020-03-26_11:2020-03-26, 2020-03-26 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 lowpriorityscore=0 suspectscore=9 spamscore=0 mlxscore=0 adultscore=0 priorityscore=1501 malwarescore=0 phishscore=0 mlxlogscore=999 bulkscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2003260144 Subject: [SLOF] [PATCH 2/3] tcgbios: Implement tpm_hash_log_extend_event_file X-BeenThere: slof@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Patches for https://github.com/aik/SLOF" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefan Berger Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" From: Stefan Berger Implement tpm_hash_log_extend_event_file() that allows to measure the contents of a file into a given PCR and log it with the given event type and description. The caller may choose to have the size of the original ELF image detected so that only data from the ELF image are hashed. Signed-off-by: Stefan Berger --- lib/libtpm/tcgbios.c | 35 +++++++++++++++++++++++++++++++++++ lib/libtpm/tcgbios.h | 4 ++++ lib/libtpm/tpm.code | 19 +++++++++++++++++++ lib/libtpm/tpm.in | 1 + 4 files changed, 59 insertions(+) diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c index be6c3d1..fa2ab2b 100644 --- a/lib/libtpm/tcgbios.c +++ b/lib/libtpm/tcgbios.c @@ -33,6 +33,7 @@ #include "helpers.h" #include "version.h" #include "OF.h" +#include "libelf.h" #undef TCGBIOS_DEBUG //#define TCGBIOS_DEBUG @@ -852,6 +853,40 @@ static uint32_t tpm_add_measurement_to_log(uint32_t pcrindex, return tpm_log_event_long(&le.hdr, digest_len, info, infolen); } +/* + * Measure a file into the given PCR and log it with the given + * eventtype. If is_elf is true, try to determine the size of the + * ELF file and use its size rather than the much larger data buffer + * it is held in. In case of failure to detect the ELF file size, + * log an additional error. + */ +uint32_t tpm_hash_log_extend_event_file(uint32_t pcrindex, uint32_t eventtype, + const void *data, uint32_t datalen, + const char *desc, uint32_t desclen, + bool is_elf) +{ + long len; + const char *string; + uint32_t ret; + + if (is_elf) { + len = elf_get_file_size(data, datalen); + if (len > 0) { + datalen = len; + } else { + string = "BAD ELF FILE"; + ret = tpm_add_measurement_to_log(pcrindex, eventtype, + string, strlen(string), + (uint8_t *)string, strlen(string)); + if (ret) + return ret; + } + } + return tpm_add_measurement_to_log(pcrindex, eventtype, + desc, desclen, + data, datalen); +} + /* * Add an EV_ACTION measurement to the list of measurements */ diff --git a/lib/libtpm/tcgbios.h b/lib/libtpm/tcgbios.h index 8174d86..1ef72e9 100644 --- a/lib/libtpm/tcgbios.h +++ b/lib/libtpm/tcgbios.h @@ -32,5 +32,9 @@ void tpm20_menu(void); void tpm_gpt_set_lba1(const uint8_t *addr, uint32_t length); void tpm_gpt_add_entry(const uint8_t *addr, uint32_t length); uint32_t tpm_measure_gpt(void); +uint32_t tpm_hash_log_extend_event_file(uint32_t pcrindex, uint32_t eventtype, + const void *data, uint32_t datalen, + const char *desc, uint32_t desclen, + bool is_elf); #endif /* TCGBIOS_H */ diff --git a/lib/libtpm/tpm.code b/lib/libtpm/tpm.code index 205c608..598280d 100644 --- a/lib/libtpm/tpm.code +++ b/lib/libtpm/tpm.code @@ -169,3 +169,22 @@ PRIM(tpm_X2d_measure_X2d_gpt) PUSH; TOS.n = tpm_measure_gpt(); MIRP + +/*****************************************************************************************************/ +/* Firmware API */ +/* SLOF: tpm-hash-log-extend-event-raw ( pcr evt data-ptr data-len desc-ptr desclen is_elf -- rc ) */ +/* LIBTPM: errcode = tpm-hash-log-extend-event-raw */ +/*****************************************************************************************************/ +PRIM(tpm_X2d_hash_X2d_log_X2d_extend_X2d_event_X2d_file) + uint32_t is_elf = TOS.u; POP; + uint32_t desclen = TOS.u; POP; + const char *desc = TOS.a; POP; + uint32_t datalen = TOS.u; POP; + const void *data = TOS.a; POP; + uint32_t eventtype = TOS.u; POP; + uint32_t pcrindex = TOS.u; + + TOS.n = tpm_hash_log_extend_event_file(pcrindex, eventtype, + data, datalen, + desc, desclen, is_elf); +MIRP diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in index bdbc47d..db8bea0 100644 --- a/lib/libtpm/tpm.in +++ b/lib/libtpm/tpm.in @@ -28,3 +28,4 @@ cod(tpm20-menu) cod(tpm-gpt-set-lba1) cod(tpm-gpt-add-entry) cod(tpm-measure-gpt) +cod(tpm-hash-log-extend-event-file)