| Message ID | 20211123115335.125252-1-ruchika.gupta@linaro.org |
|---|---|
| State | Superseded, archived |
| Delegated to: | Heinrich Schuchardt |
| Headers | show |
| Series | [v2,1/3] efi_loader: Add check for event log passed from firmware | expand |
Hi Ruchika, > + [...] > + ret = platform_get_eventlog(dev, &base, &sz); > + if (ret == EFI_SUCCESS) { Can we invert the logic here? if (ret != EFI_SUCCESS) return ret; etc... > + void *buffer = (void *)base; > + > + if (sz > TPM2_EVENT_LOG_SIZE) > + return EFI_VOLUME_FULL; > + > + pos = 0; > + /* Parse the eventlog to check for its validity */ > + ret = parse_event_log_header(buffer, sz, &pos); > + if (ret || pos > sz) > + return EFI_COMPROMISED_DATA; > + > + ret = parse_specid_event(dev, buffer, sz, &pos, &digest_list); > + if (ret || pos > sz) { > + log_err("Error parsing SPEC ID Event\n"); > + return EFI_COMPROMISED_DATA; > + } > + > + while (pos < sz) { > + ret = tcg2_parse_event(dev, buffer, sz, &pos, > + &digest_list, &pcr); > + if (ret) { > + log_err("Error parsing event\n"); > + return ret; > + } > + } > + > + memcpy(log_buffer, buffer, sz); > + *log_sz = sz; > + } > + > + return ret; > +} > + > /** > * create_specid_event() - Create the first event in the eventlog > * > @@ -1340,6 +1622,12 @@ static efi_status_t efi_init_event_log(void) > * last log entry > */ > memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); > + > + /* > + * The log header is defined to be in SHA1 event log entry format. > + * Setup event header > + */ > + event_header = (struct tcg_pcr_event *)event_log.buffer; > event_log.pos = 0; > event_log.last_event_size = 0; > event_log.get_event_called = false; > @@ -1347,22 +1635,28 @@ static efi_status_t efi_init_event_log(void) > event_log.truncated = false; > > /* > - * The log header is defined to be in SHA1 event log entry format. > - * Setup event header > + * Check if earlier firmware have passed any eventlog. Different > + * platforms can use different ways to do so > */ > - event_header = (struct tcg_pcr_event *)event_log.buffer; > - put_unaligned_le32(0, &event_header->pcr_index); > - put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); > - memset(&event_header->digest, 0, sizeof(event_header->digest)); > - ret = create_specid_event(dev, (void *)((uintptr_t)event_log.buffer + sizeof(*event_header)), > - &spec_event_size); > - if (ret != EFI_SUCCESS) > - goto free_pool; > - put_unaligned_le32(spec_event_size, &event_header->event_size); > - event_log.pos = spec_event_size + sizeof(*event_header); > - event_log.last_event_size = event_log.pos; > + ret = tcg2_get_fw_eventlog(dev, event_log.buffer, &event_log.pos); > + if (ret == EFI_NOT_FOUND) { > + put_unaligned_le32(0, &event_header->pcr_index); > + put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); > + memset(&event_header->digest, 0, sizeof(event_header->digest)); > + ret = create_specid_event(dev, > + (void *)((uintptr_t)event_log.buffer + > + sizeof(*event_header)), > + &spec_event_size); > + if (ret != EFI_SUCCESS) > + goto free_pool; > + put_unaligned_le32(spec_event_size, &event_header->event_size); > + event_log.pos = spec_event_size + sizeof(*event_header); > + event_log.last_event_size = event_log.pos; > + } > + > + if (ret == EFI_SUCCESS) > + ret = create_final_event(); Same here please. Check for != EFI_SUCCESS and exit before creating the final eventlog config table. > > - ret = create_final_event(); > if (ret != EFI_SUCCESS) > goto free_pool; > > -- > 2.25.1 > Thanks /lias
Hi Ruchika, Ilias, On Tue, 23 Nov 2021 at 20:53, Ruchika Gupta <ruchika.gupta@linaro.org> wrote: > > Platforms may have support to measure their initial firmware components > and pass the event log to u-boot. The event log address can be passed > in property tpm_event_log_addr and tpm_event_log_size of the tpm node. > Platforms may choose their own specific mechanism to do so. A weak > function is added to check if even log has been passed to u-boot > from earlier firmware components. If available, the eventlog is parsed > to check for its correctness and further event logs are appended to the > passed log. It implies that U-Boot is no longer s-crtm, so existing efi_append_scrtm_version() call shall be skipped in this case. Thanks, Masahisa Kojima > > Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> > --- > v2: > Moved firmware eventlog code parsing to tcg2_get_fw_eventlog() > > lib/efi_loader/efi_tcg2.c | 322 ++++++++++++++++++++++++++++++++++++-- > 1 file changed, 308 insertions(+), 14 deletions(-) > > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c > index 8c1f22e337..c3ebdf92f5 100644 > --- a/lib/efi_loader/efi_tcg2.c > +++ b/lib/efi_loader/efi_tcg2.c > @@ -324,6 +324,45 @@ __weak efi_status_t platform_get_tpm2_device(struct udevice **dev) > return EFI_NOT_FOUND; > } > > +/** > + * platform_get_eventlog() - retrieve the eventlog address and size > + * > + * This function retrieves the eventlog address and size if the underlying > + * firmware has done some measurements and passed them. > + * > + * This function may be overridden based on platform specific method of > + * passing the eventlog address and size. > + * > + * @dev: udevice > + * @addr: eventlog address > + * @sz: eventlog size > + * Return: status code > + */ > +__weak efi_status_t platform_get_eventlog(struct udevice *dev, u64 *addr, > + u32 *sz) > +{ > + const u64 *basep; > + const u32 *sizep; > + > + basep = dev_read_prop(dev, "tpm_event_log_addr", NULL); > + if (!basep) > + return EFI_NOT_FOUND; > + > + *addr = be64_to_cpup((__force __be64 *)basep); > + > + sizep = dev_read_prop(dev, "tpm_event_log_size", NULL); > + if (!sizep) > + return EFI_NOT_FOUND; > + > + *sz = be32_to_cpup((__force __be32 *)sizep); > + if (*sz == 0) { > + log_debug("event log empty\n"); > + return EFI_NOT_FOUND; > + } > + > + return EFI_SUCCESS; > +} > + > /** > * tpm2_get_max_command_size() - get the supported max command size > * > @@ -1181,6 +1220,249 @@ static const struct efi_tcg2_protocol efi_tcg2_protocol = { > .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks, > }; > > +/** > + * parse_event_log_header() - Parse and verify the event log header fields > + * > + * @buffer: Pointer to the event header > + * @size: Size of the eventlog > + * @pos: Position in buffer after event log header > + * > + * Return: status code > + */ > +efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos) > +{ > + struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer; > + int i = 0; > + > + if (size < sizeof(*event_header)) > + return EFI_COMPROMISED_DATA; > + > + if (get_unaligned_le32(&event_header->pcr_index) != 0 || > + get_unaligned_le32(&event_header->event_type) != EV_NO_ACTION) > + return EFI_COMPROMISED_DATA; > + > + for (i = 0; i < sizeof(event_header->digest); i++) { > + if (event_header->digest[i] != 0) > + return EFI_COMPROMISED_DATA; > + } > + > + *pos += sizeof(*event_header); > + > + return EFI_SUCCESS; > +} > + > +/** > + * parse_specid_event() - Parse and verify the specID Event in the eventlog > + * > + * @dev: udevice > + * @buffer: Pointer to the start of the eventlog > + * @log_size: Size of the eventlog > + * @pos: Offset in the evenlog where specID event starts > + * > + * Return: status code > + * @pos Offset in the eventlog where the specID event ends > + * @digest_list: list of digests in the event > + */ > +efi_status_t parse_specid_event(struct udevice *dev, void *buffer, u32 log_size, > + u32 *pos, > + struct tpml_digest_values *digest_list) > +{ > + struct tcg_efi_spec_id_event *spec_event; > + struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer; > + size_t spec_event_size; > + u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0; > + u32 spec_active = 0; > + u16 hash_alg, hash_sz; > + u8 vendor_sz; > + int err, i; > + > + /* Check specID event data */ > + spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer + *pos); > + /* Check for signature */ > + if (memcmp(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, > + sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) { > + log_err("specID Event: Signature mismatch\n"); > + return EFI_COMPROMISED_DATA; > + } > + > + if (spec_event->spec_version_minor != > + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || > + spec_event->spec_version_major != > + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) > + return EFI_COMPROMISED_DATA; > + > + if (spec_event->number_of_algorithms > MAX_HASH_COUNT || > + spec_event->number_of_algorithms < 1) { > + log_err("specID Event: Number of algorithms incorrect\n"); > + return EFI_COMPROMISED_DATA; > + } > + > + alg_count = spec_event->number_of_algorithms; > + > + err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count); > + if (err) > + return EFI_DEVICE_ERROR; > + > + digest_list->count = 0; > + /* > + * We may need to worry about the order of algs in this structure as > + * subsequent entries in event should be in same order > + */ > + for (i = 0; i < alg_count; i++) { > + hash_alg = > + get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id); > + hash_sz = > + get_unaligned_le16(&spec_event->digest_sizes[i].digest_size); > + > + if (!(supported & alg_to_mask(hash_alg))) { > + log_err("specID Event: Unsupported algorithm\n"); > + return EFI_COMPROMISED_DATA; > + } > + digest_list->digests[digest_list->count++].hash_alg = hash_alg; > + > + spec_active |= alg_to_mask(hash_alg); > + } > + > + /* TCG spec expects the event log to have hashes for all active PCR's */ > + if (spec_active != active) { > + /* > + * Previous stage bootloader should know all the active PCR's > + * and use them in the Eventlog. > + */ > + log_err("specID Event: All active hash alg not present\n"); > + return EFI_COMPROMISED_DATA; > + } > + > + /* > + * the size of the spec event and placement of vendor_info_size > + * depends on supported algoriths > + */ > + spec_event_size = > + offsetof(struct tcg_efi_spec_id_event, digest_sizes) + > + alg_count * sizeof(spec_event->digest_sizes[0]); > + > + vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos + spec_event_size); > + > + spec_event_size += sizeof(vendor_sz) + vendor_sz; > + *pos += spec_event_size; > + > + if (get_unaligned_le32(&event_header->event_size) != spec_event_size) { > + log_err("specID event: header event size mismatch\n"); > + /* Right way to handle this can be to call SetActive PCR's */ > + return EFI_COMPROMISED_DATA; > + } > + > + return EFI_SUCCESS; > +} > + > +efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer, u32 log_size, > + u32 *offset, struct tpml_digest_values *digest_list, > + u32 *pcr) > +{ > + struct tcg_pcr_event2 *event = NULL; > + u32 event_type, count, size, event_size; > + size_t pos; > + > + if (*offset > log_size) > + return EFI_COMPROMISED_DATA; > + > + event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset); > + > + *pcr = get_unaligned_le32(&event->pcr_index); > + > + event_size = tcg_event_final_size(digest_list); > + > + if (*offset + event_size > log_size) { > + log_err("Event exceeds log size\n"); > + return EFI_COMPROMISED_DATA; > + } > + > + event_type = get_unaligned_le32(&event->event_type); > + > + /* get the count */ > + count = get_unaligned_le32(&event->digests.count); > + if (count != digest_list->count) > + return EFI_COMPROMISED_DATA; > + > + pos = offsetof(struct tcg_pcr_event2, digests); > + pos += offsetof(struct tpml_digest_values, digests); > + > + for (int i = 0; i < digest_list->count; i++) { > + u16 alg; > + u16 hash_alg = digest_list->digests[i].hash_alg; > + u8 *digest = (u8 *)&digest_list->digests[i].digest; > + > + alg = get_unaligned_le16((void *)((uintptr_t)event + pos)); > + > + if (alg != hash_alg) > + return EFI_COMPROMISED_DATA; > + > + pos += offsetof(struct tpmt_ha, digest); > + memcpy(digest, (void *)((uintptr_t)event + pos), alg_to_len(hash_alg)); > + pos += alg_to_len(hash_alg); > + } > + > + size = get_unaligned_le32((void *)((uintptr_t)event + pos)); > + event_size += size; > + pos += sizeof(u32); /* tcg_pcr_event2 event_size*/ > + pos += size; > + > + /* make sure the calculated buffer is what we checked against */ > + if (pos != event_size) > + return EFI_COMPROMISED_DATA; > + > + if (pos > log_size) > + return EFI_COMPROMISED_DATA; > + > + *offset += pos; > + > + return EFI_SUCCESS; > +} > + > +efi_status_t tcg2_get_fw_eventlog(struct udevice *dev, void *log_buffer, > + size_t *log_sz) > +{ > + struct tpml_digest_values digest_list; > + efi_status_t ret; > + u32 pcr, pos; > + u64 base; > + u32 sz; > + > + ret = platform_get_eventlog(dev, &base, &sz); > + if (ret == EFI_SUCCESS) { > + void *buffer = (void *)base; > + > + if (sz > TPM2_EVENT_LOG_SIZE) > + return EFI_VOLUME_FULL; > + > + pos = 0; > + /* Parse the eventlog to check for its validity */ > + ret = parse_event_log_header(buffer, sz, &pos); > + if (ret || pos > sz) > + return EFI_COMPROMISED_DATA; > + > + ret = parse_specid_event(dev, buffer, sz, &pos, &digest_list); > + if (ret || pos > sz) { > + log_err("Error parsing SPEC ID Event\n"); > + return EFI_COMPROMISED_DATA; > + } > + > + while (pos < sz) { > + ret = tcg2_parse_event(dev, buffer, sz, &pos, > + &digest_list, &pcr); > + if (ret) { > + log_err("Error parsing event\n"); > + return ret; > + } > + } > + > + memcpy(log_buffer, buffer, sz); > + *log_sz = sz; > + } > + > + return ret; > +} > + > /** > * create_specid_event() - Create the first event in the eventlog > * > @@ -1340,6 +1622,12 @@ static efi_status_t efi_init_event_log(void) > * last log entry > */ > memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); > + > + /* > + * The log header is defined to be in SHA1 event log entry format. > + * Setup event header > + */ > + event_header = (struct tcg_pcr_event *)event_log.buffer; > event_log.pos = 0; > event_log.last_event_size = 0; > event_log.get_event_called = false; > @@ -1347,22 +1635,28 @@ static efi_status_t efi_init_event_log(void) > event_log.truncated = false; > > /* > - * The log header is defined to be in SHA1 event log entry format. > - * Setup event header > + * Check if earlier firmware have passed any eventlog. Different > + * platforms can use different ways to do so > */ > - event_header = (struct tcg_pcr_event *)event_log.buffer; > - put_unaligned_le32(0, &event_header->pcr_index); > - put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); > - memset(&event_header->digest, 0, sizeof(event_header->digest)); > - ret = create_specid_event(dev, (void *)((uintptr_t)event_log.buffer + sizeof(*event_header)), > - &spec_event_size); > - if (ret != EFI_SUCCESS) > - goto free_pool; > - put_unaligned_le32(spec_event_size, &event_header->event_size); > - event_log.pos = spec_event_size + sizeof(*event_header); > - event_log.last_event_size = event_log.pos; > + ret = tcg2_get_fw_eventlog(dev, event_log.buffer, &event_log.pos); > + if (ret == EFI_NOT_FOUND) { > + put_unaligned_le32(0, &event_header->pcr_index); > + put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); > + memset(&event_header->digest, 0, sizeof(event_header->digest)); > + ret = create_specid_event(dev, > + (void *)((uintptr_t)event_log.buffer + > + sizeof(*event_header)), > + &spec_event_size); > + if (ret != EFI_SUCCESS) > + goto free_pool; > + put_unaligned_le32(spec_event_size, &event_header->event_size); > + event_log.pos = spec_event_size + sizeof(*event_header); > + event_log.last_event_size = event_log.pos; > + } > + > + if (ret == EFI_SUCCESS) > + ret = create_final_event(); > > - ret = create_final_event(); > if (ret != EFI_SUCCESS) > goto free_pool; > > -- > 2.25.1 >
Hi Ilias, On Wed, 24 Nov 2021 at 12:34, Ilias Apalodimas <ilias.apalodimas@linaro.org> wrote: > Hi Ruchika, > > + > > [...] > > > + ret = platform_get_eventlog(dev, &base, &sz); > > + if (ret == EFI_SUCCESS) { > > Can we invert the logic here? > if (ret != EFI_SUCCESS) > return ret; > > etc... > Change posted in v3. > > + void *buffer = (void *)base; > > + > > + if (sz > TPM2_EVENT_LOG_SIZE) > > + return EFI_VOLUME_FULL; > > + > > + pos = 0; > > + /* Parse the eventlog to check for its validity */ > > + ret = parse_event_log_header(buffer, sz, &pos); > > + if (ret || pos > sz) > > + return EFI_COMPROMISED_DATA; > > + > > + ret = parse_specid_event(dev, buffer, sz, &pos, > &digest_list); > > + if (ret || pos > sz) { > > + log_err("Error parsing SPEC ID Event\n"); > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + while (pos < sz) { > > + ret = tcg2_parse_event(dev, buffer, sz, &pos, > > + &digest_list, &pcr); > > + if (ret) { > > + log_err("Error parsing event\n"); > > + return ret; > > + } > > + } > > + > > + memcpy(log_buffer, buffer, sz); > > + *log_sz = sz; > > + } > > + > > + return ret; > > +} > > + > > /** > > * create_specid_event() - Create the first event in the eventlog > > * > > @@ -1340,6 +1622,12 @@ static efi_status_t efi_init_event_log(void) > > * last log entry > > */ > > memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); > > + > > + /* > > + * The log header is defined to be in SHA1 event log entry format. > > + * Setup event header > > + */ > > + event_header = (struct tcg_pcr_event *)event_log.buffer; > > event_log.pos = 0; > > event_log.last_event_size = 0; > > event_log.get_event_called = false; > > @@ -1347,22 +1635,28 @@ static efi_status_t efi_init_event_log(void) > > event_log.truncated = false; > > > > /* > > - * The log header is defined to be in SHA1 event log entry format. > > - * Setup event header > > + * Check if earlier firmware have passed any eventlog. Different > > + * platforms can use different ways to do so > > */ > > - event_header = (struct tcg_pcr_event *)event_log.buffer; > > - put_unaligned_le32(0, &event_header->pcr_index); > > - put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); > > - memset(&event_header->digest, 0, sizeof(event_header->digest)); > > - ret = create_specid_event(dev, (void > *)((uintptr_t)event_log.buffer + sizeof(*event_header)), > > - &spec_event_size); > > - if (ret != EFI_SUCCESS) > > - goto free_pool; > > - put_unaligned_le32(spec_event_size, &event_header->event_size); > > - event_log.pos = spec_event_size + sizeof(*event_header); > > - event_log.last_event_size = event_log.pos; > > + ret = tcg2_get_fw_eventlog(dev, event_log.buffer, &event_log.pos); > > + if (ret == EFI_NOT_FOUND) { > > + put_unaligned_le32(0, &event_header->pcr_index); > > + put_unaligned_le32(EV_NO_ACTION, > &event_header->event_type); > > + memset(&event_header->digest, 0, > sizeof(event_header->digest)); > > + ret = create_specid_event(dev, > > + (void > *)((uintptr_t)event_log.buffer + > > + sizeof(*event_header)), > > + &spec_event_size); > > + if (ret != EFI_SUCCESS) > > + goto free_pool; > > + put_unaligned_le32(spec_event_size, > &event_header->event_size); > > + event_log.pos = spec_event_size + sizeof(*event_header); > > + event_log.last_event_size = event_log.pos; > > + } > > + > > + if (ret == EFI_SUCCESS) > > + ret = create_final_event(); > > Same here please. Check for != EFI_SUCCESS and exit before creating the > final eventlog config table. > Changes done in v3 Regards, Ruchika > > > > - ret = create_final_event(); > > if (ret != EFI_SUCCESS) > > goto free_pool; > > > > -- > > 2.25.1 > > > > Thanks > /lias >
Hi Kojima-san, On Wed, 24 Nov 2021 at 13:08, Masahisa Kojima <masahisa.kojima@linaro.org> wrote: > Hi Ruchika, Ilias, > > On Tue, 23 Nov 2021 at 20:53, Ruchika Gupta <ruchika.gupta@linaro.org> > wrote: > > > > Platforms may have support to measure their initial firmware components > > and pass the event log to u-boot. The event log address can be passed > > in property tpm_event_log_addr and tpm_event_log_size of the tpm node. > > Platforms may choose their own specific mechanism to do so. A weak > > function is added to check if even log has been passed to u-boot > > from earlier firmware components. If available, the eventlog is parsed > > to check for its correctness and further event logs are appended to the > > passed log. > > It implies that U-Boot is no longer s-crtm, so existing > efi_append_scrtm_version() > call shall be skipped in this case. > Thanks for bringing this up. Is this a required event ? I don't see the TF-A appending this event to the log currently. I will need to go and check the spec for this. Regards, Ruchika > > Thanks, > Masahisa Kojima > > > > > Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> > > --- > > v2: > > Moved firmware eventlog code parsing to tcg2_get_fw_eventlog() > > > > lib/efi_loader/efi_tcg2.c | 322 ++++++++++++++++++++++++++++++++++++-- > > 1 file changed, 308 insertions(+), 14 deletions(-) > > > > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c > > index 8c1f22e337..c3ebdf92f5 100644 > > --- a/lib/efi_loader/efi_tcg2.c > > +++ b/lib/efi_loader/efi_tcg2.c > > @@ -324,6 +324,45 @@ __weak efi_status_t platform_get_tpm2_device(struct > udevice **dev) > > return EFI_NOT_FOUND; > > } > > > > +/** > > + * platform_get_eventlog() - retrieve the eventlog address and size > > + * > > + * This function retrieves the eventlog address and size if the > underlying > > + * firmware has done some measurements and passed them. > > + * > > + * This function may be overridden based on platform specific method of > > + * passing the eventlog address and size. > > + * > > + * @dev: udevice > > + * @addr: eventlog address > > + * @sz: eventlog size > > + * Return: status code > > + */ > > +__weak efi_status_t platform_get_eventlog(struct udevice *dev, u64 > *addr, > > + u32 *sz) > > +{ > > + const u64 *basep; > > + const u32 *sizep; > > + > > + basep = dev_read_prop(dev, "tpm_event_log_addr", NULL); > > + if (!basep) > > + return EFI_NOT_FOUND; > > + > > + *addr = be64_to_cpup((__force __be64 *)basep); > > + > > + sizep = dev_read_prop(dev, "tpm_event_log_size", NULL); > > + if (!sizep) > > + return EFI_NOT_FOUND; > > + > > + *sz = be32_to_cpup((__force __be32 *)sizep); > > + if (*sz == 0) { > > + log_debug("event log empty\n"); > > + return EFI_NOT_FOUND; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > /** > > * tpm2_get_max_command_size() - get the supported max command size > > * > > @@ -1181,6 +1220,249 @@ static const struct efi_tcg2_protocol > efi_tcg2_protocol = { > > .get_result_of_set_active_pcr_banks = > efi_tcg2_get_result_of_set_active_pcr_banks, > > }; > > > > +/** > > + * parse_event_log_header() - Parse and verify the event log header > fields > > + * > > + * @buffer: Pointer to the event header > > + * @size: Size of the eventlog > > + * @pos: Position in buffer after event log header > > + * > > + * Return: status code > > + */ > > +efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos) > > +{ > > + struct tcg_pcr_event *event_header = (struct tcg_pcr_event > *)buffer; > > + int i = 0; > > + > > + if (size < sizeof(*event_header)) > > + return EFI_COMPROMISED_DATA; > > + > > + if (get_unaligned_le32(&event_header->pcr_index) != 0 || > > + get_unaligned_le32(&event_header->event_type) != > EV_NO_ACTION) > > + return EFI_COMPROMISED_DATA; > > + > > + for (i = 0; i < sizeof(event_header->digest); i++) { > > + if (event_header->digest[i] != 0) > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + *pos += sizeof(*event_header); > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + * parse_specid_event() - Parse and verify the specID Event in the > eventlog > > + * > > + * @dev: udevice > > + * @buffer: Pointer to the start of the eventlog > > + * @log_size: Size of the eventlog > > + * @pos: Offset in the evenlog where specID event starts > > + * > > + * Return: status code > > + * @pos Offset in the eventlog where the specID > event ends > > + * @digest_list: list of digests in the event > > + */ > > +efi_status_t parse_specid_event(struct udevice *dev, void *buffer, u32 > log_size, > > + u32 *pos, > > + struct tpml_digest_values *digest_list) > > +{ > > + struct tcg_efi_spec_id_event *spec_event; > > + struct tcg_pcr_event *event_header = (struct tcg_pcr_event > *)buffer; > > + size_t spec_event_size; > > + u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0; > > + u32 spec_active = 0; > > + u16 hash_alg, hash_sz; > > + u8 vendor_sz; > > + int err, i; > > + > > + /* Check specID event data */ > > + spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer > + *pos); > > + /* Check for signature */ > > + if (memcmp(spec_event->signature, > TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, > > + sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) { > > + log_err("specID Event: Signature mismatch\n"); > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + if (spec_event->spec_version_minor != > > + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || > > + spec_event->spec_version_major != > > + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) > > + return EFI_COMPROMISED_DATA; > > + > > + if (spec_event->number_of_algorithms > MAX_HASH_COUNT || > > + spec_event->number_of_algorithms < 1) { > > + log_err("specID Event: Number of algorithms > incorrect\n"); > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + alg_count = spec_event->number_of_algorithms; > > + > > + err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count); > > + if (err) > > + return EFI_DEVICE_ERROR; > > + > > + digest_list->count = 0; > > + /* > > + * We may need to worry about the order of algs in this > structure as > > + * subsequent entries in event should be in same order > > + */ > > + for (i = 0; i < alg_count; i++) { > > + hash_alg = > > + > get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id); > > + hash_sz = > > + > get_unaligned_le16(&spec_event->digest_sizes[i].digest_size); > > + > > + if (!(supported & alg_to_mask(hash_alg))) { > > + log_err("specID Event: Unsupported algorithm\n"); > > + return EFI_COMPROMISED_DATA; > > + } > > + digest_list->digests[digest_list->count++].hash_alg = > hash_alg; > > + > > + spec_active |= alg_to_mask(hash_alg); > > + } > > + > > + /* TCG spec expects the event log to have hashes for all active > PCR's */ > > + if (spec_active != active) { > > + /* > > + * Previous stage bootloader should know all the active > PCR's > > + * and use them in the Eventlog. > > + */ > > + log_err("specID Event: All active hash alg not > present\n"); > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + /* > > + * the size of the spec event and placement of vendor_info_size > > + * depends on supported algoriths > > + */ > > + spec_event_size = > > + offsetof(struct tcg_efi_spec_id_event, digest_sizes) + > > + alg_count * sizeof(spec_event->digest_sizes[0]); > > + > > + vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos + > spec_event_size); > > + > > + spec_event_size += sizeof(vendor_sz) + vendor_sz; > > + *pos += spec_event_size; > > + > > + if (get_unaligned_le32(&event_header->event_size) != > spec_event_size) { > > + log_err("specID event: header event size mismatch\n"); > > + /* Right way to handle this can be to call SetActive > PCR's */ > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer, u32 > log_size, > > + u32 *offset, struct tpml_digest_values > *digest_list, > > + u32 *pcr) > > +{ > > + struct tcg_pcr_event2 *event = NULL; > > + u32 event_type, count, size, event_size; > > + size_t pos; > > + > > + if (*offset > log_size) > > + return EFI_COMPROMISED_DATA; > > + > > + event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset); > > + > > + *pcr = get_unaligned_le32(&event->pcr_index); > > + > > + event_size = tcg_event_final_size(digest_list); > > + > > + if (*offset + event_size > log_size) { > > + log_err("Event exceeds log size\n"); > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + event_type = get_unaligned_le32(&event->event_type); > > + > > + /* get the count */ > > + count = get_unaligned_le32(&event->digests.count); > > + if (count != digest_list->count) > > + return EFI_COMPROMISED_DATA; > > + > > + pos = offsetof(struct tcg_pcr_event2, digests); > > + pos += offsetof(struct tpml_digest_values, digests); > > + > > + for (int i = 0; i < digest_list->count; i++) { > > + u16 alg; > > + u16 hash_alg = digest_list->digests[i].hash_alg; > > + u8 *digest = (u8 *)&digest_list->digests[i].digest; > > + > > + alg = get_unaligned_le16((void *)((uintptr_t)event + > pos)); > > + > > + if (alg != hash_alg) > > + return EFI_COMPROMISED_DATA; > > + > > + pos += offsetof(struct tpmt_ha, digest); > > + memcpy(digest, (void *)((uintptr_t)event + pos), > alg_to_len(hash_alg)); > > + pos += alg_to_len(hash_alg); > > + } > > + > > + size = get_unaligned_le32((void *)((uintptr_t)event + pos)); > > + event_size += size; > > + pos += sizeof(u32); /* tcg_pcr_event2 event_size*/ > > + pos += size; > > + > > + /* make sure the calculated buffer is what we checked against */ > > + if (pos != event_size) > > + return EFI_COMPROMISED_DATA; > > + > > + if (pos > log_size) > > + return EFI_COMPROMISED_DATA; > > + > > + *offset += pos; > > + > > + return EFI_SUCCESS; > > +} > > + > > +efi_status_t tcg2_get_fw_eventlog(struct udevice *dev, void *log_buffer, > > + size_t *log_sz) > > +{ > > + struct tpml_digest_values digest_list; > > + efi_status_t ret; > > + u32 pcr, pos; > > + u64 base; > > + u32 sz; > > + > > + ret = platform_get_eventlog(dev, &base, &sz); > > + if (ret == EFI_SUCCESS) { > > + void *buffer = (void *)base; > > + > > + if (sz > TPM2_EVENT_LOG_SIZE) > > + return EFI_VOLUME_FULL; > > + > > + pos = 0; > > + /* Parse the eventlog to check for its validity */ > > + ret = parse_event_log_header(buffer, sz, &pos); > > + if (ret || pos > sz) > > + return EFI_COMPROMISED_DATA; > > + > > + ret = parse_specid_event(dev, buffer, sz, &pos, > &digest_list); > > + if (ret || pos > sz) { > > + log_err("Error parsing SPEC ID Event\n"); > > + return EFI_COMPROMISED_DATA; > > + } > > + > > + while (pos < sz) { > > + ret = tcg2_parse_event(dev, buffer, sz, &pos, > > + &digest_list, &pcr); > > + if (ret) { > > + log_err("Error parsing event\n"); > > + return ret; > > + } > > + } > > + > > + memcpy(log_buffer, buffer, sz); > > + *log_sz = sz; > > + } > > + > > + return ret; > > +} > > + > > /** > > * create_specid_event() - Create the first event in the eventlog > > * > > @@ -1340,6 +1622,12 @@ static efi_status_t efi_init_event_log(void) > > * last log entry > > */ > > memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); > > + > > + /* > > + * The log header is defined to be in SHA1 event log entry > format. > > + * Setup event header > > + */ > > + event_header = (struct tcg_pcr_event *)event_log.buffer; > > event_log.pos = 0; > > event_log.last_event_size = 0; > > event_log.get_event_called = false; > > @@ -1347,22 +1635,28 @@ static efi_status_t efi_init_event_log(void) > > event_log.truncated = false; > > > > /* > > - * The log header is defined to be in SHA1 event log entry > format. > > - * Setup event header > > + * Check if earlier firmware have passed any eventlog. Different > > + * platforms can use different ways to do so > > */ > > - event_header = (struct tcg_pcr_event *)event_log.buffer; > > - put_unaligned_le32(0, &event_header->pcr_index); > > - put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); > > - memset(&event_header->digest, 0, sizeof(event_header->digest)); > > - ret = create_specid_event(dev, (void > *)((uintptr_t)event_log.buffer + sizeof(*event_header)), > > - &spec_event_size); > > - if (ret != EFI_SUCCESS) > > - goto free_pool; > > - put_unaligned_le32(spec_event_size, &event_header->event_size); > > - event_log.pos = spec_event_size + sizeof(*event_header); > > - event_log.last_event_size = event_log.pos; > > + ret = tcg2_get_fw_eventlog(dev, event_log.buffer, > &event_log.pos); > > + if (ret == EFI_NOT_FOUND) { > > + put_unaligned_le32(0, &event_header->pcr_index); > > + put_unaligned_le32(EV_NO_ACTION, > &event_header->event_type); > > + memset(&event_header->digest, 0, > sizeof(event_header->digest)); > > + ret = create_specid_event(dev, > > + (void > *)((uintptr_t)event_log.buffer + > > + > sizeof(*event_header)), > > + &spec_event_size); > > + if (ret != EFI_SUCCESS) > > + goto free_pool; > > + put_unaligned_le32(spec_event_size, > &event_header->event_size); > > + event_log.pos = spec_event_size + sizeof(*event_header); > > + event_log.last_event_size = event_log.pos; > > + } > > + > > + if (ret == EFI_SUCCESS) > > + ret = create_final_event(); > > > > - ret = create_final_event(); > > if (ret != EFI_SUCCESS) > > goto free_pool; > > > > -- > > 2.25.1 > > >
Hi Ruchika, On Wed, 24 Nov 2021 at 18:12, Ruchika Gupta <ruchika.gupta@linaro.org> wrote: > > Hi Kojima-san, > > On Wed, 24 Nov 2021 at 13:08, Masahisa Kojima <masahisa.kojima@linaro.org> wrote: >> >> Hi Ruchika, Ilias, >> >> On Tue, 23 Nov 2021 at 20:53, Ruchika Gupta <ruchika.gupta@linaro.org> wrote: >> > >> > Platforms may have support to measure their initial firmware components >> > and pass the event log to u-boot. The event log address can be passed >> > in property tpm_event_log_addr and tpm_event_log_size of the tpm node. >> > Platforms may choose their own specific mechanism to do so. A weak >> > function is added to check if even log has been passed to u-boot >> > from earlier firmware components. If available, the eventlog is parsed >> > to check for its correctness and further event logs are appended to the >> > passed log. >> >> It implies that U-Boot is no longer s-crtm, so existing >> efi_append_scrtm_version() >> call shall be skipped in this case. > > > Thanks for bringing this up. Is this a required event ? I don't see the TF-A appending this event to the log currently. I will need to go and check the spec for this. Yes, TCG PC Client Platform Firmware Profile Specification[*1] page 29 says the following item must be measured. --- 3. The SRTM’s version identifier, using the event type EV_S_CRTM_VERSION. See Section 10.4.1 Event Types. --- [*1] https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/ Thanks, Masahisa Kojima > > Regards, > Ruchika > >> >> >> Thanks, >> Masahisa Kojima >> >> > >> > Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> >> > --- >> > v2: >> > Moved firmware eventlog code parsing to tcg2_get_fw_eventlog() >> > >> > lib/efi_loader/efi_tcg2.c | 322 ++++++++++++++++++++++++++++++++++++-- >> > 1 file changed, 308 insertions(+), 14 deletions(-) >> > >> > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c >> > index 8c1f22e337..c3ebdf92f5 100644 >> > --- a/lib/efi_loader/efi_tcg2.c >> > +++ b/lib/efi_loader/efi_tcg2.c >> > @@ -324,6 +324,45 @@ __weak efi_status_t platform_get_tpm2_device(struct udevice **dev) >> > return EFI_NOT_FOUND; >> > } >> > >> > +/** >> > + * platform_get_eventlog() - retrieve the eventlog address and size >> > + * >> > + * This function retrieves the eventlog address and size if the underlying >> > + * firmware has done some measurements and passed them. >> > + * >> > + * This function may be overridden based on platform specific method of >> > + * passing the eventlog address and size. >> > + * >> > + * @dev: udevice >> > + * @addr: eventlog address >> > + * @sz: eventlog size >> > + * Return: status code >> > + */ >> > +__weak efi_status_t platform_get_eventlog(struct udevice *dev, u64 *addr, >> > + u32 *sz) >> > +{ >> > + const u64 *basep; >> > + const u32 *sizep; >> > + >> > + basep = dev_read_prop(dev, "tpm_event_log_addr", NULL); >> > + if (!basep) >> > + return EFI_NOT_FOUND; >> > + >> > + *addr = be64_to_cpup((__force __be64 *)basep); >> > + >> > + sizep = dev_read_prop(dev, "tpm_event_log_size", NULL); >> > + if (!sizep) >> > + return EFI_NOT_FOUND; >> > + >> > + *sz = be32_to_cpup((__force __be32 *)sizep); >> > + if (*sz == 0) { >> > + log_debug("event log empty\n"); >> > + return EFI_NOT_FOUND; >> > + } >> > + >> > + return EFI_SUCCESS; >> > +} >> > + >> > /** >> > * tpm2_get_max_command_size() - get the supported max command size >> > * >> > @@ -1181,6 +1220,249 @@ static const struct efi_tcg2_protocol efi_tcg2_protocol = { >> > .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks, >> > }; >> > >> > +/** >> > + * parse_event_log_header() - Parse and verify the event log header fields >> > + * >> > + * @buffer: Pointer to the event header >> > + * @size: Size of the eventlog >> > + * @pos: Position in buffer after event log header >> > + * >> > + * Return: status code >> > + */ >> > +efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos) >> > +{ >> > + struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer; >> > + int i = 0; >> > + >> > + if (size < sizeof(*event_header)) >> > + return EFI_COMPROMISED_DATA; >> > + >> > + if (get_unaligned_le32(&event_header->pcr_index) != 0 || >> > + get_unaligned_le32(&event_header->event_type) != EV_NO_ACTION) >> > + return EFI_COMPROMISED_DATA; >> > + >> > + for (i = 0; i < sizeof(event_header->digest); i++) { >> > + if (event_header->digest[i] != 0) >> > + return EFI_COMPROMISED_DATA; >> > + } >> > + >> > + *pos += sizeof(*event_header); >> > + >> > + return EFI_SUCCESS; >> > +} >> > + >> > +/** >> > + * parse_specid_event() - Parse and verify the specID Event in the eventlog >> > + * >> > + * @dev: udevice >> > + * @buffer: Pointer to the start of the eventlog >> > + * @log_size: Size of the eventlog >> > + * @pos: Offset in the evenlog where specID event starts >> > + * >> > + * Return: status code >> > + * @pos Offset in the eventlog where the specID event ends >> > + * @digest_list: list of digests in the event >> > + */ >> > +efi_status_t parse_specid_event(struct udevice *dev, void *buffer, u32 log_size, >> > + u32 *pos, >> > + struct tpml_digest_values *digest_list) >> > +{ >> > + struct tcg_efi_spec_id_event *spec_event; >> > + struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer; >> > + size_t spec_event_size; >> > + u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0; >> > + u32 spec_active = 0; >> > + u16 hash_alg, hash_sz; >> > + u8 vendor_sz; >> > + int err, i; >> > + >> > + /* Check specID event data */ >> > + spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer + *pos); >> > + /* Check for signature */ >> > + if (memcmp(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, >> > + sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) { >> > + log_err("specID Event: Signature mismatch\n"); >> > + return EFI_COMPROMISED_DATA; >> > + } >> > + >> > + if (spec_event->spec_version_minor != >> > + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || >> > + spec_event->spec_version_major != >> > + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) >> > + return EFI_COMPROMISED_DATA; >> > + >> > + if (spec_event->number_of_algorithms > MAX_HASH_COUNT || >> > + spec_event->number_of_algorithms < 1) { >> > + log_err("specID Event: Number of algorithms incorrect\n"); >> > + return EFI_COMPROMISED_DATA; >> > + } >> > + >> > + alg_count = spec_event->number_of_algorithms; >> > + >> > + err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count); >> > + if (err) >> > + return EFI_DEVICE_ERROR; >> > + >> > + digest_list->count = 0; >> > + /* >> > + * We may need to worry about the order of algs in this structure as >> > + * subsequent entries in event should be in same order >> > + */ >> > + for (i = 0; i < alg_count; i++) { >> > + hash_alg = >> > + get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id); >> > + hash_sz = >> > + get_unaligned_le16(&spec_event->digest_sizes[i].digest_size); >> > + >> > + if (!(supported & alg_to_mask(hash_alg))) { >> > + log_err("specID Event: Unsupported algorithm\n"); >> > + return EFI_COMPROMISED_DATA; >> > + } >> > + digest_list->digests[digest_list->count++].hash_alg = hash_alg; >> > + >> > + spec_active |= alg_to_mask(hash_alg); >> > + } >> > + >> > + /* TCG spec expects the event log to have hashes for all active PCR's */ >> > + if (spec_active != active) { >> > + /* >> > + * Previous stage bootloader should know all the active PCR's >> > + * and use them in the Eventlog. >> > + */ >> > + log_err("specID Event: All active hash alg not present\n"); >> > + return EFI_COMPROMISED_DATA; >> > + } >> > + >> > + /* >> > + * the size of the spec event and placement of vendor_info_size >> > + * depends on supported algoriths >> > + */ >> > + spec_event_size = >> > + offsetof(struct tcg_efi_spec_id_event, digest_sizes) + >> > + alg_count * sizeof(spec_event->digest_sizes[0]); >> > + >> > + vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos + spec_event_size); >> > + >> > + spec_event_size += sizeof(vendor_sz) + vendor_sz; >> > + *pos += spec_event_size; >> > + >> > + if (get_unaligned_le32(&event_header->event_size) != spec_event_size) { >> > + log_err("specID event: header event size mismatch\n"); >> > + /* Right way to handle this can be to call SetActive PCR's */ >> > + return EFI_COMPROMISED_DATA; >> > + } >> > + >> > + return EFI_SUCCESS; >> > +} >> > + >> > +efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer, u32 log_size, >> > + u32 *offset, struct tpml_digest_values *digest_list, >> > + u32 *pcr) >> > +{ >> > + struct tcg_pcr_event2 *event = NULL; >> > + u32 event_type, count, size, event_size; >> > + size_t pos; >> > + >> > + if (*offset > log_size) >> > + return EFI_COMPROMISED_DATA; >> > + >> > + event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset); >> > + >> > + *pcr = get_unaligned_le32(&event->pcr_index); >> > + >> > + event_size = tcg_event_final_size(digest_list); >> > + >> > + if (*offset + event_size > log_size) { >> > + log_err("Event exceeds log size\n"); >> > + return EFI_COMPROMISED_DATA; >> > + } >> > + >> > + event_type = get_unaligned_le32(&event->event_type); >> > + >> > + /* get the count */ >> > + count = get_unaligned_le32(&event->digests.count); >> > + if (count != digest_list->count) >> > + return EFI_COMPROMISED_DATA; >> > + >> > + pos = offsetof(struct tcg_pcr_event2, digests); >> > + pos += offsetof(struct tpml_digest_values, digests); >> > + >> > + for (int i = 0; i < digest_list->count; i++) { >> > + u16 alg; >> > + u16 hash_alg = digest_list->digests[i].hash_alg; >> > + u8 *digest = (u8 *)&digest_list->digests[i].digest; >> > + >> > + alg = get_unaligned_le16((void *)((uintptr_t)event + pos)); >> > + >> > + if (alg != hash_alg) >> > + return EFI_COMPROMISED_DATA; >> > + >> > + pos += offsetof(struct tpmt_ha, digest); >> > + memcpy(digest, (void *)((uintptr_t)event + pos), alg_to_len(hash_alg)); >> > + pos += alg_to_len(hash_alg); >> > + } >> > + >> > + size = get_unaligned_le32((void *)((uintptr_t)event + pos)); >> > + event_size += size; >> > + pos += sizeof(u32); /* tcg_pcr_event2 event_size*/ >> > + pos += size; >> > + >> > + /* make sure the calculated buffer is what we checked against */ >> > + if (pos != event_size) >> > + return EFI_COMPROMISED_DATA; >> > + >> > + if (pos > log_size) >> > + return EFI_COMPROMISED_DATA; >> > + >> > + *offset += pos; >> > + >> > + return EFI_SUCCESS; >> > +} >> > + >> > +efi_status_t tcg2_get_fw_eventlog(struct udevice *dev, void *log_buffer, >> > + size_t *log_sz) >> > +{ >> > + struct tpml_digest_values digest_list; >> > + efi_status_t ret; >> > + u32 pcr, pos; >> > + u64 base; >> > + u32 sz; >> > + >> > + ret = platform_get_eventlog(dev, &base, &sz); >> > + if (ret == EFI_SUCCESS) { >> > + void *buffer = (void *)base; >> > + >> > + if (sz > TPM2_EVENT_LOG_SIZE) >> > + return EFI_VOLUME_FULL; >> > + >> > + pos = 0; >> > + /* Parse the eventlog to check for its validity */ >> > + ret = parse_event_log_header(buffer, sz, &pos); >> > + if (ret || pos > sz) >> > + return EFI_COMPROMISED_DATA; >> > + >> > + ret = parse_specid_event(dev, buffer, sz, &pos, &digest_list); >> > + if (ret || pos > sz) { >> > + log_err("Error parsing SPEC ID Event\n"); >> > + return EFI_COMPROMISED_DATA; >> > + } >> > + >> > + while (pos < sz) { >> > + ret = tcg2_parse_event(dev, buffer, sz, &pos, >> > + &digest_list, &pcr); >> > + if (ret) { >> > + log_err("Error parsing event\n"); >> > + return ret; >> > + } >> > + } >> > + >> > + memcpy(log_buffer, buffer, sz); >> > + *log_sz = sz; >> > + } >> > + >> > + return ret; >> > +} >> > + >> > /** >> > * create_specid_event() - Create the first event in the eventlog >> > * >> > @@ -1340,6 +1622,12 @@ static efi_status_t efi_init_event_log(void) >> > * last log entry >> > */ >> > memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); >> > + >> > + /* >> > + * The log header is defined to be in SHA1 event log entry format. >> > + * Setup event header >> > + */ >> > + event_header = (struct tcg_pcr_event *)event_log.buffer; >> > event_log.pos = 0; >> > event_log.last_event_size = 0; >> > event_log.get_event_called = false; >> > @@ -1347,22 +1635,28 @@ static efi_status_t efi_init_event_log(void) >> > event_log.truncated = false; >> > >> > /* >> > - * The log header is defined to be in SHA1 event log entry format. >> > - * Setup event header >> > + * Check if earlier firmware have passed any eventlog. Different >> > + * platforms can use different ways to do so >> > */ >> > - event_header = (struct tcg_pcr_event *)event_log.buffer; >> > - put_unaligned_le32(0, &event_header->pcr_index); >> > - put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); >> > - memset(&event_header->digest, 0, sizeof(event_header->digest)); >> > - ret = create_specid_event(dev, (void *)((uintptr_t)event_log.buffer + sizeof(*event_header)), >> > - &spec_event_size); >> > - if (ret != EFI_SUCCESS) >> > - goto free_pool; >> > - put_unaligned_le32(spec_event_size, &event_header->event_size); >> > - event_log.pos = spec_event_size + sizeof(*event_header); >> > - event_log.last_event_size = event_log.pos; >> > + ret = tcg2_get_fw_eventlog(dev, event_log.buffer, &event_log.pos); >> > + if (ret == EFI_NOT_FOUND) { >> > + put_unaligned_le32(0, &event_header->pcr_index); >> > + put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); >> > + memset(&event_header->digest, 0, sizeof(event_header->digest)); >> > + ret = create_specid_event(dev, >> > + (void *)((uintptr_t)event_log.buffer + >> > + sizeof(*event_header)), >> > + &spec_event_size); >> > + if (ret != EFI_SUCCESS) >> > + goto free_pool; >> > + put_unaligned_le32(spec_event_size, &event_header->event_size); >> > + event_log.pos = spec_event_size + sizeof(*event_header); >> > + event_log.last_event_size = event_log.pos; >> > + } >> > + >> > + if (ret == EFI_SUCCESS) >> > + ret = create_final_event(); >> > >> > - ret = create_final_event(); >> > if (ret != EFI_SUCCESS) >> > goto free_pool; >> > >> > -- >> > 2.25.1 >> >
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 8c1f22e337..c3ebdf92f5 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -324,6 +324,45 @@ __weak efi_status_t platform_get_tpm2_device(struct udevice **dev) return EFI_NOT_FOUND; } +/** + * platform_get_eventlog() - retrieve the eventlog address and size + * + * This function retrieves the eventlog address and size if the underlying + * firmware has done some measurements and passed them. + * + * This function may be overridden based on platform specific method of + * passing the eventlog address and size. + * + * @dev: udevice + * @addr: eventlog address + * @sz: eventlog size + * Return: status code + */ +__weak efi_status_t platform_get_eventlog(struct udevice *dev, u64 *addr, + u32 *sz) +{ + const u64 *basep; + const u32 *sizep; + + basep = dev_read_prop(dev, "tpm_event_log_addr", NULL); + if (!basep) + return EFI_NOT_FOUND; + + *addr = be64_to_cpup((__force __be64 *)basep); + + sizep = dev_read_prop(dev, "tpm_event_log_size", NULL); + if (!sizep) + return EFI_NOT_FOUND; + + *sz = be32_to_cpup((__force __be32 *)sizep); + if (*sz == 0) { + log_debug("event log empty\n"); + return EFI_NOT_FOUND; + } + + return EFI_SUCCESS; +} + /** * tpm2_get_max_command_size() - get the supported max command size * @@ -1181,6 +1220,249 @@ static const struct efi_tcg2_protocol efi_tcg2_protocol = { .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks, }; +/** + * parse_event_log_header() - Parse and verify the event log header fields + * + * @buffer: Pointer to the event header + * @size: Size of the eventlog + * @pos: Position in buffer after event log header + * + * Return: status code + */ +efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos) +{ + struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer; + int i = 0; + + if (size < sizeof(*event_header)) + return EFI_COMPROMISED_DATA; + + if (get_unaligned_le32(&event_header->pcr_index) != 0 || + get_unaligned_le32(&event_header->event_type) != EV_NO_ACTION) + return EFI_COMPROMISED_DATA; + + for (i = 0; i < sizeof(event_header->digest); i++) { + if (event_header->digest[i] != 0) + return EFI_COMPROMISED_DATA; + } + + *pos += sizeof(*event_header); + + return EFI_SUCCESS; +} + +/** + * parse_specid_event() - Parse and verify the specID Event in the eventlog + * + * @dev: udevice + * @buffer: Pointer to the start of the eventlog + * @log_size: Size of the eventlog + * @pos: Offset in the evenlog where specID event starts + * + * Return: status code + * @pos Offset in the eventlog where the specID event ends + * @digest_list: list of digests in the event + */ +efi_status_t parse_specid_event(struct udevice *dev, void *buffer, u32 log_size, + u32 *pos, + struct tpml_digest_values *digest_list) +{ + struct tcg_efi_spec_id_event *spec_event; + struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer; + size_t spec_event_size; + u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0; + u32 spec_active = 0; + u16 hash_alg, hash_sz; + u8 vendor_sz; + int err, i; + + /* Check specID event data */ + spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer + *pos); + /* Check for signature */ + if (memcmp(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03, + sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) { + log_err("specID Event: Signature mismatch\n"); + return EFI_COMPROMISED_DATA; + } + + if (spec_event->spec_version_minor != + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 || + spec_event->spec_version_major != + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2) + return EFI_COMPROMISED_DATA; + + if (spec_event->number_of_algorithms > MAX_HASH_COUNT || + spec_event->number_of_algorithms < 1) { + log_err("specID Event: Number of algorithms incorrect\n"); + return EFI_COMPROMISED_DATA; + } + + alg_count = spec_event->number_of_algorithms; + + err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count); + if (err) + return EFI_DEVICE_ERROR; + + digest_list->count = 0; + /* + * We may need to worry about the order of algs in this structure as + * subsequent entries in event should be in same order + */ + for (i = 0; i < alg_count; i++) { + hash_alg = + get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id); + hash_sz = + get_unaligned_le16(&spec_event->digest_sizes[i].digest_size); + + if (!(supported & alg_to_mask(hash_alg))) { + log_err("specID Event: Unsupported algorithm\n"); + return EFI_COMPROMISED_DATA; + } + digest_list->digests[digest_list->count++].hash_alg = hash_alg; + + spec_active |= alg_to_mask(hash_alg); + } + + /* TCG spec expects the event log to have hashes for all active PCR's */ + if (spec_active != active) { + /* + * Previous stage bootloader should know all the active PCR's + * and use them in the Eventlog. + */ + log_err("specID Event: All active hash alg not present\n"); + return EFI_COMPROMISED_DATA; + } + + /* + * the size of the spec event and placement of vendor_info_size + * depends on supported algoriths + */ + spec_event_size = + offsetof(struct tcg_efi_spec_id_event, digest_sizes) + + alg_count * sizeof(spec_event->digest_sizes[0]); + + vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos + spec_event_size); + + spec_event_size += sizeof(vendor_sz) + vendor_sz; + *pos += spec_event_size; + + if (get_unaligned_le32(&event_header->event_size) != spec_event_size) { + log_err("specID event: header event size mismatch\n"); + /* Right way to handle this can be to call SetActive PCR's */ + return EFI_COMPROMISED_DATA; + } + + return EFI_SUCCESS; +} + +efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer, u32 log_size, + u32 *offset, struct tpml_digest_values *digest_list, + u32 *pcr) +{ + struct tcg_pcr_event2 *event = NULL; + u32 event_type, count, size, event_size; + size_t pos; + + if (*offset > log_size) + return EFI_COMPROMISED_DATA; + + event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset); + + *pcr = get_unaligned_le32(&event->pcr_index); + + event_size = tcg_event_final_size(digest_list); + + if (*offset + event_size > log_size) { + log_err("Event exceeds log size\n"); + return EFI_COMPROMISED_DATA; + } + + event_type = get_unaligned_le32(&event->event_type); + + /* get the count */ + count = get_unaligned_le32(&event->digests.count); + if (count != digest_list->count) + return EFI_COMPROMISED_DATA; + + pos = offsetof(struct tcg_pcr_event2, digests); + pos += offsetof(struct tpml_digest_values, digests); + + for (int i = 0; i < digest_list->count; i++) { + u16 alg; + u16 hash_alg = digest_list->digests[i].hash_alg; + u8 *digest = (u8 *)&digest_list->digests[i].digest; + + alg = get_unaligned_le16((void *)((uintptr_t)event + pos)); + + if (alg != hash_alg) + return EFI_COMPROMISED_DATA; + + pos += offsetof(struct tpmt_ha, digest); + memcpy(digest, (void *)((uintptr_t)event + pos), alg_to_len(hash_alg)); + pos += alg_to_len(hash_alg); + } + + size = get_unaligned_le32((void *)((uintptr_t)event + pos)); + event_size += size; + pos += sizeof(u32); /* tcg_pcr_event2 event_size*/ + pos += size; + + /* make sure the calculated buffer is what we checked against */ + if (pos != event_size) + return EFI_COMPROMISED_DATA; + + if (pos > log_size) + return EFI_COMPROMISED_DATA; + + *offset += pos; + + return EFI_SUCCESS; +} + +efi_status_t tcg2_get_fw_eventlog(struct udevice *dev, void *log_buffer, + size_t *log_sz) +{ + struct tpml_digest_values digest_list; + efi_status_t ret; + u32 pcr, pos; + u64 base; + u32 sz; + + ret = platform_get_eventlog(dev, &base, &sz); + if (ret == EFI_SUCCESS) { + void *buffer = (void *)base; + + if (sz > TPM2_EVENT_LOG_SIZE) + return EFI_VOLUME_FULL; + + pos = 0; + /* Parse the eventlog to check for its validity */ + ret = parse_event_log_header(buffer, sz, &pos); + if (ret || pos > sz) + return EFI_COMPROMISED_DATA; + + ret = parse_specid_event(dev, buffer, sz, &pos, &digest_list); + if (ret || pos > sz) { + log_err("Error parsing SPEC ID Event\n"); + return EFI_COMPROMISED_DATA; + } + + while (pos < sz) { + ret = tcg2_parse_event(dev, buffer, sz, &pos, + &digest_list, &pcr); + if (ret) { + log_err("Error parsing event\n"); + return ret; + } + } + + memcpy(log_buffer, buffer, sz); + *log_sz = sz; + } + + return ret; +} + /** * create_specid_event() - Create the first event in the eventlog * @@ -1340,6 +1622,12 @@ static efi_status_t efi_init_event_log(void) * last log entry */ memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); + + /* + * The log header is defined to be in SHA1 event log entry format. + * Setup event header + */ + event_header = (struct tcg_pcr_event *)event_log.buffer; event_log.pos = 0; event_log.last_event_size = 0; event_log.get_event_called = false; @@ -1347,22 +1635,28 @@ static efi_status_t efi_init_event_log(void) event_log.truncated = false; /* - * The log header is defined to be in SHA1 event log entry format. - * Setup event header + * Check if earlier firmware have passed any eventlog. Different + * platforms can use different ways to do so */ - event_header = (struct tcg_pcr_event *)event_log.buffer; - put_unaligned_le32(0, &event_header->pcr_index); - put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); - memset(&event_header->digest, 0, sizeof(event_header->digest)); - ret = create_specid_event(dev, (void *)((uintptr_t)event_log.buffer + sizeof(*event_header)), - &spec_event_size); - if (ret != EFI_SUCCESS) - goto free_pool; - put_unaligned_le32(spec_event_size, &event_header->event_size); - event_log.pos = spec_event_size + sizeof(*event_header); - event_log.last_event_size = event_log.pos; + ret = tcg2_get_fw_eventlog(dev, event_log.buffer, &event_log.pos); + if (ret == EFI_NOT_FOUND) { + put_unaligned_le32(0, &event_header->pcr_index); + put_unaligned_le32(EV_NO_ACTION, &event_header->event_type); + memset(&event_header->digest, 0, sizeof(event_header->digest)); + ret = create_specid_event(dev, + (void *)((uintptr_t)event_log.buffer + + sizeof(*event_header)), + &spec_event_size); + if (ret != EFI_SUCCESS) + goto free_pool; + put_unaligned_le32(spec_event_size, &event_header->event_size); + event_log.pos = spec_event_size + sizeof(*event_header); + event_log.last_event_size = event_log.pos; + } + + if (ret == EFI_SUCCESS) + ret = create_final_event(); - ret = create_final_event(); if (ret != EFI_SUCCESS) goto free_pool;
Platforms may have support to measure their initial firmware components and pass the event log to u-boot. The event log address can be passed in property tpm_event_log_addr and tpm_event_log_size of the tpm node. Platforms may choose their own specific mechanism to do so. A weak function is added to check if even log has been passed to u-boot from earlier firmware components. If available, the eventlog is parsed to check for its correctness and further event logs are appended to the passed log. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> --- v2: Moved firmware eventlog code parsing to tcg2_get_fw_eventlog() lib/efi_loader/efi_tcg2.c | 322 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 308 insertions(+), 14 deletions(-)