diff mbox series

[3/3] efi_loader: correctly handle tcg2_measure_pe_image() error

Message ID 20211203035815.27433-4-masahisa.kojima@linaro.org
State New
Headers show
Series fix TCG2 error handling | expand

Commit Message

Masahisa Kojima Dec. 3, 2021, 3:58 a.m. UTC
When the TCG2 protocol is installed in efi_tcg2_register(),
TPM2 device must be present.
tcg2_measure_pe_image() expects that TCP2 protocol is installed
and TPM device is available. If TCG2 Protocol is installed but
TPM device is not found, tcg2_measure_pe_image() returns
EFI_SECURITY_VIOLATION efi_load_image() ends with failure.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---
 lib/efi_loader/efi_image_loader.c | 11 +++++++++--
 lib/efi_loader/efi_tcg2.c         |  2 +-
 2 files changed, 10 insertions(+), 3 deletions(-)

Comments

Ilias Apalodimas Dec. 6, 2021, 2:11 p.m. UTC | #1
Heinrich does this approach work for you till we fix the DM-EFI
integration?

At least it tries to cover some cases were the efi protocol is installed
(which means the tpm was there in the beginning), but later on is removed

On Fri, Dec 03, 2021 at 12:58:15PM +0900, Masahisa Kojima wrote:
> When the TCG2 protocol is installed in efi_tcg2_register(),
> TPM2 device must be present.
> tcg2_measure_pe_image() expects that TCP2 protocol is installed
> and TPM device is available. If TCG2 Protocol is installed but
> TPM device is not found, tcg2_measure_pe_image() returns
> EFI_SECURITY_VIOLATION efi_load_image() ends with failure.
> 
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
>  lib/efi_loader/efi_image_loader.c | 11 +++++++++--
>  lib/efi_loader/efi_tcg2.c         |  2 +-
>  2 files changed, 10 insertions(+), 3 deletions(-)
> 
> diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
> index eb95580538..426f096574 100644
> --- a/lib/efi_loader/efi_image_loader.c
> +++ b/lib/efi_loader/efi_image_loader.c
> @@ -934,9 +934,16 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle,
>  
>  #if CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL)
>  	/* Measure an PE/COFF image */
> -	if (tcg2_measure_pe_image(efi, efi_size, handle,
> -				  loaded_image_info))
> +	ret = tcg2_measure_pe_image(efi, efi_size, handle, loaded_image_info);
> +	if (ret == EFI_SECURITY_VIOLATION) {
> +		/*
> +		 * TCG2 Protocol is installed but no TPM device found,
> +		 * this is not expected.
> +		 */
>  		log_err("PE image measurement failed\n");
> +		goto err;
> +	}
> +
>  #endif
>  
>  	/* Copy PE headers */
> diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
> index 2b7b7cbbae..c19f73dc10 100644
> --- a/lib/efi_loader/efi_tcg2.c
> +++ b/lib/efi_loader/efi_tcg2.c
> @@ -977,7 +977,7 @@ efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size,
>  
>  	ret = platform_get_tpm2_device(&dev);
>  	if (ret != EFI_SUCCESS)
> -		return ret;
> +		return EFI_SECURITY_VIOLATION;
>  
>  	switch (handle->image_type) {
>  	case IMAGE_SUBSYSTEM_EFI_APPLICATION:
> -- 
> 2.17.1
> 

Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
diff mbox series

Patch

diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index eb95580538..426f096574 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -934,9 +934,16 @@  efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle,
 
 #if CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL)
 	/* Measure an PE/COFF image */
-	if (tcg2_measure_pe_image(efi, efi_size, handle,
-				  loaded_image_info))
+	ret = tcg2_measure_pe_image(efi, efi_size, handle, loaded_image_info);
+	if (ret == EFI_SECURITY_VIOLATION) {
+		/*
+		 * TCG2 Protocol is installed but no TPM device found,
+		 * this is not expected.
+		 */
 		log_err("PE image measurement failed\n");
+		goto err;
+	}
+
 #endif
 
 	/* Copy PE headers */
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index 2b7b7cbbae..c19f73dc10 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -977,7 +977,7 @@  efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size,
 
 	ret = platform_get_tpm2_device(&dev);
 	if (ret != EFI_SUCCESS)
-		return ret;
+		return EFI_SECURITY_VIOLATION;
 
 	switch (handle->image_type) {
 	case IMAGE_SUBSYSTEM_EFI_APPLICATION: