Message ID | 20211207051533.5597-4-masahisa.kojima@linaro.org |
---|---|
State | Accepted |
Commit | f9b51dcf294de9b5a0e3d121027121e320810f19 |
Headers | show |
Series | fix TCG2 error handling | expand |
Heinrich does this approach work for you till we fix the DM-EFI integration? At least it tries to cover some cases were the efi protocol is installed (which means the tpm was there in the beginning), but later on is removed On Tue, 7 Dec 2021 at 07:11, Masahisa Kojima <masahisa.kojima@linaro.org> wrote: > > When the TCG2 protocol is installed in efi_tcg2_register(), > TPM2 device must be present. > tcg2_measure_pe_image() expects that TCP2 protocol is installed > and TPM device is available. If TCG2 Protocol is installed but > TPM device is not found, tcg2_measure_pe_image() returns > EFI_SECURITY_VIOLATION and efi_load_image() ends with failure. > > The same error handling is applied to > efi_tcg2_measure_efi_app_invocation(). > > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> > --- > > Changes in v2: > - EFI_SECURITY_VIOLATION is returned in > efi_tcg2_measure_efi_app_invocation() > > lib/efi_loader/efi_boottime.c | 9 ++++++--- > lib/efi_loader/efi_image_loader.c | 13 ++++++++++--- > lib/efi_loader/efi_tcg2.c | 4 ++-- > 3 files changed, 18 insertions(+), 8 deletions(-) > > diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c > index 8492b732f3..20b69699fe 100644 > --- a/lib/efi_loader/efi_boottime.c > +++ b/lib/efi_loader/efi_boottime.c > @@ -3016,9 +3016,12 @@ efi_status_t EFIAPI efi_start_image(efi_handle_t image_handle, > if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) { > if (image_obj->image_type == IMAGE_SUBSYSTEM_EFI_APPLICATION) { > ret = efi_tcg2_measure_efi_app_invocation(image_obj); > - if (ret != EFI_SUCCESS) { > - log_warning("tcg2 measurement fails(0x%lx)\n", > - ret); > + if (ret == EFI_SECURITY_VIOLATION) { > + /* > + * TCG2 Protocol is installed but no TPM device found, > + * this is not expected. > + */ > + return EFI_EXIT(EFI_SECURITY_VIOLATION); > } > } > } > diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c > index eb95580538..773bd0677c 100644 > --- a/lib/efi_loader/efi_image_loader.c > +++ b/lib/efi_loader/efi_image_loader.c > @@ -934,9 +934,16 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle, > > #if CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL) > /* Measure an PE/COFF image */ > - if (tcg2_measure_pe_image(efi, efi_size, handle, > - loaded_image_info)) > - log_err("PE image measurement failed\n"); > + ret = tcg2_measure_pe_image(efi, efi_size, handle, loaded_image_info); > + if (ret == EFI_SECURITY_VIOLATION) { > + /* > + * TCG2 Protocol is installed but no TPM device found, > + * this is not expected. > + */ > + log_err("PE image measurement failed, no tpm device found\n"); > + goto err; > + } > + > #endif > > /* Copy PE headers */ > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c > index 59bce85028..0ae07ef083 100644 > --- a/lib/efi_loader/efi_tcg2.c > +++ b/lib/efi_loader/efi_tcg2.c > @@ -977,7 +977,7 @@ efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size, > > ret = platform_get_tpm2_device(&dev); > if (ret != EFI_SUCCESS) > - return ret; > + return EFI_SECURITY_VIOLATION; > > switch (handle->image_type) { > case IMAGE_SUBSYSTEM_EFI_APPLICATION: > @@ -2200,7 +2200,7 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *ha > > ret = platform_get_tpm2_device(&dev); > if (ret != EFI_SUCCESS) > - return ret; > + return EFI_SECURITY_VIOLATION; > > ret = tcg2_measure_boot_variable(dev); > if (ret != EFI_SUCCESS) > -- > 2.17.1 > Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index 8492b732f3..20b69699fe 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -3016,9 +3016,12 @@ efi_status_t EFIAPI efi_start_image(efi_handle_t image_handle, if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) { if (image_obj->image_type == IMAGE_SUBSYSTEM_EFI_APPLICATION) { ret = efi_tcg2_measure_efi_app_invocation(image_obj); - if (ret != EFI_SUCCESS) { - log_warning("tcg2 measurement fails(0x%lx)\n", - ret); + if (ret == EFI_SECURITY_VIOLATION) { + /* + * TCG2 Protocol is installed but no TPM device found, + * this is not expected. + */ + return EFI_EXIT(EFI_SECURITY_VIOLATION); } } } diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index eb95580538..773bd0677c 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -934,9 +934,16 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle, #if CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL) /* Measure an PE/COFF image */ - if (tcg2_measure_pe_image(efi, efi_size, handle, - loaded_image_info)) - log_err("PE image measurement failed\n"); + ret = tcg2_measure_pe_image(efi, efi_size, handle, loaded_image_info); + if (ret == EFI_SECURITY_VIOLATION) { + /* + * TCG2 Protocol is installed but no TPM device found, + * this is not expected. + */ + log_err("PE image measurement failed, no tpm device found\n"); + goto err; + } + #endif /* Copy PE headers */ diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 59bce85028..0ae07ef083 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -977,7 +977,7 @@ efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size, ret = platform_get_tpm2_device(&dev); if (ret != EFI_SUCCESS) - return ret; + return EFI_SECURITY_VIOLATION; switch (handle->image_type) { case IMAGE_SUBSYSTEM_EFI_APPLICATION: @@ -2200,7 +2200,7 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *ha ret = platform_get_tpm2_device(&dev); if (ret != EFI_SUCCESS) - return ret; + return EFI_SECURITY_VIOLATION; ret = tcg2_measure_boot_variable(dev); if (ret != EFI_SUCCESS)
When the TCG2 protocol is installed in efi_tcg2_register(), TPM2 device must be present. tcg2_measure_pe_image() expects that TCP2 protocol is installed and TPM device is available. If TCG2 Protocol is installed but TPM device is not found, tcg2_measure_pe_image() returns EFI_SECURITY_VIOLATION and efi_load_image() ends with failure. The same error handling is applied to efi_tcg2_measure_efi_app_invocation(). Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> --- Changes in v2: - EFI_SECURITY_VIOLATION is returned in efi_tcg2_measure_efi_app_invocation() lib/efi_loader/efi_boottime.c | 9 ++++++--- lib/efi_loader/efi_image_loader.c | 13 ++++++++++--- lib/efi_loader/efi_tcg2.c | 4 ++-- 3 files changed, 18 insertions(+), 8 deletions(-)