@@ -334,6 +334,28 @@ void efi_apply_loadoptions_quirk(const void **load_options, int *load_options_si
*load_options_size = load_option_unpacked.optional_data_size;
}
+static
+void efi_measure_tagged_event(unsigned long load_addr, unsigned long load_size,
+ const struct efi_measured_event *event)
+{
+ efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID;
+ efi_tcg2_protocol_t *tcg2 = NULL;
+ efi_status_t status;
+
+ efi_bs_call(locate_protocol, &tcg2_guid, NULL, (void **)&tcg2);
+ if (tcg2) {
+ status = efi_call_proto(tcg2, hash_log_extend_event,
+ 0, load_addr, load_size,
+ &event->event_data);
+ if (status != EFI_SUCCESS)
+ efi_warn("Failed to measure data: 0x%lx\n",
+ status);
+ else
+ efi_info("Measured %s into PCR %d\n", event->tagged_event_data,
+ event->event_data.event_header.pcr_index);
+ }
+}
+
/*
* Convert the unicode UEFI command line to ASCII to pass to kernel.
* Size of memory allocated return in *cmd_line_len.
@@ -625,47 +647,6 @@ efi_status_t efi_load_initrd_cmdline(efi_loaded_image_t *image,
load_addr, load_size);
}
-static const struct {
- efi_tcg2_event_t event_data;
- efi_tcg2_tagged_event_t tagged_event;
- u8 tagged_event_data[];
-} initrd_tcg2_event = {
- {
- sizeof(initrd_tcg2_event) + sizeof("Linux initrd"),
- {
- sizeof(initrd_tcg2_event.event_data.event_header),
- EFI_TCG2_EVENT_HEADER_VERSION,
- 9,
- EV_EVENT_TAG,
- },
- },
- {
- INITRD_EVENT_TAG_ID,
- sizeof("Linux initrd"),
- },
- { "Linux initrd" },
-};
-
-static void efi_measure_initrd(unsigned long load_addr, unsigned long load_size)
-{
- efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID;
- efi_tcg2_protocol_t *tcg2 = NULL;
- efi_status_t status;
-
- efi_bs_call(locate_protocol, &tcg2_guid, NULL, (void **)&tcg2);
- if (tcg2) {
- status = efi_call_proto(tcg2, hash_log_extend_event,
- 0, load_addr, load_size,
- &initrd_tcg2_event.event_data);
- if (status != EFI_SUCCESS)
- efi_warn("Failed to measure initrd data: 0x%lx\n",
- status);
- else
- efi_info("Measured initrd data into PCR %d\n",
- initrd_tcg2_event.event_data.event_header.pcr_index);
- }
-}
-
/**
* efi_load_initrd() - Load initial RAM disk
* @image: EFI loaded image protocol
@@ -683,6 +664,22 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image,
unsigned long hard_limit)
{
efi_status_t status;
+ static const struct efi_measured_event initrd_tcg2_event = {
+ {
+ sizeof(initrd_tcg2_event) + sizeof("Linux initrd"),
+ {
+ sizeof(initrd_tcg2_event.event_data.event_header),
+ EFI_TCG2_EVENT_HEADER_VERSION,
+ 9,
+ EV_EVENT_TAG,
+ },
+ },
+ {
+ INITRD_EVENT_TAG_ID,
+ sizeof("Linux initrd"),
+ },
+ { "Linux initrd" },
+ };
if (efi_noinitrd) {
*load_addr = *load_size = 0;
@@ -692,7 +689,8 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image,
if (status == EFI_SUCCESS) {
efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n");
if (*load_size > 0)
- efi_measure_initrd(*load_addr, *load_size);
+ efi_measure_tagged_event(*load_addr, *load_size,
+ &initrd_tcg2_event);
} else if (status == EFI_NOT_FOUND) {
status = efi_load_initrd_cmdline(image, load_addr, load_size,
soft_limit, hard_limit);
@@ -765,6 +765,12 @@ typedef struct efi_tcg2_event efi_tcg2_event_t;
typedef struct efi_tcg2_tagged_event efi_tcg2_tagged_event_t;
typedef union efi_tcg2_protocol efi_tcg2_protocol_t;
+struct efi_measured_event {
+ efi_tcg2_event_t event_data;
+ efi_tcg2_tagged_event_t tagged_event;
+ u8 tagged_event_data[];
+};
+
union efi_tcg2_protocol {
struct {
void *get_capability;
Currently, from the efi-stub, we are only measuring the loaded initrd. A following patch is introducing measurements of extra components. The current functions are limited in measuring an initrd only, so swap the code around a bit, move the struct into the stub header files and add an extra argument containing the tagged event we are about to measure Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> --- .../firmware/efi/libstub/efi-stub-helper.c | 82 +++++++++---------- drivers/firmware/efi/libstub/efistub.h | 6 ++ 2 files changed, 46 insertions(+), 42 deletions(-)