From patchwork Fri Nov 27 16:29:28 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ilias Apalodimas <ilias.apalodimas@linaro.org>
X-Patchwork-Id: 333622
Delivered-To: patch@linaro.org
Received: by 2002:a17:906:4755:0:0:0:0 with SMTP id j21csp1193753ejs;
 Fri, 27 Nov 2020 08:29:53 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzSTwFRdzcS6B07hACgXGJlLgATd9Pe4AdwAEeGeRoux9U8XHc0GwpfdOv7Gr6nz2FdBG87
X-Received: by 2002:a05:6402:1243:: with SMTP id
 l3mr8565148edw.151.1606494593757; 
 Fri, 27 Nov 2020 08:29:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606494593; cv=none;
 d=google.com; s=arc-20160816;
 b=Hluc3jfQdnuRt0MBcPYaL/AUQpaSo0ydsTE+BEzetZeTsZMOe9IWftROdrYIeUYj6I
 6co8NGH+d2nxcnknYBlVUFaZ8mO5fv4izy0TcPErpmL4T/fK9EG6it4KxkxgJgTKZXGO
 dZHzJFA5gN2dGNRDpQStVHLjWY8z2Z9EoOBAxJ0w5coadu+leH8zEn7rt7Mev4nQd1pZ
 6EuKLawRTKJeZ5fmSPE8XkcsNf/UWvOCM+Hs1bvn18LhftTPaAR2P80lEOWcFvK/AqwL
 4WP7Z7FPI4vyfUwbAoto3pUObReY25V57sZqnMOf+hLqunMYpi2Si522YWCejD4FZBdi
 Im7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:message-id:date:subject:cc:to:from:dkim-signature;
 bh=Y+/9Va7nXZyXeGUadfXbQWnhJskRG163kJgYDwOyZk0=;
 b=fbCrvjT2rpQT0CK6bYV0ZKgJJzHAWhIIGIBXkYqvOh8B0pa+VsHGRP7Vgya71vrUt6
 d0wGsAFrGCsKZsUPuCEXqvgS1dCF4sYnmDo7UHS+npGqZ8o0hZfO5yJJZtSONDKUB/tZ
 S8MIeMfQCArD1VBWbJU5cKpBGG37E36VbDERu3u6m1V6vVuSmwrj+sX7cGXUpUjLgmAx
 O0gtkcT+XHRTRPE1FMa2r4sxFLXZB9gAxYqgMIThwFRUHJMwPiRFvFZpUFYV6asMveb5
 ABqmWflsJVxGWemCglj+OgAJwnKbq2wXEikNPKxv9ilBJWFkGH4IhMGld2UYFjTuHE5T
 bq8Q==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=M9Jgj2Sh;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender)
 smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61])
 by mx.google.com with ESMTPS id
 n16si5522184ejb.509.2020.11.27.08.29.53
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 27 Nov 2020 08:29:53 -0800 (PST)
Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender)
 client-ip=85.214.62.61; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=M9Jgj2Sh;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender)
 smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
 by phobos.denx.de (Postfix) with ESMTP id 4EC1E82762;
 Fri, 27 Nov 2020 17:29:52 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key;
 unprotected) header.d=linaro.org header.i=@linaro.org
 header.b="M9Jgj2Sh"; dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id CABD582761; Fri, 27 Nov 2020 17:29:49 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE
 autolearn=ham autolearn_force=no version=3.4.2
Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com
 [IPv6:2a00:1450:4864:20::431])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 04D7F82751
 for <u-boot@lists.denx.de>; Fri, 27 Nov 2020 17:29:46 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org
Received: by mail-wr1-x431.google.com with SMTP id e7so6170392wrv.6
 for <u-boot@lists.denx.de>; Fri, 27 Nov 2020 08:29:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=Y+/9Va7nXZyXeGUadfXbQWnhJskRG163kJgYDwOyZk0=;
 b=M9Jgj2Shxmx/tLw9j8MPChi04IRqfswqEsKI1GkRymJTCZQO/TsUFDTCozh4maHzhc
 3eqlghEu04LSWVnJb/TZ5iPb4KOtJdljUsOj5FsJalRf/tIMOUMvsaAOBL77xtWV1mW6
 XZlsBcu5EJ3UzfPAC7gEXtlZ5hT780Lu25DYGk6pYHymoYwjcGudW5BNYhGzD1UQBw5B
 J0xrnrnWhZ7en4gOBWlYkIip7epuUGVGpT3o0QBL48bLMJF6epqBOeK/W8LAnpBn7upE
 FRqi+5wGbuIlUaYwwBSUoZ+dK61yfnbGw1TiZ6WVYPPam5/gd4chMEhvSHMtaP7vSgnj
 BE9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=Y+/9Va7nXZyXeGUadfXbQWnhJskRG163kJgYDwOyZk0=;
 b=m7+eCbtgqqeOl9EGVr8/mw3TAwAgJjL3j2T/RAYq6JjlT1ET13PpAx3yo3etQSSJK/
 HfLK7PEt8epANeGCS18VX7kELqVbO2lPWJLHjtqc6Z6mddLjSFAfme4N25BgFsukPibw
 uLEnOhtl/yOMUZ1ppztP4mOdTxW/ZAx6H+pfXw25OPVyAntJJK/9R8BFvsfm/wGocZmK
 urkxAMX41xf4wT9pANEI+JK+q0+V9MQeygP8uuHn9KE1caoJCgjJ7nk0bZQLPs9la81P
 OAs0D23PfVME9ic2IkJbEowMiJvpDV2UCCDtOtI3R6FZgKPRYD5FFlp5sOfSJJ6skyGT
 UKvQ==
X-Gm-Message-State: AOAM532pYDjtFpzZA+CVQmzfHBUu5r+zoazlj13tbuTr++5KtPzyfjN5
 cMYl6b8c8BJOpDbB7krv1QjVYZOYSzVifQ==
X-Received: by 2002:adf:f783:: with SMTP id q3mr11497043wrp.88.1606494585613; 
 Fri, 27 Nov 2020 08:29:45 -0800 (PST)
Received: from apalos.home ([2a02:587:4641:1e88:2e56:dcff:fe9a:8f06])
 by smtp.gmail.com with ESMTPSA id
 q12sm14811315wrx.86.2020.11.27.08.29.44
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 27 Nov 2020 08:29:45 -0800 (PST)
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: xypron.glpk@gmx.de
Cc: ard.biesheuvel@arm.com, trini@konsulko.com,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Alexander Graf <agraf@csgraf.de>, Simon Glass <sjg@chromium.org>,
 Bin Meng <bmeng.cn@gmail.com>,
 Dhananjay Phadke <dphadke@linux.microsoft.com>, u-boot@lists.denx.de
Subject: [PATCH 0/3] extend EFI_TCG2_PROTOCOL support
Date: Fri, 27 Nov 2020 18:29:28 +0200
Message-Id: <20201127162932.1965323-1-ilias.apalodimas@linaro.org>
X-Mailer: git-send-email 2.29.2
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de
X-Virus-Status: Clean

A previous patch introduced the basic functionality of the protocol, only
adding support for GetCapability().
In order for the protocol to be useful an eventlog is required.
EFI applications can use the service to extend the TPM PCRs and log the 
events on an eventlog, that can be passed into linux for further validation.

This patch adds support for creating the eventlog upon the protocol 
registration and registers GetEventLog() and HashLogExtendEvent() as well.

It's currently not adding support for measuring PE/COFF images.
It also doesn't add any specific U-Boot events that would extend the PCRs
and log events as described in PC Client Platform Firmware Profile spec [1].
This can be extended in the future.

An easy way to test this is run Grub2 on top of U-Boot and use it's 
tpm module.  Once inserted Grub2 extends PCRs for all the commands 
and logs the events.
Since events that need logging after GetEventLog() has been called, must be
logged in a different location [2] has been used to test that.

This is how the eventlog looks like when booting a kernel, using grub2 and 
with [2] applied, which measures the initrd.
Hex to string on Grub2 events (marked as EV_IPL), will reveal the commands
used.

# Grub2 commands:
insmod tpm
insmod part_msdos
linux (hd0,msdos1)/boot/Image root=/dev/mmcblk1p2
boot

- Event[0]:
  pcrIndex: 0
  eventType: EV_NO_ACTION
  digest: 0000000000000000000000000000000000000000
  eventDataSize: 45
  SpecID:
    - Signature: Spec ID Event03
      platformClass: 0
      specVersionMinor: 0
      specVersionMajor: 2
      specErrata: 0
      uintnSize: 2
      numberOfAlgorithms: 4
      Algorithms:
        - Algorithm[0]:
          algorithmId: sha1
          digestSize: 20
        - Algorithm[1]:
          algorithmId: sha256
          digestSize: 32
        - Algorithm[2]:
          algorithmId: sha384
          digestSize: 48
        - Algorithm[3]:
          algorithmId: sha512
          digestSize: 64
      vendorInfoSize: 0
- Event[1]:
  PCRIndex: 8
  EventType: EV_IPL
  DigestCount: 4
  Digests:
    - AlgorithmId: sha1
      Digest: 610a881e824bb6fd57bea1c994805116171e3c9f
    - AlgorithmId: sha256
      Digest: 9e7b6286ce2d38c3a8d09d770ecc476868a0b38d39344e84458a52dbcf7ba6a6
    - AlgorithmId: sha384
      Digest: bba389f3cef6d483731aea81d96c55ca31e5d11df80c1e047b72b627a77a33bf636508f1479a3f11a18031a08a889a9f
    - AlgorithmId: sha512
      Digest: 34aa479c642e24905d86e5b00f84fd9d723b1cbb892dcdee1d9fdd016a374ff8d0da6b23a1699d6d3211bd59ae1202292aa0a947a198a9461b6b595bb300a3ce
  EventSize: 28
  Event: 677275625f636d643a20696e736d6f6420706172745f6d73646f7300
- Event[1]:
  PCRIndex: 8
  EventType: EV_IPL
  DigestCount: 4
  Digests:
    - AlgorithmId: sha1
      Digest: 2e8826950606c091843586479bd88b1fa7e287b0
    - AlgorithmId: sha256
      Digest: f13c2e564af1a92a14473a38f973b858974ab33c1bd525cd3a75e7ec4f48f718
    - AlgorithmId: sha384
      Digest: e1bf3f7b2c908fb5e16acf26991fa756ed307fb05315313e1055e0d3766027321db4f44dd6f97f9209cfbf9d5554ee2c
    - AlgorithmId: sha512
      Digest: 8bb77e6d3bc5c2766dde438f5aa70e2e733cf6cda30ab2274ab0ba4d4a75b764eef8d8fb728e0dc17ba121b3ff9d1885162d66b1376d649d74b1d3631a4d9ead
  EventSize: 60
  Event: 677275625f636d643a206c696e757820286864302c6d73646f7331292f626f6f742f496d61676520726f6f743d2f6465762f6d6d63626c6b31703200
- Event[1]:
  PCRIndex: 9
  EventType: EV_IPL
  DigestCount: 4
  Digests:
    - AlgorithmId: sha1
      Digest: 26e90b0fbd376b6c1a351da20814ebbd9d3ee8e7
    - AlgorithmId: sha256
      Digest: dc6cb872d9d2ecadfadb27e13c2b6b3bd1ba47ad992028aea6ca0440f82f5a2e
    - AlgorithmId: sha384
      Digest: f501cd5cbe7c775e3d39fed75979777a15bcc52f6d91dda3efda8071391104267af4bbeb04696b43f98fd7c47a71c246
    - AlgorithmId: sha512
      Digest: 30993c55f94163ed538b6d9495e390e1902cc0d376e0e3300101d1a2ae462dd99ae5e52ef3735142d29904ae6efe0d252580637d7ee0ae0d91424ba42aa3f5fc
  EventSize: 24
  Event: 286864302c6d73646f7331292f626f6f742f496d61676500
- Event[1]:
  PCRIndex: 8
  EventType: EV_IPL
  DigestCount: 4
  Digests:
    - AlgorithmId: sha1
      Digest: 1056664c244c8e8ac9f635c78109d2f57239d8d0
    - AlgorithmId: sha256
      Digest: 3aebbdb035d70ea02463b766683e40349485103fafc477885872ad0c8cc81dab
    - AlgorithmId: sha384
      Digest: 78da59e54c901c01df67d237e549d81c3c3af2cf33d1243ca7c2980610ffd2bcaa829a378a6fa33d11d66a8c4153a51a
    - AlgorithmId: sha512
      Digest: 6df0f14e1c4deefb0a7a2e3c6c0ce6d33df75e4c4707bd56de556ee3d4f4b60862c021ad5e3d1be54dc2b714cc45bbccdeb7fd95329a87f5265251a71e793d58
  EventSize: 60
  Event: 6b65726e656c5f636d646c696e653a20286864302c6d73646f7331292f626f6f742f496d61676520726f6f743d2f6465762f6d6d63626c6b31703200
- Event[1]:
  PCRIndex: 8
  EventType: EV_IPL
  DigestCount: 4
  Digests:
    - AlgorithmId: sha1
      Digest: 5c73b0c6f476ded38de389f894770f06f4d02b2f
    - AlgorithmId: sha256
      Digest: 4509beb0ab401d71fa4a5cd94a55c9a74f13332776ae4019c5bfc4c2005157ff
    - AlgorithmId: sha384
      Digest: 05ddaca1f7569ce3f10b731a040b646b182508b30ffa2daf834b88fe5ec00774edf3b06ad8bd90dde261a4c8e055fa28
    - AlgorithmId: sha512
      Digest: 2280c97f7da38410772dade5ec9feb005bd6643c8f06260b70619fe8e99da015dc9d2bb302d4762143824bff722541b87f2256d96abdf94d99edb35aa48aa24f
  EventSize: 15
  Event: 677275625f636d643a20626f6f7400
- Event[1]:
  PCRIndex: 0
  EventType: EV_EFI_ACTION
  DigestCount: 4
  Digests:
    - AlgorithmId: sha1
      Digest: 0c26b18b54c23976e3aa531463e0e8c69463a6b3
    - AlgorithmId: sha256
      Digest: 8eaa153c7724aac177a845a3a718d66bd61103da8b06c7d3fd453ef2e47ab272
    - AlgorithmId: sha384
      Digest: 5a56517994f45015105f4dc8f71b2b37cc6a9797a45c55b5edecd9b9dc9ab00966049d5c7ba7eae71347ad16c07cd92a
    - AlgorithmId: sha512
      Digest: 3c04a5ae692635725db702678883e61b7c458976d27d6424ef7a1ffa77715fa9126ae2e4eee8477ead4320c6124300022288a4c9c6d8afd7bc42b3451767b35a
  EventSize: 13
  Event: Linux initrd

[1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf
[2] https://lore.kernel.org/linux-efi/20201102170634.20575-1-ardb@kernel.org/

Ilias Apalodimas (3):
  tpm: Add tpm2 headers for TCG2 eventlog support
  efi_loader: Introduce eventlog support for TCG2_PROTOCOL
  cmd: efidebug: Add support for TCG2 final events table

 cmd/efidebug.c             |   4 +
 include/efi_api.h          |   4 +
 include/efi_tcg2.h         |  48 +++-
 include/tpm-v2.h           |  59 ++++
 lib/efi_loader/efi_setup.c |  12 +-
 lib/efi_loader/efi_tcg2.c  | 554 +++++++++++++++++++++++++++++++++++--
 6 files changed, 657 insertions(+), 24 deletions(-)

-- 
2.29.2