From patchwork Wed Jul 7 13:36:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 470805 Delivered-To: patch@linaro.org Received: by 2002:a02:c94a:0:0:0:0:0 with SMTP id u10csp6006037jao; Wed, 7 Jul 2021 06:37:08 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzOvURbQtrgq2epwwYoubUUQPLM5EhPBCKKNKUqbNsHkTbwV5GTBRV+VW5lcxA/pbjmtdut X-Received: by 2002:a05:6402:502:: with SMTP id m2mr5436323edv.57.1625665027969; Wed, 07 Jul 2021 06:37:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625665027; cv=none; d=google.com; s=arc-20160816; b=dBRdH8sZyrW+ESGqhGwK5P+bXowQl7U4FDmaKTTvd0HiWN72hpQSY3a/WsOp5C51Ki Pm+VJ/HE6xEKWKw8sjX/6DtQaXZFqTrnI5M4tQdgrLPOHPUwlSdgSCCfIW4iQaFYEuA1 QshGoQ3fkn9BIeNCG0QFRvydCJMwqM7jx+F9VIffRd81PP5pmpkxfWGC+9fom8u40h4W r3xpCRt+7DotxsDIL+DnjsAI2fS2LnEWikLTyEM3xn3fwhI8S6L0ojtVeRUldX00suYO GVazmayhsZ4QyTqJy6L7sj3Qc5HokWX6QRr8aExbvtoaHKlQY6fDEhPRZ3de9UprbOLu AQSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:to:from:dkim-signature; bh=wiRXmSnPylwY+UUf6fF1HMr47StzIlQJm/birG8EPaE=; b=dkPu7bcci3Ltfci13E1V2aUzgzuhvMuSIfDmPSyJ1UqiAoWNsQEzxbZXF64YDivQmE ZSwiSdib7uYyj8PvMPXmcccrApxNeKM6MPyU8QjTXS2faBD3CDnDhB2B1QFYDUriC5To P38VykwvExd8O/0UJTtasL3H6faGkQdzarqjkZA+Du5SpohUN4pjf1FgVBFDODWVfP4l /gm9hv4NtuSWs0ExD6YICmtmEG2zzJh/GsIqUuTUEFe/AZH1hiVqVjm1huyG70lukCLC PFIltY5xDN+BhSr5/88pv2yoZ0XH2NvYquify4TkMJvDH+2xEVcwfta+CAhd8WezhR9+ u5lw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=febKa1JM; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id v9si16162493edr.346.2021.07.07.06.37.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jul 2021 06:37:07 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=febKa1JM; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id DBF3F82E16; Wed, 7 Jul 2021 15:36:50 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="febKa1JM"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4A52B82E2B; Wed, 7 Jul 2021 15:36:45 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3C7E282E05 for ; Wed, 7 Jul 2021 15:36:36 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pf1-x42b.google.com with SMTP id 17so2163967pfz.4 for ; Wed, 07 Jul 2021 06:36:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references; bh=wiRXmSnPylwY+UUf6fF1HMr47StzIlQJm/birG8EPaE=; b=febKa1JM7kYk9xZje5swPWVy6HP1KkkJtXpiHpk7jYAGuEusMNMbn4IftlirOS/NOv YZYV4Ws25fhkVSFlRcUS0ct+fxXZeSlBAlm6x1RyGOOrjb4IQcADHJM0jq9OKbwaghZJ +moNt48sA7UH7J8JxpiIguOmKkEbYJdBy2vUQzW8p3C6EIjiMYypNo9c9d7TKVPBzB7o IHoEn/RYYc0G+VPCrEB/khH066XViZQ7/3nkrJAbbK4DQzWzvWF5+ZpH9lD7NZFHHr6b p5H/iJODA9+DuV8zmEGatb4OK/JBMUMy9vM0oUd/7pCSZl8+a78O0t++GCJcg2nOs9Xn 3esw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=wiRXmSnPylwY+UUf6fF1HMr47StzIlQJm/birG8EPaE=; b=YqSywF1R2jlCG82adpd2BeolNkwQ+9dY4yzXdiS0TZ2Ati1X3PNGWj0HkgzAOY9an0 xNV9wk1ZcCFxr/TU8KPA5LoFuVRNIt6NQDQYfrETs8ELNEA0yobJB6+cvOyBHGElty3P MtPpO93OL5aBQi5bApxunEzL2yqkVyaTgpZwYAEq7RSMCZvautd3UUmBhvlt0Tat6EGm R+XIxx8rh8z3Nxaf6q3Ly8ufRrR76jnPL3DrEzZp/6Ta7irNSb89xD+/+AmRjN0+7XvU NX5UjU4eT+nPUM487WiqTUPGicQOd234wZAt0M7jAwJf0HNBxxtHY35X9l+JVOIcJBgB 1wRg== X-Gm-Message-State: AOAM532gZjaMHHJDrJssPcefGi9JFcIou6R7EYA0gNgUtmIkzNZO45WO qPc9k17xG/qM0yiUjKmtPsgffw== X-Received: by 2002:a63:f916:: with SMTP id h22mr26367811pgi.6.1625664994698; Wed, 07 Jul 2021 06:36:34 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id t9sm6438659pjs.50.2021.07.07.06.36.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jul 2021 06:36:34 -0700 (PDT) From: Masahisa Kojima To: Heinrich Schuchardt , Alexander Graf , Ilias Apalodimas , Simon Glass , Masahisa Kojima , Dhananjay Phadke , u-boot@lists.denx.de Subject: [PATCH 2/5] efi_loader: add secure boot variable measurement Date: Wed, 7 Jul 2021 22:36:35 +0900 Message-Id: <20210707133638.12630-3-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210707133638.12630-1-masahisa.kojima@linaro.org> References: <20210707133638.12630-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean TCG PC Client PFP spec requires to measure the secure boot policy before validating the UEFI image. This commit adds the secure boot variable measurement of "SecureBoot", "PK", "KEK", "db" and "dbx". Note that this implementation assumes that secure boot variables are pre-configured and not be set/updated in runtime. Signed-off-by: Masahisa Kojima --- include/efi_tcg2.h | 20 ++++++ lib/efi_loader/efi_tcg2.c | 135 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 155 insertions(+) -- 2.17.1 diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index bcfb98168a..8d7b77c087 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -142,6 +142,26 @@ struct efi_tcg2_final_events_table { struct tcg_pcr_event2 event[]; }; +/** + * struct tdUEFI_VARIABLE_DATA + * @variable_name: The vendorGUID parameter in the + * GetVariable() API. + * @unicode_name_length: The length in CHAR16 of the Unicode name of + * the variable. + * @variable_data_length: The size of the variable data. + * @unicode_name: The CHAR16 unicode name of the variable + * without NULL-terminator. + * @variable_data: The data parameter of the efi variable + * in the GetVariable() API. + */ +struct efi_tcg2_uefi_variable_data { + efi_guid_t variable_name; + u64 unicode_name_length; + u64 variable_data_length; + u16 unicode_name[1]; + u8 variable_data[1]; +}; + struct efi_tcg2_protocol { efi_status_t (EFIAPI * get_capability)(struct efi_tcg2_protocol *this, struct efi_tcg2_boot_service_capability *capability); diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 1319a8b378..2a248bd62a 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -78,6 +78,19 @@ static const struct digest_info hash_algo_list[] = { }, }; +struct variable_info { + u16 *name; + const efi_guid_t *guid; +}; + +static struct variable_info secure_variables[] = { + {L"SecureBoot", &efi_global_variable_guid}, + {L"PK", &efi_global_variable_guid}, + {L"KEK", &efi_global_variable_guid}, + {L"db", &efi_guid_image_security_database}, + {L"dbx", &efi_guid_image_security_database}, +}; + #define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list) /** @@ -1264,6 +1277,39 @@ free_pool: return ret; } +/** + * tcg2_measure_event() - common function to add event log and extend PCR + * + * @dev: TPM device + * @pcr_index: PCR index + * @event_type: type of event added + * @size: event size + * @event: event data + * + * Return: status code + */ +static efi_status_t EFIAPI +tcg2_measure_event(struct udevice *dev, u32 pcr_index, u32 event_type, + u32 size, u8 event[]) +{ + struct tpml_digest_values digest_list; + efi_status_t ret; + + ret = tcg2_create_digest(event, size, &digest_list); + if (ret != EFI_SUCCESS) + goto out; + + ret = tcg2_pcr_extend(dev, pcr_index, &digest_list); + if (ret != EFI_SUCCESS) + goto out; + + ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list, + size, event); + +out: + return ret; +} + /** * efi_append_scrtm_version - Append an S-CRTM EV_S_CRTM_VERSION event on the * eventlog and extend the PCRs @@ -1294,6 +1340,88 @@ out: return ret; } +/** + * tcg2_measure_variable() - add variable event log and extend PCR + * + * @dev: TPM device + * @pcr_index: PCR index + * @event_type: type of event added + * @var_name: variable name + * @guid: guid + * @data_size: variable data size + * @data: variable data + * + * Return: status code + */ +static efi_status_t tcg2_measure_variable(struct udevice *dev, u32 pcr_index, + u32 event_type, u16 *var_name, + const efi_guid_t *guid, + efi_uintn_t data_size, u8 *data) +{ + u32 event_size; + efi_status_t ret; + struct efi_tcg2_uefi_variable_data *event; + + event_size = sizeof(event->variable_name) + + sizeof(event->unicode_name_length) + + sizeof(event->variable_data_length) + + (u16_strlen(var_name) * sizeof(*var_name)) + data_size; + event = malloc(event_size); + if (!event) + return EFI_OUT_OF_RESOURCES; + + guidcpy(&event->variable_name, guid); + event->unicode_name_length = u16_strlen(var_name); + event->variable_data_length = data_size; + memcpy(event->unicode_name, var_name, + (event->unicode_name_length * sizeof(*event->unicode_name))); + memcpy((u16 *)event->unicode_name + event->unicode_name_length, + (u8 *)data, data_size); + ret = tcg2_measure_event(dev, pcr_index, event_type, event_size, + (u8 *)event); + free(event); + return ret; +} + +/** + * tcg2_measure_secure_boot_variable() - measure secure boot variables + * + * @dev: TPM device + * + * Return: status code + */ +static efi_status_t tcg2_measure_secure_boot_variable(struct udevice *dev) +{ + u8 *data; + efi_uintn_t data_size; + u32 count, i; + efi_status_t ret; + + count = ARRAY_SIZE(secure_variables); + for (i = 0; i < count; i++) { + data = efi_get_var(secure_variables[i].name, + secure_variables[i].guid, + &data_size); + + ret = tcg2_measure_variable(dev, 7, + EV_EFI_VARIABLE_DRIVER_CONFIG, + secure_variables[i].name, + secure_variables[i].guid, + data_size, (u8 *)data); + free(data); + if (ret != EFI_SUCCESS) + goto error; + } + + /* + * TODO: add DBT and DBR measurement support when u-boot supports + * these variables. + */ + +error: + return ret; +} + /** * efi_tcg2_register() - register EFI_TCG2_PROTOCOL * @@ -1328,6 +1456,13 @@ efi_status_t efi_tcg2_register(void) tcg2_uninit(); goto fail; } + + ret = tcg2_measure_secure_boot_variable(dev); + if (ret != EFI_SUCCESS) { + tcg2_uninit(); + goto fail; + } + return ret; fail: