@@ -276,6 +276,45 @@ __weak efi_status_t platform_get_tpm2_device(struct udevice **dev)
return EFI_NOT_FOUND;
}
+/**
+ * platform_get_eventlog() - retrieve the eventlog address and size
+ *
+ * This function retrieves the eventlog address and size if the underlying
+ * firmware has done some measurements and passed them.
+ *
+ * This function may be overridden based on platform specific method of
+ * passing the eventlog address and size.
+ *
+ * @dev: udevice
+ * @addr: eventlog address
+ * @sz: eventlog size
+ * Return: status code
+ */
+__weak efi_status_t platform_get_eventlog(struct udevice *dev, u64 *addr,
+ u32 *sz)
+{
+ const u64 *basep;
+ const u32 *sizep;
+
+ basep = dev_read_prop(dev, "tpm_event_log_addr", NULL);
+ if (!basep)
+ return EFI_NOT_FOUND;
+
+ *addr = be64_to_cpup((__force __be64 *)basep);
+
+ sizep = dev_read_prop(dev, "tpm_event_log_size", NULL);
+ if (!sizep)
+ return EFI_NOT_FOUND;
+
+ *sz = be32_to_cpup((__force __be32 *)sizep);
+ if (*sz == 0) {
+ log_debug("event log empty\n");
+ return EFI_NOT_FOUND;
+ }
+
+ return EFI_SUCCESS;
+}
+
/**
* tpm2_get_max_command_size() - get the supported max command size
*
@@ -1107,6 +1146,205 @@ static const struct efi_tcg2_protocol efi_tcg2_protocol = {
.get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks,
};
+/**
+ * parse_event_log_header() - Parse and verify the event log header fields
+ *
+ * @buffer: Pointer to the event header
+ * @size: Size of the eventlog
+ * @pos: Position in buffer after event log header
+ *
+ * Return: status code
+ */
+efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos)
+{
+ struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer;
+ int i = 0;
+
+ if (size < sizeof(*event_header))
+ return EFI_COMPROMISED_DATA;
+
+ if (get_unaligned_le32(&event_header->pcr_index) != 0 ||
+ get_unaligned_le32(&event_header->event_type) != EV_NO_ACTION)
+ return EFI_COMPROMISED_DATA;
+
+ for (i = 0; i < sizeof(event_header->digest); i++) {
+ if (event_header->digest[i] != 0)
+ return EFI_COMPROMISED_DATA;
+ }
+
+ *pos += sizeof(*event_header);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ * parse_specid_event() - Parse and verify the specID Event in the eventlog
+ *
+ * @dev: udevice
+ * @buffer: Pointer to the start of the eventlog
+ * @log_size: Size of the eventlog
+ * @pos: Offset in the evenlog where specID event starts
+ *
+ * Return: status code
+ * @pos Offset in the eventlog where the specID event ends
+ * @digest_list: list of digests in the event
+ */
+efi_status_t parse_specid_event(struct udevice *dev, void *buffer, u32 log_size,
+ u32 *pos,
+ struct tpml_digest_values *digest_list)
+{
+ struct tcg_efi_spec_id_event *spec_event;
+ struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer;
+ size_t spec_event_size;
+ u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0;
+ u32 spec_active = 0;
+ u16 hash_alg, hash_sz;
+ u8 vendor_sz;
+ int err, i;
+
+ /* Check specID event data */
+ spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer + *pos);
+ /* Check for signature */
+ if (memcmp(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03,
+ sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) {
+ log_err("specID Event: Signature mismatch\n");
+ return EFI_COMPROMISED_DATA;
+ }
+
+ if (spec_event->spec_version_minor !=
+ TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 ||
+ spec_event->spec_version_major !=
+ TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2)
+ return EFI_COMPROMISED_DATA;
+
+ if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
+ spec_event->number_of_algorithms < 1) {
+ log_err("specID Event: Number of algorithms incorrect\n");
+ return EFI_COMPROMISED_DATA;
+ }
+
+ alg_count = spec_event->number_of_algorithms;
+
+ err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count);
+ if (err)
+ return EFI_DEVICE_ERROR;
+
+ digest_list->count = 0;
+ /*
+ * We may need to worry about the order of algs in this structure as
+ * subsequent entries in event should be in same order
+ */
+ for (i = 0; i < alg_count; i++) {
+ hash_alg =
+ get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id);
+ hash_sz =
+ get_unaligned_le16(&spec_event->digest_sizes[i].digest_size);
+
+ if (!(supported & alg_to_mask(hash_alg))) {
+ log_err("specID Event: Unsupported algorithm\n");
+ return EFI_COMPROMISED_DATA;
+ }
+ digest_list->digests[digest_list->count++].hash_alg = hash_alg;
+
+ spec_active |= alg_to_mask(hash_alg);
+ }
+
+ /* TCG spec expects the event log to have hashes for all active PCR's */
+ if (spec_active != active) {
+ /*
+ * Previous stage bootloader should know all the active PCR's
+ * and use them in the Eventlog.
+ */
+ log_err("specID Event: All active hash alg not present\n");
+ return EFI_COMPROMISED_DATA;
+ }
+
+ /*
+ * the size of the spec event and placement of vendor_info_size
+ * depends on supported algoriths
+ */
+ spec_event_size =
+ offsetof(struct tcg_efi_spec_id_event, digest_sizes) +
+ alg_count * sizeof(spec_event->digest_sizes[0]);
+
+ vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos + spec_event_size);
+
+ spec_event_size += sizeof(vendor_sz) + vendor_sz;
+ *pos += spec_event_size;
+
+ if (get_unaligned_le32(&event_header->event_size) != spec_event_size) {
+ log_err("specID event: header event size mismatch\n");
+ /* Right way to handle this can be to call SetActive PCR's */
+ return EFI_COMPROMISED_DATA;
+ }
+
+ return EFI_SUCCESS;
+}
+
+efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer, u32 log_size,
+ u32 *offset, struct tpml_digest_values *digest_list,
+ u32 *pcr)
+{
+ struct tcg_pcr_event2 *event = NULL;
+ u32 event_type, count, size, event_size;
+ size_t pos;
+
+ if (*offset > log_size)
+ return EFI_COMPROMISED_DATA;
+
+ event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset);
+
+ *pcr = get_unaligned_le32(&event->pcr_index);
+
+ event_size = tcg_event_final_size(digest_list);
+
+ if (*offset + event_size > log_size) {
+ log_err("Event exceeds log size\n");
+ return EFI_COMPROMISED_DATA;
+ }
+
+ event_type = get_unaligned_le32(&event->event_type);
+
+ /* get the count */
+ count = get_unaligned_le32(&event->digests.count);
+ if (count != digest_list->count)
+ return EFI_COMPROMISED_DATA;
+
+ pos = offsetof(struct tcg_pcr_event2, digests);
+ pos += offsetof(struct tpml_digest_values, digests);
+
+ for (int i = 0; i < digest_list->count; i++) {
+ u16 alg;
+ u16 hash_alg = digest_list->digests[i].hash_alg;
+ u8 *digest = (u8 *)&digest_list->digests[i].digest;
+
+ alg = get_unaligned_le16((void *)((uintptr_t)event + pos));
+
+ if (alg != hash_alg)
+ return EFI_COMPROMISED_DATA;
+
+ pos += offsetof(struct tpmt_ha, digest);
+ memcpy(digest, (void *)((uintptr_t)event + pos), alg_to_len(hash_alg));
+ pos += alg_to_len(hash_alg);
+ }
+
+ size = get_unaligned_le32((void *)((uintptr_t)event + pos));
+ event_size += size;
+ pos += sizeof(u32); /* tcg_pcr_event2 event_size*/
+ pos += size;
+
+ /* make sure the calculated buffer is what we checked against */
+ if (pos != event_size)
+ return EFI_COMPROMISED_DATA;
+
+ if (pos > log_size)
+ return EFI_COMPROMISED_DATA;
+
+ *offset += pos;
+
+ return EFI_SUCCESS;
+}
+
/**
* create_specid_event() - Create the first event in the eventlog
*
@@ -1241,16 +1479,19 @@ out:
/**
* efi_init_event_log() - initialize an eventlog
*/
-static efi_status_t efi_init_event_log(void)
+static efi_status_t efi_init_event_log(struct udevice *dev)
{
/*
* vendor_info_size is currently set to 0, we need to change the length
* and allocate the flexible array member if this changes
*/
struct tcg_pcr_event *event_header = NULL;
- struct udevice *dev;
+ struct tpml_digest_values digest_list;
size_t spec_event_size;
efi_status_t ret;
+ u32 pcr, pos;
+ u64 base;
+ u32 sz;
ret = platform_get_tpm2_device(&dev);
if (ret != EFI_SUCCESS)
@@ -1266,26 +1507,65 @@ static efi_status_t efi_init_event_log(void)
* last log entry
*/
memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE);
+
+ /*
+ * The log header is defined to be in SHA1 event log entry format.
+ * Setup event header
+ */
+ event_header = (struct tcg_pcr_event *)event_log.buffer;
event_log.pos = 0;
event_log.last_event_size = 0;
event_log.get_event_called = false;
event_log.truncated = false;
/*
- * The log header is defined to be in SHA1 event log entry format.
- * Setup event header
+ * Check if earlier firmware have passed any eventlog. Different
+ * platforms can use different ways to do so
*/
- event_header = (struct tcg_pcr_event *)event_log.buffer;
- put_unaligned_le32(0, &event_header->pcr_index);
- put_unaligned_le32(EV_NO_ACTION, &event_header->event_type);
- memset(&event_header->digest, 0, sizeof(event_header->digest));
- ret = create_specid_event(dev, (void *)((uintptr_t)event_log.buffer + sizeof(*event_header)),
- &spec_event_size);
- if (ret != EFI_SUCCESS)
- goto free_pool;
- put_unaligned_le32(spec_event_size, &event_header->event_size);
- event_log.pos = spec_event_size + sizeof(*event_header);
- event_log.last_event_size = event_log.pos;
+ ret = platform_get_eventlog(dev, &base, &sz);
+ if (ret == EFI_SUCCESS && sz < TPM2_EVENT_LOG_SIZE) {
+ void *buffer = (void *)base;
+
+ pos = 0;
+ /* Parse the eventlog to check for its validity */
+ ret = parse_event_log_header(buffer, sz, &pos);
+ if (ret || pos > sz) {
+ ret = EFI_COMPROMISED_DATA;
+ goto free_pool;
+ }
+
+ ret = parse_specid_event(dev, buffer, sz, &pos, &digest_list);
+ if (ret || pos > sz) {
+ log_err("Error parsing SPEC ID Event\n");
+ ret = EFI_COMPROMISED_DATA;
+ goto free_pool;
+ }
+
+ while (pos < sz) {
+ ret = tcg2_parse_event(dev, buffer, sz, &pos,
+ &digest_list, &pcr);
+ if (ret) {
+ log_err("Error parsing event\n");
+ goto free_pool;
+ }
+ }
+
+ memcpy(event_log.buffer, buffer, sz);
+ event_log.pos = sz;
+ } else {
+ put_unaligned_le32(0, &event_header->pcr_index);
+ put_unaligned_le32(EV_NO_ACTION, &event_header->event_type);
+ memset(&event_header->digest, 0, sizeof(event_header->digest));
+ ret = create_specid_event(dev,
+ (void *)((uintptr_t)event_log.buffer +
+ sizeof(*event_header)),
+ &spec_event_size);
+ if (ret != EFI_SUCCESS)
+ goto free_pool;
+ put_unaligned_le32(spec_event_size, &event_header->event_size);
+ event_log.pos = spec_event_size + sizeof(*event_header);
+ event_log.last_event_size = event_log.pos;
+ }
ret = create_final_event();
if (ret != EFI_SUCCESS)
@@ -1664,7 +1944,7 @@ efi_status_t efi_tcg2_register(void)
return EFI_SUCCESS;
}
- ret = efi_init_event_log();
+ ret = efi_init_event_log(dev);
if (ret != EFI_SUCCESS)
goto fail;
Platforms may have support to measure their initial firmware components and pass the event log to u-boot. The event log address can be passed in property tpm_event_log_addr and tpm_event_log_size of the tpm node. Platforms may choose their own specific mechanism to do so. A weak function is added to check if even log has been passed to u-boot from earlier firmware components. If available, the eventlog is parsed to check for its correctness and further event logs are appended to the passed log. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> --- lib/efi_loader/efi_tcg2.c | 312 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 296 insertions(+), 16 deletions(-)