From patchwork Mon Dec 23 14:47:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Raymond Mao X-Patchwork-Id: 853072 Delivered-To: patch@linaro.org Received: by 2002:a5d:4888:0:b0:385:e875:8a9e with SMTP id g8csp3432910wrq; Mon, 23 Dec 2024 06:49:21 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVvt/VvoEa0MEEmF3+SiLRxZ4AN7PZTw9VTqQpgkynFiVFqPOu52gLW+BlxSloCmY9hpP01wA==@linaro.org X-Google-Smtp-Source: AGHT+IEwlOGvmn5S1TJIH+UKswuxCVAXfLQXBFLzTO04TdQS49AzWicZgs0opb4iK2EEE6CJheoh X-Received: by 2002:a17:907:1c0f:b0:aa6:3de7:f258 with SMTP id a640c23a62f3a-aac334f1ba8mr1056229366b.37.1734965360907; Mon, 23 Dec 2024 06:49:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1734965360; cv=none; d=google.com; s=arc-20240605; b=Q1mIU5o4z+WZjYwyK2jcuHGLteHHJEn8+g7Akd1EvtszQKay4JAMQeMuM5n+SqdtcN A70p6/BK3Ku5uEVInDio8x3WS2Y+ZBTWxs8WCsmO5vXc5b4Q/HxZ1hqi/0Amr8l3173y UQU4ULWogi2VA6WMkngbyNNXmjU+/noAYFEMfSdd+e5C+uyRKVVDC63NendAgX3elLgV QoT76Royix3ON7aCYWOZGrfX/NGPk5Cbs5k+lj+RLCjs5A7ObcHYeHOPHCSLkc7Q6USh dRoOc4cNL46s8tNpAuIEbjt+ufbMi5t/LbpQfSWxaQsDoVewuecuzZvkmWik2SNPC4w6 A7Gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=dA4bRXHpTlUiA/sjarTwlVmTFN4dNXhUiDJjvTP4O7M=; fh=JwI1T3Njxx0vlNnAg5N5jQGYex21sQ2C4f5jT2UIKcY=; b=jzB13k4ELm52kVNH9HJTBNU+xyQTm2LldUuzcGTK0tsxQhVvRKEQaIh2Cv2YZiBIe1 b5jEzdOOo4qBNFZbI/vNvxwhAT4J476w2VmXxYmDwraep+viKWhW6Al2aDC0AcWkgcis mTp+Tw+mE5vlvVSZdi17EVZzoHF9lkQA4v6rqE4BUgs9evVC1FIytjUum2VizOHyqHUC xHgqU63oKDHXhni4swHvU3J50goWEG7SrFCz5hmzlfksbSarXNEGl5d0t3sztE/CCGRl UahH9UUf2x9BKeDYc+rck4YieMNBuBQdto5YdkUftv0xJYBx86vfSA+mZmv5M3uGtKd6 KTFQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=RDLnNOr3; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id a640c23a62f3a-aac0eff3328si596234966b.310.2024.12.23.06.49.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:49:20 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=RDLnNOr3; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 18A1480730; Mon, 23 Dec 2024 15:49:03 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="RDLnNOr3"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4A53580771; Mon, 23 Dec 2024 15:49:01 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-qv1-xf32.google.com (mail-qv1-xf32.google.com [IPv6:2607:f8b0:4864:20::f32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 86CD080730 for ; Mon, 23 Dec 2024 15:48:58 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=raymond.mao@linaro.org Received: by mail-qv1-xf32.google.com with SMTP id 6a1803df08f44-6d884e8341bso30471186d6.0 for ; Mon, 23 Dec 2024 06:48:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1734965337; x=1735570137; darn=lists.denx.de; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dA4bRXHpTlUiA/sjarTwlVmTFN4dNXhUiDJjvTP4O7M=; b=RDLnNOr3Rx+c2w8r/oM3+PWMskabrcETiEX9p9TgKI4V3hZs3+YHiEQRUHm0v8uUNW Pz1CNz475BD27kIQ45Sm83tCfFcJ8PigZZvgiMYQamyefitRJlNkMaCuTQu5HbbojAvW Q1ZPjEcB9xMF+9dW+4+IwR1lM2QA4W7fSDC09wfGWAs0sa5SW6QE/Ol0TunFOhaQIvMz RBfxb4JY4uC7j1m8BFB+Tnq6hCt49LC4ZN9ikkUChyFL9g4oRofPXc8+9JLIazm88CUH KFgMo946yrSLC+U75ngdE08GzNpq6KTZpckZBsAaFKAB6GLRisS4uvsRJHGen6vOKYXw O90A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734965337; x=1735570137; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dA4bRXHpTlUiA/sjarTwlVmTFN4dNXhUiDJjvTP4O7M=; b=E2PrdGavTM9MFHxmH0X52RRo6a0a3f4pc0hdjtOzQjdQbWfqeTb2Gfzi910ZLCXx+l S/+wmGqX7VazxU8J8/z7wtEQ594BYhacqL1WoCJSc9IKhmrgxReiQTLYBDsVGEHWQxCn bZjzr0Qh8C0hf3xl109yQrmaEezPbG7CIzmJTmjRsN8fp637eM29zp+bVHXgnFBPqn1R wl+MedhOh+nyRi9xqXOuLVFS7OVPXtHpwLNJ91oSXtxgv4uc4iwV3y5qLI+pb3vOkEQN SovLJs9cEutXNFAmnvZt6w0BBQBkvFY6NXM0ARguwaz0LHDKF50qFl8EV+fytymenhhW 8gZw== X-Gm-Message-State: AOJu0YwjV1LngFDSV7CDmK4EX7spmT0bv+bVHjKN0pSgOZBxeiTmRpEI UISfuCrwnFVwYJWciL9wwN0JSOcTDmuUAtbMkro2L3mo6tukdNfarVwb1+mj0h1+USzLOFXB4IW D X-Gm-Gg: ASbGncvlnIWQlFyrjtRdqPwhytv5Hasa3hvrTgyOrCWtSRuZ/cPh2n6X2wccek0qm9D Q+7v8+ySw7QiaNanPm2OLQp2MwJmpxrzZRosTxsJ7nVMwf9z5aLLd0JhOui1r0OFDe+vTwnmjVA 11q4cpligmaNX2m1iW42lEH1GA724d3OC+I/vfPIHMtoZm8OdgseIEATnPqtrAC04nvFF4mcfG0 UbTml5DVy78Jhk3psyrI9dUoqs6V2VJKYwFCjIJ9UUR8EABG8h2wR3cH33tJQNBbEE5GOerEvH4 cbIiEom1bjFKDIptbZDlABndCq1rbfU/WZr4mbsWuhb5rqsP2ZgbyQk= X-Received: by 2002:a05:6214:5f11:b0:6d8:9ab7:adcc with SMTP id 6a1803df08f44-6dd2334b26cmr210420676d6.22.1734965337242; Mon, 23 Dec 2024 06:48:57 -0800 (PST) Received: from ubuntu.localdomain (pool-174-114-184-37.cpe.net.cable.rogers.com. [174.114.184.37]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6dd181bb519sm44243246d6.83.2024.12.23.06.48.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Dec 2024 06:48:56 -0800 (PST) From: Raymond Mao To: u-boot@lists.denx.de Cc: Ilias Apalodimas , Raymond Mao , Tom Rini , Heinrich Schuchardt , Tim Harvey , Simon Glass , Eddie James , Masahisa Kojima Subject: [PATCH 10/11] tpm: Don't replay an EventLog if tcg2_log_parse() fails Date: Mon, 23 Dec 2024 06:47:32 -0800 Message-Id: <20241223144737.554992-11-raymond.mao@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20241223144737.554992-1-raymond.mao@linaro.org> References: <20241223144737.554992-1-raymond.mao@linaro.org> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Ilias Apalodimas We used to stop replaying an EventLog if parsing failed, but that got lost in commit 97707f12fdab ("tpm: Support boot measurements"). When an EventLog is passed yo us from a previous bootloader, we want to validate it as much as we can and make sure the defined PCR banks of the log exist in our TPM and firmware so we can replay it if needed or use it as-in, in case the PCRs are already extended. So let's add the checks back and while at it simplify the logic of rejecting an EventLog. Signed-off-by: Ilias Apalodimas Signed-off-by: Raymond Mao --- lib/tpm_tcg2.c | 56 ++++++++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 25 deletions(-) diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c index 72969923a9..64563d7871 100644 --- a/lib/tpm_tcg2.c +++ b/lib/tpm_tcg2.c @@ -360,7 +360,6 @@ static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog) u16 len; int rc; u32 i; - u16 j; if (elog->log_size <= offsetof(struct tcg_pcr_event, event)) return 0; @@ -399,40 +398,51 @@ static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog) if (evsz != calc_size) return 0; - rc = tcg2_get_active_pcr_banks(dev, &active); - if (rc) - return rc; - + /* + * Go through the algorithms the EventLog contains. If the EventLog + * algorithms don't match the active TPM ones exit and report the + * erroneous banks. + * We've already checked that U-Boot supports all the enabled TPM + * algorithms, so just check the EvenLog against the TPM active ones. + */ digest_list.count = 0; log_active = 0; - for (i = 0; i < count; ++i) { algo = get_unaligned_le16(&event->digest_sizes[i].algorithm_id); mask = tcg2_algorithm_to_mask(algo); - if (!(active & mask)) - return 0; - switch (algo) { case TPM2_ALG_SHA1: case TPM2_ALG_SHA256: case TPM2_ALG_SHA384: case TPM2_ALG_SHA512: len = get_unaligned_le16(&event->digest_sizes[i].digest_size); - if (tpm2_algorithm_to_len(algo) != len) - return 0; + if (tpm2_algorithm_to_len(algo) != len) { + log_err("EventLog invalid algorithm length\n"); + return -1; + } digest_list.digests[digest_list.count++].hash_alg = algo; break; default: - return 0; + /* + * We can ignore this if the TPM PCRs is not extended + * by the previous bootloader. But for now just exit + */ + log_err("EventLog has unsupported algorithm 0x%x\n", + algo); + return -1; } - log_active |= mask; } - /* Ensure the previous firmware extended all the PCRs. */ - if (log_active != active) - return 0; + rc = tcg2_get_active_pcr_banks(dev, &active); + if (rc) + return rc; + /* If the EventLog and active algorithms don't match exit */ + if (log_active != active) { + log_err("EventLog doesn't contain all active PCR banks\n"); + return -1; + } /* Read PCR0 to check if previous firmware extended the PCRs or not. */ rc = tcg2_pcr_read(dev, 0, &digest_list); @@ -440,17 +450,13 @@ static int tcg2_log_parse(struct udevice *dev, struct tcg2_event_log *elog) return rc; for (i = 0; i < digest_list.count; ++i) { - len = tpm2_algorithm_to_len(digest_list.digests[i].hash_alg); - for (j = 0; j < len; ++j) { - if (digest_list.digests[i].digest.sha512[j]) - break; - } + u8 hash_buf[TPM2_SHA512_DIGEST_SIZE] = { 0 }; + u16 hash_alg = digest_list.digests[i].hash_alg; - /* PCR is non-zero; it has been extended, so skip extending. */ - if (j != len) { + if (memcmp((u8 *)&digest_list.digests[i].digest, hash_buf, + tpm2_algorithm_to_len(hash_alg))) digest_list.count = 0; - break; - } + } return tcg2_replay_eventlog(elog, dev, &digest_list,