From patchwork Sun May 9 11:44:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 432864 Delivered-To: patch@linaro.org Received: by 2002:a02:c901:0:0:0:0:0 with SMTP id t1csp1972224jao; Sun, 9 May 2021 04:45:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzvkArvOB4DAXWBLcCtztLmDDafp/HdfcsED+gjZO4a5OaCF/R3TRtA5M+Cg01GMeA7e3/8 X-Received: by 2002:a05:6602:24cc:: with SMTP id h12mr13955501ioe.111.1620560710576; Sun, 09 May 2021 04:45:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620560710; cv=none; d=google.com; s=arc-20160816; b=OP/HhEcEbuTXv/p3DDy176QK6CUmiJvLJiO5sndzxPKbawqgk47G5VyhCF19K3f0mR P0+2ytJQj4l2SqNGwXRhtnXQR6ka0/w1aBVpfzUmN3nSpv2XKVEa2EVhugJ6+jW4NLkF zbsOoRHLHJhwpVzPlEs1gTfRfD4UQRIoCKsxRpVZ5Ojjdw7OI4rGjzQEXT16fHg5O5uV XBQzas9nCimFORIQQgOZQFSVBxf0ZnV4H9hgWKhXWwqZdQbQAzWxfkcAqIo3T3Ksscg4 Hk08K6Yf/+mhlsfyySTjjXi/BMLkffC6YU5VD6YhmuCfnoW+i/X+k5LeKkNwB3+U0aiZ gP2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=JM6tzI8U43hdDrmMeAqAWUx/ZtfoircetzM39x0T+Qo=; b=IDcz8WBvqbh1mHdEFLueryTYJjAnSZAfXG7K7qJFHNG0ezqsbY6nbloe7EEpJIMcQ5 zf1uGr7iqIGrfXwdNEQ4W587Wk3gnZRgVPN+UHWVePpRjV927l8v2YM4C5ONaX7MdmTJ igy0OiLeKHlRcvQ878Mvw1/5a0T8UQd/K60s/McRpTNU/a3BJlfCDViPdSNBqx8Z1lEj 4x9SbprhBAPf4bvwpYUkva+et8GRKXLw5N6MQk/YIxZ4C4A5hToQS0f1wbZ6muYkykJ2 TWVHGbHqvhSSpfswoR2H3NfpHJHh44iexBV+rqky4/ykq5+y9GwNGLeRSoI7NJ6xh7YB QFTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=qNlILJi9; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l2si13644530ios.47.2021.05.09.04.45.10; Sun, 09 May 2021 04:45:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=qNlILJi9; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229593AbhEILqM (ORCPT + 1 other); Sun, 9 May 2021 07:46:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51542 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229563AbhEILqL (ORCPT ); Sun, 9 May 2021 07:46:11 -0400 Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B1043C061574 for ; Sun, 9 May 2021 04:45:07 -0700 (PDT) Received: by mail-wm1-x334.google.com with SMTP id o127so7604721wmo.4 for ; Sun, 09 May 2021 04:45:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JM6tzI8U43hdDrmMeAqAWUx/ZtfoircetzM39x0T+Qo=; b=qNlILJi9qtznNp58d1C9Yi3Qrf2oTMG/j3cbuOTcAfBlasYf8y5w5lVGH1LcEfa7Ig xxWl9fq2CxE420DFEBsPsb52o4ZTE+9spEj20rc9ee9W61lEC99IK8J83WV2tSKpjyn5 zIkR0eRPPP8bzb8WHVPmQ7l7j2Qve0hlOvWNpdEfKmVa1b9LMifV+8mWhoWFHTL0g1hx yySsPKoRZyPTPubpbQ6BqHtPFKRryENFQEDTv6630a9N+7ELN17xfslLD68q9aj3NgT1 4/zhPY5iJh9HuuTHy7T2u+219GNHPU73NnXvc/iErXFuPnqBv9dl9yPBgZHcpluquWUY aIOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JM6tzI8U43hdDrmMeAqAWUx/ZtfoircetzM39x0T+Qo=; b=esnig6Fbaj/eMzgdqrSus370JQOAxYNlMxoPld3dq707Ng1vpcpI5tP1JiNgOLX/ne Nms1azWGkg/F18rqeZ1cVPAOO5EOkHzHxv2vT399XOtZjvLWBcOQbhIEQX9TgVbtJBUi Sct0uQFHzYwxJZ1RiaNP/qh98GAXU4BfNRSom4+RdlplYFIi0wdJJCZzRHdTL3POM2gI uX9bpgYngU115O2Tkf1QRMM+dfJt8iLJLrTuCyx7nuF7UNXErvYBP8CAcUSss9UgA0KF YR2fR+G11QU9fJoJTuYR5Rf9nsu9Pt57vgR7aksvk6eUFam5Bx81Kv11x2hRHLFLMZ9Q OvEQ== X-Gm-Message-State: AOAM5334gACMdgNjKN2ZfohtuSEGC/zD9CCwh6qac1hhCOZ5V4E8kTro e9EZEGSn906VLzJsSDiUozxHUTVGbTBgUg== X-Received: by 2002:a1c:e409:: with SMTP id b9mr32165742wmh.189.1620560706479; Sun, 09 May 2021 04:45:06 -0700 (PDT) Received: from apalos.home ([2a02:587:466e:1389:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id c8sm17650244wrx.4.2021.05.09.04.45.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 May 2021 04:45:06 -0700 (PDT) From: Ilias Apalodimas To: linux-efi@vger.kernel.org Cc: ardb@kernel.org, pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com, daniel.kiper@oracle.com, James.Bottomley@hansenpartnership.com, leif@nuviainc.com, Ilias Apalodimas Subject: [RFC PATCH 1/4] efi/libstub: add prototype of efi_tcg2_protocol::hash_log_extend_event() Date: Sun, 9 May 2021 14:44:51 +0300 Message-Id: <20210509114454.185583-2-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210509114454.185583-1-ilias.apalodimas@linaro.org> References: <20210509114454.185583-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Ard Biesheuvel Define the right prototype for efi_tcg2_protocol::hash_log_extend_event() and add the required structs so we can start using it to measure the initrd into the TPM if it was loaded by the EFI stub itself. Co-developed-by: Ilias Apalodimas Signed-off-by: Ilias Apalodimas Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/efi.h | 4 ++++ drivers/firmware/efi/libstub/efistub.h | 29 +++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) -- 2.31.0 diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h index 4d0b126835b8..85f156f8ef81 100644 --- a/arch/x86/include/asm/efi.h +++ b/arch/x86/include/asm/efi.h @@ -308,6 +308,10 @@ static inline u32 efi64_convert_status(efi_status_t status) #define __efi64_argmap_query_mode(gop, mode, size, info) \ ((gop), (mode), efi64_zero_upper(size), efi64_zero_upper(info)) +/* TCG2 protocol */ +#define __efi64_argmap_hash_log_extend_event(prot, fl, addr, size, ev) \ + ((prot), (fl), 0ULL, (u64)(addr), 0ULL, (u64)(size), 0ULL, ev) + /* * The macros below handle the plumbing for the argument mapping. To add a * mapping for a specific EFI method, simply define a macro diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index cde0a2ef507d..a2825c435158 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -667,6 +667,29 @@ union apple_properties_protocol { typedef u32 efi_tcg2_event_log_format; +#define INITRD_EVENT_TAG_ID 0x8F3B22ECU +#define EV_EVENT_TAG 0x00000006U +#define EFI_TCG2_EVENT_HEADER_VERSION 0x1 + +struct efi_tcg2_event { + u32 event_size; + struct { + u32 header_size; + u16 header_version; + u32 pcr_index; + u32 event_type; + } __packed event_header; + /* u8[] event follows here */ +} __packed; + +struct efi_tcg2_tagged_event { + u32 tagged_event_id; + u32 tagged_event_data_size; + /* u8 tagged event data follows here */ +} __packed; + +typedef struct efi_tcg2_event efi_tcg2_event_t; +typedef struct efi_tcg2_tagged_event efi_tcg2_tagged_event_t; typedef union efi_tcg2_protocol efi_tcg2_protocol_t; union efi_tcg2_protocol { @@ -677,7 +700,11 @@ union efi_tcg2_protocol { efi_physical_addr_t *, efi_physical_addr_t *, efi_bool_t *); - void *hash_log_extend_event; + efi_status_t (__efiapi *hash_log_extend_event)(efi_tcg2_protocol_t *, + u64, + efi_physical_addr_t, + u64, + const efi_tcg2_event_t *); void *submit_command; void *get_active_pcr_banks; void *set_active_pcr_banks; From patchwork Sun May 9 11:44:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 432865 Delivered-To: patch@linaro.org Received: by 2002:a02:c901:0:0:0:0:0 with SMTP id t1csp1972227jao; Sun, 9 May 2021 04:45:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzvTz7S5cP3adH4zUJwnfHqhunYmokz7KtlX0jSas+4VLC8pKypr11irxJNU1R6T6azZnhM X-Received: by 2002:a92:cc0f:: with SMTP id s15mr17064306ilp.187.1620560710818; Sun, 09 May 2021 04:45:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620560710; cv=none; d=google.com; s=arc-20160816; b=QoAW+5cydiJvTq/ZUHozk9GypSgHra9QVnPaWXZ15iU9c7AZVQHEJrF9tthswXUU3s olQf4TCrxOfcUbMP/38GCaZwf7lHybZbx0mZgZgjhPDWrii/MENGU5kTRNqnBt11gSw8 dYZjtMSwL/GWwVA7CWvc/4SN+xU2T2ZZBzWexggiuNrkX616ce+2T2ViRE6UEJm6w6Vx N/rvtM9AUK5vO+ymuRitYmvuI/ROYBdJolXBS7yHpj0QQa5OlNFHPruU9wKVAufG5SEO fD58MUF0mfh6mrAfw1C+AddcpPywtk29BmpdGi8DXhA2kOv9IdPZDpZcbywYiFneEHQp NA9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=hoiAIq/z3yHkNOvXZ9mqTktxHY6cU6zfc8Z8n8hwB2c=; b=SuFuz1Kop1HQqF1t+btwWJrnX9FmtJRgksBSnTondRVa98H/ffJTRfOvU5UNaQmsqI kq3DL5r2/UeaZafZd/mqkYhHEUGeiZ8OFi8wSlqHPbCbvmrrxp1xWTxvLqL+Ngna1NVi i45R3G/XrpmBTZCmUOc1SHe1c6Xu70bmyuNmuDWKl+2I6hbagyQI5+ccUzNEJM/SthZz KWoAHo4BSlgM9RpXZG4PcpjZ40BaifOlWc8FPy2hfwEOrP6JxMYt61K9OxNdsGp+0JQN fVf1mIt3qKKrx556/Monm3FMrzdJ0bXUxro74g9G/O0UUtc1MuwuuYxtN6RDlh7N4pdQ WB8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fMYvUXUj; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l2si13644530ios.47.2021.05.09.04.45.10; Sun, 09 May 2021 04:45:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=fMYvUXUj; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229563AbhEILqN (ORCPT + 1 other); Sun, 9 May 2021 07:46:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51544 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229590AbhEILqM (ORCPT ); Sun, 9 May 2021 07:46:12 -0400 Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6E36C061573 for ; Sun, 9 May 2021 04:45:08 -0700 (PDT) Received: by mail-wr1-x433.google.com with SMTP id a4so13703348wrr.2 for ; Sun, 09 May 2021 04:45:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=hoiAIq/z3yHkNOvXZ9mqTktxHY6cU6zfc8Z8n8hwB2c=; b=fMYvUXUjg3oolfqTBDiYR0OIQuC7lcfDKZxNktcrYHxb8imwa8oKgsArc3NvQt2k4j aAZRUQ1RglF0N4zmqgNPhI+oyDjwYyl//yro/Z8Vj6iUw5GKiP8pi5x0pyxqSQ0abtL2 R6Zdn9M9r33CUcezWhqbxINs5HHDf9PcZ3Rto0r6/Vi278lGAZwF02kTN1MugD9EC2i2 bWYalzp1Yj1rtfM4ndQ2jZ5H0SmJBRq5vGLg5BkF7192/gaCxnx+GsxEZtSUeu7K0x2D 3ux1gOM8DVIKfAjffP8wY46xke05fOuIJ4IbqcHKUB9+yEwoQB9bHlOIl05tz7qJRhRH Ej0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=hoiAIq/z3yHkNOvXZ9mqTktxHY6cU6zfc8Z8n8hwB2c=; b=eZwyZB86IEMMOi04qbY0XVIjefU40APvGPtE9U5kU9Z7at4mhZgJSxXEjMJPelbWC7 1zWYCSg0FIbu5QKCIGew5xzmC8bU/4IJHHWW7xAcflqFcNsTfIfd2YjwinWBMkg0jDId nI5oUlaXiLywRVmG6YkSMvOd7eErNC/CB372Y6p9HuXgbtNg21RjfdvJZSmrhvXJhhoS i27iZPodtUTwn1hUHKop/9lCIa9J6i0igC6+4kJ6MqyvZB8ncgNRtjmsQhvJlesxxlxE oJRRL1HK8iXq//vTAP5rN/xNLE9z3zvIWzXYzV5iQ581PhqxnJlShjGcOPBUiPoUKsrP /OTg== X-Gm-Message-State: AOAM531G9QNShqpcjfz7PhxGNn+Tdi7PIxg+9yxusPW49xn4SH7gQjOy 5qkkSrNvg1uqyTwYivVUe4Q5bn+KtVN3tw== X-Received: by 2002:adf:f251:: with SMTP id b17mr24522214wrp.410.1620560707728; Sun, 09 May 2021 04:45:07 -0700 (PDT) Received: from apalos.home ([2a02:587:466e:1389:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id c8sm17650244wrx.4.2021.05.09.04.45.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 May 2021 04:45:07 -0700 (PDT) From: Ilias Apalodimas To: linux-efi@vger.kernel.org Cc: ardb@kernel.org, pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com, daniel.kiper@oracle.com, James.Bottomley@hansenpartnership.com, leif@nuviainc.com, Ilias Apalodimas Subject: [RFC PATCH 2/4] efi/libstub: x86/mixed: increase supported argument count Date: Sun, 9 May 2021 14:44:52 +0300 Message-Id: <20210509114454.185583-3-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210509114454.185583-1-ilias.apalodimas@linaro.org> References: <20210509114454.185583-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Ard Biesheuvel Increase the number of arguments supported by mixed mode calls, so that we will be able to call into the TCG2 protocol to measure the initrd and extend the associated PCR. This involves the TCG2 protocol's hash_log_extend_event() method, which takes five arguments, three of which are u64 and need to be split, producing a total of 8 outgoing arguments. Signed-off-by: Ard Biesheuvel Signed-off-by: Ilias Apalodimas --- arch/x86/boot/compressed/efi_thunk_64.S | 17 ++++++++++++----- arch/x86/include/asm/efi.h | 10 ++++++---- arch/x86/platform/efi/efi_thunk_64.S | 14 ++++++++++++-- 3 files changed, 30 insertions(+), 11 deletions(-) -- 2.31.0 diff --git a/arch/x86/boot/compressed/efi_thunk_64.S b/arch/x86/boot/compressed/efi_thunk_64.S index 95a223b3e56a..fec6c48d6b30 100644 --- a/arch/x86/boot/compressed/efi_thunk_64.S +++ b/arch/x86/boot/compressed/efi_thunk_64.S @@ -27,8 +27,6 @@ SYM_FUNC_START(__efi64_thunk) push %rbp push %rbx - leaq 1f(%rip), %rbp - movl %ds, %eax push %rax movl %es, %eax @@ -36,19 +34,28 @@ SYM_FUNC_START(__efi64_thunk) movl %ss, %eax push %rax + movq 0x30(%rsp), %rbp + movq 0x38(%rsp), %rbx + movq 0x40(%rsp), %rax + /* * Convert x86-64 ABI params to i386 ABI */ - subq $32, %rsp + subq $48, %rsp movl %esi, 0x0(%rsp) movl %edx, 0x4(%rsp) movl %ecx, 0x8(%rsp) movl %r8d, 0xc(%rsp) movl %r9d, 0x10(%rsp) + movl %ebp, 0x14(%rsp) + movl %ebx, 0x18(%rsp) + movl %eax, 0x1c(%rsp) - leaq 0x14(%rsp), %rbx + leaq 0x20(%rsp), %rbx sgdt (%rbx) + leaq 1f(%rip), %rbp + /* * Switch to gdt with 32-bit segments. This is the firmware GDT * that was installed when the kernel started executing. This @@ -67,7 +74,7 @@ SYM_FUNC_START(__efi64_thunk) pushq %rax lretq -1: addq $32, %rsp +1: addq $48, %rsp movq %rdi, %rax pop %rbx diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h index 85f156f8ef81..a323dbac9182 100644 --- a/arch/x86/include/asm/efi.h +++ b/arch/x86/include/asm/efi.h @@ -46,13 +46,14 @@ extern unsigned long efi_mixed_mode_stack_pa; #define __efi_nargs(...) __efi_nargs_(__VA_ARGS__) #define __efi_nargs_(...) __efi_nargs__(0, ##__VA_ARGS__, \ + __efi_arg_sentinel(9), __efi_arg_sentinel(8), \ __efi_arg_sentinel(7), __efi_arg_sentinel(6), \ __efi_arg_sentinel(5), __efi_arg_sentinel(4), \ __efi_arg_sentinel(3), __efi_arg_sentinel(2), \ __efi_arg_sentinel(1), __efi_arg_sentinel(0)) -#define __efi_nargs__(_0, _1, _2, _3, _4, _5, _6, _7, n, ...) \ +#define __efi_nargs__(_0, _1, _2, _3, _4, _5, _6, _7, _8, _9, n, ...) \ __take_second_arg(n, \ - ({ BUILD_BUG_ON_MSG(1, "__efi_nargs limit exceeded"); 8; })) + ({ BUILD_BUG_ON_MSG(1, "__efi_nargs limit exceeded"); 10; })) #define __efi_arg_sentinel(n) , n /* @@ -176,8 +177,9 @@ extern u64 efi_setup; extern efi_status_t __efi64_thunk(u32, ...); #define efi64_thunk(...) ({ \ - __efi_nargs_check(efi64_thunk, 6, __VA_ARGS__); \ - __efi64_thunk(__VA_ARGS__); \ + u64 __pad[3]; /* must have space for 3 args on the stack */ \ + __efi_nargs_check(efi64_thunk, 9, __VA_ARGS__); \ + __efi64_thunk(__VA_ARGS__, __pad); \ }) static inline bool efi_is_mixed(void) diff --git a/arch/x86/platform/efi/efi_thunk_64.S b/arch/x86/platform/efi/efi_thunk_64.S index fd3dd1708eba..5b7c6e09954e 100644 --- a/arch/x86/platform/efi/efi_thunk_64.S +++ b/arch/x86/platform/efi/efi_thunk_64.S @@ -36,6 +36,17 @@ SYM_CODE_START(__efi64_thunk) movq efi_mixed_mode_stack_pa(%rip), %rsp push %rax + /* + * Copy args passed via the stack + */ + subq $0x24, %rsp + movq 0x18(%rax), %rbp + movq 0x20(%rax), %rbx + movq 0x28(%rax), %rax + movl %ebp, 0x18(%rsp) + movl %ebx, 0x1c(%rsp) + movl %eax, 0x20(%rsp) + /* * Calculate the physical address of the kernel text. */ @@ -47,7 +58,6 @@ SYM_CODE_START(__efi64_thunk) subq %rax, %rbp subq %rax, %rbx - subq $28, %rsp movl %ebx, 0x0(%rsp) /* return address */ movl %esi, 0x4(%rsp) movl %edx, 0x8(%rsp) @@ -60,7 +70,7 @@ SYM_CODE_START(__efi64_thunk) pushq %rdi /* EFI runtime service address */ lretq -1: movq 24(%rsp), %rsp +1: movq 0x20(%rsp), %rsp pop %rbx pop %rbp retq From patchwork Sun May 9 11:44:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 432866 Delivered-To: patch@linaro.org Received: by 2002:a02:c901:0:0:0:0:0 with SMTP id t1csp1972230jao; Sun, 9 May 2021 04:45:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJySFhXj09ZKqQsCZBKbMKbcyijIh+TLbawMcA+uYEXztDIhA+cyqgkO8YQd+k0k2JzA9LOJ X-Received: by 2002:a02:c9c8:: with SMTP id c8mr16883315jap.71.1620560711293; Sun, 09 May 2021 04:45:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620560711; cv=none; d=google.com; s=arc-20160816; b=O2Z4+O3gqljwLGI9mX1J4pcscbWVC2npGAoSOz6oEiAEZ32a0VXa+QrnOhUsqpjfGk bMrlflLdKf2oJq7fgIVOfr+W9jh2BXMX/XN44EJ/JdM9K7tVE8xoPULUlCi8iUf3scFq XBuOe0GnE+/zc/FfV97WT1qQj84UIJYJd5S3DENJRMYrrcZ0wnyjU0QxckMaHeT0qosZ Zw/xpZKJgJj1kxY4LPn8245ck/0StxVEvR0vaHHJed4WgtCHToiOAzmxqXnP/vx9t0mR xmHwi8g8MnDm+FmqinWCZJk6akvEipbgIxo+DCu5/iM1TKzrNbyUmbEhC6HutuZlCHv7 UubA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=X//EfKNG/JXgT7eprwoHweO50xjUkMsHD1BIDnk0dog=; b=GMUDYHorWKmiY0h2N6Mth96ER0+bYR1gDRRQjDv7/6IrSx4sz8tyQVVRR3/WVKz4vL daUEofNTxK2Ww2+iI6mmRpAPSd8BOlrVUFaaXGAfgJmd5r76LtAGgtXmMfGHYVTCiNCT izLwvnnBrHxbUwb93YxMiiDncALTdl7jAFlbLThSiIqvCb8JgZ8th/lwGm2e8vDcXdwa JSJGCwvU4qXmw+o4KR+YDdU4Aqvijg4wkP3sumqes17tCXXczkFqXtg8pK/yzg0r+hDE 5GZoghu0lGdgJWY4lRe9qrc1HuooKjCxmPYcAjRShMZrzH6enVMeSBqTU3+JTiT65yIT iRGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=k+UMoVGJ; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l2si13644530ios.47.2021.05.09.04.45.11; Sun, 09 May 2021 04:45:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=k+UMoVGJ; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229596AbhEILqN (ORCPT + 1 other); Sun, 9 May 2021 07:46:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51554 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229590AbhEILqN (ORCPT ); Sun, 9 May 2021 07:46:13 -0400 Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2DCC6C061573 for ; Sun, 9 May 2021 04:45:10 -0700 (PDT) Received: by mail-wm1-x333.google.com with SMTP id o26-20020a1c4d1a0000b0290146e1feccdaso8401939wmh.0 for ; Sun, 09 May 2021 04:45:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=X//EfKNG/JXgT7eprwoHweO50xjUkMsHD1BIDnk0dog=; b=k+UMoVGJTcn6jeQGponxOiUb88fptFYg/B6C+VWWxTaZbgK3F5fOqjUsUumel0NbsN avoYmLOgT5vVmnGDJGqxRemUs78LijJTcXn573C7cCGI3+TjcgksumcAX3evPPyBZFlB Ml2Jdp7ymujCimLcdF3eznpsr9fFaAE9Z/A8eDFBEo82qSW475LIvJWeHOIken3EIfg3 /ZJgUwY025MeRn/gxHmGNdPbRZ7kxqkPfVxV6HYAijYoeueo9D5hi4r09YCEKcr7iFV4 KYbtQlRBZWWwCAo71kIWmAGbaWEtSRG7TQjHVAWSM1iR1ZFmCwxWa1x/gOQfj1VGv36D W+Cg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=X//EfKNG/JXgT7eprwoHweO50xjUkMsHD1BIDnk0dog=; b=fSm6dQmu9UIAu9d1ZD212T6KHj9sqzIMeUeyz9bpuTIXRnMOtE/rLNZF1xQqmqsjdG +vOJuG+6vAr02LRYl2+8hTBX+pxeuI7Hc9NJX+kPfRwlgq1F5WGX86sVtuHlR92r2a35 WfBpX9pxEekXd8t+Rd+yNqf3txND3znF3RXHegWjIHg5dofv3ofME/NBSNJB9p+RPG+X TYmjvMlkSegnSbAXGr0tek4/1SaD8KYAy+clR02b5NSKoPYZAi+eX7UlVZmfxYV9FPs9 auTaDih2sxAnocBi2KgIp7nMierZzEmXlD/AC67teyutXOHR6/z3beCjpnDt2TMMDXgw N3MQ== X-Gm-Message-State: AOAM531D3e9riwgi6+JgoZz6jUQrolg5EOb70+8k34lS0xZ/yANvnx57 Abev3nYSXGXTn7i3LHDZBpiAKoC5hXLAbQ== X-Received: by 2002:a05:600c:4642:: with SMTP id n2mr20504325wmo.103.1620560708960; Sun, 09 May 2021 04:45:08 -0700 (PDT) Received: from apalos.home ([2a02:587:466e:1389:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id c8sm17650244wrx.4.2021.05.09.04.45.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 May 2021 04:45:08 -0700 (PDT) From: Ilias Apalodimas To: linux-efi@vger.kernel.org Cc: ardb@kernel.org, pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com, daniel.kiper@oracle.com, James.Bottomley@hansenpartnership.com, leif@nuviainc.com, Ilias Apalodimas Subject: [RFC PATCH 3/4] efi/libstub: consolidate initrd handling across architectures Date: Sun, 9 May 2021 14:44:53 +0300 Message-Id: <20210509114454.185583-4-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210509114454.185583-1-ilias.apalodimas@linaro.org> References: <20210509114454.185583-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Ard Biesheuvel Before adding TPM measurement of the initrd contents, refactor the initrd handling slightly to be more self-contained and consistent. Signed-off-by: Ard Biesheuvel Signed-off-by: Ilias Apalodimas --- .../firmware/efi/libstub/efi-stub-helper.c | 13 +++++++--- drivers/firmware/efi/libstub/efi-stub.c | 10 ++----- drivers/firmware/efi/libstub/efistub.h | 1 - drivers/firmware/efi/libstub/x86-stub.c | 26 +++++++------------ 4 files changed, 21 insertions(+), 29 deletions(-) -- 2.31.0 diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index aa8da0a49829..72a7e7c4d403 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -20,10 +20,10 @@ bool efi_nochunk; bool efi_nokaslr = !IS_ENABLED(CONFIG_RANDOMIZE_BASE); -bool efi_noinitrd; int efi_loglevel = CONSOLE_LOGLEVEL_DEFAULT; bool efi_novamap; +static bool efi_noinitrd; static bool efi_nosoftreserve; static bool efi_disable_pci_dma = IS_ENABLED(CONFIG_EFI_DISABLE_PCI_DMA); @@ -643,8 +643,10 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image, { efi_status_t status; - if (!load_addr || !load_size) - return EFI_INVALID_PARAMETER; + if (efi_noinitrd) { + *load_addr = *load_size = 0; + return EFI_SUCCESS; + } status = efi_load_initrd_dev_path(load_addr, load_size, hard_limit); if (status == EFI_SUCCESS) { @@ -655,7 +657,10 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image, if (status == EFI_SUCCESS && *load_size > 0) efi_info("Loaded initrd from command line option\n"); } - + if (status != EFI_SUCCESS) { + efi_err("Failed to load initrd: 0x%lx\n", status); + *load_addr = *load_size = 0; + } return status; } diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c index 26e69788f27a..e87e7f1b1a33 100644 --- a/drivers/firmware/efi/libstub/efi-stub.c +++ b/drivers/firmware/efi/libstub/efi-stub.c @@ -134,7 +134,6 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, enum efi_secureboot_mode secure_boot; struct screen_info *si; efi_properties_table_t *prop_tbl; - unsigned long max_addr; efi_system_table = sys_table_arg; @@ -240,13 +239,8 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, if (!fdt_addr) efi_info("Generating empty DTB\n"); - if (!efi_noinitrd) { - max_addr = efi_get_max_initrd_addr(image_addr); - status = efi_load_initrd(image, &initrd_addr, &initrd_size, - ULONG_MAX, max_addr); - if (status != EFI_SUCCESS) - efi_err("Failed to load initrd!\n"); - } + efi_load_initrd(image, &initrd_addr, &initrd_size, ULONG_MAX, + efi_get_max_initrd_addr(image_addr)); efi_random_get_seed(); diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index a2825c435158..edb77b0621ea 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -31,7 +31,6 @@ extern bool efi_nochunk; extern bool efi_nokaslr; -extern bool efi_noinitrd; extern int efi_loglevel; extern bool efi_novamap; diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index f14c4ff5839f..01ddd4502e28 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -673,6 +673,7 @@ unsigned long efi_main(efi_handle_t handle, unsigned long bzimage_addr = (unsigned long)startup_32; unsigned long buffer_start, buffer_end; struct setup_header *hdr = &boot_params->hdr; + unsigned long addr, size; efi_status_t status; efi_system_table = sys_table_arg; @@ -761,22 +762,15 @@ unsigned long efi_main(efi_handle_t handle, * arguments will be processed only if image is not NULL, which will be * the case only if we were loaded via the PE entry point. */ - if (!efi_noinitrd) { - unsigned long addr, size; - - status = efi_load_initrd(image, &addr, &size, - hdr->initrd_addr_max, ULONG_MAX); - - if (status != EFI_SUCCESS) { - efi_err("Failed to load initrd!\n"); - goto fail; - } - if (size > 0) { - efi_set_u64_split(addr, &hdr->ramdisk_image, - &boot_params->ext_ramdisk_image); - efi_set_u64_split(size, &hdr->ramdisk_size, - &boot_params->ext_ramdisk_size); - } + status = efi_load_initrd(image, &addr, &size, hdr->initrd_addr_max, + ULONG_MAX); + if (status != EFI_SUCCESS) + goto fail; + if (size > 0) { + efi_set_u64_split(addr, &hdr->ramdisk_image, + &boot_params->ext_ramdisk_image); + efi_set_u64_split(size, &hdr->ramdisk_size, + &boot_params->ext_ramdisk_size); } /* From patchwork Sun May 9 11:44:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 432867 Delivered-To: patch@linaro.org Received: by 2002:a02:c901:0:0:0:0:0 with SMTP id t1csp1972237jao; Sun, 9 May 2021 04:45:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyOJxeFRyAYSMcegDEQQCvf9YU0qAJYR0nWWoPMP216Kr/0PSNoXOdYrJ8O/B9adjBscnQX X-Received: by 2002:a05:6638:d7:: with SMTP id w23mr17289251jao.14.1620560713213; Sun, 09 May 2021 04:45:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620560713; cv=none; d=google.com; s=arc-20160816; b=RsIGA1HSqPJCqTYoDeVd2XbTD4LVibTu3mSk10X/+r1/QXgx8ecCkg+14YfXSp1DhY hOi8MeW2DPez+iUbZoFQ+gjnfX3OC6wWyMHdFmr3NWzDXdpcj3Rt9sjw0cSHpdRMNFvy iBqEGCfSvWCurQvryVsIwnvvi5ZZEDwIzOPW4XFfCG4Z9DF/ahG/yh/xnorknW/WrGXl xKWQPPg9fONnYH9tiq2Em704w7LxcrDD2GhgJQq2DpoBSfXO1k4Fc/l9cpJXSCWREJbR Xp1kQGokoJ+dN8owYm2J8sWiRkyF9bL6UK0QFkdV2Qwll1eFn+uFM3nu9R0D6lI01x+d 8LLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=/ioIvs9kzobkkAHLcK97KuxhTtDxwmJispZo4nSy/tU=; b=CJmCQIdLjcWE21Jug6ReS+NHXHw+PFIMgjiqF9m/DLxsoI3eLSizZ+BOYaeY4PH8bq 9lKLMGb1GwS+EWnuVSfL8GofLj+dekWMqojXPwAHpLnchS5hQeAw6HxpE4QuUIyMmGkc lp54tJ8I1TdjHUshPfLDi7iTBuroRPUEv8Is8zuieLicNZ0jW1DUml5zKQNCal/M8ynr coRSAqA4ww1dHD8tHx3FcZATntizMQCArFJFCS+/J0vSwLT5BRnokYVPqf8dXrv/SP6T mbvlGQ4R1dvMOyErrwgSWAQkCGwySUvjMDwZl/DjPDGhodip/RjaKy0rcGzAogB3XcI0 MQIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=OcesdDDr; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l2si13644530ios.47.2021.05.09.04.45.13; Sun, 09 May 2021 04:45:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=OcesdDDr; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229603AbhEILqP (ORCPT + 1 other); Sun, 9 May 2021 07:46:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51562 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229590AbhEILqO (ORCPT ); Sun, 9 May 2021 07:46:14 -0400 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 60276C061573 for ; Sun, 9 May 2021 04:45:11 -0700 (PDT) Received: by mail-wr1-x432.google.com with SMTP id d4so13683037wru.7 for ; Sun, 09 May 2021 04:45:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/ioIvs9kzobkkAHLcK97KuxhTtDxwmJispZo4nSy/tU=; b=OcesdDDrcM8IxrHPK95o4/hwnzpdS4D+SIj3fxNOd2/7iqBZ5HmK694tJuA7kFmQPF F+/H2V/B/clG2WV5zQA5Gk8B/C7rvrMWq3kDn85R0Yql6KEd1TAjRGNzwqDUcetGNzD+ VEijp4TLZRnHtWpaeTe3Zu4bQkIqgtZgMdn0gagcOLny+EggQ9P/U2yChLR47MzDge0u FX3IdumwT0wtUoX/gWLnEWJsYHLyd6whfmz36O2n+PRM7QOx+A916K+M76Geoat5cNxY pYuk+oa3Oj1Vgtov3yuhf2pjw/K6p8qwKYKX4W5w/7FqzOBWj7UwFSXS4inFOzK9/scg kioQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/ioIvs9kzobkkAHLcK97KuxhTtDxwmJispZo4nSy/tU=; b=aRjehX0MCB0KwzwgvzDvSGx9otkXLIwlaXxPlA3EhfHnDIuqyNR0ZJMCUxPbcLs44b lX5J1xx8YJZ4mGVr8KfJdAWtW4ZCNER4eYNf/HO5NtV75E4Kp9ihTK6tcTrAM4sbQzLR 1FtfB95IoyDvkq7MzIGhu7L9MSGBr3I3qTOM92Qw426DD3QeBjf6ig5K0dfAUa3d2ph4 uvBhOi8BBYH71BgyXDfnX4xsLb2H7TjHMK2sDzFHx+IlovkMKnre2ZAUwOk2pdJ4jFHR X6shfNO4CYDhe29rNXgx2BJ8tjh/Mo7bj1KlqICb812nI72RZ+y4uxwxbxrVRaegnOrs rjLg== X-Gm-Message-State: AOAM5307ACevEIzxVivakZ+BcefIfMEfnOqARdb3BfJtq5pj2yxnmkaC CrZA1lZrbmPs+WCrFNzuqx82Ed85JLORXA== X-Received: by 2002:a5d:6452:: with SMTP id d18mr24409059wrw.127.1620560710184; Sun, 09 May 2021 04:45:10 -0700 (PDT) Received: from apalos.home ([2a02:587:466e:1389:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id c8sm17650244wrx.4.2021.05.09.04.45.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 May 2021 04:45:09 -0700 (PDT) From: Ilias Apalodimas To: linux-efi@vger.kernel.org Cc: ardb@kernel.org, pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com, daniel.kiper@oracle.com, James.Bottomley@hansenpartnership.com, leif@nuviainc.com, Ilias Apalodimas Subject: [RFC PATCH 4/4] efi/libstub: measure loaded initrd info into the TPM Date: Sun, 9 May 2021 14:44:54 +0300 Message-Id: <20210509114454.185583-5-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20210509114454.185583-1-ilias.apalodimas@linaro.org> References: <20210509114454.185583-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org In an effort to ensure the initrd observed and used by the OS is the same one that was meant to be loaded, which is difficult to guarantee otherwise, let's measure the initrd if the EFI stub and specifically the newly introduced LOAD_FILE2 protocol was used. Modify the initrd loading sequence so that the contents of the initrd are measured into PCR9. Note that the patch is currently using EV_EVENT_TAG to create the eventlog entry instead of EV_IPL. According to the TCP PC Client specification this is used for PCRs defined for OS and application usage. Co-developed-by: Ard Biesheuvel Signed-off-by: Ard Biesheuvel Signed-off-by: Ilias Apalodimas --- .../firmware/efi/libstub/efi-stub-helper.c | 72 +++++++++++++++---- 1 file changed, 58 insertions(+), 14 deletions(-) -- 2.31.0 diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index 72a7e7c4d403..c1d415bb534b 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -625,6 +625,47 @@ efi_status_t efi_load_initrd_cmdline(efi_loaded_image_t *image, load_addr, load_size); } +static const struct { + efi_tcg2_event_t event_data; + efi_tcg2_tagged_event_t tagged_event; + u8 tagged_event_data[]; +} initrd_tcg2_event = { + { + sizeof(initrd_tcg2_event) + sizeof("Linux initrd"), + { + sizeof(initrd_tcg2_event.event_data.event_header), + EFI_TCG2_EVENT_HEADER_VERSION, + 9, + EV_EVENT_TAG, + }, + }, + { + INITRD_EVENT_TAG_ID, + sizeof("Linux initrd"), + }, + "Linux initrd", +}; + +void efi_measure_initrd(unsigned long load_addr, unsigned long load_size) +{ + efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID; + efi_tcg2_protocol_t *tcg2 = NULL; + efi_status_t status; + + efi_bs_call(locate_protocol, &tcg2_guid, NULL, (void **)&tcg2); + if (tcg2) { + status = efi_call_proto(tcg2, hash_log_extend_event, + 0, load_addr, load_size, + &initrd_tcg2_event.event_data); + if (status != EFI_SUCCESS) + efi_warn("Failed to measure initrd data: 0x%lx\n", + status); + else + efi_info("Measured initrd data into PCR %d\n", + initrd_tcg2_event.event_data.event_header.pcr_index); + } +} + /** * efi_load_initrd() - Load initial RAM disk * @image: EFI loaded image protocol @@ -645,22 +686,25 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image, if (efi_noinitrd) { *load_addr = *load_size = 0; - return EFI_SUCCESS; + status = EFI_SUCCESS; + } else { + status = efi_load_initrd_dev_path(load_addr, load_size, hard_limit); + if (status == EFI_SUCCESS) { + efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n"); + if (*load_size > 0) + efi_measure_initrd(*load_addr, *load_size); + } else if (status == EFI_NOT_FOUND) { + status = efi_load_initrd_cmdline(image, load_addr, load_size, + soft_limit, hard_limit); + if (status == EFI_SUCCESS && *load_size > 0) + efi_info("Loaded initrd from command line option\n"); + } + if (status != EFI_SUCCESS) { + efi_err("Failed to load initrd: 0x%lx\n", status); + *load_addr = *load_size = 0; + } } - status = efi_load_initrd_dev_path(load_addr, load_size, hard_limit); - if (status == EFI_SUCCESS) { - efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n"); - } else if (status == EFI_NOT_FOUND) { - status = efi_load_initrd_cmdline(image, load_addr, load_size, - soft_limit, hard_limit); - if (status == EFI_SUCCESS && *load_size > 0) - efi_info("Loaded initrd from command line option\n"); - } - if (status != EFI_SUCCESS) { - efi_err("Failed to load initrd: 0x%lx\n", status); - *load_addr = *load_size = 0; - } return status; }