From patchwork Tue Jun 15 09:21:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 460501 Delivered-To: patch@linaro.org Received: by 2002:a02:735a:0:0:0:0:0 with SMTP id a26csp4098161jae; Tue, 15 Jun 2021 02:21:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJztQ655b7Ip0E6kwtjYBOXNmuzARh5PG/d4rjbUpSlFA7XMr5rhXX4mAbswBH/Ekifcd36b X-Received: by 2002:a6b:b215:: with SMTP id b21mr17579185iof.165.1623748873458; Tue, 15 Jun 2021 02:21:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623748873; cv=none; d=google.com; s=arc-20160816; b=L/iDu1THMKW2/zFTOVjRVYkFzIIGuag4+Wp8nl0R7dyRB/k9wDk9GoBHP6wvZVO6De hxHertkWG7+g/gro0dQVDr35qVuMEhOFY1d4HkX9VUx+//k0UROCWqCDRBLYDu34efs1 5lkVplRaMzdTeQdWM7YXokvQs+42yjEd+dSvMB6gp9GDSTVqSolsxSx9azHdyO+hX1CA T6/fKUQ7SyQbch0seiGJsU525/oXyDKzeokso5yLPTfoUEFNMIW9jz4VzMRLhm+f6izX /c1FEiycBCjV5nFp/FDIDx5NRbe76UowUYee87NxDiP9NZlojfyXiEQCWFPWZmgjGclR yncQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=JM6tzI8U43hdDrmMeAqAWUx/ZtfoircetzM39x0T+Qo=; b=N/Lsw7cfBGO3TJTeji3xSdno6xpw6HnhgVyWhCd33e7AKdXMQupsrwlWg02vtiQgUT 7bTeZyRbAduz97p1yOwBQeOoym/vlMXnG/E4RP2MtxmSJRLF64D4CrTxppulF5a6d7zP 2jaLJOyNgQEQ4ugQhX6nioGyEt/FZEN+b2hauGu8IxaAcqpWQ55GBbEuSgEjr/wotkPp vYn9JIc3eKRbrdm+2Njjcr7+nVY3PB1jkmq7jy4kCM1chqafWtDekPVoOUqlyUytXlwQ syGVadawBopXqx8H8f8H5A1UUH2d15tOele+k0RE7r/jZz6npSb7ERtvcU2AsQW+daxw okUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JEgNgp2m; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n3si6308841ili.116.2021.06.15.02.21.13; Tue, 15 Jun 2021 02:21:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JEgNgp2m; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231145AbhFOJXQ (ORCPT + 1 other); Tue, 15 Jun 2021 05:23:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52164 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231281AbhFOJXQ (ORCPT ); Tue, 15 Jun 2021 05:23:16 -0400 Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 111DDC061574 for ; Tue, 15 Jun 2021 02:21:12 -0700 (PDT) Received: by mail-wr1-x433.google.com with SMTP id a11so17483062wrt.13 for ; Tue, 15 Jun 2021 02:21:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JM6tzI8U43hdDrmMeAqAWUx/ZtfoircetzM39x0T+Qo=; b=JEgNgp2mpvlz9jc2z2cTxpQJ/Lg1JaeXRI6HLKc2o8lfHFAR/NSiIRlyUipj1Y0Hu+ zWoA5n14+90mV43Gx77sMQSX5Bu0ZQbxTUa1icKj0Ebm/B8wOiXTpRP/T3BlF9npxXPn QzP/6UH4wjBKwJYZmR00AirYJqyeM+bxv3Z5RfgjEcdNKSd2PEeKbXl/TZKbxwT1o6aD I1/htrFdauzs85pLsb83mBePR2Ii9fBPUcU0OfS7vyOVaovzVeqovs08iIlawkdXqykQ hl6xIP2GLfCVIORxsYvlqv7QhERZUgkgydHlGYrT5FDFH5ayMbGIMdX+GBLRKVjyhz/6 /llg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JM6tzI8U43hdDrmMeAqAWUx/ZtfoircetzM39x0T+Qo=; b=dHJ/lf/Tbf03uNTsXDQKKfVI7T1SORTSOy2D93fRnNZ8YC+S0dDxyvl0LkuTVlkTsy LPKbkMgc0uOlwAoyX3pwMX7FLsQhK4pQbXG2Z8DYgGg2K/+tSd8lw7qamvjFI0qKg1fA fUYdyGBNRcsXVLTKL7y89DMiUnG7GOT1mkaLhDLhb3bD7/c6LyIqEc+4jV8dfwMyR8ix 7B5zRzYwY4M2IVmrLPxbXsZPmMspuFflaSdgfIEuaeszx7hzKDBI/tu0NBzyHcWx91gj EhAY7nxv/3HEdBt2NuILN+7ivbi1tt588as4k6DrX+aULPXaPiwYfqi+sFtM0E0GTaI+ haOg== X-Gm-Message-State: AOAM5320ST0+FrZ2xnq7LaPdzpsv/hXO39yQyPPRoWTVQa0fmbD2mEny /EKwHb+DREQQ26Gk01bCI+uzZbZOAtABEA== X-Received: by 2002:adf:de91:: with SMTP id w17mr24341724wrl.352.1623748870693; Tue, 15 Jun 2021 02:21:10 -0700 (PDT) Received: from apalos.home ([2a02:587:4680:7ec2:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id h15sm18280113wrq.88.2021.06.15.02.21.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Jun 2021 02:21:10 -0700 (PDT) From: Ilias Apalodimas To: linux-efi@vger.kernel.org Cc: ardb@kernel.org, pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com, daniel.kiper@oracle.com, James.Bottomley@hansenpartnership.com, leif@nuviainc.com, Ilias Apalodimas Subject: [PATCH 1/4] efi/libstub: add prototype of efi_tcg2_protocol::hash_log_extend_event() Date: Tue, 15 Jun 2021 12:21:02 +0300 Message-Id: <20210615092105.288331-2-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210615092105.288331-1-ilias.apalodimas@linaro.org> References: <20210615092105.288331-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Ard Biesheuvel Define the right prototype for efi_tcg2_protocol::hash_log_extend_event() and add the required structs so we can start using it to measure the initrd into the TPM if it was loaded by the EFI stub itself. Co-developed-by: Ilias Apalodimas Signed-off-by: Ilias Apalodimas Signed-off-by: Ard Biesheuvel --- arch/x86/include/asm/efi.h | 4 ++++ drivers/firmware/efi/libstub/efistub.h | 29 +++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) -- 2.31.0 diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h index 4d0b126835b8..85f156f8ef81 100644 --- a/arch/x86/include/asm/efi.h +++ b/arch/x86/include/asm/efi.h @@ -308,6 +308,10 @@ static inline u32 efi64_convert_status(efi_status_t status) #define __efi64_argmap_query_mode(gop, mode, size, info) \ ((gop), (mode), efi64_zero_upper(size), efi64_zero_upper(info)) +/* TCG2 protocol */ +#define __efi64_argmap_hash_log_extend_event(prot, fl, addr, size, ev) \ + ((prot), (fl), 0ULL, (u64)(addr), 0ULL, (u64)(size), 0ULL, ev) + /* * The macros below handle the plumbing for the argument mapping. To add a * mapping for a specific EFI method, simply define a macro diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index cde0a2ef507d..a2825c435158 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -667,6 +667,29 @@ union apple_properties_protocol { typedef u32 efi_tcg2_event_log_format; +#define INITRD_EVENT_TAG_ID 0x8F3B22ECU +#define EV_EVENT_TAG 0x00000006U +#define EFI_TCG2_EVENT_HEADER_VERSION 0x1 + +struct efi_tcg2_event { + u32 event_size; + struct { + u32 header_size; + u16 header_version; + u32 pcr_index; + u32 event_type; + } __packed event_header; + /* u8[] event follows here */ +} __packed; + +struct efi_tcg2_tagged_event { + u32 tagged_event_id; + u32 tagged_event_data_size; + /* u8 tagged event data follows here */ +} __packed; + +typedef struct efi_tcg2_event efi_tcg2_event_t; +typedef struct efi_tcg2_tagged_event efi_tcg2_tagged_event_t; typedef union efi_tcg2_protocol efi_tcg2_protocol_t; union efi_tcg2_protocol { @@ -677,7 +700,11 @@ union efi_tcg2_protocol { efi_physical_addr_t *, efi_physical_addr_t *, efi_bool_t *); - void *hash_log_extend_event; + efi_status_t (__efiapi *hash_log_extend_event)(efi_tcg2_protocol_t *, + u64, + efi_physical_addr_t, + u64, + const efi_tcg2_event_t *); void *submit_command; void *get_active_pcr_banks; void *set_active_pcr_banks; From patchwork Tue Jun 15 09:21:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 460502 Delivered-To: patch@linaro.org Received: by 2002:a02:735a:0:0:0:0:0 with SMTP id a26csp4098178jae; Tue, 15 Jun 2021 02:21:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxw1ygCdx//vE7hJa73XmQjyOvk3BoIh09Hyx/bD9kkT6T1jVxAjmfXADdUA+bJasTKTawj X-Received: by 2002:a5d:91ca:: with SMTP id k10mr1370033ior.23.1623748875386; Tue, 15 Jun 2021 02:21:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623748875; cv=none; d=google.com; s=arc-20160816; b=DACjeSW/bbmqlGguRXwYHrFtYkNVFDKoJyQM8qkQe6EMiXJlmpjyyhSiYeAyDAp4Vm 3OJSpLB5BpMgr+iSQ96QrMbuZa0EQn+yzAIXXuDoyMUN1LGFNMnzKFIfBjxUVdUioALX 92vCbdpbVE8hSn27Oiyvw0AKNGfaIK4hwN3VAuhl3dTANYWjtv5pfR0D6EYza0ZK+wlN 00D+6cbmoYekoMIHkwq+4uviv2DrJOxTre3s/7GiK6FwoAxkhO/++OhLGduUSRgRLyPN i2vIeE63+hi2Wdj33pT5+feGdY4X5JX40GvaI2RVvDfLiqG4EACSPvpzGf1rm7mfV5DD wctQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=hoiAIq/z3yHkNOvXZ9mqTktxHY6cU6zfc8Z8n8hwB2c=; b=iDDF4YUVnfMxN8MAWrLKMQF3XWM56IJTIir8ScAX0GdDnwmchq5BLqwpo0SfrOeQ8M TnDgK7WsrQanMaSjG1C+1LxGJd7BLTCwbZw7RF7qoMQdtq7sd4QO7OOQJlwHK4gBFIgM Kgfe2x2ASBnwd+j745yPn92BE6i5NmotycSst/PznLt0UVb19TOOinWvEGHHYJ60v7S6 kOmFsFadWJSKCBYrVGDIzEx+GNj5WWuVj0PDzBoCGy590qzpEnpvcGPNXGzYo7r8ys52 fOGwAzNDpfOJ8puGcZ2saCYEKU36yQi/ra5D0IolHsOInfxjFr0A75U8X6C+7GEgtx9b NlrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dsuNsbmK; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n3si6308841ili.116.2021.06.15.02.21.15; Tue, 15 Jun 2021 02:21:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=dsuNsbmK; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231209AbhFOJXS (ORCPT + 1 other); Tue, 15 Jun 2021 05:23:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52170 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231281AbhFOJXR (ORCPT ); Tue, 15 Jun 2021 05:23:17 -0400 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 82345C061574 for ; Tue, 15 Jun 2021 02:21:13 -0700 (PDT) Received: by mail-wr1-x42d.google.com with SMTP id v9so1210195wrx.6 for ; Tue, 15 Jun 2021 02:21:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=hoiAIq/z3yHkNOvXZ9mqTktxHY6cU6zfc8Z8n8hwB2c=; b=dsuNsbmKoY2N6+AlN9aaiT+TWOGei21Q4xVOs+s+euqjC6pK0xXN2UNMrdovjUICay YZ/IrnjU5d5qhz0BnY6MufGXsEqcjhfBJnV2IcZB9rwLg56ikKkDA56RvNiTA45VxryG DyEaYBBlbq4UIXsjFG/xrM52wFiHstM/FgwmCevwIVyEwBripWuYUf5VYwh84epaWdkV bjcZfZ1Ab1IIDsN1Gv5gWAAqmnsZI28CUAf4pZiGIOWVhLIvy7eB6emGZ0y80/GFppeI gpyQf7rl0YWh7jpDurD80vRgbgfxO+xrnVUD3Fs53cxdfuPRsSHtSboUjfgghix5Mvsq wS6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=hoiAIq/z3yHkNOvXZ9mqTktxHY6cU6zfc8Z8n8hwB2c=; b=uP730bOY0OCbzjgBS2dkRKLgsY149uUXRvDa1+lcMLTQ4levqu4V5kUrl1ztNMZNY7 qFqghsubj9H1RSJCoLRA+8QL010Lu7XLC6wenDGCatjG0DCRiB8hQu9RFf2F/FKInn3y elvFIShcf3OI1WF58Gj1s+J3VKIqnpfwgBjyMC04A/aBXUSED9j9IylmcdgwBD3XbCYT loK6tOA6m8ihXr9ODfs/Q+pJeEBScaIoLBrlAxh7sjwXsHzKsXY2Ke3G2h/o6PyQX8oO OsxPy9VXPkG3PoNTB52fvfGOR1JJu66v/zdcNnNbgFb/0KVno2QsoFqjwKGqy1wfCgaI f5ZQ== X-Gm-Message-State: AOAM533y3pAxI5w9FyimAYCOexT8GC6q+g/ZHYlWqg+YW+giSmEEki5u 4Vwx47fkmWNZMUzbBSf7knDgMMUPwaaByg== X-Received: by 2002:adf:d1c9:: with SMTP id b9mr23986542wrd.101.1623748872145; Tue, 15 Jun 2021 02:21:12 -0700 (PDT) Received: from apalos.home ([2a02:587:4680:7ec2:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id h15sm18280113wrq.88.2021.06.15.02.21.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Jun 2021 02:21:11 -0700 (PDT) From: Ilias Apalodimas To: linux-efi@vger.kernel.org Cc: ardb@kernel.org, pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com, daniel.kiper@oracle.com, James.Bottomley@hansenpartnership.com, leif@nuviainc.com, Ilias Apalodimas Subject: [PATCH 2/4] efi/libstub: x86/mixed: increase supported argument count Date: Tue, 15 Jun 2021 12:21:03 +0300 Message-Id: <20210615092105.288331-3-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210615092105.288331-1-ilias.apalodimas@linaro.org> References: <20210615092105.288331-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Ard Biesheuvel Increase the number of arguments supported by mixed mode calls, so that we will be able to call into the TCG2 protocol to measure the initrd and extend the associated PCR. This involves the TCG2 protocol's hash_log_extend_event() method, which takes five arguments, three of which are u64 and need to be split, producing a total of 8 outgoing arguments. Signed-off-by: Ard Biesheuvel Signed-off-by: Ilias Apalodimas --- arch/x86/boot/compressed/efi_thunk_64.S | 17 ++++++++++++----- arch/x86/include/asm/efi.h | 10 ++++++---- arch/x86/platform/efi/efi_thunk_64.S | 14 ++++++++++++-- 3 files changed, 30 insertions(+), 11 deletions(-) -- 2.31.0 diff --git a/arch/x86/boot/compressed/efi_thunk_64.S b/arch/x86/boot/compressed/efi_thunk_64.S index 95a223b3e56a..fec6c48d6b30 100644 --- a/arch/x86/boot/compressed/efi_thunk_64.S +++ b/arch/x86/boot/compressed/efi_thunk_64.S @@ -27,8 +27,6 @@ SYM_FUNC_START(__efi64_thunk) push %rbp push %rbx - leaq 1f(%rip), %rbp - movl %ds, %eax push %rax movl %es, %eax @@ -36,19 +34,28 @@ SYM_FUNC_START(__efi64_thunk) movl %ss, %eax push %rax + movq 0x30(%rsp), %rbp + movq 0x38(%rsp), %rbx + movq 0x40(%rsp), %rax + /* * Convert x86-64 ABI params to i386 ABI */ - subq $32, %rsp + subq $48, %rsp movl %esi, 0x0(%rsp) movl %edx, 0x4(%rsp) movl %ecx, 0x8(%rsp) movl %r8d, 0xc(%rsp) movl %r9d, 0x10(%rsp) + movl %ebp, 0x14(%rsp) + movl %ebx, 0x18(%rsp) + movl %eax, 0x1c(%rsp) - leaq 0x14(%rsp), %rbx + leaq 0x20(%rsp), %rbx sgdt (%rbx) + leaq 1f(%rip), %rbp + /* * Switch to gdt with 32-bit segments. This is the firmware GDT * that was installed when the kernel started executing. This @@ -67,7 +74,7 @@ SYM_FUNC_START(__efi64_thunk) pushq %rax lretq -1: addq $32, %rsp +1: addq $48, %rsp movq %rdi, %rax pop %rbx diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h index 85f156f8ef81..a323dbac9182 100644 --- a/arch/x86/include/asm/efi.h +++ b/arch/x86/include/asm/efi.h @@ -46,13 +46,14 @@ extern unsigned long efi_mixed_mode_stack_pa; #define __efi_nargs(...) __efi_nargs_(__VA_ARGS__) #define __efi_nargs_(...) __efi_nargs__(0, ##__VA_ARGS__, \ + __efi_arg_sentinel(9), __efi_arg_sentinel(8), \ __efi_arg_sentinel(7), __efi_arg_sentinel(6), \ __efi_arg_sentinel(5), __efi_arg_sentinel(4), \ __efi_arg_sentinel(3), __efi_arg_sentinel(2), \ __efi_arg_sentinel(1), __efi_arg_sentinel(0)) -#define __efi_nargs__(_0, _1, _2, _3, _4, _5, _6, _7, n, ...) \ +#define __efi_nargs__(_0, _1, _2, _3, _4, _5, _6, _7, _8, _9, n, ...) \ __take_second_arg(n, \ - ({ BUILD_BUG_ON_MSG(1, "__efi_nargs limit exceeded"); 8; })) + ({ BUILD_BUG_ON_MSG(1, "__efi_nargs limit exceeded"); 10; })) #define __efi_arg_sentinel(n) , n /* @@ -176,8 +177,9 @@ extern u64 efi_setup; extern efi_status_t __efi64_thunk(u32, ...); #define efi64_thunk(...) ({ \ - __efi_nargs_check(efi64_thunk, 6, __VA_ARGS__); \ - __efi64_thunk(__VA_ARGS__); \ + u64 __pad[3]; /* must have space for 3 args on the stack */ \ + __efi_nargs_check(efi64_thunk, 9, __VA_ARGS__); \ + __efi64_thunk(__VA_ARGS__, __pad); \ }) static inline bool efi_is_mixed(void) diff --git a/arch/x86/platform/efi/efi_thunk_64.S b/arch/x86/platform/efi/efi_thunk_64.S index fd3dd1708eba..5b7c6e09954e 100644 --- a/arch/x86/platform/efi/efi_thunk_64.S +++ b/arch/x86/platform/efi/efi_thunk_64.S @@ -36,6 +36,17 @@ SYM_CODE_START(__efi64_thunk) movq efi_mixed_mode_stack_pa(%rip), %rsp push %rax + /* + * Copy args passed via the stack + */ + subq $0x24, %rsp + movq 0x18(%rax), %rbp + movq 0x20(%rax), %rbx + movq 0x28(%rax), %rax + movl %ebp, 0x18(%rsp) + movl %ebx, 0x1c(%rsp) + movl %eax, 0x20(%rsp) + /* * Calculate the physical address of the kernel text. */ @@ -47,7 +58,6 @@ SYM_CODE_START(__efi64_thunk) subq %rax, %rbp subq %rax, %rbx - subq $28, %rsp movl %ebx, 0x0(%rsp) /* return address */ movl %esi, 0x4(%rsp) movl %edx, 0x8(%rsp) @@ -60,7 +70,7 @@ SYM_CODE_START(__efi64_thunk) pushq %rdi /* EFI runtime service address */ lretq -1: movq 24(%rsp), %rsp +1: movq 0x20(%rsp), %rsp pop %rbx pop %rbp retq From patchwork Tue Jun 15 09:21:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 460503 Delivered-To: patch@linaro.org Received: by 2002:a02:735a:0:0:0:0:0 with SMTP id a26csp4098187jae; Tue, 15 Jun 2021 02:21:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwkMaRi+md5UiP/csci638/1hyILditsXb6HeQdsVHmaGyEqxOF8G5fNKPkk/0ABGZYhreL X-Received: by 2002:a05:6602:204f:: with SMTP id z15mr18190052iod.172.1623748876333; Tue, 15 Jun 2021 02:21:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623748876; cv=none; d=google.com; s=arc-20160816; b=Mp1Id7gGQ0c8F/rxMeGU/iWUlQ6Nnu1cXjvuzOg6l+LKda4OuCsOlhMdMPlYMtoecp T4mJti3uNZhofCikpj2wk8uZFUTdhvrXkoXL57ZYT2LklqkYWHmbneB+sl6IwPq75/iV 6o0Pdn+LOo0X9m0CD+xNbgd26GB1LzPK3lVxV+BkClha+ymwAP/F4YY4/K9n9fcH1DR6 5z35+gTV2baukO2xfYHejhx6p7SeN3TsQO1NmwWVmjav5ktse4RAqy5/Q3HC7BQ7hd2G 7C/R3NGiprLSqg6soOBaBBbhBlL/HQZ7g3h2eBJkUFAUvbnOlxY1UDXRFNteTLwWix4L pQDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=X//EfKNG/JXgT7eprwoHweO50xjUkMsHD1BIDnk0dog=; b=hQTy6jsNDFsT8NZ5vG4PwQPNVNqGN22qxGOJS5nMx6T9vPtrvoT4KCQToq0DE+SXtE tUif+8PWAk+aVlCRjpSRoI8yc4mHEX4UxjKKU0iPK/aXpVmDjLQnwdhMX8QTVzejPAAT blrP7cgypibHa2WXr7p6/OKIcUllDZuQfVUv6BeGCx8SyJZY+xWD/WUG0CNAjJVK+0qQ ctIZf/lMzui2b24vSXDeyOq3migFm81Pp/YBOWVq6rgy+Gkg/dMA4D7Yl1bVS0ge2YlE wMCUzU+MCIbd8cmL+p3DsR4wIB9x4OK0jysi0BZ37hueBfnBY7BuE04GvTrEWEGR0Nqm TJeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Ij6u9A+w; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n3si6308841ili.116.2021.06.15.02.21.16; Tue, 15 Jun 2021 02:21:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Ij6u9A+w; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231324AbhFOJXT (ORCPT + 1 other); Tue, 15 Jun 2021 05:23:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52176 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231281AbhFOJXT (ORCPT ); Tue, 15 Jun 2021 05:23:19 -0400 Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F1EF0C061574 for ; Tue, 15 Jun 2021 02:21:14 -0700 (PDT) Received: by mail-wr1-x42f.google.com with SMTP id o3so17497133wri.8 for ; Tue, 15 Jun 2021 02:21:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=X//EfKNG/JXgT7eprwoHweO50xjUkMsHD1BIDnk0dog=; b=Ij6u9A+wEItGajtOHn2femzJ6DNgNpzhQn94iSykOTlnWRIWWhoFCPVGL0ysdfiS0i nzAQ6n5de/Lr5RIsaSuDO1g6aaRb9936gxJ1CUKWtMwG/a6Fh8MVvrpNDslX7sH2zQm0 vQ3ndP1BA0qbL2ExhzTd3sw0OLHDvkfmWpsSpaySRrlOe+jYhzoGl1zwiZQLjWqssh0l ALX1cU5TtfHZTuOSTGc198MkDHnEXe1rrUdg7d9P69tDqovwmmaVjVNO6fAEI1lfl4f7 AUTnVNgYPzfAtbrWXB7LtVbJIUaQIBno7hkCzRgwcUl85feHHndcyPNNgCQzNEpwH1Zz oRxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=X//EfKNG/JXgT7eprwoHweO50xjUkMsHD1BIDnk0dog=; b=Ien9rW16V89FTekKmiO9LNeFOpdTRTld41KmtLBrqLbov/wSZubcTuGJS+qqOSI8MD Y1Hr0exR9k3TndUDPJcs3xs+tp6Su1Fxo4VfLC273qgbl77DbdCmTjlo2BIY/hvJo6aj IzTckNc45bGnswQCl9/zS4yFePQuPSfGJnEfSkyiE+2XLXY4XEECGQjU7OvQmtA1u+tn R+OtrTl4YL5DXsvqauvyKIi1PTKOfUnWoYByWlVE0gxFyULlIvooTfJbqLzRrTqQd1c/ pihVI3+ljkrqAq5hRnDFIHDCNAw4BUyUb/IYqxatD7XHW9r5iFkStMJuwpYdMCSuJRtF YYKw== X-Gm-Message-State: AOAM530Zd0MteUV+g+C+sgBpLPDpp7MktQZRBwIk+mNHE1OFqnvQxXQ9 /tSBd4iI1VrL83ZS2dOkJTcJInr44aU1Mg== X-Received: by 2002:adf:ec43:: with SMTP id w3mr23291096wrn.270.1623748873577; Tue, 15 Jun 2021 02:21:13 -0700 (PDT) Received: from apalos.home ([2a02:587:4680:7ec2:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id h15sm18280113wrq.88.2021.06.15.02.21.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Jun 2021 02:21:13 -0700 (PDT) From: Ilias Apalodimas To: linux-efi@vger.kernel.org Cc: ardb@kernel.org, pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com, daniel.kiper@oracle.com, James.Bottomley@hansenpartnership.com, leif@nuviainc.com, Ilias Apalodimas Subject: [PATCH 3/4] efi/libstub: consolidate initrd handling across architectures Date: Tue, 15 Jun 2021 12:21:04 +0300 Message-Id: <20210615092105.288331-4-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210615092105.288331-1-ilias.apalodimas@linaro.org> References: <20210615092105.288331-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org From: Ard Biesheuvel Before adding TPM measurement of the initrd contents, refactor the initrd handling slightly to be more self-contained and consistent. Signed-off-by: Ard Biesheuvel Signed-off-by: Ilias Apalodimas --- .../firmware/efi/libstub/efi-stub-helper.c | 13 +++++++--- drivers/firmware/efi/libstub/efi-stub.c | 10 ++----- drivers/firmware/efi/libstub/efistub.h | 1 - drivers/firmware/efi/libstub/x86-stub.c | 26 +++++++------------ 4 files changed, 21 insertions(+), 29 deletions(-) -- 2.31.0 diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index aa8da0a49829..72a7e7c4d403 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -20,10 +20,10 @@ bool efi_nochunk; bool efi_nokaslr = !IS_ENABLED(CONFIG_RANDOMIZE_BASE); -bool efi_noinitrd; int efi_loglevel = CONSOLE_LOGLEVEL_DEFAULT; bool efi_novamap; +static bool efi_noinitrd; static bool efi_nosoftreserve; static bool efi_disable_pci_dma = IS_ENABLED(CONFIG_EFI_DISABLE_PCI_DMA); @@ -643,8 +643,10 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image, { efi_status_t status; - if (!load_addr || !load_size) - return EFI_INVALID_PARAMETER; + if (efi_noinitrd) { + *load_addr = *load_size = 0; + return EFI_SUCCESS; + } status = efi_load_initrd_dev_path(load_addr, load_size, hard_limit); if (status == EFI_SUCCESS) { @@ -655,7 +657,10 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image, if (status == EFI_SUCCESS && *load_size > 0) efi_info("Loaded initrd from command line option\n"); } - + if (status != EFI_SUCCESS) { + efi_err("Failed to load initrd: 0x%lx\n", status); + *load_addr = *load_size = 0; + } return status; } diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c index 26e69788f27a..e87e7f1b1a33 100644 --- a/drivers/firmware/efi/libstub/efi-stub.c +++ b/drivers/firmware/efi/libstub/efi-stub.c @@ -134,7 +134,6 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, enum efi_secureboot_mode secure_boot; struct screen_info *si; efi_properties_table_t *prop_tbl; - unsigned long max_addr; efi_system_table = sys_table_arg; @@ -240,13 +239,8 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle, if (!fdt_addr) efi_info("Generating empty DTB\n"); - if (!efi_noinitrd) { - max_addr = efi_get_max_initrd_addr(image_addr); - status = efi_load_initrd(image, &initrd_addr, &initrd_size, - ULONG_MAX, max_addr); - if (status != EFI_SUCCESS) - efi_err("Failed to load initrd!\n"); - } + efi_load_initrd(image, &initrd_addr, &initrd_size, ULONG_MAX, + efi_get_max_initrd_addr(image_addr)); efi_random_get_seed(); diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h index a2825c435158..edb77b0621ea 100644 --- a/drivers/firmware/efi/libstub/efistub.h +++ b/drivers/firmware/efi/libstub/efistub.h @@ -31,7 +31,6 @@ extern bool efi_nochunk; extern bool efi_nokaslr; -extern bool efi_noinitrd; extern int efi_loglevel; extern bool efi_novamap; diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index f14c4ff5839f..01ddd4502e28 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -673,6 +673,7 @@ unsigned long efi_main(efi_handle_t handle, unsigned long bzimage_addr = (unsigned long)startup_32; unsigned long buffer_start, buffer_end; struct setup_header *hdr = &boot_params->hdr; + unsigned long addr, size; efi_status_t status; efi_system_table = sys_table_arg; @@ -761,22 +762,15 @@ unsigned long efi_main(efi_handle_t handle, * arguments will be processed only if image is not NULL, which will be * the case only if we were loaded via the PE entry point. */ - if (!efi_noinitrd) { - unsigned long addr, size; - - status = efi_load_initrd(image, &addr, &size, - hdr->initrd_addr_max, ULONG_MAX); - - if (status != EFI_SUCCESS) { - efi_err("Failed to load initrd!\n"); - goto fail; - } - if (size > 0) { - efi_set_u64_split(addr, &hdr->ramdisk_image, - &boot_params->ext_ramdisk_image); - efi_set_u64_split(size, &hdr->ramdisk_size, - &boot_params->ext_ramdisk_size); - } + status = efi_load_initrd(image, &addr, &size, hdr->initrd_addr_max, + ULONG_MAX); + if (status != EFI_SUCCESS) + goto fail; + if (size > 0) { + efi_set_u64_split(addr, &hdr->ramdisk_image, + &boot_params->ext_ramdisk_image); + efi_set_u64_split(size, &hdr->ramdisk_size, + &boot_params->ext_ramdisk_size); } /* From patchwork Tue Jun 15 09:21:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 460504 Delivered-To: patch@linaro.org Received: by 2002:a02:735a:0:0:0:0:0 with SMTP id a26csp4098216jae; Tue, 15 Jun 2021 02:21:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxlnMC8J/+6DJflJxwC1NAPvlYKorAUlID8N1arbIo7Fc/954lG7Tvi57Rfjgctb/NBJ/BQ X-Received: by 2002:a05:6e02:1e06:: with SMTP id g6mr16994726ila.192.1623748878472; Tue, 15 Jun 2021 02:21:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623748878; cv=none; d=google.com; s=arc-20160816; b=EnhJsxG6M4O6zbaCIeeJvKz2RViDpI1coEY0x1TsNmocHnEEkN2pNXbrPO4f2W9n6g bEUv70b5NvxVNTCc1stIz/fkMPp7ef37UZyqV4ew5FwhylFtWNFz3fLO4u6KIVtla1E2 SNbIGUh+B6dQc2AZsqCxrrUJsvPud2tZYqOK/jcSIvFR63x4cURbkLjIWKTzJO0uwf3x ecOkl/joKvBxG5U6kiOIfzYNiSpWylBTosIjw9x3T/Bm7Jtjdm6pVvZ7cQmci9c6d64j 6OV+y8IiCKJhc7iAukyrqRJeLUOOE2w632xX8oqc9SdbywAFQkENotfJhtpvG6BTUz9W faXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=/ioIvs9kzobkkAHLcK97KuxhTtDxwmJispZo4nSy/tU=; b=O86KdJQUtxoG3aXrBwBGMJkhGezyCddE5ixTOR2y2x2d0Mgy99KPkIVBh2m4RSFOct YJGk6161stSJmQ8osRGmv4QQtU7MHDFsxj2rJyeaUWJwfpmvYInIZ0D7FYj7nD/GP8g7 GD8VBSlKo0RMxwfufikvujei2JHQ3DQqGZFG30Bz4hxEUczEX/SEUA1ICOxhnulZAwqU C03cGTgrwTiUz3Jw8V87WEKBhFV16U9kdNZ2XKYey4HzqL9FB97j+vmwxkqFVxiuLTTi G4GdHWSnenhbUUE4GPQ+XpOfAYkgjg1Q7metbuLl78OwZyq3OmjtDXtxkNsxJPVNtmQi acKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Ca9BuDcx; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n3si6308841ili.116.2021.06.15.02.21.18; Tue, 15 Jun 2021 02:21:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Ca9BuDcx; spf=pass (google.com: domain of linux-efi-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-efi-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231337AbhFOJXV (ORCPT + 1 other); Tue, 15 Jun 2021 05:23:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52184 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231281AbhFOJXV (ORCPT ); Tue, 15 Jun 2021 05:23:21 -0400 Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56777C061574 for ; Tue, 15 Jun 2021 02:21:16 -0700 (PDT) Received: by mail-wr1-x42a.google.com with SMTP id y7so17491672wrh.7 for ; Tue, 15 Jun 2021 02:21:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/ioIvs9kzobkkAHLcK97KuxhTtDxwmJispZo4nSy/tU=; b=Ca9BuDcxiH3gVC4ECG8WrMxCy8B5dTYf9YGyy0jR1AaugshUYwZ0lcrZVYd4rSiIuB rbDgLcoEkvo+dLbjKGlFjYZAOss7zdsnOTYtn+oPfUYQIkrv+EnwOhs4EQ7jOqjaTeXR 01PhEQ21MQNpn0EdPN3CumaXN0BH2OuGIHnB7cpUgA9VBqA0mwu/uFPa60crDuq1a01i HJ5Mqg5bc44eNPYgl9d8BPfqhWWdrOiSulpIPG6WNR/e0iMJGhHkwsn7SQgt27jnzvKi QG/mOy4KVOxGUgz+H4a2IMR/qt064VXbvUoyoXKRcQLszaNrb2f2rYPXLRKJ7MZlYcXZ xqFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/ioIvs9kzobkkAHLcK97KuxhTtDxwmJispZo4nSy/tU=; b=ednBr8au426RXN8HOXyZ93llVpQB6zzD0N1XsHIw798bQiR9dLCazXez4gaejjOfNC QysKpBr4KODaztX3Abjm0YFOB1EYCmv+d5Z8CrkwlU2NH0w4bMKsJy8xKHnxI+XXMG3P smdbZQjc6YXJN/RQBEn9iYyz+7R7IZlxehrel1z1n9uTK1qwwi39CkqmFnLUNPsbfNxV dPZmN6VfiIWrV8YLUDk88NbTD0ihosPfbhZ0I0tY2+zv6CFx8Vit5/EhYDMv7wDZTuoy bNm/LwKMvuTZf7NTJodenwkSBidJddCil1TGecktprmR2X+fVn6t8OoPlPY9YDLkRJUo GilQ== X-Gm-Message-State: AOAM53211GYpfgKK/S8mxC1dq0+9n8nRaobBjziFnXsbyTUT30dXYvUL wiFAQGpzqDsqNNfx54TI5XWe6gbpbheYpA== X-Received: by 2002:a5d:64e4:: with SMTP id g4mr24254524wri.290.1623748874995; Tue, 15 Jun 2021 02:21:14 -0700 (PDT) Received: from apalos.home ([2a02:587:4680:7ec2:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id h15sm18280113wrq.88.2021.06.15.02.21.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Jun 2021 02:21:14 -0700 (PDT) From: Ilias Apalodimas To: linux-efi@vger.kernel.org Cc: ardb@kernel.org, pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com, daniel.kiper@oracle.com, James.Bottomley@hansenpartnership.com, leif@nuviainc.com, Ilias Apalodimas Subject: [PATCH 4/4] efi/libstub: measure loaded initrd info into the TPM Date: Tue, 15 Jun 2021 12:21:05 +0300 Message-Id: <20210615092105.288331-5-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210615092105.288331-1-ilias.apalodimas@linaro.org> References: <20210615092105.288331-1-ilias.apalodimas@linaro.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-efi@vger.kernel.org In an effort to ensure the initrd observed and used by the OS is the same one that was meant to be loaded, which is difficult to guarantee otherwise, let's measure the initrd if the EFI stub and specifically the newly introduced LOAD_FILE2 protocol was used. Modify the initrd loading sequence so that the contents of the initrd are measured into PCR9. Note that the patch is currently using EV_EVENT_TAG to create the eventlog entry instead of EV_IPL. According to the TCP PC Client specification this is used for PCRs defined for OS and application usage. Co-developed-by: Ard Biesheuvel Signed-off-by: Ard Biesheuvel Signed-off-by: Ilias Apalodimas --- .../firmware/efi/libstub/efi-stub-helper.c | 72 +++++++++++++++---- 1 file changed, 58 insertions(+), 14 deletions(-) -- 2.31.0 diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c index 72a7e7c4d403..c1d415bb534b 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -625,6 +625,47 @@ efi_status_t efi_load_initrd_cmdline(efi_loaded_image_t *image, load_addr, load_size); } +static const struct { + efi_tcg2_event_t event_data; + efi_tcg2_tagged_event_t tagged_event; + u8 tagged_event_data[]; +} initrd_tcg2_event = { + { + sizeof(initrd_tcg2_event) + sizeof("Linux initrd"), + { + sizeof(initrd_tcg2_event.event_data.event_header), + EFI_TCG2_EVENT_HEADER_VERSION, + 9, + EV_EVENT_TAG, + }, + }, + { + INITRD_EVENT_TAG_ID, + sizeof("Linux initrd"), + }, + "Linux initrd", +}; + +void efi_measure_initrd(unsigned long load_addr, unsigned long load_size) +{ + efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID; + efi_tcg2_protocol_t *tcg2 = NULL; + efi_status_t status; + + efi_bs_call(locate_protocol, &tcg2_guid, NULL, (void **)&tcg2); + if (tcg2) { + status = efi_call_proto(tcg2, hash_log_extend_event, + 0, load_addr, load_size, + &initrd_tcg2_event.event_data); + if (status != EFI_SUCCESS) + efi_warn("Failed to measure initrd data: 0x%lx\n", + status); + else + efi_info("Measured initrd data into PCR %d\n", + initrd_tcg2_event.event_data.event_header.pcr_index); + } +} + /** * efi_load_initrd() - Load initial RAM disk * @image: EFI loaded image protocol @@ -645,22 +686,25 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image, if (efi_noinitrd) { *load_addr = *load_size = 0; - return EFI_SUCCESS; + status = EFI_SUCCESS; + } else { + status = efi_load_initrd_dev_path(load_addr, load_size, hard_limit); + if (status == EFI_SUCCESS) { + efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n"); + if (*load_size > 0) + efi_measure_initrd(*load_addr, *load_size); + } else if (status == EFI_NOT_FOUND) { + status = efi_load_initrd_cmdline(image, load_addr, load_size, + soft_limit, hard_limit); + if (status == EFI_SUCCESS && *load_size > 0) + efi_info("Loaded initrd from command line option\n"); + } + if (status != EFI_SUCCESS) { + efi_err("Failed to load initrd: 0x%lx\n", status); + *load_addr = *load_size = 0; + } } - status = efi_load_initrd_dev_path(load_addr, load_size, hard_limit); - if (status == EFI_SUCCESS) { - efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n"); - } else if (status == EFI_NOT_FOUND) { - status = efi_load_initrd_cmdline(image, load_addr, load_size, - soft_limit, hard_limit); - if (status == EFI_SUCCESS && *load_size > 0) - efi_info("Loaded initrd from command line option\n"); - } - if (status != EFI_SUCCESS) { - efi_err("Failed to load initrd: 0x%lx\n", status); - *load_addr = *load_size = 0; - } return status; }