From patchwork Tue Sep 21 07:19:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 514393 Delivered-To: patch@linaro.org Received: by 2002:a02:c816:0:0:0:0:0 with SMTP id p22csp2802473jao; Tue, 21 Sep 2021 00:17:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy0ByX3gQtwcTTwIt3GvIn1cjhdERUIKca8TlB+9Un+CVmoGzMs8UHiGGa3UKOmEpA9dDkP X-Received: by 2002:a50:e10d:: with SMTP id h13mr28837881edl.77.1632208644833; Tue, 21 Sep 2021 00:17:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632208644; cv=none; d=google.com; s=arc-20160816; b=p2hilLWHNIlvE0zeEvsVehQEjS7up0Paot31uW4cX6AuTRqrcDMGpap/CYzOHzSwey KrGzACgDPIvKsSXkuhMpeJu9PydcJPPNmWG+tr/Hw91qSMgdjzIUEesufgZKwn33VcaT JHrd+59O5DzbrSp87lDQbYPeQ5MV7gdEeu2FL6/z8DitD2h5ia0gK/ttCD1Hz4n3xHJd JRam01pb27PsokfiZB7AQ91HegFI7zXg13mKnAv6QBJJDvQFQeg6I7B198L0tFjsHhP8 iUUu5+apcrimMkx5lnoL510/tf3meDq94F0mVGePWC462z46p3OZAdQXOS/IAeapZw5d QeyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=v2O4LRMzu9mz211urPH24ijODpMXtHdM1dc969UbCLI=; b=KR73FUMkH1ElETUM4wIbbHdoyEBZS04J+YX3nSlKOK0HNkRA6j520evUy7Hz/dorIX sihwKpPVPvoWnhHxYheFu/g8kznahKEHq3Hl3sYkXfonY5o+egxk9CDxWcWhVvMGJyYW rCYhnS1DCG/YK5gDes8U3gyeT6Vn5BHOW0mEdDxzaE1ZYSfAmNgUdSIkAiWFU/mlsoPA qun3e5is2y+fUjWZfzYQcxyT9cXr4WFm4ndP2CqQ4vFUQXlzJKgYdS26Yeb1icu74vz2 gGZIm0z+GcScxXVPWNv549JrAU6kgYg7AfjbWA50EM63rmZzhHl5+HU37SJGCdjaDI+4 l57g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=WOncGJA4; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id h12si24609465edb.262.2021.09.21.00.17.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 00:17:24 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=WOncGJA4; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id ED68683278; Tue, 21 Sep 2021 09:17:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="WOncGJA4"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 17E4D8328E; Tue, 21 Sep 2021 09:17:18 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E4CF08326B for ; Tue, 21 Sep 2021 09:17:10 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x102c.google.com with SMTP id v19so13762426pjh.2 for ; Tue, 21 Sep 2021 00:17:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=v2O4LRMzu9mz211urPH24ijODpMXtHdM1dc969UbCLI=; b=WOncGJA4XnbM4cNskND5wTWXGYyOYvcLrUD5nS3A3JrTgvvwbXDDKM+HLPt3xl5V0R +fHNO+LFt7Tp5Riw6T3GulUZPfUYlGNP4qIz1H5MJvDzU9XsFcLKehNzVs4Mx0bkm+11 BcV/66zL0XDxVQlJMJRoz/pUDAPDicyxP9oRXbo4c81L/R+c5hWSQ0RAN/8IPh/croLG ZcsqnyxHzd0l6VBYs+8U7l7++v6AJu3Ri/GMotmX6SZ32FBqqSKmQIo2gtPkYk+opnwr YzrxDLeULuEN36TS47coV+z9Mrkl1oXkLwM+VqjaRIKHiM0DwpiJBQIMD9SW846aITU8 PtXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=v2O4LRMzu9mz211urPH24ijODpMXtHdM1dc969UbCLI=; b=Rk6ynXOsexwm+6Pjgc7QedUKEDr+zERIZTF7q8NJQegKI/YcNjYbocchFkSIT3eq3f 1qG4PgXZqaFYjq8bZnyg0YtunXjtDi7coVni9wVAPl7lLTlo0DMmJDIBYHXhmra1UW/b Y5qrsVjnFp45MRlXFAg0wW+B0Q5ejK9ZR5IGIwZKgeMkIPY2sPm/Pa8taPrdPJOym7j1 WvnocAO+cSXh7gEYVRkLxTiZG1+eK16d6+TZhISO02deVIBy8aqugqAQVAFNuy82EOET qLOoi8k3VFyBZrXt5p4tlQTGnQ8fJadZxU2OlOXu6AcFYQ2Tr0AH/SGjkA9NzbEhBihO ki7Q== X-Gm-Message-State: AOAM530GlgkFpjcZHIAQPUosc0eBj4FahoBa1UPXUX6R/ZMjx1leqSoP bU16xS7LeHDNiFqQ0x3eQqkyIZjeXhw0hb0R X-Received: by 2002:a17:90a:1991:: with SMTP id 17mr3653265pji.149.1632208628726; Tue, 21 Sep 2021 00:17:08 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id i2sm16265093pfa.82.2021.09.21.00.17.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 00:17:08 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Masahisa Kojima , Alexander Graf , Simon Glass , Bin Meng , Christian Gmeiner Subject: [PATCH v2 1/3] efi_loader: add SMBIOS table measurement Date: Tue, 21 Sep 2021 16:19:29 +0900 Message-Id: <20210921071931.3755-2-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210921071931.3755-1-masahisa.kojima@linaro.org> References: <20210921071931.3755-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean TCG PC Client spec requires to measure the SMBIOS table that contain static configuration information (e.g. Platform Manufacturer Enterprise Number assigned by IANA, platform model number, Vendor and Device IDs for each SMBIOS table). The device and environment dependent information such as serial number is cleared to zero or space character for the measurement. Existing smbios_string() function returns pointer to the string with const qualifier, but exisintg use case is updating version string and const qualifier must be removed. This commit removes const qualifier from smbios_string() return value and reuses to clear the strings for the measurement. This commit also fixes the following compiler warning: lib/smbios-parser.c:59:39: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address; Signed-off-by: Masahisa Kojima --- Changes in v2: - use flexible array for table_entry field - modify funtion name to find_smbios_table() - remove unnecessary const qualifier from smbios_string() - create non-const version of next_header() include/efi_loader.h | 2 + include/efi_tcg2.h | 15 ++++ include/smbios.h | 17 +++- lib/efi_loader/Kconfig | 1 + lib/efi_loader/efi_boottime.c | 2 + lib/efi_loader/efi_smbios.c | 2 - lib/efi_loader/efi_tcg2.c | 84 +++++++++++++++++++ lib/smbios-parser.c | 152 +++++++++++++++++++++++++++++++--- 8 files changed, 261 insertions(+), 14 deletions(-) -- 2.17.1 diff --git a/include/efi_loader.h b/include/efi_loader.h index c440962fe5..13f0c24058 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -308,6 +308,8 @@ extern const efi_guid_t efi_guid_capsule_report; extern const efi_guid_t efi_guid_firmware_management_protocol; /* GUID for the ESRT */ extern const efi_guid_t efi_esrt_guid; +/* GUID of the SMBIOS table */ +extern const efi_guid_t smbios_guid; extern char __efi_runtime_start[], __efi_runtime_stop[]; extern char __efi_runtime_rel_start[], __efi_runtime_rel_stop[]; diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index 5a1a36212e..85a032dbbd 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -215,6 +215,21 @@ struct efi_tcg2_uefi_variable_data { u8 variable_data[1]; }; +/** + * struct tdUEFI_HANDOFF_TABLE_POINTERS2 - event log structure of SMBOIS tables + * @table_description_size: size of table description + * @table_description: table description + * @number_of_tables: number of uefi configuration table + * @table_entry: uefi configuration table entry + */ +#define SMBIOS_HANDOFF_TABLE_DESC "SmbiosTable" +struct smbios_handoff_table_pointers2 { + u8 table_description_size; + u8 table_description[sizeof(SMBIOS_HANDOFF_TABLE_DESC)]; + u64 number_of_tables; + struct efi_configuration_table table_entry[]; +} __packed; + struct efi_tcg2_protocol { efi_status_t (EFIAPI * get_capability)(struct efi_tcg2_protocol *this, struct efi_tcg2_boot_service_capability *capability); diff --git a/include/smbios.h b/include/smbios.h index aa6b6f3849..acfcbfe2ca 100644 --- a/include/smbios.h +++ b/include/smbios.h @@ -260,9 +260,9 @@ const struct smbios_header *smbios_header(const struct smbios_entry *entry, int * * @header: pointer to struct smbios_header * @index: string index - * @return: NULL or a valid const char pointer + * @return: NULL or a valid char pointer */ -const char *smbios_string(const struct smbios_header *header, int index); +char *smbios_string(const struct smbios_header *header, int index); /** * smbios_update_version() - Update the version string @@ -292,4 +292,17 @@ int smbios_update_version(const char *version); */ int smbios_update_version_full(void *smbios_tab, const char *version); +/** + * smbios_prepare_measurement() - Update smbios table for the measurement + * + * TCG specification requires to measure static configuration information. + * This function clear the device dependent parameters such as + * serial number for the measurement. + * + * @entry: pointer to a struct smbios_entry + * @header: pointer to a struct smbios_header + */ +void smbios_prepare_measurement(const struct smbios_entry *entry, + struct smbios_header *header); + #endif /* _SMBIOS_H_ */ diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index f4e9129a39..da68a219a3 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -328,6 +328,7 @@ config EFI_TCG2_PROTOCOL select SHA384 select SHA512 select HASH + select SMBIOS_PARSER help Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware of the platform. diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index f0283b539e..701e2212c8 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -86,6 +86,8 @@ const efi_guid_t efi_guid_event_group_reset_system = /* GUIDs of the Load File and Load File2 protocols */ const efi_guid_t efi_guid_load_file_protocol = EFI_LOAD_FILE_PROTOCOL_GUID; const efi_guid_t efi_guid_load_file2_protocol = EFI_LOAD_FILE2_PROTOCOL_GUID; +/* GUID of the SMBIOS table */ +const efi_guid_t smbios_guid = SMBIOS_TABLE_GUID; static efi_status_t EFIAPI efi_disconnect_controller( efi_handle_t controller_handle, diff --git a/lib/efi_loader/efi_smbios.c b/lib/efi_loader/efi_smbios.c index 2eb4cb1c1a..fc0b23397c 100644 --- a/lib/efi_loader/efi_smbios.c +++ b/lib/efi_loader/efi_smbios.c @@ -13,8 +13,6 @@ #include #include -static const efi_guid_t smbios_guid = SMBIOS_TABLE_GUID; - /* * Install the SMBIOS table as a configuration table. * diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index cb48919223..4f68f6dfd5 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -1449,6 +1450,81 @@ error: return ret; } +/** + * tcg2_measure_smbios() - measure smbios table + * + * @dev: TPM device + * @entry: pointer to the smbios_entry structure + * + * Return: status code + */ +static efi_status_t +tcg2_measure_smbios(struct udevice *dev, + const struct smbios_entry *entry) +{ + efi_status_t ret; + struct smbios_header *smbios_copy; + struct smbios_handoff_table_pointers2 *event = NULL; + u32 event_size; + + /* + * TCG PC Client PFP Spec says + * "SMBIOS structures that contain static configuration information + * (e.g. Platform Manufacturer Enterprise Number assigned by IANA, + * platform model number, Vendor and Device IDs for each SMBIOS table) + * that is relevant to the security of the platform MUST be measured". + * Device dependent parameters such as serial number are cleared to + * zero or spaces for the measurement. + */ + event_size = sizeof(struct smbios_handoff_table_pointers2) + + FIELD_SIZEOF(struct efi_configuration_table, guid) + + entry->struct_table_length; + event = calloc(1, event_size); + if (!event) { + ret = EFI_OUT_OF_RESOURCES; + goto out; + } + + event->table_description_size = sizeof(SMBIOS_HANDOFF_TABLE_DESC); + memcpy(event->table_description, SMBIOS_HANDOFF_TABLE_DESC, + sizeof(SMBIOS_HANDOFF_TABLE_DESC)); + put_unaligned_le64(1, &event->number_of_tables); + guidcpy(&event->table_entry[0].guid, &smbios_guid); + smbios_copy = (struct smbios_header *)((uintptr_t)&event->table_entry[0].table); + memcpy(&event->table_entry[0].table, + (void *)((uintptr_t)entry->struct_table_address), + entry->struct_table_length); + + smbios_prepare_measurement(entry, smbios_copy); + + ret = tcg2_measure_event(dev, 1, EV_EFI_HANDOFF_TABLES2, event_size, + (u8 *)event); + if (ret != EFI_SUCCESS) + goto out; + +out: + free(event); + + return ret; +} + +/** + * find_smbios_table() - find smbios table + * + * Return: pointer to the smbios table + */ +static void *find_smbios_table(void) +{ + u32 i; + + for (i = 0; i < systab.nr_tables; i++) { + if (!guidcmp(&smbios_guid, &systab.tables[i].guid)) + return systab.tables[i].table; + } + + return NULL; +} + /** * efi_tcg2_measure_efi_app_invocation() - measure efi app invocation * @@ -1460,6 +1536,7 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(void) u32 pcr_index; struct udevice *dev; u32 event = 0; + struct smbios_entry *entry; if (tcg2_efi_app_invoked) return EFI_SUCCESS; @@ -1485,6 +1562,13 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(void) goto out; } + entry = (struct smbios_entry *)find_smbios_table(); + if (entry) { + ret = tcg2_measure_smbios(dev, entry); + if (ret != EFI_SUCCESS) + goto out; + } + tcg2_efi_app_invoked = true; out: return ret; diff --git a/lib/smbios-parser.c b/lib/smbios-parser.c index 34203f952c..596a967302 100644 --- a/lib/smbios-parser.c +++ b/lib/smbios-parser.c @@ -39,10 +39,8 @@ const struct smbios_entry *smbios_entry(u64 address, u32 size) return entry; } -static const struct smbios_header *next_header(const struct smbios_header *curr) +static u8 *find_next_header(u8 *pos) { - u8 *pos = ((u8 *)curr) + curr->length; - /* search for _double_ NULL bytes */ while (!((*pos == 0) && (*(pos + 1) == 0))) pos++; @@ -50,13 +48,27 @@ static const struct smbios_header *next_header(const struct smbios_header *curr) /* step behind the double NULL bytes */ pos += 2; - return (struct smbios_header *)pos; + return pos; +} + +static struct smbios_header *get_next_header(struct smbios_header *curr) +{ + u8 *pos = ((u8 *)curr) + curr->length; + + return (struct smbios_header *)find_next_header(pos); +} + +static const struct smbios_header *next_header(const struct smbios_header *curr) +{ + u8 *pos = ((u8 *)curr) + curr->length; + + return (struct smbios_header *)find_next_header(pos); } const struct smbios_header *smbios_header(const struct smbios_entry *entry, int type) { const unsigned int num_header = entry->struct_count; - const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address; + const struct smbios_header *header = (struct smbios_header *)((uintptr_t)entry->struct_table_address); for (unsigned int i = 0; i < num_header; i++) { if (header->type == type) @@ -68,8 +80,8 @@ const struct smbios_header *smbios_header(const struct smbios_entry *entry, int return NULL; } -static const char *string_from_smbios_table(const struct smbios_header *header, - int idx) +static char *string_from_smbios_table(const struct smbios_header *header, + int idx) { unsigned int i = 1; u8 *pos; @@ -86,10 +98,10 @@ static const char *string_from_smbios_table(const struct smbios_header *header, pos++; } - return (const char *)pos; + return (char *)pos; } -const char *smbios_string(const struct smbios_header *header, int index) +char *smbios_string(const struct smbios_header *header, int index) { if (!header) return NULL; @@ -109,7 +121,7 @@ int smbios_update_version_full(void *smbios_tab, const char *version) if (!hdr) return log_msg_ret("tab", -ENOENT); bios = (struct smbios_type0 *)hdr; - ptr = (char *)smbios_string(hdr, bios->bios_ver); + ptr = smbios_string(hdr, bios->bios_ver); if (!ptr) return log_msg_ret("str", -ENOMEDIUM); @@ -132,3 +144,123 @@ int smbios_update_version_full(void *smbios_tab, const char *version) return 0; } + +struct smbios_filter_param { + u32 offset; + u32 size; + bool is_string; +}; + +struct smbios_filter_table { + int type; + struct smbios_filter_param *params; + u32 count; +}; + +struct smbios_filter_param smbios_type1_filter_params[] = { + {offsetof(struct smbios_type1, serial_number), + FIELD_SIZEOF(struct smbios_type1, serial_number), true}, + {offsetof(struct smbios_type1, uuid), + FIELD_SIZEOF(struct smbios_type1, uuid), false}, + {offsetof(struct smbios_type1, wakeup_type), + FIELD_SIZEOF(struct smbios_type1, wakeup_type), false}, +}; + +struct smbios_filter_param smbios_type2_filter_params[] = { + {offsetof(struct smbios_type2, serial_number), + FIELD_SIZEOF(struct smbios_type2, serial_number), true}, + {offsetof(struct smbios_type2, chassis_location), + FIELD_SIZEOF(struct smbios_type2, chassis_location), false}, +}; + +struct smbios_filter_param smbios_type3_filter_params[] = { + {offsetof(struct smbios_type3, serial_number), + FIELD_SIZEOF(struct smbios_type3, serial_number), true}, + {offsetof(struct smbios_type3, asset_tag_number), + FIELD_SIZEOF(struct smbios_type3, asset_tag_number), true}, +}; + +struct smbios_filter_param smbios_type4_filter_params[] = { + {offsetof(struct smbios_type4, serial_number), + FIELD_SIZEOF(struct smbios_type4, serial_number), true}, + {offsetof(struct smbios_type4, asset_tag), + FIELD_SIZEOF(struct smbios_type4, asset_tag), true}, + {offsetof(struct smbios_type4, part_number), + FIELD_SIZEOF(struct smbios_type4, part_number), true}, + {offsetof(struct smbios_type4, core_count), + FIELD_SIZEOF(struct smbios_type4, core_count), false}, + {offsetof(struct smbios_type4, core_enabled), + FIELD_SIZEOF(struct smbios_type4, core_enabled), false}, + {offsetof(struct smbios_type4, thread_count), + FIELD_SIZEOF(struct smbios_type4, thread_count), false}, + {offsetof(struct smbios_type4, core_count2), + FIELD_SIZEOF(struct smbios_type4, core_count2), false}, + {offsetof(struct smbios_type4, core_enabled2), + FIELD_SIZEOF(struct smbios_type4, core_enabled2), false}, + {offsetof(struct smbios_type4, thread_count), + FIELD_SIZEOF(struct smbios_type4, thread_count2), false}, + {offsetof(struct smbios_type4, voltage), + FIELD_SIZEOF(struct smbios_type4, voltage), false}, +}; + +struct smbios_filter_table smbios_filter_tables[] = { + {SMBIOS_SYSTEM_INFORMATION, smbios_type1_filter_params, + ARRAY_SIZE(smbios_type1_filter_params)}, + {SMBIOS_BOARD_INFORMATION, smbios_type2_filter_params, + ARRAY_SIZE(smbios_type2_filter_params)}, + {SMBIOS_SYSTEM_ENCLOSURE, smbios_type3_filter_params, + ARRAY_SIZE(smbios_type3_filter_params)}, + {SMBIOS_PROCESSOR_INFORMATION, smbios_type4_filter_params, + ARRAY_SIZE(smbios_type4_filter_params)}, +}; + +static void clear_smbios_table(struct smbios_header *header, + struct smbios_filter_param *filter, + u32 count) +{ + u32 i; + char *str; + u8 string_id; + + for (i = 0; i < count; i++) { + if (filter[i].is_string) { + string_id = *((u8 *)header + filter[i].offset); + if (string_id == 0) /* string is empty */ + continue; + + str = smbios_string(header, string_id); + if (!str) + continue; + + /* string is cleared to space, keep '\0' terminator */ + memset(str, ' ', strlen(str)); + + } else { + memset((void *)((u8 *)header + filter[i].offset), + 0, filter[i].size); + } + } +} + +void smbios_prepare_measurement(const struct smbios_entry *entry, + struct smbios_header *smbios_copy) +{ + u32 i, j; + struct smbios_header *header; + + for (i = 0; i < ARRAY_SIZE(smbios_filter_tables); i++) { + header = smbios_copy; + for (j = 0; j < entry->struct_count; j++) { + if (header->type == smbios_filter_tables[i].type) + break; + + header = get_next_header(header); + } + if (j >= entry->struct_count) + continue; + + clear_smbios_table(header, + smbios_filter_tables[i].params, + smbios_filter_tables[i].count); + } +} From patchwork Tue Sep 21 07:19:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 514394 Delivered-To: patch@linaro.org Received: by 2002:a02:c816:0:0:0:0:0 with SMTP id p22csp2802635jao; Tue, 21 Sep 2021 00:17:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyeROGLW2T204smV2CFZvSmipQItWNuGh3N5SX+X5SGC2ifqcGoi6a27a/MIHqifHTqdVUA X-Received: by 2002:aa7:c38c:: with SMTP id k12mr34038361edq.45.1632208656324; Tue, 21 Sep 2021 00:17:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632208656; cv=none; d=google.com; s=arc-20160816; b=Jvpt8jzOtVAC7uL0jTBqkiDElMEaV1MKxiVdb1BJAsNYI6DphXxsNLCjxqufGQ/2Ve ooqfkdQlnehr6KtHpXCvolqt3ijtxySab9PRq690T8NQEhZUcgHTczQ1kJnRbwdubgWh Xww3zXa9RZlFKvPvZFz0oJUkCtu8CYOLO+K2f5/qBr8dHuQ2LbHNCUqfn306zsvwM0ok mV7Q7r467Q/QrnBj9fgGTeS4EZH9LUf4NFZve2FN5KXwar5Dr4qF+UYDagPKT/F+joxl Y3cMcnMXGvBPLGYl26hsYwUiAqJIT2RbKj0NeDb3K8PCNlGVgdxIo9BCSurBIiGRJbFQ aQfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=UmzZpi41B8wSFKDwmh/pqCBfToDDVK6tYU+jStAhhpU=; b=Q1JAaNALwKTVxR08SNZZ1bZjFLuUvloDbVX7Sq4Rta+yqGJWbekuGNnN/7lXLEijKr hX2+9xreo3xseQjGwU2xkuC+RX+IMdWpu1ANr0dVTVvcaM5Od0iyxkcUmmFChpetqQdX GtiaNxYZTVmFSmTxIm23jeG0RGUFA16NLbY7Olbdv0Wrgg7y3waHWI5RT62lF3xSbgwV 4vcCXQpofjXZjAC6QNth5RbkQDGPI+u+TRgGS9ZjBortdW7m/+p5mLc/eEWHqxSBj5PG xNZc3uYwJOVPouHB8Y/gYkI/I3YGPdm6eMe/R88YA4zMruV9tS0K9+Hnb9EwKxmzDCkC JMvw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Zg6hZZTr; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id m14si19208831ejn.581.2021.09.21.00.17.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 00:17:36 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Zg6hZZTr; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 9325D8327E; Tue, 21 Sep 2021 09:17:27 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="Zg6hZZTr"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8CD668326B; Tue, 21 Sep 2021 09:17:19 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pl1-x62b.google.com (mail-pl1-x62b.google.com [IPv6:2607:f8b0:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id DE06E83278 for ; Tue, 21 Sep 2021 09:17:12 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pl1-x62b.google.com with SMTP id n2so10150484plk.12 for ; Tue, 21 Sep 2021 00:17:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=UmzZpi41B8wSFKDwmh/pqCBfToDDVK6tYU+jStAhhpU=; b=Zg6hZZTrp//FJFWGJ3D7tTVfdtJYq0TN5O3/WxyPEGFemr9Kq/yPbaJak6/eDf3tKy FyKB0Tg+g7xD90X3M9lx/eFhnPVycy/L+brJwmcOIypon7pAvqOeQwykxhh2JENVB1eY EtNuhJx4mHqym1mN17ylxP02rLewfcafQTypKwDlsWUWzIEQ/gTvePwOawaEI4sXSJj/ 6huLeKK5/N0lvVTROnnHl6pZd6UkaEH9zqiTU9TvIyBk0CjPD2OMgP1LBA0AAWcSTXlV 1Hbm8JBYAiwvKcrlgNg5OIk8XOPXKLgnPCd+XfRXx6nJ0TLJ3g+gx8qRaTVw0Rnozequ BKwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=UmzZpi41B8wSFKDwmh/pqCBfToDDVK6tYU+jStAhhpU=; b=VuoFs1emecuBJcEUyMz226/AQV550R8Cc6O/G4Flkocyln53lJA9wEKt7Cyo4l04yl qC9+L/FrAxB9MzCGxVDloDYhR7RU7X0fUvSZvvgh6JtdFICfPci5NfhtSKQx34d7YYdB xEt4eS9KqMLV12iwgzd99mU/z4e65qdFfEmCWxSuF/H94iXSTOOzw1YuomwVshdDkjog /6nZq6cNXMaTTQ4l0vMiGyz8HxhbooJGXsoi+8eXLVVEj10edJ6M53yAXYhdtyS66gou DmAzkZr/nwGLjkfoV/sg/Ybes6+/qOw67p4F9/IG7bNVxrkopQWhIQ3ONp2jhrMzglHm pCrg== X-Gm-Message-State: AOAM530gtP+nkzl4h586A68vblUDdxdbM6nE2Hk3fPdRaJstGiaqhsFp Fbd7UXjBTb0dGmR2R2bsYb7oyFMJ+1uwunoC X-Received: by 2002:a17:90a:af86:: with SMTP id w6mr3707345pjq.8.1632208631006; Tue, 21 Sep 2021 00:17:11 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id i2sm16265093pfa.82.2021.09.21.00.17.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 00:17:10 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Masahisa Kojima , Alexander Graf , Simon Glass Subject: [PATCH v2 2/3] efi_loader: add UEFI GPT measurement Date: Tue, 21 Sep 2021 16:19:30 +0900 Message-Id: <20210921071931.3755-3-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210921071931.3755-1-masahisa.kojima@linaro.org> References: <20210921071931.3755-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This commit adds the UEFI GPT disk partition topology measurement required in TCG PC Client PFP Spec. Signed-off-by: Masahisa Kojima --- (no changes since v1) include/blk.h | 3 + include/efi_loader.h | 2 +- include/efi_tcg2.h | 12 +++ lib/efi_loader/efi_boottime.c | 2 +- lib/efi_loader/efi_tcg2.c | 175 +++++++++++++++++++++++++++++++++- 5 files changed, 191 insertions(+), 3 deletions(-) -- 2.17.1 diff --git a/include/blk.h b/include/blk.h index 19bab081c2..f0cc7ca1a2 100644 --- a/include/blk.h +++ b/include/blk.h @@ -45,6 +45,9 @@ enum if_type { #define BLK_PRD_SIZE 20 #define BLK_REV_SIZE 8 +#define PART_FORMAT_PCAT 0x1 +#define PART_FORMAT_GPT 0x2 + /* * Identifies the partition table type (ie. MBR vs GPT GUID) signature */ diff --git a/include/efi_loader.h b/include/efi_loader.h index 13f0c24058..dbcc296e01 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -503,7 +503,7 @@ efi_status_t efi_init_variables(void); void efi_variables_boot_exit_notify(void); efi_status_t efi_tcg2_notify_exit_boot_services_failed(void); /* Measure efi application invocation */ -efi_status_t efi_tcg2_measure_efi_app_invocation(void); +efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *handle); /* Measure efi application exit */ efi_status_t efi_tcg2_measure_efi_app_exit(void); /* Called by bootefi to initialize root node */ diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index 85a032dbbd..0ecc7f99d7 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -230,6 +230,18 @@ struct smbios_handoff_table_pointers2 { struct efi_configuration_table table_entry[]; } __packed; +/** + * struct tdUEFI_GPT_DATA - event log structure of industry standard tables + * @uefi_partition_header: gpt partition header + * @number_of_partitions: the number of partition + * @partitions: partition entries + */ +struct efi_gpt_data { + gpt_header uefi_partition_header; + u64 number_of_partitions; + gpt_entry partitions[]; +} __packed; + struct efi_tcg2_protocol { efi_status_t (EFIAPI * get_capability)(struct efi_tcg2_protocol *this, struct efi_tcg2_boot_service_capability *capability); diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c index 701e2212c8..bf5661e1ee 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -3003,7 +3003,7 @@ efi_status_t EFIAPI efi_start_image(efi_handle_t image_handle, if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) { if (image_obj->image_type == IMAGE_SUBSYSTEM_EFI_APPLICATION) { - ret = efi_tcg2_measure_efi_app_invocation(); + ret = efi_tcg2_measure_efi_app_invocation(image_obj); if (ret != EFI_SUCCESS) { log_warning("tcg2 measurement fails(0x%lx)\n", ret); diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 4f68f6dfd5..ea2c1ead03 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -1525,12 +1525,181 @@ static void *find_smbios_table(void) return NULL; } +/** + * search_gpt_dp_node() - search gpt device path node + * + * @device_path: device path + * + * Return: pointer to the gpt device path node + */ +static struct +efi_device_path *search_gpt_dp_node(struct efi_device_path *device_path) +{ + struct efi_device_path *dp = device_path; + + while (dp) { + if (dp->type == DEVICE_PATH_TYPE_MEDIA_DEVICE && + dp->sub_type == DEVICE_PATH_SUB_TYPE_HARD_DRIVE_PATH) { + struct efi_device_path_hard_drive_path *hd_dp = + (struct efi_device_path_hard_drive_path *)dp; + + if (hd_dp->partmap_type == PART_FORMAT_GPT && + hd_dp->signature_type == SIG_TYPE_GUID) + return dp; + } + dp = efi_dp_next(dp); + } + + return NULL; +} + +/** + * tcg2_measure_gpt_table() - measure gpt table + * + * @dev: TPM device + * @loaded_image: handle to the loaded image + * + * Return: status code + */ +static efi_status_t +tcg2_measure_gpt_data(struct udevice *dev, + struct efi_loaded_image_obj *loaded_image) +{ + efi_status_t ret; + efi_handle_t handle; + struct efi_handler *dp_handler; + struct efi_device_path *orig_device_path; + struct efi_device_path *device_path; + struct efi_device_path *dp; + struct efi_block_io *block_io; + struct efi_gpt_data *event = NULL; + efi_guid_t null_guid = NULL_GUID; + gpt_header *orig_gpt_h = NULL; + gpt_entry *orig_gpt_e = NULL; + gpt_header *gpt_h = NULL; + gpt_entry *entry = NULL; + gpt_entry *gpt_e; + u32 num_of_valid_entry = 0; + u32 event_size; + u32 i; + u32 total_gpt_entry_size; + + ret = efi_search_protocol(&loaded_image->header, + &efi_guid_loaded_image_device_path, + &dp_handler); + if (ret != EFI_SUCCESS) + return ret; + + orig_device_path = dp_handler->protocol_interface; + device_path = efi_dp_dup(orig_device_path); + if (!device_path) + return EFI_OUT_OF_RESOURCES; + + dp = search_gpt_dp_node(device_path); + if (!dp) { + /* no GPT device path node found, skip GPT measurement */ + ret = EFI_SUCCESS; + goto out1; + } + + /* read GPT header */ + dp->type = DEVICE_PATH_TYPE_END; + dp->sub_type = DEVICE_PATH_SUB_TYPE_END; + dp = device_path; + ret = EFI_CALL(systab.boottime->locate_device_path(&efi_block_io_guid, + &dp, &handle)); + if (ret != EFI_SUCCESS) + goto out1; + + ret = EFI_CALL(efi_handle_protocol(handle, + &efi_block_io_guid, (void **)&block_io)); + if (ret != EFI_SUCCESS) + goto out1; + + orig_gpt_h = calloc(1, (block_io->media->block_size + block_io->media->io_align)); + if (!orig_gpt_h) { + ret = EFI_OUT_OF_RESOURCES; + goto out2; + } + + gpt_h = (gpt_header *)ALIGN((uintptr_t)orig_gpt_h, block_io->media->io_align); + ret = block_io->read_blocks(block_io, block_io->media->media_id, 1, + block_io->media->block_size, gpt_h); + if (ret != EFI_SUCCESS) + goto out2; + + /* read GPT entry */ + total_gpt_entry_size = gpt_h->num_partition_entries * + gpt_h->sizeof_partition_entry; + orig_gpt_e = calloc(1, total_gpt_entry_size + block_io->media->io_align); + entry = (void *)ALIGN((uintptr_t)orig_gpt_e, block_io->media->io_align); + if (!entry) { + ret = EFI_OUT_OF_RESOURCES; + goto out2; + } + + ret = block_io->read_blocks(block_io, block_io->media->media_id, + gpt_h->partition_entry_lba, + total_gpt_entry_size, entry); + if (ret != EFI_SUCCESS) + goto out2; + + /* count valid GPT entry */ + gpt_e = entry; + for (i = 0; i < gpt_h->num_partition_entries; i++) { + if (guidcmp(&null_guid, &gpt_e->partition_type_guid)) + num_of_valid_entry++; + + gpt_e = (gpt_entry *)((u8 *)gpt_e + gpt_h->sizeof_partition_entry); + } + + /* prepare event data for measurement */ + event_size = sizeof(struct efi_gpt_data) + + (num_of_valid_entry * gpt_h->sizeof_partition_entry); + event = calloc(1, event_size); + if (!event) { + ret = EFI_OUT_OF_RESOURCES; + goto out2; + } + memcpy(event, gpt_h, sizeof(gpt_header)); + put_unaligned_le64(num_of_valid_entry, &event->number_of_partitions); + + /* copy valid GPT entry */ + gpt_e = entry; + num_of_valid_entry = 0; + for (i = 0; i < gpt_h->num_partition_entries; i++) { + if (guidcmp(&null_guid, &gpt_e->partition_type_guid)) { + memcpy((u8 *)event->partitions + + (num_of_valid_entry * gpt_h->sizeof_partition_entry), + gpt_e, gpt_h->sizeof_partition_entry); + num_of_valid_entry++; + } + + gpt_e = (gpt_entry *)((u8 *)gpt_e + gpt_h->sizeof_partition_entry); + } + + ret = tcg2_measure_event(dev, 5, EV_EFI_GPT_EVENT, event_size, (u8 *)event); + if (ret != EFI_SUCCESS) + goto out2; + +out2: + EFI_CALL(efi_close_protocol((efi_handle_t)block_io, &efi_block_io_guid, + NULL, NULL)); + free(orig_gpt_h); + free(orig_gpt_e); + free(event); +out1: + efi_free_pool(device_path); + + return ret; +} + /** * efi_tcg2_measure_efi_app_invocation() - measure efi app invocation * * Return: status code */ -efi_status_t efi_tcg2_measure_efi_app_invocation(void) +efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *handle) { efi_status_t ret; u32 pcr_index; @@ -1569,6 +1738,10 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(void) goto out; } + ret = tcg2_measure_gpt_data(dev, handle); + if (ret != EFI_SUCCESS) + goto out; + tcg2_efi_app_invoked = true; out: return ret; From patchwork Tue Sep 21 07:19:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 514395 Delivered-To: patch@linaro.org Received: by 2002:a02:c816:0:0:0:0:0 with SMTP id p22csp2802802jao; Tue, 21 Sep 2021 00:17:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwGYRKvgRooZjzyHthUliTwfM1T5bL55CmZZmt/zDZrvbCnrPI0qra+IA9G0bEK3Ka4Bvbl X-Received: by 2002:a17:907:2bdb:: with SMTP id gv27mr32431569ejc.483.1632208667963; Tue, 21 Sep 2021 00:17:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632208667; cv=none; d=google.com; s=arc-20160816; b=WtAnGv1nVXsw4LPec8eKgnVlxmHINDb/g9wjYdUtBsCkc0RfuXBZZaqvIEtYn6Nlh8 ZyHSU9ig4FC1BJ3dj/YzX8g5abdJUTehIFZ4T1ElIg+G3wYnPzKuIVsbO2gDua44QFuo VD1IEIu7mwexHRoOSlm/+dYEIyoCDIOuVv/v1fqzCEA/DBB1gSwtReus+VD+K0Vo5ITN ODyjKyH877fA+l+RzmoEaXJHt2BkZRSD0fWIOxa6Or3OABBFmo64h0HQefVvshB+RS08 uDdfMYdoYEkqKHeK+lnyCjC4wc2izWKloiwcpZ3xnN3RuwZE+rS9tdrCTdEicY+Ls1ot O7ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=cyCU9zXdBZsrNNW6cAUf6N3JjkvpEVvNj48jPStK0A4=; b=cRoLkg9wAAGaCZtam45OZo4GCSj9Sej/ab56MwuvSY7T5REoXJrXl5EInjoyvwyTCp 1uoANX2rumJd6/hNDa3ribPxthRXfhFfGGr8YtqnEYLyWq7HI0xxGYBg+cPcqdhsvMWC Dt8N+OPZmwqEqTvcvLZ4ln0IPbKr+edZ4/8RRxt3OWCd+x+puAFAKUgh35j1B2R6ovte fYqwMEKQslGDQF6O0dZAhknMpLHPDmZFidW4dlFMK3XJflrXHcfCb0/uObjfMRAKFckg 9Oi7SkWBM2yNz+GhJZXKEEMEsGvdx9MkgGmwEnzm2qevzXxa1X2T5zgl94d0cRUBV/jn 2SAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=oFEptCYF; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id i27si5513776ejh.465.2021.09.21.00.17.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 00:17:47 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=oFEptCYF; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id DFB3A832A5; Tue, 21 Sep 2021 09:17:36 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="oFEptCYF"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 70DAE8328E; Tue, 21 Sep 2021 09:17:24 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 0567A83282 for ; Tue, 21 Sep 2021 09:17:15 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x1035.google.com with SMTP id nn5-20020a17090b38c500b0019af1c4b31fso1860903pjb.3 for ; Tue, 21 Sep 2021 00:17:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=cyCU9zXdBZsrNNW6cAUf6N3JjkvpEVvNj48jPStK0A4=; b=oFEptCYFPwOVm1jU6cpbMETXd7lT7rydw+ORydzWBJN8tvSOWrbzLi26JomWWaJsDq x5UpJ/I7FzmyLxMR13es0EgjbcsUXmuWyBB9lL1nf4iBa0kfZ9FTEL4cpPVfJJ7pxHEG n5lLuYlf8xD+uqvEmUliKd0Yl2nbQ+qg2ghwX5VCTV+KU5hHbKC8JCCasPz1PKWoT3U+ onu7G6GAiV3mw/qjl+9J9+OPZBUsqyvLbpx0cgWMAAR4gfeNTtoepTR05gWImO2jv5XB 1HDcFYYzDLiea7fw06ltI3GYniIYv6YxIl4H1OXhQ8SDexZpBOzXUrdyqb16Q0u6O8x9 JbjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=cyCU9zXdBZsrNNW6cAUf6N3JjkvpEVvNj48jPStK0A4=; b=u7fwXSgjRKSnjQ/acfduwK3UpMPgm74H6hX0hQHVCDxcEKdXONQv6yD134cnewS07c SuiOwntcWJ+x7I7uRK9CYrO9aYBCejXUVeRiPSIaVke4ljFpzwFqjnPnKTa1Eb+Jl9n5 LNbyX8AgGf5iBX73RhOizvtXqRY/rX+Ym3YAjOGaHzivk27ygpJn1tLbYHC34cR6D8KD eKbXIhBYHFnnC9BS9pjltn3TV10EzgcRg4QfO0lrJhQkCiTtZ7C2QENGdVOiq3S9gjB+ JhpSTUhElgbG/8tvx4uBQ0zaxTcTsh51I0hIFFGS7n3JBPNxGeIMVJ+xLlJad+g5DpfF DNKA== X-Gm-Message-State: AOAM531Nb8AzPISaBy1MXuwn/jTdhSzU/nvOFvWKJTzG9f7tP8PR4qBa LTuTNlqbx53c8IK3p+05w+DtDu0NmQNK5qiU X-Received: by 2002:a17:902:ecc4:b0:13d:588b:d83c with SMTP id a4-20020a170902ecc400b0013d588bd83cmr20577971plh.0.1632208632989; Tue, 21 Sep 2021 00:17:12 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id i2sm16265093pfa.82.2021.09.21.00.17.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Sep 2021 00:17:12 -0700 (PDT) From: Masahisa Kojima To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Masahisa Kojima , Alexander Graf Subject: [PATCH v2 3/3] efi_loader: add DeployedMode and AuditMode variable measurement Date: Tue, 21 Sep 2021 16:19:31 +0900 Message-Id: <20210921071931.3755-4-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210921071931.3755-1-masahisa.kojima@linaro.org> References: <20210921071931.3755-1-masahisa.kojima@linaro.org> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This commit adds the DeployedMode and AuditMode variable measurement required in TCG PC Client PFP Spec. Signed-off-by: Masahisa Kojima --- (no changes since v1) lib/efi_loader/efi_tcg2.c | 47 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) -- 2.17.1 diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index ea2c1ead03..68542c7cd3 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include @@ -1828,6 +1829,50 @@ out: return ret; } +/** + * tcg2_measure_deployed_audit_mode() - measure deployedmode and auditmode + * + * @dev: TPM device + * + * Return: status code + */ +static efi_status_t tcg2_measure_deployed_audit_mode(struct udevice *dev) +{ + u8 deployed_mode; + u8 audit_mode; + efi_uintn_t size; + efi_status_t ret; + u32 pcr_index; + + size = sizeof(deployed_mode); + ret = efi_get_variable_int(L"DeployedMode", &efi_global_variable_guid, + NULL, &size, &deployed_mode, NULL); + if (ret != EFI_SUCCESS) + return ret; + + pcr_index = (deployed_mode ? 1 : 7); + + ret = tcg2_measure_variable(dev, pcr_index, + EV_EFI_VARIABLE_DRIVER_CONFIG, + L"DeployedMode", + &efi_global_variable_guid, + size, &deployed_mode); + + size = sizeof(audit_mode); + ret = efi_get_variable_int(L"AuditMode", &efi_global_variable_guid, + NULL, &size, &audit_mode, NULL); + if (ret != EFI_SUCCESS) + return ret; + + ret = tcg2_measure_variable(dev, pcr_index, + EV_EFI_VARIABLE_DRIVER_CONFIG, + L"AuditMode", + &efi_global_variable_guid, + size, &audit_mode); + + return ret; +} + /** * tcg2_measure_secure_boot_variable() - measure secure boot variables * @@ -1891,6 +1936,8 @@ static efi_status_t tcg2_measure_secure_boot_variable(struct udevice *dev) free(data); } + ret = tcg2_measure_deployed_audit_mode(dev); + error: return ret; }