From patchwork Wed Dec 7 15:11:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Etienne Carriere X-Patchwork-Id: 631551 Delivered-To: patch@linaro.org Received: by 2002:a17:522:c983:b0:460:3032:e3c4 with SMTP id kr3csp324223pvb; Wed, 7 Dec 2022 07:11:35 -0800 (PST) X-Google-Smtp-Source: AA0mqf4O2ADTYWC9WkAzqLnirwMZeJqYgrQQ+Xh0SOg309vZZkOrERUl5QyWL50iCgiF0kcIFCOz X-Received: by 2002:a02:942a:0:b0:373:d769:bc14 with SMTP id a39-20020a02942a000000b00373d769bc14mr35713377jai.264.1670425895726; Wed, 07 Dec 2022 07:11:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670425895; cv=none; d=google.com; s=arc-20160816; b=gRimN4ZChYkiLgXm16VvIuUaJfG0inh5zyeIwCBAUDoBkqa1LEO7KOQ2+HEvDvMqwf +IjopOAb9NoL3H7PDkDaWyiRLCFFa1E9LiCOhS7WPmWJEtzTarC+LTJV1wXy6nXK5aq5 +7UgV05h4wMxZPGosovn97eagovcYejxEX4fUXONeySUTF4FL0QyN79kKirM62Vdp/yQ QBX52M44gmJ/H/WIykh+2+roCxSgVweJRbCQ6CvzuFPhogT03a+SAzMh3rEhhiXzOjet r4CqOz6T6d1zHNIlzzofL3pj8KHFDcENWgIrDgPFXT+UvpYVKbtniYpsOtlHwZCrDiP2 GJ6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=wdH+I+nL3AcNErNp8oT7LBP5xWkyVQTKvQk8EfUCnWQ=; b=ycttALzm0q4ZZ8lbZNbUnPD3UXbVzUN73LFERfP3SH8TbY0Q6WPfs2d4+LCG8Cgd3l fq4mxDfNcWi0z2j7T2M2CPHbIs6TBtCc+2/JMBruvD86LN2dIxC+ws7iP7SBo1tvd8bG nrBwaAUYDSRQWyu3yYdQgOpIfLGP88KVrfAC7jczsAyrw8mXtd3wBWFlynv4EPaKBwHb Ol2OyO7TgkjdSUHUU7EzOvw7BbAoY2ZWrFmQ+J5YuHB7QI54Ozv4e46HfJp5uj0/26l+ E9fO9OIkQg4UsD1P/sS8CRJi7fTATG8yU0mTeSov5PTskOzZUBNrI5RSpw35vk3/2DEl XTxg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bAZE6Aoc; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id g1-20020a05660226c100b006cd0eaf4538si15921253ioo.10.2022.12.07.07.11.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Dec 2022 07:11:35 -0800 (PST) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bAZE6Aoc; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4E42F852E2; Wed, 7 Dec 2022 16:11:26 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="bAZE6Aoc"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id A263D853F4; Wed, 7 Dec 2022 16:11:24 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 963FA852D6 for ; Wed, 7 Dec 2022 16:11:20 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=fail smtp.mailfrom=etienne.carriere@linaro.org Received: by mail-wr1-x433.google.com with SMTP id d1so28485303wrs.12 for ; Wed, 07 Dec 2022 07:11:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=wdH+I+nL3AcNErNp8oT7LBP5xWkyVQTKvQk8EfUCnWQ=; b=bAZE6AocKBd4FFcPbqypeFet3zs8iMBEKdQTvw+dmfnMRObjpJa2iOT7bUen+lTE6W QJC3KN6p6kJRJrM5Zjp7qxU4fnLLkAuOKd5mbzvKeniA69Iurso882kCws5tRXjWs9Kt hZa2CoC+NWb+lWizCpMyF01FOkvHdduBC8AJVjotbBvEkryR5Cj+FAlomHfTov6fa4wy pd5McFB6FDgV5GxASGRZK8v1vOAjZmcdGIAqdzuRqdIocWFMSAMfbmaO7RjW1deqYJhi KojRPSQtUB72uDu+MTSfWLKAFJ+OmopMzAXTlG+QaA/5UzrPl6Hpbuo26ySzXko/jfZr v1tQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=wdH+I+nL3AcNErNp8oT7LBP5xWkyVQTKvQk8EfUCnWQ=; b=x5s7v1XaHE4h4WbChSibDUMJA8xD328Cpoc+LGmlSk6agQ4o4sv2LoTego6dbwNj4u FcNTEX1KZYQCOGTMfsLSf9Kxg5qJXXACVxryxYgwTNJfFaBWI+o8NwZTnwS8mnNpLPms oT6+w74YDG6GhqdOiAL+DGQ1Kko8D2ku/2xwbwyJUvtx1PQ9H/V5hvkbeSGWYMSAmMwZ mWTEKh67Ii5SrVBx5h7Th1UO/xJ5eJg6YRL608vS7ojoV003yaNbZ5dHvsmW35+rGVOm hNViCdCH1Rc2HHieP5rS6m6PjRCXHa3DHoFsaz8rC/7cxL1biuX2LVQ6UlnUKokz0Mhl Euug== X-Gm-Message-State: ANoB5plmuswHLqZ+7vIdFiwIDHxEsn0HGV0WMFZcYRweTHbHQywaL4E1 eA0XBigVHIYRTmJjpceP7hsMco939vTmhePv3Bc= X-Received: by 2002:a5d:58d9:0:b0:242:16ad:9a8f with SMTP id o25-20020a5d58d9000000b0024216ad9a8fmr394568wrf.58.1670425874752; Wed, 07 Dec 2022 07:11:14 -0800 (PST) Received: from lmecxl1178.lme.st.com ([80.215.162.103]) by smtp.gmail.com with ESMTPSA id z8-20020adfdf88000000b002258235bda3sm19712872wrl.61.2022.12.07.07.11.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Dec 2022 07:11:14 -0800 (PST) From: Etienne Carriere To: u-boot@lists.denx.de Cc: Heinrich Schuchardt , Ilias Apalodimas , Simon Glass , Etienne Carriere Subject: [PATCH] efi_loader: Measure the loaded DTB Date: Wed, 7 Dec 2022 16:11:10 +0100 Message-Id: <20221207151110.529106-1-etienne.carriere@linaro.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean Measures the DTB passed to the EFI application upon new boolean config switch CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB. For platforms where the content of the DTB passed to the OS can change across reboots, there is not point measuring it hence the config switch to allow platform to not embed this feature. Co-developed-by: Ilias Apalodimas Signed-off-by: Ilias Apalodimas Signed-off-by: Etienne Carriere --- cmd/bootefi.c | 9 +++++++++ include/efi_loader.h | 2 ++ include/efi_tcg2.h | 10 ++++++++++ include/tpm-v2.h | 2 ++ lib/efi_loader/Kconfig | 12 ++++++++++++ lib/efi_loader/efi_tcg2.c | 36 ++++++++++++++++++++++++++++++++++++ 6 files changed, 71 insertions(+) diff --git a/cmd/bootefi.c b/cmd/bootefi.c index 2a7d42925d..56e4a1909f 100644 --- a/cmd/bootefi.c +++ b/cmd/bootefi.c @@ -315,6 +315,15 @@ efi_status_t efi_install_fdt(void *fdt) return EFI_LOAD_ERROR; } + /* Measure the installed DTB */ + if (CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL_MEASURE_DTB)) { + ret = efi_tcg2_measure_dtb(fdt); + if (ret == EFI_SECURITY_VIOLATION) { + log_err("ERROR: failed to measure DTB\n"); + return ret; + } + } + /* Prepare device tree for payload */ ret = copy_fdt(&fdt); if (ret) { diff --git a/include/efi_loader.h b/include/efi_loader.h index 0899e293e5..7538b6b828 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -530,6 +530,8 @@ efi_status_t efi_tcg2_notify_exit_boot_services_failed(void); efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *handle); /* Measure efi application exit */ efi_status_t efi_tcg2_measure_efi_app_exit(void); +/* Measure DTB */ +efi_status_t efi_tcg2_measure_dtb(void *fdt); /* Called by bootefi to initialize root node */ efi_status_t efi_root_node_register(void); /* Called by bootefi to initialize runtime */ diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index 874306dc11..b1c3abd097 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -233,6 +233,16 @@ struct efi_gpt_data { gpt_entry partitions[]; } __packed; +/** + * struct tdUEFI_PLATFORM_FIRMWARE_BLOB2 + * @blob_description_size: Byte size of @data + * @data: Description data + */ +struct uefi_platform_firmware_blob2 { + u8 blob_description_size; + u8 data[]; +} __packed; + struct efi_tcg2_protocol { efi_status_t (EFIAPI * get_capability)(struct efi_tcg2_protocol *this, struct efi_tcg2_boot_service_capability *capability); diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 737e57551d..2df3dad553 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -105,6 +105,8 @@ struct udevice; "Exit Boot Services Returned with Failure" #define EFI_EXIT_BOOT_SERVICES_SUCCEEDED \ "Exit Boot Services Returned with Success" +#define EFI_DTB_EVENT_STRING \ + "DTB DATA" /* TPMS_TAGGED_PROPERTY Structure */ struct tpms_tagged_property { diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index e2b643871b..e490236d14 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -337,6 +337,18 @@ config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE this is going to be allocated twice. One for the eventlog it self and one for the configuration table that is required from the spec +config EFI_TCG2_PROTOCOL_MEASURE_DTB + bool "Measure DTB with EFI_TCG2_PROTOCOL" + depends on EFI_TCG2_PROTOCOL + default n + help + When enabled, the DTB image passed to the booted EFI image is + measured using EFI TCG2 protocol. Do not enable this feature if + the passed DTB contains data that change across platform reboots + and cannot be used has a predictable measurement. Otherwise + this feature allows better measurement of the system boot + sequence. + config EFI_LOAD_FILE2_INITRD bool "EFI_FILE_LOAD2_PROTOCOL for Linux initial ramdisk" default y diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index a525ebf75b..51c9d80828 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -2175,6 +2175,42 @@ out1: return ret; } +/** + * efi_tcg2_measure_dtb() - measure the dtb used to boot our OS + * + * @fdt: pointer to the device tree blob + * + * Return: status code + */ +efi_status_t efi_tcg2_measure_dtb(void *fdt) +{ + efi_status_t ret; + struct uefi_platform_firmware_blob2 *blob; + struct udevice *dev; + u32 event_size; + + if (!is_tcg2_protocol_installed()) + return EFI_SUCCESS; + + ret = platform_get_tpm2_device(&dev); + if (ret != EFI_SUCCESS) + return EFI_SECURITY_VIOLATION; + + event_size = sizeof(*blob) + sizeof(EFI_DTB_EVENT_STRING) + fdt_totalsize(fdt); + blob = calloc(1, event_size); + if (!blob) + return EFI_OUT_OF_RESOURCES; + + blob->blob_description_size = sizeof(EFI_DTB_EVENT_STRING); + memcpy(blob->data, EFI_DTB_EVENT_STRING, blob->blob_description_size); + memcpy(blob->data + blob->blob_description_size, fdt, fdt_totalsize(fdt)); + + ret = tcg2_measure_event(dev, 0, EV_POST_CODE, event_size, (u8 *)blob); + + free(blob); + return ret; +} + /** * efi_tcg2_measure_efi_app_invocation() - measure efi app invocation *