[PATCH v6 1/3] efi_loader: Add check for event log passed from firmware
Ruchika Gupta
ruchika.gupta at linaro.org
Fri Nov 26 11:31:36 CET 2021
Hi Heinrich,
On Fri, 26 Nov 2021 at 13:01, Heinrich Schuchardt <xypron.glpk at gmx.de>
wrote:
> On 11/26/21 06:00, Ruchika Gupta wrote:
> > Platforms may have support to measure their initial firmware components
> > and pass the event log to u-boot. The event log address can be passed
> > in property tpm_event_log_addr and tpm_event_log_size of the tpm node.
> > Platforms may choose their own specific mechanism to do so. A weak
> > function is added to check if even log has been passed to u-boot
> > from earlier firmware components. If available, the eventlog is parsed
> > to check for its correctness and further event logs are appended to the
> > passed log.
> >
> > Signed-off-by: Ruchika Gupta <ruchika.gupta at linaro.org>
> > Tested-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> > Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> > ---
> > v6: No change
> >
> > v5:
> > Shift the efi_init_event_log() to a different location in the file.
> > This help fixes compilation issue introduced by calling
> efi_append_scrtm_version()
> > from it.
> >
> > v4:
> > Add SCRTM version to log only if previous firmware doesn't pass the
> eventlog
> >
> > v3:
> > Return as soon as you detect error
> >
> > v2:
> > Moved firmware eventlog code parsing to tcg2_get_fw_eventlog()
> >
> > lib/efi_loader/efi_tcg2.c | 438 ++++++++++++++++++++++++++++++++------
> > 1 file changed, 369 insertions(+), 69 deletions(-)
> >
> > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
> > index 8c1f22e337..a789c44660 100644
> > --- a/lib/efi_loader/efi_tcg2.c
> > +++ b/lib/efi_loader/efi_tcg2.c
> > @@ -324,6 +324,45 @@ __weak efi_status_t platform_get_tpm2_device(struct
> udevice **dev)
> > return EFI_NOT_FOUND;
> > }
> >
> > +/**
> > + * platform_get_eventlog() - retrieve the eventlog address and size
> > + *
> > + * This function retrieves the eventlog address and size if the
> underlying
> > + * firmware has done some measurements and passed them.
> > + *
> > + * This function may be overridden based on platform specific method of
> > + * passing the eventlog address and size.
> > + *
> > + * @dev: udevice
> > + * @addr: eventlog address
> > + * @sz: eventlog size
> > + * Return: status code
> > + */
> > +__weak efi_status_t platform_get_eventlog(struct udevice *dev, u64
> *addr,
> > + u32 *sz)
>
> This function must be declared in a header to be overridden.
>
> > +{
> > + const u64 *basep;
> > + const u32 *sizep;
> > +
> > + basep = dev_read_prop(dev, "tpm_event_log_addr", NULL);
> > + if (!basep)
> > + return EFI_NOT_FOUND;
> > +
> > + *addr = be64_to_cpup((__force __be64 *)basep);
> > +
> > + sizep = dev_read_prop(dev, "tpm_event_log_size", NULL);
> > + if (!sizep)
> > + return EFI_NOT_FOUND;
> > +
> > + *sz = be32_to_cpup((__force __be32 *)sizep);
> > + if (*sz == 0) {
> > + log_debug("event log empty\n");
> > + return EFI_NOT_FOUND;
> > + }
> > +
> > + return EFI_SUCCESS;
> > +}
> > +
> > /**
> > * tpm2_get_max_command_size() - get the supported max command size
> > *
> > @@ -1181,6 +1220,250 @@ static const struct efi_tcg2_protocol
> efi_tcg2_protocol = {
> > .get_result_of_set_active_pcr_banks =
> efi_tcg2_get_result_of_set_active_pcr_banks,
> > };
> >
> > +/**
> > + * parse_event_log_header() - Parse and verify the event log header
> fields
> > + *
> > + * @buffer: Pointer to the event header
> > + * @size: Size of the eventlog
> > + * @pos: Position in buffer after event log header
> > + *
> > + * Return: status code
> > + */
> > +efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos)
>
> This function should be declared in a header or be static.
>
> Should buffer have type struct tcg_pcr_event *?
>
Since buffer points to the complete eventlog, it would be probably better
to keep it as it is i.e void *.
I will correct the description of this parameter in the function
description to avoid confusion.
> > +{
> > + struct tcg_pcr_event *event_header = (struct tcg_pcr_event
> *)buffer;
> > + int i = 0;
> > +
> > + if (size < sizeof(*event_header))
> > + return EFI_COMPROMISED_DATA;
> > +
> > + if (get_unaligned_le32(&event_header->pcr_index) != 0 ||
> > + get_unaligned_le32(&event_header->event_type) != EV_NO_ACTION)
> > + return EFI_COMPROMISED_DATA;
> > +
> > + for (i = 0; i < sizeof(event_header->digest); i++) {
> > + if (event_header->digest[i] != 0)
>
> if (event_header->digest[i])
>
> > + return EFI_COMPROMISED_DATA;
> > + }
> > +
> > + *pos += sizeof(*event_header);
>
> Do you re
>
Probably you are asking about parameter pos here. pos points to the offset
in the buffer where the next event starts (after the event header)
>
> > +
> > + return EFI_SUCCESS;
> > +}
> > +
> > +/**
> > + * parse_specid_event() - Parse and verify the specID Event in the
> eventlog
> > + *
> > + * @dev: udevice
> > + * @buffer: Pointer to the start of the eventlog
> > + * @log_size: Size of the eventlog
> > + * @pos: Offset in the evenlog where specID event starts
> > + *
> > + * Return: status code
> > + * @pos Offset in the eventlog where the specID
> event ends
>
> Duplicate line
>
> > + * @digest_list: list of digests in the event
>
> Misplaced line
>
> > + */
> > +efi_status_t parse_specid_event(struct udevice *dev, void *buffer, u32
> log_size,
> > + u32 *pos,
> > + struct tpml_digest_values *digest_list)
> > +{
>
> This function should be declared in a header or be static.
>
> > + struct tcg_efi_spec_id_event *spec_event;
> > + struct tcg_pcr_event *event_header = (struct tcg_pcr_event
> *)buffer;
> > + size_t spec_event_size;
> > + u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0;
> > + u32 spec_active = 0;
> > + u16 hash_alg, hash_sz;
> > + u8 vendor_sz;
> > + int err, i;
> > +
> > + /* Check specID event data */
> > + spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer +
> *pos);
> > + /* Check for signature */
> > + if (memcmp(spec_event->signature,
> TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03,
> > + sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) {
> > + log_err("specID Event: Signature mismatch\n");
> > + return EFI_COMPROMISED_DATA;
> > + }
> > +
> > + if (spec_event->spec_version_minor !=
> > + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 ||
> > + spec_event->spec_version_major !=
> > + TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2)
> > + return EFI_COMPROMISED_DATA;
> > +
> > + if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
> > + spec_event->number_of_algorithms < 1) {
> > + log_err("specID Event: Number of algorithms incorrect\n");
> > + return EFI_COMPROMISED_DATA;
> > + }
> > +
> > + alg_count = spec_event->number_of_algorithms;
> > +
> > + err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count);
> > + if (err)
> > + return EFI_DEVICE_ERROR;
> > +
> > + digest_list->count = 0;
> > + /*
> > + * We may need to worry about the order of algs in this structure
> as
>
> %s/algs/algorithms/
>
> > + * subsequent entries in event should be in same order
>
> "We need to worry" sounds like a FIXME. Is there anything to fix or do
> you mean:
>
> We have to take care that the sequence of algorithms that we record in
> digest_list matches the sequence in the event log.
>
> > + */
> > + for (i = 0; i < alg_count; i++) {
> > + hash_alg =
> > +
> get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id);
> > + hash_sz =
> > +
> get_unaligned_le16(&spec_event->digest_sizes[i].digest_size);
> > +
> > + if (!(supported & alg_to_mask(hash_alg))) {
> > + log_err("specID Event: Unsupported algorithm\n");
> > + return EFI_COMPROMISED_DATA;
> > + }
> > + digest_list->digests[digest_list->count++].hash_alg =
> hash_alg;
> > +
> > + spec_active |= alg_to_mask(hash_alg);
> > + }
> > +
> > + /* TCG spec expects the event log to have hashes for all active
> PCR's */
>
> The TCG specification
>
> > + if (spec_active != active) {
> > + /*
> > + * Previous stage bootloader should know all the active
> PCR's
> > + * and use them in the Eventlog.
> > + */
> > + log_err("specID Event: All active hash alg not present\n");
> > + return EFI_COMPROMISED_DATA;
> > + }
> > +
> > + /*
> > + * the size of the spec event and placement of vendor_info_size
> > + * depends on supported algoriths
> > + */
> > + spec_event_size =
> > + offsetof(struct tcg_efi_spec_id_event, digest_sizes) +
> > + alg_count * sizeof(spec_event->digest_sizes[0]);
> > +
> > + vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos +
> spec_event_size);
> > +
> > + spec_event_size += sizeof(vendor_sz) + vendor_sz;
> > + *pos += spec_event_size;
> > +
> > + if (get_unaligned_le32(&event_header->event_size) !=
> spec_event_size) {
> > + log_err("specID event: header event size mismatch\n");
> > + /* Right way to handle this can be to call SetActive PCR's
> */
> > + return EFI_COMPROMISED_DATA;
> > + }
> > +
> > + return EFI_SUCCESS;
> > +}
> > +
>
> Missing function description
>
> > +efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer, u32
> log_size,
> > + u32 *offset, struct tpml_digest_values
> *digest_list,
> > + u32 *pcr)
>
> Exported functions should be declared in a header.
> Or should this function be static?
>
> > +{
> > + struct tcg_pcr_event2 *event = NULL;
> > + u32 event_type, count, size, event_size;
> > + size_t pos;
> > +
> > + if (*offset > log_size)
> > + return EFI_COMPROMISED_DATA;
> > +
> > + event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset);
> > +
> > + *pcr = get_unaligned_le32(&event->pcr_index);
> > +
> > + event_size = tcg_event_final_size(digest_list);
> > +
> > + if (*offset + event_size > log_size) {
> > + log_err("Event exceeds log size\n");
> > + return EFI_COMPROMISED_DATA;
> > + }
> > +
> > + event_type = get_unaligned_le32(&event->event_type);
> > +
> > + /* get the count */
> > + count = get_unaligned_le32(&event->digests.count);
> > + if (count != digest_list->count)
> > + return EFI_COMPROMISED_DATA;
> > +
> > + pos = offsetof(struct tcg_pcr_event2, digests);
> > + pos += offsetof(struct tpml_digest_values, digests);
> > +
> > + for (int i = 0; i < digest_list->count; i++) {
> > + u16 alg;
> > + u16 hash_alg = digest_list->digests[i].hash_alg;
> > + u8 *digest = (u8 *)&digest_list->digests[i].digest;
> > +
> > + alg = get_unaligned_le16((void *)((uintptr_t)event + pos));
> > +
> > + if (alg != hash_alg)
> > + return EFI_COMPROMISED_DATA;
> > +
> > + pos += offsetof(struct tpmt_ha, digest);
> > + memcpy(digest, (void *)((uintptr_t)event + pos),
> alg_to_len(hash_alg));
> > + pos += alg_to_len(hash_alg);
> > + }
> > +
> > + size = get_unaligned_le32((void *)((uintptr_t)event + pos));
> > + event_size += size;
> > + pos += sizeof(u32); /* tcg_pcr_event2 event_size*/
> > + pos += size;
> > +
> > + /* make sure the calculated buffer is what we checked against */
> > + if (pos != event_size)
> > + return EFI_COMPROMISED_DATA;
> > +
> > + if (pos > log_size)
> > + return EFI_COMPROMISED_DATA;
> > +
> > + *offset += pos;
> > +
> > + return EFI_SUCCESS;
> > +}
> > +
>
> Missing function description.
>
> > +efi_status_t tcg2_get_fw_eventlog(struct udevice *dev, void *log_buffer,
> > + size_t *log_sz)
>
> This function should be declared in a header or should be static.
>
> > +{
> > + struct tpml_digest_values digest_list;
> > + void *buffer;
> > + efi_status_t ret;
> > + u32 pcr, pos;
> > + u64 base;
> > + u32 sz;
> > +
> > + ret = platform_get_eventlog(dev, &base, &sz);
> > + if (ret != EFI_SUCCESS)
> > + return ret;
> > +
> > + if (sz > TPM2_EVENT_LOG_SIZE)
> > + return EFI_VOLUME_FULL;
> > +
> > + buffer = (void *)base;
>
> Superfluous conversion.
>
Sorry, I didn't get this comment.
If you meant removing the typecast, base is u64 so when assigning it to a
void pointer, cast would be needed.
On removing the case, I get this warning
buffer = base;
lib/efi_loader/efi_tcg2.c:1518:9: warning: assignment to ‘void *’ from
‘u64’ {aka ‘long long unsigned int’} makes pointer from integer without a
cast [-Wint-conversion]
1518 | buffer = base;
[...]
Regards,
Ruchika
More information about the U-Boot
mailing list