[PATCH] efi_loader: migrate SMBIOS 3.0 entry point structure for measurement
Heinrich Schuchardt
xypron.glpk at gmx.de
Wed Jan 24 10:24:07 CET 2024
On 1/24/24 10:15, Masahisa Kojima wrote:
> Current U-Boot only supports the SMBIOS 3.0 entry point structure.
> TCG2 measurement code should migrate to SMBIOS 3.0 entry
> point structure.
>
> efi_selftest tcg2 test also needs to be updated, and expected
> PCR[1] result is changed since guid for SMBIOS EFI system table
> uses different guid SMBIOS3_TABLE_GUID instead of SMBIOS_TABLE_GUID.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
Hello Maasahisa,
Thank you for looking into this.
SMBIOS tables may be provided by QEMU. Depending on the architecture and
the QEMU release we will see SMBIOS2.1 and SMBIOS3 tables. We should
support measuring for both.
Best regards
Heinrich
> ---
> include/efi_loader.h | 1 +
> include/smbios.h | 4 +-
> lib/efi_loader/efi_tcg2.c | 14 ++--
> lib/efi_selftest/efi_selftest_tcg2.c | 97 +++++++++++++---------------
> lib/smbios-parser.c | 9 ++-
> 5 files changed, 61 insertions(+), 64 deletions(-)
>
> diff --git a/include/efi_loader.h b/include/efi_loader.h
> index d5fca2fa5e..5c5af4f7fd 100644
> --- a/include/efi_loader.h
> +++ b/include/efi_loader.h
> @@ -340,6 +340,7 @@ extern const efi_guid_t efi_guid_firmware_management_protocol;
> extern const efi_guid_t efi_esrt_guid;
> /* GUID of the SMBIOS table */
> extern const efi_guid_t smbios_guid;
> +extern const efi_guid_t smbios3_guid;
> /*GUID of console */
> extern const efi_guid_t efi_guid_text_input_protocol;
> extern const efi_guid_t efi_guid_text_output_protocol;
> diff --git a/include/smbios.h b/include/smbios.h
> index b507b9d9d7..e45303d0d3 100644
> --- a/include/smbios.h
> +++ b/include/smbios.h
> @@ -326,10 +326,10 @@ int smbios_update_version_full(void *smbios_tab, const char *version);
> * This function clear the device dependent parameters such as
> * serial number for the measurement.
> *
> - * @entry: pointer to a struct smbios_entry
> + * @entry: pointer to a struct smbios3_entry
> * @header: pointer to a struct smbios_header
> */
> -void smbios_prepare_measurement(const struct smbios_entry *entry,
> +void smbios_prepare_measurement(const struct smbios3_entry *entry,
> struct smbios_header *header);
>
> #endif /* _SMBIOS_H_ */
> diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
> index 8db35d0b3c..8b4f2fd2da 100644
> --- a/lib/efi_loader/efi_tcg2.c
> +++ b/lib/efi_loader/efi_tcg2.c
> @@ -1075,7 +1075,7 @@ error:
> */
> static efi_status_t
> tcg2_measure_smbios(struct udevice *dev,
> - const struct smbios_entry *entry)
> + const struct smbios3_entry *entry)
> {
> efi_status_t ret;
> struct smbios_header *smbios_copy;
> @@ -1093,7 +1093,7 @@ tcg2_measure_smbios(struct udevice *dev,
> */
> event_size = sizeof(struct smbios_handoff_table_pointers2) +
> FIELD_SIZEOF(struct efi_configuration_table, guid) +
> - entry->struct_table_length;
> + entry->max_struct_size;
> event = calloc(1, event_size);
> if (!event) {
> ret = EFI_OUT_OF_RESOURCES;
> @@ -1104,11 +1104,11 @@ tcg2_measure_smbios(struct udevice *dev,
> memcpy(event->table_description, SMBIOS_HANDOFF_TABLE_DESC,
> sizeof(SMBIOS_HANDOFF_TABLE_DESC));
> put_unaligned_le64(1, &event->number_of_tables);
> - guidcpy(&event->table_entry[0].guid, &smbios_guid);
> + guidcpy(&event->table_entry[0].guid, &smbios3_guid);
> smbios_copy = (struct smbios_header *)((uintptr_t)&event->table_entry[0].table);
> memcpy(&event->table_entry[0].table,
> (void *)((uintptr_t)entry->struct_table_address),
> - entry->struct_table_length);
> + entry->max_struct_size);
>
> smbios_prepare_measurement(entry, smbios_copy);
>
> @@ -1133,7 +1133,7 @@ static void *find_smbios_table(void)
> u32 i;
>
> for (i = 0; i < systab.nr_tables; i++) {
> - if (!guidcmp(&smbios_guid, &systab.tables[i].guid))
> + if (!guidcmp(&smbios3_guid, &systab.tables[i].guid))
> return systab.tables[i].table;
> }
>
> @@ -1360,7 +1360,7 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *ha
> u32 pcr_index;
> struct udevice *dev;
> u32 event = 0;
> - struct smbios_entry *entry;
> + struct smbios3_entry *entry;
>
> if (!is_tcg2_protocol_installed())
> return EFI_SUCCESS;
> @@ -1382,7 +1382,7 @@ efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *ha
> if (ret != EFI_SUCCESS)
> goto out;
>
> - entry = (struct smbios_entry *)find_smbios_table();
> + entry = (struct smbios3_entry *)find_smbios_table();
> if (entry) {
> ret = tcg2_measure_smbios(dev, entry);
> if (ret != EFI_SUCCESS)
> diff --git a/lib/efi_selftest/efi_selftest_tcg2.c b/lib/efi_selftest/efi_selftest_tcg2.c
> index 67a886efaa..fb8b997653 100644
> --- a/lib/efi_selftest/efi_selftest_tcg2.c
> +++ b/lib/efi_selftest/efi_selftest_tcg2.c
> @@ -126,41 +126,40 @@ static u8 boot_order[] = {0x02, 0x10, 0x00, 0x10, 0x01, 0x10};
>
> static void *orig_smbios_table;
> static u64 dmi_addr = U32_MAX;
> -#define SMBIOS_ENTRY_HEADER_SIZE 0x20
> +#define SMBIOS3_ENTRY_HEADER_SIZE 0x18
> /* smbios table for the measurement test */
> -static u8 smbios_table_test[] = {
> -0x5f, 0x53, 0x4d, 0x5f, 0x2c, 0x1f, 0x03, 0x00, 0x54, 0x00, 0x00, 0x00,
> -0x00, 0x00, 0x00, 0x00, 0x5f, 0x44, 0x4d, 0x49, 0x5f, 0xe4, 0x5c, 0x01,
> -0x20, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00,
> -0x01, 0x02, 0x00, 0x00, 0x03, 0x00, 0x80, 0x08, 0x01, 0x00, 0x00, 0x00,
> -0x00, 0x00, 0x00, 0x0c, 0x15, 0x0a, 0xff, 0xff, 0x55, 0x2d, 0x42, 0x6f,
> -0x6f, 0x74, 0x00, 0x32, 0x30, 0x32, 0x31, 0x2e, 0x31, 0x30, 0x2d, 0x72,
> -0x63, 0x34, 0x2d, 0x30, 0x30, 0x30, 0x30, 0x35, 0x2d, 0x67, 0x37, 0x32,
> -0x37, 0x63, 0x33, 0x66, 0x33, 0x32, 0x35, 0x39, 0x2d, 0x64, 0x69, 0x72,
> -0x74, 0x79, 0x00, 0x31, 0x30, 0x2f, 0x30, 0x31, 0x2f, 0x32, 0x30, 0x32,
> -0x31, 0x00, 0x00, 0x01, 0x1b, 0x01, 0x00, 0x01, 0x02, 0x00, 0x03, 0x31,
> -0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00,
> -0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77,
> -0x6e, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x50, 0x72,
> -0x6f, 0x64, 0x75, 0x63, 0x74, 0x00, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
> -0x37, 0x38, 0x00, 0x00, 0x02, 0x0e, 0x02, 0x00, 0x01, 0x02, 0x00, 0x04,
> -0x03, 0x01, 0x01, 0x01, 0x00, 0x0a, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77,
> -0x6e, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x50, 0x72,
> -0x6f, 0x64, 0x75, 0x63, 0x74, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
> -0x33, 0x33, 0x00, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x00,
> -0x00, 0x03, 0x15, 0x03, 0x00, 0x01, 0x03, 0x00, 0x02, 0x03, 0x03, 0x03,
> -0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0x6e,
> -0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x00, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
> -0x37, 0x38, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x00,
> -0x00, 0x04, 0x30, 0x04, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0x00, 0x00,
> -0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00,
> -0x00, 0x01, 0x06, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x02, 0x03, 0x04,
> -0x04, 0x04, 0x08, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00, 0x08, 0x00, 0x01,
> -0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x00, 0x31, 0x32, 0x33,
> -0x34, 0x35, 0x36, 0x37, 0x38, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
> -0x33, 0x33, 0x00, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x00,
> -0x00, 0x20, 0x0b, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> -0x00, 0x00, 0x7f, 0x04, 0x06, 0x00, 0x00, 0x00
> +static u8 smbios3_table_test[] = {
> +0x5f, 0x53, 0x4d, 0x33, 0x5f, 0x00, 0x18, 0x03, 0x07, 0x00, 0x01, 0x00,
> +0x5c, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x18, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x03, 0x00, 0x80, 0x08,
> +0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x15, 0x0a, 0xff, 0xff,
> +0x55, 0x2d, 0x42, 0x6f, 0x6f, 0x74, 0x00, 0x32, 0x30, 0x32, 0x31, 0x2e,
> +0x31, 0x30, 0x2d, 0x72, 0x63, 0x34, 0x2d, 0x30, 0x30, 0x30, 0x30, 0x35,
> +0x2d, 0x67, 0x37, 0x32, 0x37, 0x63, 0x33, 0x66, 0x33, 0x32, 0x35, 0x39,
> +0x2d, 0x64, 0x69, 0x72, 0x74, 0x79, 0x00, 0x31, 0x30, 0x2f, 0x30, 0x31,
> +0x2f, 0x32, 0x30, 0x32, 0x31, 0x00, 0x00, 0x01, 0x1b, 0x01, 0x00, 0x01,
> +0x02, 0x00, 0x03, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x55, 0x6e,
> +0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77,
> +0x6e, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x00, 0x31, 0x32,
> +0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x00, 0x00, 0x02, 0x0e, 0x02, 0x00,
> +0x01, 0x02, 0x00, 0x04, 0x03, 0x01, 0x01, 0x01, 0x00, 0x0a, 0x55, 0x6e,
> +0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77,
> +0x6e, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x00, 0x33, 0x33,
> +0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x31, 0x32, 0x33, 0x34, 0x35,
> +0x36, 0x37, 0x38, 0x00, 0x00, 0x03, 0x15, 0x03, 0x00, 0x01, 0x03, 0x00,
> +0x02, 0x03, 0x03, 0x03, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x00, 0x31, 0x32,
> +0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33,
> +0x33, 0x33, 0x33, 0x00, 0x00, 0x04, 0x30, 0x04, 0x00, 0x00, 0x03, 0x02,
> +0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0c, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x06, 0xff, 0xff, 0xff, 0xff, 0xff,
> +0xff, 0x02, 0x03, 0x04, 0x04, 0x04, 0x08, 0x00, 0x00, 0x02, 0x00, 0x08,
> +0x00, 0x08, 0x00, 0x01, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e,
> +0x00, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x00, 0x33, 0x33,
> +0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x35, 0x35, 0x35, 0x35, 0x35,
> +0x35, 0x35, 0x35, 0x00, 0x00, 0x20, 0x0b, 0x05, 0x00, 0x00, 0x00, 0x00,
> +0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7f, 0x04, 0x06, 0x00, 0x00, 0x00
> };
>
> #define IDX_ARRAY_SZ 3 /* support 24 PCRs */
> @@ -179,10 +178,10 @@ static u8 expected_pcrs[EFI_TCG2_MAX_PCR_INDEX + 1][TPM2_SHA256_DIGEST_SIZE] = {
> 0x7b, 0xb9, 0xfe, 0xa1, 0xcd, 0x64, 0x49, 0xdd,
> 0xed, 0xe2, 0x65, 0x82, 0xc5, 0x3e, 0xf4, 0xc4},
>
> - {0xf5, 0x79, 0xf3, 0x20, 0x62, 0x6e, 0x8b, 0x58,
> - 0x62, 0xa3, 0x4e, 0x2f, 0xb7, 0x10, 0xac, 0x34,
> - 0x4e, 0x68, 0x94, 0x37, 0x87, 0x29, 0xc4, 0xbe,
> - 0xa3, 0xc4, 0xd9, 0x14, 0x2b, 0x66, 0x79, 0x9b},
> + {0x75, 0xb5, 0x91, 0x54, 0x12, 0xa8, 0xa4, 0x25,
> + 0x73, 0x79, 0xa7, 0x47, 0xd9, 0x32, 0x54, 0x78,
> + 0x9a, 0x80, 0x3f, 0xa8, 0x34, 0xfe, 0xd2, 0xae,
> + 0x76, 0xd3, 0x16, 0x4a, 0xb2, 0x03, 0xac, 0xe6},
>
> {0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea,
> 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d,
> @@ -543,7 +542,7 @@ static void *find_smbios_table(const struct efi_system_table *systable)
> u32 i;
>
> for (i = 0; i < systable->nr_tables; i++) {
> - if (!guidcmp(&smbios_guid, &systable->tables[i].guid))
> + if (!guidcmp(&smbios3_guid, &systable->tables[i].guid))
> return systable->tables[i].table;
> }
>
> @@ -558,14 +557,12 @@ static void *find_smbios_table(const struct efi_system_table *systable)
> */
> static efi_status_t setup_smbios_table(const struct efi_system_table *systable)
> {
> - struct smbios_entry *se;
> + struct smbios3_entry *se;
> efi_status_t ret;
> /* Map within the low 32 bits, to allow for 32bit SMBIOS tables */
> void *dmi;
> - char *istart;
> - int isize;
>
> - if (sizeof(smbios_table_test) > EFI_PAGE_SIZE)
> + if (sizeof(smbios3_table_test) > EFI_PAGE_SIZE)
> return EFI_OUT_OF_RESOURCES;
>
> orig_smbios_table = find_smbios_table(systable);
> @@ -586,19 +583,15 @@ static efi_status_t setup_smbios_table(const struct efi_system_table *systable)
>
> dmi = (void *)(uintptr_t)dmi_addr;
> se = dmi;
> - boottime->copy_mem(se, smbios_table_test, sizeof(smbios_table_test));
> + boottime->copy_mem(se, smbios3_table_test, sizeof(smbios3_table_test));
>
> /* update smbios table start address */
> - se->struct_table_address = (uintptr_t)((u8 *)dmi + SMBIOS_ENTRY_HEADER_SIZE);
> + se->struct_table_address = (uintptr_t)((u8 *)dmi + SMBIOS3_ENTRY_HEADER_SIZE);
>
> - /* calculate checksums */
> - istart = (char *)se + SMBIOS_INTERMEDIATE_OFFSET;
> - isize = sizeof(struct smbios_entry) - SMBIOS_INTERMEDIATE_OFFSET;
> - se->intermediate_checksum = table_compute_checksum(istart, isize);
> - se->checksum = table_compute_checksum(se, sizeof(struct smbios_entry));
> + se->checksum = table_compute_checksum(se, sizeof(struct smbios3_entry));
>
> /* Install SMBIOS information as configuration table */
> - ret = boottime->install_configuration_table(&smbios_guid, dmi);
> + ret = boottime->install_configuration_table(&smbios3_guid, dmi);
> if (ret != EFI_SUCCESS) {
> efi_st_error("Cannot install SMBIOS table\n");
> boottime->free_pages(dmi_addr, 1);
> @@ -992,7 +985,7 @@ static int efi_st_tcg2_teardown(void)
> * If orig_smbios_table is NULL, calling install_configuration_table()
> * removes dummy SMBIOS table form systab.
> */
> - r = boottime->install_configuration_table(&smbios_guid, orig_smbios_table);
> + r = boottime->install_configuration_table(&smbios3_guid, orig_smbios_table);
> if (r != EFI_SUCCESS) {
> efi_st_error("Failed to restore SMBOIS table\n");
> return EFI_ST_FAILURE;
> diff --git a/lib/smbios-parser.c b/lib/smbios-parser.c
> index ac9a367a87..f48d743657 100644
> --- a/lib/smbios-parser.c
> +++ b/lib/smbios-parser.c
> @@ -223,21 +223,24 @@ static void clear_smbios_table(struct smbios_header *header,
> }
> }
>
> -void smbios_prepare_measurement(const struct smbios_entry *entry,
> +void smbios_prepare_measurement(const struct smbios3_entry *entry,
> struct smbios_header *smbios_copy)
> {
> u32 i, j;
> + void *table_end;
> struct smbios_header *header;
>
> + table_end = (void *)((u8 *)smbios_copy + entry->max_struct_size);
> +
> for (i = 0; i < ARRAY_SIZE(smbios_filter_tables); i++) {
> header = smbios_copy;
> - for (j = 0; j < entry->struct_count; j++) {
> + for (j = 0; (void *)header < table_end; j++) {
> if (header->type == smbios_filter_tables[i].type)
> break;
>
> header = get_next_header(header);
> }
> - if (j >= entry->struct_count)
> + if ((void *)header >= table_end)
> continue;
>
> clear_smbios_table(header,
More information about the U-Boot
mailing list