From: Jarkko Sakkinen <jarkko@kernel.org>
To: Ross Philipson <ross.philipson@oracle.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, kexec@lists.infradead.org,
linux-efi@vger.kernel.org, iommu@lists.linux-foundation.org,
dpsmith@apertussolutions.com, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, hpa@zytor.com,
dave.hansen@linux.intel.com, ardb@kernel.org,
mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com,
peterhuewe@gmx.de, jgg@ziepe.ca, luto@amacapital.net,
nivedita@alum.mit.edu, herbert@gondor.apana.org.au,
davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com,
dwmw2@infradead.org, baolu.lu@linux.intel.com,
kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com,
trenchboot-devel@googlegroups.com
Subject: Re: [PATCH v12 05/19] x86: Add early SHA-1 support for Secure Launch early measurements
Date: Fri, 7 Mar 2025 07:35:57 +0200 [thread overview]
Message-ID: <Z8qFvYEE19yv7z-8@kernel.org> (raw)
In-Reply-To: <20241219194216.152839-6-ross.philipson@oracle.com>
On Thu, Dec 19, 2024 at 11:42:02AM -0800, Ross Philipson wrote:
> From: "Daniel P. Smith" <dpsmith@apertussolutions.com>
>
> Secure Launch is written to be compliant with the Intel TXT Measured Launch
> Developer's Guide. The MLE Guide dictates that the system can be configured to
> use both the SHA-1 and SHA-2 hashing algorithms.
>
> Regardless of the preference towards SHA-2, if the firmware elected to start
> with the SHA-1 and SHA-2 banks active and the dynamic launch was configured to
> include SHA-1, Secure Launch is obligated to record measurements for all
> algorithms requested in the launch configuration.
>
> The user environment or the integrity management does not desire to use SHA-1,
> it is free to just ignore the SHA-1 bank in any integrity operation with the
> TPM. If there is a larger concern about the SHA-1 bank being active, it is free
> to deliberately cap the SHA-1 PCRs, recording the event in the D-RTM log.
>
> The SHA-1 code here has its origins in the code from the main kernel:
>
> commit c4d5b9f ("crypto: sha1 - implement base layer for SHA-1")
>
> A modified version of this code was introduced to the lib/crypto/sha1.c to bring
> it in line with the SHA-256 code and allow it to be pulled into the setup kernel
> in the same manner as SHA-256 is.
>
> Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
> Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
> ---
> arch/x86/boot/compressed/Makefile | 2 +
> arch/x86/boot/compressed/sha1.c | 6 +++
> include/crypto/sha1.h | 1 +
> lib/crypto/sha1.c | 81 +++++++++++++++++++++++++++++++
> 4 files changed, 90 insertions(+)
> create mode 100644 arch/x86/boot/compressed/sha1.c
>
> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> index f2051644de94..7eb03afb841b 100644
> --- a/arch/x86/boot/compressed/Makefile
> +++ b/arch/x86/boot/compressed/Makefile
> @@ -107,6 +107,8 @@ vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o
> vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_mixed.o
> vmlinux-libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a
>
> +vmlinux-objs-$(CONFIG_SECURE_LAUNCH) += $(obj)/sha1.o
> +
> $(obj)/vmlinux: $(vmlinux-objs-y) $(vmlinux-libs-y) FORCE
> $(call if_changed,ld)
>
> diff --git a/arch/x86/boot/compressed/sha1.c b/arch/x86/boot/compressed/sha1.c
> new file mode 100644
> index 000000000000..d754489941ac
> --- /dev/null
> +++ b/arch/x86/boot/compressed/sha1.c
> @@ -0,0 +1,6 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright (c) 2024 Apertus Solutions, LLC.
> + */
> +
> +#include "../../../../lib/crypto/sha1.c"
> diff --git a/include/crypto/sha1.h b/include/crypto/sha1.h
> index 044ecea60ac8..d715dd5332e1 100644
> --- a/include/crypto/sha1.h
> +++ b/include/crypto/sha1.h
> @@ -42,5 +42,6 @@ extern int crypto_sha1_finup(struct shash_desc *desc, const u8 *data,
> #define SHA1_WORKSPACE_WORDS 16
> void sha1_init(__u32 *buf);
> void sha1_transform(__u32 *digest, const char *data, __u32 *W);
> +void sha1(const u8 *data, unsigned int len, u8 *out);
>
> #endif /* _CRYPTO_SHA1_H */
> diff --git a/lib/crypto/sha1.c b/lib/crypto/sha1.c
> index ebb60519ae93..0bd32df31743 100644
> --- a/lib/crypto/sha1.c
> +++ b/lib/crypto/sha1.c
> @@ -137,5 +137,86 @@ void sha1_init(__u32 *buf)
> }
> EXPORT_SYMBOL(sha1_init);
>
> +static void __sha1_transform(u32 *digest, const char *data)
> +{
> + u32 ws[SHA1_WORKSPACE_WORDS];
> +
> + sha1_transform(digest, data, ws);
> +
> + /* Ensure local data for generating digest is cleared in all cases */
> + memzero_explicit(ws, sizeof(ws));
> +}
> +
> +static void sha1_update(struct sha1_state *sctx, const u8 *data, unsigned int len)
> +{
> + unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
> + int blocks;
> +
> + sctx->count += len;
> +
> + if (unlikely((partial + len) < SHA1_BLOCK_SIZE))
> + goto out;
> +
> + if (partial) {
> + int p = SHA1_BLOCK_SIZE - partial;
> +
> + memcpy(sctx->buffer + partial, data, p);
> + data += p;
> + len -= p;
> +
> + __sha1_transform(sctx->state, sctx->buffer);
> + }
> +
> + blocks = len / SHA1_BLOCK_SIZE;
> + len %= SHA1_BLOCK_SIZE;
> +
> + if (blocks) {
> + while (blocks--) {
> + __sha1_transform(sctx->state, data);
> + data += SHA1_BLOCK_SIZE;
> + }
> + }
> + partial = 0;
> +
> +out:
> + memcpy(sctx->buffer + partial, data, len);
> +}
> +
> +static void sha1_final(struct sha1_state *sctx, u8 *out)
> +{
> + const int bit_offset = SHA1_BLOCK_SIZE - sizeof(__be64);
> + unsigned int partial = sctx->count % SHA1_BLOCK_SIZE;
> + __be64 *bits = (__be64 *)(sctx->buffer + bit_offset);
> + __be32 *digest = (__be32 *)out;
> + int i;
> +
> + sctx->buffer[partial++] = 0x80;
> + if (partial > bit_offset) {
> + memset(sctx->buffer + partial, 0x0, SHA1_BLOCK_SIZE - partial);
> + partial = 0;
> +
> + __sha1_transform(sctx->state, sctx->buffer);
> + }
> +
> + memset(sctx->buffer + partial, 0x0, bit_offset - partial);
> + *bits = cpu_to_be64(sctx->count << 3);
> + __sha1_transform(sctx->state, sctx->buffer);
> +
> + for (i = 0; i < SHA1_DIGEST_SIZE / sizeof(__be32); i++)
> + put_unaligned_be32(sctx->state[i], digest++);
> +
> + *sctx = (struct sha1_state){};
> +}
> +
> +void sha1(const u8 *data, unsigned int len, u8 *out)
> +{
> + struct sha1_state sctx = {0};
> +
> + sha1_init(sctx.state);
> + sha1_update(&sctx, data, len);
> + sha1_final(&sctx, out);
> +}
> +EXPORT_SYMBOL(sha1);
> +
> MODULE_DESCRIPTION("SHA-1 Algorithm");
> MODULE_LICENSE("GPL");
> --
> 2.39.3
>
This looks pretty good and we had already the SHA-1 discussion in
the past :-)
BR, Jarkko
next prev parent reply other threads:[~2025-03-07 5:36 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-19 19:41 [PATCH v12 00/19] x86: Trenchboot secure dynamic launch Linux kernel support Ross Philipson
2024-12-19 19:41 ` [PATCH v12 01/19] Documentation/x86: Secure Launch kernel documentation Ross Philipson
2025-03-07 5:10 ` Jarkko Sakkinen
2025-03-07 5:15 ` Jarkko Sakkinen
2024-12-19 19:41 ` [PATCH v12 02/19] x86: Secure Launch Kconfig Ross Philipson
2024-12-19 19:42 ` [PATCH v12 03/19] x86: Secure Launch Resource Table header file Ross Philipson
2025-03-07 5:32 ` Jarkko Sakkinen
2025-03-07 19:22 ` ross.philipson
2025-03-07 19:30 ` Jarkko Sakkinen
2025-03-07 19:44 ` ross.philipson
2024-12-19 19:42 ` [PATCH v12 04/19] x86: Secure Launch main " Ross Philipson
2025-03-07 5:34 ` Jarkko Sakkinen
2025-03-07 19:25 ` ross.philipson
2025-03-07 19:37 ` Jarkko Sakkinen
2025-03-07 19:46 ` ross.philipson
2024-12-19 19:42 ` [PATCH v12 05/19] x86: Add early SHA-1 support for Secure Launch early measurements Ross Philipson
2025-03-07 5:35 ` Jarkko Sakkinen [this message]
2024-12-19 19:42 ` [PATCH v12 06/19] x86: Add early SHA-256 " Ross Philipson
2025-03-07 5:36 ` Jarkko Sakkinen
2024-12-19 19:42 ` [PATCH v12 07/19] x86/msr: Add variable MTRR base/mask and x2apic ID registers Ross Philipson
2025-03-07 5:55 ` Jarkko Sakkinen
2025-03-07 19:29 ` ross.philipson
2024-12-19 19:42 ` [PATCH v12 08/19] x86/boot: Place TXT MLE header in the kernel_info section Ross Philipson
2025-03-07 6:51 ` Jarkko Sakkinen
2025-03-07 19:33 ` ross.philipson
2024-12-19 19:42 ` [PATCH v12 09/19] x86: Secure Launch kernel early boot stub Ross Philipson
2025-03-07 7:00 ` Jarkko Sakkinen
2025-03-07 19:42 ` ross.philipson
2024-12-19 19:42 ` [PATCH v12 10/19] x86: Secure Launch kernel late " Ross Philipson
2025-03-07 7:02 ` Jarkko Sakkinen
2025-03-07 19:43 ` ross.philipson
2024-12-19 19:42 ` [PATCH v12 11/19] x86: Secure Launch SMP bringup support Ross Philipson
2024-12-19 19:42 ` [PATCH v12 12/19] kexec: Secure Launch kexec SEXIT support Ross Philipson
2024-12-19 19:42 ` [PATCH v12 13/19] x86/reboot: Secure Launch SEXIT support on reboot paths Ross Philipson
2024-12-19 19:42 ` [PATCH v12 14/19] tpm, tpm_tis: Close all localities Ross Philipson
2025-03-07 7:05 ` Jarkko Sakkinen
2024-12-19 19:42 ` [PATCH v12 15/19] tpm, tpm_tis: Address positive localities in tpm_tis_request_locality() Ross Philipson
2025-03-07 7:07 ` Jarkko Sakkinen
2025-03-07 19:35 ` ross.philipson
2024-12-19 19:42 ` [PATCH v12 16/19] tpm, tpm_tis: Allow locality to be set to a different value Ross Philipson
2025-03-07 7:07 ` Jarkko Sakkinen
2024-12-19 19:42 ` [PATCH v12 17/19] tpm, sysfs: Show locality used by kernel Ross Philipson
2025-03-07 7:09 ` Jarkko Sakkinen
2025-03-07 19:39 ` ross.philipson
2024-12-19 19:42 ` [PATCH v12 18/19] x86: Secure Launch late initcall platform module Ross Philipson
2024-12-19 19:42 ` [PATCH v12 19/19] x86/efi: EFI stub DRTM launch support for Secure Launch Ross Philipson
2025-02-18 18:21 ` [PATCH v12 00/19] x86: Trenchboot secure dynamic launch Linux kernel support ross.philipson
2025-02-18 18:31 ` Jarkko Sakkinen
2025-02-18 19:39 ` ross.philipson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z8qFvYEE19yv7z-8@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=andrew.cooper3@citrix.com \
--cc=ardb@kernel.org \
--cc=baolu.lu@linux.intel.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dpsmith@apertussolutions.com \
--cc=dwmw2@infradead.org \
--cc=ebiederm@xmission.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jgg@ziepe.ca \
--cc=kanth.ghatraju@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=nivedita@alum.mit.edu \
--cc=peterhuewe@gmx.de \
--cc=ross.philipson@oracle.com \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.