From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EFFBFC4338F for ; Wed, 11 Aug 2021 06:50:24 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3D5B660FA0 for ; Wed, 11 Aug 2021 06:50:24 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 3D5B660FA0 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4542580C87; Wed, 11 Aug 2021 08:50:22 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="hsGcnPqE"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 70D0682000; Wed, 11 Aug 2021 08:50:20 +0200 (CEST) Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id D884E8022E for ; Wed, 11 Aug 2021 08:50:15 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=takahiro.akashi@linaro.org Received: by mail-pl1-x636.google.com with SMTP id e19so1390417pla.10 for ; Tue, 10 Aug 2021 23:50:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to; bh=1KZNpKCZfthkUczopap71thv9qLKyZwEl2Lj4QBAyx4=; b=hsGcnPqEHnZKTig1vpcYDDYYvQ2d2V0Fmv8xySRKZCcorIT48ngSlUdmAVCu07tX9Z SXEXPv/VRIuZyEZCWG66lsk63T+AfUQDGKs/QBwV71wkwc5+bvFF12qVb3pfDS1yQ4EY jurfQpBrjOxyzrokAVwV+jSInSCy2GCTCdkk4GuUXA9lRUy/EAMhDeE934mlOVh5IcLG 5GfCwh+BaE7h3LvD2PZgCQkQtcgavL6GptkYxouXITCLgrYNOoJjXZ4Z/1jq3uB4cEd0 CcqKztvjIw/09xqjojOOMnjLEMKWTgDEGSj9ywkixfot0IU+CIn1k1G4E++maIirRQUT oRcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :in-reply-to; bh=1KZNpKCZfthkUczopap71thv9qLKyZwEl2Lj4QBAyx4=; b=gAhTPDcbioWJhnHkswP3n2OtyPHzqk/o3mCqoSi0qcoj7vOeX4h015bzGMZ98eVD96 hkk89HyMXdVrz9bzVZ661x/oR/k+WRP96UXcq0bY+fqEMcjERRZ5HCb7RJROLlb18J0R wHxooDsjHP2RQaeUwQRpPx5HR78zgWRuxFQmE4aZKoKPYwQmL8L1I6vN5dUii+SRweG+ x71BfTyVh7WUqJeHg1V2v1KS1Katt7OwbHyqQNT+4sIFrpsGSNahtR/Sii/RIOPv+lwQ Y3Il5SXzl20858ex6o4qafm8X1HcCH7ef7Se0SKdVB9Bld2FasUsFtk0m8Yen7y+piwd OCsA== X-Gm-Message-State: AOAM531ZBQwRuv3g25UMZFradcL5GbgooahFe1RSm3npenvgOItOKnw9 bRHZ7D8gBCiDmiOi7IPmdzy0Ga3Tra4l+w== X-Google-Smtp-Source: ABdhPJyQ8Wc5f05tWC0hF8rJkeY0zpwLl3VKTbQ4KT4eTzf7pTswGCuXgsiYj4bc9cCcdlUtO7B17A== X-Received: by 2002:a17:902:e8d8:b029:117:8e2c:1ed5 with SMTP id v24-20020a170902e8d8b02901178e2c1ed5mr3025656plg.39.1628664613985; Tue, 10 Aug 2021 23:50:13 -0700 (PDT) Received: from laputa (pdb6272e8.tkyea130.ap.so-net.ne.jp. [219.98.114.232]) by smtp.gmail.com with ESMTPSA id s3sm26590711pfk.61.2021.08.10.23.50.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Aug 2021 23:50:13 -0700 (PDT) Date: Wed, 11 Aug 2021 15:50:08 +0900 From: AKASHI Takahiro To: Masahisa Kojima Cc: Heinrich Schuchardt , Alexander Graf , Ilias Apalodimas , Simon Glass , Dhananjay Phadke , U-Boot Mailing List Subject: Re: [PATCH v3 2/5] efi_loader: add boot variable measurement Message-ID: <20210811065008.GC54169@laputa> Mail-Followup-To: AKASHI Takahiro , Masahisa Kojima , Heinrich Schuchardt , Alexander Graf , Ilias Apalodimas , Simon Glass , Dhananjay Phadke , U-Boot Mailing List References: <20210806070215.19887-1-masahisa.kojima@linaro.org> <20210806070215.19887-3-masahisa.kojima@linaro.org> <20210810021926.GB11600@laputa> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On Wed, Aug 11, 2021 at 12:05:39PM +0900, Masahisa Kojima wrote: > On Tue, 10 Aug 2021 at 11:19, AKASHI Takahiro > wrote: > > > > On Fri, Aug 06, 2021 at 04:02:12PM +0900, Masahisa Kojima wrote: > > > TCG PC Client PFP spec requires to measure "Boot####" > > > and "BootOrder" variables, EV_SEPARATOR event prior > > > to the Ready to Boot invocation. > > > Since u-boot does not implement Ready to Boot event, > > > these measurements are performed when efi_start_image() is called. > > > > > > TCG spec also requires to measure "Calling EFI Application from > > > Boot Option" for each boot attempt, and "Returning from EFI > > > Application from Boot Option" if a boot device returns control > > > back to the Boot Manager. > > > > > > Signed-off-by: Masahisa Kojima > > > --- > > > Changes in v3: > > > - modify log output > > > > > > Changes in v2: > > > - use efi_create_indexed_name() for "Boot####" variable > > > > > > include/efi_loader.h | 4 ++ > > > include/tpm-v2.h | 18 ++++- > > > lib/efi_loader/efi_boottime.c | 20 ++++++ > > > lib/efi_loader/efi_tcg2.c | 121 ++++++++++++++++++++++++++++++++++ > > > 4 files changed, 162 insertions(+), 1 deletion(-) > > > > > > diff --git a/include/efi_loader.h b/include/efi_loader.h > > > index a120d94431..345cbb72c4 100644 > > > --- a/include/efi_loader.h > > > +++ b/include/efi_loader.h > > > @@ -499,6 +499,10 @@ efi_status_t efi_run_image(void *source_buffer, efi_uintn_t source_size); > > > efi_status_t efi_init_variables(void); > > > /* Notify ExitBootServices() is called */ > > > void efi_variables_boot_exit_notify(void); > > > +/* Measure efi application invocation */ > > > +efi_status_t EFIAPI efi_tcg2_measure_efi_app_invocation(void); > > > +/* Measure efi application exit */ > > > +efi_status_t EFIAPI efi_tcg2_measure_efi_app_exit(void); > > > > I don't think that we need to have EFIAPI specifiers for those functions > > as they are not api's. > > Yes, I will remove EFIAPI specifiers. > > > > > > /* Called by bootefi to initialize root node */ > > > efi_status_t efi_root_node_register(void); > > > /* Called by bootefi to initialize runtime */ > > > diff --git a/include/tpm-v2.h b/include/tpm-v2.h > > > index 247b386967..325c73006e 100644 > > > --- a/include/tpm-v2.h > > > +++ b/include/tpm-v2.h > > > @@ -73,7 +73,7 @@ struct udevice; > > > /* > > > * event types, cf. > > > * "TCG PC Client Platform Firmware Profile Specification", Family "2.0" > > > - * rev 1.04, June 3, 2019 > > > + * Level 00 Version 1.05 Revision 23, May 7, 2021 > > > */ > > > #define EV_EFI_EVENT_BASE ((u32)0x80000000) > > > #define EV_EFI_VARIABLE_DRIVER_CONFIG ((u32)0x80000001) > > > @@ -85,8 +85,24 @@ struct udevice; > > > #define EV_EFI_ACTION ((u32)0x80000007) > > > #define EV_EFI_PLATFORM_FIRMWARE_BLOB ((u32)0x80000008) > > > #define EV_EFI_HANDOFF_TABLES ((u32)0x80000009) > > > +#define EV_EFI_PLATFORM_FIRMWARE_BLOB2 ((u32)0x8000000A) > > > +#define EV_EFI_HANDOFF_TABLES2 ((u32)0x8000000B) > > > +#define EV_EFI_VARIABLE_BOOT2 ((u32)0x8000000C) > > > #define EV_EFI_HCRTM_EVENT ((u32)0x80000010) > > > #define EV_EFI_VARIABLE_AUTHORITY ((u32)0x800000E0) > > > +#define EV_EFI_SPDM_FIRMWARE_BLOB ((u32)0x800000E1) > > > +#define EV_EFI_SPDM_FIRMWARE_CONFIG ((u32)0x800000E2) > > > + > > > +#define EFI_CALLING_EFI_APPLICATION \ > > > + "Calling EFI Application from Boot Option" > > > +#define EFI_RETURNING_FROM_EFI_APPLICATION \ > > > + "Returning from EFI Application from Boot Option" > > > +#define EFI_EXIT_BOOT_SERVICES_INVOCATION \ > > > + "Exit Boot Services Invocation" > > > +#define EFI_EXIT_BOOT_SERVICES_FAILED \ > > > + "Exit Boot Services Returned with Failure" > > > +#define EFI_EXIT_BOOT_SERVICES_SUCCEEDED \ > > > + "Exit Boot Services Returned with Success" > > > > > > /* TPMS_TAGGED_PROPERTY Structure */ > > > struct tpms_tagged_property { > > > diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c > > > index 0b98e91813..13ab139222 100644 > > > --- a/lib/efi_loader/efi_boottime.c > > > +++ b/lib/efi_loader/efi_boottime.c > > > @@ -2994,6 +2994,16 @@ efi_status_t EFIAPI efi_start_image(efi_handle_t image_handle, > > > image_obj->exit_status = &exit_status; > > > image_obj->exit_jmp = &exit_jmp; > > > > > > + if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) { > > > + if (image_obj->image_type == IMAGE_SUBSYSTEM_EFI_APPLICATION) { > > > + ret = efi_tcg2_measure_efi_app_invocation(); > > > + if (ret != EFI_SUCCESS) { > > > + log_warning("tcg2 measurement fails(0x%lx)\n", > > > + ret); > > > + } > > > + } > > > + } > > > + > > > /* call the image! */ > > > if (setjmp(&exit_jmp)) { > > > /* > > > @@ -3252,6 +3262,16 @@ static efi_status_t EFIAPI efi_exit(efi_handle_t image_handle, > > > exit_status != EFI_SUCCESS) > > > efi_delete_image(image_obj, loaded_image_protocol); > > > > > > + if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) { > > > + if (image_obj->image_type == IMAGE_SUBSYSTEM_EFI_APPLICATION) { > > > + ret = efi_tcg2_measure_efi_app_exit(); > > > + if (ret != EFI_SUCCESS) { > > > + log_warning("tcg2 measurement fails(0x%lx)\n", > > > + ret); > > > + } > > > + } > > > + } > > > + > > > /* Make sure entry/exit counts for EFI world cross-overs match */ > > > EFI_EXIT(exit_status); > > > > > > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c > > > index a2e9587cd0..7dd30c2bc9 100644 > > > --- a/lib/efi_loader/efi_tcg2.c > > > +++ b/lib/efi_loader/efi_tcg2.c > > > @@ -35,6 +35,7 @@ struct event_log_buffer { > > > }; > > > > > > static struct event_log_buffer event_log; > > > +static bool tcg2_efi_app_invoked; > > > /* > > > * When requesting TPM2_CAP_TPM_PROPERTIES the value is on a standard offset. > > > * Since the current tpm2_get_capability() response buffers starts at > > > @@ -1385,6 +1386,126 @@ static efi_status_t tcg2_measure_variable(struct udevice *dev, u32 pcr_index, > > > return ret; > > > } > > > > > > +/** > > > + * tcg2_measure_boot_variable() - measure boot variables > > > + * > > > + * @dev: TPM device > > > + * > > > + * Return: status code > > > + */ > > > +static efi_status_t tcg2_measure_boot_variable(struct udevice *dev) > > > +{ > > > + u16 *boot_order; > > > + u16 *boot_index; > > > + u16 var_name[] = L"BootOrder"; > > > + u16 boot_name[] = L"Boot####"; > > > + u8 *bootvar; > > > + efi_uintn_t var_data_size; > > > + u32 count, i; > > > + efi_status_t ret; > > > + > > > + boot_order = efi_get_var(var_name, &efi_global_variable_guid, > > > + &var_data_size); > > > + if (!boot_order) { > > > + ret = EFI_NOT_FOUND; > > > + goto error; > > > + } > > > > What if BootOrder is not defined, but BootNext is defined? > > TCG PC Client PFP spec does not require to measure the case > when the system boots with BootNext. > So in this case, BootNext is defined but BootOrder is not defined, > no measurement occurs for boot variables. I simply wonder why the spec does care about BootOrder, but not BootNext. Let take another case; BootNext, BootOrder and BootXXXX are all defined, and the system boots up by BootNext. In this case, we will have measurement for boot variables. Why do we need this although we don't take measurement in case of BootNext & !BootOrder? -Takahiro Akashi > Thanks, > Masahisa Kojima > > > > > -Takahiro Akashi > > > > > + > > > + ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2, var_name, > > > + &efi_global_variable_guid, var_data_size, > > > + (u8 *)boot_order); > > > + if (ret != EFI_SUCCESS) > > > + goto error; > > > + > > > + count = var_data_size / sizeof(*boot_order); > > > + boot_index = boot_order; > > > + for (i = 0; i < count; i++) { > > > + efi_create_indexed_name(boot_name, sizeof(boot_name), > > > + "Boot", *boot_index++); > > > + > > > + bootvar = efi_get_var(boot_name, &efi_global_variable_guid, > > > + &var_data_size); > > > + > > > + if (!bootvar) { > > > + log_info("%ls not found\n", boot_name); > > > + continue; > > > + } > > > + > > > + ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2, > > > + boot_name, > > > + &efi_global_variable_guid, > > > + var_data_size, bootvar); > > > + free(bootvar); > > > + if (ret != EFI_SUCCESS) > > > + goto error; > > > + } > > > + > > > +error: > > > + free(boot_order); > > > + return ret; > > > +} > > > + > > > +/** > > > + * efi_tcg2_measure_efi_app_invocation() - measure efi app invocation > > > + * > > > + * Return: status code > > > + */ > > > +efi_status_t EFIAPI efi_tcg2_measure_efi_app_invocation(void) > > > +{ > > > + efi_status_t ret; > > > + u32 pcr_index; > > > + struct udevice *dev; > > > + u32 event = 0; > > > + > > > + if (tcg2_efi_app_invoked) > > > + return EFI_SUCCESS; > > > + > > > + ret = platform_get_tpm2_device(&dev); > > > + if (ret != EFI_SUCCESS) > > > + return ret; > > > + > > > + ret = tcg2_measure_boot_variable(dev); > > > + if (ret != EFI_SUCCESS) > > > + goto out; > > > + > > > + ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION, > > > + strlen(EFI_CALLING_EFI_APPLICATION), > > > + (u8 *)EFI_CALLING_EFI_APPLICATION); > > > + if (ret != EFI_SUCCESS) > > > + goto out; > > > + > > > + for (pcr_index = 0; pcr_index <= 7; pcr_index++) { > > > + ret = tcg2_measure_event(dev, pcr_index, EV_SEPARATOR, > > > + sizeof(event), (u8 *)&event); > > > + if (ret != EFI_SUCCESS) > > > + goto out; > > > + } > > > + > > > + tcg2_efi_app_invoked = true; > > > +out: > > > + return ret; > > > +} > > > + > > > +/** > > > + * efi_tcg2_measure_efi_app_exit() - measure efi app exit > > > + * > > > + * Return: status code > > > + */ > > > +efi_status_t EFIAPI efi_tcg2_measure_efi_app_exit(void) > > > +{ > > > + efi_status_t ret; > > > + struct udevice *dev; > > > + > > > + ret = platform_get_tpm2_device(&dev); > > > + if (ret != EFI_SUCCESS) > > > + return ret; > > > + > > > + ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION, > > > + strlen(EFI_RETURNING_FROM_EFI_APPLICATION), > > > + (u8 *)EFI_RETURNING_FROM_EFI_APPLICATION); > > > + return ret; > > > +} > > > + > > > /** > > > * tcg2_measure_secure_boot_variable() - measure secure boot variables > > > * > > > -- > > > 2.17.1 > > >