From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>,
Alexander Graf <agraf@csgraf.de>, Simon Glass <sjg@chromium.org>,
Dhananjay Phadke <dphadke@linux.microsoft.com>,
u-boot@lists.denx.de
Subject: Re: [PATCH 3/5] efi_loader: add boot variable measurement
Date: Wed, 7 Jul 2021 21:56:13 +0300 [thread overview]
Message-ID: <YOX4zXwzpsfVXEPB@enceladus> (raw)
In-Reply-To: <20210707133638.12630-4-masahisa.kojima@linaro.org>
Hi Kojima-san,
> +{
[...]
> + u16 *boot_order;
> + u16 var_name[] = L"BootOrder";
> + u16 boot_name[] = L"Boot0000";
> + u16 hexmap[] = L"0123456789ABCDEF";
> + u8 *bootvar;
> + efi_uintn_t var_data_size;
> + u32 count, i;
> + efi_status_t ret;
> +
> + boot_order = efi_get_var(var_name, &efi_global_variable_guid,
> + &var_data_size);
> + if (!boot_order) {
> + log_info("BootOrder not defined\n");
> + ret = EFI_NOT_FOUND;
> + goto error;
> + }
> +
> + ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2, var_name,
> + &efi_global_variable_guid, var_data_size,
> + (u8 *)boot_order);
> + if (ret != EFI_SUCCESS)
> + goto error;
> +
> + count = var_data_size / sizeof(*boot_order);
> + for (i = 0; i < count; i++) {
> + boot_name[4] = hexmap[(boot_order[i] & 0xf000) >> 12];
> + boot_name[5] = hexmap[(boot_order[i] & 0x0f00) >> 8];
> + boot_name[6] = hexmap[(boot_order[i] & 0x00f0) >> 4];
> + boot_name[7] = hexmap[(boot_order[i] & 0x000f)];
Can you use efi_create_indexed_name() instead?
[...]
> + for (pcr_index = 0; pcr_index <= 7; pcr_index++) {
> + ret = tcg2_measure_event(dev, pcr_index, EV_SEPARATOR,
> + sizeof(event), (u8 *)&event);
I assume adding a separator event on all these PCRs is described on the
standard?
> + if (ret != EFI_SUCCESS)
> + goto out;
> + }
> +
> + tcg2_efi_app_invoked = true;
> +out:
> + return ret;
> +}
> +
> +/**
> + * efi_tcg2_measure_efi_app_exit() - measure efi app exit
> + *
> + * Return: status code
> + */
> +efi_status_t EFIAPI efi_tcg2_measure_efi_app_exit(void)
> +{
> + efi_status_t ret;
> + struct udevice *dev;
> +
> + ret = platform_get_tpm2_device(&dev);
> + if (ret != EFI_SUCCESS)
> + return ret;
> +
> + ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION,
> + strlen(EFI_RETURNING_FROM_EFI_APPLICATION),
Do we need a NUL terminator on this string or not?
Regards
/Ilias
next prev parent reply other threads:[~2021-07-07 18:56 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-07 13:36 [PATCH 0/5] add measurement support Masahisa Kojima
2021-07-07 13:36 ` [PATCH 1/5] efi_loader: increase eventlog buffer size Masahisa Kojima
2021-07-07 13:47 ` Heinrich Schuchardt
2021-07-08 2:21 ` Masahisa Kojima
2021-07-11 0:01 ` Simon Glass
2021-07-12 8:40 ` Masahisa Kojima
2021-07-12 9:27 ` Ilias Apalodimas
2021-07-14 14:52 ` Simon Glass
2021-07-15 6:20 ` Ilias Apalodimas
2021-07-15 12:57 ` Simon Glass
2021-07-15 14:33 ` Heinrich Schuchardt
2021-07-15 15:18 ` Simon Glass
2021-07-15 15:29 ` Heinrich Schuchardt
2021-07-15 16:09 ` Simon Glass
2021-07-14 14:50 ` Simon Glass
2021-07-15 5:09 ` Masahisa Kojima
2021-07-15 6:46 ` Ilias Apalodimas
2021-07-15 7:50 ` Masahisa Kojima
2021-07-07 13:36 ` [PATCH 2/5] efi_loader: add secure boot variable measurement Masahisa Kojima
2021-07-07 17:37 ` Simon Glass
2021-07-07 17:40 ` Ilias Apalodimas
2021-07-07 17:49 ` Simon Glass
2021-07-07 18:44 ` Ilias Apalodimas
2021-07-08 17:46 ` Heinrich Schuchardt
2021-07-09 2:34 ` Masahisa Kojima
2021-07-07 13:36 ` [PATCH 3/5] efi_loader: add " Masahisa Kojima
2021-07-07 18:56 ` Ilias Apalodimas [this message]
2021-07-08 2:44 ` Masahisa Kojima
2021-07-08 17:46 ` Heinrich Schuchardt
2021-07-09 2:44 ` Masahisa Kojima
2021-07-13 8:31 ` Masahisa Kojima
2021-07-13 14:24 ` Heinrich Schuchardt
2021-07-13 23:54 ` AKASHI Takahiro
2021-07-14 0:40 ` Masahisa Kojima
2021-07-07 13:36 ` [PATCH 4/5] efi_loader: add ExitBootServices() measurement Masahisa Kojima
2021-07-08 17:40 ` Heinrich Schuchardt
2021-07-09 3:05 ` Masahisa Kojima
2021-07-07 13:36 ` [PATCH 5/5] efi_loader: refactor efi_append_scrtm_version() Masahisa Kojima
2021-07-08 17:31 ` Heinrich Schuchardt
2021-07-09 2:05 ` Masahisa Kojima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YOX4zXwzpsfVXEPB@enceladus \
--to=ilias.apalodimas@linaro.org \
--cc=agraf@csgraf.de \
--cc=dphadke@linux.microsoft.com \
--cc=masahisa.kojima@linaro.org \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox