lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20170911100022.7251-1-tweek@google.com>
Date:   Mon, 11 Sep 2017 12:00:19 +0200
From:   Thiebaud Weksteen <tweek@...gle.com>
To:     linux-efi@...r.kernel.org
Cc:     ard.biesheuvel@...aro.org, matt@...eblueprint.co.uk,
        linux-kernel@...r.kernel.org, mjg59@...gle.com,
        tpmdd-devel@...ts.sourceforge.net, peterhuewe@....de,
        jarkko.sakkinen@...ux.intel.com, jgunthorpe@...idianresearch.com,
        tpmdd@...horst.net, Thiebaud Weksteen <tweek@...gle.com>
Subject: [PATCH v2 0/3] Call GetEventLog before ExitBootServices

With TPM 1.2, the ACPI table ("TCPA") has two fields to recover the Event Log
Area (LAML and LASA). These logs are useful to understand and rebuild the
final values of PCRs.

With TPM 2.0, the ACPI table ("TPM2") does not contain these fields anymore.
The recommended method is now to call the GetEventLog EFI protocol before
ExitBootServices.

Implement this method within the EFI stub and create copy of the logs for the
TPM device. This will create /sys/kernel/security/tpm0/binary_bios_measurements
for TPM 2.0 devices (similarly to the current behaviour for TPM 1.2 devices).

-------------------------------------------------------------------------------

Patchset Changelog:

Version 2:
- Move tpm_eventlog.h to top include directory, add commit for this.
- Use EFI_LOADER_DATA to store the configuration table
- Whitespace and new lines fixes


Thiebaud Weksteen (3):
  tpm: move tpm_eventlog.h outside of drivers folder
  efi: call get_event_log before ExitBootServices
  tpm: parse TPM event logs based on EFI table

 arch/x86/boot/compressed/eboot.c                   |  1 +
 drivers/char/tpm/Makefile                          |  2 +-
 drivers/char/tpm/tpm-chip.c                        |  3 +-
 drivers/char/tpm/tpm-interface.c                   |  2 +-
 drivers/char/tpm/tpm.h                             | 35 ++++++++--
 drivers/char/tpm/tpm1_eventlog.c                   | 17 +++--
 drivers/char/tpm/tpm2_eventlog.c                   |  2 +-
 drivers/char/tpm/tpm_acpi.c                        |  2 +-
 drivers/char/tpm/tpm_efi.c                         | 66 ++++++++++++++++++
 drivers/char/tpm/tpm_of.c                          |  2 +-
 drivers/firmware/efi/Makefile                      |  2 +-
 drivers/firmware/efi/efi.c                         |  4 ++
 drivers/firmware/efi/libstub/Makefile              |  3 +-
 drivers/firmware/efi/libstub/tpm.c                 | 81 ++++++++++++++++++++++
 drivers/firmware/efi/tpm.c                         | 39 +++++++++++
 include/linux/efi.h                                | 50 +++++++++++++
 {drivers/char/tpm => include/linux}/tpm_eventlog.h | 32 ++-------
 17 files changed, 301 insertions(+), 42 deletions(-)
 create mode 100644 drivers/char/tpm/tpm_efi.c
 create mode 100644 drivers/firmware/efi/tpm.c
 rename {drivers/char/tpm => include/linux}/tpm_eventlog.h (77%)

-- 
2.14.1.581.gf28d330327-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ