lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220916081441.1993492-1-ilias.apalodimas@linaro.org>
Date:   Fri, 16 Sep 2022 11:14:34 +0300
From:   Ilias Apalodimas <ilias.apalodimas@...aro.org>
To:     ardb@...nel.org
Cc:     pjones@...hat.com, daniel.kiper@...cle.com,
        James.Bottomley@...senpartnership.com, leif@...iainc.com,
        jroedel@...e.de, Ilias Apalodimas <ilias.apalodimas@...aro.org>,
        Heinrich Schuchardt <heinrich.schuchardt@...onical.com>,
        Baskov Evgeniy <baskov@...ras.ru>,
        Sunil V L <sunilvl@...tanamicro.com>,
        linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 1/2] efi/libstub: refactor the initrd measuring functions

Currently, from the efi-stub, we are only measuring the loaded initrd.
A following patch is introducing measurements of extra components.

The current functions are limited in measuring an initrd only, so swap
the code around a bit,  move the struct into the stub header files and
add an extra argument containing the tagged event we are about to measure

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@...aro.org>
---
 .../firmware/efi/libstub/efi-stub-helper.c    | 82 +++++++++----------
 drivers/firmware/efi/libstub/efistub.h        |  6 ++
 2 files changed, 46 insertions(+), 42 deletions(-)

diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
index 3d972061c1b0..3ef4867344b9 100644
--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
+++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
@@ -334,6 +334,28 @@ void efi_apply_loadoptions_quirk(const void **load_options, int *load_options_si
 	*load_options_size = load_option_unpacked.optional_data_size;
 }
 
+static
+void efi_measure_tagged_event(unsigned long load_addr, unsigned long load_size,
+			      const struct efi_measured_event *event)
+{
+	efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID;
+	efi_tcg2_protocol_t *tcg2 = NULL;
+	efi_status_t status;
+
+	efi_bs_call(locate_protocol, &tcg2_guid, NULL, (void **)&tcg2);
+	if (tcg2) {
+		status = efi_call_proto(tcg2, hash_log_extend_event,
+					0, load_addr, load_size,
+					&event->event_data);
+		if (status != EFI_SUCCESS)
+			efi_warn("Failed to measure data: 0x%lx\n",
+				 status);
+		else
+			efi_info("Measured %s into PCR %d\n", event->tagged_event_data,
+				 event->event_data.event_header.pcr_index);
+	}
+}
+
 /*
  * Convert the unicode UEFI command line to ASCII to pass to kernel.
  * Size of memory allocated return in *cmd_line_len.
@@ -625,47 +647,6 @@ efi_status_t efi_load_initrd_cmdline(efi_loaded_image_t *image,
 				    load_addr, load_size);
 }
 
-static const struct {
-	efi_tcg2_event_t	event_data;
-	efi_tcg2_tagged_event_t tagged_event;
-	u8			tagged_event_data[];
-} initrd_tcg2_event = {
-	{
-		sizeof(initrd_tcg2_event) + sizeof("Linux initrd"),
-		{
-			sizeof(initrd_tcg2_event.event_data.event_header),
-			EFI_TCG2_EVENT_HEADER_VERSION,
-			9,
-			EV_EVENT_TAG,
-		},
-	},
-	{
-		INITRD_EVENT_TAG_ID,
-		sizeof("Linux initrd"),
-	},
-	{ "Linux initrd" },
-};
-
-static void efi_measure_initrd(unsigned long load_addr, unsigned long load_size)
-{
-	efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID;
-	efi_tcg2_protocol_t *tcg2 = NULL;
-	efi_status_t status;
-
-	efi_bs_call(locate_protocol, &tcg2_guid, NULL, (void **)&tcg2);
-	if (tcg2) {
-		status = efi_call_proto(tcg2, hash_log_extend_event,
-					0, load_addr, load_size,
-					&initrd_tcg2_event.event_data);
-		if (status != EFI_SUCCESS)
-			efi_warn("Failed to measure initrd data: 0x%lx\n",
-				 status);
-		else
-			efi_info("Measured initrd data into PCR %d\n",
-				 initrd_tcg2_event.event_data.event_header.pcr_index);
-	}
-}
-
 /**
  * efi_load_initrd() - Load initial RAM disk
  * @image:	EFI loaded image protocol
@@ -683,6 +664,22 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image,
 			     unsigned long hard_limit)
 {
 	efi_status_t status;
+	static const struct efi_measured_event initrd_tcg2_event = {
+		{
+			sizeof(initrd_tcg2_event) + sizeof("Linux initrd"),
+			{
+				sizeof(initrd_tcg2_event.event_data.event_header),
+				EFI_TCG2_EVENT_HEADER_VERSION,
+				9,
+				EV_EVENT_TAG,
+			},
+		},
+		{
+			INITRD_EVENT_TAG_ID,
+			sizeof("Linux initrd"),
+		},
+		{ "Linux initrd" },
+	};
 
 	if (efi_noinitrd) {
 		*load_addr = *load_size = 0;
@@ -692,7 +689,8 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image,
 		if (status == EFI_SUCCESS) {
 			efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n");
 			if (*load_size > 0)
-				efi_measure_initrd(*load_addr, *load_size);
+				efi_measure_tagged_event(*load_addr, *load_size,
+							 &initrd_tcg2_event);
 		} else if (status == EFI_NOT_FOUND) {
 			status = efi_load_initrd_cmdline(image, load_addr, load_size,
 							 soft_limit, hard_limit);
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
index b0ae0a454404..cb7eb5ed9f14 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -765,6 +765,12 @@ typedef struct efi_tcg2_event efi_tcg2_event_t;
 typedef struct efi_tcg2_tagged_event efi_tcg2_tagged_event_t;
 typedef union efi_tcg2_protocol efi_tcg2_protocol_t;
 
+struct efi_measured_event {
+	efi_tcg2_event_t	event_data;
+	efi_tcg2_tagged_event_t tagged_event;
+	u8			tagged_event_data[];
+};
+
 union efi_tcg2_protocol {
 	struct {
 		void *get_capability;
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ