[SLOF] [PATCH v3 08/17] Implement measurements of the master boot record

Thomas Huth thuth at redhat.com
Tue Dec 15 23:05:33 AEDT 2015 

On 30/11/15 23:01, Stefan Berger wrote:
> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
> 
> This patch adds support for measuring the boot block of the MBR and logging the
> measurement. It also puts an 'event' separator into the log that can then be
> seen in Linux's /sys/kernel/security/tpm0/ascii_bios_measurements. More
> low-level C functions are added for measuring and logging of disk related data,
> along with their FORTH-level counterparts.
> 
> Logging follows the specifications found on the following page:
> 
> http://www.trustedcomputinggroup.org/resources/pc_client_work_group_specific_implementation_specification_for_conventional_bios
> 
> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
> ---
>  board-qemu/slof/vtpm-sml.fs    |  23 +++++++++
>  lib/libtpm/tcgbios.c           | 108 +++++++++++++++++++++++++++++++++++++++++
>  lib/libtpm/tcgbios.h           |   6 +++
>  lib/libtpm/tpm.code            |  23 +++++++++
>  lib/libtpm/tpm.in              |   2 +
>  slof/fs/packages/disk-label.fs |  10 +++-
>  6 files changed, 171 insertions(+), 1 deletion(-)
> 
> diff --git a/board-qemu/slof/vtpm-sml.fs b/board-qemu/slof/vtpm-sml.fs
> index f0b73ab..193b567 100644
> --- a/board-qemu/slof/vtpm-sml.fs
> +++ b/board-qemu/slof/vtpm-sml.fs
> @@ -88,6 +88,29 @@ log-base LOG-SIZE tpm-set-log-parameters
>  \ internal API calls
>  \
>  
> +: separator-event ( start-pcr end-pcr -- )
> +    tpm-add-event-separators                          ( -- errcode )
> +    dup 0<> IF
> +        ." VTPM: Error code from tpm-add-event-separators: " . cr
> +    ELSE
> +        drop
> +    THEN
> +;
> +
> +80 CONSTANT BCV_DEVICE_HDD
> +
> +: measure-hdd-mbr ( addr -- )
> +    4 5 separator-event
> +    200 BCV_DEVICE_HDD                         ( addr length bootdrv -- )
> +    -rot                                       ( bootdrv addr length -- )
> +    tpm-measure-bcv-mbr                        ( -- errcode )

Please don't use double dashes in the above three stack comments.

> +    dup 0<> IF
> +        ." VTPM: Error code from tpm-measure-hdd: " . cr
> +    ELSE
> +        drop
> +    THEN
> +;

Remaining parts of the patch looked fine to me (but I lack the detailed
knowledge about the TPM measurements stuff to really judge this).

 Thomas

More information about the SLOF mailing list