[SLOF] [PATCH v2 10/20] Implement measurements of the master boot record

Stefan Berger stefanb at us.ibm.com
Wed Nov 18 04:02:26 AEDT 2015 

From: Stefan Berger <stefanb at linux.vnet.ibm.com>

This patch adds support for measuring the boot block of the
MBR and logging the measurement.

Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
 board-js2x/slof/OF.fs          |  2 ++
 slof/fs/packages/disk-label.fs |  6 +++++-
 slof/fs/tpm/tpm-static.fs      | 17 +++++++++++++++++
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/board-js2x/slof/OF.fs b/board-js2x/slof/OF.fs
index 3e37735..8e736c7 100644
--- a/board-js2x/slof/OF.fs
+++ b/board-js2x/slof/OF.fs
@@ -255,6 +255,8 @@ create vpd-bootlist 4 allot
 #include <usb/usb-static.fs>
 320 cp
 #include <scsi-loader.fs>
+\\ need tpm-static for verbs in disk-labels.fs
+#include <tpm/tpm-static.fs>
 #include <root.fs>
 360 cp
 #include "tree.fs"
diff --git a/slof/fs/packages/disk-label.fs b/slof/fs/packages/disk-label.fs
index e034d64..ffd5792 100644
--- a/slof/fs/packages/disk-label.fs
+++ b/slof/fs/packages/disk-label.fs
@@ -545,7 +545,11 @@ B9E5                CONSTANT GPT-BASIC-DATA-PARTITION-2
 \ load from a bootable partition
 : load-from-boot-partition ( addr -- size )
    debug-disk-label? IF ." Trying DOS boot " .s cr THEN
-   dup load-from-dos-boot-partition ?dup 0 <> IF nip EXIT THEN
+   dup load-from-dos-boot-partition ?dup 0 <> IF
+      nip
+      block vtpm-measure-hdd-mbr
+      EXIT
+   THEN
 
    debug-disk-label? IF ." Trying CHRP boot " .s cr THEN
    1 disk-chrp-boot !
diff --git a/slof/fs/tpm/tpm-static.fs b/slof/fs/tpm/tpm-static.fs
index fb82c08..a130890 100644
--- a/slof/fs/tpm/tpm-static.fs
+++ b/slof/fs/tpm/tpm-static.fs
@@ -44,6 +44,23 @@ false VALUE vtpm-debug?
     THEN
 ;
 
+80 CONSTANT BCV_DEVICE_HDD
+
+: vtpm-measure-hdd-mbr ( addr -- )
+    vtpm-available? IF
+        200 BCV_DEVICE_HDD                         ( addr length bootdrv -- )
+        -rot                                       ( bootdrv addr length -- )
+        tpm-measure-bcv-mbr                        ( -- errcode )
+        dup 0<> IF
+            ." VTPM: Error code from tpm-measure-hdd: " . cr
+        ELSE
+            drop
+        THEN
+    ELSE
+        3drop
+    THEN
+;
+
 1 CONSTANT TPM_ST_ENABLED
 2 CONSTANT TPM_ST_ACTIVE
 4 CONSTANT TPM_ST_OWNED
-- 
2.4.3

More information about the SLOF mailing list