[SLOF] [PATCH v2 07/20] Perform some initial measurements

Stefan Berger stefanb at linux.vnet.ibm.com
Tue Nov 24 22:43:53 AEDT 2015


On 11/19/2015 11:44 AM, Thomas Huth wrote:
> On 19/11/15 17:28, Stefan Berger wrote:
>> On 11/19/2015 05:14 AM, Thomas Huth wrote:
>>> On 17/11/15 18:02, Stefan Berger wrote:
>>>> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
>>>>
>>>> This patch puts an 'event' separator into the log that can
>>>> then be seen in Linux's
>>>> /sys/kernel/security/tpm0/ascii_bios_measurements.
>>>> More low-level C functions are added for measuring and logging of disk
>>>> related data, along with their FORTH-level counterparts. These functions
>>>> will be called in subsequent patches.
>>>>
>>>> Logging follows the specifications found on the following page:
>>>>
>>>> http://www.trustedcomputinggroup.org/resources/pc_client_work_group_specific_implementation_specification_for_conventional_bios
>>>>
>>>>
>>>> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
>>>> ---
>>> [...]
>>>> +/*
>>>> + * Add a measurement to the log. This function creates two log entries
>>>> + * of the Initial Program Load (IPL).
>>>> + *
>>>> + * Input parameter:
>>>> + *  bootcd : 0: MBR of hdd, 1: boot image, 2: boot catalog of El Torito
>>>> + *  addr   : address where the IP data are located
>>>> + *  length : IP data length in bytes
>>>> + */
>>>> +uint32_t tpm_measure_ipl(enum ipltype bootcd, const uint8_t *addr,
>>>> +             uint32_t length)
>>>> +{
>>>> +    uint32_t rc;
>>>> +    const char *string;
>>>> +
>>>> +    dprintf("tpm_ipl: bootcd = %d, addr = %p, length = 0x%x\n",
>>>> +        bootcd, addr, length);
>>>> +
>>>> +    if (!has_working_tpm())
>>>> +        return TCGBIOS_GENERAL_ERROR;
>>>> +
>>>> +    switch (bootcd) {
>>>> +    case IPL_EL_TORITO_1:
>>>> +        /* specs: see section 'El Torito' */
>>>> +        string = "EL TORITO IPL";
>>>> +        rc = tpm_add_measurement_to_log(4, EV_IPL,
>>>> +                        string, strlen(string),
>>>> +                        addr, length);
>>>> +    break;
>>> Again, there is no "El Torito" boot on POWER - so I fail to see why you
>>> need this code here ?
>> The code is currently not being called. But booting from CDROM is
>> supported for OS installed, isn't it?
> Yes, you can boot from CD-ROM, but it works differently on PPC, it has
> nothing to do with the El Torito standard. IIRC, the El Torito standard
> defines how the BIOS could present the CD-ROM drive as a floppy or HD to
> the OS that should be booted. This is not done on Power. On sPAPR, we
> boot from CD-ROM via the \ppc\bootinfo.txt file instead. See the LoPAPR
> spec for details.
>
> So if you just want to log that a CDROM boot has been made, you should
> likely just rephrase the texts a little bit? But if these entries really
> really should mean "El Torito" and not simply "CD-ROM boot", this maybe
> needs to be handled differently? ... I don't know, but talking about "El
> Torito" in the source is definitiely wrong here.

Thanks for the information. For now I am removing CD ROM support.

   Stefan



More information about the SLOF mailing list