[SLOF] [PATCH 3/3] tcgbios: Measure the bootloader file read from disk

Alexey Kardashevskiy aik at ozlabs.ru
Wed Apr 1 15:31:47 AEDT 2020 


On 27/03/2020 07:20, Stefan Berger wrote:
> From: Stefan Berger <stefanb at linux.ibm.com>
> 
> Measure the bootloader file read from disk into PCR 4 and log it with
> the description 'BOOTLOADER' and the event type EV_COMPACT_HASH
> (code 0xc). Since the loaded file should be an ELF file, have its size
> determined and only the bytes from the ELF image measured rather than
> the whole buffer that it was read into and is much bigger (0x700000).
> 
> Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
> ---
>  slof/fs/packages/disk-label.fs | 19 ++++++++++++++++++-
>  1 file changed, 18 insertions(+), 1 deletion(-)
> 
> diff --git a/slof/fs/packages/disk-label.fs b/slof/fs/packages/disk-label.fs
> index bb64022..d7b6418 100644
> --- a/slof/fs/packages/disk-label.fs
> +++ b/slof/fs/packages/disk-label.fs
> @@ -452,6 +452,20 @@ CREATE GPT-LINUX-PARTITION 10 allot
>     THEN
>  ;
>  
> +\ Measure the boot loader file into PCR 4 as event type EV_COMPACT_HASH (0xc)
> +
> +: measure-file ( data-ptr data-len -- )
> +   s" /ibm,vtpm" find-node IF
> +      4 -rot                    ( 4 data-ptr data-len )
> +      c -rot                    ( 4 c data-ptr data-len )
> +      s" BOOTLOADER"            ( 4 c data-ptr data-len desc-ptr desc-len )
> +      true tpm-hash-log-extend-event-file   ( rc )
> +      drop

This is what I commented in 2/3 - these "true" and "drop" are not used.


> +   ELSE
> +      2drop
> +   THEN
> +;
> +
>  : load-from-gpt-prep-partition ( addr -- size )

So it is GPT only, not MBR?


>     get-gpt-partition 0= IF false EXIT THEN
>     block gpt>num-part-entry l at -le dup 0= IF false exit THEN
> @@ -465,7 +479,10 @@ CREATE GPT-LINUX-PARTITION 10 allot
>           swap                                 ( addr blocks first-lba )
>           block-size * to part-offset          ( addr blocks )
>           0 0 seek drop                        ( addr blocks )
> -         block-size * read                    ( size )
> +         over -rot                            ( addr addr blocks)


Nit: "swap" instead of "-rot". Thanks,


> +         block-size * read                    ( addr size )
> +         2dup measure-file                    ( addr size )
> +         nip                                  ( size)
>           UNLOOP EXIT
>       THEN
>       seek-pos gpt-part-size + to seek-pos
> 

-- 
Alexey

More information about the SLOF mailing list