[SLOF] [PATCH 3/3] tcgbios: Measure the bootloader file read from disk

Stefan Berger stefanb at linux.ibm.com
Thu Apr 2 00:57:22 AEDT 2020 

On 4/1/20 12:31 AM, Alexey Kardashevskiy wrote:
>
> On 27/03/2020 07:20, Stefan Berger wrote:
>> From: Stefan Berger <stefanb at linux.ibm.com>
>>
>> Measure the bootloader file read from disk into PCR 4 and log it with
>> the description 'BOOTLOADER' and the event type EV_COMPACT_HASH
>> (code 0xc). Since the loaded file should be an ELF file, have its size
>> determined and only the bytes from the ELF image measured rather than
>> the whole buffer that it was read into and is much bigger (0x700000).
>>
>> Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
>> ---
>>   slof/fs/packages/disk-label.fs | 19 ++++++++++++++++++-
>>   1 file changed, 18 insertions(+), 1 deletion(-)
>>
>> diff --git a/slof/fs/packages/disk-label.fs b/slof/fs/packages/disk-label.fs
>> index bb64022..d7b6418 100644
>> --- a/slof/fs/packages/disk-label.fs
>> +++ b/slof/fs/packages/disk-label.fs
>> @@ -452,6 +452,20 @@ CREATE GPT-LINUX-PARTITION 10 allot
>>      THEN
>>   ;
>>   
>> +\ Measure the boot loader file into PCR 4 as event type EV_COMPACT_HASH (0xc)
>> +
>> +: measure-file ( data-ptr data-len -- )
>> +   s" /ibm,vtpm" find-node IF
>> +      4 -rot                    ( 4 data-ptr data-len )
>> +      c -rot                    ( 4 c data-ptr data-len )
>> +      s" BOOTLOADER"            ( 4 c data-ptr data-len desc-ptr desc-len )
>> +      true tpm-hash-log-extend-event-file   ( rc )
>> +      drop
> This is what I commented in 2/3 - these "true" and "drop" are not used.

I would like to keep them though since this function will have different 
callers. Also, practically all functions return a return code.


>
>
>> +   ELSE
>> +      2drop
>> +   THEN
>> +;
>> +
>>   : load-from-gpt-prep-partition ( addr -- size )
> So it is GPT only, not MBR?


for MBR we have this here already:

: load-from-dos-boot-partition ( addr -- size )
    no-mbr? IF drop FALSE EXIT THEN  \ read MBR and check for DOS 
disk-label magic
[..]

             block-size * read        ( size )
             block block-size measure-mbr
             UNLOOP EXIT

[...]


I thought for MBR there was a tiny piece of code in the sectors that are 
read here and that's all there is.


>
>
>>      get-gpt-partition 0= IF false EXIT THEN
>>      block gpt>num-part-entry l at -le dup 0= IF false exit THEN
>> @@ -465,7 +479,10 @@ CREATE GPT-LINUX-PARTITION 10 allot
>>            swap                                 ( addr blocks first-lba )
>>            block-size * to part-offset          ( addr blocks )
>>            0 0 seek drop                        ( addr blocks )
>> -         block-size * read                    ( size )
>> +         over -rot                            ( addr addr blocks)
>
> Nit: "swap" instead of "-rot". Thanks,


Yes, easier. Done.

    Stefan


>
>
>> +         block-size * read                    ( addr size )
>> +         2dup measure-file                    ( addr size )
>> +         nip                                  ( size)
>>            UNLOOP EXIT
>>        THEN
>>        seek-pos gpt-part-size + to seek-pos
>>

More information about the SLOF mailing list