[SLOF] [PATCH v2 2/3] tcgbios: Implement tpm_hash_log_extend_event_buffer

Alexey Kardashevskiy aik at ozlabs.ru
Fri May 8 11:11:05 AEST 2020 


On 02/04/2020 01:57, Stefan Berger wrote:
> From: Stefan Berger <stefanb at linux.ibm.com>
> 
> Implement tpm_hash_log_extend_event_buffer() that allows to measure
> the contents of a buffer into a given PCR and log it with the
> given event type and description. The caller may choose to have
> the size of an ELF image file detected so that only data from the
> ELF image are hashed rather than the much larger buffer.
> 
> Besides using this function call now for measuring the bootloader
> read from a GPT partition, we also intend to use it for calls from
> the firmware API that allow us to measure and log data from a boot
> loader, such as grub. Grub will then invoke this function with a
> buffer whose size it knows and will not need the ELF file size
> detection.
> 
> Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
> ---
>  lib/libtpm/tcgbios.c | 47 ++++++++++++++++++++++++++++++++++++++++++++
>  lib/libtpm/tcgbios.h |  5 +++++
>  lib/libtpm/tpm.code  | 19 ++++++++++++++++++
>  lib/libtpm/tpm.in    |  1 +
>  4 files changed, 72 insertions(+)
> 
> diff --git a/lib/libtpm/tcgbios.c b/lib/libtpm/tcgbios.c
> index be6c3d1..7dcf57c 100644
> --- a/lib/libtpm/tcgbios.c
> +++ b/lib/libtpm/tcgbios.c
> @@ -33,6 +33,7 @@
>  #include "helpers.h"
>  #include "version.h"
>  #include "OF.h"
> +#include "libelf.h"
>  
>  #undef TCGBIOS_DEBUG
>  //#define TCGBIOS_DEBUG
> @@ -852,6 +853,52 @@ static uint32_t tpm_add_measurement_to_log(uint32_t pcrindex,
>  	return tpm_log_event_long(&le.hdr, digest_len, info, infolen);
>  }
>  
> +/*
> + * Measure the contents of a buffer into the given PCR and log it with the
> + * given eventtype. If is_elf is true, try to determine the size of the
> + * ELF file in the buffer and use its size rather than the much larger data
> + * buffer it is held in. In case of failure to detect the ELF file size,
> + * log an error.
> + *
> + * Input parameters:
> + *  @pcrindex : PCR to extend
> + *  @eventtype : type of event
> + *  @data: the buffer to measure
> + *  @datalen: length of the buffer
> + *  @desc: The description to log
> + *  @desclen: The length of the description
> + *  @is_elf: Whether data buffer holds an ELF file and we should determine
> + *           the original file size.
> + *
> + *  Returns 0 on success, an error code otherwise.
> + */
> +uint32_t tpm_hash_log_extend_event_buffer(uint32_t pcrindex, uint32_t eventtype,
> +					  const void *data, uint64_t datalen,
> +					  const char *desc, uint32_t desclen,
> +					  bool is_elf)
> +{
> +	long len;
> +	char buf[256];
> +	int n;
> +
> +	if (is_elf) {
> +		len = elf_get_file_size(data, datalen);
> +		if (len > 0) {
> +			datalen = len;
> +		} else {
> +			n = snprintf(buf, sizeof(buf) - 1,
> +			             "BAD ELF FILE: %s", desc);
> +			buf[n] = 0;


The SLOF's snprintf always writes 0 in the end.



> +			return tpm_add_measurement_to_log(pcrindex, eventtype,
> +					  buf, strlen(buf),
> +					  (uint8_t *)buf, strlen(buf));
> +		}
> +	}
> +	return tpm_add_measurement_to_log(pcrindex, eventtype,
> +					  desc, desclen,
> +					  data, datalen);
> +}
> +
>  /*
>   * Add an EV_ACTION measurement to the list of measurements
>   */
> diff --git a/lib/libtpm/tcgbios.h b/lib/libtpm/tcgbios.h
> index 8174d86..0e7fb8c 100644
> --- a/lib/libtpm/tcgbios.h
> +++ b/lib/libtpm/tcgbios.h
> @@ -32,5 +32,10 @@ void tpm20_menu(void);
>  void tpm_gpt_set_lba1(const uint8_t *addr, uint32_t length);
>  void tpm_gpt_add_entry(const uint8_t *addr, uint32_t length);
>  uint32_t tpm_measure_gpt(void);
> +uint32_t tpm_hash_log_extend_event_buffer(uint32_t pcrindex,
> +					  uint32_t eventtype,
> +					  const void *data, uint64_t datalen,
> +					  const char *desc, uint32_t desclen,
> +					  bool is_elf);
>  
>  #endif /* TCGBIOS_H */
> diff --git a/lib/libtpm/tpm.code b/lib/libtpm/tpm.code
> index 205c608..d67d2c3 100644
> --- a/lib/libtpm/tpm.code
> +++ b/lib/libtpm/tpm.code
> @@ -169,3 +169,22 @@ PRIM(tpm_X2d_measure_X2d_gpt)
>  	PUSH;
>  	TOS.n = tpm_measure_gpt();
>  MIRP
> +

Unrelated.

> +/***********************************************************************************************************/
> +/* Firmware API                                                                                            */
> +/* SLOF:   tpm-hash-log-extend-event-buffer ( pcr evt data-ptr data-len desc-ptr desclen is_elf -- errcode ) */
> +/* LIBTPM: errcode = tpm-hash-log-extend-event-buffer                                                        */
> +/***********************************************************************************************************/
> +PRIM(tpm_X2d_hash_X2d_log_X2d_extend_X2d_event_X2d_buffer)
> +	uint32_t is_elf  = TOS.u; POP;
> +	uint32_t desclen = TOS.u; POP;
> +	const char *desc = TOS.a; POP;
> +	uint64_t datalen = TOS.u; POP;
> +	const void *data = TOS.a; POP;
> +	uint32_t eventtype = TOS.u; POP;
> +	uint32_t pcrindex = TOS.u;
> +
> +	TOS.n = tpm_hash_log_extend_event_buffer(pcrindex, eventtype,
> +					         data, datalen,
> +					         desc, desclen, is_elf);
> +MIRP
> diff --git a/lib/libtpm/tpm.in b/lib/libtpm/tpm.in
> index bdbc47d..fb54754 100644
> --- a/lib/libtpm/tpm.in
> +++ b/lib/libtpm/tpm.in
> @@ -28,3 +28,4 @@ cod(tpm20-menu)
>  cod(tpm-gpt-set-lba1)
>  cod(tpm-gpt-add-entry)
>  cod(tpm-measure-gpt)
> +cod(tpm-hash-log-extend-event-buffer)
> 

-- 
Alexey

More information about the SLOF mailing list