[SLOF] Bootloader code not measured into TPM PCR 4
Gary Lin
glin at suse.com
Thu Dec 26 20:09:29 AEDT 2024
Hi,
While testing the TPM 2.0 support for SLOF, I found that the bootloader
is not measured into PCR 4. According to the change for tcgbios, the
bootloader in prep partition will be measured along with the string
"BOOTLOADER". However, the TPM event for PCR 4 from the event log seems
only containing the string.
- EventNum: 12
PCRIndex: 4
EventType: EV_COMPACT_HASH
DigestCount: 4
Digests:
- AlgorithmId: sha1
Digest: "3faa16f266b7387d7ebefc0c3cbeefac1323ff53"
- AlgorithmId: sha256
Digest: "2c3d2fb985064cf2080363c76016f6d73af4b08f4d7722191f948bbe0875ec4f"
- AlgorithmId: sha384
Digest: "153c3fd4dececf56ebc6a9026523cafbe9b41d65f7828f687103a16fd4cacdd7c147be4f572a3e845e6b72719010a64d"
- AlgorithmId: sha512
Digest: "95846b950d017c26de2173ab92371edab8992d6a3ba8517d27d2a24d4be9d0e908e61772589d93c18e6cf9fe4ee0ae7da31fb7b54517c7f932acd628221d638c"
EventSize: 10
Event: "424f4f544c4f41444552"
The event size is only 10 and the content is the ASCII code of
"BOOTLOADER". I'd expect grub.elf to be measured into PCR 4.
BTW, to make 'tpm2_eventlog' work, I have to tweak the scrtm string from
"S-CRTM Contents" to "SLOF S-CRTM Contents", or 'tpm2_eventlog'
complains "size is insufficient for UEFI FW blob data". According to
"TCG PC Client Platform Firmware Profile Specification",
"EV_S_CRTM_CONTENTS" "SHOULD contain a UEFI_PLATFORM_FIRMWARE_BLOB2
structure." UEFI_PLATFORM_FIRMWARE_BLOB2 is 16 bytes, and
"S-CRTM Contents" is only 15 bytes, so I add a few bytes to make
'tpm2_eventlog' happy.
Thanks,
Gary Lin
(*) https://github.com/aik/SLOF/commit/9e199d2c998d704a1a41280436d4cc258ee1f1af
More information about the SLOF
mailing list