[SLOF] Some problems with TPM2 EFI GPT Events in SLOF

Gary Lin glin at suse.com
Fri Feb 14 18:49:48 AEDT 2025 

Hi,

When working on PPC64 support for pcr-oracle, it failed to reconstruct
PCR5 digest. After inspecting the events, I found that the EFI GPT
events measured by SLOF is a bit different from the one measured by
edk2.

Per TCG PFP, EFI GPT event uses UEFI_GPT_DATA structure.

typedef struct {
    UEFI_PARTITION_TABLE_HEADER UEFIPartitionHeader;
    UINT64 NumberOfPartitions;
    UEFI_PARTITION_ENTRYPartitions[NumberOfPartitions];
} UEFI_GPT_DATA;

GPT header in UEFI spec 2.11:
https://uefi.org/specs/UEFI/2.11/05_GUID_Partition_Table_Format.html#gpt-header

In edk2:
EFI_TABLE_HEADER
https://github.com/tianocore/edk2/blob/edk2-stable202411/MdePkg/Include/Uefi/UefiMultiPhase.h#L165-L192
EFI_PARTITION_TABLE_HEADER
https://github.com/tianocore/edk2/blob/edk2-stable202411/MdePkg/Include/Uefi/UefiGpt.h#L31-L81

In SLOF:
EFI_TABLE_HEADER + EFI_PARTITION_TABLE_HEADER
https://github.com/aik/SLOF/blob/qemu-slof-20241106/lib/libtpm/tcgbios_int.h#L99-L120

Ironically, SLOF followed UEFI spec to define the 'Reserved' field while
edk2 didn't, so SLOF measured the extra 420 bytes. However, the
partitioning tool sets the 'HeaderSize' as 92 rather than the block
size. Since the block size could be 512 or 4096, it makes sense
to measure the header according to the 'HeaderSize' rather than a full
block.

Another problem: 'NumberOfPartitions' is not little-endian.

::: 00819: event type=EFI_GPT_EVENT pcr=5 digests=4 data=776 bytes
:::   EFI GPT
:::   sha256     04c59c153dbbe38a456e54db06a6417c4e190372d2e96689f4e4220be4fbb7c8
:::   Data:
:::         0000  45 46 49 20 50 41 52 54 00 00 01 00 5c 00 00 00 fb b8 4d 59 00 00 00 00 01 00 00 00 00 00 00 00 EFI.PART....\.....MY............
:::         0020  ff ff ff 04 00 00 00 00 22 00 00 00 00 00 00 00 de ff ff 04 00 00 00 00 68 68 8e 48 3a 66 8d 4c ........"...............hh.H:f.L
:::         0040  ba 10 12 38 ee 5a 1f e3 02 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 bc fa cf 57 00 00 00 00 ...8.Z.....................W....
:::         0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         0080  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         00a0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         00c0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         00e0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         0100  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         0120  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         0140  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         0160  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         0180  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         01a0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         01c0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         01e0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         0200  00 00 00 00 00 00 00 02 38 2d 1a 9e 12 c6 16 43 aa 26 8b 49 52 1e 5a 8b ad 5b 2f 82 99 d8 d7 49 ........8-.....C.&.IR.Z..[/....I
                  ^^^^^^^^^^^^^^^^^^^^^^^
                  NumberOfPartitions
:::         0220  a6 d8 8b 29 6a ec 2a 21 00 08 00 00 00 00 00 00 ff 47 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...)j.*!.........G..............
:::         0240  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         0260  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         0280  00 00 00 00 00 00 00 00 af 3d c6 0f 83 84 72 47 8e 79 3d 69 d8 47 7d e4 2e 4c 5f 1b 2e 38 2c 4b .........=....rG.y=i.G}..L_..8,K
:::         02a0  b9 91 21 a8 80 4a 4f da 00 48 00 00 00 00 00 00 de ff ff 04 00 00 00 00 00 00 00 00 00 00 00 00 ..!..JO..H......................
:::         02c0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         02e0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................................
:::         0300  00 00 00 00 00 00 00 00                                                                         ........

I'd expect NumberOfPartitions to be little-endian as other UEFI
structures.

Cheers,

Gary Lin

More information about the SLOF mailing list