[SLOF] Bootloader code not measured into TPM PCR 4
Gary Lin
glin at suse.com
Fri Jan 3 17:28:45 AEDT 2025
Hi,
While testing the TPM 2.0 support for SLOF, I found that the bootloader
is not measured into PCR 4. According to the change for tcgbios(*), the
bootloader in prep partition will be measured along with the string
"BOOTLOADER". However, the TPM PCR 4 event from the event log seems
only containing the string.
- EventNum: 12
PCRIndex: 4
EventType: EV_COMPACT_HASH
DigestCount: 4
Digests:
- AlgorithmId: sha1
Digest: "3faa16f266b7387d7ebefc0c3cbeefac1323ff53"
- AlgorithmId: sha256
Digest: "2c3d2fb985064cf2080363c76016f6d73af4b08f4d7722191f948bbe0875ec4f"
- AlgorithmId: sha384
Digest: "153c3fd4dececf56ebc6a9026523cafbe9b41d65f7828f687103a16fd4cacdd7c147be4f572a3e845e6b72719010a64d"
- AlgorithmId: sha512
Digest: "95846b950d017c26de2173ab92371edab8992d6a3ba8517d27d2a24d4be9d0e908e61772589d93c18e6cf9fe4ee0ae7da31fb7b54517c7f932acd628221d638c"
EventSize: 10
Event: "424f4f544c4f41444552"
The event size is only 10 and the content is the ASCII code of
"BOOTLOADER". I'd expect grub.elf to be measured into PCR 4.
BTW, to make 'tpm2_eventlog' work, I have to tweak the scrtm string from
"S-CRTM Contents" to "SLOF S-CRTM Contents", or 'tpm2_eventlog'
complains "size is insufficient for UEFI FW blob data". According to
"TCG PC Client Platform Firmware Profile Specification",
"EV_S_CRTM_CONTENTS" "SHOULD contain a UEFI_PLATFORM_FIRMWARE_BLOB2
structure." UEFI_PLATFORM_FIRMWARE_BLOB2 is 16 bytes, and
"S-CRTM Contents" is only 15 bytes, so I added "SLOF " to make
'tpm2_eventlog' happy.
Thanks,
Gary Lin
(*) https://github.com/aik/SLOF/commit/9e199d2c998d704a1a41280436d4cc258ee1f1af
More information about the SLOF
mailing list