[SLOF] Bootloader code not measured into TPM PCR 4

Gary Lin glin at suse.com
Thu Jan 9 19:12:37 AEDT 2025 

On Fri, Jan 03, 2025 at 02:28:45PM +0800, Gary Lin wrote:
> Hi,
> 
> While testing the TPM 2.0 support for SLOF, I found that the bootloader
> is not measured into PCR 4. According to the change for tcgbios(*), the
> bootloader in prep partition will be measured along with the string
> "BOOTLOADER". However, the TPM PCR 4 event from the event log seems
> only containing the string.
> 
> - EventNum: 12
>   PCRIndex: 4
>   EventType: EV_COMPACT_HASH
>   DigestCount: 4
>   Digests:
>   - AlgorithmId: sha1
>     Digest: "3faa16f266b7387d7ebefc0c3cbeefac1323ff53"
>   - AlgorithmId: sha256
>     Digest: "2c3d2fb985064cf2080363c76016f6d73af4b08f4d7722191f948bbe0875ec4f"
>   - AlgorithmId: sha384
>     Digest: "153c3fd4dececf56ebc6a9026523cafbe9b41d65f7828f687103a16fd4cacdd7c147be4f572a3e845e6b72719010a64d"
>   - AlgorithmId: sha512
>     Digest: "95846b950d017c26de2173ab92371edab8992d6a3ba8517d27d2a24d4be9d0e908e61772589d93c18e6cf9fe4ee0ae7da31fb7b54517c7f932acd628221d638c"
>   EventSize: 10
>   Event: "424f4f544c4f41444552"
> 
> The event size is only 10 and the content is the ASCII code of
> "BOOTLOADER". I'd expect grub.elf to be measured into PCR 4.
> 
Sorry, it turned out that I misunderstood the event. The sha256 checksum
matches 'sha256sum /boot/grub2/power-ieee1275/core.elf', so SLOF did
measured the bootloader. I originally expected 'Event:' containing the
data being measured, and it's obviously not true.

Gary Lin

> BTW, to make 'tpm2_eventlog' work, I have to tweak the scrtm string from
> "S-CRTM Contents" to "SLOF S-CRTM Contents", or 'tpm2_eventlog'
> complains "size is insufficient for UEFI FW blob data". According to
> "TCG PC Client Platform Firmware Profile Specification", 
> "EV_S_CRTM_CONTENTS" "SHOULD contain a UEFI_PLATFORM_FIRMWARE_BLOB2
> structure." UEFI_PLATFORM_FIRMWARE_BLOB2 is 16 bytes, and
> "S-CRTM Contents" is only 15 bytes, so I added "SLOF " to make
> 'tpm2_eventlog' happy.
> 
> Thanks,
> 
> Gary Lin
> 
> (*) https://github.com/aik/SLOF/commit/9e199d2c998d704a1a41280436d4cc258ee1f1af

More information about the SLOF mailing list