[SLOF] Some problems with TPM2 EFI GPT Events in SLOF
Stefan Berger
stefanb at linux.ibm.com
Tue Mar 25 04:11:16 AEDT 2025
Thanks for the explanations. I will post 2 patches with fixes shortly.
Regards,
Stefan
On 3/24/25 11:01 AM, Thomas Huth wrote:
> On 14/02/2025 08.49, Gary Lin wrote:
>> Hi,
>>
>> When working on PPC64 support for pcr-oracle, it failed to reconstruct
>> PCR5 digest. After inspecting the events, I found that the EFI GPT
>> events measured by SLOF is a bit different from the one measured by
>> edk2.
>>
>> Per TCG PFP, EFI GPT event uses UEFI_GPT_DATA structure.
>>
>> typedef struct {
>> UEFI_PARTITION_TABLE_HEADER UEFIPartitionHeader;
>> UINT64 NumberOfPartitions;
>> UEFI_PARTITION_ENTRYPartitions[NumberOfPartitions];
>> } UEFI_GPT_DATA;
>>
>> GPT header in UEFI spec 2.11:
>> https://uefi.org/specs/
>> UEFI/2.11/05_GUID_Partition_Table_Format.html#gpt-header
>>
>> In edk2:
>> EFI_TABLE_HEADER
>> https://github.com/tianocore/edk2/blob/edk2-stable202411/MdePkg/
>> Include/Uefi/UefiMultiPhase.h#L165-L192
>> EFI_PARTITION_TABLE_HEADER
>> https://github.com/tianocore/edk2/blob/edk2-stable202411/MdePkg/
>> Include/Uefi/UefiGpt.h#L31-L81
>>
>> In SLOF:
>> EFI_TABLE_HEADER + EFI_PARTITION_TABLE_HEADER
>> https://github.com/aik/SLOF/blob/qemu-slof-20241106/lib/libtpm/
>> tcgbios_int.h#L99-L120
>>
>> Ironically, SLOF followed UEFI spec to define the 'Reserved' field while
>> edk2 didn't, so SLOF measured the extra 420 bytes. However, the
>> partitioning tool sets the 'HeaderSize' as 92 rather than the block
>> size. Since the block size could be 512 or 4096, it makes sense
>> to measure the header according to the 'HeaderSize' rather than a full
>> block.
>>
>> Another problem: 'NumberOfPartitions' is not little-endian.
>>
>> ::: 00819: event type=EFI_GPT_EVENT pcr=5 digests=4 data=776 bytes
>> ::: EFI GPT
>> ::: sha256
>> 04c59c153dbbe38a456e54db06a6417c4e190372d2e96689f4e4220be4fbb7c8
>> ::: Data:
>> ::: 0000 45 46 49 20 50 41 52 54 00 00 01 00 5c 00 00 00 fb
>> b8 4d 59 00 00 00 00 01 00 00 00 00 00 00 00 EFI.PART....
>> \.....MY............
>> ::: 0020 ff ff ff 04 00 00 00 00 22 00 00 00 00 00 00 00 de
>> ff ff 04 00 00 00 00 68 68 8e 48 3a 66 8d
>> 4c ........"...............hh.H:f.L
>> ::: 0040 ba 10 12 38 ee 5a 1f e3 02 00 00 00 00 00 00 00 80
>> 00 00 00 80 00 00 00 bc fa cf 57 00 00 00
>> 00 ...8.Z.....................W....
>> ::: 0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 0140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 0160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 0180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 01a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 01c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 01e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 0200 00 00 00 00 00 00 00 02 38 2d 1a 9e 12 c6 16 43 aa
>> 26 8b 49 52 1e 5a 8b ad 5b 2f 82 99 d8 d7 49 ........8-.....C.&.IR.Z..
>> [/....I
>> ^^^^^^^^^^^^^^^^^^^^^^^
>> NumberOfPartitions
>> ::: 0220 a6 d8 8b 29 6a ec 2a 21 00 08 00 00 00 00 00 00 ff
>> 47 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ...)j.*!.........G..............
>> ::: 0240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 0260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 0280 00 00 00 00 00 00 00 00 af 3d c6 0f 83 84 72 47 8e
>> 79 3d 69 d8 47 7d e4 2e 4c 5f 1b 2e 38 2c
>> 4b .........=....rG.y=i.G}..L_..8,K
>> ::: 02a0 b9 91 21 a8 80 4a 4f da 00 48 00 00 00 00 00 00 de
>> ff ff 04 00 00 00 00 00 00 00 00 00 00 00
>> 00 ..!..JO..H......................
>> ::: 02c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 02e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> 00 ................................
>> ::: 0300 00 00 00 00 00 00 00
>> 00 ........
>>
>> I'd expect NumberOfPartitions to be little-endian as other UEFI
>> structures.
>
> Hi Gary,
>
> the TPM stuff has beem implemented by Stefan Berger, not sure whether
> he's actively reading this mailing list, so it's likely best to CC: him
> on such questions (done now).
>
> Thomas
>
More information about the SLOF
mailing list