Re: [PATCH 7/7] tpm: allow the user to select the compiled algorithms
On Sat, 22 Jun 2024 at 19:34, Heinrich Schuchardt wrote:
>
> On 22.06.24 16:35, Ilias Apalodimas wrote:
> > Simon reports that after enabling all algorithms on the TPM some boards
> > fail since they don't have enough storage to accommodate the ~5KB growth.
> >
> > The choice of hash algorithms are determined by the platform and the TPM
> > configuration. Failing to cap a PCR in a bank which the platform left
> > active is a security vulnerability. It might allow unsealing of secrets
> > if an attacker can replay a good set of measurements into an unused bank.
> >
> > If MEASURED_BOOT or EFI_TCG2_PROTOCOL is enabled our Kconfig will enable
> > all supported hashing algorithms. We still want to allow users to add a
> > TPM and not enable measured boot via EFI or bootm though and at the same
> > time, control the compiled algorithms for size reasons.
> >
> > So let's add a function tpm2_allow_extend() which checks the TPM active
> > PCRs banks against the one U-Boot was compiled with.
> > If all the active PCRs banks are not enabled refuse to extend a PCR but
> > otherwise leave the TPM functional.
>
> The paragraph above is bit hard to read. I guess you mean:
>
> We only allow extending PCRs using one of the algorithms selected in the
> configuration.
Yes
>
> >
> > It's worth noting that this is only added on TPM2.0, since TPM1.2 is
> > lacking a lot of code at the moment to read the available PCRs.
> > We unconditionally enable SHA1 when a TPM is selected, which is the only
> > hashing algorithm v1.2 supports.
>
> Why do we need SHA1 if we cannot access PCRs on a TPM1.2?
You can. On TPM1.2 we don't have the functions to check for the active
PCR banks. So I am unconditionally enabling SHA1, which is the only
hashing algo TPM1.2 supports.
Thanks
/Ilias
>
> Best regards
>
> Heinrich
>
> >
> > Signed-off-by: Ilias Apalodimas
> > ---
> > boot/Kconfig | 4
> > include/tpm-v2.h | 59 +++-
> > lib/Kconfig | 6 ++---
> > lib/tpm-v2.c | 40 +---
> > 4 files changed, 87 insertions(+), 22 deletions(-)
> >
> > diff --git a/boot/Kconfig b/boot/Kconfig
> > index 6f3096c15a6f..b061891e109c 100644
> > --- a/boot/Kconfig
> > +++ b/boot/Kconfig
> > @@ -734,6 +734,10 @@ config LEGACY_IMAGE_FORMAT
> > config MEASURED_BOOT
> > bool "Measure boot images and configuration when booting without EFI"
> > depends on HASH && TPM_V2
> > + select SHA1
> > + select SHA256
> > + select SHA384
> > + select SHA512
> > help
> > This option enables measurement of the boot process when booting
> > without UEFI . Measurement involves creating cryptographic hashes
> > diff --git a/include/tpm-v2.h b/include/tpm-v2.h
> > index eac04d1c6831..fccb07fa4695 100644
> > --- a/include/tpm-v2.h
> > +++ b/include/tpm-v2.h
> > @@ -277,48 +277,40 @@ struct digest_info {
> > #define TCG2_BOOT_HASH_ALG_SM3_256 0x0010
> >
> > static const struct digest_info hash_algo_list[] = {
> > +#if IS_ENABLED(CONFIG_SHA1)
> > {
> > "sha1",
> > TPM2_ALG_SHA1,
> > TCG2_BOOT_HASH_ALG_SHA1,
> > TPM2_SHA1_DIGEST_SIZE,
> > },
> > +#endif
> > +#if IS_ENABLED(CONFIG_SHA256)
> > {
> > "sha256",
> > TPM2_ALG_SHA256,
> > TCG2_BOOT_HASH_ALG_SHA256,
> > TPM2_SHA256_DIGEST_SIZE,
> > },
> > +#endif
> > +#if IS_ENABLED(CONFIG_SHA384)
> > {
> > "sha384",
> > TPM2_ALG_SHA384,
> > TCG2_BOOT_HASH_ALG_SHA384,
> > TPM2_SHA384_DIGEST_SIZE,
> > },
> > +#endif
> > +#if IS_ENABLED(CONFIG_SHA512)
> > {
> > "sha512",
> > TPM2_ALG_SHA512,
> > TCG2_BOOT_HASH_ALG_SHA512,
> > TPM2_SHA512_DIGEST_SIZE,
> > },
> > +#endif
> > };
> >
> > -static inline u16 tpm2_algorithm_to_len(enum tpm2_algorithms a)
> > -{
> > - switch (a) {
> > - case TPM2_ALG_SHA1:
> > - return TPM2_SHA1_DIGEST_SIZE;
> > - case TPM2_ALG_SHA256:
> > - return TPM2_SHA256_DIGEST_SIZE;
> > - case TPM2_ALG_SHA384:
> > - return TPM2_SHA384_DIGEST_SIZE;
> > - case TPM2_ALG_SHA512:
> > - return TPM2_SHA512_DIGEST_SIZE;
> > - default:
> > - return 0;
> > - }
> > -}
> > -
> > /* NV index attributes */
> > enum tpm_index_attrs {
> > TPMA_NV_PPWRITE = 1UL << 0,
> > @@ -711,6 +703,41 @@ enum tpm2_algorithms tpm2_name_to_algorithm(const char
> > *name);
> >*/
> > const char *tpm2_algorithm_name(enum tpm2_algorithms);
> >
> > +/**
> > + * tpm2_algorithm_to_len() - Return an algorithm length for supported
> > algorithm id
> > + *
> > + * @algorithm_id: algorithm defined in enum tpm2_algorithms
> > + * Return: len or 0 if not supported
> > + */
> > +u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo);
> > +
>
Re: [PATCH 7/7] tpm: allow the user to select the compiled algorithms
On 22.06.24 16:35, Ilias Apalodimas wrote:
Simon reports that after enabling all algorithms on the TPM some boards
fail since they don't have enough storage to accommodate the ~5KB growth.
The choice of hash algorithms are determined by the platform and the TPM
configuration. Failing to cap a PCR in a bank which the platform left
active is a security vulnerability. It might allow unsealing of secrets
if an attacker can replay a good set of measurements into an unused bank.
If MEASURED_BOOT or EFI_TCG2_PROTOCOL is enabled our Kconfig will enable
all supported hashing algorithms. We still want to allow users to add a
TPM and not enable measured boot via EFI or bootm though and at the same
time, control the compiled algorithms for size reasons.
So let's add a function tpm2_allow_extend() which checks the TPM active
PCRs banks against the one U-Boot was compiled with.
If all the active PCRs banks are not enabled refuse to extend a PCR but
otherwise leave the TPM functional.
The paragraph above is bit hard to read. I guess you mean:
We only allow extending PCRs using one of the algorithms selected in the
configuration.
It's worth noting that this is only added on TPM2.0, since TPM1.2 is
lacking a lot of code at the moment to read the available PCRs.
We unconditionally enable SHA1 when a TPM is selected, which is the only
hashing algorithm v1.2 supports.
Why do we need SHA1 if we cannot access PCRs on a TPM1.2?
Best regards
Heinrich
Signed-off-by: Ilias Apalodimas
---
boot/Kconfig | 4
include/tpm-v2.h | 59 +++-
lib/Kconfig | 6 ++---
lib/tpm-v2.c | 40 +---
4 files changed, 87 insertions(+), 22 deletions(-)
diff --git a/boot/Kconfig b/boot/Kconfig
index 6f3096c15a6f..b061891e109c 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -734,6 +734,10 @@ config LEGACY_IMAGE_FORMAT
config MEASURED_BOOT
bool "Measure boot images and configuration when booting without EFI"
depends on HASH && TPM_V2
+ select SHA1
+ select SHA256
+ select SHA384
+ select SHA512
help
This option enables measurement of the boot process when booting
without UEFI . Measurement involves creating cryptographic hashes
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index eac04d1c6831..fccb07fa4695 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -277,48 +277,40 @@ struct digest_info {
#define TCG2_BOOT_HASH_ALG_SM3_256 0x0010
static const struct digest_info hash_algo_list[] = {
+#if IS_ENABLED(CONFIG_SHA1)
{
"sha1",
TPM2_ALG_SHA1,
TCG2_BOOT_HASH_ALG_SHA1,
TPM2_SHA1_DIGEST_SIZE,
},
+#endif
+#if IS_ENABLED(CONFIG_SHA256)
{
"sha256",
TPM2_ALG_SHA256,
TCG2_BOOT_HASH_ALG_SHA256,
TPM2_SHA256_DIGEST_SIZE,
},
+#endif
+#if IS_ENABLED(CONFIG_SHA384)
{
"sha384",
TPM2_ALG_SHA384,
TCG2_BOOT_HASH_ALG_SHA384,
TPM2_SHA384_DIGEST_SIZE,
},
+#endif
+#if IS_ENABLED(CONFIG_SHA512)
{
"sha512",
TPM2_ALG_SHA512,
TCG2_BOOT_HASH_ALG_SHA512,
TPM2_SHA512_DIGEST_SIZE,
},
+#endif
};
-static inline u16 tpm2_algorithm_to_len(enum tpm2_algorithms a)
-{
- switch (a) {
- case TPM2_ALG_SHA1:
- return TPM2_SHA1_DIGEST_SIZE;
- case TPM2_ALG_SHA256:
- return TPM2_SHA256_DIGEST_SIZE;
- case TPM2_ALG_SHA384:
- return TPM2_SHA384_DIGEST_SIZE;
- case TPM2_ALG_SHA512:
- return TPM2_SHA512_DIGEST_SIZE;
- default:
- return 0;
- }
-}
-
/* NV index attributes */
enum tpm_index_attrs {
TPMA_NV_PPWRITE = 1UL << 0,
@@ -711,6 +703,41 @@ enum tpm2_algorithms tpm2_name_to_algorithm(const char
*name);
*/
const char *tpm2_algorithm_name(enum tpm2_algorithms);
+/**
+ * tpm2_algorithm_to_len() - Return an algorithm length for supported
algorithm id
+ *
+ * @algorithm_id: algorithm defined in enum tpm2_algorithms
+ * Return: len or 0 if not supported
+ */
+u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo);
+
+/*
+ * When measured boot is enabled via EFI or bootX commands all the algorithms
+ * above are selected by our Kconfigs. Due to U-Boots nature of being small
there
+ * are cases where we need some functionality from the TPM -- e.g storage or
RNG
+ * but we don't want to support measurements.
+ *
+ * The choice of hash algorithms are determined by the platform and the TPM
+ * configuration. Failing to cap a PCR in a bank which the platform left
+ * active is a security vulnerability. It permits the unsealing of secrets
+ * if an attacker can replay a good set of measurements into an unused bank.
+ *
+ * On top of that a previous stage bootl
[PATCH 7/7] tpm: allow the user to select the compiled algorithms
Simon reports that after enabling all algorithms on the TPM some boards
fail since they don't have enough storage to accommodate the ~5KB growth.
The choice of hash algorithms are determined by the platform and the TPM
configuration. Failing to cap a PCR in a bank which the platform left
active is a security vulnerability. It might allow unsealing of secrets
if an attacker can replay a good set of measurements into an unused bank.
If MEASURED_BOOT or EFI_TCG2_PROTOCOL is enabled our Kconfig will enable
all supported hashing algorithms. We still want to allow users to add a
TPM and not enable measured boot via EFI or bootm though and at the same
time, control the compiled algorithms for size reasons.
So let's add a function tpm2_allow_extend() which checks the TPM active
PCRs banks against the one U-Boot was compiled with.
If all the active PCRs banks are not enabled refuse to extend a PCR but
otherwise leave the TPM functional.
It's worth noting that this is only added on TPM2.0, since TPM1.2 is
lacking a lot of code at the moment to read the available PCRs.
We unconditionally enable SHA1 when a TPM is selected, which is the only
hashing algorithm v1.2 supports.
Signed-off-by: Ilias Apalodimas
---
boot/Kconfig | 4
include/tpm-v2.h | 59 +++-
lib/Kconfig | 6 ++---
lib/tpm-v2.c | 40 +---
4 files changed, 87 insertions(+), 22 deletions(-)
diff --git a/boot/Kconfig b/boot/Kconfig
index 6f3096c15a6f..b061891e109c 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -734,6 +734,10 @@ config LEGACY_IMAGE_FORMAT
config MEASURED_BOOT
bool "Measure boot images and configuration when booting without EFI"
depends on HASH && TPM_V2
+ select SHA1
+ select SHA256
+ select SHA384
+ select SHA512
help
This option enables measurement of the boot process when booting
without UEFI . Measurement involves creating cryptographic hashes
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index eac04d1c6831..fccb07fa4695 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -277,48 +277,40 @@ struct digest_info {
#define TCG2_BOOT_HASH_ALG_SM3_256 0x0010
static const struct digest_info hash_algo_list[] = {
+#if IS_ENABLED(CONFIG_SHA1)
{
"sha1",
TPM2_ALG_SHA1,
TCG2_BOOT_HASH_ALG_SHA1,
TPM2_SHA1_DIGEST_SIZE,
},
+#endif
+#if IS_ENABLED(CONFIG_SHA256)
{
"sha256",
TPM2_ALG_SHA256,
TCG2_BOOT_HASH_ALG_SHA256,
TPM2_SHA256_DIGEST_SIZE,
},
+#endif
+#if IS_ENABLED(CONFIG_SHA384)
{
"sha384",
TPM2_ALG_SHA384,
TCG2_BOOT_HASH_ALG_SHA384,
TPM2_SHA384_DIGEST_SIZE,
},
+#endif
+#if IS_ENABLED(CONFIG_SHA512)
{
"sha512",
TPM2_ALG_SHA512,
TCG2_BOOT_HASH_ALG_SHA512,
TPM2_SHA512_DIGEST_SIZE,
},
+#endif
};
-static inline u16 tpm2_algorithm_to_len(enum tpm2_algorithms a)
-{
- switch (a) {
- case TPM2_ALG_SHA1:
- return TPM2_SHA1_DIGEST_SIZE;
- case TPM2_ALG_SHA256:
- return TPM2_SHA256_DIGEST_SIZE;
- case TPM2_ALG_SHA384:
- return TPM2_SHA384_DIGEST_SIZE;
- case TPM2_ALG_SHA512:
- return TPM2_SHA512_DIGEST_SIZE;
- default:
- return 0;
- }
-}
-
/* NV index attributes */
enum tpm_index_attrs {
TPMA_NV_PPWRITE = 1UL << 0,
@@ -711,6 +703,41 @@ enum tpm2_algorithms tpm2_name_to_algorithm(const char
*name);
*/
const char *tpm2_algorithm_name(enum tpm2_algorithms);
+/**
+ * tpm2_algorithm_to_len() - Return an algorithm length for supported
algorithm id
+ *
+ * @algorithm_id: algorithm defined in enum tpm2_algorithms
+ * Return: len or 0 if not supported
+ */
+u16 tpm2_algorithm_to_len(enum tpm2_algorithms algo);
+
+/*
+ * When measured boot is enabled via EFI or bootX commands all the algorithms
+ * above are selected by our Kconfigs. Due to U-Boots nature of being small
there
+ * are cases where we need some functionality from the TPM -- e.g storage or
RNG
+ * but we don't want to support measurements.
+ *
+ * The choice of hash algorithms are determined by the platform and the TPM
+ * configuration. Failing to cap a PCR in a bank which the platform left
+ * active is a security vulnerability. It permits the unsealing of secrets
+ * if an attacker can replay a good set of measurements into an unused bank.
+ *
+ * On top of that a previous stage bootloader (e.g TF-A), migh pass an eventlog
+ * since it doesn't have a TPM driver, which U-Boot needs to replace. The
algorit h
+ * choice is a compile time option in that case and we need to make sure we
conform.
+ *
+ * Add a variable here that sums the supported algorithms U-Boot was compil
