Re: [PATCH v9 3/6] tpm: Support boot measurements
Ok thanks.
I am on PTO this week. I'll have a look once I get back
Cheers
Ilias
On Mon, Apr 10, 2023, 19:18 Eddie James wrote:
>
> On 4/6/23 04:18, Ilias Apalodimas wrote:
> > Hi Eddie,
> >
> > Do you plan on resending this?
> > If yes, I can spend some time trying to figure out the CI failures and
> > send you a patch.
>
>
> Hi,
>
> Yes I do, I have been short on time. I was a bit confused by the CI, it
> didn't seem to run with the updated v9? I believed I had fixed at least
> some of the failures with patch 2 to update the sandbox driver. I also
> haven't figured out how to run the ci suite locally
>
> Thanks,
>
> Eddie
>
> >
> > Thanks
> > /Ilias
> >
> >
> > On Wed, 8 Mar 2023 at 23:25, Eddie James wrote:
> >> Add TPM2 functions to support boot measurement. This includes
> >> starting up the TPM, initializing/appending the event log, and
> >> measuring the U-Boot version. Much of the code was used in the
> >> EFI subsystem, so remove it there and use the common functions.
> >>
> >> Signed-off-by: Eddie James
> >> ---
> >> Changes since v8:
> >> - Fix log parsing again - any data corruption seen while replaying the
> >> event log was failing the entire measurement.
> >> - Added an option to ignore the existing log. This should only be used
> >> for systems that know that U-Boot is the first stage bootloader.
> This
> >> is necessary because the reserved memory region may persist through
> >> resets and so U-Boot attempts to append to the previous boot's log.
> >>
> >> Changes since v7:
> >> - Change name of tcg2_init_log and add more documentation
> >> - Add a check, when parsing the event log header, to ensure that the
> >> previous stage bootloader used all the active PCRs.
> >> - Change name of tcg2_log_find_end
> >> - Fix the greater than or equal to check to exit the log parsing
> >> - Make sure log_position is 0 if there is any error discovering the
> log
> >> - Return errors parsing the log if the data is corrupt so that we
> don't
> >> end up with half a log
> >>
> >> Changes since v6:
> >> - Added Linaro copyright for all the EFI moved code
> >> - Changed tcg2_init_log (and by extension, tcg2_measurement_init) to
> >> copy any discovered event log to the user's log if passed in.
> >>
> >> Changes since v5:
> >> - Remove unused platform_get_eventlog in efi_tcg2.c
> >> - First look for tpm_event_log_* properties instead of linux,sml-*
> >> - Fix efi_tcg2.c compilation
> >> - Select SHA* configs
> >>
> >> Changes since v4:
> >> - Remove tcg2_measure_event function and check for NULL data in
> >> tcg2_measure_data
> >> - Use tpm_auto_startup
> >> - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
> >>
> >> Changes since v3:
> >> - Reordered headers
> >> - Refactored more of EFI code into common code
> >> Removed digest_info structure and instead used the common
> alg_to_mask
> >>and alg_to_len
> >> Improved event log parsing in common code to get it equivalent to
> EFI
> >>Common code now extends PCR if previous bootloader stage couldn't
> >>No need to allocate memory in the common code, so EFI copies the
> >>discovered buffer like it did before
> >> Rename efi measure_event function
> >>
> >> Changes since v1:
> >> - Refactor TPM layer functions to allow EFI system to use them, and
> >> remove duplicate EFI functions
> >>
> >> include/efi_tcg2.h| 44 --
> >> include/tpm-v2.h | 259 +
> >> lib/Kconfig |4 +
> >> lib/efi_loader/efi_tcg2.c | 1054 +++--
> >> lib/tpm-v2.c | 814
> >> 5 files changed, 1154 insertions(+), 1021 deletions(-)
> >>
> >> diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h
> >> index b1c3abd097..b21c5cb3dd 100644
> >> --- a/include/efi_tcg2.h
> >> +++ b/include/efi_tcg2.h
> >> @@ -129,50 +129,6 @@ struct efi_tcg2_boot_service_capability {
> >> #define BOOT_SERVICE_CAPABILITY_MIN \
> >> offsetof(struct efi_tcg2_boot_service_capability,
> number_of_pcr_banks)
> >>
> >> -#define TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03 "Spec ID Event03"
> >> -#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2 2
> >> -#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 0
> >> -#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2 2
> >> -
> >> -/**
> >> - * struct TCG_EfiSpecIdEventAlgorithmSize - hashing algorithm
> information
> >> - *
> >> - * @algorithm_id: algorithm defined in enum tpm2_algorithms
> >> - * @digest_size: size of the algorithm
> >> - */
> >> -struct tcg_efi_spec_id_event_algorithm_size {
> >> - u16 algorithm_id;
> >> - u16 digest_size;
> >> -} __packed;
> >> -
> >> -/**
> >> - * struct TCG_EfiSpecIDEventStruct - content of the event log header
> >> - *
> >> - * @signature: signature, set to Spec ID Event03
> >> - * @platform_class:class
Re: [PATCH v9 3/6] tpm: Support boot measurements
On 4/6/23 04:18, Ilias Apalodimas wrote:
Hi Eddie,
Do you plan on resending this?
If yes, I can spend some time trying to figure out the CI failures and
send you a patch.
Hi,
Yes I do, I have been short on time. I was a bit confused by the CI, it
didn't seem to run with the updated v9? I believed I had fixed at least
some of the failures with patch 2 to update the sandbox driver. I also
haven't figured out how to run the ci suite locally
Thanks,
Eddie
Thanks
/Ilias
On Wed, 8 Mar 2023 at 23:25, Eddie James wrote:
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since v8:
- Fix log parsing again - any data corruption seen while replaying the
event log was failing the entire measurement.
- Added an option to ignore the existing log. This should only be used
for systems that know that U-Boot is the first stage bootloader. This
is necessary because the reserved memory region may persist through
resets and so U-Boot attempts to append to the previous boot's log.
Changes since v7:
- Change name of tcg2_init_log and add more documentation
- Add a check, when parsing the event log header, to ensure that the
previous stage bootloader used all the active PCRs.
- Change name of tcg2_log_find_end
- Fix the greater than or equal to check to exit the log parsing
- Make sure log_position is 0 if there is any error discovering the log
- Return errors parsing the log if the data is corrupt so that we don't
end up with half a log
Changes since v6:
- Added Linaro copyright for all the EFI moved code
- Changed tcg2_init_log (and by extension, tcg2_measurement_init) to
copy any discovered event log to the user's log if passed in.
Changes since v5:
- Remove unused platform_get_eventlog in efi_tcg2.c
- First look for tpm_event_log_* properties instead of linux,sml-*
- Fix efi_tcg2.c compilation
- Select SHA* configs
Changes since v4:
- Remove tcg2_measure_event function and check for NULL data in
tcg2_measure_data
- Use tpm_auto_startup
- Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
Changes since v3:
- Reordered headers
- Refactored more of EFI code into common code
Removed digest_info structure and instead used the common alg_to_mask
and alg_to_len
Improved event log parsing in common code to get it equivalent to EFI
Common code now extends PCR if previous bootloader stage couldn't
No need to allocate memory in the common code, so EFI copies the
discovered buffer like it did before
Rename efi measure_event function
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions
include/efi_tcg2.h| 44 --
include/tpm-v2.h | 259 +
lib/Kconfig |4 +
lib/efi_loader/efi_tcg2.c | 1054 +++--
lib/tpm-v2.c | 814
5 files changed, 1154 insertions(+), 1021 deletions(-)
diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h
index b1c3abd097..b21c5cb3dd 100644
--- a/include/efi_tcg2.h
+++ b/include/efi_tcg2.h
@@ -129,50 +129,6 @@ struct efi_tcg2_boot_service_capability {
#define BOOT_SERVICE_CAPABILITY_MIN \
offsetof(struct efi_tcg2_boot_service_capability, number_of_pcr_banks)
-#define TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03 "Spec ID Event03"
-#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2 2
-#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 0
-#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2 2
-
-/**
- * struct TCG_EfiSpecIdEventAlgorithmSize - hashing algorithm information
- *
- * @algorithm_id: algorithm defined in enum tpm2_algorithms
- * @digest_size: size of the algorithm
- */
-struct tcg_efi_spec_id_event_algorithm_size {
- u16 algorithm_id;
- u16 digest_size;
-} __packed;
-
-/**
- * struct TCG_EfiSpecIDEventStruct - content of the event log header
- *
- * @signature: signature, set to Spec ID Event03
- * @platform_class:class defined in TCG ACPI Specification
- * Client Common Header.
- * @spec_version_minor:minor version
- * @spec_version_major:major version
- * @spec_version_errata: major version
- * @uintn_size:size of the efi_uintn_t fields used in
various
- * data structures used in this specification.
- * 0x01 indicates u32 and 0x02 indicates u64
- * @number_of_algorithms: hashing algorithms used in this event log
- * @digest_sizes: array of number_of_algorithms pairs
- *
Re: [PATCH v9 3/6] tpm: Support boot measurements
Hi Eddie,
Do you plan on resending this?
If yes, I can spend some time trying to figure out the CI failures and
send you a patch.
Thanks
/Ilias
On Wed, 8 Mar 2023 at 23:25, Eddie James wrote:
>
> Add TPM2 functions to support boot measurement. This includes
> starting up the TPM, initializing/appending the event log, and
> measuring the U-Boot version. Much of the code was used in the
> EFI subsystem, so remove it there and use the common functions.
>
> Signed-off-by: Eddie James
> ---
> Changes since v8:
> - Fix log parsing again - any data corruption seen while replaying the
>event log was failing the entire measurement.
> - Added an option to ignore the existing log. This should only be used
>for systems that know that U-Boot is the first stage bootloader. This
>is necessary because the reserved memory region may persist through
>resets and so U-Boot attempts to append to the previous boot's log.
>
> Changes since v7:
> - Change name of tcg2_init_log and add more documentation
> - Add a check, when parsing the event log header, to ensure that the
>previous stage bootloader used all the active PCRs.
> - Change name of tcg2_log_find_end
> - Fix the greater than or equal to check to exit the log parsing
> - Make sure log_position is 0 if there is any error discovering the log
> - Return errors parsing the log if the data is corrupt so that we don't
>end up with half a log
>
> Changes since v6:
> - Added Linaro copyright for all the EFI moved code
> - Changed tcg2_init_log (and by extension, tcg2_measurement_init) to
>copy any discovered event log to the user's log if passed in.
>
> Changes since v5:
> - Remove unused platform_get_eventlog in efi_tcg2.c
> - First look for tpm_event_log_* properties instead of linux,sml-*
> - Fix efi_tcg2.c compilation
> - Select SHA* configs
>
> Changes since v4:
> - Remove tcg2_measure_event function and check for NULL data in
>tcg2_measure_data
> - Use tpm_auto_startup
> - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
>
> Changes since v3:
> - Reordered headers
> - Refactored more of EFI code into common code
> Removed digest_info structure and instead used the common alg_to_mask
> and alg_to_len
> Improved event log parsing in common code to get it equivalent to EFI
> Common code now extends PCR if previous bootloader stage couldn't
> No need to allocate memory in the common code, so EFI copies the
> discovered buffer like it did before
> Rename efi measure_event function
>
> Changes since v1:
> - Refactor TPM layer functions to allow EFI system to use them, and
>remove duplicate EFI functions
>
> include/efi_tcg2.h| 44 --
> include/tpm-v2.h | 259 +
> lib/Kconfig |4 +
> lib/efi_loader/efi_tcg2.c | 1054 +++--
> lib/tpm-v2.c | 814
> 5 files changed, 1154 insertions(+), 1021 deletions(-)
>
> diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h
> index b1c3abd097..b21c5cb3dd 100644
> --- a/include/efi_tcg2.h
> +++ b/include/efi_tcg2.h
> @@ -129,50 +129,6 @@ struct efi_tcg2_boot_service_capability {
> #define BOOT_SERVICE_CAPABILITY_MIN \
> offsetof(struct efi_tcg2_boot_service_capability, number_of_pcr_banks)
>
> -#define TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03 "Spec ID Event03"
> -#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2 2
> -#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 0
> -#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2 2
> -
> -/**
> - * struct TCG_EfiSpecIdEventAlgorithmSize - hashing algorithm information
> - *
> - * @algorithm_id: algorithm defined in enum tpm2_algorithms
> - * @digest_size: size of the algorithm
> - */
> -struct tcg_efi_spec_id_event_algorithm_size {
> - u16 algorithm_id;
> - u16 digest_size;
> -} __packed;
> -
> -/**
> - * struct TCG_EfiSpecIDEventStruct - content of the event log header
> - *
> - * @signature: signature, set to Spec ID Event03
> - * @platform_class:class defined in TCG ACPI Specification
> - * Client Common Header.
> - * @spec_version_minor:minor version
> - * @spec_version_major:major version
> - * @spec_version_errata: major version
> - * @uintn_size:size of the efi_uintn_t fields used
> in various
> - * data structures used in this specification.
> - * 0x01 indicates u32 and 0x02 indicates u64
> - * @number_of_algorithms: hashing algorithms used in this event log
> - * @digest_sizes: array of number_of_algorithms pairs
> - * 1st member defines the algorithm id
> - * 2nd member defines the algorithm size
> - */
> -struct tcg_efi_spec_id_event {
> - u8 signature[16];
> -
[PATCH v9 3/6] tpm: Support boot measurements
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since v8:
- Fix log parsing again - any data corruption seen while replaying the
event log was failing the entire measurement.
- Added an option to ignore the existing log. This should only be used
for systems that know that U-Boot is the first stage bootloader. This
is necessary because the reserved memory region may persist through
resets and so U-Boot attempts to append to the previous boot's log.
Changes since v7:
- Change name of tcg2_init_log and add more documentation
- Add a check, when parsing the event log header, to ensure that the
previous stage bootloader used all the active PCRs.
- Change name of tcg2_log_find_end
- Fix the greater than or equal to check to exit the log parsing
- Make sure log_position is 0 if there is any error discovering the log
- Return errors parsing the log if the data is corrupt so that we don't
end up with half a log
Changes since v6:
- Added Linaro copyright for all the EFI moved code
- Changed tcg2_init_log (and by extension, tcg2_measurement_init) to
copy any discovered event log to the user's log if passed in.
Changes since v5:
- Remove unused platform_get_eventlog in efi_tcg2.c
- First look for tpm_event_log_* properties instead of linux,sml-*
- Fix efi_tcg2.c compilation
- Select SHA* configs
Changes since v4:
- Remove tcg2_measure_event function and check for NULL data in
tcg2_measure_data
- Use tpm_auto_startup
- Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
Changes since v3:
- Reordered headers
- Refactored more of EFI code into common code
Removed digest_info structure and instead used the common alg_to_mask
and alg_to_len
Improved event log parsing in common code to get it equivalent to EFI
Common code now extends PCR if previous bootloader stage couldn't
No need to allocate memory in the common code, so EFI copies the
discovered buffer like it did before
Rename efi measure_event function
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions
include/efi_tcg2.h| 44 --
include/tpm-v2.h | 259 +
lib/Kconfig |4 +
lib/efi_loader/efi_tcg2.c | 1054 +++--
lib/tpm-v2.c | 814
5 files changed, 1154 insertions(+), 1021 deletions(-)
diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h
index b1c3abd097..b21c5cb3dd 100644
--- a/include/efi_tcg2.h
+++ b/include/efi_tcg2.h
@@ -129,50 +129,6 @@ struct efi_tcg2_boot_service_capability {
#define BOOT_SERVICE_CAPABILITY_MIN \
offsetof(struct efi_tcg2_boot_service_capability, number_of_pcr_banks)
-#define TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03 "Spec ID Event03"
-#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2 2
-#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 0
-#define TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2 2
-
-/**
- * struct TCG_EfiSpecIdEventAlgorithmSize - hashing algorithm information
- *
- * @algorithm_id: algorithm defined in enum tpm2_algorithms
- * @digest_size: size of the algorithm
- */
-struct tcg_efi_spec_id_event_algorithm_size {
- u16 algorithm_id;
- u16 digest_size;
-} __packed;
-
-/**
- * struct TCG_EfiSpecIDEventStruct - content of the event log header
- *
- * @signature: signature, set to Spec ID Event03
- * @platform_class:class defined in TCG ACPI Specification
- * Client Common Header.
- * @spec_version_minor:minor version
- * @spec_version_major:major version
- * @spec_version_errata: major version
- * @uintn_size:size of the efi_uintn_t fields used in
various
- * data structures used in this specification.
- * 0x01 indicates u32 and 0x02 indicates u64
- * @number_of_algorithms: hashing algorithms used in this event log
- * @digest_sizes: array of number_of_algorithms pairs
- * 1st member defines the algorithm id
- * 2nd member defines the algorithm size
- */
-struct tcg_efi_spec_id_event {
- u8 signature[16];
- u32 platform_class;
- u8 spec_version_minor;
- u8 spec_version_major;
- u8 spec_errata;
- u8 uintn_size;
- u32 number_of_algorithms;
- struct tcg_efi_spec_id_event_algorithm_size digest_sizes[];
-} __packed;
-
/**
* struct tdEFI_TCG2_FINAL_EVENTS_TABLE - log entries after Get Event Log
* @version: version number for this structure
diff --git
