From: Timo Lindfors <timo.lindf...@iki.fi>
Without this patch
txt-acminfo 5th_gen_i5_i7_SINIT_79.BIN
segfaults. This issue was introduced in
o changeset: 627:d8a8e17f6d41
| user: Lukasz Hawrylko <lukas...@in...>
| date: Thu May 13 16:04:27 2021 +0200
| summary: Check for client/server match when selecting SINIT
Signed-off-by: Timo Lindfors <timo.lindf...@iki.fi>
---
tboot/common/loader.c | 4 ++--
tboot/include/txt/acmod.h | 4 +++-
tboot/txt/acmod.c | 7 ++++---
utils/txt-acminfo.c | 26 +++++++++++++++++++++-----
4 files changed, 30 insertions(+), 11 deletions(-)
diff --git a/tboot/common/loader.c b/tboot/common/loader.c
index cd254d7..0b9a814 100644
--- a/tboot/common/loader.c
+++ b/tboot/common/loader.c
@@ -1792,7 +1792,7 @@ find_platform_racm(loader_ctx *lctx, void **base,
uint32_t *size)
void *base2 = (void *)m->mod_start;
uint32_t size2 = m->mod_end - (unsigned long)(base2);
if ( is_racm_acmod(base2, size2, false) &&
- does_acmod_match_platform((acm_hdr_t *)base2) ) {
+ does_acmod_match_platform((acm_hdr_t *)base2, NULL) ) {
if ( base != NULL )
*base = base2;
if ( size != NULL )
@@ -1837,7 +1837,7 @@ find_platform_sinit_module(loader_ctx *lctx, void **base,
uint32_t *size)
void *base2 = (void *)m->mod_start;
uint32_t size2 = m->mod_end - (unsigned long)(base2);
if ( is_sinit_acmod(base2, size2, false) &&
- does_acmod_match_platform((acm_hdr_t *)base2) ) {
+ does_acmod_match_platform((acm_hdr_t *)base2, NULL) ) {
if ( base != NULL )
*base = base2;
if ( size != NULL )
diff --git a/tboot/include/txt/acmod.h b/tboot/include/txt/acmod.h
index 23336c2..fc60d9d 100644
--- a/tboot/include/txt/acmod.h
+++ b/tboot/include/txt/acmod.h
@@ -37,6 +37,8 @@
#ifndef __TXT_ACMOD_H__
#define __TXT_ACMOD_H__
+typedef void txt_heap_t;
+
/*
* authenticated code (AC) module header (ver 0.0)
*/
@@ -179,7 +181,7 @@ extern bool is_racm_acmod(const void *acmod_base, uint32_t
acmod_size, bool quie
extern acm_hdr_t *copy_racm(const acm_hdr_t *racm);
extern bool verify_racm(const acm_hdr_t *acm_hdr);
extern bool is_sinit_acmod(const void *acmod_base, uint32_t acmod_size, bool
quiet);
-extern bool does_acmod_match_platform(const acm_hdr_t* hdr);
+extern bool does_acmod_match_platform(const acm_hdr_t* hdr, const txt_heap_t*
txt_heap);
extern acm_hdr_t *copy_sinit(const acm_hdr_t *sinit);
extern bool verify_acmod(const acm_hdr_t *acm_hdr);
extern uint32_t get_supported_os_sinit_data_ver(const acm_hdr_t* hdr);
diff --git a/tboot/txt/acmod.c b/tboot/txt/acmod.c
index 1e92efa..798093f 100644
--- a/tboot/txt/acmod.c
+++ b/tboot/txt/acmod.c
@@ -576,7 +576,7 @@ bool is_sinit_acmod(const void *acmod_base, uint32_t
acmod_size, bool quiet)
return true;
}
-bool does_acmod_match_platform(const acm_hdr_t* hdr)
+bool does_acmod_match_platform(const acm_hdr_t* hdr, const txt_heap_t
*txt_heap)
{
/* used to ensure we don't print chipset/proc info for each module */
static bool printed_host_info;
@@ -587,7 +587,8 @@ bool does_acmod_match_platform(const acm_hdr_t* hdr)
return false;
/* verify client/server platform match */
- txt_heap_t *txt_heap = get_txt_heap();
+ if (txt_heap == NULL)
+ txt_heap = get_txt_heap();
bios_data_t *bios_data = get_bios_data_start(txt_heap);
if (info_table->version >= 5 && bios_data->version >= 6) {
uint32_t bios_type = bios_data->flags.bits.mle.platform_type;
@@ -713,7 +714,7 @@ acm_hdr_t *get_bios_sinit(const void *sinit_region_base)
/* is it a valid SINIT module? */
if ( !is_sinit_acmod(sinit_region_base, bios_data->bios_sinit_size, false)
||
- !does_acmod_match_platform((acm_hdr_t *)sinit_region_base) )
+ !does_acmod_match_platform((acm_hdr_t *)sinit_region_base, NULL) )
return NULL;
return (acm_hdr_t *)sinit_region_base;
diff --git a/utils/txt-acminfo.c b/utils/txt-acminfo.c
index 06a5ee8..5635e27 100644
--- a/utils/txt-acminfo.c
+++ b/utils/txt-acminfo.c
@@ -203,15 +203,31 @@ static bool match_platform(acm_hdr_t *hdr)
close(fd_mem);
return false;
}
- else {
- if ( does_acmod_match_platform(hdr) )
- printf("ACM matches platform\n");
- else
- printf("ACM does not match platform\n");
+ uint64_t txt_heap_size = *(volatile uint64_t *)(pub_config_base +
TXTCR_HEAP_SIZE);
+ if (txt_heap_size == 0) {
+ printf("ERROR: No TXT heap is available\n");
munmap(pub_config_base, TXT_CONFIG_REGS_SIZE);
+ close(fd_mem);
+ return false;
+ }
+
+ uint64_t txt_heap_base = *(volatile uint64_t *)(pub_config_base +
TXTCR_HEAP_BASE);
+ txt_heap_t *txt_heap = mmap(NULL, txt_heap_size, PROT_READ, MAP_PRIVATE,
+ fd_mem, txt_heap_base);
+ if ( txt_heap == MAP_FAILED ) {
+ printf("ERROR: cannot map TXT heap by mmap()\n");
+ munmap(pub_config_base, TXT_CONFIG_REGS_SIZE);
+ close(fd_mem);
+ return false;
}
+ if ( does_acmod_match_platform(hdr, txt_heap) )
+ printf("ACM matches platform\n");
+ else
+ printf("ACM does not match platform\n");
+ munmap(txt_heap, txt_heap_size);
+ munmap(pub_config_base, TXT_CONFIG_REGS_SIZE);
close(fd_mem);
return true;
}
--
2.30.2
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
