diff mbox series

[V3,3/4] tpm: Append the final event log to the TPM event log

Message ID 20190211215518.81419-4-matthewgarrett@google.com (mailing list archive)
State New, archived
Headers show
Series [V3,1/4] tpm: Abstract crypto agile event size calculations | expand

Commit Message

Matthew Garrett Feb. 11, 2019, 9:55 p.m. UTC 
From: Matthew Garrett <mjg59@google.com>

Any events that are logged after GetEventsLog() is called are logged to
the EFI Final Events table. These events are defined as being in the
crypto agile log format, so we can just append them directly to the
existing log if it's in the same format. In theory we can also construct
old-style SHA1 log entries for devices that only return logs in that
format, but EDK2 doesn't generate the final event log in that case so
it doesn't seem worth it at the moment.

Signed-off-by: Matthew Garrett <mjg59@google.com>
---
 drivers/char/tpm/eventlog/efi.c | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

Comments

Jarkko Sakkinen Feb. 13, 2019, 10:46 a.m. UTC | #1 
On Mon, Feb 11, 2019 at 01:55:17PM -0800, Matthew Garrett wrote:
> +	if (efi.tpm_final_log != EFI_INVALID_TABLE_ADDR &&
> +	    efi_tpm_final_log_size != 0) {
> +		if (tpm_log_version == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) {

Instead of nesting code heavily I would just:

if (efi.tpm_final_log == EFI_INVALID_TABLE_ADDR ||
    efi_tpm_final_log_size == 0 ||
    tpm_log_version != EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
    goto out_memunmap;

And in the tail:

out_munmap:
	memunmap(final_tbl);
	memunmap(log_tb);
	return tpm_log_version;

err_munmap:
	memunmap(final_tbl);
	memunmap(log_tb);
	return -ENOMEM;
}

/Jarkko
diff mbox series

Patch

diff --git a/drivers/char/tpm/eventlog/efi.c b/drivers/char/tpm/eventlog/efi.c
index 3e673ab22cb4..80e9ec28a9be 100644
--- a/drivers/char/tpm/eventlog/efi.c
+++ b/drivers/char/tpm/eventlog/efi.c
@@ -21,10 +21,12 @@ 
 int tpm_read_log_efi(struct tpm_chip *chip)
 {
 
+	struct efi_tcg2_final_events_table *final_tbl = NULL;
 	struct linux_efi_tpm_eventlog *log_tbl;
 	struct tpm_bios_log *log;
 	u32 log_size;
 	u8 tpm_log_version;
+	void *tmp;
 
 	if (!(chip->flags & TPM_CHIP_FLAG_TPM2))
 		return -ENODEV;
@@ -55,12 +57,41 @@  int tpm_read_log_efi(struct tpm_chip *chip)
 	if (!log->bios_event_log)
 		goto err_memunmap;
 	log->bios_event_log_end = log->bios_event_log + log_size;
-
 	tpm_log_version = log_tbl->version;
+
+	if (efi.tpm_final_log != EFI_INVALID_TABLE_ADDR &&
+	    efi_tpm_final_log_size != 0) {
+		if (tpm_log_version == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) {
+			final_tbl = memremap(efi.tpm_final_log,
+				   sizeof(*final_tbl) + efi_tpm_final_log_size,
+				   MEMREMAP_WB);
+			if (!final_tbl) {
+				pr_err("Could not map UEFI TPM final log\n");
+				kfree(log->bios_event_log);
+				goto err_memunmap;
+			}
+
+			tmp = krealloc(log->bios_event_log,
+				       log_size + efi_tpm_final_log_size,
+				       GFP_KERNEL);
+			if (!tmp) {
+				kfree(log->bios_event_log);
+				goto err_memunmap;
+			}
+
+			log->bios_event_log = tmp;
+			memcpy((void *)log->bios_event_log + log_size,
+			       final_tbl->events, efi_tpm_final_log_size);
+			log->bios_event_log_end = log->bios_event_log +
+				log_size + efi_tpm_final_log_size;
+		}
+	}
+	memunmap(final_tbl);
 	memunmap(log_tbl);
 	return tpm_log_version;
 
 err_memunmap:
+	memunmap(final_tbl);
 	memunmap(log_tbl);
 	return -ENOMEM;
 }