From patchwork Wed Feb 27 20:26:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10832311 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 40ED613B5 for ; Wed, 27 Feb 2019 20:27:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 35B152EB87 for ; Wed, 27 Feb 2019 20:27:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 29B652EB55; Wed, 27 Feb 2019 20:27:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 287E12EB8F for ; Wed, 27 Feb 2019 20:27:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730353AbfB0U1H (ORCPT ); Wed, 27 Feb 2019 15:27:07 -0500 Received: from mail-pl1-f201.google.com ([209.85.214.201]:45740 "EHLO mail-pl1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730342AbfB0U1G (ORCPT ); Wed, 27 Feb 2019 15:27:06 -0500 Received: by mail-pl1-f201.google.com with SMTP id e2so13247075pln.12 for ; Wed, 27 Feb 2019 12:27:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=jrd68x/FfHXCt7CWtZJCh8NI2YSDkYhEoPHIj9aDd98=; b=Mr+4Z61H4ihzxA34NS2wOMwksF4TBqoI5xQEP3vt/c9ak352gyuXdgBhX3eTgAZgEi LtDnaLQZ+o0xtLsn7yeYUSGlYcsjOA8NmRfeEZiqmnr64eDpKkmm+cTGCxZuvUdJOkJa mTZ+GczaudDIuNrq0SlU9uwBmIubvXSOpgoHU5vx+ITprhq9EkieilaV3We3ID21//d/ 1EeBA28sRf03O4oGVKmQIJX9WGBk19mcSqCZFgDcv4RZLDnjcWorDnSzAs1rJyxoIE+d FIok+G2VB41l3Wrl9TDwwchEUfl9SO1lFDQXzsHzLwk9F6QUkNjGJUocIW469A3jojsR ljog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=jrd68x/FfHXCt7CWtZJCh8NI2YSDkYhEoPHIj9aDd98=; b=iy0rNfACqcYlJW5obd0H3U32NYBzk4F+TpW7tRNwp5k9EMkt+ifKyvChg5Tk++tR5k pcm0sLEeMtsjKkPd+gvHdqarl06/xDxU6oL00a+GrQCnWxM1x4CwOSDbUIPNBirrk1sA Fl1gh+lzcgrGYGSF+RRjBFuh7FL8KHWW/V8xueIVwIqK5Me9IsBf42ptaHawZtWieGn1 RqyNhhztxNCGSekhaVVg1V7DmNVTsv+q7lor7DVxy58bH+2wfVi8GGi44bQijG2Ztafw 45gK+hM9b85Pzhgtqe1UHhTL9V7y+NtiAsLW1SZ+FfOSBijnbTSCy96iUc7FBkzOazrD kykA== X-Gm-Message-State: AHQUAubDRbGtZEMwoHeSSFRjs28EcM9TXj5vbI5fy98mlVthmocL0JCR pjwF9VTIs66JgFqMhlJDd5bVJqlxGij5kySc3hqzV0feeIclkKTIX88glp9G/sjcZ+OJw2LaqsN hvHJTtcUlel46FFHkhvDeq9QvRc+pTbPrgupnNpLK9T6GGSyqjAiupNmyGfSL5ZwCYFcVF+5k1+ pQwZBYCvsL/EkbFTJg/6E= X-Google-Smtp-Source: AHgI3IZgRw3yl6qrdUSq8bs/1lWfV5Ug2/XKiOGV829PVXdXG1iGG/yH0d2eMrA/FwlVVnkUA+8RsIZPCKCwrNQJb4tZXQ== X-Received: by 2002:a17:902:8ec4:: with SMTP id x4mr1289915plo.124.1551299225370; Wed, 27 Feb 2019 12:27:05 -0800 (PST) Date: Wed, 27 Feb 2019 12:26:55 -0800 In-Reply-To: <20190227202658.197113-1-matthewgarrett@google.com> Message-Id: <20190227202658.197113-2-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190227202658.197113-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.352.gf09ad66450-goog Subject: [PATCH V5 1/4] tpm: Abstract crypto agile event size calculations From: Matthew Garrett To: linux-integrity@vger.kernel.org Cc: peterhuewe@gmx.de, jarkko.sakkinen@linux.intel.com, jgg@ziepe.ca, roberto.sassu@huawei.com, linux-efi@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, tweek@google.com, Matthew Garrett Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Matthew Garrett We need to calculate the size of crypto agile events in multiple locations, including in the EFI boot stub. The easiest way to do this is to put it in a header file as an inline and leave a wrapper to ensure we don't end up with multiple copies of it embedded in the existing code. Signed-off-by: Matthew Garrett --- drivers/char/tpm/eventlog/tpm2.c | 47 +--------------------- include/linux/tpm_eventlog.h | 68 ++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 46 deletions(-) diff --git a/drivers/char/tpm/eventlog/tpm2.c b/drivers/char/tpm/eventlog/tpm2.c index f824563fc28d..1a977bdd3bd2 100644 --- a/drivers/char/tpm/eventlog/tpm2.c +++ b/drivers/char/tpm/eventlog/tpm2.c @@ -40,52 +40,7 @@ static size_t calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header) { - struct tcg_efi_specid_event_head *efispecid; - struct tcg_event_field *event_field; - void *marker; - void *marker_start; - u32 halg_size; - size_t size; - u16 halg; - int i; - int j; - - marker = event; - marker_start = marker; - marker = marker + sizeof(event->pcr_idx) + sizeof(event->event_type) - + sizeof(event->count); - - efispecid = (struct tcg_efi_specid_event_head *)event_header->event; - - /* Check if event is malformed. */ - if (event->count > efispecid->num_algs) - return 0; - - for (i = 0; i < event->count; i++) { - halg_size = sizeof(event->digests[i].alg_id); - memcpy(&halg, marker, halg_size); - marker = marker + halg_size; - for (j = 0; j < efispecid->num_algs; j++) { - if (halg == efispecid->digest_sizes[j].alg_id) { - marker += - efispecid->digest_sizes[j].digest_size; - break; - } - } - /* Algorithm without known length. Such event is unparseable. */ - if (j == efispecid->num_algs) - return 0; - } - - event_field = (struct tcg_event_field *)marker; - marker = marker + sizeof(event_field->event_size) - + event_field->event_size; - size = marker - marker_start; - - if ((event->event_type == 0) && (event_field->event_size == 0)) - return 0; - - return size; + return __calc_tpm2_event_size(event, event_header); } static void *tpm2_bios_measurements_start(struct seq_file *m, loff_t *pos) diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h index 81519f163211..6a86144e13f1 100644 --- a/include/linux/tpm_eventlog.h +++ b/include/linux/tpm_eventlog.h @@ -112,4 +112,72 @@ struct tcg_pcr_event2_head { struct tpm_digest digests[]; } __packed; +/** + * __calc_tpm2_event_size - calculate the size of a TPM2 event log entry + * @event: Pointer to the event whose size should be calculated + * @event_header: Pointer to the initial event containing the digest lengths + * + * The TPM2 event log format can contain multiple digests corresponding to + * separate PCR banks, and also contains a variable length of the data that + * was measured. This requires knowledge of how long each digest type is, + * and this information is contained within the first event in the log. + * + * We calculate the length by examining the number of events, and then looking + * at each event in turn to determine how much space is used for events in + * total. Once we've done this we know the offset of the data length field, + * and can calculate the total size of the event. + * + * Return: size of the event on success, <0 on failure + */ + +static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, + struct tcg_pcr_event *event_header) +{ + struct tcg_efi_specid_event_head *efispecid; + struct tcg_event_field *event_field; + void *marker; + void *marker_start; + u32 halg_size; + size_t size; + u16 halg; + int i; + int j; + + marker = event; + marker_start = marker; + marker = marker + sizeof(event->pcr_idx) + sizeof(event->event_type) + + sizeof(event->count); + + efispecid = (struct tcg_efi_specid_event_head *)event_header->event; + + /* Check if event is malformed. */ + if (event->count > efispecid->num_algs) + return 0; + + for (i = 0; i < event->count; i++) { + halg_size = sizeof(event->digests[i].alg_id); + memcpy(&halg, marker, halg_size); + marker = marker + halg_size; + for (j = 0; j < efispecid->num_algs; j++) { + if (halg == efispecid->digest_sizes[j].alg_id) { + marker += + efispecid->digest_sizes[j].digest_size; + break; + } + } + /* Algorithm without known length. Such event is unparseable. */ + if (j == efispecid->num_algs) + return 0; + } + + event_field = (struct tcg_event_field *)marker; + marker = marker + sizeof(event_field->event_size) + + event_field->event_size; + size = marker - marker_start; + + if ((event->event_type == 0) && (event_field->event_size == 0)) + return 0; + + return size; +} #endif From patchwork Wed Feb 27 20:26:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10832297 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7B92013B5 for ; Wed, 27 Feb 2019 20:27:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6B0FA2EB90 for ; Wed, 27 Feb 2019 20:27:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5F5642EB91; Wed, 27 Feb 2019 20:27:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8849A2EB90 for ; Wed, 27 Feb 2019 20:27:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730341AbfB0U1J (ORCPT ); Wed, 27 Feb 2019 15:27:09 -0500 Received: from mail-ot1-f74.google.com ([209.85.210.74]:34972 "EHLO mail-ot1-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730367AbfB0U1J (ORCPT ); Wed, 27 Feb 2019 15:27:09 -0500 Received: by mail-ot1-f74.google.com with SMTP id d25so8586186otq.2 for ; Wed, 27 Feb 2019 12:27:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=1nI9YVXfgqNpk5XW8Xm1tcUj85eeRe0pkl/kkIvxHvg=; b=G0Ld6eHP54tQ4pIVNjkrLhaQjZmVAJRSFQRbHOVXWTaga0IsepE+gIRR4qS+L2ptfs PsltX25NRJpTS9+GlVW0QYIC3elLpa5MC8wH4830J+OrdWvaAr8Az9wydE2DDCVsG42r qiqJmDKfhQMO6gA4vciTMI1U/wdV/uAzdSI6/tu6Puc5WiqwY5lFx5eooJdOwOy8XFdh 8QR17REJ6wleHFwBuxQjmeDRAC3HskPHsyqP/+IgplV0JcFR3w5T1MuwSQmr+6OgEf8k QknCwkhVAfQVFkiEC7eMC9EXHNpFs14yTryK2ZwIAjS4ZK9jcW486qF8lZHeovi63oRo DJYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=1nI9YVXfgqNpk5XW8Xm1tcUj85eeRe0pkl/kkIvxHvg=; b=FYjz5ZwKDTiIN/GIWPxskRX7k2D45lz0BMnxp/Mk2ZfGjYwCUIXQpFbXpV7+QpjLz/ FpHcKnocf6nfIS8KCVr629lA0X4OF54AwwuD1qNd7FyuseMFKxX6uUNiWXDdkzuVrjFr 6jSAtNkw9I3Ydw3Fa1YoZYOeDVxw4Z1ks+u9QA3oJXYxuvVRTDt8AhvYUBHcDI62QvRI 8+b+rC0XrtmixUv4QJpgX/zW3tVoR1o5kuDBGLfNjJVMlrXa9Sc9shkUraUvc8vbH9n8 gbg4/3cLXUB7zThenAlMGEr1CKFlOEkat/NrNDkFnGnIj4pIJfU+dhn1CD5jbAnlSpjL sv9g== X-Gm-Message-State: AHQUAubaEK/WehPG11oFxzD+ZjqH1xCT31fYZuC7Mt1oIOaFKzKffxBD 7rjzRbM6zYtDzXAFjdcxvWIFGBqsWFF/indP70dRLr7L0PdEgLuWOQr/V+LXEO+pycAcOOfQU3o UguY86jG3oEFV89WQ8v2rVWq5kbLsmAetVJqVy9mwX5JBybt6Kf1nwzSzubD2e7flsSvbfOv8xy jKq3yLxtktwwLWLEML+Ow= X-Google-Smtp-Source: AHgI3IZOn/2/wMGHye2R5ZOnWJuI0PMhQZuUSXw/sSd68NtimztXpeWMEDbfrTSKaKrEP4GoJKhBGY0Kne6pA1Levj4Ziw== X-Received: by 2002:a05:6830:2113:: with SMTP id i19mr3108891otc.9.1551299228134; Wed, 27 Feb 2019 12:27:08 -0800 (PST) Date: Wed, 27 Feb 2019 12:26:56 -0800 In-Reply-To: <20190227202658.197113-1-matthewgarrett@google.com> Message-Id: <20190227202658.197113-3-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190227202658.197113-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.352.gf09ad66450-goog Subject: [PATCH V5 2/4] tpm: Reserve the TPM final events table From: Matthew Garrett To: linux-integrity@vger.kernel.org Cc: peterhuewe@gmx.de, jarkko.sakkinen@linux.intel.com, jgg@ziepe.ca, roberto.sassu@huawei.com, linux-efi@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, tweek@google.com, Matthew Garrett Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Matthew Garrett UEFI systems provide a boot services protocol for obtaining the TPM event log, but this is unusable after ExitBootServices() is called. Unfortunately ExitBootServices() itself triggers additional TPM events that then can't be obtained using this protocol. The platform provides a mechanism for the OS to obtain these events by recording them to a separate UEFI configuration table which the OS can then map. Unfortunately this table isn't self describing in terms of providing its length, so we need to parse the events inside it to figure out how long it is. Since the table isn't mapped at this point, we need to extend the length calculation function to be able to map the event as it goes along. Signed-off-by: Matthew Garrett --- drivers/char/tpm/eventlog/tpm2.c | 2 +- drivers/firmware/efi/efi.c | 2 + drivers/firmware/efi/tpm.c | 51 ++++++++++++++++- include/linux/efi.h | 9 +++ include/linux/tpm_eventlog.h | 94 +++++++++++++++++++++++++++++--- 5 files changed, 148 insertions(+), 10 deletions(-) diff --git a/drivers/char/tpm/eventlog/tpm2.c b/drivers/char/tpm/eventlog/tpm2.c index 1a977bdd3bd2..de1d9f7e5a92 100644 --- a/drivers/char/tpm/eventlog/tpm2.c +++ b/drivers/char/tpm/eventlog/tpm2.c @@ -40,7 +40,7 @@ static size_t calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header) { - return __calc_tpm2_event_size(event, event_header); + return __calc_tpm2_event_size(event, event_header, false); } static void *tpm2_bios_measurements_start(struct seq_file *m, loff_t *pos) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 4c46ff6f2242..bf4e9a254e23 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -53,6 +53,7 @@ struct efi __read_mostly efi = { .mem_attr_table = EFI_INVALID_TABLE_ADDR, .rng_seed = EFI_INVALID_TABLE_ADDR, .tpm_log = EFI_INVALID_TABLE_ADDR, + .tpm_final_log = EFI_INVALID_TABLE_ADDR, .mem_reserve = EFI_INVALID_TABLE_ADDR, }; EXPORT_SYMBOL(efi); @@ -485,6 +486,7 @@ static __initdata efi_config_table_type_t common_tables[] = { {EFI_MEMORY_ATTRIBUTES_TABLE_GUID, "MEMATTR", &efi.mem_attr_table}, {LINUX_EFI_RANDOM_SEED_TABLE_GUID, "RNG", &efi.rng_seed}, {LINUX_EFI_TPM_EVENT_LOG_GUID, "TPMEventLog", &efi.tpm_log}, + {LINUX_EFI_TPM_FINAL_LOG_GUID, "TPMFinalLog", &efi.tpm_final_log}, {LINUX_EFI_MEMRESERVE_TABLE_GUID, "MEMRESERVE", &efi.mem_reserve}, {NULL_GUID, NULL, NULL}, }; diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c index 0cbeb3d46b18..2ccaa6661aaf 100644 --- a/drivers/firmware/efi/tpm.c +++ b/drivers/firmware/efi/tpm.c @@ -10,24 +10,50 @@ #include #include #include +#include #include +int efi_tpm_final_log_size; +EXPORT_SYMBOL(efi_tpm_final_log_size); + +static int tpm2_calc_event_log_size(void *data, int count, void *size_info) +{ + struct tcg_pcr_event2_head *header; + int event_size, size = 0; + + while (count > 0) { + header = data + size; + event_size = __calc_tpm2_event_size(header, size_info, true); + if (event_size == 0) + return -1; + size += event_size; + } + + return size; +} + /* * Reserve the memory associated with the TPM Event Log configuration table. */ int __init efi_tpm_eventlog_init(void) { struct linux_efi_tpm_eventlog *log_tbl; + struct efi_tcg2_final_events_table *final_tbl; unsigned int tbl_size; - if (efi.tpm_log == EFI_INVALID_TABLE_ADDR) + if (efi.tpm_log == EFI_INVALID_TABLE_ADDR) { + /* + * We can't calculate the size of the final events without the + * first entry in the TPM log, so bail here. + */ return 0; + } log_tbl = early_memremap(efi.tpm_log, sizeof(*log_tbl)); if (!log_tbl) { pr_err("Failed to map TPM Event Log table @ 0x%lx\n", - efi.tpm_log); + efi.tpm_log); efi.tpm_log = EFI_INVALID_TABLE_ADDR; return -ENOMEM; } @@ -35,6 +61,27 @@ int __init efi_tpm_eventlog_init(void) tbl_size = sizeof(*log_tbl) + log_tbl->size; memblock_reserve(efi.tpm_log, tbl_size); early_memunmap(log_tbl, sizeof(*log_tbl)); + + if (efi.tpm_final_log == EFI_INVALID_TABLE_ADDR) + return 0; + + final_tbl = early_memremap(efi.tpm_final_log, sizeof(*final_tbl)); + + if (!final_tbl) { + pr_err("Failed to map TPM Final Event Log table @ 0x%lx\n", + efi.tpm_final_log); + efi.tpm_final_log = EFI_INVALID_TABLE_ADDR; + return -ENOMEM; + } + + tbl_size = tpm2_calc_event_log_size(final_tbl->events, + final_tbl->nr_events, + (void *)efi.tpm_log); + memblock_reserve((unsigned long)final_tbl, + tbl_size + sizeof(*final_tbl)); + early_memunmap(final_tbl, sizeof(*final_tbl)); + efi_tpm_final_log_size = tbl_size; + return 0; } diff --git a/include/linux/efi.h b/include/linux/efi.h index 45ff763fba76..730dae84a932 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -676,6 +676,7 @@ void efi_native_runtime_setup(void); #define LINUX_EFI_LOADER_ENTRY_GUID EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf, 0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f) #define LINUX_EFI_RANDOM_SEED_TABLE_GUID EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2, 0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b) #define LINUX_EFI_TPM_EVENT_LOG_GUID EFI_GUID(0xb7799cb0, 0xeca2, 0x4943, 0x96, 0x67, 0x1f, 0xae, 0x07, 0xb7, 0x47, 0xfa) +#define LINUX_EFI_TPM_FINAL_LOG_GUID EFI_GUID(0x1e2ed096, 0x30e2, 0x4254, 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25) #define LINUX_EFI_MEMRESERVE_TABLE_GUID EFI_GUID(0x888eb0c6, 0x8ede, 0x4ff5, 0xa8, 0xf0, 0x9a, 0xee, 0x5c, 0xb9, 0x77, 0xc2) typedef struct { @@ -983,6 +984,7 @@ extern struct efi { unsigned long mem_attr_table; /* memory attributes table */ unsigned long rng_seed; /* UEFI firmware random seed */ unsigned long tpm_log; /* TPM2 Event Log table */ + unsigned long tpm_final_log; /* TPM2 Final Events Log table */ unsigned long mem_reserve; /* Linux EFI memreserve table */ efi_get_time_t *get_time; efi_set_time_t *set_time; @@ -1700,6 +1702,13 @@ struct linux_efi_tpm_eventlog { extern int efi_tpm_eventlog_init(void); +struct efi_tcg2_final_events_table { + u64 version; + u64 nr_events; + u8 events[]; +}; +extern int efi_tpm_final_log_size; + /* * efi_runtime_service() function identifiers. * "NONE" is used by efi_recover_from_page_fault() to check if the page diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h index 6a86144e13f1..d889e12047d9 100644 --- a/include/linux/tpm_eventlog.h +++ b/include/linux/tpm_eventlog.h @@ -112,10 +112,27 @@ struct tcg_pcr_event2_head { struct tpm_digest digests[]; } __packed; +struct tcg_algorithm_size { + u16 algorithm_id; + u16 algorithm_size; +}; + +struct tcg_algorithm_info { + u8 signature[16]; + u32 platform_class; + u8 spec_version_minor; + u8 spec_version_major; + u8 spec_errata; + u8 uintn_size; + u32 number_of_algorithms; + struct tcg_algorithm_size digest_sizes[]; +}; + /** * __calc_tpm2_event_size - calculate the size of a TPM2 event log entry * @event: Pointer to the event whose size should be calculated * @event_header: Pointer to the initial event containing the digest lengths + * @do_mapping: Whether or not the event needs to be mapped * * The TPM2 event log format can contain multiple digests corresponding to * separate PCR banks, and also contains a variable length of the data that @@ -131,10 +148,13 @@ struct tcg_pcr_event2_head { */ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, - struct tcg_pcr_event *event_header) + struct tcg_pcr_event *event_header, + bool do_mapping) { struct tcg_efi_specid_event_head *efispecid; struct tcg_event_field *event_field; + void *mapping = NULL; + int mapping_size; void *marker; void *marker_start; u32 halg_size; @@ -148,36 +168,96 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, marker = marker + sizeof(event->pcr_idx) + sizeof(event->event_type) + sizeof(event->count); + /* Map the event header */ + if (do_mapping) { + mapping_size = marker - marker_start; + mapping = early_memremap((unsigned long)marker_start, + mapping_size); + if (!mapping) { + size = 0; + goto out; + } + } + efispecid = (struct tcg_efi_specid_event_head *)event_header->event; /* Check if event is malformed. */ - if (event->count > efispecid->num_algs) - return 0; + if (event->count > efispecid->num_algs) { + size = 0; + goto out; + } for (i = 0; i < event->count; i++) { halg_size = sizeof(event->digests[i].alg_id); + + /* Map the digest's algorithm identifier */ + if (do_mapping) { + early_memunmap(mapping, mapping_size); + mapping_size = marker - marker_start + halg_size; + mapping = early_memremap((unsigned long)marker_start, + mapping_size); + if (!mapping) { + size = 0; + goto out; + } + } + memcpy(&halg, marker, halg_size); marker = marker + halg_size; + for (j = 0; j < efispecid->num_algs; j++) { if (halg == efispecid->digest_sizes[j].alg_id) { marker += efispecid->digest_sizes[j].digest_size; + + /* Map the digest content itself */ + if (do_mapping) { + early_memunmap(mapping, mapping_size); + mapping_size = marker - marker_start; + mapping = early_memremap((unsigned long)marker_start, + mapping_size); + if (!mapping) { + size = 0; + goto out; + } + } break; } } /* Algorithm without known length. Such event is unparseable. */ - if (j == efispecid->num_algs) - return 0; + if (j == efispecid->num_algs) { + size = 0; + goto out; + } } event_field = (struct tcg_event_field *)marker; + + /* + * Map the event size - we don't read from the event itself, so + * we don't need to map it + */ + if (do_mapping) { + early_memunmap(marker_start, mapping_size); + mapping_size += sizeof(event_field->event_size); + mapping = early_memremap((unsigned long)marker_start, + mapping_size); + if (!mapping) { + size = 0; + goto out; + } + } + marker = marker + sizeof(event_field->event_size) + event_field->event_size; size = marker - marker_start; if ((event->event_type == 0) && (event_field->event_size == 0)) - return 0; - + size = 0; +out: + if (do_mapping) + early_memunmap(mapping, mapping_size); return size; } + #endif From patchwork Wed Feb 27 20:26:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10832305 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 348D815AC for ; Wed, 27 Feb 2019 20:27:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 290372E3DD for ; Wed, 27 Feb 2019 20:27:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1C38E2EB8D; Wed, 27 Feb 2019 20:27:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 95C8E2EB8F for ; Wed, 27 Feb 2019 20:27:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730438AbfB0U10 (ORCPT ); Wed, 27 Feb 2019 15:27:26 -0500 Received: from mail-oi1-f202.google.com ([209.85.167.202]:47051 "EHLO mail-oi1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730399AbfB0U1L (ORCPT ); Wed, 27 Feb 2019 15:27:11 -0500 Received: by mail-oi1-f202.google.com with SMTP id v138so8000549oie.13 for ; Wed, 27 Feb 2019 12:27:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=3L31ImPCYlGPP1bi5DAr6zYqB9pcQjRPEOMnQpUbHhA=; b=ZNA62/jNwS7RcVm9H6hzc7NWWtLy85D0rnemhDxSo6HfSbOy8zsXqJcYo5REUQdv1M BuaZxCiydYSlLaw8S0O9XxMj6t7XLbNy7DQHxt1fzMHg+Mww/7OhTiokSM9JdWX4bInW dkW9ioWtQvm1MFf1IMWMMul9pvs3Dh+ixFIFVe+5XL7iKpQIjSVk0wZb8FVx2ZDhYz0x vuNknPrk1/GR4sFtoQygEJRfIQXXymafLkqqnAubteY6G51Hi/HpJILtSDC3dzmhMKs1 3PWi8z7WV/QGh93WgO855GgcFsFgY2yqfS5gByzoIMYoTvC0afEHLTSVXdP6DDDZfgQE 2kdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=3L31ImPCYlGPP1bi5DAr6zYqB9pcQjRPEOMnQpUbHhA=; b=aOmsJKsFJzb6VROlYRglQ98dgXygiQY3L0Jkdw+bNHjbo5+510PIIhdpAyKZvPyL70 OknSM3BWDinkB0YLCWZj86gC/9f/kT90WqsoeL50UbSFnRbgYhdxIjSGlaa+awIBQMDJ zsD+7DobWMJ+50DZNAu3FehgINaESauWDiD/dVTLN7H0rohVWOlwVKoDj+VNbRJhjaPE CsLLb3V2AXHlfALSuCEyw2lWnoITrcNxFOY97SMc9oxa2IgO7/QHBHRfbydt8u8wJrg2 mBabju1hJ1jRqAig4xShVU8aYbGoswdYxRsUwoC/hZO1c7cbNruQRiEJYDsVibQPHDvi DdCw== X-Gm-Message-State: AHQUAubsd8tDeRg2iPWXltGBNJdXc5kZrqhdq8/g1H5a4s4ZvvYP7Kcj GhnFgsfG7QhdbL0Q+QA0SIQEKrY+gWRWSRjUFB+FFO1eu7bkbZSNh7yv9CPVe+ajqvEabAKaFql m4wcFPifiewcDGtDl6KKTz4UIdv7JH+MpDmiAasKQYmtyIJxL+SFsXDa6c5JztEqTw+BGp53mhu wGoFvmjNBzCjdpiUB85Ng= X-Google-Smtp-Source: AHgI3Ib8gnfrdLV62veuKkodl6J5yrYM59d84uMSZ0SXecQKIMY0t1QuXK0rebBjyHl7gchg0yBdPAFNIWplOpq/9zfz2g== X-Received: by 2002:a9d:7d88:: with SMTP id j8mr3017930otn.44.1551299230762; Wed, 27 Feb 2019 12:27:10 -0800 (PST) Date: Wed, 27 Feb 2019 12:26:57 -0800 In-Reply-To: <20190227202658.197113-1-matthewgarrett@google.com> Message-Id: <20190227202658.197113-4-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190227202658.197113-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.352.gf09ad66450-goog Subject: [PATCH V5 3/4] tpm: Append the final event log to the TPM event log From: Matthew Garrett To: linux-integrity@vger.kernel.org Cc: peterhuewe@gmx.de, jarkko.sakkinen@linux.intel.com, jgg@ziepe.ca, roberto.sassu@huawei.com, linux-efi@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, tweek@google.com, Matthew Garrett Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Matthew Garrett Any events that are logged after GetEventsLog() is called are logged to the EFI Final Events table. These events are defined as being in the crypto agile log format, so we can just append them directly to the existing log if it's in the same format. In theory we can also construct old-style SHA1 log entries for devices that only return logs in that format, but EDK2 doesn't generate the final event log in that case so it doesn't seem worth it at the moment. Signed-off-by: Matthew Garrett --- drivers/char/tpm/eventlog/efi.c | 50 ++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 7 deletions(-) diff --git a/drivers/char/tpm/eventlog/efi.c b/drivers/char/tpm/eventlog/efi.c index 3e673ab22cb4..9179cf6bdee9 100644 --- a/drivers/char/tpm/eventlog/efi.c +++ b/drivers/char/tpm/eventlog/efi.c @@ -21,10 +21,13 @@ int tpm_read_log_efi(struct tpm_chip *chip) { + struct efi_tcg2_final_events_table *final_tbl = NULL; struct linux_efi_tpm_eventlog *log_tbl; struct tpm_bios_log *log; u32 log_size; u8 tpm_log_version; + void *tmp; + int ret; if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) return -ENODEV; @@ -52,15 +55,48 @@ int tpm_read_log_efi(struct tpm_chip *chip) /* malloc EventLog space */ log->bios_event_log = kmemdup(log_tbl->log, log_size, GFP_KERNEL); - if (!log->bios_event_log) - goto err_memunmap; - log->bios_event_log_end = log->bios_event_log + log_size; + if (!log->bios_event_log) { + ret = -ENOMEM; + goto out; + } + log->bios_event_log_end = log->bios_event_log + log_size; tpm_log_version = log_tbl->version; - memunmap(log_tbl); - return tpm_log_version; -err_memunmap: + ret = tpm_log_version; + + if (efi.tpm_final_log == EFI_INVALID_TABLE_ADDR || + efi_tpm_final_log_size == 0 || + tpm_log_version != EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) + goto out; + + final_tbl = memremap(efi.tpm_final_log, + sizeof(*final_tbl) + efi_tpm_final_log_size, + MEMREMAP_WB); + if (!final_tbl) { + pr_err("Could not map UEFI TPM final log\n"); + kfree(log->bios_event_log); + ret = -ENOMEM; + goto out; + } + + tmp = krealloc(log->bios_event_log, + log_size + efi_tpm_final_log_size, + GFP_KERNEL); + if (!tmp) { + kfree(log->bios_event_log); + ret = -ENOMEM; + goto out; + } + + log->bios_event_log = tmp; + memcpy((void *)log->bios_event_log + log_size, + final_tbl->events, efi_tpm_final_log_size); + log->bios_event_log_end = log->bios_event_log + + log_size + efi_tpm_final_log_size; + +out: + memunmap(final_tbl); memunmap(log_tbl); - return -ENOMEM; + return ret; } From patchwork Wed Feb 27 20:26:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10832301 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E43BD1575 for ; Wed, 27 Feb 2019 20:27:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D825F2EB8E for ; Wed, 27 Feb 2019 20:27:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CC4AE2EB91; Wed, 27 Feb 2019 20:27:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5050A2EB8E for ; Wed, 27 Feb 2019 20:27:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730447AbfB0U1Q (ORCPT ); Wed, 27 Feb 2019 15:27:16 -0500 Received: from mail-it1-f201.google.com ([209.85.166.201]:35737 "EHLO mail-it1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730368AbfB0U1P (ORCPT ); Wed, 27 Feb 2019 15:27:15 -0500 Received: by mail-it1-f201.google.com with SMTP id 142so6292258itx.0 for ; Wed, 27 Feb 2019 12:27:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=HzTSVpbyy+61Yj0es9srcGM5gLbmwFRA6fCyyZe10xo=; b=ZusZWA5EWkQ+3nCd805J8/tavC/3hxqnGpjfNPRYUqt8JvpiExogjJEkkVML/0y74E o4sGk7SOvvHT53H7iyoPjUCxgie//+BiD3SNozSwsExQVQufylbi25iDHzmzYakg+IdV 1Ttm+TAfpuB4mlGyUkkC+ol2rS2GCTcqrFQlcZ9199FAGgAD8gjrrALo7EYbcatNvBwl brG3+4j38HaJG88dsGO1Q4v6iBWPrZkkVhXw0xXW+WswXRIZ78LJEUAKCGnq9uYvAt0b nS+fyLV0dTnepFrhR/W51QHl5ZuyBfAsWUrNLvdfnVdQmdJn1JWGYFZBi1SIg/qGQQX7 XDvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=HzTSVpbyy+61Yj0es9srcGM5gLbmwFRA6fCyyZe10xo=; b=sxWGqjmDdT70Lkm9edkSssQi3itM7EIF+zzRhmTij7g4CmHN4SxVNB32SpGlEuS6D3 vLH9k5sVhwdmV2KF8vx1xOBWz+450itM6fD3sWErLFEDP7JTb4GkiEY9qgWY/r6vpGC3 P6ToZWEGWapMg63yOCiYv9tjxGYQ5onQARxwaYO4+RL0Qhzo6kRHa97kljc10lYzZDf4 YyjFCKtXWSuRvSE0CHh6HqbPIuTp9RBosY3BeuaXa7clWjViv19Up6+G7Z+ZZiE9llxj qy+cT3kQZ8RMjO6l+aBK0EKFkOpWIyeWJsBm3IgTRx5yHV565/TDC9mxAaCoESu1Ie2K Yfsw== X-Gm-Message-State: APjAAAUGNxsEuGfg1GS/nNzFeODlZu615GYP/qJRN0cIspqfL/DKnWJI 4LQi10imkFdF/S7Y8aW3Fe86+vtWPkc1WrxlptKcWzI01VKNOOUBfl3ldN0Acllly/f2MPOJC4B NNGBDAZHAwz9MLKjsGX7ZHxyan0m1VhUjcPy2vs6AZDMC2W6m7Ba3iyiIkfz4MarNOTtB9m3ZVV IO9ftkpts8r+KCUJU41tE= X-Google-Smtp-Source: AHgI3IYEHy3njru0ZiQXMFT9KtKvZZOvQBghwSLugT0cTDATMRJw63EMRy3MT3DnTjp8rSqvXodtXe3T3G+COzFS3Dud+g== X-Received: by 2002:a24:cd07:: with SMTP id l7mr778172itg.22.1551299233980; Wed, 27 Feb 2019 12:27:13 -0800 (PST) Date: Wed, 27 Feb 2019 12:26:58 -0800 In-Reply-To: <20190227202658.197113-1-matthewgarrett@google.com> Message-Id: <20190227202658.197113-5-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190227202658.197113-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.352.gf09ad66450-goog Subject: [PATCH V5 4/4] efi: Attempt to get the TCG2 event log in the boot stub From: Matthew Garrett To: linux-integrity@vger.kernel.org Cc: peterhuewe@gmx.de, jarkko.sakkinen@linux.intel.com, jgg@ziepe.ca, roberto.sassu@huawei.com, linux-efi@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, tweek@google.com, Matthew Garrett Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Matthew Garrett Right now we only attempt to obtain the SHA1-only event log. The protocol also supports a crypto agile log format, which contains digests for all algorithms in use. Attempt to obtain this first, and fall back to obtaining the older format if the system doesn't support it. This is lightly complicated by the event sizes being variable (as we don't know in advance which algorithms are in use), and the interface giving us back a pointer to the start of the final entry rather than a pointer to the end of the log - as a result, we need to parse the final entry to figure out its length in order to know how much data to copy up to the OS. Signed-off-by: Matthew Garrett --- drivers/firmware/efi/libstub/tpm.c | 50 ++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 17 deletions(-) diff --git a/drivers/firmware/efi/libstub/tpm.c b/drivers/firmware/efi/libstub/tpm.c index a90b0b8fc69a..523cd07c551c 100644 --- a/drivers/firmware/efi/libstub/tpm.c +++ b/drivers/firmware/efi/libstub/tpm.c @@ -59,7 +59,7 @@ void efi_enable_reset_attack_mitigation(efi_system_table_t *sys_table_arg) #endif -static void efi_retrieve_tpm2_eventlog_1_2(efi_system_table_t *sys_table_arg) +void efi_retrieve_tpm2_eventlog(efi_system_table_t *sys_table_arg) { efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID; efi_guid_t linux_eventlog_guid = LINUX_EFI_TPM_EVENT_LOG_GUID; @@ -69,6 +69,7 @@ static void efi_retrieve_tpm2_eventlog_1_2(efi_system_table_t *sys_table_arg) unsigned long first_entry_addr, last_entry_addr; size_t log_size, last_entry_size; efi_bool_t truncated; + int version = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2; void *tcg2_protocol = NULL; status = efi_call_early(locate_protocol, &tcg2_guid, NULL, @@ -76,14 +77,20 @@ static void efi_retrieve_tpm2_eventlog_1_2(efi_system_table_t *sys_table_arg) if (status != EFI_SUCCESS) return; - status = efi_call_proto(efi_tcg2_protocol, get_event_log, tcg2_protocol, - EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2, - &log_location, &log_last_entry, &truncated); - if (status != EFI_SUCCESS) - return; + status = efi_call_proto(efi_tcg2_protocol, get_event_log, + tcg2_protocol, version, &log_location, + &log_last_entry, &truncated); + + if (status != EFI_SUCCESS || !log_location) { + version = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2; + status = efi_call_proto(efi_tcg2_protocol, get_event_log, + tcg2_protocol, version, &log_location, + &log_last_entry, &truncated); + if (status != EFI_SUCCESS || !log_location) + return; + + } - if (!log_location) - return; first_entry_addr = (unsigned long) log_location; /* @@ -98,8 +105,23 @@ static void efi_retrieve_tpm2_eventlog_1_2(efi_system_table_t *sys_table_arg) * We need to calculate its size to deduce the full size of * the logs. */ - last_entry_size = sizeof(struct tcpa_event) + - ((struct tcpa_event *) last_entry_addr)->event_size; + if (version == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) { + /* + * The TCG2 log format has variable length entries, + * and the information to decode the hash algorithms + * back into a size is contained in the first entry - + * pass a pointer to the final entry (to calculate its + * size) and the first entry (so we know how long each + * digest is) + */ + last_entry_size = + __calc_tpm2_event_size((void *)last_entry_addr, + (void *)log_location, + false); + } else { + last_entry_size = sizeof(struct tcpa_event) + + ((struct tcpa_event *) last_entry_addr)->event_size; + } log_size = log_last_entry - log_location + last_entry_size; } @@ -116,7 +138,7 @@ static void efi_retrieve_tpm2_eventlog_1_2(efi_system_table_t *sys_table_arg) memset(log_tbl, 0, sizeof(*log_tbl) + log_size); log_tbl->size = log_size; - log_tbl->version = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2; + log_tbl->version = version; memcpy(log_tbl->log, (void *) first_entry_addr, log_size); status = efi_call_early(install_configuration_table, @@ -128,9 +150,3 @@ static void efi_retrieve_tpm2_eventlog_1_2(efi_system_table_t *sys_table_arg) err_free: efi_call_early(free_pool, log_tbl); } - -void efi_retrieve_tpm2_eventlog(efi_system_table_t *sys_table_arg) -{ - /* Only try to retrieve the logs in 1.2 format. */ - efi_retrieve_tpm2_eventlog_1_2(sys_table_arg); -}