We are currently not adding any events on the eventlog apart from the SpecID event. The locality event is mandatory and must be logged before extending PCR[0].

The spec description is "The Startup Locality event should be placed in the log before any event which extends PCR[0]. This allows software which needs to parse the TCG Event Log to initialize its internal PCR[0] state correctly".

So let's add a locality even during the EventLog creation, right after our SpecID event.

Signed-off-by: Ilias Apalodimas ilias.apalodimas@linaro.org --- lib/efi_loader/efi_tcg2.c | 50 +++++++++++++++++++++++++++++---------- 1 file changed, 37 insertions(+), 13 deletions(-)

diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 797d6eb134f6..a89dadcb22e9 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -513,7 +513,7 @@ static efi_status_t tcg2_create_digest(const u8 *input, u32 length, sha1_context ctx; sha256_context ctx_256; sha512_context ctx_512; - u8 final[TPM2_ALG_SHA512]; + u8 final[TPM2_ALG_SHA512] = { 0 }; efi_status_t ret; u32 active; int i; @@ -530,27 +530,35 @@ static efi_status_t tcg2_create_digest(const u8 *input, u32 length, continue; switch (hash_alg) { case TPM2_ALG_SHA1: - sha1_starts(&ctx); - sha1_update(&ctx, input, length); - sha1_finish(&ctx, final); + if (input) { + sha1_starts(&ctx); + sha1_update(&ctx, input, length); + sha1_finish(&ctx, final); + } digest_list->count++; break; case TPM2_ALG_SHA256: - sha256_starts(&ctx_256); - sha256_update(&ctx_256, input, length); - sha256_finish(&ctx_256, final); + if (input) { + sha256_starts(&ctx_256); + sha256_update(&ctx_256, input, length); + sha256_finish(&ctx_256, final); + } digest_list->count++; break; case TPM2_ALG_SHA384: - sha384_starts(&ctx_512); - sha384_update(&ctx_512, input, length); - sha384_finish(&ctx_512, final); + if (input) { + sha384_starts(&ctx_512); + sha384_update(&ctx_512, input, length); + sha384_finish(&ctx_512, final); + } digest_list->count++; break; case TPM2_ALG_SHA512: - sha512_starts(&ctx_512); - sha512_update(&ctx_512, input, length); - sha512_finish(&ctx_512, final); + if (input) { + sha512_starts(&ctx_512); + sha512_update(&ctx_512, input, length); + sha512_finish(&ctx_512, final); + } digest_list->count++; break; default: @@ -1004,6 +1012,8 @@ static efi_status_t efi_init_event_log(void) struct udevice *dev; size_t spec_event_size; efi_status_t ret; + struct tcg_efi_startup_locality_event locality_event; + struct tpml_digest_values digest_list;

ret = platform_get_tpm2_device(&dev); if (ret != EFI_SUCCESS) @@ -1040,6 +1050,20 @@ static efi_status_t efi_init_event_log(void) event_log.pos = spec_event_size + sizeof(*event_header); event_log.last_event_size = event_log.pos;

+ /* Add a locality event before PCR[0] changes */ + memcpy(locality_event.signature, TCG_EFI_STARTUP_LOCALITY_SIGNATURE, + sizeof(locality_event.signature)); + /* + * Locality 0 is designated as the default Locality. This is usually + * the platform’s boot firmware, OS and applications. + */ + locality_event.startup_locality = 0; + ret = tcg2_create_digest(NULL, 0, &digest_list); + ret = tcg2_agile_log_append(0, EV_NO_ACTION, &digest_list, + sizeof(locality_event), (u8 *)&locality_event); + if (ret != EFI_SUCCESS) + goto out; + ret = create_final_event();

out: