[PATCH] tpm: measure DTB in PCR1 instead of PCR0
The PC client spec [0], doesn't describe measurements for DTBs. It does describe what do to for ACPI tables though.
There is a description for ACPI in 3.3.4.1 PCR[0] – SRTM, POST BIOS, and Embedded Drivers and they explicitly mention ACPI in there. There's no mention of ACPI in 3.3.4.2 PCR[1] – Host Platform Configuration.
However, in Figure 6 -- PCR Mapping of UEFI Components ACPI is shown in PCR1. The general description also mentions PCR0 is for code and PCR1 is for data such as ACPI and SMBIOS.
So let's switch over the DTB measurements to PCR1 which seems a better fit.
[0] https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmw...
Reported-by: Heinrich Schuchardt xypron.glpk@gmx.de Signed-off-by: Ilias Apalodimas ilias.apalodimas@linaro.org --- boot/bootm.c | 2 +- lib/efi_loader/efi_tcg2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/boot/bootm.c b/boot/bootm.c index 6fa8edab021e..3de87eb185d7 100644 --- a/boot/bootm.c +++ b/boot/bootm.c @@ -963,7 +963,7 @@ int bootm_measure(struct bootm_headers *images) goto unmap_initrd;
if (IS_ENABLED(CONFIG_MEASURE_DEVICETREE)) { - ret = tcg2_measure_data(dev, &elog, 0, images->ft_len, + ret = tcg2_measure_data(dev, &elog, 1, images->ft_len, (u8 *)images->ft_addr, EV_TABLE_OF_DEVICES, strlen("dts") + 1, diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 51264c1b998c..a8a54c9f131d 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -1328,7 +1328,7 @@ efi_status_t efi_tcg2_measure_dtb(void *dtb) sha256_update(&hash_ctx, (u8 *)dtb + fdt_off_mem_rsvmap(dtb), rsvmap_size); sha256_finish(&hash_ctx, blob->data + blob->blob_description_size);
- ret = measure_event(dev, 0, EV_POST_CODE, event_size, (u8 *)blob); + ret = measure_event(dev, 1, EV_POST_CODE, event_size, (u8 *)blob);
free(blob); return ret; -- 2.45.1
On 6/14/24 07:09, Ilias Apalodimas wrote:
The PC client spec [0], doesn't describe measurements for DTBs. It does describe what do to for ACPI tables though.
There is a description for ACPI in 3.3.4.1 PCR[0] – SRTM, POST BIOS, and Embedded Drivers and they explicitly mention ACPI in there. There's no mention of ACPI in 3.3.4.2 PCR[1] – Host Platform Configuration.
However, in Figure 6 -- PCR Mapping of UEFI Components ACPI is shown in PCR1. The general description also mentions PCR0 is for code and PCR1 is for data such as ACPI and SMBIOS.
Thanks, looks correct.
Reviewed-by: Eddie James eajames@linux.ibm.com
So let's switch over the DTB measurements to PCR1 which seems a better fit.
[0] https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmw...
Reported-by: Heinrich Schuchardt xypron.glpk@gmx.de Signed-off-by: Ilias Apalodimas ilias.apalodimas@linaro.org
boot/bootm.c | 2 +- lib/efi_loader/efi_tcg2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/boot/bootm.c b/boot/bootm.c index 6fa8edab021e..3de87eb185d7 100644 --- a/boot/bootm.c +++ b/boot/bootm.c @@ -963,7 +963,7 @@ int bootm_measure(struct bootm_headers *images) goto unmap_initrd;
if (IS_ENABLED(CONFIG_MEASURE_DEVICETREE)) {
ret = tcg2_measure_data(dev, &elog, 0, images->ft_len,
ret = tcg2_measure_data(dev, &elog, 1, images->ft_len, (u8 *)images->ft_addr, EV_TABLE_OF_DEVICES, strlen("dts") + 1,diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 51264c1b998c..a8a54c9f131d 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -1328,7 +1328,7 @@ efi_status_t efi_tcg2_measure_dtb(void *dtb) sha256_update(&hash_ctx, (u8 *)dtb + fdt_off_mem_rsvmap(dtb), rsvmap_size); sha256_finish(&hash_ctx, blob->data + blob->blob_description_size);
- ret = measure_event(dev, 0, EV_POST_CODE, event_size, (u8 *)blob);
ret = measure_event(dev, 1, EV_POST_CODE, event_size, (u8 *)blob);
free(blob); return ret;
-- 2.45.1
Thanks Eddie,
On Sat, 15 Jun 2024 at 00:31, Eddie James eajames@linux.ibm.com wrote:
On 6/14/24 07:09, Ilias Apalodimas wrote:
The PC client spec [0], doesn't describe measurements for DTBs. It does describe what do to for ACPI tables though.
There is a description for ACPI in 3.3.4.1 PCR[0] – SRTM, POST BIOS, and Embedded Drivers and they explicitly mention ACPI in there. There's no mention of ACPI in 3.3.4.2 PCR[1] – Host Platform Configuration.
However, in Figure 6 -- PCR Mapping of UEFI Components ACPI is shown in PCR1. The general description also mentions PCR0 is for code and PCR1 is for data such as ACPI and SMBIOS.
Thanks, looks correct.
Reviewed-by: Eddie James eajames@linux.ibm.com
Heinrich, do you want to carry this on the EFI tree, or shall I send a PR via the TPM tree?
Thanks /Ilias
So let's switch over the DTB measurements to PCR1 which seems a better fit.
[0] https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmw...
Reported-by: Heinrich Schuchardt xypron.glpk@gmx.de Signed-off-by: Ilias Apalodimas ilias.apalodimas@linaro.org
boot/bootm.c | 2 +- lib/efi_loader/efi_tcg2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/boot/bootm.c b/boot/bootm.c index 6fa8edab021e..3de87eb185d7 100644 --- a/boot/bootm.c +++ b/boot/bootm.c @@ -963,7 +963,7 @@ int bootm_measure(struct bootm_headers *images) goto unmap_initrd;
if (IS_ENABLED(CONFIG_MEASURE_DEVICETREE)) {
ret = tcg2_measure_data(dev, &elog, 0, images->ft_len,
ret = tcg2_measure_data(dev, &elog, 1, images->ft_len, (u8 *)images->ft_addr, EV_TABLE_OF_DEVICES, strlen("dts") + 1,diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 51264c1b998c..a8a54c9f131d 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -1328,7 +1328,7 @@ efi_status_t efi_tcg2_measure_dtb(void *dtb) sha256_update(&hash_ctx, (u8 *)dtb + fdt_off_mem_rsvmap(dtb), rsvmap_size); sha256_finish(&hash_ctx, blob->data + blob->blob_description_size);
ret = measure_event(dev, 0, EV_POST_CODE, event_size, (u8 *)blob);
ret = measure_event(dev, 1, EV_POST_CODE, event_size, (u8 *)blob); free(blob); return ret;-- 2.45.1
participants (2)
-
Eddie James -
Ilias Apalodimas