[PATCH v7 0/3] PE/COFF measurement support

newer
[v2] arm: dts: lx2162aqds: support...

older
[PATCH] arm: dts: k3-j721e: Fix up...

Masahisa Kojima

13 May 2021 13 May '21

4:48 p.m.

This patch series add the PE/COFF measurement support. Extending PCR and Event Log is tested with fTPM running as a OP-TEE TA. Unit test will be added in the separate series.

Masahisa Kojima (3): lib: introduce HASH_CALCULATE option efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled efi_loader: add PE/COFF image measurement

-- 2.17.1

Show replies by date

Masahisa Kojima

13 May 13 May

4:48 p.m.

New subject: [PATCH v7 1/3] lib: introduce HASH_CALCULATE option

Build error occurs when CONFIG_EFI_SECURE_BOOT or CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled, because hash-checksum.c is not compiled.

Since hash_calculate() implemented in hash-checksum.c can be commonly used aside from FIT image signature verification, this commit itroduces HASH_CALCULATE option to decide if hash-checksum.c shall be compiled.

Signed-off-by: Masahisa Kojima masahisa.kojima@linaro.org ---

Changes in v7: - newly introduce HASH_CALCULATE option

Changes in v6: - update lib/Makefile to compile hash-checksum.c, instead of selecting FIT_SIGNATURE in secure boot and capsule authentication.

Changes in v5: - Missing option for EFI_TCG2_PROTOROL already added in different commit. This commit adds FIT_SIGNATURE only.

Changes in v4: - newly added in this patch series, due to rebasing the base code.

common/Kconfig.boot | 1 + lib/Kconfig | 3 +++ lib/Makefile | 2 +- lib/efi_loader/Kconfig | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 5a18d62d78..56608226cc 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -80,6 +80,7 @@ config FIT_SIGNATURE select RSA_VERIFY select IMAGE_SIGN_INFO select FIT_FULL_CHECK + select HASH_CALCULATE help This option enables signature verification of FIT uImages, using a hash signed and verified using RSA. If diff --git a/lib/Kconfig b/lib/Kconfig index 6d2d41de30..df67eb0503 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -428,6 +428,9 @@ config CRC32C config XXHASH bool

+config HASH_CALCULATE + bool + endmenu

menu "Compression Support" diff --git a/lib/Makefile b/lib/Makefile index 6825671955..0835ea292c 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -61,7 +61,7 @@ endif obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/ obj-$(CONFIG_$(SPL_)MD5) += md5.o obj-$(CONFIG_$(SPL_)RSA) += rsa/ -obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o +obj-$(CONFIG_HASH_CALCULATE) += hash-checksum.o obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SHA256) += sha256.o obj-$(CONFIG_SHA512_ALGO) += sha512.o diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index c259abe033..eb5c4d6f29 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -174,6 +174,7 @@ config EFI_CAPSULE_AUTHENTICATE select PKCS7_MESSAGE_PARSER select PKCS7_VERIFY select IMAGE_SIGN_INFO + select HASH_CALCULATE default n help Select this option if you want to enable capsule @@ -342,6 +343,7 @@ config EFI_SECURE_BOOT select X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER select PKCS7_VERIFY + select HASH_CALCULATE default n help Select this option to enable EFI secure boot support.

-- 2.17.1

Heinrich Schuchardt

4:55 p.m.

New subject: [PATCH v7 1/3] lib: introduce HASH_CALCULATE option

On 5/13/21 4:48 PM, Masahisa Kojima wrote:

...

Build error occurs when CONFIG_EFI_SECURE_BOOT or CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled, because hash-checksum.c is not compiled.

Since hash_calculate() implemented in hash-checksum.c can be commonly used aside from FIT image signature verification, this commit itroduces HASH_CALCULATE option to decide if hash-checksum.c shall be compiled.

Signed-off-by: Masahisa Kojima masahisa.kojima@linaro.org

Changes in v7:

newly introduce HASH_CALCULATE option

Changes in v6:

update lib/Makefile to compile hash-checksum.c, instead of selecting FIT_SIGNATURE in secure boot and capsule authentication.

Changes in v5:

Missing option for EFI_TCG2_PROTOROL already added in different commit. This commit adds FIT_SIGNATURE only.

Changes in v4:

newly added in this patch series, due to rebasing the base code.

common/Kconfig.boot | 1 + lib/Kconfig | 3 +++ lib/Makefile | 2 +- lib/efi_loader/Kconfig | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 5a18d62d78..56608226cc 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -80,6 +80,7 @@ config FIT_SIGNATURE select RSA_VERIFY select IMAGE_SIGN_INFO select FIT_FULL_CHECK

select HASH_CALCULATE help This option enables signature verification of FIT uImages, using a hash signed and verified using RSA. If

diff --git a/lib/Kconfig b/lib/Kconfig index 6d2d41de30..df67eb0503 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -428,6 +428,9 @@ config CRC32C config XXHASH bool

+config HASH_CALCULATE

bool

endmenu

menu "Compression Support"

diff --git a/lib/Makefile b/lib/Makefile index 6825671955..0835ea292c 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -61,7 +61,7 @@ endif obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/ obj-$(CONFIG_$(SPL_)MD5) += md5.o obj-$(CONFIG_$(SPL_)RSA) += rsa/ -obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o

CONFIG_FIT_SIGNATURE has to select CONFIG_HASH_CALCULATE too?

Best regards

Heinrich

...

+obj-$(CONFIG_HASH_CALCULATE) += hash-checksum.o obj-$(CONFIG_SHA1) += sha1.o obj-$(CONFIG_SHA256) += sha256.o obj-$(CONFIG_SHA512_ALGO) += sha512.o diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index c259abe033..eb5c4d6f29 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -174,6 +174,7 @@ config EFI_CAPSULE_AUTHENTICATE select PKCS7_MESSAGE_PARSER select PKCS7_VERIFY select IMAGE_SIGN_INFO

select HASH_CALCULATE default n help Select this option if you want to enable capsule

@@ -342,6 +343,7 @@ config EFI_SECURE_BOOT select X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER select PKCS7_VERIFY

select HASH_CALCULATE default n help Select this option to enable EFI secure boot support.

Heinrich Schuchardt

5:24 p.m.

New subject: [PATCH v7 1/3] lib: introduce HASH_CALCULATE option

On 5/13/21 4:48 PM, Masahisa Kojima wrote:

...

Build error occurs when CONFIG_EFI_SECURE_BOOT or CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled, because hash-checksum.c is not compiled.

Since hash_calculate() implemented in hash-checksum.c can be commonly used aside from FIT image signature verification, this commit itroduces HASH_CALCULATE option to decide if hash-checksum.c shall be compiled.

Signed-off-by: Masahisa Kojima masahisa.kojima@linaro.org

Reviewed-by: Heinrich Schuchardt xypron.glpk@gmx.de

Masahisa Kojima

4:48 p.m.

New subject: [PATCH v7 2/3] efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled

This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled.

This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled.

Signed-off-by: Masahisa Kojima masahisa.kojima@linaro.org ---

(no changes since v4)

Changes in v4: - revert #ifdef instead of using "if (!IS_ENABLED())" statement, not to rely on the compiler optimization.

Changes in v3: - hide EFI_SIGNATURE_SUPPORT option

Changes in v2: - Remove all #ifdef from efi_image_loader.c and efi_signature.c - Add EFI_SIGNATURE_SUPPORT option - Explicitly include <u-boot/hash-checksum.h> - Gather PE/COFF parsing functions into efi_image_loader.c - Move efi_guid_t efi_guid_image_security_database in efi_var_common.c

lib/efi_loader/Kconfig | 6 +++ lib/efi_loader/Makefile | 2 +- lib/efi_loader/efi_image_loader.c | 64 ++++++++++++++++++++++++++++- lib/efi_loader/efi_signature.c | 67 +------------------------------ lib/efi_loader/efi_var_common.c | 3 ++ 5 files changed, 74 insertions(+), 68 deletions(-)

diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index eb5c4d6f29..dff85cea26 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -175,6 +175,7 @@ config EFI_CAPSULE_AUTHENTICATE select PKCS7_VERIFY select IMAGE_SIGN_INFO select HASH_CALCULATE + select EFI_SIGNATURE_SUPPORT default n help Select this option if you want to enable capsule @@ -344,6 +345,7 @@ config EFI_SECURE_BOOT select PKCS7_MESSAGE_PARSER select PKCS7_VERIFY select HASH_CALCULATE + select EFI_SIGNATURE_SUPPORT default n help Select this option to enable EFI secure boot support. @@ -351,6 +353,10 @@ config EFI_SECURE_BOOT it is signed with a trusted key. To do that, you need to install, at least, PK, KEK and db.

+config EFI_SIGNATURE_SUPPORT + bool + depends on EFI_SECURE_BOOT || EFI_CAPSULE_AUTHENTICATE + config EFI_ESRT bool "Enable the UEFI ESRT generation" depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index 8bd343e258..fd344cea29 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -63,7 +63,7 @@ obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += efi_smbios.o obj-$(CONFIG_EFI_RNG_PROTOCOL) += efi_rng.o obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o obj-$(CONFIG_EFI_LOAD_FILE2_INITRD) += efi_load_initrd.o -obj-y += efi_signature.o +obj-$(CONFIG_EFI_SIGNATURE_SUPPORT) += efi_signature.o

EFI_VAR_SEED_FILE := $(subst $",,$(CONFIG_EFI_VAR_SEED_FILE)) $(obj)/efi_var_seed.o: $(srctree)/$(EFI_VAR_SEED_FILE) diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index f53ef367ec..fe1ee198e2 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -213,7 +213,68 @@ static void efi_set_code_and_data_type( } }

-#ifdef CONFIG_EFI_SECURE_BOOT +/** + * efi_image_region_add() - add an entry of region + * @regs: Pointer to array of regions + * @start: Start address of region (included) + * @end: End address of region (excluded) + * @nocheck: flag against overlapped regions + * + * Take one entry of region [@start, @end[ and insert it into the list. + * + * * If @nocheck is false, the list will be sorted ascending by address. + * Overlapping entries will not be allowed. + * + * * If @nocheck is true, the list will be sorted ascending by sequence + * of adding the entries. Overlapping is allowed. + * + * Return: status code + */ +efi_status_t efi_image_region_add(struct efi_image_regions *regs, + const void *start, const void *end, + int nocheck) +{ + struct image_region *reg; + int i, j; + + if (regs->num >= regs->max) { + EFI_PRINT("%s: no more room for regions\n", __func__); + return EFI_OUT_OF_RESOURCES; + } + + if (end < start) + return EFI_INVALID_PARAMETER; + + for (i = 0; i < regs->num; i++) { + reg = &regs->reg[i]; + if (nocheck) + continue; + + /* new data after registered region */ + if (start >= reg->data + reg->size) + continue; + + /* new data preceding registered region */ + if (end <= reg->data) { + for (j = regs->num - 1; j >= i; j--) + memcpy(&regs->reg[j + 1], &regs->reg[j], + sizeof(*reg)); + break; + } + + /* new data overlapping registered region */ + EFI_PRINT("%s: new region already part of another\n", __func__); + return EFI_INVALID_PARAMETER; + } + + reg = &regs->reg[i]; + reg->data = start; + reg->size = end - start; + regs->num++; + + return EFI_SUCCESS; +} + /** * cmp_pe_section() - compare virtual addresses of two PE image sections * @arg1: pointer to pointer to first section header @@ -422,6 +483,7 @@ err: return false; }

+#ifdef CONFIG_EFI_SECURE_BOOT /** * efi_image_unsigned_authenticate() - authenticate unsigned image with * SHA256 hash diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c index c7ec275414..bdd09881fc 100644 --- a/lib/efi_loader/efi_signature.c +++ b/lib/efi_loader/efi_signature.c @@ -15,18 +15,16 @@ #include <crypto/public_key.h> #include <linux/compat.h> #include <linux/oid_registry.h> +#include <u-boot/hash-checksum.h> #include <u-boot/rsa.h> #include <u-boot/sha256.h>

-const efi_guid_t efi_guid_image_security_database = - EFI_IMAGE_SECURITY_DATABASE_GUID; const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID; const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID; const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID; const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID; const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;

-#if defined(CONFIG_EFI_SECURE_BOOT) || defined(CONFIG_EFI_CAPSULE_AUTHENTICATE) static u8 pkcs7_hdr[] = { /* SEQUENCE */ 0x30, 0x82, 0x05, 0xc7, @@ -539,68 +537,6 @@ out: return !revoked; }

-/** - * efi_image_region_add() - add an entry of region - * @regs: Pointer to array of regions - * @start: Start address of region (included) - * @end: End address of region (excluded) - * @nocheck: flag against overlapped regions - * - * Take one entry of region [@start, @end[ and insert it into the list. - * - * * If @nocheck is false, the list will be sorted ascending by address. - * Overlapping entries will not be allowed. - * - * * If @nocheck is true, the list will be sorted ascending by sequence - * of adding the entries. Overlapping is allowed. - * - * Return: status code - */ -efi_status_t efi_image_region_add(struct efi_image_regions *regs, - const void *start, const void *end, - int nocheck) -{ - struct image_region *reg; - int i, j; - - if (regs->num >= regs->max) { - EFI_PRINT("%s: no more room for regions\n", __func__); - return EFI_OUT_OF_RESOURCES; - } - - if (end < start) - return EFI_INVALID_PARAMETER; - - for (i = 0; i < regs->num; i++) { - reg = &regs->reg[i]; - if (nocheck) - continue; - - /* new data after registered region */ - if (start >= reg->data + reg->size) - continue; - - /* new data preceding registered region */ - if (end <= reg->data) { - for (j = regs->num - 1; j >= i; j--) - memcpy(&regs->reg[j + 1], &regs->reg[j], - sizeof(*reg)); - break; - } - - /* new data overlapping registered region */ - EFI_PRINT("%s: new region already part of another\n", __func__); - return EFI_INVALID_PARAMETER; - } - - reg = &regs->reg[i]; - reg->data = start; - reg->size = end - start; - regs->num++; - - return EFI_SUCCESS; -} - /** * efi_sigstore_free - free signature store * @sigstore: Pointer to signature store structure @@ -846,4 +782,3 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)

return efi_build_signature_store(db, db_size); } -#endif /* CONFIG_EFI_SECURE_BOOT || CONFIG_EFI_CAPSULE_AUTHENTICATE */ diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c index b11ed91a74..83479dd142 100644 --- a/lib/efi_loader/efi_var_common.c +++ b/lib/efi_loader/efi_var_common.c @@ -24,6 +24,9 @@ struct efi_auth_var_name_type { const enum efi_auth_var_type type; };

+const efi_guid_t efi_guid_image_security_database = + EFI_IMAGE_SECURITY_DATABASE_GUID; + static const struct efi_auth_var_name_type name_type[] = { {u"PK", &efi_global_variable_guid, EFI_AUTH_VAR_PK}, {u"KEK", &efi_global_variable_guid, EFI_AUTH_VAR_KEK},

-- 2.17.1

Heinrich Schuchardt

5:28 p.m.

New subject: [PATCH v7 2/3] efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled

On 5/13/21 4:48 PM, Masahisa Kojima wrote:

...

This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled.

This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled.

Signed-off-by: Masahisa Kojima masahisa.kojima@linaro.org

(no changes since v4)

Changes in v4:

revert #ifdef instead of using "if (!IS_ENABLED())" statement, not to rely on the compiler optimization.

Changes in v3:

hide EFI_SIGNATURE_SUPPORT option

Changes in v2:

Remove all #ifdef from efi_image_loader.c and efi_signature.c

Add EFI_SIGNATURE_SUPPORT option

Explicitly include <u-boot/hash-checksum.h>

Gather PE/COFF parsing functions into efi_image_loader.c

Move efi_guid_t efi_guid_image_security_database in efi_var_common.c

lib/efi_loader/Kconfig | 6 +++ lib/efi_loader/Makefile | 2 +- lib/efi_loader/efi_image_loader.c | 64 ++++++++++++++++++++++++++++- lib/efi_loader/efi_signature.c | 67 +------------------------------ lib/efi_loader/efi_var_common.c | 3 ++ 5 files changed, 74 insertions(+), 68 deletions(-)

diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index eb5c4d6f29..dff85cea26 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -175,6 +175,7 @@ config EFI_CAPSULE_AUTHENTICATE select PKCS7_VERIFY select IMAGE_SIGN_INFO select HASH_CALCULATE

select EFI_SIGNATURE_SUPPORT default n help Select this option if you want to enable capsule

@@ -344,6 +345,7 @@ config EFI_SECURE_BOOT select PKCS7_MESSAGE_PARSER select PKCS7_VERIFY select HASH_CALCULATE

select EFI_SIGNATURE_SUPPORT default n help Select this option to enable EFI secure boot support.

@@ -351,6 +353,10 @@ config EFI_SECURE_BOOT it is signed with a trusted key. To do that, you need to install, at least, PK, KEK and db.

+config EFI_SIGNATURE_SUPPORT

bool

depends on EFI_SECURE_BOOT || EFI_CAPSULE_AUTHENTICATE

This line is superfluous. As it has no label the symbol will be false if not selected by EFI_SECURE_BOOT or EFI_CAPSULE_AUTHENTICATE.

Best regards

Heinrich

...

config EFI_ESRT bool "Enable the UEFI ESRT generation" depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT

diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index 8bd343e258..fd344cea29 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -63,7 +63,7 @@ obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += efi_smbios.o obj-$(CONFIG_EFI_RNG_PROTOCOL) += efi_rng.o obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o obj-$(CONFIG_EFI_LOAD_FILE2_INITRD) += efi_load_initrd.o -obj-y += efi_signature.o +obj-$(CONFIG_EFI_SIGNATURE_SUPPORT) += efi_signature.o

EFI_VAR_SEED_FILE := $(subst $",,$(CONFIG_EFI_VAR_SEED_FILE)) $(obj)/efi_var_seed.o: $(srctree)/$(EFI_VAR_SEED_FILE) diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index f53ef367ec..fe1ee198e2 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -213,7 +213,68 @@ static void efi_set_code_and_data_type( } }

-#ifdef CONFIG_EFI_SECURE_BOOT +/**

efi_image_region_add() - add an entry of region

@regs: Pointer to array of regions

@start: Start address of region (included)

@end: End address of region (excluded)

@nocheck: flag against overlapped regions

Take one entry of region [@start, @end[ and insert it into the list.

If @nocheck is false, the list will be sorted ascending by address.

Overlapping entries will not be allowed.

If @nocheck is true, the list will be sorted ascending by sequence

of adding the entries. Overlapping is allowed.

Return: status code

*/

+efi_status_t efi_image_region_add(struct efi_image_regions *regs,
		  const void *start, const void *end,
		  int nocheck)
+{
struct image_region *reg;

int i, j;

if (regs->num >= regs->max) {
EFI_PRINT("%s: no more room for regions\n", __func__);
return EFI_OUT_OF_RESOURCES;
}

if (end < start)
return EFI_INVALID_PARAMETER;
for (i = 0; i < regs->num; i++) {
reg = &regs->reg[i];
if (nocheck)
	continue;
/* new data after registered region */
if (start >= reg->data + reg->size)
	continue;
/* new data preceding registered region */
if (end <= reg->data) {
	for (j = regs->num - 1; j >= i; j--)
		memcpy(&regs->reg[j + 1], &regs->reg[j],
		       sizeof(*reg));
	break;
}
/* new data overlapping registered region */
EFI_PRINT("%s: new region already part of another\n", __func__);
return EFI_INVALID_PARAMETER;
}

reg = &regs->reg[i];

reg->data = start;

reg->size = end - start;

regs->num++;

return EFI_SUCCESS;
+}

/**

cmp_pe_section() - compare virtual addresses of two PE image sections

@arg1: pointer to pointer to first section header

@@ -422,6 +483,7 @@ err: return false; }

+#ifdef CONFIG_EFI_SECURE_BOOT /**

efi_image_unsigned_authenticate() - authenticate unsigned image with

SHA256 hash

diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c index c7ec275414..bdd09881fc 100644 --- a/lib/efi_loader/efi_signature.c +++ b/lib/efi_loader/efi_signature.c @@ -15,18 +15,16 @@ #include <crypto/public_key.h> #include <linux/compat.h> #include <linux/oid_registry.h> +#include <u-boot/hash-checksum.h> #include <u-boot/rsa.h> #include <u-boot/sha256.h>

-const efi_guid_t efi_guid_image_security_database =
EFI_IMAGE_SECURITY_DATABASE_GUID;
const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID; const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID; const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID; const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID; const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
-#if defined(CONFIG_EFI_SECURE_BOOT) || defined(CONFIG_EFI_CAPSULE_AUTHENTICATE) static u8 pkcs7_hdr[] = { /* SEQUENCE */ 0x30, 0x82, 0x05, 0xc7, @@ -539,68 +537,6 @@ out: return !revoked; }

-/**

efi_image_region_add() - add an entry of region

@regs: Pointer to array of regions

@start: Start address of region (included)

@end: End address of region (excluded)

@nocheck: flag against overlapped regions

Take one entry of region [@start, @end[ and insert it into the list.

If @nocheck is false, the list will be sorted ascending by address.

Overlapping entries will not be allowed.

If @nocheck is true, the list will be sorted ascending by sequence

of adding the entries. Overlapping is allowed.

Return: status code

*/

-efi_status_t efi_image_region_add(struct efi_image_regions *regs,
		  const void *start, const void *end,
		  int nocheck)
-{
struct image_region *reg;

int i, j;

if (regs->num >= regs->max) {
EFI_PRINT("%s: no more room for regions\n", __func__);
return EFI_OUT_OF_RESOURCES;
}

if (end < start)
return EFI_INVALID_PARAMETER;
for (i = 0; i < regs->num; i++) {
reg = &regs->reg[i];
if (nocheck)
	continue;
/* new data after registered region */
if (start >= reg->data + reg->size)
	continue;
/* new data preceding registered region */
if (end <= reg->data) {
	for (j = regs->num - 1; j >= i; j--)
		memcpy(&regs->reg[j + 1], &regs->reg[j],
		       sizeof(*reg));
	break;
}
/* new data overlapping registered region */
EFI_PRINT("%s: new region already part of another\n", __func__);
return EFI_INVALID_PARAMETER;
}

reg = &regs->reg[i];

reg->data = start;

reg->size = end - start;

regs->num++;

return EFI_SUCCESS;
-}

/**

efi_sigstore_free - free signature store

@sigstore: Pointer to signature store structure

@@ -846,4 +782,3 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)

return efi_build_signature_store(db, db_size); } -#endif /* CONFIG_EFI_SECURE_BOOT || CONFIG_EFI_CAPSULE_AUTHENTICATE */ diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c index b11ed91a74..83479dd142 100644 --- a/lib/efi_loader/efi_var_common.c +++ b/lib/efi_loader/efi_var_common.c @@ -24,6 +24,9 @@ struct efi_auth_var_name_type { const enum efi_auth_var_type type; };

+const efi_guid_t efi_guid_image_security_database =
EFI_IMAGE_SECURITY_DATABASE_GUID;
static const struct efi_auth_var_name_type name_type[] = { {u"PK", &efi_global_variable_guid, EFI_AUTH_VAR_PK}, {u"KEK", &efi_global_variable_guid, EFI_AUTH_VAR_KEK},

Masahisa Kojima

14 May 14 May

2:39 a.m.

New subject: [PATCH v7 2/3] efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled

On Fri, 14 May 2021 at 00:33, Heinrich Schuchardt xypron.glpk@gmx.de wrote:

...

On 5/13/21 4:48 PM, Masahisa Kojima wrote:

...
This is preparation for PE/COFF measurement support. PE/COFF image hash calculation is same in both UEFI Secure Boot image verification and measurement in measured boot. PE/COFF image parsing functions are gathered into efi_image_loader.c, and exposed even if UEFI Secure Boot is not enabled.

This commit also adds the EFI_SIGNATURE_SUPPORT option to decide if efi_signature.c shall be compiled.

Signed-off-by: Masahisa Kojima masahisa.kojima@linaro.org

(no changes since v4)

Changes in v4:

revert #ifdef instead of using "if (!IS_ENABLED())" statement, not to rely on the compiler optimization.

Changes in v3:

hide EFI_SIGNATURE_SUPPORT option

Changes in v2:

Remove all #ifdef from efi_image_loader.c and efi_signature.c

Add EFI_SIGNATURE_SUPPORT option

Explicitly include <u-boot/hash-checksum.h>

Gather PE/COFF parsing functions into efi_image_loader.c

Move efi_guid_t efi_guid_image_security_database in efi_var_common.c

lib/efi_loader/Kconfig | 6 +++ lib/efi_loader/Makefile | 2 +- lib/efi_loader/efi_image_loader.c | 64 ++++++++++++++++++++++++++++- lib/efi_loader/efi_signature.c | 67 +------------------------------ lib/efi_loader/efi_var_common.c | 3 ++ 5 files changed, 74 insertions(+), 68 deletions(-)

diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index eb5c4d6f29..dff85cea26 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -175,6 +175,7 @@ config EFI_CAPSULE_AUTHENTICATE select PKCS7_VERIFY select IMAGE_SIGN_INFO select HASH_CALCULATE
select EFI_SIGNATURE_SUPPORT
default n
help
  Select this option if you want to enable capsule
@@ -344,6 +345,7 @@ config EFI_SECURE_BOOT select PKCS7_MESSAGE_PARSER select PKCS7_VERIFY select HASH_CALCULATE
select EFI_SIGNATURE_SUPPORT
default n
help
  Select this option to enable EFI secure boot support.
@@ -351,6 +353,10 @@ config EFI_SECURE_BOOT it is signed with a trusted key. To do that, you need to install, at least, PK, KEK and db.

+config EFI_SIGNATURE_SUPPORT
bool
depends on EFI_SECURE_BOOT || EFI_CAPSULE_AUTHENTICATE
This line is superfluous. As it has no label the symbol will be false if not selected by EFI_SECURE_BOOT or EFI_CAPSULE_AUTHENTICATE.

I will remove this "depends on" line.

Thanks, Masahisa Kojima

...

Best regards

Heinrich

...
config EFI_ESRT bool "Enable the UEFI ESRT generation" depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT

diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile index 8bd343e258..fd344cea29 100644 --- a/lib/efi_loader/Makefile +++ b/lib/efi_loader/Makefile @@ -63,7 +63,7 @@ obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += efi_smbios.o obj-$(CONFIG_EFI_RNG_PROTOCOL) += efi_rng.o obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o obj-$(CONFIG_EFI_LOAD_FILE2_INITRD) += efi_load_initrd.o -obj-y += efi_signature.o +obj-$(CONFIG_EFI_SIGNATURE_SUPPORT) += efi_signature.o

EFI_VAR_SEED_FILE := $(subst $",,$(CONFIG_EFI_VAR_SEED_FILE)) $(obj)/efi_var_seed.o: $(srctree)/$(EFI_VAR_SEED_FILE) diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index f53ef367ec..fe1ee198e2 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -213,7 +213,68 @@ static void efi_set_code_and_data_type( } }

-#ifdef CONFIG_EFI_SECURE_BOOT +/**

efi_image_region_add() - add an entry of region

@regs: Pointer to array of regions

@start: Start address of region (included)

@end: End address of region (excluded)

@nocheck: flag against overlapped regions

Take one entry of region [@start, @end[ and insert it into the list.

If @nocheck is false, the list will be sorted ascending by address.

Overlapping entries will not be allowed.

If @nocheck is true, the list will be sorted ascending by sequence

of adding the entries. Overlapping is allowed.

Return: status code

*/

+efi_status_t efi_image_region_add(struct efi_image_regions *regs,
                          const void *start, const void *end,
                          int nocheck)
+{
struct image_region *reg;
int i, j;
if (regs->num >= regs->max) {
        EFI_PRINT("%s: no more room for regions\n", __func__);
        return EFI_OUT_OF_RESOURCES;
}
if (end < start)
        return EFI_INVALID_PARAMETER;
for (i = 0; i < regs->num; i++) {
        reg = &regs->reg[i];
        if (nocheck)
                continue;
        /* new data after registered region */
        if (start >= reg->data + reg->size)
                continue;
        /* new data preceding registered region */
        if (end <= reg->data) {
                for (j = regs->num - 1; j >= i; j--)
                        memcpy(&regs->reg[j + 1], &regs->reg[j],
                               sizeof(*reg));
                break;
        }
        /* new data overlapping registered region */
        EFI_PRINT("%s: new region already part of another\n", __func__);
        return EFI_INVALID_PARAMETER;
}
reg = &regs->reg[i];
reg->data = start;
reg->size = end - start;
regs->num++;
return EFI_SUCCESS;
+}

/**

cmp_pe_section() - compare virtual addresses of two PE image sections

@arg1: pointer to pointer to first section header

@@ -422,6 +483,7 @@ err: return false; }

+#ifdef CONFIG_EFI_SECURE_BOOT /**

efi_image_unsigned_authenticate() - authenticate unsigned image with

SHA256 hash

diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c index c7ec275414..bdd09881fc 100644 --- a/lib/efi_loader/efi_signature.c +++ b/lib/efi_loader/efi_signature.c @@ -15,18 +15,16 @@ #include <crypto/public_key.h> #include <linux/compat.h> #include <linux/oid_registry.h> +#include <u-boot/hash-checksum.h> #include <u-boot/rsa.h> #include <u-boot/sha256.h>

-const efi_guid_t efi_guid_image_security_database =
        EFI_IMAGE_SECURITY_DATABASE_GUID;
const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID; const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID; const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID; const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID; const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
-#if defined(CONFIG_EFI_SECURE_BOOT) || defined(CONFIG_EFI_CAPSULE_AUTHENTICATE) static u8 pkcs7_hdr[] = { /* SEQUENCE */ 0x30, 0x82, 0x05, 0xc7, @@ -539,68 +537,6 @@ out: return !revoked; }

-/**

efi_image_region_add() - add an entry of region

@regs: Pointer to array of regions

@start: Start address of region (included)

@end: End address of region (excluded)

@nocheck: flag against overlapped regions

Take one entry of region [@start, @end[ and insert it into the list.

If @nocheck is false, the list will be sorted ascending by address.

Overlapping entries will not be allowed.

If @nocheck is true, the list will be sorted ascending by sequence

of adding the entries. Overlapping is allowed.

Return: status code

*/

-efi_status_t efi_image_region_add(struct efi_image_regions *regs,
                          const void *start, const void *end,
                          int nocheck)
-{
struct image_region *reg;
int i, j;
if (regs->num >= regs->max) {
        EFI_PRINT("%s: no more room for regions\n", __func__);
        return EFI_OUT_OF_RESOURCES;
}
if (end < start)
        return EFI_INVALID_PARAMETER;
for (i = 0; i < regs->num; i++) {
        reg = &regs->reg[i];
        if (nocheck)
                continue;
        /* new data after registered region */
        if (start >= reg->data + reg->size)
                continue;
        /* new data preceding registered region */
        if (end <= reg->data) {
                for (j = regs->num - 1; j >= i; j--)
                        memcpy(&regs->reg[j + 1], &regs->reg[j],
                               sizeof(*reg));
                break;
        }
        /* new data overlapping registered region */
        EFI_PRINT("%s: new region already part of another\n", __func__);
        return EFI_INVALID_PARAMETER;
}
reg = &regs->reg[i];
reg->data = start;
reg->size = end - start;
regs->num++;
return EFI_SUCCESS;
-}

/**

efi_sigstore_free - free signature store

@sigstore: Pointer to signature store structure

@@ -846,4 +782,3 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
  return efi_build_signature_store(db, db_size);
} -#endif /* CONFIG_EFI_SECURE_BOOT || CONFIG_EFI_CAPSULE_AUTHENTICATE */ diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c index b11ed91a74..83479dd142 100644 --- a/lib/efi_loader/efi_var_common.c +++ b/lib/efi_loader/efi_var_common.c @@ -24,6 +24,9 @@ struct efi_auth_var_name_type { const enum efi_auth_var_type type; };

+const efi_guid_t efi_guid_image_security_database =
        EFI_IMAGE_SECURITY_DATABASE_GUID;
static const struct efi_auth_var_name_type name_type[] = { {u"PK", &efi_global_variable_guid, EFI_AUTH_VAR_PK}, {u"KEK", &efi_global_variable_guid, EFI_AUTH_VAR_KEK},

Masahisa Kojima

13 May 13 May

4:48 p.m.

New subject: [PATCH v7 3/3] efi_loader: add PE/COFF image measurement

"TCG PC Client Platform Firmware Profile Specification" requires to measure every attempt to load and execute a OS Loader(a UEFI application) into PCR[4]. This commit adds the PE/COFF image measurement, extends PCR, and appends measurement into Event Log.

Acked-by: Ilias Apalodimas ilias.apalodimas@linaro.org Tested-by: Ilias Apalodimas ilias.apalodimas@linaro.org Signed-off-by: Masahisa Kojima masahisa.kojima@linaro.org ---

Changes in v7: - include hash-checksum.h instead of rsa.h - select HASH_CALCULATE in Kconfig, not to update lib/Makefile - rebased the base code

Changes in v6: - update lib/Makefile to add hash-checksum.c as a compilation target

(no changes since v2)

Changes in v2: - Remove duplicate <efi.h> include - Remove unnecessary __packed attribute - Add all EV_EFI_* event definition - Create common function to prepare 8-byte aligned image - Add measurement for EV_EFI_BOOT_SERVICES_DRIVER and EV_EFI_RUNTIME_SERVICES_DRIVER - Use efi_search_protocol() to get device_path - Add function comment

diff --git a/include/efi_loader.h b/include/efi_loader.h index de1a496a97..9f2854a255 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -426,6 +426,10 @@ efi_status_t efi_disk_register(void); efi_status_t efi_rng_register(void); /* Called by efi_init_obj_list() to install EFI_TCG2_PROTOCOL */ efi_status_t efi_tcg2_register(void); +/* measure the pe-coff image, extend PCR and add Event Log */ +efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size, + struct efi_loaded_image_obj *handle, + struct efi_loaded_image *loaded_image_info); /* Create handles and protocols for the partitions of a block device */ int efi_disk_create_partitions(efi_handle_t parent, struct blk_desc *desc, const char *if_typename, int diskid, @@ -847,6 +851,8 @@ bool efi_secure_boot_enabled(void);

bool efi_capsule_auth_enabled(void);

+void *efi_prepare_aligned_image(void *efi, u64 *efi_size, void **new_efi); + bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, WIN_CERTIFICATE **auth, size_t *auth_len);

diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index 40e241ce31..bcfb98168a 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -9,6 +9,7 @@ #if !defined _EFI_TCG2_PROTOCOL_H_ #define _EFI_TCG2_PROTOCOL_H_

+#include <efi_api.h> #include <tpm-v2.h>

#define EFI_TCG2_PROTOCOL_GUID \ @@ -53,6 +54,14 @@ struct efi_tcg2_event { u8 event[]; } __packed;

+struct uefi_image_load_event { + efi_physical_addr_t image_location_in_memory; + u64 image_length_in_memory; + u64 image_link_time_address; + u64 length_of_device_path; + struct efi_device_path device_path[]; +}; + struct efi_tcg2_boot_service_capability { u8 size; struct efi_tcg2_version structure_version; diff --git a/include/tpm-v2.h b/include/tpm-v2.h index 7de7d6a57d..247b386967 100644 --- a/include/tpm-v2.h +++ b/include/tpm-v2.h @@ -70,6 +70,24 @@ struct udevice; #define EV_TABLE_OF_DEVICES ((u32)0x0000000B) #define EV_COMPACT_HASH ((u32)0x0000000C)

+/* + * event types, cf. + * "TCG PC Client Platform Firmware Profile Specification", Family "2.0" + * rev 1.04, June 3, 2019 + */ +#define EV_EFI_EVENT_BASE ((u32)0x80000000) +#define EV_EFI_VARIABLE_DRIVER_CONFIG ((u32)0x80000001) +#define EV_EFI_VARIABLE_BOOT ((u32)0x80000002) +#define EV_EFI_BOOT_SERVICES_APPLICATION ((u32)0x80000003) +#define EV_EFI_BOOT_SERVICES_DRIVER ((u32)0x80000004) +#define EV_EFI_RUNTIME_SERVICES_DRIVER ((u32)0x80000005) +#define EV_EFI_GPT_EVENT ((u32)0x80000006) +#define EV_EFI_ACTION ((u32)0x80000007) +#define EV_EFI_PLATFORM_FIRMWARE_BLOB ((u32)0x80000008) +#define EV_EFI_HANDOFF_TABLES ((u32)0x80000009) +#define EV_EFI_HCRTM_EVENT ((u32)0x80000010) +#define EV_EFI_VARIABLE_AUTHORITY ((u32)0x800000E0) + /* TPMS_TAGGED_PROPERTY Structure */ struct tpms_tagged_property { u32 property; diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index dff85cea26..312cc8cbbf 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -309,6 +309,7 @@ config EFI_TCG2_PROTOCOL select SHA512_ALGO select SHA384 select SHA512 + select HASH_CALCULATE help Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware of the platform. diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index fe1ee198e2..f37a85e56e 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -302,6 +302,40 @@ static int cmp_pe_section(const void *arg1, const void *arg2) return 1; }

+/** + * efi_prepare_aligned_image() - prepare 8-byte aligned image + * @efi: pointer to the EFI binary + * @efi_size: size of @efi binary + * @new_efi: pointer to the newly allocated image + * + * If @efi is not 8-byte aligned, this function newly allocates + * the image buffer and updates @efi_size. + * + * Return: valid pointer to a image, return NULL if allocation fails. + */ +void *efi_prepare_aligned_image(void *efi, u64 *efi_size, void **new_efi) +{ + size_t new_efi_size; + void *p; + + /* + * Size must be 8-byte aligned and the trailing bytes must be + * zero'ed. Otherwise hash value may be incorrect. + */ + if (!IS_ALIGNED(*efi_size, 8)) { + new_efi_size = ALIGN(*efi_size, 8); + p = calloc(new_efi_size, 1); + if (!p) + return NULL; + memcpy(p, efi, *efi_size); + *efi_size = new_efi_size; + *new_efi = p; + return p; + } else { + return efi; + } +} + /** * efi_image_parse() - parse a PE image * @efi: Pointer to image @@ -561,7 +595,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) struct efi_signature_store *db = NULL, *dbx = NULL; void *new_efi = NULL; u8 *auth, *wincerts_end; - size_t new_efi_size, auth_size; + size_t auth_size; bool ret = false;

EFI_PRINT("%s: Enter, %d\n", __func__, ret); @@ -569,19 +603,9 @@ static bool efi_image_authenticate(void *efi, size_t efi_size) if (!efi_secure_boot_enabled()) return true;

- /* - * Size must be 8-byte aligned and the trailing bytes must be - * zero'ed. Otherwise hash value may be incorrect. - */ - if (efi_size & 0x7) { - new_efi_size = (efi_size + 0x7) & ~0x7ULL; - new_efi = calloc(new_efi_size, 1); - if (!new_efi) - return false; - memcpy(new_efi, efi, efi_size); - efi = new_efi; - efi_size = new_efi_size; - } + efi = efi_prepare_aligned_image(efi, (u64 *)&efi_size, &new_efi); + if (!efi) + return false;

if (!efi_image_parse(efi, efi_size, &regs, &wincerts, &wincerts_len)) { @@ -891,6 +915,13 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle, goto err; }

+#if CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL) + /* Measure an PE/COFF image */ + if (tcg2_measure_pe_image(efi, efi_size, handle, + loaded_image_info)) + log_err("PE image measurement failed\n"); +#endif + /* Copy PE headers */ memcpy(efi_reloc, efi, sizeof(*dos) diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index c8616bf31e..316eaf572b 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -13,8 +13,10 @@ #include <efi_loader.h> #include <efi_tcg2.h> #include <log.h> +#include <malloc.h> #include <version.h> #include <tpm-v2.h> +#include <u-boot/hash-checksum.h> #include <u-boot/sha1.h> #include <u-boot/sha256.h> #include <u-boot/sha512.h> @@ -706,6 +708,183 @@ out: return EFI_EXIT(ret); }

+/** + * tcg2_hash_pe_image() - calculate PE/COFF image hash + * + * @efi: pointer to the EFI binary + * @efi_size: size of @efi binary + * @digest_list: list of digest algorithms to extend + * + * Return: status code + */ +static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size, + struct tpml_digest_values *digest_list) +{ + WIN_CERTIFICATE *wincerts = NULL; + size_t wincerts_len; + struct efi_image_regions *regs = NULL; + void *new_efi = NULL; + u8 hash[TPM2_SHA512_DIGEST_SIZE]; + efi_status_t ret; + u32 active; + int i; + + efi = efi_prepare_aligned_image(efi, &efi_size, &new_efi); + if (!efi) + return EFI_OUT_OF_RESOURCES; + + if (!efi_image_parse(efi, efi_size, &regs, &wincerts, + &wincerts_len)) { + log_err("Parsing PE executable image failed\n"); + ret = EFI_INVALID_PARAMETER; + goto out; + } + + ret = __get_active_pcr_banks(&active); + if (ret != EFI_SUCCESS) { + ret = EFI_DEVICE_ERROR; + goto out; + } + + digest_list->count = 0; + for (i = 0; i < MAX_HASH_COUNT; i++) { + u16 hash_alg = hash_algo_list[i].hash_alg; + + if (!(active & alg_to_mask(hash_alg))) + continue; + switch (hash_alg) { + case TPM2_ALG_SHA1: + hash_calculate("sha1", regs->reg, regs->num, hash); + break; + case TPM2_ALG_SHA256: + hash_calculate("sha256", regs->reg, regs->num, hash); + break; + case TPM2_ALG_SHA384: + hash_calculate("sha384", regs->reg, regs->num, hash); + break; + case TPM2_ALG_SHA512: + hash_calculate("sha512", regs->reg, regs->num, hash); + break; + default: + EFI_PRINT("Unsupported algorithm %x\n", hash_alg); + return EFI_INVALID_PARAMETER; + } + digest_list->digests[i].hash_alg = hash_alg; + memcpy(&digest_list->digests[i].digest, hash, (u32)alg_to_len(hash_alg)); + digest_list->count++; + } + +out: + free(new_efi); + free(regs); + + return ret; +} + +/** + * tcg2_measure_pe_image() - measure PE/COFF image + * + * @efi: pointer to the EFI binary + * @efi_size: size of @efi binary + * @handle: loaded image handle + * @loaded_image: loaded image protocol + * + * Return: status code + */ +efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size, + struct efi_loaded_image_obj *handle, + struct efi_loaded_image *loaded_image) +{ + struct tpml_digest_values digest_list; + efi_status_t ret; + struct udevice *dev; + u32 pcr_index, event_type, event_size; + struct uefi_image_load_event *image_load_event; + struct efi_device_path *device_path; + u32 device_path_length; + IMAGE_DOS_HEADER *dos; + IMAGE_NT_HEADERS32 *nt; + struct efi_handler *handler; + + ret = platform_get_tpm2_device(&dev); + if (ret != EFI_SUCCESS) + return ret; + + switch (handle->image_type) { + case IMAGE_SUBSYSTEM_EFI_APPLICATION: + pcr_index = 4; + event_type = EV_EFI_BOOT_SERVICES_APPLICATION; + break; + case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER: + pcr_index = 2; + event_type = EV_EFI_BOOT_SERVICES_DRIVER; + break; + case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER: + pcr_index = 2; + event_type = EV_EFI_RUNTIME_SERVICES_DRIVER; + break; + default: + return EFI_UNSUPPORTED; + } + + ret = tcg2_hash_pe_image(efi, efi_size, &digest_list); + if (ret != EFI_SUCCESS) + return ret; + + ret = tcg2_pcr_extend(dev, pcr_index, &digest_list); + if (ret != EFI_SUCCESS) + return ret; + + ret = EFI_CALL(efi_search_protocol(&handle->header, + &efi_guid_loaded_image_device_path, + &handler)); + if (ret != EFI_SUCCESS) + return ret; + + device_path = EFI_CALL(handler->protocol_interface); + device_path_length = efi_dp_size(device_path); + if (device_path_length > 0) { + /* add end node size */ + device_path_length += sizeof(struct efi_device_path); + } + event_size = sizeof(struct uefi_image_load_event) + device_path_length; + image_load_event = (struct uefi_image_load_event *)malloc(event_size); + if (!image_load_event) + return EFI_OUT_OF_RESOURCES; + + image_load_event->image_location_in_memory = (efi_physical_addr_t)efi; + image_load_event->image_length_in_memory = efi_size; + image_load_event->length_of_device_path = device_path_length; + + dos = (IMAGE_DOS_HEADER *)efi; + nt = (IMAGE_NT_HEADERS32 *)(efi + dos->e_lfanew); + if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) { + IMAGE_NT_HEADERS64 *nt64 = (IMAGE_NT_HEADERS64 *)nt; + + image_load_event->image_link_time_address = + nt64->OptionalHeader.ImageBase; + } else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + image_load_event->image_link_time_address = + nt->OptionalHeader.ImageBase; + } else { + ret = EFI_INVALID_PARAMETER; + goto out; + } + + if (device_path_length > 0) { + memcpy(image_load_event->device_path, device_path, + device_path_length); + } + + ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list, + event_size, (u8 *)image_load_event); + +out: + free(image_load_event); + + return ret; +} + /** * efi_tcg2_hash_log_extend_event() - extend and optionally log events * @@ -758,24 +937,32 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags, /* * if PE_COFF_IMAGE is set we need to make sure the image is not * corrupted, verify it and hash the PE/COFF image in accordance with - * the procedure specified in "Calculating the PE Image Hash" - * section of the "Windows Authenticode Portable Executable Signature + * the procedure specified in "Calculating the PE Image Hash" + * section of the "Windows Authenticode Portable Executable Signature * Format" - * Not supported for now */ if (flags & PE_COFF_IMAGE) { - ret = EFI_UNSUPPORTED; - goto out; - } + IMAGE_NT_HEADERS32 *nt;

- pcr_index = efi_tcg_event->header.pcr_index; - event_type = efi_tcg_event->header.event_type; + ret = efi_check_pe((void *)data_to_hash, data_to_hash_len, + (void **)&nt); + if (ret != EFI_SUCCESS) { + log_err("Not a valid PE-COFF file\n"); + goto out; + } + ret = tcg2_hash_pe_image((void *)data_to_hash, data_to_hash_len, + &digest_list); + } else { + ret = tcg2_create_digest((u8 *)(uintptr_t)data_to_hash, + data_to_hash_len, &digest_list); + }

- ret = tcg2_create_digest((u8 *)(uintptr_t)data_to_hash, - data_to_hash_len, &digest_list); if (ret != EFI_SUCCESS) goto out;

+ pcr_index = efi_tcg_event->header.pcr_index; + event_type = efi_tcg_event->header.event_type; + ret = tcg2_pcr_extend(dev, pcr_index, &digest_list); if (ret != EFI_SUCCESS) goto out;

-- 2.17.1

1455

Age (days ago)

1456

Last active (days ago)

List overview

Download

7 comments

2 participants

tags (0)

participants (2)

Heinrich Schuchardt
Masahisa Kojima