[SeaBIOS] [PATCH v8 5/8] Add 'measurement' code to the BIOS
Kevin O'Connor
kevin at koconnor.net
Tue Aug 26 16:49:34 CEST 2014
On Wed, Jul 02, 2014 at 11:38:49AM -0400, Stefan Berger wrote:
> This patch adds invocactions of functions that measure various parts of the
> code and data through various parts of the BIOS code. It follows TCG
> specifications on what needs to be measured. It also adds the implementation
> of the called functions.
>
> Reference for what needs to be measured can be found in section 3.2.2++ in
>
> http://www.trustedcomputinggroup.org/resources/pc_client_work_group_specific_implementation_specification_for_conventional_bios_specification_version_12
>
>
> The first measurements are done once the ACPI tables have been initialized.
>
> Once booted into Linux, the current measurements produce the following logs
> which can be found in /sys/kernel/security/tpm0/ascii_bios_measurements.
> The below log also shows measurements from trusted grub.
>
> 1 3fb240d2a04085a4e84f81e4398e070ed5a18163 06 [SMBIOS]
> 2 cc812353fc277c1fab99e0b721752a1392984566 06 [Option ROM]
> 2 9dbd87163112e5670378abe4510491259a61f411 05 [Start Option ROM Scan]
> 2 6f74e357331b8dee11bbad85f27bc66cb873106c 06 [Option ROM]
> 2 5626eb7ac05c7231e46d7461e7d3839b03ae9fad 06 [Option ROM]
> 4 c1e25c3f6b0dc78d57296aa2870ca6f782ccf80f 05 [Calling INT 19h]
> 0 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
> 1 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
> 2 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
> 3 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
> 4 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
> 5 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
> 6 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
> 7 d9be6524a5f5047db5866813acf3277892a7a30a 04 []
> 4 8cf2fe6c87d4d0b2998a43da630292e6d85ee8b6 05 [Booting BCV device 80h (HDD)]
> 4 5dff94459a3e2d13a433ef94afdc306144565bf7 0d [IPL]
> 5 d1b33afde65ad47502332af957c60f20c84c1edc 0e [IPL Partition Data]
> 4 487ce764b527ccad17f1d04243d0136fa981e6c4 0d [IPL]
> 4 91d285e4dead566324c8938a3cc75803f462d9a1 0d [IPL]
> 4 8ba79ac98bb491524fef29defc724daaf6263d35 0d [IPL]
> 4 c591c15b82e4ff30e7383a4ff1ef3b41b38521ac 06 []
> 4 8cdc27ec545eda33fbba1e8b8dae4da5c7206972 04 [Grub Event Separator]
> 5 8cdc27ec545eda33fbba1e8b8dae4da5c7206972 04 [Grub Event Separator]
> 5 e8673b9e14b02dc12d8ccfd0176bca7a3de7fc3c 0e [IPL Partition Data]
> 5 0163e375a0af7525c5dac1a8e74b277359e40d1d 1105 []
> 8 4be30f67c3d48ab7f04d9c0fd07f06d4c68379be 1205 []
> 8 54c83965978de9708d026016ecb0e70660e04388 1305 []
> 5 2431ed60130faeaf3a045f21963f71cacd46a029 04 [OS Event Separator]
> 8 2431ed60130faeaf3a045f21963f71cacd46a029 04 [OS Event Separator]
> 8 f3973cae05d6e2055062119d6e6e1e077b7df876 1005 []
>
> v5:
> - call code for measuring CDROM boot sector
>
> v4:
> - return TCG_GENERAL_ERROR if ! has_working_tpm()
>
> v2:
> - dropping call to tcpa_measure_post
> - converting tcpa_option_rom and tcpa_ipl functions to get pointers
> rather than segments passed
> - introduce public get_smbios_entry_point() function and use it
> rather than searching for the entry point
> - use dprintf(DEBUG_tcg, ...)
>
>
> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
> ---
> src/boot.c | 11 ++
> src/cdrom.c | 10 ++
> src/optionroms.c | 4 +
> src/post.c | 4 +
> src/tcgbios.c | 359 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> src/tcgbios.h | 8 ++
> 6 files changed, 396 insertions(+)
>
> diff --git a/src/boot.c b/src/boot.c
> index f36f3d6..91edf9c 100644
> --- a/src/boot.c
> +++ b/src/boot.c
> @@ -624,6 +624,10 @@ boot_disk(u8 bootdrv, int checksig)
> }
> }
>
> + tcpa_add_bootdevice(0, bootdrv);
> + /* specs: 8.2.3 steps 4 and 5 */
> + tcpa_ipl(IPL_BCV, MAKE_FLATPTR(bootseg, 0), 512);
Minor quibble, but these repeated tcpa calls should be compacted into
a single call to minimize the impact to the main bios code.
-Kevin
More information about the SeaBIOS
mailing list