[SeaBIOS] [PATCH v3 7/7] tpm: Append to TPM2 log the hashes used for PCR extension
Stefan Berger
stefanb at linux.vnet.ibm.com
Fri Aug 5 17:07:14 CEST 2016
Modify the function that writes the TPM logs to take a tpml_digest_values
structure and its length as an additional parameter and write this
structure's contents into the log.
Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
---
src/std/tcg.h | 6 ++++--
src/tcgbios.c | 59 +++++++++++++++++++++++++++++++++++------------------------
2 files changed, 39 insertions(+), 26 deletions(-)
diff --git a/src/std/tcg.h b/src/std/tcg.h
index eff0890..f502de4 100644
--- a/src/std/tcg.h
+++ b/src/std/tcg.h
@@ -533,10 +533,12 @@ struct tpml_digest_values_sha1 {
u8 sha1[SHA1_BUFSIZE];
} PACKED;
-struct tcg_pcr_event2_sha1 {
+struct tcg_pcr_event2_data {
u32 pcrindex;
u32 eventtype;
- struct tpml_digest_values_sha1 digest;
+ /* missing here is the variable size
+ struct tpml_digest_values digests[];
+ */
u32 eventdatasize;
u8 event[0];
} PACKED;
diff --git a/src/tcgbios.c b/src/tcgbios.c
index b468867..18050d0 100644
--- a/src/tcgbios.c
+++ b/src/tcgbios.c
@@ -153,8 +153,9 @@ tpm_tcpa_probe(void)
* Returns an error code in case of faiure, 0 in case of success
*/
static int
-tpm_log_event(struct tcg_pcr_event2_sha1 *entry, const void *event
- , TPMVersion tpm_version)
+tpm_log_event(struct tcg_pcr_event2_data *entry,
+ struct tpml_digest_values *tdv, int tdv_len,
+ const void *event, TPMVersion tpm_version)
{
dprintf(DEBUG_tcg, "TCGBIOS: LASA = %p, next entry = %p\n",
tpm_state.log_area_start_address, tpm_state.log_area_next_entry);
@@ -162,7 +163,7 @@ tpm_log_event(struct tcg_pcr_event2_sha1 *entry, const void *event
if (tpm_state.log_area_next_entry == NULL)
return -1;
- u32 size = sizeof(*entry) + entry->eventdatasize;
+ u32 size = sizeof(*entry) + tdv_len + entry->eventdatasize;
u32 logsize = (tpm_state.log_area_next_entry + size
- tpm_state.log_area_start_address);
if (logsize > tpm_state.log_area_minimum_length) {
@@ -175,15 +176,26 @@ tpm_log_event(struct tcg_pcr_event2_sha1 *entry, const void *event
struct pcpes *pcpes = (void*)tpm_state.log_area_next_entry;
pcpes->pcrindex = entry->pcrindex;
pcpes->eventtype = entry->eventtype;
- memcpy(pcpes->digest, entry->digest.sha1, sizeof(pcpes->digest));
+ memcpy(pcpes->digest, tdv->digest[0].hash, sizeof(pcpes->digest));
pcpes->eventdatasize = entry->eventdatasize;
memcpy(pcpes->event, event, entry->eventdatasize);
size = sizeof(*pcpes) + entry->eventdatasize;
break;
case TPM_VERSION_2: ;
- struct tcg_pcr_event2_sha1 *e = (void*)tpm_state.log_area_next_entry;
- memcpy(e, entry, sizeof(*e));
- memcpy(e->event, event, entry->eventdatasize);
+ u8 *dest = tpm_state.log_area_next_entry;
+
+ unsigned int offset = offsetof(struct tcg_pcr_event2_data,
+ eventdatasize);
+ memcpy(dest, entry, offset);
+
+ memcpy(&dest[offset], tdv, tdv_len);
+ offset += tdv_len;
+
+ u32 *eventdatasize = (u32 *)&dest[offset];
+ *eventdatasize = entry->eventdatasize;
+ offset += sizeof(entry->eventdatasize);
+
+ memcpy(&dest[offset], event, entry->eventdatasize);
break;
}
@@ -287,11 +299,18 @@ tpm_log_init(void)
ret = tpm20_write_EfiSpecIdEventStruct(buf, sizeof(buf));
if (ret < 0)
return;
- struct tcg_pcr_event2_sha1 entry = {
+ struct tcg_pcr_event2_data entry = {
.eventtype = EV_NO_ACTION,
.eventdatasize = ret,
};
- tpm_log_event(&entry, buf, TPM_VERSION_1_2);
+ struct tpml_digest_values_sha1 tdvs = {
+ .count = 1,
+ .hashtype = TPM2_ALG_SHA1,
+ .sha1 = {0, },
+ };
+ struct tpml_digest_values *tdv = (struct tpml_digest_values *)&tdvs;
+
+ tpm_log_event(&entry, tdv, sizeof(tdvs), buf, TPM_VERSION_1_2);
}
}
@@ -763,21 +782,18 @@ tpm_add_measurement_to_log(u32 pcrindex, u32 event_type,
if (!tpm_is_working())
return;
- struct tcg_pcr_event2_sha1 entry = {
+ u8 digest[SHA1_BUFSIZE];
+ struct tcg_pcr_event2_data entry = {
.pcrindex = pcrindex,
.eventtype = event_type,
.eventdatasize = event_length,
- .digest = {
- .count = 1,
- .hashtype = TPM2_ALG_SHA1,
- }
};
- sha1(hashdata, hashdata_length, entry.digest.sha1);
+ sha1(hashdata, hashdata_length, digest);
u8 buffer[MAX_TPML_DIGEST_VALUES_SIZE];
int tdv_len = tpm_write_tpml_digest_values(buffer, sizeof(buffer),
- entry.digest.sha1, TPM2_ALG_SHA1);
+ digest, TPM2_ALG_SHA1);
if (tdv_len < 0)
return;
@@ -787,7 +803,7 @@ tpm_add_measurement_to_log(u32 pcrindex, u32 event_type,
tpm_set_failure();
return;
}
- tpm_log_event(&entry, event, TPM_version);
+ tpm_log_event(&entry, tdv, tdv_len, event, TPM_version);
}
@@ -1325,17 +1341,12 @@ hash_log_extend(struct pcpes *pcpes, const void *hashdata, u32 hashdata_length
if (ret)
return TCG_TCG_COMMAND_ERROR;
}
- struct tcg_pcr_event2_sha1 entry = {
+ struct tcg_pcr_event2_data entry = {
.pcrindex = pcpes->pcrindex,
.eventtype = pcpes->eventtype,
.eventdatasize = pcpes->eventdatasize,
- .digest = {
- .count = 1,
- .hashtype = TPM2_ALG_SHA1,
- }
};
- memcpy(entry.digest.sha1, pcpes->digest, sizeof(entry.digest.sha1));
- int ret = tpm_log_event(&entry, pcpes->event, TPM_version);
+ int ret = tpm_log_event(&entry, tdv, tdv_len, pcpes->event, TPM_version);
if (ret)
return TCG_PC_LOGOVERFLOW;
return 0;
--
2.5.5
More information about the SeaBIOS
mailing list