sd-stub: drop any support for TPM 1.2

TPM 1.2 is obsolete, and doesn't really provide much security guarantees given it's build around SHA1 which is not up to today's standards. The rest of systemd's TPM codebase never supported TPM 1.2 hence let's drop this partial support in sd-stub too. It has created problems after all (sd-stub reported the measuements and userspace assumed these were for TPM2), without bringing any benefits (given that the measurements we make are not consumed by us anyway, unlike those for TPM 2.0) let's cut off this old support.
2024-07-22 18:55:10 +00:00 · 2024-02-23 10:52:16 +01:00 · 2024-02-23 10:52:16 +01:00 · 13fc754dc3
parent d0a337bb72
commit 13fc754dc3
3 changed files with 16 additions and 114 deletions
--- a/7
+++ b/7
@ -26,6 +26,13 @@ CHANGES WITH 256 in spe:
          a private VLAN variant of the proxy ARP supported by the kernel
          under the name IPv4ProxyARPPrivateVLAN=.

+        * TPM 1.2 PCR measurement support has been removed from
+          systemd-stub. TPM 1.2 is obsolete and — due to the (by today's
+          standards) weak cryptographic algorithms it only supports — does not
+          actually provide the security benefits it's supposed to
+          provide. Given that the rest of systemd's codebase never supported
+          TPM 1.2 the support has now been removed from systemd-stub as well.
+
 CHANGES WITH 255:

        Announcements of Future Feature Removals and Incompatible Changes:
--- a/src/boot/efi/measure.c
+++ b/src/boot/efi/measure.c
@ -10,39 +10,6 @@
 #include "tpm2-pcr.h"
 #include "util.h"

-static EFI_STATUS tpm1_measure_to_pcr_and_event_log(
-                const EFI_TCG_PROTOCOL *tcg,
-                uint32_t pcrindex,
-                EFI_PHYSICAL_ADDRESS buffer,
-                size_t buffer_size,
-                const char16_t *description) {
-
-        _cleanup_free_ TCG_PCR_EVENT *tcg_event = NULL;
-        EFI_PHYSICAL_ADDRESS event_log_last;
-        uint32_t event_number = 1;
-        size_t desc_len;
-
-        assert(tcg);
-        assert(description);
-
-        desc_len = strsize16(description);
-        tcg_event = xmalloc(offsetof(TCG_PCR_EVENT, Event) + desc_len);
-        *tcg_event = (TCG_PCR_EVENT) {
-                .EventSize = desc_len,
-                .PCRIndex = pcrindex,
-                .EventType = EV_IPL,
-        };
-        memcpy(tcg_event->Event, description, desc_len);
-
-        return tcg->HashLogExtendEvent(
-                        (EFI_TCG_PROTOCOL *) tcg,
-                        buffer, buffer_size,
-                        TCG_ALG_SHA,
-                        tcg_event,
-                        &event_number,
-                        &event_log_last);
-}
-
 static EFI_STATUS tpm2_measure_to_pcr_and_tagged_event_log(
                EFI_TCG2_PROTOCOL *tcg,
                uint32_t pcrindex,
@ -187,37 +154,6 @@ static EFI_CC_MEASUREMENT_PROTOCOL *cc_interface_check(void) {
        return cc;
 }

-static EFI_TCG_PROTOCOL *tcg1_interface_check(void) {
-        EFI_PHYSICAL_ADDRESS event_log_location, event_log_last_entry;
-        EFI_TCG_BOOT_SERVICE_CAPABILITY capability = {
-                .Size = sizeof(capability),
-        };
-        EFI_STATUS err;
-        uint32_t features;
-        EFI_TCG_PROTOCOL *tcg;
-
-        err = BS->LocateProtocol(MAKE_GUID_PTR(EFI_TCG_PROTOCOL), NULL, (void **) &tcg);
-        if (err != EFI_SUCCESS)
-                return NULL;
-
-        err = tcg->StatusCheck(
-                        tcg,
-                        &capability,
-                        &features,
-                        &event_log_location,
-                        &event_log_last_entry);
-        if (err != EFI_SUCCESS)
-                return NULL;
-
-        if (capability.TPMDeactivatedFlag)
-                return NULL;
-
-        if (!capability.TPMPresentFlag)
-                return NULL;
-
-        return tcg;
-}
-
 static EFI_TCG2_PROTOCOL *tcg2_interface_check(void) {
        EFI_TCG2_BOOT_SERVICE_CAPABILITY capability = {
                .Size = sizeof(capability),
@ -248,7 +184,7 @@ static EFI_TCG2_PROTOCOL *tcg2_interface_check(void) {
 }

 bool tpm_present(void) {
-        return tcg2_interface_check() || tcg1_interface_check();
+        return tcg2_interface_check();
 }

 EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
@ -271,25 +207,18 @@ EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t
        if (tpm2)
                err = tpm2_measure_to_pcr_and_event_log(tpm2, pcrindex, buffer, buffer_size, description);
        else {
-                EFI_TCG_PROTOCOL *tpm1;
+                EFI_CC_MEASUREMENT_PROTOCOL *cc;

-                tpm1 = tcg1_interface_check();
-                if (tpm1)
-                        err = tpm1_measure_to_pcr_and_event_log(tpm1, pcrindex, buffer, buffer_size, description);
+                cc = cc_interface_check();
+                if (cc)
+                        err = cc_measure_to_mr_and_event_log(cc, pcrindex, buffer, buffer_size, description);
                else {
-                        EFI_CC_MEASUREMENT_PROTOCOL *cc;
+                        /* No active TPM found, so don't return an error */

-                        cc = cc_interface_check();
-                        if (cc)
-                                err = cc_measure_to_mr_and_event_log(cc, pcrindex, buffer, buffer_size, description);
-                        else {
-                                /* No active TPM found, so don't return an error */
+                        if (ret_measured)
+                                *ret_measured = false;

-                                if (ret_measured)
-                                        *ret_measured = false;
-
-                                return EFI_SUCCESS;
-                        }
+                        return EFI_SUCCESS;
                }
        }

--- a/src/boot/efi/proto/tcg.h
+++ b/src/boot/efi/proto/tcg.h
@ -3,12 +3,9 @@

 #include "efi.h"

-#define EFI_TCG_PROTOCOL_GUID \
-        GUID_DEF(0xf541796d, 0xa62e, 0x4954, 0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd)
 #define EFI_TCG2_PROTOCOL_GUID \
        GUID_DEF(0x607f766c, 0x7455, 0x42be, 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f)

-#define TCG_ALG_SHA 0x4
 #define EFI_TCG2_EVENT_HEADER_VERSION 1
 #define EV_IPL 13
 #define EV_EVENT_TAG UINT32_C(6)
@ -48,16 +45,6 @@ typedef struct {
        uint32_t ActivePcrBanks;
 } EFI_TCG2_BOOT_SERVICE_CAPABILITY;

-typedef struct {
-        uint32_t PCRIndex;
-        uint32_t EventType;
-        struct {
-                uint8_t Digest[20];
-        } Digest;
-        uint32_t EventSize;
-        uint8_t Event[];
-} _packed_ TCG_PCR_EVENT;
-
 typedef struct {
        uint32_t HeaderSize;
        uint16_t HeaderVersion;
@ -77,27 +64,6 @@ typedef struct {
        uint8_t Event[];
 } _packed_ EFI_TCG2_TAGGED_EVENT;

-typedef struct EFI_TCG_PROTOCOL EFI_TCG_PROTOCOL;
-struct EFI_TCG_PROTOCOL {
-        EFI_STATUS (EFIAPI *StatusCheck)(
-                        EFI_TCG_PROTOCOL *This,
-                        EFI_TCG_BOOT_SERVICE_CAPABILITY *ProtocolCapability,
-                        uint32_t *TCGFeatureFlags,
-                        EFI_PHYSICAL_ADDRESS *EventLogLocation,
-                        EFI_PHYSICAL_ADDRESS *EventLogLastEntry);
-        void *HashAll;
-        void *LogEvent;
-        void *PassThroughToTpm;
-        EFI_STATUS (EFIAPI *HashLogExtendEvent)(
-                        EFI_TCG_PROTOCOL *This,
-                        EFI_PHYSICAL_ADDRESS HashData,
-                        uint64_t HashDataLen,
-                        uint32_t AlgorithmId,
-                        TCG_PCR_EVENT *TCGLogData,
-                        uint32_t *EventNumber,
-                        EFI_PHYSICAL_ADDRESS *EventLogLastEntry);
-};
-
 typedef struct EFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL;
 struct EFI_TCG2_PROTOCOL {
        EFI_STATUS (EFIAPI *GetCapability)(