uefi: emphasize a bit that EV_IPL event logs is the past, EV_EVENT_TAG the future

src/boot/efi/cpio.c

@@ -430,7 +430,7 @@ EFI_STATUS pack_cpio(
         if (err != EFI_SUCCESS)
                 return log_error_status(err, "Failed to pack cpio trailer: %m");
 
-        err = tpm_log_event(
+        err = tpm_log_ipl_event(
                         tpm_pcr, POINTER_TO_PHYSICAL_ADDRESS(buffer), buffer_size, tpm_description, ret_measured);
         if (err != EFI_SUCCESS)
                 return log_error_status(
@@ -499,7 +499,7 @@ EFI_STATUS pack_cpio_literal(
         if (err != EFI_SUCCESS)
                 return log_error_status(err, "Failed to pack cpio trailer: %m");
 
-        err = tpm_log_event(
+        err = tpm_log_ipl_event(
                         tpm_pcr, POINTER_TO_PHYSICAL_ADDRESS(buffer), buffer_size, tpm_description, ret_measured);
         if (err != EFI_SUCCESS)
                 return log_error_status(

src/boot/efi/measure.c

@@ -27,6 +27,8 @@ static EFI_STATUS tpm2_measure_to_pcr_and_tagged_event_log(
         assert(tcg);
         assert(description);
 
+        /* New style stuff we log as EV_EVENT_TAG with a recognizable event tag. */
+
         desc_len = strsize16(description);
         event_size = offsetof(EFI_TCG2_EVENT, Event) + offsetof(EFI_TCG2_TAGGED_EVENT, Event) + desc_len;
 
@@ -53,7 +55,7 @@ static EFI_STATUS tpm2_measure_to_pcr_and_tagged_event_log(
                         &event->tcg_event);
 }
 
-static EFI_STATUS tpm2_measure_to_pcr_and_event_log(
+static EFI_STATUS tpm2_measure_to_pcr_and_ipl_event_log(
                 EFI_TCG2_PROTOCOL *tcg,
                 uint32_t pcrindex,
                 EFI_PHYSICAL_ADDRESS buffer,
@@ -66,11 +68,10 @@ static EFI_STATUS tpm2_measure_to_pcr_and_event_log(
         assert(tcg);
         assert(description);
 
-        /* NB: We currently record everything as EV_IPL. Which sucks, because it makes it hard to
-         * recognize from the event log which of the events are ours. Measurement logs are kinda API hence
-         * this is hard to change for existing, established events. But for future additions, let's use
-         * EV_EVENT_TAG instead, with a tag of our choosing that makes clear what precisely we are measuring
-         * here. */
+        /* We record older stuff as EV_IPL. Which sucks, because it makes it hard to recognize from the event
+         * log which of the events are ours. Measurement logs are kinda API hence this is hard to change for
+         * existing, established events. But for future additions, let's use EV_EVENT_TAG instead, with a tag
+         * of our choosing that makes clear what precisely we are measuring here. See above. */
 
         desc_len = strsize16(description);
         tcg_event = xmalloc(offsetof(EFI_TCG2_EVENT, Event) + desc_len);
@@ -91,7 +92,7 @@ static EFI_STATUS tpm2_measure_to_pcr_and_event_log(
                         tcg_event);
 }
 
-static EFI_STATUS cc_measure_to_mr_and_event_log(
+static EFI_STATUS cc_measure_to_mr_and_ipl_event_log(
                 EFI_CC_MEASUREMENT_PROTOCOL *cc,
                 uint32_t pcrindex,
                 EFI_PHYSICAL_ADDRESS buffer,
@@ -187,7 +188,7 @@ bool tpm_present(void) {
         return tcg2_interface_check();
 }
 
-static EFI_STATUS tcg2_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
+static EFI_STATUS tcg2_log_ipl_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
         EFI_TCG2_PROTOCOL *tpm2;
         EFI_STATUS err = EFI_SUCCESS;
 
@@ -195,7 +196,7 @@ static EFI_STATUS tcg2_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer,
 
         tpm2 = tcg2_interface_check();
         if (tpm2)
-                err = tpm2_measure_to_pcr_and_event_log(tpm2, pcrindex, buffer, buffer_size, description);
+                err = tpm2_measure_to_pcr_and_ipl_event_log(tpm2, pcrindex, buffer, buffer_size, description);
 
         *ret_measured = tpm2 && (err == EFI_SUCCESS);
 
@@ -210,14 +211,14 @@ static EFI_STATUS cc_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, s
 
         cc = cc_interface_check();
         if (cc)
-                err = cc_measure_to_mr_and_event_log(cc, pcrindex, buffer, buffer_size, description);
+                err = cc_measure_to_mr_and_ipl_event_log(cc, pcrindex, buffer, buffer_size, description);
 
         *ret_measured = cc && (err == EFI_SUCCESS);
 
         return err;
 }
 
-EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
+EFI_STATUS tpm_log_ipl_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
         EFI_STATUS err;
         bool tpm_ret_measured, cc_ret_measured;
 
@@ -238,7 +239,7 @@ EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t
         if (err != EFI_SUCCESS)
                 return err;
 
-        err = tcg2_log_event(pcrindex, buffer, buffer_size, description, &tpm_ret_measured);
+        err = tcg2_log_ipl_event(pcrindex, buffer, buffer_size, description, &tpm_ret_measured);
 
         if (err == EFI_SUCCESS && ret_measured)
                 *ret_measured = tpm_ret_measured || cc_ret_measured;
@@ -278,13 +279,13 @@ EFI_STATUS tpm_log_tagged_event(
         return err;
 }
 
-EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) {
+EFI_STATUS tpm_log_ipl_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) {
         _cleanup_free_ char16_t *c = NULL;
 
         if (description)
                 c = xstr8_to_16(description);
 
-        return tpm_log_event(pcrindex, buffer, buffer_size, c, ret_measured);
+        return tpm_log_ipl_event(pcrindex, buffer, buffer_size, c, ret_measured);
 }
 
 EFI_STATUS tpm_log_load_options(const char16_t *load_options, bool *ret_measured) {
@@ -293,7 +294,7 @@ EFI_STATUS tpm_log_load_options(const char16_t *load_options, bool *ret_measured
 
         /* Measures a load options string into the TPM2, i.e. the kernel command line */
 
-        err = tpm_log_event(
+        err = tpm_log_ipl_event(
                         TPM2_PCR_KERNEL_CONFIG,
                         POINTER_TO_PHYSICAL_ADDRESS(load_options),
                         strsize16(load_options),

src/boot/efi/measure.h

@@ -6,9 +6,20 @@
 #if ENABLE_TPM
 
 bool tpm_present(void);
-EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured);
-EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured);
+
+/* Routines for boot-time TPM PCR measurement as well as submitting an event log entry about it. The latter
+ * can be done with two different event log record types. For old stuff we use EV_IPL (which is legacy, and
+ * not great to recognize properly during PCR validation). For new stuff we use properly tagged
+ * EV_EVENT_TAG record. */
+
+/* Old stuff is logged as EV_IPL */
+EFI_STATUS tpm_log_ipl_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured);
+EFI_STATUS tpm_log_ipl_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const
+char *description, bool *ret_measured);
+
+/* New stuff is logged as EV_EVENT_TAG */
 EFI_STATUS tpm_log_tagged_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, uint32_t event_id, const char16_t *description, bool *ret_measured);
+
 EFI_STATUS tpm_log_load_options(const char16_t *cmdline, bool *ret_measured);
 
 #else
@@ -17,13 +28,13 @@ static inline bool tpm_present(void) {
         return false;
 }
 
-static inline EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
+static inline EFI_STATUS tpm_log_ipl_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
         if (ret_measured)
                 *ret_measured = false;
         return EFI_SUCCESS;
 }
 
-static inline EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) {
+static inline EFI_STATUS tpm_log_ipl_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) {
         if (ret_measured)
                 *ret_measured = false;
         return EFI_SUCCESS;

src/boot/efi/stub.c

@@ -584,7 +584,7 @@ static EFI_STATUS run(EFI_HANDLE image) {
                 m = false;
 
                 /* First measure the name of the section */
-                (void) tpm_log_event_ascii(
+                (void) tpm_log_ipl_event_ascii(
                                 TPM2_PCR_KERNEL_BOOT,
                                 POINTER_TO_PHYSICAL_ADDRESS(unified_sections[section]),
                                 strsize8(unified_sections[section]), /* including NUL byte */
@@ -594,7 +594,7 @@ static EFI_STATUS run(EFI_HANDLE image) {
                 sections_measured = sections_measured < 0 ? m : (sections_measured && m);
 
                 /* Then measure the data of the section */
-                (void) tpm_log_event_ascii(
+                (void) tpm_log_ipl_event_ascii(
                                 TPM2_PCR_KERNEL_BOOT,
                                 POINTER_TO_PHYSICAL_ADDRESS(loaded_image->ImageBase) + addrs[section],
                                 szs[section],