diff --git a/src/boot/efi/cpio.c b/src/boot/efi/cpio.c index bd1118a58a5..a3c98c7b925 100644 --- a/src/boot/efi/cpio.c +++ b/src/boot/efi/cpio.c @@ -430,7 +430,7 @@ EFI_STATUS pack_cpio( if (err != EFI_SUCCESS) return log_error_status(err, "Failed to pack cpio trailer: %m"); - err = tpm_log_event( + err = tpm_log_ipl_event( tpm_pcr, POINTER_TO_PHYSICAL_ADDRESS(buffer), buffer_size, tpm_description, ret_measured); if (err != EFI_SUCCESS) return log_error_status( @@ -499,7 +499,7 @@ EFI_STATUS pack_cpio_literal( if (err != EFI_SUCCESS) return log_error_status(err, "Failed to pack cpio trailer: %m"); - err = tpm_log_event( + err = tpm_log_ipl_event( tpm_pcr, POINTER_TO_PHYSICAL_ADDRESS(buffer), buffer_size, tpm_description, ret_measured); if (err != EFI_SUCCESS) return log_error_status( diff --git a/src/boot/efi/measure.c b/src/boot/efi/measure.c index 08a2ecdba89..1ac2820d090 100644 --- a/src/boot/efi/measure.c +++ b/src/boot/efi/measure.c @@ -27,6 +27,8 @@ static EFI_STATUS tpm2_measure_to_pcr_and_tagged_event_log( assert(tcg); assert(description); + /* New style stuff we log as EV_EVENT_TAG with a recognizable event tag. */ + desc_len = strsize16(description); event_size = offsetof(EFI_TCG2_EVENT, Event) + offsetof(EFI_TCG2_TAGGED_EVENT, Event) + desc_len; @@ -53,7 +55,7 @@ static EFI_STATUS tpm2_measure_to_pcr_and_tagged_event_log( &event->tcg_event); } -static EFI_STATUS tpm2_measure_to_pcr_and_event_log( +static EFI_STATUS tpm2_measure_to_pcr_and_ipl_event_log( EFI_TCG2_PROTOCOL *tcg, uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, @@ -66,11 +68,10 @@ static EFI_STATUS tpm2_measure_to_pcr_and_event_log( assert(tcg); assert(description); - /* NB: We currently record everything as EV_IPL. Which sucks, because it makes it hard to - * recognize from the event log which of the events are ours. Measurement logs are kinda API hence - * this is hard to change for existing, established events. But for future additions, let's use - * EV_EVENT_TAG instead, with a tag of our choosing that makes clear what precisely we are measuring - * here. */ + /* We record older stuff as EV_IPL. Which sucks, because it makes it hard to recognize from the event + * log which of the events are ours. Measurement logs are kinda API hence this is hard to change for + * existing, established events. But for future additions, let's use EV_EVENT_TAG instead, with a tag + * of our choosing that makes clear what precisely we are measuring here. See above. */ desc_len = strsize16(description); tcg_event = xmalloc(offsetof(EFI_TCG2_EVENT, Event) + desc_len); @@ -91,7 +92,7 @@ static EFI_STATUS tpm2_measure_to_pcr_and_event_log( tcg_event); } -static EFI_STATUS cc_measure_to_mr_and_event_log( +static EFI_STATUS cc_measure_to_mr_and_ipl_event_log( EFI_CC_MEASUREMENT_PROTOCOL *cc, uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, @@ -187,7 +188,7 @@ bool tpm_present(void) { return tcg2_interface_check(); } -static EFI_STATUS tcg2_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) { +static EFI_STATUS tcg2_log_ipl_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) { EFI_TCG2_PROTOCOL *tpm2; EFI_STATUS err = EFI_SUCCESS; @@ -195,7 +196,7 @@ static EFI_STATUS tcg2_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, tpm2 = tcg2_interface_check(); if (tpm2) - err = tpm2_measure_to_pcr_and_event_log(tpm2, pcrindex, buffer, buffer_size, description); + err = tpm2_measure_to_pcr_and_ipl_event_log(tpm2, pcrindex, buffer, buffer_size, description); *ret_measured = tpm2 && (err == EFI_SUCCESS); @@ -210,14 +211,14 @@ static EFI_STATUS cc_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, s cc = cc_interface_check(); if (cc) - err = cc_measure_to_mr_and_event_log(cc, pcrindex, buffer, buffer_size, description); + err = cc_measure_to_mr_and_ipl_event_log(cc, pcrindex, buffer, buffer_size, description); *ret_measured = cc && (err == EFI_SUCCESS); return err; } -EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) { +EFI_STATUS tpm_log_ipl_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) { EFI_STATUS err; bool tpm_ret_measured, cc_ret_measured; @@ -238,7 +239,7 @@ EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t if (err != EFI_SUCCESS) return err; - err = tcg2_log_event(pcrindex, buffer, buffer_size, description, &tpm_ret_measured); + err = tcg2_log_ipl_event(pcrindex, buffer, buffer_size, description, &tpm_ret_measured); if (err == EFI_SUCCESS && ret_measured) *ret_measured = tpm_ret_measured || cc_ret_measured; @@ -278,13 +279,13 @@ EFI_STATUS tpm_log_tagged_event( return err; } -EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) { +EFI_STATUS tpm_log_ipl_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) { _cleanup_free_ char16_t *c = NULL; if (description) c = xstr8_to_16(description); - return tpm_log_event(pcrindex, buffer, buffer_size, c, ret_measured); + return tpm_log_ipl_event(pcrindex, buffer, buffer_size, c, ret_measured); } EFI_STATUS tpm_log_load_options(const char16_t *load_options, bool *ret_measured) { @@ -293,7 +294,7 @@ EFI_STATUS tpm_log_load_options(const char16_t *load_options, bool *ret_measured /* Measures a load options string into the TPM2, i.e. the kernel command line */ - err = tpm_log_event( + err = tpm_log_ipl_event( TPM2_PCR_KERNEL_CONFIG, POINTER_TO_PHYSICAL_ADDRESS(load_options), strsize16(load_options), diff --git a/src/boot/efi/measure.h b/src/boot/efi/measure.h index c3c4e0a9ad1..9dde93b94d2 100644 --- a/src/boot/efi/measure.h +++ b/src/boot/efi/measure.h @@ -6,9 +6,20 @@ #if ENABLE_TPM bool tpm_present(void); -EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured); -EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured); + +/* Routines for boot-time TPM PCR measurement as well as submitting an event log entry about it. The latter + * can be done with two different event log record types. For old stuff we use EV_IPL (which is legacy, and + * not great to recognize properly during PCR validation). For new stuff we use properly tagged + * EV_EVENT_TAG record. */ + +/* Old stuff is logged as EV_IPL */ +EFI_STATUS tpm_log_ipl_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured); +EFI_STATUS tpm_log_ipl_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const +char *description, bool *ret_measured); + +/* New stuff is logged as EV_EVENT_TAG */ EFI_STATUS tpm_log_tagged_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, uint32_t event_id, const char16_t *description, bool *ret_measured); + EFI_STATUS tpm_log_load_options(const char16_t *cmdline, bool *ret_measured); #else @@ -17,13 +28,13 @@ static inline bool tpm_present(void) { return false; } -static inline EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) { +static inline EFI_STATUS tpm_log_ipl_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) { if (ret_measured) *ret_measured = false; return EFI_SUCCESS; } -static inline EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) { +static inline EFI_STATUS tpm_log_ipl_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) { if (ret_measured) *ret_measured = false; return EFI_SUCCESS; diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c index 9aa605b7563..afb3b026104 100644 --- a/src/boot/efi/stub.c +++ b/src/boot/efi/stub.c @@ -584,7 +584,7 @@ static EFI_STATUS run(EFI_HANDLE image) { m = false; /* First measure the name of the section */ - (void) tpm_log_event_ascii( + (void) tpm_log_ipl_event_ascii( TPM2_PCR_KERNEL_BOOT, POINTER_TO_PHYSICAL_ADDRESS(unified_sections[section]), strsize8(unified_sections[section]), /* including NUL byte */ @@ -594,7 +594,7 @@ static EFI_STATUS run(EFI_HANDLE image) { sections_measured = sections_measured < 0 ? m : (sections_measured && m); /* Then measure the data of the section */ - (void) tpm_log_event_ascii( + (void) tpm_log_ipl_event_ascii( TPM2_PCR_KERNEL_BOOT, POINTER_TO_PHYSICAL_ADDRESS(loaded_image->ImageBase) + addrs[section], szs[section],