1
2
3
4
5
6
7
8
9
10#define LOG_CATEGORY LOGC_EFI
11#include <common.h>
12#include <dm.h>
13#include <efi_loader.h>
14#include <efi_variable.h>
15#include <efi_tcg2.h>
16#include <log.h>
17#include <malloc.h>
18#include <smbios.h>
19#include <version_string.h>
20#include <tpm-v2.h>
21#include <tpm_api.h>
22#include <u-boot/hash-checksum.h>
23#include <u-boot/sha1.h>
24#include <u-boot/sha256.h>
25#include <u-boot/sha512.h>
26#include <linux/unaligned/be_byteshift.h>
27#include <linux/unaligned/le_byteshift.h>
28#include <linux/unaligned/generic.h>
29#include <hexdump.h>
30
31
32
33
34
35
36
37
38
39
40
41
42struct event_log_buffer {
43 void *buffer;
44 void *final_buffer;
45 size_t pos;
46 size_t final_pos;
47 size_t last_event_size;
48 bool get_event_called;
49 bool ebs_called;
50 bool truncated;
51};
52
53static struct event_log_buffer event_log;
54static bool tcg2_efi_app_invoked;
55
56
57
58
59
60
61#define TPM2_RESPONSE_BUFFER_SIZE (sizeof(struct tpms_capability_data) - \
62 offsetof(struct tpms_capability_data, data))
63#define properties_offset (offsetof(struct tpml_tagged_tpm_property, tpm_property) + \
64 offsetof(struct tpms_tagged_property, value))
65
66static const efi_guid_t efi_guid_tcg2_protocol = EFI_TCG2_PROTOCOL_GUID;
67static const efi_guid_t efi_guid_final_events = EFI_TCG2_FINAL_EVENTS_TABLE_GUID;
68
69struct digest_info {
70 u16 hash_alg;
71 u32 hash_mask;
72 u16 hash_len;
73};
74
75static const struct digest_info hash_algo_list[] = {
76 {
77 TPM2_ALG_SHA1,
78 EFI_TCG2_BOOT_HASH_ALG_SHA1,
79 TPM2_SHA1_DIGEST_SIZE,
80 },
81 {
82 TPM2_ALG_SHA256,
83 EFI_TCG2_BOOT_HASH_ALG_SHA256,
84 TPM2_SHA256_DIGEST_SIZE,
85 },
86 {
87 TPM2_ALG_SHA384,
88 EFI_TCG2_BOOT_HASH_ALG_SHA384,
89 TPM2_SHA384_DIGEST_SIZE,
90 },
91 {
92 TPM2_ALG_SHA512,
93 EFI_TCG2_BOOT_HASH_ALG_SHA512,
94 TPM2_SHA512_DIGEST_SIZE,
95 },
96};
97
98struct variable_info {
99 const u16 *name;
100 bool accept_empty;
101 u32 pcr_index;
102};
103
104static struct variable_info secure_variables[] = {
105 {u"SecureBoot", true, 7},
106 {u"PK", true, 7},
107 {u"KEK", true, 7},
108 {u"db", true, 7},
109 {u"dbx", true, 7},
110 {u"dbt", false, 7},
111 {u"dbr", false, 7},
112 {u"DeployedMode", false, 1},
113 {u"AuditMode", false, 1},
114};
115
116#define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list)
117
118
119
120
121
122
123
124
125static u32 alg_to_mask(u16 hash_alg)
126{
127 size_t i;
128
129 for (i = 0; i < MAX_HASH_COUNT; i++) {
130 if (hash_algo_list[i].hash_alg == hash_alg)
131 return hash_algo_list[i].hash_mask;
132 }
133
134 return 0;
135}
136
137
138
139
140
141
142
143
144static u16 alg_to_len(u16 hash_alg)
145{
146 size_t i;
147
148 for (i = 0; i < MAX_HASH_COUNT; i++) {
149 if (hash_algo_list[i].hash_alg == hash_alg)
150 return hash_algo_list[i].hash_len;
151 }
152
153 return 0;
154}
155
156static bool is_tcg2_protocol_installed(void)
157{
158 struct efi_handler *handler;
159 efi_status_t ret;
160
161 ret = efi_search_protocol(efi_root, &efi_guid_tcg2_protocol, &handler);
162 return ret == EFI_SUCCESS;
163}
164
165static u32 tcg_event_final_size(struct tpml_digest_values *digest_list)
166{
167 u32 len;
168 size_t i;
169
170 len = offsetof(struct tcg_pcr_event2, digests);
171 len += offsetof(struct tpml_digest_values, digests);
172 for (i = 0; i < digest_list->count; i++) {
173 u16 hash_alg = digest_list->digests[i].hash_alg;
174
175 len += offsetof(struct tpmt_ha, digest);
176 len += alg_to_len(hash_alg);
177 }
178 len += sizeof(u32);
179
180 return len;
181}
182
183
184
185
186
187
188
189
190static efi_status_t tcg2_pcr_extend(struct udevice *dev, u32 pcr_index,
191 struct tpml_digest_values *digest_list)
192{
193 u32 rc;
194 size_t i;
195
196 for (i = 0; i < digest_list->count; i++) {
197 u32 alg = digest_list->digests[i].hash_alg;
198
199 rc = tpm2_pcr_extend(dev, pcr_index, alg,
200 (u8 *)&digest_list->digests[i].digest,
201 alg_to_len(alg));
202 if (rc) {
203 EFI_PRINT("Failed to extend PCR\n");
204 return EFI_DEVICE_ERROR;
205 }
206 }
207
208 return EFI_SUCCESS;
209}
210
211
212
213
214
215
216
217
218
219static efi_status_t tcg2_pcr_read(struct udevice *dev, u32 pcr_index,
220 struct tpml_digest_values *digest_list)
221{
222 struct tpm_chip_priv *priv;
223 unsigned int updates, pcr_select_min;
224 u32 rc;
225 size_t i;
226
227 priv = dev_get_uclass_priv(dev);
228 if (!priv)
229 return EFI_DEVICE_ERROR;
230
231 pcr_select_min = priv->pcr_select_min;
232
233 for (i = 0; i < digest_list->count; i++) {
234 u16 hash_alg = digest_list->digests[i].hash_alg;
235 u8 *digest = (u8 *)&digest_list->digests[i].digest;
236
237 rc = tpm2_pcr_read(dev, pcr_index, pcr_select_min,
238 hash_alg, digest, alg_to_len(hash_alg),
239 &updates);
240 if (rc) {
241 EFI_PRINT("Failed to read PCR\n");
242 return EFI_DEVICE_ERROR;
243 }
244 }
245
246 return EFI_SUCCESS;
247}
248
249
250
251
252
253
254
255
256
257
258
259static void put_event(u32 pcr_index, u32 event_type,
260 struct tpml_digest_values *digest_list, u32 size,
261 u8 event[], void *log)
262{
263 size_t pos;
264 size_t i;
265 u32 event_size;
266
267
268
269
270
271 event_size = size + tcg_event_final_size(digest_list);
272
273 put_unaligned_le32(pcr_index, log);
274 pos = offsetof(struct tcg_pcr_event2, event_type);
275 put_unaligned_le32(event_type, (void *)((uintptr_t)log + pos));
276 pos = offsetof(struct tcg_pcr_event2, digests);
277 put_unaligned_le32(digest_list->count, (void *)((uintptr_t)log + pos));
278
279 pos += offsetof(struct tpml_digest_values, digests);
280 for (i = 0; i < digest_list->count; i++) {
281 u16 hash_alg = digest_list->digests[i].hash_alg;
282 u8 *digest = (u8 *)&digest_list->digests[i].digest;
283
284 put_unaligned_le16(hash_alg, (void *)((uintptr_t)log + pos));
285 pos += offsetof(struct tpmt_ha, digest);
286 memcpy((void *)((uintptr_t)log + pos), digest, alg_to_len(hash_alg));
287 pos += alg_to_len(hash_alg);
288 }
289
290 put_unaligned_le32(size, (void *)((uintptr_t)log + pos));
291 pos += sizeof(u32);
292 memcpy((void *)((uintptr_t)log + pos), event, size);
293 pos += size;
294
295
296
297
298
299
300 if (pos != event_size)
301 log_err("Appending to the EventLog failed\n");
302}
303
304
305
306
307
308
309
310
311
312
313
314
315static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type,
316 struct tpml_digest_values *digest_list,
317 u32 size, u8 event[])
318{
319 void *log = (void *)((uintptr_t)event_log.buffer + event_log.pos);
320 u32 event_size = size + tcg_event_final_size(digest_list);
321 struct efi_tcg2_final_events_table *final_event;
322 efi_status_t ret = EFI_SUCCESS;
323
324
325 if (!event_log.ebs_called) {
326 if (event_log.truncated ||
327 event_log.pos + event_size > TPM2_EVENT_LOG_SIZE) {
328 event_log.truncated = true;
329 return EFI_VOLUME_FULL;
330 }
331 put_event(pcr_index, event_type, digest_list, size, event, log);
332 event_log.pos += event_size;
333 event_log.last_event_size = event_size;
334 }
335
336 if (!event_log.get_event_called)
337 return ret;
338
339
340 if (event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE)
341 return EFI_VOLUME_FULL;
342
343 log = (void *)((uintptr_t)event_log.final_buffer + event_log.final_pos);
344 put_event(pcr_index, event_type, digest_list, size, event, log);
345
346 final_event = event_log.final_buffer;
347 final_event->number_of_events++;
348 event_log.final_pos += event_size;
349
350 return ret;
351}
352
353
354
355
356
357
358
359
360
361
362
363__weak efi_status_t platform_get_tpm2_device(struct udevice **dev)
364{
365 for_each_tpm_device(*dev) {
366
367 if (tpm_get_version(*dev) == TPM_V2)
368 return EFI_SUCCESS;
369 }
370
371 return EFI_NOT_FOUND;
372}
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388__weak efi_status_t platform_get_eventlog(struct udevice *dev, u64 *addr,
389 u32 *sz)
390{
391 const u64 *basep;
392 const u32 *sizep;
393
394 basep = dev_read_prop(dev, "tpm_event_log_addr", NULL);
395 if (!basep)
396 return EFI_NOT_FOUND;
397
398 *addr = be64_to_cpup((__force __be64 *)basep);
399
400 sizep = dev_read_prop(dev, "tpm_event_log_size", NULL);
401 if (!sizep)
402 return EFI_NOT_FOUND;
403
404 *sz = be32_to_cpup((__force __be32 *)sizep);
405 if (*sz == 0) {
406 log_debug("event log empty\n");
407 return EFI_NOT_FOUND;
408 }
409
410 return EFI_SUCCESS;
411}
412
413
414
415
416
417
418
419
420
421static int tpm2_get_max_command_size(struct udevice *dev, u16 *max_command_size)
422{
423 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
424 u32 ret;
425
426 memset(response, 0, sizeof(response));
427 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
428 TPM2_PT_MAX_COMMAND_SIZE, response, 1);
429 if (ret)
430 return -1;
431
432 *max_command_size = (uint16_t)get_unaligned_be32(response +
433 properties_offset);
434
435 return 0;
436}
437
438
439
440
441
442
443
444
445
446static int tpm2_get_max_response_size(struct udevice *dev,
447 u16 *max_response_size)
448{
449 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
450 u32 ret;
451
452 memset(response, 0, sizeof(response));
453 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
454 TPM2_PT_MAX_RESPONSE_SIZE, response, 1);
455 if (ret)
456 return -1;
457
458 *max_response_size = (uint16_t)get_unaligned_be32(response +
459 properties_offset);
460
461 return 0;
462}
463
464
465
466
467
468
469
470
471
472static int tpm2_get_manufacturer_id(struct udevice *dev, u32 *manufacturer_id)
473{
474 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
475 u32 ret;
476
477 memset(response, 0, sizeof(response));
478 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
479 TPM2_PT_MANUFACTURER, response, 1);
480 if (ret)
481 return -1;
482
483 *manufacturer_id = get_unaligned_be32(response + properties_offset);
484
485 return 0;
486}
487
488
489
490
491
492
493
494
495
496static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr)
497{
498 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
499 u32 ret;
500
501 memset(response, 0, sizeof(response));
502 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
503 TPM2_PT_PCR_COUNT, response, 1);
504 if (ret)
505 return -1;
506
507 *num_pcr = get_unaligned_be32(response + properties_offset);
508 if (*num_pcr > TPM2_MAX_PCRS)
509 return -1;
510
511 return 0;
512}
513
514
515
516
517
518
519
520
521
522static bool is_active_pcr(struct tpms_pcr_selection *selection)
523{
524 int i;
525
526
527
528
529 for (i = 0; i < selection->size_of_select; i++) {
530 if (selection->pcr_select[i])
531 return true;
532 }
533
534 return false;
535}
536
537
538
539
540
541
542
543
544
545
546
547static int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr,
548 u32 *active_pcr, u32 *pcr_banks)
549{
550 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
551 struct tpml_pcr_selection pcrs;
552 u32 ret, num_pcr;
553 size_t i;
554 int tpm_ret;
555
556 *supported_pcr = 0;
557 *active_pcr = 0;
558 *pcr_banks = 0;
559 memset(response, 0, sizeof(response));
560 ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1);
561 if (ret)
562 goto out;
563
564 pcrs.count = get_unaligned_be32(response);
565
566
567
568
569 if (pcrs.count > MAX_HASH_COUNT || pcrs.count < 1)
570 goto out;
571
572 tpm_ret = tpm2_get_num_pcr(dev, &num_pcr);
573 if (tpm_ret)
574 goto out;
575
576 for (i = 0; i < pcrs.count; i++) {
577
578
579
580
581
582
583
584
585
586 u32 hash_offset = offsetof(struct tpml_pcr_selection, selection) +
587 i * offsetof(struct tpms_pcr_selection, pcr_select) +
588 i * ((num_pcr + 7) / 8);
589 u32 size_select_offset =
590 hash_offset + offsetof(struct tpms_pcr_selection,
591 size_of_select);
592 u32 pcr_select_offset =
593 hash_offset + offsetof(struct tpms_pcr_selection,
594 pcr_select);
595
596 pcrs.selection[i].hash =
597 get_unaligned_be16(response + hash_offset);
598 pcrs.selection[i].size_of_select =
599 __get_unaligned_be(response + size_select_offset);
600 if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX)
601 goto out;
602
603 memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset,
604 pcrs.selection[i].size_of_select);
605 }
606
607 for (i = 0; i < pcrs.count; i++) {
608 u32 hash_mask = alg_to_mask(pcrs.selection[i].hash);
609
610 if (hash_mask) {
611 *supported_pcr |= hash_mask;
612 if (is_active_pcr(&pcrs.selection[i]))
613 *active_pcr |= hash_mask;
614 } else {
615 EFI_PRINT("Unknown algorithm %x\n", pcrs.selection[i].hash);
616 }
617 }
618
619 *pcr_banks = pcrs.count;
620
621 return 0;
622out:
623 return -1;
624}
625
626
627
628
629
630
631
632
633
634static efi_status_t __get_active_pcr_banks(u32 *active_pcr_banks)
635{
636 struct udevice *dev;
637 u32 active = 0, supported = 0, pcr_banks = 0;
638 efi_status_t ret;
639 int err;
640
641 ret = platform_get_tpm2_device(&dev);
642 if (ret != EFI_SUCCESS)
643 goto out;
644
645 err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks);
646 if (err) {
647 ret = EFI_DEVICE_ERROR;
648 goto out;
649 }
650
651 *active_pcr_banks = active;
652
653out:
654 return ret;
655}
656
657
658
659
660
661
662
663
664
665
666static efi_status_t tcg2_create_digest(const u8 *input, u32 length,
667 struct tpml_digest_values *digest_list)
668{
669 sha1_context ctx;
670 sha256_context ctx_256;
671 sha512_context ctx_512;
672 u8 final[TPM2_SHA512_DIGEST_SIZE];
673 efi_status_t ret;
674 u32 active;
675 size_t i;
676
677 ret = __get_active_pcr_banks(&active);
678 if (ret != EFI_SUCCESS)
679 return ret;
680
681 digest_list->count = 0;
682 for (i = 0; i < MAX_HASH_COUNT; i++) {
683 u16 hash_alg = hash_algo_list[i].hash_alg;
684
685 if (!(active & alg_to_mask(hash_alg)))
686 continue;
687 switch (hash_alg) {
688 case TPM2_ALG_SHA1:
689 sha1_starts(&ctx);
690 sha1_update(&ctx, input, length);
691 sha1_finish(&ctx, final);
692 break;
693 case TPM2_ALG_SHA256:
694 sha256_starts(&ctx_256);
695 sha256_update(&ctx_256, input, length);
696 sha256_finish(&ctx_256, final);
697 break;
698 case TPM2_ALG_SHA384:
699 sha384_starts(&ctx_512);
700 sha384_update(&ctx_512, input, length);
701 sha384_finish(&ctx_512, final);
702 break;
703 case TPM2_ALG_SHA512:
704 sha512_starts(&ctx_512);
705 sha512_update(&ctx_512, input, length);
706 sha512_finish(&ctx_512, final);
707 break;
708 default:
709 EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
710 return EFI_INVALID_PARAMETER;
711 }
712 digest_list->digests[digest_list->count].hash_alg = hash_alg;
713 memcpy(&digest_list->digests[digest_list->count].digest, final,
714 (u32)alg_to_len(hash_alg));
715 digest_list->count++;
716 }
717
718 return EFI_SUCCESS;
719}
720
721
722
723
724
725
726
727
728
729
730static efi_status_t EFIAPI
731efi_tcg2_get_capability(struct efi_tcg2_protocol *this,
732 struct efi_tcg2_boot_service_capability *capability)
733{
734 struct udevice *dev;
735 efi_status_t efi_ret;
736 int ret;
737
738 EFI_ENTRY("%p, %p", this, capability);
739
740 if (!this || !capability) {
741 efi_ret = EFI_INVALID_PARAMETER;
742 goto out;
743 }
744
745 if (capability->size < BOOT_SERVICE_CAPABILITY_MIN) {
746 capability->size = BOOT_SERVICE_CAPABILITY_MIN;
747 efi_ret = EFI_BUFFER_TOO_SMALL;
748 goto out;
749 }
750
751 if (capability->size < sizeof(*capability)) {
752 capability->size = sizeof(*capability);
753 efi_ret = EFI_BUFFER_TOO_SMALL;
754 goto out;
755 }
756
757 capability->structure_version.major = 1;
758 capability->structure_version.minor = 1;
759 capability->protocol_version.major = 1;
760 capability->protocol_version.minor = 1;
761
762 efi_ret = platform_get_tpm2_device(&dev);
763 if (efi_ret != EFI_SUCCESS) {
764 capability->supported_event_logs = 0;
765 capability->hash_algorithm_bitmap = 0;
766 capability->tpm_present_flag = false;
767 capability->max_command_size = 0;
768 capability->max_response_size = 0;
769 capability->manufacturer_id = 0;
770 capability->number_of_pcr_banks = 0;
771 capability->active_pcr_banks = 0;
772
773 efi_ret = EFI_SUCCESS;
774 goto out;
775 }
776
777
778 capability->supported_event_logs = TCG2_EVENT_LOG_FORMAT_TCG_2;
779
780 capability->tpm_present_flag = true;
781
782
783 capability->hash_algorithm_bitmap = 0;
784 capability->active_pcr_banks = 0;
785 ret = tpm2_get_pcr_info(dev, &capability->hash_algorithm_bitmap,
786 &capability->active_pcr_banks,
787 &capability->number_of_pcr_banks);
788 if (ret) {
789 efi_ret = EFI_DEVICE_ERROR;
790 goto out;
791 }
792
793
794 ret = tpm2_get_max_command_size(dev, &capability->max_command_size);
795 if (ret) {
796 efi_ret = EFI_DEVICE_ERROR;
797 goto out;
798 }
799
800
801 ret = tpm2_get_max_response_size(dev, &capability->max_response_size);
802 if (ret) {
803 efi_ret = EFI_DEVICE_ERROR;
804 goto out;
805 }
806
807
808 ret = tpm2_get_manufacturer_id(dev, &capability->manufacturer_id);
809 if (ret) {
810 efi_ret = EFI_DEVICE_ERROR;
811 goto out;
812 }
813
814 return EFI_EXIT(EFI_SUCCESS);
815out:
816 return EFI_EXIT(efi_ret);
817}
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834static efi_status_t EFIAPI
835efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this,
836 efi_tcg_event_log_format log_format,
837 u64 *event_log_location, u64 *event_log_last_entry,
838 bool *event_log_truncated)
839{
840 efi_status_t ret = EFI_SUCCESS;
841 struct udevice *dev;
842
843 EFI_ENTRY("%p, %u, %p, %p, %p", this, log_format, event_log_location,
844 event_log_last_entry, event_log_truncated);
845
846 if (!this || !event_log_location || !event_log_last_entry ||
847 !event_log_truncated) {
848 ret = EFI_INVALID_PARAMETER;
849 goto out;
850 }
851
852
853 if (log_format != TCG2_EVENT_LOG_FORMAT_TCG_2) {
854 ret = EFI_INVALID_PARAMETER;
855 goto out;
856 }
857
858 ret = platform_get_tpm2_device(&dev);
859 if (ret != EFI_SUCCESS) {
860 event_log_location = NULL;
861 event_log_last_entry = NULL;
862 *event_log_truncated = false;
863 ret = EFI_SUCCESS;
864 goto out;
865 }
866 *event_log_location = (uintptr_t)event_log.buffer;
867 *event_log_last_entry = (uintptr_t)(event_log.buffer + event_log.pos -
868 event_log.last_event_size);
869 *event_log_truncated = event_log.truncated;
870 event_log.get_event_called = true;
871
872out:
873 return EFI_EXIT(ret);
874}
875
876
877
878
879
880
881
882
883
884
885static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
886 struct tpml_digest_values *digest_list)
887{
888 WIN_CERTIFICATE *wincerts = NULL;
889 size_t wincerts_len;
890 struct efi_image_regions *regs = NULL;
891 void *new_efi = NULL;
892 u8 hash[TPM2_SHA512_DIGEST_SIZE];
893 efi_status_t ret;
894 u32 active;
895 int i;
896
897 new_efi = efi_prepare_aligned_image(efi, &efi_size);
898 if (!new_efi)
899 return EFI_OUT_OF_RESOURCES;
900
901 if (!efi_image_parse(new_efi, efi_size, ®s, &wincerts,
902 &wincerts_len)) {
903 log_err("Parsing PE executable image failed\n");
904 ret = EFI_UNSUPPORTED;
905 goto out;
906 }
907
908 ret = __get_active_pcr_banks(&active);
909 if (ret != EFI_SUCCESS) {
910 goto out;
911 }
912
913 digest_list->count = 0;
914 for (i = 0; i < MAX_HASH_COUNT; i++) {
915 u16 hash_alg = hash_algo_list[i].hash_alg;
916
917 if (!(active & alg_to_mask(hash_alg)))
918 continue;
919 switch (hash_alg) {
920 case TPM2_ALG_SHA1:
921 hash_calculate("sha1", regs->reg, regs->num, hash);
922 break;
923 case TPM2_ALG_SHA256:
924 hash_calculate("sha256", regs->reg, regs->num, hash);
925 break;
926 case TPM2_ALG_SHA384:
927 hash_calculate("sha384", regs->reg, regs->num, hash);
928 break;
929 case TPM2_ALG_SHA512:
930 hash_calculate("sha512", regs->reg, regs->num, hash);
931 break;
932 default:
933 EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
934 return EFI_INVALID_PARAMETER;
935 }
936 digest_list->digests[digest_list->count].hash_alg = hash_alg;
937 memcpy(&digest_list->digests[digest_list->count].digest, hash,
938 (u32)alg_to_len(hash_alg));
939 digest_list->count++;
940 }
941
942out:
943 if (new_efi != efi)
944 free(new_efi);
945 free(regs);
946
947 return ret;
948}
949
950
951
952
953
954
955
956
957
958
959
960efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size,
961 struct efi_loaded_image_obj *handle,
962 struct efi_loaded_image *loaded_image)
963{
964 struct tpml_digest_values digest_list;
965 efi_status_t ret;
966 struct udevice *dev;
967 u32 pcr_index, event_type, event_size;
968 struct uefi_image_load_event *image_load_event;
969 struct efi_device_path *device_path;
970 u32 device_path_length;
971 IMAGE_DOS_HEADER *dos;
972 IMAGE_NT_HEADERS32 *nt;
973 struct efi_handler *handler;
974
975 if (!is_tcg2_protocol_installed())
976 return EFI_SUCCESS;
977
978 ret = platform_get_tpm2_device(&dev);
979 if (ret != EFI_SUCCESS)
980 return EFI_SECURITY_VIOLATION;
981
982 switch (handle->image_type) {
983 case IMAGE_SUBSYSTEM_EFI_APPLICATION:
984 pcr_index = 4;
985 event_type = EV_EFI_BOOT_SERVICES_APPLICATION;
986 break;
987 case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:
988 pcr_index = 2;
989 event_type = EV_EFI_BOOT_SERVICES_DRIVER;
990 break;
991 case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:
992 pcr_index = 2;
993 event_type = EV_EFI_RUNTIME_SERVICES_DRIVER;
994 break;
995 default:
996 return EFI_UNSUPPORTED;
997 }
998
999 ret = tcg2_hash_pe_image(efi, efi_size, &digest_list);
1000 if (ret != EFI_SUCCESS)
1001 return ret;
1002
1003 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
1004 if (ret != EFI_SUCCESS)
1005 return ret;
1006
1007 ret = efi_search_protocol(&handle->header,
1008 &efi_guid_loaded_image_device_path, &handler);
1009 if (ret != EFI_SUCCESS)
1010 return ret;
1011
1012 device_path = handler->protocol_interface;
1013 device_path_length = efi_dp_size(device_path);
1014 if (device_path_length > 0) {
1015
1016 device_path_length += sizeof(struct efi_device_path);
1017 }
1018 event_size = sizeof(struct uefi_image_load_event) + device_path_length;
1019 image_load_event = calloc(1, event_size);
1020 if (!image_load_event)
1021 return EFI_OUT_OF_RESOURCES;
1022
1023 image_load_event->image_location_in_memory = (uintptr_t)efi;
1024 image_load_event->image_length_in_memory = efi_size;
1025 image_load_event->length_of_device_path = device_path_length;
1026
1027 dos = (IMAGE_DOS_HEADER *)efi;
1028 nt = (IMAGE_NT_HEADERS32 *)(efi + dos->e_lfanew);
1029 if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
1030 IMAGE_NT_HEADERS64 *nt64 = (IMAGE_NT_HEADERS64 *)nt;
1031
1032 image_load_event->image_link_time_address =
1033 nt64->OptionalHeader.ImageBase;
1034 } else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
1035 image_load_event->image_link_time_address =
1036 nt->OptionalHeader.ImageBase;
1037 } else {
1038 ret = EFI_INVALID_PARAMETER;
1039 goto out;
1040 }
1041
1042
1043 memcpy(image_load_event->device_path, device_path, device_path_length);
1044
1045 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
1046 event_size, (u8 *)image_load_event);
1047
1048out:
1049 free(image_load_event);
1050
1051 return ret;
1052}
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069static efi_status_t EFIAPI
1070efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
1071 u64 data_to_hash, u64 data_to_hash_len,
1072 struct efi_tcg2_event *efi_tcg_event)
1073{
1074 struct udevice *dev;
1075 efi_status_t ret;
1076 u32 event_type, pcr_index, event_size;
1077 struct tpml_digest_values digest_list;
1078
1079 EFI_ENTRY("%p, %llu, %llu, %llu, %p", this, flags, data_to_hash,
1080 data_to_hash_len, efi_tcg_event);
1081
1082 if (!this || !data_to_hash || !efi_tcg_event) {
1083 ret = EFI_INVALID_PARAMETER;
1084 goto out;
1085 }
1086
1087 ret = platform_get_tpm2_device(&dev);
1088 if (ret != EFI_SUCCESS)
1089 goto out;
1090
1091 if (efi_tcg_event->size < efi_tcg_event->header.header_size +
1092 sizeof(u32)) {
1093 ret = EFI_INVALID_PARAMETER;
1094 goto out;
1095 }
1096
1097 if (efi_tcg_event->header.pcr_index > EFI_TCG2_MAX_PCR_INDEX) {
1098 ret = EFI_INVALID_PARAMETER;
1099 goto out;
1100 }
1101
1102
1103
1104
1105
1106
1107
1108
1109 if (flags & PE_COFF_IMAGE) {
1110 IMAGE_NT_HEADERS32 *nt;
1111
1112 ret = efi_check_pe((void *)(uintptr_t)data_to_hash,
1113 data_to_hash_len, (void **)&nt);
1114 if (ret != EFI_SUCCESS) {
1115 log_err("Not a valid PE-COFF file\n");
1116 ret = EFI_UNSUPPORTED;
1117 goto out;
1118 }
1119 ret = tcg2_hash_pe_image((void *)(uintptr_t)data_to_hash,
1120 data_to_hash_len, &digest_list);
1121 } else {
1122 ret = tcg2_create_digest((u8 *)(uintptr_t)data_to_hash,
1123 data_to_hash_len, &digest_list);
1124 }
1125
1126 if (ret != EFI_SUCCESS)
1127 goto out;
1128
1129 pcr_index = efi_tcg_event->header.pcr_index;
1130 event_type = efi_tcg_event->header.event_type;
1131
1132 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
1133 if (ret != EFI_SUCCESS)
1134 goto out;
1135
1136 if (flags & EFI_TCG2_EXTEND_ONLY) {
1137 if (event_log.truncated)
1138 ret = EFI_VOLUME_FULL;
1139 goto out;
1140 }
1141
1142
1143
1144
1145
1146 event_size = efi_tcg_event->size - sizeof(efi_tcg_event->size) -
1147 efi_tcg_event->header.header_size;
1148 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
1149 event_size, efi_tcg_event->event);
1150out:
1151 return EFI_EXIT(ret);
1152}
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165static efi_status_t EFIAPI
1166efi_tcg2_submit_command(struct efi_tcg2_protocol *this,
1167 u32 input_param_block_size,
1168 u8 *input_param_block,
1169 u32 output_param_block_size,
1170 u8 *output_param_block)
1171{
1172 struct udevice *dev;
1173 efi_status_t ret;
1174 u32 rc;
1175 size_t resp_buf_size = output_param_block_size;
1176
1177 EFI_ENTRY("%p, %u, %p, %u, %p", this, input_param_block_size,
1178 input_param_block, output_param_block_size, output_param_block);
1179
1180 if (!this || !input_param_block || !input_param_block_size) {
1181 ret = EFI_INVALID_PARAMETER;
1182 goto out;
1183 }
1184
1185 ret = platform_get_tpm2_device(&dev);
1186 if (ret != EFI_SUCCESS)
1187 goto out;
1188
1189 rc = tpm2_submit_command(dev, input_param_block,
1190 output_param_block, &resp_buf_size);
1191 if (rc) {
1192 ret = (rc == -ENOSPC) ? EFI_OUT_OF_RESOURCES : EFI_DEVICE_ERROR;
1193
1194 goto out;
1195 }
1196
1197out:
1198 return EFI_EXIT(ret);
1199}
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210static efi_status_t EFIAPI
1211efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this,
1212 u32 *active_pcr_banks)
1213{
1214 efi_status_t ret;
1215
1216 if (!this || !active_pcr_banks) {
1217 ret = EFI_INVALID_PARAMETER;
1218 goto out;
1219 }
1220
1221 EFI_ENTRY("%p, %p", this, active_pcr_banks);
1222 ret = __get_active_pcr_banks(active_pcr_banks);
1223
1224out:
1225 return EFI_EXIT(ret);
1226}
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236static efi_status_t EFIAPI
1237efi_tcg2_set_active_pcr_banks(__maybe_unused struct efi_tcg2_protocol *this,
1238 u32 __maybe_unused active_pcr_banks)
1239{
1240 return EFI_UNSUPPORTED;
1241}
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255static efi_status_t EFIAPI
1256efi_tcg2_get_result_of_set_active_pcr_banks(__maybe_unused struct efi_tcg2_protocol *this,
1257 u32 __maybe_unused *operation_present,
1258 u32 __maybe_unused *response)
1259{
1260 return EFI_UNSUPPORTED;
1261}
1262
1263static const struct efi_tcg2_protocol efi_tcg2_protocol = {
1264 .get_capability = efi_tcg2_get_capability,
1265 .get_eventlog = efi_tcg2_get_eventlog,
1266 .hash_log_extend_event = efi_tcg2_hash_log_extend_event,
1267 .submit_command = efi_tcg2_submit_command,
1268 .get_active_pcr_banks = efi_tcg2_get_active_pcr_banks,
1269 .set_active_pcr_banks = efi_tcg2_set_active_pcr_banks,
1270 .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks,
1271};
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283static efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos)
1284{
1285 struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer;
1286 int i = 0;
1287
1288 if (size < sizeof(*event_header))
1289 return EFI_COMPROMISED_DATA;
1290
1291 if (get_unaligned_le32(&event_header->pcr_index) != 0 ||
1292 get_unaligned_le32(&event_header->event_type) != EV_NO_ACTION)
1293 return EFI_COMPROMISED_DATA;
1294
1295 for (i = 0; i < sizeof(event_header->digest); i++) {
1296 if (event_header->digest[i])
1297 return EFI_COMPROMISED_DATA;
1298 }
1299
1300 *pos += sizeof(*event_header);
1301
1302 return EFI_SUCCESS;
1303}
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320static efi_status_t parse_specid_event(struct udevice *dev, void *buffer,
1321 u32 log_size, u32 *pos,
1322 struct tpml_digest_values *digest_list)
1323{
1324 struct tcg_efi_spec_id_event *spec_event;
1325 struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer;
1326 size_t spec_event_size;
1327 u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0;
1328 u32 spec_active = 0;
1329 u16 hash_alg;
1330 u8 vendor_sz;
1331 int err, i;
1332
1333 if (*pos >= log_size || (*pos + sizeof(*spec_event)) > log_size)
1334 return EFI_COMPROMISED_DATA;
1335
1336
1337 spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer + *pos);
1338
1339 if (memcmp(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03,
1340 sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) {
1341 log_err("specID Event: Signature mismatch\n");
1342 return EFI_COMPROMISED_DATA;
1343 }
1344
1345 if (spec_event->spec_version_minor !=
1346 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 ||
1347 spec_event->spec_version_major !=
1348 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2)
1349 return EFI_COMPROMISED_DATA;
1350
1351 if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
1352 spec_event->number_of_algorithms < 1) {
1353 log_err("specID Event: Number of algorithms incorrect\n");
1354 return EFI_COMPROMISED_DATA;
1355 }
1356
1357 alg_count = spec_event->number_of_algorithms;
1358
1359 err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count);
1360 if (err)
1361 return EFI_DEVICE_ERROR;
1362
1363 digest_list->count = 0;
1364
1365
1366
1367
1368 for (i = 0; i < alg_count; i++) {
1369 hash_alg =
1370 get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id);
1371
1372 if (!(supported & alg_to_mask(hash_alg))) {
1373 log_err("specID Event: Unsupported algorithm\n");
1374 return EFI_COMPROMISED_DATA;
1375 }
1376 digest_list->digests[digest_list->count++].hash_alg = hash_alg;
1377
1378 spec_active |= alg_to_mask(hash_alg);
1379 }
1380
1381
1382
1383
1384
1385 if (spec_active != active) {
1386
1387
1388
1389
1390 log_err("specID Event: All active hash alg not present\n");
1391 return EFI_COMPROMISED_DATA;
1392 }
1393
1394
1395
1396
1397
1398 spec_event_size =
1399 offsetof(struct tcg_efi_spec_id_event, digest_sizes) +
1400 alg_count * sizeof(spec_event->digest_sizes[0]);
1401
1402 if (*pos + spec_event_size >= log_size)
1403 return EFI_COMPROMISED_DATA;
1404
1405 vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos + spec_event_size);
1406
1407 spec_event_size += sizeof(vendor_sz) + vendor_sz;
1408 *pos += spec_event_size;
1409
1410 if (get_unaligned_le32(&event_header->event_size) != spec_event_size) {
1411 log_err("specID event: header event size mismatch\n");
1412
1413 return EFI_COMPROMISED_DATA;
1414 }
1415
1416 return EFI_SUCCESS;
1417}
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432static efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer,
1433 u32 log_size, u32 *offset,
1434 struct tpml_digest_values *digest_list,
1435 u32 *pcr)
1436{
1437 struct tcg_pcr_event2 *event = NULL;
1438 u32 count, size, event_size;
1439 size_t pos;
1440
1441 event_size = tcg_event_final_size(digest_list);
1442 if (*offset >= log_size || *offset + event_size > log_size) {
1443 log_err("Event exceeds log size\n");
1444 return EFI_COMPROMISED_DATA;
1445 }
1446
1447 event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset);
1448 *pcr = get_unaligned_le32(&event->pcr_index);
1449
1450
1451 count = get_unaligned_le32(&event->digests.count);
1452 if (count != digest_list->count)
1453 return EFI_COMPROMISED_DATA;
1454
1455 pos = offsetof(struct tcg_pcr_event2, digests);
1456 pos += offsetof(struct tpml_digest_values, digests);
1457
1458 for (int i = 0; i < digest_list->count; i++) {
1459 u16 alg;
1460 u16 hash_alg = digest_list->digests[i].hash_alg;
1461 u8 *digest = (u8 *)&digest_list->digests[i].digest;
1462
1463 alg = get_unaligned_le16((void *)((uintptr_t)event + pos));
1464
1465 if (alg != hash_alg)
1466 return EFI_COMPROMISED_DATA;
1467
1468 pos += offsetof(struct tpmt_ha, digest);
1469 memcpy(digest, (void *)((uintptr_t)event + pos), alg_to_len(hash_alg));
1470 pos += alg_to_len(hash_alg);
1471 }
1472
1473 size = get_unaligned_le32((void *)((uintptr_t)event + pos));
1474 event_size += size;
1475 pos += sizeof(u32);
1476 pos += size;
1477
1478
1479 if (pos != event_size)
1480 return EFI_COMPROMISED_DATA;
1481
1482 if (pos > log_size)
1483 return EFI_COMPROMISED_DATA;
1484
1485 *offset += pos;
1486
1487 return EFI_SUCCESS;
1488}
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502static efi_status_t tcg2_get_fw_eventlog(struct udevice *dev, void *log_buffer,
1503 size_t *log_sz)
1504{
1505 struct tpml_digest_values digest_list;
1506 void *buffer;
1507 efi_status_t ret;
1508 u32 pcr, pos;
1509 u64 base;
1510 u32 sz;
1511 bool extend_pcr = false;
1512 int i;
1513
1514 ret = platform_get_eventlog(dev, &base, &sz);
1515 if (ret != EFI_SUCCESS)
1516 return ret;
1517
1518 if (sz > TPM2_EVENT_LOG_SIZE)
1519 return EFI_VOLUME_FULL;
1520
1521 buffer = (void *)(uintptr_t)base;
1522 pos = 0;
1523
1524 ret = parse_event_log_header(buffer, sz, &pos);
1525 if (ret)
1526 return ret;
1527
1528 ret = parse_specid_event(dev, buffer, sz, &pos, &digest_list);
1529 if (ret) {
1530 log_err("Error parsing SPEC ID Event\n");
1531 return ret;
1532 }
1533
1534 ret = tcg2_pcr_read(dev, 0, &digest_list);
1535 if (ret) {
1536 log_err("Error reading PCR 0\n");
1537 return ret;
1538 }
1539
1540
1541
1542
1543
1544
1545 for (i = 0; i < digest_list.count; i++) {
1546 u8 hash_buf[TPM2_SHA512_DIGEST_SIZE] = { 0 };
1547 u16 hash_alg = digest_list.digests[i].hash_alg;
1548
1549 if (!memcmp((u8 *)&digest_list.digests[i].digest, hash_buf,
1550 alg_to_len(hash_alg)))
1551 extend_pcr = true;
1552 }
1553
1554 while (pos < sz) {
1555 ret = tcg2_parse_event(dev, buffer, sz, &pos, &digest_list,
1556 &pcr);
1557 if (ret) {
1558 log_err("Error parsing event\n");
1559 return ret;
1560 }
1561 if (extend_pcr) {
1562 ret = tcg2_pcr_extend(dev, pcr, &digest_list);
1563 if (ret != EFI_SUCCESS) {
1564 log_err("Error in extending PCR\n");
1565 return ret;
1566 }
1567
1568
1569 for (i = 0; i < digest_list.count; i++) {
1570 u16 hash_alg = digest_list.digests[i].hash_alg;
1571 u8 *digest =
1572 (u8 *)&digest_list.digests[i].digest;
1573
1574 memset(digest, 0, alg_to_len(hash_alg));
1575 }
1576 }
1577 }
1578
1579 memcpy(log_buffer, buffer, sz);
1580 *log_sz = sz;
1581
1582 return ret;
1583}
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594static efi_status_t create_specid_event(struct udevice *dev, void *buffer,
1595 size_t *event_size)
1596{
1597 struct tcg_efi_spec_id_event *spec_event;
1598 size_t spec_event_size;
1599 efi_status_t ret = EFI_DEVICE_ERROR;
1600 u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0;
1601 int err;
1602 size_t i;
1603
1604
1605
1606
1607
1608
1609
1610 spec_event = (struct tcg_efi_spec_id_event *)buffer;
1611 memcpy(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03,
1612 sizeof(spec_event->signature));
1613 put_unaligned_le32(0, &spec_event->platform_class);
1614 spec_event->spec_version_minor =
1615 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2;
1616 spec_event->spec_version_major =
1617 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2;
1618 spec_event->spec_errata =
1619 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2;
1620 spec_event->uintn_size = sizeof(efi_uintn_t) / sizeof(u32);
1621
1622 err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count);
1623
1624 if (err)
1625 goto out;
1626
1627 for (i = 0; i < pcr_count; i++) {
1628 u16 hash_alg = hash_algo_list[i].hash_alg;
1629 u16 hash_len = hash_algo_list[i].hash_len;
1630
1631 if (active & alg_to_mask(hash_alg)) {
1632 put_unaligned_le16(hash_alg,
1633 &spec_event->digest_sizes[alg_count].algorithm_id);
1634 put_unaligned_le16(hash_len,
1635 &spec_event->digest_sizes[alg_count].digest_size);
1636 alg_count++;
1637 }
1638 }
1639
1640 spec_event->number_of_algorithms = alg_count;
1641 if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
1642 spec_event->number_of_algorithms < 1)
1643 goto out;
1644
1645
1646
1647
1648
1649 spec_event_size =
1650 offsetof(struct tcg_efi_spec_id_event, digest_sizes) +
1651 spec_event->number_of_algorithms * sizeof(spec_event->digest_sizes[0]);
1652
1653 memset(buffer + spec_event_size, 0, 1);
1654
1655 spec_event_size += 1;
1656 *event_size = spec_event_size;
1657
1658 return EFI_SUCCESS;
1659
1660out:
1661 return ret;
1662}
1663
1664
1665
1666
1667void tcg2_uninit(void)
1668{
1669 efi_status_t ret;
1670
1671 ret = efi_install_configuration_table(&efi_guid_final_events, NULL);
1672 if (ret != EFI_SUCCESS)
1673 log_err("Failed to delete final events config table\n");
1674
1675 efi_free_pool(event_log.buffer);
1676 event_log.buffer = NULL;
1677 efi_free_pool(event_log.final_buffer);
1678 event_log.final_buffer = NULL;
1679
1680 if (!is_tcg2_protocol_installed())
1681 return;
1682
1683 ret = efi_remove_protocol(efi_root, &efi_guid_tcg2_protocol,
1684 (void *)&efi_tcg2_protocol);
1685 if (ret != EFI_SUCCESS)
1686 log_err("Failed to remove EFI TCG2 protocol\n");
1687}
1688
1689
1690
1691
1692
1693static efi_status_t create_final_event(void)
1694{
1695 struct efi_tcg2_final_events_table *final_event;
1696 efi_status_t ret;
1697
1698
1699
1700
1701
1702
1703 ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, TPM2_EVENT_LOG_SIZE,
1704 &event_log.final_buffer);
1705 if (ret != EFI_SUCCESS)
1706 goto out;
1707
1708 memset(event_log.final_buffer, 0xff, TPM2_EVENT_LOG_SIZE);
1709 final_event = event_log.final_buffer;
1710 final_event->number_of_events = 0;
1711 final_event->version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;
1712 event_log.final_pos = sizeof(*final_event);
1713 ret = efi_install_configuration_table(&efi_guid_final_events,
1714 final_event);
1715 if (ret != EFI_SUCCESS) {
1716 efi_free_pool(event_log.final_buffer);
1717 event_log.final_buffer = NULL;
1718 }
1719
1720out:
1721 return ret;
1722}
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735static efi_status_t
1736tcg2_measure_event(struct udevice *dev, u32 pcr_index, u32 event_type,
1737 u32 size, u8 event[])
1738{
1739 struct tpml_digest_values digest_list;
1740 efi_status_t ret;
1741
1742 ret = tcg2_create_digest(event, size, &digest_list);
1743 if (ret != EFI_SUCCESS)
1744 goto out;
1745
1746 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
1747 if (ret != EFI_SUCCESS)
1748 goto out;
1749
1750 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
1751 size, event);
1752
1753out:
1754 return ret;
1755}
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765static efi_status_t efi_append_scrtm_version(struct udevice *dev)
1766{
1767 efi_status_t ret;
1768
1769 ret = tcg2_measure_event(dev, 0, EV_S_CRTM_VERSION,
1770 strlen(version_string) + 1,
1771 (u8 *)version_string);
1772
1773 return ret;
1774}
1775
1776
1777
1778
1779
1780
1781static efi_status_t efi_init_event_log(void)
1782{
1783
1784
1785
1786
1787 struct tcg_pcr_event *event_header = NULL;
1788 struct udevice *dev;
1789 size_t spec_event_size;
1790 efi_status_t ret;
1791
1792 ret = platform_get_tpm2_device(&dev);
1793 if (ret != EFI_SUCCESS)
1794 return ret;
1795
1796 ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE,
1797 (void **)&event_log.buffer);
1798 if (ret != EFI_SUCCESS)
1799 return ret;
1800
1801
1802
1803
1804
1805 memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE);
1806
1807
1808
1809
1810
1811 event_header = (struct tcg_pcr_event *)event_log.buffer;
1812 event_log.pos = 0;
1813 event_log.last_event_size = 0;
1814 event_log.get_event_called = false;
1815 event_log.ebs_called = false;
1816 event_log.truncated = false;
1817
1818
1819
1820
1821
1822 ret = tcg2_get_fw_eventlog(dev, event_log.buffer, &event_log.pos);
1823
1824
1825
1826
1827 if (ret == EFI_NOT_FOUND) {
1828 put_unaligned_le32(0, &event_header->pcr_index);
1829 put_unaligned_le32(EV_NO_ACTION, &event_header->event_type);
1830 memset(&event_header->digest, 0, sizeof(event_header->digest));
1831 ret = create_specid_event(dev,
1832 (void *)((uintptr_t)event_log.buffer +
1833 sizeof(*event_header)),
1834 &spec_event_size);
1835 if (ret != EFI_SUCCESS)
1836 goto free_pool;
1837 put_unaligned_le32(spec_event_size, &event_header->event_size);
1838 event_log.pos = spec_event_size + sizeof(*event_header);
1839 event_log.last_event_size = event_log.pos;
1840
1841
1842
1843
1844
1845 ret = efi_append_scrtm_version(dev);
1846 }
1847
1848 if (ret != EFI_SUCCESS)
1849 goto free_pool;
1850
1851 ret = create_final_event();
1852 if (ret != EFI_SUCCESS)
1853 goto free_pool;
1854
1855 return ret;
1856
1857free_pool:
1858 efi_free_pool(event_log.buffer);
1859 event_log.buffer = NULL;
1860 return ret;
1861}
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876static efi_status_t tcg2_measure_variable(struct udevice *dev, u32 pcr_index,
1877 u32 event_type, const u16 *var_name,
1878 const efi_guid_t *guid,
1879 efi_uintn_t data_size, u8 *data)
1880{
1881 u32 event_size;
1882 efi_status_t ret;
1883 struct efi_tcg2_uefi_variable_data *event;
1884
1885 event_size = sizeof(event->variable_name) +
1886 sizeof(event->unicode_name_length) +
1887 sizeof(event->variable_data_length) +
1888 (u16_strlen(var_name) * sizeof(u16)) + data_size;
1889 event = malloc(event_size);
1890 if (!event)
1891 return EFI_OUT_OF_RESOURCES;
1892
1893 guidcpy(&event->variable_name, guid);
1894 event->unicode_name_length = u16_strlen(var_name);
1895 event->variable_data_length = data_size;
1896 memcpy(event->unicode_name, var_name,
1897 (event->unicode_name_length * sizeof(u16)));
1898 if (data) {
1899 memcpy((u16 *)event->unicode_name + event->unicode_name_length,
1900 data, data_size);
1901 }
1902 ret = tcg2_measure_event(dev, pcr_index, event_type, event_size,
1903 (u8 *)event);
1904 free(event);
1905 return ret;
1906}
1907
1908
1909
1910
1911
1912
1913
1914
1915static efi_status_t tcg2_measure_boot_variable(struct udevice *dev)
1916{
1917 u16 *boot_order;
1918 u16 *boot_index;
1919 u16 var_name[] = u"BootOrder";
1920 u16 boot_name[] = u"Boot####";
1921 u8 *bootvar;
1922 efi_uintn_t var_data_size;
1923 u32 count, i;
1924 efi_status_t ret;
1925
1926 boot_order = efi_get_var(var_name, &efi_global_variable_guid,
1927 &var_data_size);
1928 if (!boot_order) {
1929
1930 return EFI_SUCCESS;
1931 }
1932
1933 ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2, var_name,
1934 &efi_global_variable_guid, var_data_size,
1935 (u8 *)boot_order);
1936 if (ret != EFI_SUCCESS)
1937 goto error;
1938
1939 count = var_data_size / sizeof(*boot_order);
1940 boot_index = boot_order;
1941 for (i = 0; i < count; i++) {
1942 efi_create_indexed_name(boot_name, sizeof(boot_name),
1943 "Boot", *boot_index++);
1944
1945 bootvar = efi_get_var(boot_name, &efi_global_variable_guid,
1946 &var_data_size);
1947
1948 if (!bootvar) {
1949 log_debug("%ls not found\n", boot_name);
1950 continue;
1951 }
1952
1953 ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2,
1954 boot_name,
1955 &efi_global_variable_guid,
1956 var_data_size, bootvar);
1957 free(bootvar);
1958 if (ret != EFI_SUCCESS)
1959 goto error;
1960 }
1961
1962error:
1963 free(boot_order);
1964 return ret;
1965}
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975static efi_status_t
1976tcg2_measure_smbios(struct udevice *dev,
1977 const struct smbios_entry *entry)
1978{
1979 efi_status_t ret;
1980 struct smbios_header *smbios_copy;
1981 struct smbios_handoff_table_pointers2 *event = NULL;
1982 u32 event_size;
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993 event_size = sizeof(struct smbios_handoff_table_pointers2) +
1994 FIELD_SIZEOF(struct efi_configuration_table, guid) +
1995 entry->struct_table_length;
1996 event = calloc(1, event_size);
1997 if (!event) {
1998 ret = EFI_OUT_OF_RESOURCES;
1999 goto out;
2000 }
2001
2002 event->table_description_size = sizeof(SMBIOS_HANDOFF_TABLE_DESC);
2003 memcpy(event->table_description, SMBIOS_HANDOFF_TABLE_DESC,
2004 sizeof(SMBIOS_HANDOFF_TABLE_DESC));
2005 put_unaligned_le64(1, &event->number_of_tables);
2006 guidcpy(&event->table_entry[0].guid, &smbios_guid);
2007 smbios_copy = (struct smbios_header *)((uintptr_t)&event->table_entry[0].table);
2008 memcpy(&event->table_entry[0].table,
2009 (void *)((uintptr_t)entry->struct_table_address),
2010 entry->struct_table_length);
2011
2012 smbios_prepare_measurement(entry, smbios_copy);
2013
2014 ret = tcg2_measure_event(dev, 1, EV_EFI_HANDOFF_TABLES2, event_size,
2015 (u8 *)event);
2016 if (ret != EFI_SUCCESS)
2017 goto out;
2018
2019out:
2020 free(event);
2021
2022 return ret;
2023}
2024
2025
2026
2027
2028
2029
2030static void *find_smbios_table(void)
2031{
2032 u32 i;
2033
2034 for (i = 0; i < systab.nr_tables; i++) {
2035 if (!guidcmp(&smbios_guid, &systab.tables[i].guid))
2036 return systab.tables[i].table;
2037 }
2038
2039 return NULL;
2040}
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050static efi_status_t
2051tcg2_measure_gpt_data(struct udevice *dev,
2052 struct efi_loaded_image_obj *loaded_image)
2053{
2054 efi_status_t ret;
2055 efi_handle_t handle;
2056 struct efi_handler *dp_handler, *io_handler;
2057 struct efi_device_path *orig_device_path;
2058 struct efi_device_path *device_path;
2059 struct efi_device_path *dp;
2060 struct efi_block_io *block_io;
2061 struct efi_gpt_data *event = NULL;
2062 efi_guid_t null_guid = NULL_GUID;
2063 gpt_header *gpt_h;
2064 gpt_entry *entry = NULL;
2065 gpt_entry *gpt_e;
2066 u32 num_of_valid_entry = 0;
2067 u32 event_size;
2068 u32 i;
2069 u32 total_gpt_entry_size;
2070
2071 ret = efi_search_protocol(&loaded_image->header,
2072 &efi_guid_loaded_image_device_path,
2073 &dp_handler);
2074 if (ret != EFI_SUCCESS)
2075 return ret;
2076
2077 orig_device_path = dp_handler->protocol_interface;
2078 if (!orig_device_path)
2079 return EFI_SUCCESS;
2080
2081 device_path = efi_dp_dup(orig_device_path);
2082 if (!device_path)
2083 return EFI_OUT_OF_RESOURCES;
2084
2085 dp = search_gpt_dp_node(device_path);
2086 if (!dp) {
2087
2088 ret = EFI_SUCCESS;
2089 goto out1;
2090 }
2091
2092
2093 dp->type = DEVICE_PATH_TYPE_END;
2094 dp->sub_type = DEVICE_PATH_SUB_TYPE_END;
2095 dp = device_path;
2096 ret = EFI_CALL(systab.boottime->locate_device_path(&efi_block_io_guid,
2097 &dp, &handle));
2098 if (ret != EFI_SUCCESS)
2099 goto out1;
2100
2101 ret = efi_search_protocol(handle, &efi_block_io_guid, &io_handler);
2102 if (ret != EFI_SUCCESS)
2103 goto out1;
2104 block_io = io_handler->protocol_interface;
2105
2106 gpt_h = memalign(block_io->media->io_align, block_io->media->block_size);
2107 if (!gpt_h) {
2108 ret = EFI_OUT_OF_RESOURCES;
2109 goto out2;
2110 }
2111
2112 ret = block_io->read_blocks(block_io, block_io->media->media_id, 1,
2113 block_io->media->block_size, gpt_h);
2114 if (ret != EFI_SUCCESS)
2115 goto out2;
2116
2117
2118 total_gpt_entry_size = gpt_h->num_partition_entries *
2119 gpt_h->sizeof_partition_entry;
2120 entry = memalign(block_io->media->io_align, total_gpt_entry_size);
2121 if (!entry) {
2122 ret = EFI_OUT_OF_RESOURCES;
2123 goto out2;
2124 }
2125
2126 ret = block_io->read_blocks(block_io, block_io->media->media_id,
2127 gpt_h->partition_entry_lba,
2128 total_gpt_entry_size, entry);
2129 if (ret != EFI_SUCCESS)
2130 goto out2;
2131
2132
2133 gpt_e = entry;
2134 for (i = 0; i < gpt_h->num_partition_entries; i++) {
2135 if (guidcmp(&null_guid, &gpt_e->partition_type_guid))
2136 num_of_valid_entry++;
2137
2138 gpt_e = (gpt_entry *)((u8 *)gpt_e + gpt_h->sizeof_partition_entry);
2139 }
2140
2141
2142 event_size = sizeof(struct efi_gpt_data) +
2143 (num_of_valid_entry * gpt_h->sizeof_partition_entry);
2144 event = calloc(1, event_size);
2145 if (!event) {
2146 ret = EFI_OUT_OF_RESOURCES;
2147 goto out2;
2148 }
2149 memcpy(event, gpt_h, sizeof(gpt_header));
2150 put_unaligned_le64(num_of_valid_entry, &event->number_of_partitions);
2151
2152
2153 gpt_e = entry;
2154 num_of_valid_entry = 0;
2155 for (i = 0; i < gpt_h->num_partition_entries; i++) {
2156 if (guidcmp(&null_guid, &gpt_e->partition_type_guid)) {
2157 memcpy((u8 *)event->partitions +
2158 (num_of_valid_entry * gpt_h->sizeof_partition_entry),
2159 gpt_e, gpt_h->sizeof_partition_entry);
2160 num_of_valid_entry++;
2161 }
2162
2163 gpt_e = (gpt_entry *)((u8 *)gpt_e + gpt_h->sizeof_partition_entry);
2164 }
2165
2166 ret = tcg2_measure_event(dev, 5, EV_EFI_GPT_EVENT, event_size, (u8 *)event);
2167
2168out2:
2169 free(gpt_h);
2170 free(entry);
2171 free(event);
2172out1:
2173 efi_free_pool(device_path);
2174
2175 return ret;
2176}
2177
2178
2179
2180
2181
2182
2183efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *handle)
2184{
2185 efi_status_t ret;
2186 u32 pcr_index;
2187 struct udevice *dev;
2188 u32 event = 0;
2189 struct smbios_entry *entry;
2190
2191 if (!is_tcg2_protocol_installed())
2192 return EFI_SUCCESS;
2193
2194 if (tcg2_efi_app_invoked)
2195 return EFI_SUCCESS;
2196
2197 ret = platform_get_tpm2_device(&dev);
2198 if (ret != EFI_SUCCESS)
2199 return EFI_SECURITY_VIOLATION;
2200
2201 ret = tcg2_measure_boot_variable(dev);
2202 if (ret != EFI_SUCCESS)
2203 goto out;
2204
2205 ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION,
2206 strlen(EFI_CALLING_EFI_APPLICATION),
2207 (u8 *)EFI_CALLING_EFI_APPLICATION);
2208 if (ret != EFI_SUCCESS)
2209 goto out;
2210
2211 entry = (struct smbios_entry *)find_smbios_table();
2212 if (entry) {
2213 ret = tcg2_measure_smbios(dev, entry);
2214 if (ret != EFI_SUCCESS)
2215 goto out;
2216 }
2217
2218 ret = tcg2_measure_gpt_data(dev, handle);
2219 if (ret != EFI_SUCCESS)
2220 goto out;
2221
2222 for (pcr_index = 0; pcr_index <= 7; pcr_index++) {
2223 ret = tcg2_measure_event(dev, pcr_index, EV_SEPARATOR,
2224 sizeof(event), (u8 *)&event);
2225 if (ret != EFI_SUCCESS)
2226 goto out;
2227 }
2228
2229 tcg2_efi_app_invoked = true;
2230out:
2231 return ret;
2232}
2233
2234
2235
2236
2237
2238
2239efi_status_t efi_tcg2_measure_efi_app_exit(void)
2240{
2241 efi_status_t ret;
2242 struct udevice *dev;
2243
2244 if (!is_tcg2_protocol_installed())
2245 return EFI_SUCCESS;
2246
2247 ret = platform_get_tpm2_device(&dev);
2248 if (ret != EFI_SUCCESS)
2249 return ret;
2250
2251 ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION,
2252 strlen(EFI_RETURNING_FROM_EFI_APPLICATION),
2253 (u8 *)EFI_RETURNING_FROM_EFI_APPLICATION);
2254 return ret;
2255}
2256
2257
2258
2259
2260
2261
2262
2263static void EFIAPI
2264efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context)
2265{
2266 efi_status_t ret;
2267 struct udevice *dev;
2268
2269 EFI_ENTRY("%p, %p", event, context);
2270
2271 event_log.ebs_called = true;
2272
2273 if (!is_tcg2_protocol_installed()) {
2274 ret = EFI_SUCCESS;
2275 goto out;
2276 }
2277
2278 ret = platform_get_tpm2_device(&dev);
2279 if (ret != EFI_SUCCESS)
2280 goto out;
2281
2282 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
2283 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
2284 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
2285 if (ret != EFI_SUCCESS)
2286 goto out;
2287
2288 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
2289 strlen(EFI_EXIT_BOOT_SERVICES_SUCCEEDED),
2290 (u8 *)EFI_EXIT_BOOT_SERVICES_SUCCEEDED);
2291
2292out:
2293 EFI_EXIT(ret);
2294}
2295
2296
2297
2298
2299
2300
2301
2302efi_status_t efi_tcg2_notify_exit_boot_services_failed(void)
2303{
2304 struct udevice *dev;
2305 efi_status_t ret;
2306
2307 if (!is_tcg2_protocol_installed())
2308 return EFI_SUCCESS;
2309
2310 ret = platform_get_tpm2_device(&dev);
2311 if (ret != EFI_SUCCESS)
2312 goto out;
2313
2314 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
2315 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
2316 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
2317 if (ret != EFI_SUCCESS)
2318 goto out;
2319
2320 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
2321 strlen(EFI_EXIT_BOOT_SERVICES_FAILED),
2322 (u8 *)EFI_EXIT_BOOT_SERVICES_FAILED);
2323
2324out:
2325 return ret;
2326}
2327
2328
2329
2330
2331
2332
2333
2334
2335static efi_status_t tcg2_measure_secure_boot_variable(struct udevice *dev)
2336{
2337 u8 *data;
2338 efi_uintn_t data_size;
2339 u32 count, i;
2340 efi_status_t ret;
2341 u8 deployed_mode;
2342 efi_uintn_t size;
2343 u32 deployed_audit_pcr_index = 1;
2344
2345 size = sizeof(deployed_mode);
2346 ret = efi_get_variable_int(u"DeployedMode", &efi_global_variable_guid,
2347 NULL, &size, &deployed_mode, NULL);
2348 if (ret != EFI_SUCCESS || !deployed_mode)
2349 deployed_audit_pcr_index = 7;
2350
2351 count = ARRAY_SIZE(secure_variables);
2352 for (i = 0; i < count; i++) {
2353 const efi_guid_t *guid;
2354
2355 guid = efi_auth_var_get_guid(secure_variables[i].name);
2356
2357 data = efi_get_var(secure_variables[i].name, guid, &data_size);
2358 if (!data && !secure_variables[i].accept_empty)
2359 continue;
2360
2361 if (u16_strcmp(u"DeployedMode", secure_variables[i].name))
2362 secure_variables[i].pcr_index = deployed_audit_pcr_index;
2363 if (u16_strcmp(u"AuditMode", secure_variables[i].name))
2364 secure_variables[i].pcr_index = deployed_audit_pcr_index;
2365
2366 ret = tcg2_measure_variable(dev, secure_variables[i].pcr_index,
2367 EV_EFI_VARIABLE_DRIVER_CONFIG,
2368 secure_variables[i].name, guid,
2369 data_size, data);
2370 free(data);
2371 if (ret != EFI_SUCCESS)
2372 goto error;
2373 }
2374
2375error:
2376 return ret;
2377}
2378
2379
2380
2381
2382
2383
2384efi_status_t efi_tcg2_do_initial_measurement(void)
2385{
2386 efi_status_t ret;
2387 struct udevice *dev;
2388
2389 if (!is_tcg2_protocol_installed())
2390 return EFI_SUCCESS;
2391
2392 ret = platform_get_tpm2_device(&dev);
2393 if (ret != EFI_SUCCESS)
2394 return EFI_SECURITY_VIOLATION;
2395
2396 ret = tcg2_measure_secure_boot_variable(dev);
2397 if (ret != EFI_SUCCESS)
2398 goto out;
2399
2400out:
2401 return ret;
2402}
2403
2404
2405
2406
2407
2408
2409
2410
2411efi_status_t efi_tcg2_register(void)
2412{
2413 efi_status_t ret = EFI_SUCCESS;
2414 struct udevice *dev;
2415 struct efi_event *event;
2416 u32 err;
2417
2418 ret = platform_get_tpm2_device(&dev);
2419 if (ret != EFI_SUCCESS) {
2420 log_warning("Unable to find TPMv2 device\n");
2421 return EFI_SUCCESS;
2422 }
2423
2424
2425 err = tpm_startup(dev, TPM_ST_CLEAR);
2426 if (err) {
2427 log_err("TPM startup failed\n");
2428 goto fail;
2429 }
2430
2431 ret = efi_init_event_log();
2432 if (ret != EFI_SUCCESS) {
2433 tcg2_uninit();
2434 goto fail;
2435 }
2436
2437 ret = efi_add_protocol(efi_root, &efi_guid_tcg2_protocol,
2438 (void *)&efi_tcg2_protocol);
2439 if (ret != EFI_SUCCESS) {
2440 tcg2_uninit();
2441 goto fail;
2442 }
2443
2444 ret = efi_create_event(EVT_SIGNAL_EXIT_BOOT_SERVICES, TPL_CALLBACK,
2445 efi_tcg2_notify_exit_boot_services, NULL,
2446 NULL, &event);
2447 if (ret != EFI_SUCCESS) {
2448 tcg2_uninit();
2449 goto fail;
2450 }
2451
2452 return ret;
2453
2454fail:
2455 log_err("Cannot install EFI_TCG2_PROTOCOL\n");
2456 return ret;
2457}
2458
