[PATCH v7 0/3] PE/COFF measurement support

[PATCH v7 0/3] PE/COFF measurement support

[Masahisa Kojima]

This patch series add the PE/COFF measurement support.
Extending PCR and Event Log is tested with fTPM
running as a OP-TEE TA.
Unit test will be added in the separate series.

Masahisa Kojima (3):
  lib: introduce HASH_CALCULATE option
  efi_loader: expose efi_image_parse() even if UEFI Secure Boot is
    disabled
  efi_loader: add PE/COFF image measurement

 common/Kconfig.boot               |   1 +
 include/efi_loader.h              |   6 +
 include/efi_tcg2.h                |   9 ++
 include/tpm-v2.h                  |  18 +++
 lib/Kconfig                       |   3 +
 lib/Makefile                      |   2 +-
 lib/efi_loader/Kconfig            |   9 ++
 lib/efi_loader/Makefile           |   2 +-
 lib/efi_loader/efi_image_loader.c | 123 +++++++++++++++---
 lib/efi_loader/efi_signature.c    |  67 +---------
 lib/efi_loader/efi_tcg2.c         | 207 ++++++++++++++++++++++++++++--
 lib/efi_loader/efi_var_common.c   |   3 +
 12 files changed, 357 insertions(+), 93 deletions(-)

-- 
2.17.1

[PATCH v7 1/3] lib: introduce HASH_CALCULATE option

[Masahisa Kojima]

Build error occurs when CONFIG_EFI_SECURE_BOOT or
CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
because hash-checksum.c is not compiled.

Since hash_calculate() implemented in hash-checksum.c can be
commonly used aside from FIT image signature verification,
this commit itroduces HASH_CALCULATE option to decide
if hash-checksum.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---

Changes in v7:
- newly introduce HASH_CALCULATE option

Changes in v6:
- update lib/Makefile to compile hash-checksum.c, instead of
  selecting FIT_SIGNATURE in secure boot and capsule authentication.

Changes in v5:
- Missing option for EFI_TCG2_PROTOROL already added in different commit.
  This commit adds FIT_SIGNATURE only.

Changes in v4:
- newly added in this patch series, due to rebasing
  the base code.

 common/Kconfig.boot    | 1 +
 lib/Kconfig            | 3 +++
 lib/Makefile           | 2 +-
 lib/efi_loader/Kconfig | 2 ++
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 5a18d62d78..56608226cc 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -80,6 +80,7 @@ config FIT_SIGNATURE
 	select RSA_VERIFY
 	select IMAGE_SIGN_INFO
 	select FIT_FULL_CHECK
+	select HASH_CALCULATE
 	help
 	  This option enables signature verification of FIT uImages,
 	  using a hash signed and verified using RSA. If
diff --git a/lib/Kconfig b/lib/Kconfig
index 6d2d41de30..df67eb0503 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -428,6 +428,9 @@ config CRC32C
 config XXHASH
 	bool
 
+config HASH_CALCULATE
+	bool
+
 endmenu
 
 menu "Compression Support"
diff --git a/lib/Makefile b/lib/Makefile
index 6825671955..0835ea292c 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -61,7 +61,7 @@ endif
 obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/
 obj-$(CONFIG_$(SPL_)MD5) += md5.o
 obj-$(CONFIG_$(SPL_)RSA) += rsa/
-obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o
+obj-$(CONFIG_HASH_CALCULATE) += hash-checksum.o
 obj-$(CONFIG_SHA1) += sha1.o
 obj-$(CONFIG_SHA256) += sha256.o
 obj-$(CONFIG_SHA512_ALGO) += sha512.o
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index c259abe033..eb5c4d6f29 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -174,6 +174,7 @@ config EFI_CAPSULE_AUTHENTICATE
 	select PKCS7_MESSAGE_PARSER
 	select PKCS7_VERIFY
 	select IMAGE_SIGN_INFO
+	select HASH_CALCULATE
 	default n
 	help
 	  Select this option if you want to enable capsule
@@ -342,6 +343,7 @@ config EFI_SECURE_BOOT
 	select X509_CERTIFICATE_PARSER
 	select PKCS7_MESSAGE_PARSER
 	select PKCS7_VERIFY
+	select HASH_CALCULATE
 	default n
 	help
 	  Select this option to enable EFI secure boot support.
-- 
2.17.1

[PATCH v7 2/3] efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled

[Masahisa Kojima]

This is preparation for PE/COFF measurement support.
PE/COFF image hash calculation is same in both
UEFI Secure Boot image verification and measurement in
measured boot. PE/COFF image parsing functions are
gathered into efi_image_loader.c, and exposed even if
UEFI Secure Boot is not enabled.

This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---

(no changes since v4)

Changes in v4:
- revert #ifdef instead of using "if (!IS_ENABLED())" statement,
  not to rely on the compiler optimization.

Changes in v3:
- hide EFI_SIGNATURE_SUPPORT option

Changes in v2:
- Remove all #ifdef from efi_image_loader.c and efi_signature.c
- Add EFI_SIGNATURE_SUPPORT option
- Explicitly include <u-boot/hash-checksum.h>
- Gather PE/COFF parsing functions into efi_image_loader.c
- Move efi_guid_t efi_guid_image_security_database in efi_var_common.c

 lib/efi_loader/Kconfig            |  6 +++
 lib/efi_loader/Makefile           |  2 +-
 lib/efi_loader/efi_image_loader.c | 64 ++++++++++++++++++++++++++++-
 lib/efi_loader/efi_signature.c    | 67 +------------------------------
 lib/efi_loader/efi_var_common.c   |  3 ++
 5 files changed, 74 insertions(+), 68 deletions(-)

diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index eb5c4d6f29..dff85cea26 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -175,6 +175,7 @@ config EFI_CAPSULE_AUTHENTICATE
 	select PKCS7_VERIFY
 	select IMAGE_SIGN_INFO
 	select HASH_CALCULATE
+	select EFI_SIGNATURE_SUPPORT
 	default n
 	help
 	  Select this option if you want to enable capsule
@@ -344,6 +345,7 @@ config EFI_SECURE_BOOT
 	select PKCS7_MESSAGE_PARSER
 	select PKCS7_VERIFY
 	select HASH_CALCULATE
+	select EFI_SIGNATURE_SUPPORT
 	default n
 	help
 	  Select this option to enable EFI secure boot support.
@@ -351,6 +353,10 @@ config EFI_SECURE_BOOT
 	  it is signed with a trusted key. To do that, you need to install,
 	  at least, PK, KEK and db.
 
+config EFI_SIGNATURE_SUPPORT
+	bool
+	depends on EFI_SECURE_BOOT || EFI_CAPSULE_AUTHENTICATE
+
 config EFI_ESRT
 	bool "Enable the UEFI ESRT generation"
 	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile
index 8bd343e258..fd344cea29 100644
--- a/lib/efi_loader/Makefile
+++ b/lib/efi_loader/Makefile
@@ -63,7 +63,7 @@ obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += efi_smbios.o
 obj-$(CONFIG_EFI_RNG_PROTOCOL) += efi_rng.o
 obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o
 obj-$(CONFIG_EFI_LOAD_FILE2_INITRD) += efi_load_initrd.o
-obj-y += efi_signature.o
+obj-$(CONFIG_EFI_SIGNATURE_SUPPORT) += efi_signature.o
 
 EFI_VAR_SEED_FILE := $(subst $\",,$(CONFIG_EFI_VAR_SEED_FILE))
 $(obj)/efi_var_seed.o: $(srctree)/$(EFI_VAR_SEED_FILE)
diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index f53ef367ec..fe1ee198e2 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -213,7 +213,68 @@ static void efi_set_code_and_data_type(
 	}
 }
 
-#ifdef CONFIG_EFI_SECURE_BOOT
+/**
+ * efi_image_region_add() - add an entry of region
+ * @regs:	Pointer to array of regions
+ * @start:	Start address of region (included)
+ * @end:	End address of region (excluded)
+ * @nocheck:	flag against overlapped regions
+ *
+ * Take one entry of region [@start, @end[ and insert it into the list.
+ *
+ * * If @nocheck is false, the list will be sorted ascending by address.
+ *   Overlapping entries will not be allowed.
+ *
+ * * If @nocheck is true, the list will be sorted ascending by sequence
+ *   of adding the entries. Overlapping is allowed.
+ *
+ * Return:	status code
+ */
+efi_status_t efi_image_region_add(struct efi_image_regions *regs,
+				  const void *start, const void *end,
+				  int nocheck)
+{
+	struct image_region *reg;
+	int i, j;
+
+	if (regs->num >= regs->max) {
+		EFI_PRINT("%s: no more room for regions\n", __func__);
+		return EFI_OUT_OF_RESOURCES;
+	}
+
+	if (end < start)
+		return EFI_INVALID_PARAMETER;
+
+	for (i = 0; i < regs->num; i++) {
+		reg = &regs->reg[i];
+		if (nocheck)
+			continue;
+
+		/* new data after registered region */
+		if (start >= reg->data + reg->size)
+			continue;
+
+		/* new data preceding registered region */
+		if (end <= reg->data) {
+			for (j = regs->num - 1; j >= i; j--)
+				memcpy(&regs->reg[j + 1], &regs->reg[j],
+				       sizeof(*reg));
+			break;
+		}
+
+		/* new data overlapping registered region */
+		EFI_PRINT("%s: new region already part of another\n", __func__);
+		return EFI_INVALID_PARAMETER;
+	}
+
+	reg = &regs->reg[i];
+	reg->data = start;
+	reg->size = end - start;
+	regs->num++;
+
+	return EFI_SUCCESS;
+}
+
 /**
  * cmp_pe_section() - compare virtual addresses of two PE image sections
  * @arg1:	pointer to pointer to first section header
@@ -422,6 +483,7 @@ err:
 	return false;
 }
 
+#ifdef CONFIG_EFI_SECURE_BOOT
 /**
  * efi_image_unsigned_authenticate() - authenticate unsigned image with
  * SHA256 hash
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
index c7ec275414..bdd09881fc 100644
--- a/lib/efi_loader/efi_signature.c
+++ b/lib/efi_loader/efi_signature.c
@@ -15,18 +15,16 @@
 #include <crypto/public_key.h>
 #include <linux/compat.h>
 #include <linux/oid_registry.h>
+#include <u-boot/hash-checksum.h>
 #include <u-boot/rsa.h>
 #include <u-boot/sha256.h>
 
-const efi_guid_t efi_guid_image_security_database =
-		EFI_IMAGE_SECURITY_DATABASE_GUID;
 const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID;
 const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID;
 const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID;
 const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID;
 const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
 
-#if defined(CONFIG_EFI_SECURE_BOOT) || defined(CONFIG_EFI_CAPSULE_AUTHENTICATE)
 static u8 pkcs7_hdr[] = {
 	/* SEQUENCE */
 	0x30, 0x82, 0x05, 0xc7,
@@ -539,68 +537,6 @@ out:
 	return !revoked;
 }
 
-/**
- * efi_image_region_add() - add an entry of region
- * @regs:	Pointer to array of regions
- * @start:	Start address of region (included)
- * @end:	End address of region (excluded)
- * @nocheck:	flag against overlapped regions
- *
- * Take one entry of region [@start, @end[ and insert it into the list.
- *
- * * If @nocheck is false, the list will be sorted ascending by address.
- *   Overlapping entries will not be allowed.
- *
- * * If @nocheck is true, the list will be sorted ascending by sequence
- *   of adding the entries. Overlapping is allowed.
- *
- * Return:	status code
- */
-efi_status_t efi_image_region_add(struct efi_image_regions *regs,
-				  const void *start, const void *end,
-				  int nocheck)
-{
-	struct image_region *reg;
-	int i, j;
-
-	if (regs->num >= regs->max) {
-		EFI_PRINT("%s: no more room for regions\n", __func__);
-		return EFI_OUT_OF_RESOURCES;
-	}
-
-	if (end < start)
-		return EFI_INVALID_PARAMETER;
-
-	for (i = 0; i < regs->num; i++) {
-		reg = &regs->reg[i];
-		if (nocheck)
-			continue;
-
-		/* new data after registered region */
-		if (start >= reg->data + reg->size)
-			continue;
-
-		/* new data preceding registered region */
-		if (end <= reg->data) {
-			for (j = regs->num - 1; j >= i; j--)
-				memcpy(&regs->reg[j + 1], &regs->reg[j],
-				       sizeof(*reg));
-			break;
-		}
-
-		/* new data overlapping registered region */
-		EFI_PRINT("%s: new region already part of another\n", __func__);
-		return EFI_INVALID_PARAMETER;
-	}
-
-	reg = &regs->reg[i];
-	reg->data = start;
-	reg->size = end - start;
-	regs->num++;
-
-	return EFI_SUCCESS;
-}
-
 /**
  * efi_sigstore_free - free signature store
  * @sigstore:	Pointer to signature store structure
@@ -846,4 +782,3 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
 
 	return efi_build_signature_store(db, db_size);
 }
-#endif /* CONFIG_EFI_SECURE_BOOT || CONFIG_EFI_CAPSULE_AUTHENTICATE */
diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
index b11ed91a74..83479dd142 100644
--- a/lib/efi_loader/efi_var_common.c
+++ b/lib/efi_loader/efi_var_common.c
@@ -24,6 +24,9 @@ struct efi_auth_var_name_type {
 	const enum efi_auth_var_type type;
 };
 
+const efi_guid_t efi_guid_image_security_database =
+		EFI_IMAGE_SECURITY_DATABASE_GUID;
+
 static const struct efi_auth_var_name_type name_type[] = {
 	{u"PK", &efi_global_variable_guid, EFI_AUTH_VAR_PK},
 	{u"KEK", &efi_global_variable_guid, EFI_AUTH_VAR_KEK},
-- 
2.17.1

[PATCH v7 3/3] efi_loader: add PE/COFF image measurement

[Masahisa Kojima]

"TCG PC Client Platform Firmware Profile Specification"
requires to measure every attempt to load and execute
a OS Loader(a UEFI application) into PCR[4].
This commit adds the PE/COFF image measurement, extends PCR,
and appends measurement into Event Log.

Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
---

Changes in v7:
- include hash-checksum.h instead of rsa.h
- select HASH_CALCULATE in Kconfig, not to update lib/Makefile
- rebased the base code

Changes in v6:
- update lib/Makefile to add hash-checksum.c as a compilation target

(no changes since v2)

Changes in v2:
- Remove duplicate <efi.h> include
- Remove unnecessary __packed attribute
- Add all EV_EFI_* event definition
- Create common function to prepare 8-byte aligned image
- Add measurement for EV_EFI_BOOT_SERVICES_DRIVER and
  EV_EFI_RUNTIME_SERVICES_DRIVER
- Use efi_search_protocol() to get device_path
- Add function comment

 include/efi_loader.h              |   6 +
 include/efi_tcg2.h                |   9 ++
 include/tpm-v2.h                  |  18 +++
 lib/efi_loader/Kconfig            |   1 +
 lib/efi_loader/efi_image_loader.c |  59 +++++++--
 lib/efi_loader/efi_tcg2.c         | 207 ++++++++++++++++++++++++++++--
 6 files changed, 276 insertions(+), 24 deletions(-)

diff --git a/include/efi_loader.h b/include/efi_loader.h
index de1a496a97..9f2854a255 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -426,6 +426,10 @@ efi_status_t efi_disk_register(void);
 efi_status_t efi_rng_register(void);
 /* Called by efi_init_obj_list() to install EFI_TCG2_PROTOCOL */
 efi_status_t efi_tcg2_register(void);
+/* measure the pe-coff image, extend PCR and add Event Log */
+efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size,
+				   struct efi_loaded_image_obj *handle,
+				   struct efi_loaded_image *loaded_image_info);
 /* Create handles and protocols for the partitions of a block device */
 int efi_disk_create_partitions(efi_handle_t parent, struct blk_desc *desc,
 			       const char *if_typename, int diskid,
@@ -847,6 +851,8 @@ bool efi_secure_boot_enabled(void);
 
 bool efi_capsule_auth_enabled(void);
 
+void *efi_prepare_aligned_image(void *efi, u64 *efi_size, void **new_efi);
+
 bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
 		     WIN_CERTIFICATE **auth, size_t *auth_len);
 
diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h
index 40e241ce31..bcfb98168a 100644
--- a/include/efi_tcg2.h
+++ b/include/efi_tcg2.h
@@ -9,6 +9,7 @@
 #if !defined _EFI_TCG2_PROTOCOL_H_
 #define _EFI_TCG2_PROTOCOL_H_
 
+#include <efi_api.h>
 #include <tpm-v2.h>
 
 #define EFI_TCG2_PROTOCOL_GUID \
@@ -53,6 +54,14 @@ struct efi_tcg2_event {
 	u8 event[];
 } __packed;
 
+struct uefi_image_load_event {
+	efi_physical_addr_t image_location_in_memory;
+	u64 image_length_in_memory;
+	u64 image_link_time_address;
+	u64 length_of_device_path;
+	struct efi_device_path device_path[];
+};
+
 struct efi_tcg2_boot_service_capability {
 	u8 size;
 	struct efi_tcg2_version structure_version;
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 7de7d6a57d..247b386967 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -70,6 +70,24 @@ struct udevice;
 #define EV_TABLE_OF_DEVICES		((u32)0x0000000B)
 #define EV_COMPACT_HASH			((u32)0x0000000C)
 
+/*
+ * event types, cf.
+ * "TCG PC Client Platform Firmware Profile Specification", Family "2.0"
+ * rev 1.04, June 3, 2019
+ */
+#define EV_EFI_EVENT_BASE			((u32)0x80000000)
+#define EV_EFI_VARIABLE_DRIVER_CONFIG		((u32)0x80000001)
+#define EV_EFI_VARIABLE_BOOT			((u32)0x80000002)
+#define EV_EFI_BOOT_SERVICES_APPLICATION	((u32)0x80000003)
+#define EV_EFI_BOOT_SERVICES_DRIVER		((u32)0x80000004)
+#define EV_EFI_RUNTIME_SERVICES_DRIVER		((u32)0x80000005)
+#define EV_EFI_GPT_EVENT			((u32)0x80000006)
+#define EV_EFI_ACTION				((u32)0x80000007)
+#define EV_EFI_PLATFORM_FIRMWARE_BLOB		((u32)0x80000008)
+#define EV_EFI_HANDOFF_TABLES			((u32)0x80000009)
+#define EV_EFI_HCRTM_EVENT			((u32)0x80000010)
+#define EV_EFI_VARIABLE_AUTHORITY		((u32)0x800000E0)
+
 /* TPMS_TAGGED_PROPERTY Structure */
 struct tpms_tagged_property {
 	u32 property;
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index dff85cea26..312cc8cbbf 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -309,6 +309,7 @@ config EFI_TCG2_PROTOCOL
 	select SHA512_ALGO
 	select SHA384
 	select SHA512
+	select HASH_CALCULATE
 	help
 	  Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
 	  of the platform.
diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index fe1ee198e2..f37a85e56e 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -302,6 +302,40 @@ static int cmp_pe_section(const void *arg1, const void *arg2)
 		return 1;
 }
 
+/**
+ * efi_prepare_aligned_image() - prepare 8-byte aligned image
+ * @efi:		pointer to the EFI binary
+ * @efi_size:		size of @efi binary
+ * @new_efi:		pointer to the newly allocated image
+ *
+ * If @efi is not 8-byte aligned, this function newly allocates
+ * the image buffer and updates @efi_size.
+ *
+ * Return:	valid pointer to a image, return NULL if allocation fails.
+ */
+void *efi_prepare_aligned_image(void *efi, u64 *efi_size, void **new_efi)
+{
+	size_t new_efi_size;
+	void *p;
+
+	/*
+	 * Size must be 8-byte aligned and the trailing bytes must be
+	 * zero'ed. Otherwise hash value may be incorrect.
+	 */
+	if (!IS_ALIGNED(*efi_size, 8)) {
+		new_efi_size = ALIGN(*efi_size, 8);
+		p = calloc(new_efi_size, 1);
+		if (!p)
+			return NULL;
+		memcpy(p, efi, *efi_size);
+		*efi_size = new_efi_size;
+		*new_efi = p;
+		return p;
+	} else {
+		return efi;
+	}
+}
+
 /**
  * efi_image_parse() - parse a PE image
  * @efi:	Pointer to image
@@ -561,7 +595,7 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
 	struct efi_signature_store *db = NULL, *dbx = NULL;
 	void *new_efi = NULL;
 	u8 *auth, *wincerts_end;
-	size_t new_efi_size, auth_size;
+	size_t auth_size;
 	bool ret = false;
 
 	EFI_PRINT("%s: Enter, %d\n", __func__, ret);
@@ -569,19 +603,9 @@ static bool efi_image_authenticate(void *efi, size_t efi_size)
 	if (!efi_secure_boot_enabled())
 		return true;
 
-	/*
-	 * Size must be 8-byte aligned and the trailing bytes must be
-	 * zero'ed. Otherwise hash value may be incorrect.
-	 */
-	if (efi_size & 0x7) {
-		new_efi_size = (efi_size + 0x7) & ~0x7ULL;
-		new_efi = calloc(new_efi_size, 1);
-		if (!new_efi)
-			return false;
-		memcpy(new_efi, efi, efi_size);
-		efi = new_efi;
-		efi_size = new_efi_size;
-	}
+	efi = efi_prepare_aligned_image(efi, (u64 *)&efi_size, &new_efi);
+	if (!efi)
+		return false;
 
 	if (!efi_image_parse(efi, efi_size, &regs, &wincerts,
 			     &wincerts_len)) {
@@ -891,6 +915,13 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle,
 		goto err;
 	}
 
+#if CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL)
+	/* Measure an PE/COFF image */
+	if (tcg2_measure_pe_image(efi, efi_size, handle,
+				  loaded_image_info))
+		log_err("PE image measurement failed\n");
+#endif
+
 	/* Copy PE headers */
 	memcpy(efi_reloc, efi,
 	       sizeof(*dos)
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index c8616bf31e..316eaf572b 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -13,8 +13,10 @@
 #include <efi_loader.h>
 #include <efi_tcg2.h>
 #include <log.h>
+#include <malloc.h>
 #include <version.h>
 #include <tpm-v2.h>
+#include <u-boot/hash-checksum.h>
 #include <u-boot/sha1.h>
 #include <u-boot/sha256.h>
 #include <u-boot/sha512.h>
@@ -706,6 +708,183 @@ out:
 	return EFI_EXIT(ret);
 }
 
+/**
+ * tcg2_hash_pe_image() - calculate PE/COFF image hash
+ *
+ * @efi:		pointer to the EFI binary
+ * @efi_size:		size of @efi binary
+ * @digest_list:	list of digest algorithms to extend
+ *
+ * Return:	status code
+ */
+static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
+				       struct tpml_digest_values *digest_list)
+{
+	WIN_CERTIFICATE *wincerts = NULL;
+	size_t wincerts_len;
+	struct efi_image_regions *regs = NULL;
+	void *new_efi = NULL;
+	u8 hash[TPM2_SHA512_DIGEST_SIZE];
+	efi_status_t ret;
+	u32 active;
+	int i;
+
+	efi = efi_prepare_aligned_image(efi, &efi_size, &new_efi);
+	if (!efi)
+		return EFI_OUT_OF_RESOURCES;
+
+	if (!efi_image_parse(efi, efi_size, &regs, &wincerts,
+			     &wincerts_len)) {
+		log_err("Parsing PE executable image failed\n");
+		ret = EFI_INVALID_PARAMETER;
+		goto out;
+	}
+
+	ret = __get_active_pcr_banks(&active);
+	if (ret != EFI_SUCCESS) {
+		ret = EFI_DEVICE_ERROR;
+		goto out;
+	}
+
+	digest_list->count = 0;
+	for (i = 0; i < MAX_HASH_COUNT; i++) {
+		u16 hash_alg = hash_algo_list[i].hash_alg;
+
+		if (!(active & alg_to_mask(hash_alg)))
+			continue;
+		switch (hash_alg) {
+		case TPM2_ALG_SHA1:
+			hash_calculate("sha1", regs->reg, regs->num, hash);
+			break;
+		case TPM2_ALG_SHA256:
+			hash_calculate("sha256", regs->reg, regs->num, hash);
+			break;
+		case TPM2_ALG_SHA384:
+			hash_calculate("sha384", regs->reg, regs->num, hash);
+			break;
+		case TPM2_ALG_SHA512:
+			hash_calculate("sha512", regs->reg, regs->num, hash);
+			break;
+		default:
+			EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
+			return EFI_INVALID_PARAMETER;
+		}
+		digest_list->digests[i].hash_alg = hash_alg;
+		memcpy(&digest_list->digests[i].digest, hash, (u32)alg_to_len(hash_alg));
+		digest_list->count++;
+	}
+
+out:
+	free(new_efi);
+	free(regs);
+
+	return ret;
+}
+
+/**
+ * tcg2_measure_pe_image() - measure PE/COFF image
+ *
+ * @efi:		pointer to the EFI binary
+ * @efi_size:		size of @efi binary
+ * @handle:		loaded image handle
+ * @loaded_image:	loaded image protocol
+ *
+ * Return:	status code
+ */
+efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size,
+				   struct efi_loaded_image_obj *handle,
+				   struct efi_loaded_image *loaded_image)
+{
+	struct tpml_digest_values digest_list;
+	efi_status_t ret;
+	struct udevice *dev;
+	u32 pcr_index, event_type, event_size;
+	struct uefi_image_load_event *image_load_event;
+	struct efi_device_path *device_path;
+	u32 device_path_length;
+	IMAGE_DOS_HEADER *dos;
+	IMAGE_NT_HEADERS32 *nt;
+	struct efi_handler *handler;
+
+	ret = platform_get_tpm2_device(&dev);
+	if (ret != EFI_SUCCESS)
+		return ret;
+
+	switch (handle->image_type) {
+	case IMAGE_SUBSYSTEM_EFI_APPLICATION:
+		pcr_index = 4;
+		event_type = EV_EFI_BOOT_SERVICES_APPLICATION;
+		break;
+	case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:
+		pcr_index = 2;
+		event_type = EV_EFI_BOOT_SERVICES_DRIVER;
+		break;
+	case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:
+		pcr_index = 2;
+		event_type = EV_EFI_RUNTIME_SERVICES_DRIVER;
+		break;
+	default:
+		return EFI_UNSUPPORTED;
+	}
+
+	ret = tcg2_hash_pe_image(efi, efi_size, &digest_list);
+	if (ret != EFI_SUCCESS)
+		return ret;
+
+	ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
+	if (ret != EFI_SUCCESS)
+		return ret;
+
+	ret = EFI_CALL(efi_search_protocol(&handle->header,
+					   &efi_guid_loaded_image_device_path,
+					   &handler));
+	if (ret != EFI_SUCCESS)
+		return ret;
+
+	device_path = EFI_CALL(handler->protocol_interface);
+	device_path_length = efi_dp_size(device_path);
+	if (device_path_length > 0) {
+		/* add end node size */
+		device_path_length += sizeof(struct efi_device_path);
+	}
+	event_size = sizeof(struct uefi_image_load_event) + device_path_length;
+	image_load_event = (struct uefi_image_load_event *)malloc(event_size);
+	if (!image_load_event)
+		return EFI_OUT_OF_RESOURCES;
+
+	image_load_event->image_location_in_memory = (efi_physical_addr_t)efi;
+	image_load_event->image_length_in_memory = efi_size;
+	image_load_event->length_of_device_path = device_path_length;
+
+	dos = (IMAGE_DOS_HEADER *)efi;
+	nt = (IMAGE_NT_HEADERS32 *)(efi + dos->e_lfanew);
+	if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
+		IMAGE_NT_HEADERS64 *nt64 = (IMAGE_NT_HEADERS64 *)nt;
+
+		image_load_event->image_link_time_address =
+				nt64->OptionalHeader.ImageBase;
+	} else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
+		image_load_event->image_link_time_address =
+				nt->OptionalHeader.ImageBase;
+	} else {
+		ret = EFI_INVALID_PARAMETER;
+		goto out;
+	}
+
+	if (device_path_length > 0) {
+		memcpy(image_load_event->device_path, device_path,
+		       device_path_length);
+	}
+
+	ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
+				    event_size, (u8 *)image_load_event);
+
+out:
+	free(image_load_event);
+
+	return ret;
+}
+
 /**
  * efi_tcg2_hash_log_extend_event() - extend and optionally log events
  *
@@ -758,24 +937,32 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
 	/*
 	 * if PE_COFF_IMAGE is set we need to make sure the image is not
 	 * corrupted, verify it and hash the PE/COFF image in accordance with
-	 * the  procedure  specified  in  "Calculating  the  PE  Image  Hash"
-	 * section  of the "Windows Authenticode Portable Executable Signature
+	 * the procedure specified in "Calculating the PE Image Hash"
+	 * section of the "Windows Authenticode Portable Executable Signature
 	 * Format"
-	 * Not supported for now
 	 */
 	if (flags & PE_COFF_IMAGE) {
-		ret = EFI_UNSUPPORTED;
-		goto out;
-	}
+		IMAGE_NT_HEADERS32 *nt;
 
-	pcr_index = efi_tcg_event->header.pcr_index;
-	event_type = efi_tcg_event->header.event_type;
+		ret = efi_check_pe((void *)data_to_hash, data_to_hash_len,
+				   (void **)&nt);
+		if (ret != EFI_SUCCESS) {
+			log_err("Not a valid PE-COFF file\n");
+			goto out;
+		}
+		ret = tcg2_hash_pe_image((void *)data_to_hash, data_to_hash_len,
+					 &digest_list);
+	} else {
+		ret = tcg2_create_digest((u8 *)(uintptr_t)data_to_hash,
+					 data_to_hash_len, &digest_list);
+	}
 
-	ret = tcg2_create_digest((u8 *)(uintptr_t)data_to_hash,
-				 data_to_hash_len, &digest_list);
 	if (ret != EFI_SUCCESS)
 		goto out;
 
+	pcr_index = efi_tcg_event->header.pcr_index;
+	event_type = efi_tcg_event->header.event_type;
+
 	ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
 	if (ret != EFI_SUCCESS)
 		goto out;
-- 
2.17.1

[PATCH v7 1/3] lib: introduce HASH_CALCULATE option

[Heinrich Schuchardt]

On 5/13/21 4:48 PM, Masahisa Kojima wrote:
> Build error occurs when CONFIG_EFI_SECURE_BOOT or
> CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
> because hash-checksum.c is not compiled.
>
> Since hash_calculate() implemented in hash-checksum.c can be
> commonly used aside from FIT image signature verification,
> this commit itroduces HASH_CALCULATE option to decide
> if hash-checksum.c shall be compiled.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
>
> Changes in v7:
> - newly introduce HASH_CALCULATE option
>
> Changes in v6:
> - update lib/Makefile to compile hash-checksum.c, instead of
>    selecting FIT_SIGNATURE in secure boot and capsule authentication.
>
> Changes in v5:
> - Missing option for EFI_TCG2_PROTOROL already added in different commit.
>    This commit adds FIT_SIGNATURE only.
>
> Changes in v4:
> - newly added in this patch series, due to rebasing
>    the base code.
>
>   common/Kconfig.boot    | 1 +
>   lib/Kconfig            | 3 +++
>   lib/Makefile           | 2 +-
>   lib/efi_loader/Kconfig | 2 ++
>   4 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/common/Kconfig.boot b/common/Kconfig.boot
> index 5a18d62d78..56608226cc 100644
> --- a/common/Kconfig.boot
> +++ b/common/Kconfig.boot
> @@ -80,6 +80,7 @@ config FIT_SIGNATURE
>   	select RSA_VERIFY
>   	select IMAGE_SIGN_INFO
>   	select FIT_FULL_CHECK
> +	select HASH_CALCULATE
>   	help
>   	  This option enables signature verification of FIT uImages,
>   	  using a hash signed and verified using RSA. If
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 6d2d41de30..df67eb0503 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -428,6 +428,9 @@ config CRC32C
>   config XXHASH
>   	bool
>
> +config HASH_CALCULATE
> +	bool
> +
>   endmenu
>
>   menu "Compression Support"
> diff --git a/lib/Makefile b/lib/Makefile
> index 6825671955..0835ea292c 100644
> --- a/lib/Makefile
> +++ b/lib/Makefile
> @@ -61,7 +61,7 @@ endif
>   obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/
>   obj-$(CONFIG_$(SPL_)MD5) += md5.o
>   obj-$(CONFIG_$(SPL_)RSA) += rsa/
> -obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o

CONFIG_FIT_SIGNATURE has to select CONFIG_HASH_CALCULATE too?

Best regards

Heinrich

> +obj-$(CONFIG_HASH_CALCULATE) += hash-checksum.o
>   obj-$(CONFIG_SHA1) += sha1.o
>   obj-$(CONFIG_SHA256) += sha256.o
>   obj-$(CONFIG_SHA512_ALGO) += sha512.o
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index c259abe033..eb5c4d6f29 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -174,6 +174,7 @@ config EFI_CAPSULE_AUTHENTICATE
>   	select PKCS7_MESSAGE_PARSER
>   	select PKCS7_VERIFY
>   	select IMAGE_SIGN_INFO
> +	select HASH_CALCULATE
>   	default n
>   	help
>   	  Select this option if you want to enable capsule
> @@ -342,6 +343,7 @@ config EFI_SECURE_BOOT
>   	select X509_CERTIFICATE_PARSER
>   	select PKCS7_MESSAGE_PARSER
>   	select PKCS7_VERIFY
> +	select HASH_CALCULATE
>   	default n
>   	help
>   	  Select this option to enable EFI secure boot support.
>

[PATCH v7 1/3] lib: introduce HASH_CALCULATE option

[Heinrich Schuchardt]

On 5/13/21 4:48 PM, Masahisa Kojima wrote:
> Build error occurs when CONFIG_EFI_SECURE_BOOT or
> CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
> because hash-checksum.c is not compiled.
>
> Since hash_calculate() implemented in hash-checksum.c can be
> commonly used aside from FIT image signature verification,
> this commit itroduces HASH_CALCULATE option to decide
> if hash-checksum.c shall be compiled.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

[PATCH v7 2/3] efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled

[Heinrich Schuchardt]

On 5/13/21 4:48 PM, Masahisa Kojima wrote:
> This is preparation for PE/COFF measurement support.
> PE/COFF image hash calculation is same in both
> UEFI Secure Boot image verification and measurement in
> measured boot. PE/COFF image parsing functions are
> gathered into efi_image_loader.c, and exposed even if
> UEFI Secure Boot is not enabled.
>
> This commit also adds the EFI_SIGNATURE_SUPPORT option
> to decide if efi_signature.c shall be compiled.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> ---
>
> (no changes since v4)
>
> Changes in v4:
> - revert #ifdef instead of using "if (!IS_ENABLED())" statement,
>    not to rely on the compiler optimization.
>
> Changes in v3:
> - hide EFI_SIGNATURE_SUPPORT option
>
> Changes in v2:
> - Remove all #ifdef from efi_image_loader.c and efi_signature.c
> - Add EFI_SIGNATURE_SUPPORT option
> - Explicitly include <u-boot/hash-checksum.h>
> - Gather PE/COFF parsing functions into efi_image_loader.c
> - Move efi_guid_t efi_guid_image_security_database in efi_var_common.c
>
>   lib/efi_loader/Kconfig            |  6 +++
>   lib/efi_loader/Makefile           |  2 +-
>   lib/efi_loader/efi_image_loader.c | 64 ++++++++++++++++++++++++++++-
>   lib/efi_loader/efi_signature.c    | 67 +------------------------------
>   lib/efi_loader/efi_var_common.c   |  3 ++
>   5 files changed, 74 insertions(+), 68 deletions(-)
>
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index eb5c4d6f29..dff85cea26 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -175,6 +175,7 @@ config EFI_CAPSULE_AUTHENTICATE
>   	select PKCS7_VERIFY
>   	select IMAGE_SIGN_INFO
>   	select HASH_CALCULATE
> +	select EFI_SIGNATURE_SUPPORT
>   	default n
>   	help
>   	  Select this option if you want to enable capsule
> @@ -344,6 +345,7 @@ config EFI_SECURE_BOOT
>   	select PKCS7_MESSAGE_PARSER
>   	select PKCS7_VERIFY
>   	select HASH_CALCULATE
> +	select EFI_SIGNATURE_SUPPORT
>   	default n
>   	help
>   	  Select this option to enable EFI secure boot support.
> @@ -351,6 +353,10 @@ config EFI_SECURE_BOOT
>   	  it is signed with a trusted key. To do that, you need to install,
>   	  at least, PK, KEK and db.
>
> +config EFI_SIGNATURE_SUPPORT
> +	bool
> +	depends on EFI_SECURE_BOOT || EFI_CAPSULE_AUTHENTICATE

This line is superfluous. As it has no label the symbol will be false if
not selected by EFI_SECURE_BOOT or EFI_CAPSULE_AUTHENTICATE.

Best regards

Heinrich

> +
>   config EFI_ESRT
>   	bool "Enable the UEFI ESRT generation"
>   	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
> diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile
> index 8bd343e258..fd344cea29 100644
> --- a/lib/efi_loader/Makefile
> +++ b/lib/efi_loader/Makefile
> @@ -63,7 +63,7 @@ obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += efi_smbios.o
>   obj-$(CONFIG_EFI_RNG_PROTOCOL) += efi_rng.o
>   obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o
>   obj-$(CONFIG_EFI_LOAD_FILE2_INITRD) += efi_load_initrd.o
> -obj-y += efi_signature.o
> +obj-$(CONFIG_EFI_SIGNATURE_SUPPORT) += efi_signature.o
>
>   EFI_VAR_SEED_FILE := $(subst $\",,$(CONFIG_EFI_VAR_SEED_FILE))
>   $(obj)/efi_var_seed.o: $(srctree)/$(EFI_VAR_SEED_FILE)
> diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
> index f53ef367ec..fe1ee198e2 100644
> --- a/lib/efi_loader/efi_image_loader.c
> +++ b/lib/efi_loader/efi_image_loader.c
> @@ -213,7 +213,68 @@ static void efi_set_code_and_data_type(
>   	}
>   }
>
> -#ifdef CONFIG_EFI_SECURE_BOOT
> +/**
> + * efi_image_region_add() - add an entry of region
> + * @regs:	Pointer to array of regions
> + * @start:	Start address of region (included)
> + * @end:	End address of region (excluded)
> + * @nocheck:	flag against overlapped regions
> + *
> + * Take one entry of region [@start, @end[ and insert it into the list.
> + *
> + * * If @nocheck is false, the list will be sorted ascending by address.
> + *   Overlapping entries will not be allowed.
> + *
> + * * If @nocheck is true, the list will be sorted ascending by sequence
> + *   of adding the entries. Overlapping is allowed.
> + *
> + * Return:	status code
> + */
> +efi_status_t efi_image_region_add(struct efi_image_regions *regs,
> +				  const void *start, const void *end,
> +				  int nocheck)
> +{
> +	struct image_region *reg;
> +	int i, j;
> +
> +	if (regs->num >= regs->max) {
> +		EFI_PRINT("%s: no more room for regions\n", __func__);
> +		return EFI_OUT_OF_RESOURCES;
> +	}
> +
> +	if (end < start)
> +		return EFI_INVALID_PARAMETER;
> +
> +	for (i = 0; i < regs->num; i++) {
> +		reg = &regs->reg[i];
> +		if (nocheck)
> +			continue;
> +
> +		/* new data after registered region */
> +		if (start >= reg->data + reg->size)
> +			continue;
> +
> +		/* new data preceding registered region */
> +		if (end <= reg->data) {
> +			for (j = regs->num - 1; j >= i; j--)
> +				memcpy(&regs->reg[j + 1], &regs->reg[j],
> +				       sizeof(*reg));
> +			break;
> +		}
> +
> +		/* new data overlapping registered region */
> +		EFI_PRINT("%s: new region already part of another\n", __func__);
> +		return EFI_INVALID_PARAMETER;
> +	}
> +
> +	reg = &regs->reg[i];
> +	reg->data = start;
> +	reg->size = end - start;
> +	regs->num++;
> +
> +	return EFI_SUCCESS;
> +}
> +
>   /**
>    * cmp_pe_section() - compare virtual addresses of two PE image sections
>    * @arg1:	pointer to pointer to first section header
> @@ -422,6 +483,7 @@ err:
>   	return false;
>   }
>
> +#ifdef CONFIG_EFI_SECURE_BOOT
>   /**
>    * efi_image_unsigned_authenticate() - authenticate unsigned image with
>    * SHA256 hash
> diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
> index c7ec275414..bdd09881fc 100644
> --- a/lib/efi_loader/efi_signature.c
> +++ b/lib/efi_loader/efi_signature.c
> @@ -15,18 +15,16 @@
>   #include <crypto/public_key.h>
>   #include <linux/compat.h>
>   #include <linux/oid_registry.h>
> +#include <u-boot/hash-checksum.h>
>   #include <u-boot/rsa.h>
>   #include <u-boot/sha256.h>
>
> -const efi_guid_t efi_guid_image_security_database =
> -		EFI_IMAGE_SECURITY_DATABASE_GUID;
>   const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID;
>   const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID;
>   const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID;
>   const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID;
>   const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
>
> -#if defined(CONFIG_EFI_SECURE_BOOT) || defined(CONFIG_EFI_CAPSULE_AUTHENTICATE)
>   static u8 pkcs7_hdr[] = {
>   	/* SEQUENCE */
>   	0x30, 0x82, 0x05, 0xc7,
> @@ -539,68 +537,6 @@ out:
>   	return !revoked;
>   }
>
> -/**
> - * efi_image_region_add() - add an entry of region
> - * @regs:	Pointer to array of regions
> - * @start:	Start address of region (included)
> - * @end:	End address of region (excluded)
> - * @nocheck:	flag against overlapped regions
> - *
> - * Take one entry of region [@start, @end[ and insert it into the list.
> - *
> - * * If @nocheck is false, the list will be sorted ascending by address.
> - *   Overlapping entries will not be allowed.
> - *
> - * * If @nocheck is true, the list will be sorted ascending by sequence
> - *   of adding the entries. Overlapping is allowed.
> - *
> - * Return:	status code
> - */
> -efi_status_t efi_image_region_add(struct efi_image_regions *regs,
> -				  const void *start, const void *end,
> -				  int nocheck)
> -{
> -	struct image_region *reg;
> -	int i, j;
> -
> -	if (regs->num >= regs->max) {
> -		EFI_PRINT("%s: no more room for regions\n", __func__);
> -		return EFI_OUT_OF_RESOURCES;
> -	}
> -
> -	if (end < start)
> -		return EFI_INVALID_PARAMETER;
> -
> -	for (i = 0; i < regs->num; i++) {
> -		reg = &regs->reg[i];
> -		if (nocheck)
> -			continue;
> -
> -		/* new data after registered region */
> -		if (start >= reg->data + reg->size)
> -			continue;
> -
> -		/* new data preceding registered region */
> -		if (end <= reg->data) {
> -			for (j = regs->num - 1; j >= i; j--)
> -				memcpy(&regs->reg[j + 1], &regs->reg[j],
> -				       sizeof(*reg));
> -			break;
> -		}
> -
> -		/* new data overlapping registered region */
> -		EFI_PRINT("%s: new region already part of another\n", __func__);
> -		return EFI_INVALID_PARAMETER;
> -	}
> -
> -	reg = &regs->reg[i];
> -	reg->data = start;
> -	reg->size = end - start;
> -	regs->num++;
> -
> -	return EFI_SUCCESS;
> -}
> -
>   /**
>    * efi_sigstore_free - free signature store
>    * @sigstore:	Pointer to signature store structure
> @@ -846,4 +782,3 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
>
>   	return efi_build_signature_store(db, db_size);
>   }
> -#endif /* CONFIG_EFI_SECURE_BOOT || CONFIG_EFI_CAPSULE_AUTHENTICATE */
> diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
> index b11ed91a74..83479dd142 100644
> --- a/lib/efi_loader/efi_var_common.c
> +++ b/lib/efi_loader/efi_var_common.c
> @@ -24,6 +24,9 @@ struct efi_auth_var_name_type {
>   	const enum efi_auth_var_type type;
>   };
>
> +const efi_guid_t efi_guid_image_security_database =
> +		EFI_IMAGE_SECURITY_DATABASE_GUID;
> +
>   static const struct efi_auth_var_name_type name_type[] = {
>   	{u"PK", &efi_global_variable_guid, EFI_AUTH_VAR_PK},
>   	{u"KEK", &efi_global_variable_guid, EFI_AUTH_VAR_KEK},
>

[PATCH v7 2/3] efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled

[Masahisa Kojima]

On Fri, 14 May 2021 at 00:33, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
>
> On 5/13/21 4:48 PM, Masahisa Kojima wrote:
> > This is preparation for PE/COFF measurement support.
> > PE/COFF image hash calculation is same in both
> > UEFI Secure Boot image verification and measurement in
> > measured boot. PE/COFF image parsing functions are
> > gathered into efi_image_loader.c, and exposed even if
> > UEFI Secure Boot is not enabled.
> >
> > This commit also adds the EFI_SIGNATURE_SUPPORT option
> > to decide if efi_signature.c shall be compiled.
> >
> > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> > ---
> >
> > (no changes since v4)
> >
> > Changes in v4:
> > - revert #ifdef instead of using "if (!IS_ENABLED())" statement,
> >    not to rely on the compiler optimization.
> >
> > Changes in v3:
> > - hide EFI_SIGNATURE_SUPPORT option
> >
> > Changes in v2:
> > - Remove all #ifdef from efi_image_loader.c and efi_signature.c
> > - Add EFI_SIGNATURE_SUPPORT option
> > - Explicitly include <u-boot/hash-checksum.h>
> > - Gather PE/COFF parsing functions into efi_image_loader.c
> > - Move efi_guid_t efi_guid_image_security_database in efi_var_common.c
> >
> >   lib/efi_loader/Kconfig            |  6 +++
> >   lib/efi_loader/Makefile           |  2 +-
> >   lib/efi_loader/efi_image_loader.c | 64 ++++++++++++++++++++++++++++-
> >   lib/efi_loader/efi_signature.c    | 67 +------------------------------
> >   lib/efi_loader/efi_var_common.c   |  3 ++
> >   5 files changed, 74 insertions(+), 68 deletions(-)
> >
> > diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> > index eb5c4d6f29..dff85cea26 100644
> > --- a/lib/efi_loader/Kconfig
> > +++ b/lib/efi_loader/Kconfig
> > @@ -175,6 +175,7 @@ config EFI_CAPSULE_AUTHENTICATE
> >       select PKCS7_VERIFY
> >       select IMAGE_SIGN_INFO
> >       select HASH_CALCULATE
> > +     select EFI_SIGNATURE_SUPPORT
> >       default n
> >       help
> >         Select this option if you want to enable capsule
> > @@ -344,6 +345,7 @@ config EFI_SECURE_BOOT
> >       select PKCS7_MESSAGE_PARSER
> >       select PKCS7_VERIFY
> >       select HASH_CALCULATE
> > +     select EFI_SIGNATURE_SUPPORT
> >       default n
> >       help
> >         Select this option to enable EFI secure boot support.
> > @@ -351,6 +353,10 @@ config EFI_SECURE_BOOT
> >         it is signed with a trusted key. To do that, you need to install,
> >         at least, PK, KEK and db.
> >
> > +config EFI_SIGNATURE_SUPPORT
> > +     bool
> > +     depends on EFI_SECURE_BOOT || EFI_CAPSULE_AUTHENTICATE
>
> This line is superfluous. As it has no label the symbol will be false if
> not selected by EFI_SECURE_BOOT or EFI_CAPSULE_AUTHENTICATE.

I will remove this "depends on" line.

Thanks,
Masahisa Kojima

>
> Best regards
>
> Heinrich
>
> > +
> >   config EFI_ESRT
> >       bool "Enable the UEFI ESRT generation"
> >       depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
> > diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile
> > index 8bd343e258..fd344cea29 100644
> > --- a/lib/efi_loader/Makefile
> > +++ b/lib/efi_loader/Makefile
> > @@ -63,7 +63,7 @@ obj-$(CONFIG_GENERATE_SMBIOS_TABLE) += efi_smbios.o
> >   obj-$(CONFIG_EFI_RNG_PROTOCOL) += efi_rng.o
> >   obj-$(CONFIG_EFI_TCG2_PROTOCOL) += efi_tcg2.o
> >   obj-$(CONFIG_EFI_LOAD_FILE2_INITRD) += efi_load_initrd.o
> > -obj-y += efi_signature.o
> > +obj-$(CONFIG_EFI_SIGNATURE_SUPPORT) += efi_signature.o
> >
> >   EFI_VAR_SEED_FILE := $(subst $\",,$(CONFIG_EFI_VAR_SEED_FILE))
> >   $(obj)/efi_var_seed.o: $(srctree)/$(EFI_VAR_SEED_FILE)
> > diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
> > index f53ef367ec..fe1ee198e2 100644
> > --- a/lib/efi_loader/efi_image_loader.c
> > +++ b/lib/efi_loader/efi_image_loader.c
> > @@ -213,7 +213,68 @@ static void efi_set_code_and_data_type(
> >       }
> >   }
> >
> > -#ifdef CONFIG_EFI_SECURE_BOOT
> > +/**
> > + * efi_image_region_add() - add an entry of region
> > + * @regs:    Pointer to array of regions
> > + * @start:   Start address of region (included)
> > + * @end:     End address of region (excluded)
> > + * @nocheck: flag against overlapped regions
> > + *
> > + * Take one entry of region [@start, @end[ and insert it into the list.
> > + *
> > + * * If @nocheck is false, the list will be sorted ascending by address.
> > + *   Overlapping entries will not be allowed.
> > + *
> > + * * If @nocheck is true, the list will be sorted ascending by sequence
> > + *   of adding the entries. Overlapping is allowed.
> > + *
> > + * Return:   status code
> > + */
> > +efi_status_t efi_image_region_add(struct efi_image_regions *regs,
> > +                               const void *start, const void *end,
> > +                               int nocheck)
> > +{
> > +     struct image_region *reg;
> > +     int i, j;
> > +
> > +     if (regs->num >= regs->max) {
> > +             EFI_PRINT("%s: no more room for regions\n", __func__);
> > +             return EFI_OUT_OF_RESOURCES;
> > +     }
> > +
> > +     if (end < start)
> > +             return EFI_INVALID_PARAMETER;
> > +
> > +     for (i = 0; i < regs->num; i++) {
> > +             reg = &regs->reg[i];
> > +             if (nocheck)
> > +                     continue;
> > +
> > +             /* new data after registered region */
> > +             if (start >= reg->data + reg->size)
> > +                     continue;
> > +
> > +             /* new data preceding registered region */
> > +             if (end <= reg->data) {
> > +                     for (j = regs->num - 1; j >= i; j--)
> > +                             memcpy(&regs->reg[j + 1], &regs->reg[j],
> > +                                    sizeof(*reg));
> > +                     break;
> > +             }
> > +
> > +             /* new data overlapping registered region */
> > +             EFI_PRINT("%s: new region already part of another\n", __func__);
> > +             return EFI_INVALID_PARAMETER;
> > +     }
> > +
> > +     reg = &regs->reg[i];
> > +     reg->data = start;
> > +     reg->size = end - start;
> > +     regs->num++;
> > +
> > +     return EFI_SUCCESS;
> > +}
> > +
> >   /**
> >    * cmp_pe_section() - compare virtual addresses of two PE image sections
> >    * @arg1:   pointer to pointer to first section header
> > @@ -422,6 +483,7 @@ err:
> >       return false;
> >   }
> >
> > +#ifdef CONFIG_EFI_SECURE_BOOT
> >   /**
> >    * efi_image_unsigned_authenticate() - authenticate unsigned image with
> >    * SHA256 hash
> > diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
> > index c7ec275414..bdd09881fc 100644
> > --- a/lib/efi_loader/efi_signature.c
> > +++ b/lib/efi_loader/efi_signature.c
> > @@ -15,18 +15,16 @@
> >   #include <crypto/public_key.h>
> >   #include <linux/compat.h>
> >   #include <linux/oid_registry.h>
> > +#include <u-boot/hash-checksum.h>
> >   #include <u-boot/rsa.h>
> >   #include <u-boot/sha256.h>
> >
> > -const efi_guid_t efi_guid_image_security_database =
> > -             EFI_IMAGE_SECURITY_DATABASE_GUID;
> >   const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID;
> >   const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID;
> >   const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID;
> >   const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID;
> >   const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID;
> >
> > -#if defined(CONFIG_EFI_SECURE_BOOT) || defined(CONFIG_EFI_CAPSULE_AUTHENTICATE)
> >   static u8 pkcs7_hdr[] = {
> >       /* SEQUENCE */
> >       0x30, 0x82, 0x05, 0xc7,
> > @@ -539,68 +537,6 @@ out:
> >       return !revoked;
> >   }
> >
> > -/**
> > - * efi_image_region_add() - add an entry of region
> > - * @regs:    Pointer to array of regions
> > - * @start:   Start address of region (included)
> > - * @end:     End address of region (excluded)
> > - * @nocheck: flag against overlapped regions
> > - *
> > - * Take one entry of region [@start, @end[ and insert it into the list.
> > - *
> > - * * If @nocheck is false, the list will be sorted ascending by address.
> > - *   Overlapping entries will not be allowed.
> > - *
> > - * * If @nocheck is true, the list will be sorted ascending by sequence
> > - *   of adding the entries. Overlapping is allowed.
> > - *
> > - * Return:   status code
> > - */
> > -efi_status_t efi_image_region_add(struct efi_image_regions *regs,
> > -                               const void *start, const void *end,
> > -                               int nocheck)
> > -{
> > -     struct image_region *reg;
> > -     int i, j;
> > -
> > -     if (regs->num >= regs->max) {
> > -             EFI_PRINT("%s: no more room for regions\n", __func__);
> > -             return EFI_OUT_OF_RESOURCES;
> > -     }
> > -
> > -     if (end < start)
> > -             return EFI_INVALID_PARAMETER;
> > -
> > -     for (i = 0; i < regs->num; i++) {
> > -             reg = &regs->reg[i];
> > -             if (nocheck)
> > -                     continue;
> > -
> > -             /* new data after registered region */
> > -             if (start >= reg->data + reg->size)
> > -                     continue;
> > -
> > -             /* new data preceding registered region */
> > -             if (end <= reg->data) {
> > -                     for (j = regs->num - 1; j >= i; j--)
> > -                             memcpy(&regs->reg[j + 1], &regs->reg[j],
> > -                                    sizeof(*reg));
> > -                     break;
> > -             }
> > -
> > -             /* new data overlapping registered region */
> > -             EFI_PRINT("%s: new region already part of another\n", __func__);
> > -             return EFI_INVALID_PARAMETER;
> > -     }
> > -
> > -     reg = &regs->reg[i];
> > -     reg->data = start;
> > -     reg->size = end - start;
> > -     regs->num++;
> > -
> > -     return EFI_SUCCESS;
> > -}
> > -
> >   /**
> >    * efi_sigstore_free - free signature store
> >    * @sigstore:       Pointer to signature store structure
> > @@ -846,4 +782,3 @@ struct efi_signature_store *efi_sigstore_parse_sigdb(u16 *name)
> >
> >       return efi_build_signature_store(db, db_size);
> >   }
> > -#endif /* CONFIG_EFI_SECURE_BOOT || CONFIG_EFI_CAPSULE_AUTHENTICATE */
> > diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
> > index b11ed91a74..83479dd142 100644
> > --- a/lib/efi_loader/efi_var_common.c
> > +++ b/lib/efi_loader/efi_var_common.c
> > @@ -24,6 +24,9 @@ struct efi_auth_var_name_type {
> >       const enum efi_auth_var_type type;
> >   };
> >
> > +const efi_guid_t efi_guid_image_security_database =
> > +             EFI_IMAGE_SECURITY_DATABASE_GUID;
> > +
> >   static const struct efi_auth_var_name_type name_type[] = {
> >       {u"PK", &efi_global_variable_guid, EFI_AUTH_VAR_PK},
> >       {u"KEK", &efi_global_variable_guid, EFI_AUTH_VAR_KEK},
> >
>