All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: linux-efi@vger.kernel.org, ardb@kernel.org,
	James.Bottomley@hansenpartnership.com
Cc: pjones@redhat.com, nivedita@alum.mit.edu, mjg59@google.com,
	daniel.kiper@oracle.com, leif@nuviainc.com,
	Ilias Apalodimas <ilias.apalodimas@linaro.org>
Subject: [PATCH 0/4 v2] efi/libstub: measure initrd data loaded by the EFI stub
Date: Thu,  2 Sep 2021 11:04:12 +0300	[thread overview]
Message-ID: <20210902080416.5461-1-ilias.apalodimas@linaro.org> (raw)

Hi!

This is a respin of [1].
This enables initrd measurement when loaded directly by the kernel EFI stub.
It ensures that the initrd observed and used by the OS is the same one that
got measured into the TPM, which is more difficult to guarantee in the current
situation.

There's a couple of changes compared to the original RFC:
- Ard fixed the x86 assembly for providing the extra arguments needed
- Instead of EV_IPL the logs are recorded with EV_EVENT_TAG. EV_IPL was marked
  as deprecated up until the latest PC client spec [2] and it's description
  reads "It may be used by Boot Manager Code to measure events."
  EV_EVENT_TAG on the other hand seems more appropriate as it's defined as:
  "Used for PCRs defined for OS and application usage.  Defined for use by Host
  Platform Operating System or Software."
- We are only measuring the initrd if it was loaded using the LOAD_FILE2
  protocol.  This is not what we probably want in the long run, but in an effort
  to keep current distros that rely on measurements unaffected, let's enable it
  only in the LOAD_FILE2 case.

Here's a (simple) eventlog using U-Boot and loading the initrd with LOAD_FILE2
version: 1
events:
- EventNum: 0
  PCRIndex: 0
  EventType: EV_NO_ACTION
  Digest: "0000000000000000000000000000000000000000"
  EventSize: 45
  SpecID:
  - Signature: Spec ID Event03
    platformClass: 0
    specVersionMinor: 0
    specVersionMajor: 2
    specErrata: 2
    uintnSize: 2
    numberOfAlgorithms: 4
    Algorithms:
    - Algorithm[0]:
      algorithmId: sha1
      digestSize: 20
    - Algorithm[1]:
      algorithmId: sha256
      digestSize: 32
    - Algorithm[2]:
      algorithmId: sha384
      digestSize: 48
    - Algorithm[3]:
      algorithmId: sha512
      digestSize: 64
    vendorInfoSize: 0
- EventNum: 1
  PCRIndex: 0
  EventType: EV_S_CRTM_VERSION
  DigestCount: 4
  Digests:
  - AlgorithmId: sha1
    Digest: "cb948776833ac1a6b1f7290a29798f6c6f3fe376"
  - AlgorithmId: sha256
    Digest: "cdc34410e11ad651c8aeb2705d889c80cf82a707d7471f140e1b6d7f1583e52f"
  - AlgorithmId: sha384
    Digest: "430ff24d1a65e81fef96771b7313b6622efe03d84d39faae0d0a7ee0b54a1222f3a2d99ebff5a2a31359ce1df618b3a5"
  - AlgorithmId: sha512
    Digest: "001cff096fbd9615c9039cb9785857f2bc586de42cea9da8471e4a782cd68ba879b8fe3d4410d74f70f2d83f506842b507afe4a89478b1841583e7bc4a1ef3a5"
  EventSize: 74
  Event: "552d426f6f7420323032312e30342d7263332d30303032322d67636434306530376666382d646972747920284d61722033302032303231202d2031353a30303a3234202b303030302900"
- EventNum: 2
  PCRIndex: 9
  EventType: EV_EVENT_TAG
  DigestCount: 4
  Digests:
  - AlgorithmId: sha1
    Digest: "a0d2c52d82ad30f5ca04e72153177179807dbef4"
  - AlgorithmId: sha256
    Digest: "5035f6ff3740e8462a30a9c65e45ea19d11d95cf286324be9d04378058abe6b3"
  - AlgorithmId: sha384
    Digest: "f414dfaa66ee06c234bf2341967999b59e3e33e091490f36cbb2a0830cdbf9663ed1b2adc5117d8b4f992c7c43774c83"
  - AlgorithmId: sha512
    Digest: "2654376c43e93ee4f2a7be231c35d207349587466e62d09803db6c7ab9da594f9ae8a21fa0f6f9496c61cf6b03ecb40bb019ad6112baaa5f7a9cbc20adea65da"
  EventSize: 21
  Event: "ec223b8f0d0000004c696e757820696e6974726400"
pcrs:
  sha1:
    0  : 0x99b6e79948ad34eb59882ab7cc46666e0ccdd783
    9  : 0x70c847a8dbc23693ecb3e341cb5ae745b6d07b29
  sha256:
    0  : 0xae32cb21ec1c654591be13f729ecfe7e71efe74c6b885e9aadc944df79ee722e
    9  : 0x099d14a1bfb6531ce2c3d807b8ad678a273dee0ea0ed88662943b97c03f99638
  sha384:
    0  : 0x1fe21137d71364096179281525719c3fd109363cff28ec191d7623620c3bc8609bd9534d5e31887d85664ef938abc5a6
    9  : 0xf848ece0a5e3f6a4c4194fd467a05a0b552a9e24d7360297bbe019fe980f9e29d71fbc45a0356c04c62f36906dcfb41b
  sha512:
    0  : 0xcba9c7c551179ce82a496a41629462836e4bc02fa1fe3922290e689a4d4a03264f14d00f2995d7091247a35cf4f54bc9ee3c594dd139c381fd6d0ccc0ed93e0c
    9  : 0xc62ebbeb16ea2ce0bca565866891be8496b8547254b13683ec0223394a402bd0c8758e0fe09742270fe7d31f00a960db8a70c4dfc0b2bfe7185e353eff67c489

[1] https://lore.kernel.org/linux-efi/20201102170634.20575-1-ardb@kernel.org/
[2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v22_02dec2020.pdf

Changes since v1:
- no changes

Ard Biesheuvel (3):
  efi/libstub: add prototype of
    efi_tcg2_protocol::hash_log_extend_event()
  efi/libstub: x86/mixed: increase supported argument count
  efi/libstub: consolidate initrd handling across architectures

Ilias Apalodimas (1):
  efi/libstub: measure loaded initrd info into the TPM

 arch/x86/boot/compressed/efi_thunk_64.S       | 17 +++--
 arch/x86/include/asm/efi.h                    | 14 +++-
 arch/x86/platform/efi/efi_thunk_64.S          | 14 +++-
 .../firmware/efi/libstub/efi-stub-helper.c    | 73 ++++++++++++++++---
 drivers/firmware/efi/libstub/efi-stub.c       | 10 +--
 drivers/firmware/efi/libstub/efistub.h        | 30 +++++++-
 drivers/firmware/efi/libstub/x86-stub.c       | 26 +++----
 7 files changed, 135 insertions(+), 49 deletions(-)

-- 
2.32.0.rc0


             reply	other threads:[~2021-09-02  8:04 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-02  8:04 Ilias Apalodimas [this message]
2021-09-02  8:04 ` [PATCH 1/4 v2] efi/libstub: add prototype of efi_tcg2_protocol::hash_log_extend_event() Ilias Apalodimas
2021-09-02  8:04 ` [PATCH 2/4 v2] efi/libstub: x86/mixed: increase supported argument count Ilias Apalodimas
2021-09-02  8:27   ` Ard Biesheuvel
2021-09-02  8:37     ` Ilias Apalodimas
2021-09-02  8:39       ` Ilias Apalodimas
2021-09-02  8:04 ` [PATCH 3/4 v2] efi/libstub: consolidate initrd handling across architectures Ilias Apalodimas
2021-09-02  8:04 ` [PATCH 4/4 v2] efi/libstub: measure loaded initrd info into the TPM Ilias Apalodimas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210902080416.5461-1-ilias.apalodimas@linaro.org \
    --to=ilias.apalodimas@linaro.org \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=ardb@kernel.org \
    --cc=daniel.kiper@oracle.com \
    --cc=leif@nuviainc.com \
    --cc=linux-efi@vger.kernel.org \
    --cc=mjg59@google.com \
    --cc=nivedita@alum.mit.edu \
    --cc=pjones@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.