linux-efi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Peter Jones <pjones@redhat.com>,
	Leif Lindholm <leif@nuviainc.com>,
	Arvind Sankar <nivedita@alum.mit.edu>,
	Matthew Garrett <mjg59@google.com>,
	Daniel Kiper <daniel.kiper@oracle.com>,
	Ilias Apalodimas <ilias.apalodimas@linaro.org>
Subject: [RFC PATCH 0/7] efi/libstub: measurement initrd data loaded by the EFI stub
Date: Mon,  2 Nov 2020 18:06:27 +0100	[thread overview]
Message-ID: <20201102170634.20575-1-ardb@kernel.org> (raw)

This series enables measurement of the initrd data loaded directly by the
EFI stub into the TPM, using the TCG2 protocol exposed by the firmware (if
available). This ensures that the initrd observed and used by the OS is the
same one that got measured into the TPM, which is more difficult to guarantee
in the current situation.

This is posted as an RFC since it is mostly an invitation to discuss how
we can fit this into a longer term strategy for arch-agnostic secure and
measured boot that does not hinge on the Shim+GRUB tandem, or on deep
knowledge on the part of the bootloader regarding device trees, bootparams
structs, allocation and placement policies of various artifacts etc etc

Open questions:
- Should we do this?
- Are Linux systems in the field using PCR value prediction when updating the
  initrd? Does this approach interfere with that?
- Which PCR and event type to use
- Is a separator event needed here, given that the initrd measurement is
  recorded even if no initrd was loaded by the stub?

Note that the EFI stub ignores the initrd provided directly via bootparams or
the device tree, and it would be nice if we could keep doing that.

Build tested only.

Cc: Peter Jones <pjones@redhat.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Arvind Sankar <nivedita@alum.mit.edu>
Cc: Matthew Garrett <mjg59@google.com>
Cc: Daniel Kiper <daniel.kiper@oracle.com>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Ard Biesheuvel (7):
  efi/libstub: whitespace cleanup
  efi/libstub: fix prototype of efi_tcg2_protocol::get_event_log()
  efi/libstub: x86/mixed: increase supported argument count
  efi/libstub: move TPM related prototypes into efistub.h
  efi/libstub: add prototype of
    efi_tcg2_protocol::hash_log_extend_event()
  efi/libstub: consolidate initrd handling across architectures
  efi/libstub: measure loaded initrd info into the TPM

 arch/x86/boot/compressed/efi_thunk_64.S       | 17 ++++--
 arch/x86/include/asm/efi.h                    | 13 +++--
 arch/x86/platform/efi/efi_thunk_64.S          | 17 ++++--
 .../firmware/efi/libstub/efi-stub-helper.c    | 56 +++++++++++++++----
 drivers/firmware/efi/libstub/efi-stub.c       | 10 +---
 drivers/firmware/efi/libstub/efistub.h        | 34 ++++++++++-
 drivers/firmware/efi/libstub/x86-stub.c       | 26 ++++-----
 include/linux/efi.h                           | 13 +----
 8 files changed, 123 insertions(+), 63 deletions(-)

-- 
2.17.1


             reply	other threads:[~2020-11-02 17:06 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-02 17:06 Ard Biesheuvel [this message]
2020-11-02 17:06 ` [RFC PATCH 1/7] efi/libstub: whitespace cleanup Ard Biesheuvel
2020-11-02 17:06 ` [RFC PATCH 2/7] efi/libstub: fix prototype of efi_tcg2_protocol::get_event_log() Ard Biesheuvel
2020-11-02 17:06 ` [RFC PATCH 3/7] efi/libstub: x86/mixed: increase supported argument count Ard Biesheuvel
2020-11-02 17:06 ` [RFC PATCH 4/7] efi/libstub: move TPM related prototypes into efistub.h Ard Biesheuvel
2020-11-02 17:06 ` [RFC PATCH 5/7] efi/libstub: add prototype of efi_tcg2_protocol::hash_log_extend_event() Ard Biesheuvel
2020-11-02 17:06 ` [RFC PATCH 6/7] efi/libstub: consolidate initrd handling across architectures Ard Biesheuvel
2020-11-02 17:06 ` [RFC PATCH 7/7] efi/libstub: measure loaded initrd info into the TPM Ard Biesheuvel
2020-11-03 21:45   ` James Bottomley
2020-11-02 19:39 ` [RFC PATCH 0/7] efi/libstub: measurement initrd data loaded by the EFI stub Matthew Garrett
2020-11-02 20:24   ` Ard Biesheuvel
2020-11-02 20:26     ` Matthew Garrett
2020-11-03 21:37       ` James Bottomley
2020-11-03 22:29   ` James Bottomley
2020-11-03  5:51 ` Ilias Apalodimas
2020-11-03  8:18   ` Ard Biesheuvel
2020-11-03 21:22 ` James Bottomley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201102170634.20575-1-ardb@kernel.org \
    --to=ardb@kernel.org \
    --cc=daniel.kiper@oracle.com \
    --cc=ilias.apalodimas@linaro.org \
    --cc=leif@nuviainc.com \
    --cc=linux-efi@vger.kernel.org \
    --cc=mjg59@google.com \
    --cc=nivedita@alum.mit.edu \
    --cc=pjones@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).