From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69010C433F5 for ; Mon, 4 Oct 2021 02:31:02 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7F4586126A for ; Mon, 4 Oct 2021 02:31:01 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 7F4586126A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 060B4834C1; Mon, 4 Oct 2021 04:30:59 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="m7WDJKNL"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8D454834C5; Mon, 4 Oct 2021 04:30:56 +0200 (CEST) Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 08F0A834BF for ; Mon, 4 Oct 2021 04:30:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-io1-xd2c.google.com with SMTP id 134so18513410iou.12 for ; Sun, 03 Oct 2021 19:30:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5503ExN3fgyH5k67oLhbpBfTR8zzdbejGGgoSoz+Nnw=; b=m7WDJKNLZKO4BYa473TgcDInqlteHJf2oGZ4QIuznBEZ1e6tSvt5T69MImTg8/Ukg/ ak+BCAz+8ba+4r2pPPdAx/hP1mpBizeVU1VaIduunU3FvsUmnQnFhbSbp3N/OqSaU32w 9pzJnq5SCX52JYgO6Xt3xqIpG9cDN6RmIX+12Jc+7McTKN/hDZZiq6cXNgWrt0Lw4/Cl Y4yKzJ6KIBUlvoe3Sz5PeV1aYnApnRU/CY0rcjI2/pi9IZPOkh7dhbNT41gXwv/GEgLs rylYNG+0v3qlblW8rKQ8AEQn3V4/tB2oVDJ///uycPkc6QrGiM2C/meIwfKE9CH9Qy65 HhgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5503ExN3fgyH5k67oLhbpBfTR8zzdbejGGgoSoz+Nnw=; b=Xd8N7jGqiMNg+mT9ajOBTFqxRSgi5khnwkTomCUMgvcrw1h03an+biYhA1jwaxq0+p vQ8QSVu9LPpaWibfPEw/ma1qPnvRtR57NFlnSgaHf/6+8dkEXRauQMhCKZw0XNkS0Owu MMLzqAe2TXmGYZVMSYqV4RE7oqQTU13D/5bMaTJdnaJM8IaBXO+ugx0BO/LduDUxqt7w spsUqSg9cyW/QYXOjQzv/PyTvHiNBGXIR5Tyo5HHrpWPsEMCw2duG6m3EX4sQtrJVkw+ 4pDUJ8A/iHdhByJzNMppsEvLYeWHVAik5/NI1fUM2mLhq4nbbQBN8SKkaIlF/SRikW+x VGrg== X-Gm-Message-State: AOAM531PAXBtNChMd67SevXCdFbH3QNftOv+dwoLcyMuOky75iVihJE0 DAv6ls9YESXd7TBC4lkWa0lLVQfjQuImW31X0TpVlw== X-Google-Smtp-Source: ABdhPJyGZunD/FuonL4LQ82ceiESv1aG2a2JyfistQbcbQ0vyrvYVGvCOmHFxW7lMa7+uA6P8Y2vtbELR7jnt61d+uQ= X-Received: by 2002:a05:6638:1929:: with SMTP id p41mr8943044jal.21.1633314651566; Sun, 03 Oct 2021 19:30:51 -0700 (PDT) MIME-Version: 1.0 References: <20211001111844.7422-1-masahisa.kojima@linaro.org> <20211001111844.7422-4-masahisa.kojima@linaro.org> <9944b9ef-e47b-7f57-1b78-ca797358d1cf@gmx.de> In-Reply-To: <9944b9ef-e47b-7f57-1b78-ca797358d1cf@gmx.de> From: Masahisa Kojima Date: Mon, 4 Oct 2021 11:30:40 +0900 Message-ID: Subject: Re: [PATCH v3 3/3] efi_loader: add DeployedMode and AuditMode variable measurement To: Heinrich Schuchardt Cc: Ilias Apalodimas , Alexander Graf , U-Boot Mailing List Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On Sat, 2 Oct 2021 at 01:43, Heinrich Schuchardt wrote: > > > > On 10/1/21 13:18, Masahisa Kojima wrote: > > This commit adds the DeployedMode and AuditMode variable > > measurement required in TCG PC Client PFP Spec. > > > > Signed-off-by: Masahisa Kojima > > --- > > > > Changes in v3: > > - read variable first, then mesure the variable > > > > lib/efi_loader/efi_tcg2.c | 50 +++++++++++++++++++++++++++++++++++++++ > > 1 file changed, 50 insertions(+) > > > > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c > > index 28e0362bf2..7fba4bc458 100644 > > --- a/lib/efi_loader/efi_tcg2.c > > +++ b/lib/efi_loader/efi_tcg2.c > > @@ -12,6 +12,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -1822,6 +1823,53 @@ out: > > return ret; > > } > > > > +/** > > + * tcg2_measure_deployed_audit_mode() - measure deployedmode and auditmode > > + * > > + * @dev: TPM device > > + * > > + * Return: status code > > + */ > > +static efi_status_t tcg2_measure_deployed_audit_mode(struct udevice *dev) > > +{ > > + u8 deployed_mode; > > + u8 audit_mode; > > + efi_uintn_t size; > > + efi_status_t ret; > > + u32 pcr_index; > > + > > + size = sizeof(deployed_mode); > > + ret = efi_get_variable_int(L"DeployedMode", &efi_global_variable_guid, > > + NULL, &size, &deployed_mode, NULL); > > + if (ret != EFI_SUCCESS) > > + return ret; > > + > > + size = sizeof(audit_mode); > > + ret = efi_get_variable_int(L"AuditMode", &efi_global_variable_guid, > > + NULL, &size, &audit_mode, NULL); > > + if (ret != EFI_SUCCESS) > > + return ret; > > + > > + pcr_index = (deployed_mode ? 1 : 7); > > + > > + ret = tcg2_measure_variable(dev, pcr_index, > > + EV_EFI_VARIABLE_DRIVER_CONFIG, > > + L"DeployedMode", > > + &efi_global_variable_guid, > > + size, &deployed_mode); > > + if (ret != EFI_SUCCESS) > > + return ret; > > + > > + > > + ret = tcg2_measure_variable(dev, pcr_index, > > + EV_EFI_VARIABLE_DRIVER_CONFIG, > > + L"AuditMode", > > + &efi_global_variable_guid, > > + size, &audit_mode); > > + > > + return ret; > > +} > > + > > /** > > * tcg2_measure_secure_boot_variable() - measure secure boot variables > > * > > @@ -1885,6 +1933,8 @@ static efi_status_t tcg2_measure_secure_boot_variable(struct udevice *dev) > > free(data); > > } > > > > + ret = tcg2_measure_deployed_audit_mode(dev); > > You do the same thing four times. A loop is preferable. After your series(efi_loader: centralize known vendor GUIDs) is merged, I will update this patch to use loop for the secure variables. Thanks, Masahisa Kojima > > Best regards > > Heinrich > > > + > > error: > > return ret; > > } > >