Received: by 2002:ac0:8845:0:0:0:0:0 with SMTP id g63csp2214560img; Wed, 27 Feb 2019 12:27:54 -0800 (PST) X-Google-Smtp-Source: AHgI3IYDXFg/2Pl6F3C09doF3CjAS37GHoHsL5gkKi4HFECw0PAzeGppPABLEF/ALdKFwa9js4PY X-Received: by 2002:a17:902:6949:: with SMTP id k9mr4158859plt.188.1551299274416; Wed, 27 Feb 2019 12:27:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551299274; cv=none; d=google.com; s=arc-20160816; b=OoDwWYHeHgBYsmjFU4xnOnFwkfNzP9X77hmQwHaPLyoNB89YpDnp1FVPMpDSXXJk5j /x7hTWXK99xScIaHWBNL8eJ72r7qvHV6w1hf1X+a0JAnKK8gbW7IxxnolWItV6X5CwdJ MKJ+Fm22k5F54omT4d/ZlMiqa4xRpwoiDRznsLpvWidzOxG5RkVure/j3VKYmoEBhdAN 1GCDPrMCSBle7tiZg2oEkOe0RQpClFFnA8krJ+EaWkMie0QjD9tWyE9jJUVVtZWpcmFo 4zcenuzgk2tDQ3SmibXerah10h4Ynb0DyxoG9SuL+bFAxiMXTouY1JTkhfH3iRwNlAnZ y11Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=1nI9YVXfgqNpk5XW8Xm1tcUj85eeRe0pkl/kkIvxHvg=; b=JKjGFHVof+rA9lk9o1wvZCeQ7+DSvDMIoBwDmf/wuVyoBr8+AkBsV11X8yFq0wkSIx euu18LYO7wDP5CP/IKLPjoOvyOjAatMOV5+vqNJ4TmZ2yaE5BAO4gRVgZg9C/u5nHW2H T8KOu5jpuODDofDPYlyRRvXv7S4zzOAAhicTjUtP8AWYE1jSgGKGM1YJ7rj+OkFKP+9G thbyxOQ4l4YSupCI5uh68weTa7tzJ8UKPGd+87AkN5g3Frpjj5WXU80c8dhl/i4lv4sM JtEIQSj5MNvXsy0z9WS+yKC/HlTQcnmHcdGILzoLaOSBbUvZ4I7T3ATzo+9MCQHw5RhK 1Dhw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=G0Ld6eHP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q188si18177565pfc.159.2019.02.27.12.27.39; Wed, 27 Feb 2019 12:27:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=G0Ld6eHP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730424AbfB0U1M (ORCPT + 99 others); Wed, 27 Feb 2019 15:27:12 -0500 Received: from mail-ot1-f74.google.com ([209.85.210.74]:44227 "EHLO mail-ot1-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730368AbfB0U1J (ORCPT ); Wed, 27 Feb 2019 15:27:09 -0500 Received: by mail-ot1-f74.google.com with SMTP id l8so8450469otp.11 for ; Wed, 27 Feb 2019 12:27:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=1nI9YVXfgqNpk5XW8Xm1tcUj85eeRe0pkl/kkIvxHvg=; b=G0Ld6eHP54tQ4pIVNjkrLhaQjZmVAJRSFQRbHOVXWTaga0IsepE+gIRR4qS+L2ptfs PsltX25NRJpTS9+GlVW0QYIC3elLpa5MC8wH4830J+OrdWvaAr8Az9wydE2DDCVsG42r qiqJmDKfhQMO6gA4vciTMI1U/wdV/uAzdSI6/tu6Puc5WiqwY5lFx5eooJdOwOy8XFdh 8QR17REJ6wleHFwBuxQjmeDRAC3HskPHsyqP/+IgplV0JcFR3w5T1MuwSQmr+6OgEf8k QknCwkhVAfQVFkiEC7eMC9EXHNpFs14yTryK2ZwIAjS4ZK9jcW486qF8lZHeovi63oRo DJYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=1nI9YVXfgqNpk5XW8Xm1tcUj85eeRe0pkl/kkIvxHvg=; b=Fh6BtCK7c7ITaLO/K6hPU/UDvz/7afb+ZaJvYE3RG/8E7xEGAtLy0uc6iOevOzRGzs 0XldwM6QofuGkG+B76nn8XImIf6xQLbGtLEF5QOJDamGJ6qrusjkVqxtUifRT+CD7VtO ONktABLkhYV4k/x4JkW8G8hs9FQzQ4DbAp3KRfdY3KPb6WqqlD2lmmdsXKCWQvUhpsB1 lsyAh+i10gNZ2TZLF7XRicvFaibq7npkoHRLhYmXysc+5kX1z3Ljl83w7bu3rwPV3KDI DXcHbHC5MzyD7t1OaidaDGyW44e+pnqJmgkUP7nKfng3eVOEEHigARSTebYlCrGEJz7y 0GiA== X-Gm-Message-State: AHQUAuZxCKRr0t9RUQ6ZlTC2kOEw7uKezIL7uixqM88tUCabnUSK45kc 2B+I0RcnsXCnNl1gBiQ38x2AzreyvSt8sTAWF05G8Q== X-Received: by 2002:a05:6830:2113:: with SMTP id i19mr3108891otc.9.1551299228134; Wed, 27 Feb 2019 12:27:08 -0800 (PST) Date: Wed, 27 Feb 2019 12:26:56 -0800 In-Reply-To: <20190227202658.197113-1-matthewgarrett@google.com> Message-Id: <20190227202658.197113-3-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190227202658.197113-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.352.gf09ad66450-goog Subject: [PATCH V5 2/4] tpm: Reserve the TPM final events table From: Matthew Garrett To: linux-integrity@vger.kernel.org Cc: peterhuewe@gmx.de, jarkko.sakkinen@linux.intel.com, jgg@ziepe.ca, roberto.sassu@huawei.com, linux-efi@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, tweek@google.com, Matthew Garrett Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Matthew Garrett UEFI systems provide a boot services protocol for obtaining the TPM event log, but this is unusable after ExitBootServices() is called. Unfortunately ExitBootServices() itself triggers additional TPM events that then can't be obtained using this protocol. The platform provides a mechanism for the OS to obtain these events by recording them to a separate UEFI configuration table which the OS can then map. Unfortunately this table isn't self describing in terms of providing its length, so we need to parse the events inside it to figure out how long it is. Since the table isn't mapped at this point, we need to extend the length calculation function to be able to map the event as it goes along. Signed-off-by: Matthew Garrett --- drivers/char/tpm/eventlog/tpm2.c | 2 +- drivers/firmware/efi/efi.c | 2 + drivers/firmware/efi/tpm.c | 51 ++++++++++++++++- include/linux/efi.h | 9 +++ include/linux/tpm_eventlog.h | 94 +++++++++++++++++++++++++++++--- 5 files changed, 148 insertions(+), 10 deletions(-) diff --git a/drivers/char/tpm/eventlog/tpm2.c b/drivers/char/tpm/eventlog/tpm2.c index 1a977bdd3bd2..de1d9f7e5a92 100644 --- a/drivers/char/tpm/eventlog/tpm2.c +++ b/drivers/char/tpm/eventlog/tpm2.c @@ -40,7 +40,7 @@ static size_t calc_tpm2_event_size(struct tcg_pcr_event2_head *event, struct tcg_pcr_event *event_header) { - return __calc_tpm2_event_size(event, event_header); + return __calc_tpm2_event_size(event, event_header, false); } static void *tpm2_bios_measurements_start(struct seq_file *m, loff_t *pos) diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 4c46ff6f2242..bf4e9a254e23 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -53,6 +53,7 @@ struct efi __read_mostly efi = { .mem_attr_table = EFI_INVALID_TABLE_ADDR, .rng_seed = EFI_INVALID_TABLE_ADDR, .tpm_log = EFI_INVALID_TABLE_ADDR, + .tpm_final_log = EFI_INVALID_TABLE_ADDR, .mem_reserve = EFI_INVALID_TABLE_ADDR, }; EXPORT_SYMBOL(efi); @@ -485,6 +486,7 @@ static __initdata efi_config_table_type_t common_tables[] = { {EFI_MEMORY_ATTRIBUTES_TABLE_GUID, "MEMATTR", &efi.mem_attr_table}, {LINUX_EFI_RANDOM_SEED_TABLE_GUID, "RNG", &efi.rng_seed}, {LINUX_EFI_TPM_EVENT_LOG_GUID, "TPMEventLog", &efi.tpm_log}, + {LINUX_EFI_TPM_FINAL_LOG_GUID, "TPMFinalLog", &efi.tpm_final_log}, {LINUX_EFI_MEMRESERVE_TABLE_GUID, "MEMRESERVE", &efi.mem_reserve}, {NULL_GUID, NULL, NULL}, }; diff --git a/drivers/firmware/efi/tpm.c b/drivers/firmware/efi/tpm.c index 0cbeb3d46b18..2ccaa6661aaf 100644 --- a/drivers/firmware/efi/tpm.c +++ b/drivers/firmware/efi/tpm.c @@ -10,24 +10,50 @@ #include #include #include +#include #include +int efi_tpm_final_log_size; +EXPORT_SYMBOL(efi_tpm_final_log_size); + +static int tpm2_calc_event_log_size(void *data, int count, void *size_info) +{ + struct tcg_pcr_event2_head *header; + int event_size, size = 0; + + while (count > 0) { + header = data + size; + event_size = __calc_tpm2_event_size(header, size_info, true); + if (event_size == 0) + return -1; + size += event_size; + } + + return size; +} + /* * Reserve the memory associated with the TPM Event Log configuration table. */ int __init efi_tpm_eventlog_init(void) { struct linux_efi_tpm_eventlog *log_tbl; + struct efi_tcg2_final_events_table *final_tbl; unsigned int tbl_size; - if (efi.tpm_log == EFI_INVALID_TABLE_ADDR) + if (efi.tpm_log == EFI_INVALID_TABLE_ADDR) { + /* + * We can't calculate the size of the final events without the + * first entry in the TPM log, so bail here. + */ return 0; + } log_tbl = early_memremap(efi.tpm_log, sizeof(*log_tbl)); if (!log_tbl) { pr_err("Failed to map TPM Event Log table @ 0x%lx\n", - efi.tpm_log); + efi.tpm_log); efi.tpm_log = EFI_INVALID_TABLE_ADDR; return -ENOMEM; } @@ -35,6 +61,27 @@ int __init efi_tpm_eventlog_init(void) tbl_size = sizeof(*log_tbl) + log_tbl->size; memblock_reserve(efi.tpm_log, tbl_size); early_memunmap(log_tbl, sizeof(*log_tbl)); + + if (efi.tpm_final_log == EFI_INVALID_TABLE_ADDR) + return 0; + + final_tbl = early_memremap(efi.tpm_final_log, sizeof(*final_tbl)); + + if (!final_tbl) { + pr_err("Failed to map TPM Final Event Log table @ 0x%lx\n", + efi.tpm_final_log); + efi.tpm_final_log = EFI_INVALID_TABLE_ADDR; + return -ENOMEM; + } + + tbl_size = tpm2_calc_event_log_size(final_tbl->events, + final_tbl->nr_events, + (void *)efi.tpm_log); + memblock_reserve((unsigned long)final_tbl, + tbl_size + sizeof(*final_tbl)); + early_memunmap(final_tbl, sizeof(*final_tbl)); + efi_tpm_final_log_size = tbl_size; + return 0; } diff --git a/include/linux/efi.h b/include/linux/efi.h index 45ff763fba76..730dae84a932 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -676,6 +676,7 @@ void efi_native_runtime_setup(void); #define LINUX_EFI_LOADER_ENTRY_GUID EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf, 0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f) #define LINUX_EFI_RANDOM_SEED_TABLE_GUID EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2, 0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b) #define LINUX_EFI_TPM_EVENT_LOG_GUID EFI_GUID(0xb7799cb0, 0xeca2, 0x4943, 0x96, 0x67, 0x1f, 0xae, 0x07, 0xb7, 0x47, 0xfa) +#define LINUX_EFI_TPM_FINAL_LOG_GUID EFI_GUID(0x1e2ed096, 0x30e2, 0x4254, 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25) #define LINUX_EFI_MEMRESERVE_TABLE_GUID EFI_GUID(0x888eb0c6, 0x8ede, 0x4ff5, 0xa8, 0xf0, 0x9a, 0xee, 0x5c, 0xb9, 0x77, 0xc2) typedef struct { @@ -983,6 +984,7 @@ extern struct efi { unsigned long mem_attr_table; /* memory attributes table */ unsigned long rng_seed; /* UEFI firmware random seed */ unsigned long tpm_log; /* TPM2 Event Log table */ + unsigned long tpm_final_log; /* TPM2 Final Events Log table */ unsigned long mem_reserve; /* Linux EFI memreserve table */ efi_get_time_t *get_time; efi_set_time_t *set_time; @@ -1700,6 +1702,13 @@ struct linux_efi_tpm_eventlog { extern int efi_tpm_eventlog_init(void); +struct efi_tcg2_final_events_table { + u64 version; + u64 nr_events; + u8 events[]; +}; +extern int efi_tpm_final_log_size; + /* * efi_runtime_service() function identifiers. * "NONE" is used by efi_recover_from_page_fault() to check if the page diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h index 6a86144e13f1..d889e12047d9 100644 --- a/include/linux/tpm_eventlog.h +++ b/include/linux/tpm_eventlog.h @@ -112,10 +112,27 @@ struct tcg_pcr_event2_head { struct tpm_digest digests[]; } __packed; +struct tcg_algorithm_size { + u16 algorithm_id; + u16 algorithm_size; +}; + +struct tcg_algorithm_info { + u8 signature[16]; + u32 platform_class; + u8 spec_version_minor; + u8 spec_version_major; + u8 spec_errata; + u8 uintn_size; + u32 number_of_algorithms; + struct tcg_algorithm_size digest_sizes[]; +}; + /** * __calc_tpm2_event_size - calculate the size of a TPM2 event log entry * @event: Pointer to the event whose size should be calculated * @event_header: Pointer to the initial event containing the digest lengths + * @do_mapping: Whether or not the event needs to be mapped * * The TPM2 event log format can contain multiple digests corresponding to * separate PCR banks, and also contains a variable length of the data that @@ -131,10 +148,13 @@ struct tcg_pcr_event2_head { */ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, - struct tcg_pcr_event *event_header) + struct tcg_pcr_event *event_header, + bool do_mapping) { struct tcg_efi_specid_event_head *efispecid; struct tcg_event_field *event_field; + void *mapping = NULL; + int mapping_size; void *marker; void *marker_start; u32 halg_size; @@ -148,36 +168,96 @@ static inline int __calc_tpm2_event_size(struct tcg_pcr_event2_head *event, marker = marker + sizeof(event->pcr_idx) + sizeof(event->event_type) + sizeof(event->count); + /* Map the event header */ + if (do_mapping) { + mapping_size = marker - marker_start; + mapping = early_memremap((unsigned long)marker_start, + mapping_size); + if (!mapping) { + size = 0; + goto out; + } + } + efispecid = (struct tcg_efi_specid_event_head *)event_header->event; /* Check if event is malformed. */ - if (event->count > efispecid->num_algs) - return 0; + if (event->count > efispecid->num_algs) { + size = 0; + goto out; + } for (i = 0; i < event->count; i++) { halg_size = sizeof(event->digests[i].alg_id); + + /* Map the digest's algorithm identifier */ + if (do_mapping) { + early_memunmap(mapping, mapping_size); + mapping_size = marker - marker_start + halg_size; + mapping = early_memremap((unsigned long)marker_start, + mapping_size); + if (!mapping) { + size = 0; + goto out; + } + } + memcpy(&halg, marker, halg_size); marker = marker + halg_size; + for (j = 0; j < efispecid->num_algs; j++) { if (halg == efispecid->digest_sizes[j].alg_id) { marker += efispecid->digest_sizes[j].digest_size; + + /* Map the digest content itself */ + if (do_mapping) { + early_memunmap(mapping, mapping_size); + mapping_size = marker - marker_start; + mapping = early_memremap((unsigned long)marker_start, + mapping_size); + if (!mapping) { + size = 0; + goto out; + } + } break; } } /* Algorithm without known length. Such event is unparseable. */ - if (j == efispecid->num_algs) - return 0; + if (j == efispecid->num_algs) { + size = 0; + goto out; + } } event_field = (struct tcg_event_field *)marker; + + /* + * Map the event size - we don't read from the event itself, so + * we don't need to map it + */ + if (do_mapping) { + early_memunmap(marker_start, mapping_size); + mapping_size += sizeof(event_field->event_size); + mapping = early_memremap((unsigned long)marker_start, + mapping_size); + if (!mapping) { + size = 0; + goto out; + } + } + marker = marker + sizeof(event_field->event_size) + event_field->event_size; size = marker - marker_start; if ((event->event_type == 0) && (event_field->event_size == 0)) - return 0; - + size = 0; +out: + if (do_mapping) + early_memunmap(mapping, mapping_size); return size; } + #endif -- 2.21.0.352.gf09ad66450-goog