Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp166544ybm; Mon, 20 May 2019 13:57:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqy0MIH5rvkEk661g4ekdUGP6yBsbtdBBM/qTuFuZIJGFnM1AnDea3S0vNhEwj6XlLsBppuo X-Received: by 2002:a17:902:f208:: with SMTP id gn8mr78896323plb.312.1558385863235; Mon, 20 May 2019 13:57:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558385863; cv=none; d=google.com; s=arc-20160816; b=oo16VKwxDEAq5oaj3d8VDehNt06JiONBN/fpQJAv2hu3luU+fx13J9rupGZoWDfMzZ 4AktdxgA5mRJQJZL/THjDowWlVVASEZFou+aw3BPzgFhxQYoQBijrp9oVd0FFI28JK9O NDUTksDl19eii0dqMT7F0r2NtvagcDd4KGNq9zrP96Z7pJ+zcs1IOogPDUzLkchqdPwv hWNlz6z4NnBGsXi+6Gq+KFgG7ufZP9QI6y3vXtubX0dH9dtDhPPGCTEgQ1WQd3RY0Bmk 4eADeugs6A1B0RzHI0m5Vj3TuNTGaZlWEjufOrKRKK1Ku2HTQ1xSIuZCXgYqVgZ2y8kR POVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=aAD72H50ABa7i4hUmGTaWeMcxOGiBgmrF/zB0iTqZPc=; b=PK6GffWAk4Denjfe94jo0ebQyWOgqNiR4AgigN1EYAePlTRvNuF1TGrytPfwbEj5ZQ sHLtyVynGA1uPr6Op0RneNbdeSIbqdRdA71yTB66EaEESK0mC/yQCPCP1Y4jGt2mU7xD rSR8R7WhH9QcTNHFLa2rV5mEcOOMvC+iFBd2M0KjwVLaZrD93ut4TUmp36dU3xvoEEYk Rb1xpPai51zKllFRgEhnwCgSpkbj0aNNeSkfdLS7ZSK/Y+UrFeQUGAxhSMwkf8OhSSBh 5MRw7zNw39tcJL9lutqzf0WIVX5AbxzAZsEapuJULnE+zN9CCfqmL2+hvD3Iith3t7hd 0uLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=oy4ecePB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v14si20209263pfa.252.2019.05.20.13.57.28; Mon, 20 May 2019 13:57:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=oy4ecePB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726966AbfETUzP (ORCPT + 99 others); Mon, 20 May 2019 16:55:15 -0400 Received: from mail-pg1-f202.google.com ([209.85.215.202]:43839 "EHLO mail-pg1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726933AbfETUzO (ORCPT ); Mon, 20 May 2019 16:55:14 -0400 Received: by mail-pg1-f202.google.com with SMTP id x13so10508223pgl.10 for ; Mon, 20 May 2019 13:55:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=aAD72H50ABa7i4hUmGTaWeMcxOGiBgmrF/zB0iTqZPc=; b=oy4ecePBsvz9xac0sPq5+vZj/9DPsHi82imiGV3JXteI2ZIAgaQBj5lIBG6QRT7Pwb JDCFVI8HELF3U8vUxaYayffHsPJmwS+V5pA5EM0kHV+BtF5CrZDr8WKsebDQKfJePJ1U VRp5JL+s0h20lcmBB9keY28+iGuLquVMetdMhqk5NzKXJUjlIb5UWHt3tBEefJ4BVQZk EqPYQ9dO7jAmi2kUrMfB6cGrkhG7Hy27QAJ7NphhR2soj/A+Ae1hUeh3RrBSbnyaZShU OICSHoL+cttN6/XUpBvv0K3X3GLs1y0aS/M7lZHBvclCcp61I0eQv8ZJjpJMeZTDaPVV UW3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=aAD72H50ABa7i4hUmGTaWeMcxOGiBgmrF/zB0iTqZPc=; b=kXPmpMwvQHl4sH+pkPgw6EM7LtjhoBF3nutEb8SXhR0w5OVRonS8nzeFHxHlnIaCx0 jSTTz+8kO9gu7BhmlIvJHd8n9orurbx47Vv+spd3GNf5Tg7qO/Shy8smHhliXWjPI/om q1SK/s+BKZAs/3lDY8L+8uUp0+XUn4t8KRIDdOrO/L/xXOqIy/sP+CCUlci7lNutOta3 FqTVEqOPFZCpLOc+a3oRT9H2IpWkNyNaqsbhG6rklLL/BAAPQJ1dgnzVlg1jJp00VOPK lBVE2pal5jtKhNkBMJAOLgvSx8WGx5zJTDJKWhcTBTdFz2s0m4Wjt6aOTXi63KALO5o7 xzoQ== X-Gm-Message-State: APjAAAVuxzQ+B+Zt9cT3QA51OKJ5AOhLIONVEwY7QD3pbkVusaOHQg6T XXani9gx8oEk08o+npH6mLLmn0dSKZftOFEDpPp0hg== X-Received: by 2002:a65:4c07:: with SMTP id u7mr75208395pgq.93.1558385713378; Mon, 20 May 2019 13:55:13 -0700 (PDT) Date: Mon, 20 May 2019 13:55:00 -0700 In-Reply-To: <20190520205501.177637-1-matthewgarrett@google.com> Message-Id: <20190520205501.177637-4-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190520205501.177637-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.1020.gf2820cf01a-goog Subject: [PATCH V7 3/4] tpm: Append the final event log to the TPM event log From: Matthew Garrett To: linux-integrity@vger.kernel.org Cc: peterhuewe@gmx.de, jarkko.sakkinen@linux.intel.com, jgg@ziepe.ca, roberto.sassu@huawei.com, linux-efi@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, tweek@google.com, bsz@semihalf.com, Matthew Garrett Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Matthew Garrett Any events that are logged after GetEventsLog() is called are logged to the EFI Final Events table. These events are defined as being in the crypto agile log format, so we can just append them directly to the existing log if it's in the same format. In theory we can also construct old-style SHA1 log entries for devices that only return logs in that format, but EDK2 doesn't generate the final event log in that case so it doesn't seem worth it at the moment. Signed-off-by: Matthew Garrett --- drivers/char/tpm/eventlog/efi.c | 50 ++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 7 deletions(-) diff --git a/drivers/char/tpm/eventlog/efi.c b/drivers/char/tpm/eventlog/efi.c index 3e673ab22cb4..9179cf6bdee9 100644 --- a/drivers/char/tpm/eventlog/efi.c +++ b/drivers/char/tpm/eventlog/efi.c @@ -21,10 +21,13 @@ int tpm_read_log_efi(struct tpm_chip *chip) { + struct efi_tcg2_final_events_table *final_tbl = NULL; struct linux_efi_tpm_eventlog *log_tbl; struct tpm_bios_log *log; u32 log_size; u8 tpm_log_version; + void *tmp; + int ret; if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) return -ENODEV; @@ -52,15 +55,48 @@ int tpm_read_log_efi(struct tpm_chip *chip) /* malloc EventLog space */ log->bios_event_log = kmemdup(log_tbl->log, log_size, GFP_KERNEL); - if (!log->bios_event_log) - goto err_memunmap; - log->bios_event_log_end = log->bios_event_log + log_size; + if (!log->bios_event_log) { + ret = -ENOMEM; + goto out; + } + log->bios_event_log_end = log->bios_event_log + log_size; tpm_log_version = log_tbl->version; - memunmap(log_tbl); - return tpm_log_version; -err_memunmap: + ret = tpm_log_version; + + if (efi.tpm_final_log == EFI_INVALID_TABLE_ADDR || + efi_tpm_final_log_size == 0 || + tpm_log_version != EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) + goto out; + + final_tbl = memremap(efi.tpm_final_log, + sizeof(*final_tbl) + efi_tpm_final_log_size, + MEMREMAP_WB); + if (!final_tbl) { + pr_err("Could not map UEFI TPM final log\n"); + kfree(log->bios_event_log); + ret = -ENOMEM; + goto out; + } + + tmp = krealloc(log->bios_event_log, + log_size + efi_tpm_final_log_size, + GFP_KERNEL); + if (!tmp) { + kfree(log->bios_event_log); + ret = -ENOMEM; + goto out; + } + + log->bios_event_log = tmp; + memcpy((void *)log->bios_event_log + log_size, + final_tbl->events, efi_tpm_final_log_size); + log->bios_event_log_end = log->bios_event_log + + log_size + efi_tpm_final_log_size; + +out: + memunmap(final_tbl); memunmap(log_tbl); - return -ENOMEM; + return ret; } -- 2.21.0.1020.gf2820cf01a-goog