| Message ID | 20200512154452.1702985-1-stefanb@linux.vnet.ibm.com |
|---|---|
| Headers | show |
| Series | vTPM: Measure the bootloader | expand |
On 13/05/2020 01:44, Stefan Berger wrote: > This series of patches adds support for measuring the booloader read from > a GPT partition. Since the boot loader is read into a buffer much bigger > (0x700000 bytes) than the original file, we need a way to determine the > original file size of the boot loader so that we measure only those > bytes from the buffer that are also found in the file. The file is > assumed to be an ELF file. We do this by extending libelf with a function > that allows us to determine the ELF file's original file size by walking > the ELF headers and looking for the farthest offset. In the normal case > this will result in the same hash calculated as if one does for example > 'sha256sum grub'. However, it could lead to a different measurement if > the user intentionately appended bytes to the file, which are not > referenced by any ELF section. We cannot solve this case. > > Stefan > > v2->v3: > - addressed nits Thanks, applied. > > v1->v2: > - Followed Alexey's comments > - Renamed new function suffix from '_file' to '_buffer' to be more > generic > > > Stefan Berger (3): > elf: Implement elf_get_file_size to determine size of an ELF image > tcgbios: Implement tpm_hash_log_extend_event_buffer > tcgbios: Measure the bootloader file read from disk > > include/helpers.h | 2 + > include/libelf.h | 14 +++++++ > lib/libelf/elf.c | 26 +++++++++++++ > lib/libelf/elf32.c | 69 ++++++++++++++++++++++++++++++++++ > lib/libelf/elf64.c | 57 ++++++++++++++++++++++++++++ > lib/libtpm/tcgbios.c | 44 ++++++++++++++++++++++ > lib/libtpm/tcgbios.h | 5 +++ > lib/libtpm/tpm.code | 19 ++++++++++ > lib/libtpm/tpm.in | 1 + > slof/fs/packages/disk-label.fs | 19 +++++++++- > 10 files changed, 255 insertions(+), 1 deletion(-) >
This series of patches adds support for measuring the booloader read from a GPT partition. Since the boot loader is read into a buffer much bigger (0x700000 bytes) than the original file, we need a way to determine the original file size of the boot loader so that we measure only those bytes from the buffer that are also found in the file. The file is assumed to be an ELF file. We do this by extending libelf with a function that allows us to determine the ELF file's original file size by walking the ELF headers and looking for the farthest offset. In the normal case this will result in the same hash calculated as if one does for example 'sha256sum grub'. However, it could lead to a different measurement if the user intentionately appended bytes to the file, which are not referenced by any ELF section. We cannot solve this case. Stefan v2->v3: - addressed nits v1->v2: - Followed Alexey's comments - Renamed new function suffix from '_file' to '_buffer' to be more generic Stefan Berger (3): elf: Implement elf_get_file_size to determine size of an ELF image tcgbios: Implement tpm_hash_log_extend_event_buffer tcgbios: Measure the bootloader file read from disk include/helpers.h | 2 + include/libelf.h | 14 +++++++ lib/libelf/elf.c | 26 +++++++++++++ lib/libelf/elf32.c | 69 ++++++++++++++++++++++++++++++++++ lib/libelf/elf64.c | 57 ++++++++++++++++++++++++++++ lib/libtpm/tcgbios.c | 44 ++++++++++++++++++++++ lib/libtpm/tcgbios.h | 5 +++ lib/libtpm/tpm.code | 19 ++++++++++ lib/libtpm/tpm.in | 1 + slof/fs/packages/disk-label.fs | 19 +++++++++- 10 files changed, 255 insertions(+), 1 deletion(-)