[3/3] tcgbios: Measure the bootloader file read from disk

Message ID	20200512154452.1702985-4-stefanb@linux.vnet.ibm.com
State	Accepted
Headers	show Return-Path: <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org> From: Stefan Berger <stefanb@linux.vnet.ibm.com> To: aik@ozlabs.ru, slof@lists.ozlabs.org Date: Tue, 12 May 2020 11:44:52 -0400 Message-Id: <20200512154452.1702985-4-stefanb@linux.vnet.ibm.com> In-Reply-To: <20200512154452.1702985-1-stefanb@linux.vnet.ibm.com> References: <20200512154452.1702985-1-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 Subject: [SLOF] [PATCH 3/3] tcgbios: Measure the bootloader file read from disk Precedence: list Cc: Stefan Berger <stefanb@linux.ibm.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "SLOF" <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>
Series	vTPM: Measure the bootloader \| expand [0/3] vTPM: Measure the bootloader [1/3] elf: Implement elf_get_file_size to determine size of an ELF image [2/3] tcgbios: Implement tpm_hash_log_extend_event_buffer [3/3] tcgbios: Measure the bootloader file read from disk

Message ID

20200512154452.1702985-4-stefanb@linux.vnet.ibm.com

State

Accepted

Headers

From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: aik@ozlabs.ru, slof@lists.ozlabs.org
Date: Tue, 12 May 2020 11:44:52 -0400
Message-Id: <20200512154452.1702985-4-stefanb@linux.vnet.ibm.com>
In-Reply-To: <20200512154452.1702985-1-stefanb@linux.vnet.ibm.com>
References: <20200512154452.1702985-1-stefanb@linux.vnet.ibm.com>
MIME-Version: 1.0
Subject: [SLOF] [PATCH 3/3] tcgbios: Measure the bootloader file read from
 disk
Precedence: list
Cc: Stefan Berger <stefanb@linux.ibm.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org
Sender: "SLOF" <slof-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org>

Series

vTPM: Measure the bootloader | expand

Commit Message

Stefan Berger May 12, 2020, 3:44 p.m. UTC

From: Stefan Berger <stefanb@linux.ibm.com>

Measure the bootloader file read from disk into PCR 4 and log it with
the description 'BOOTLOADER' and the event type EV_COMPACT_HASH
(code 0xc). Since the loaded file should be an ELF file, have its size
determined and only the bytes from the ELF image measured rather than
the whole buffer that it was read into and is much bigger (0x700000
bytes).

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 slof/fs/packages/disk-label.fs | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/slof/fs/packages/disk-label.fs b/slof/fs/packages/disk-label.fs
index bb64022..661c6b0 100644
--- a/slof/fs/packages/disk-label.fs
+++ b/slof/fs/packages/disk-label.fs
@@ -452,6 +452,20 @@  CREATE GPT-LINUX-PARTITION 10 allot
    THEN
 ;
 
+\ Measure the boot loader file into PCR 4 as event type EV_COMPACT_HASH (0xc)
+
+: measure-bootloader ( data-ptr data-len -- )
+   s" /ibm,vtpm" find-node IF
+      4 -rot                    ( 4 data-ptr data-len )
+      c -rot                    ( 4 c data-ptr data-len )
+      s" BOOTLOADER"            ( 4 c data-ptr data-len desc-ptr desc-len )
+      true tpm-hash-log-extend-event-buffer   ( errcode )
+      drop
+   ELSE
+      2drop
+   THEN
+;
+
 : load-from-gpt-prep-partition ( addr -- size )
    get-gpt-partition 0= IF false EXIT THEN
    block gpt>num-part-entry l@-le dup 0= IF false exit THEN
@@ -465,7 +479,10 @@  CREATE GPT-LINUX-PARTITION 10 allot
          swap                                 ( addr blocks first-lba )
          block-size * to part-offset          ( addr blocks )
          0 0 seek drop                        ( addr blocks )
-         block-size * read                    ( size )
+         over swap                            ( addr addr blocks)
+         block-size * read                    ( addr size )
+         2dup measure-bootloader              ( addr size )
+         nip                                  ( size)
          UNLOOP EXIT
      THEN
      seek-pos gpt-part-size + to seek-pos