Hi Ard, On Mon, Nov 02, 2020 at 06:06:27PM +0100, Ard Biesheuvel wrote: > This series enables measurement of the initrd data loaded directly by the > EFI stub into the TPM, using the TCG2 protocol exposed by the firmware (if > available). This ensures that the initrd observed and used by the OS is the > same one that got measured into the TPM, which is more difficult to guarantee > in the current situation. > I like this. The OS gets the ability to 'self-measure' one critical component. This can of course be done in the bootloader or GRUB, but having the functionality in the stub will allow you to boot with a verified initrd, if even GRUB isn't there or the bootloader doesn't measure the initrd. > This is posted as an RFC since it is mostly an invitation to discuss how > we can fit this into a longer term strategy for arch-agnostic secure and > measured boot that does not hinge on the Shim+GRUB tandem, or on deep > knowledge on the part of the bootloader regarding device trees, bootparams > structs, allocation and placement policies of various artifacts etc etc > > Open questions: > - Should we do this? I think so. I can't find any arguments why we shouldn't. > - Are Linux systems in the field using PCR value prediction when updating the > initrd? Does this approach interfere with that? > - Which PCR and event type to use No idea. I think distros will have an opinion on that > - Is a separator event needed here, given that the initrd measurement is > recorded even if no initrd was loaded by the stub? I think having the event make sense, but if we going to make a standard measurement for the initrd, we need to discuss this a bit more. > > Note that the EFI stub ignores the initrd provided directly via bootparams or > the device tree, and it would be nice if we could keep doing that. > > Build tested only. Cheers /Ilias > > Cc: Peter Jones <pjones@xxxxxxxxxx> > Cc: Leif Lindholm <leif@xxxxxxxxxxxx> > Cc: Arvind Sankar <nivedita@xxxxxxxxxxxx> > Cc: Matthew Garrett <mjg59@xxxxxxxxxx> > Cc: Daniel Kiper <daniel.kiper@xxxxxxxxxx> > Cc: Ilias Apalodimas <ilias.apalodimas@xxxxxxxxxx> > > Ard Biesheuvel (7): > efi/libstub: whitespace cleanup > efi/libstub: fix prototype of efi_tcg2_protocol::get_event_log() > efi/libstub: x86/mixed: increase supported argument count > efi/libstub: move TPM related prototypes into efistub.h > efi/libstub: add prototype of > efi_tcg2_protocol::hash_log_extend_event() > efi/libstub: consolidate initrd handling across architectures > efi/libstub: measure loaded initrd info into the TPM > > arch/x86/boot/compressed/efi_thunk_64.S | 17 ++++-- > arch/x86/include/asm/efi.h | 13 +++-- > arch/x86/platform/efi/efi_thunk_64.S | 17 ++++-- > .../firmware/efi/libstub/efi-stub-helper.c | 56 +++++++++++++++---- > drivers/firmware/efi/libstub/efi-stub.c | 10 +--- > drivers/firmware/efi/libstub/efistub.h | 34 ++++++++++- > drivers/firmware/efi/libstub/x86-stub.c | 26 ++++----- > include/linux/efi.h | 13 +---- > 8 files changed, 123 insertions(+), 63 deletions(-) > > -- > 2.17.1 >
