Hi!
This is a respin of [1].
This enables initrd measuring when loaded directly by the kernel EFI stub.
It ensures that the initrd observed and used by the OS is the same one that
got measured into the TPM, which is difficult to guarantee in the current
otherwise.
There's a couple of changes compared to the original RFC:
- Ard fixed the x86 assembly for providing the extra arguments needed and I
rebased it on top of
commit 22aa45cb465b ("x86/efi: Restore Firmware IDT before calling ExitBootServices()")
- Instead of EV_IPL we are now using EV_EVENT_TAG. EV_IPL was marked
as deprecated up until the latest PC client spec [2] (and deprecated in
older revisions [3]). It's current description is:
"It may be used by Boot Manager Code to measure events."
EV_EVENT_TAG on the other hand seems more appropriate as it's defined as:
"Used for PCRs defined for OS and application usage. Defined for use by
Host Platform Operating System or Software."
- We are only measuring the initrd if it was loaded using the LOAD_FILE2
protocol. This is not what we probably want in the long run, but let's
only enforce the measurement on the new way of loading an initrd for now.
Questions:
- Since GRUB seems to be using PCRs 8/9 for it's EV_IPL events, maybe we should
use something completely different?
I did test this on arm64 and x86_64 (incl mixed mode). Here's a snip of the
EventLog
<snip>
- EventNum: 23
PCRIndex: 9
EventType: EV_EVENT_TAG
DigestCount: 4
Digests:
- AlgorithmId: sha1
Digest: "53fe403e0d763f6a4e3384e8112d6463e7ddf12b"
- AlgorithmId: sha256
Digest: "28f24eab8cb433e4b8cbce0f96b7ad0aa541a4b905f748491139e42f0adc8026"
- AlgorithmId: sha384
Digest: "848389ab172267dcf9a0b873c7534b3d969e915b525c9fe2b57db47f4ecd8283b18d6e0cff84099893d589447c2bea55"
- AlgorithmId: sha512
Digest: "438b254c92e6716a5a1ba0338f5e751f3dd27782481e5698911b4cd33a98efdd776459d56781c5ae4a8d0b9945246d04ab243d4dbe03f49542e2455ac66db584"
EventSize: 21
Event: "ec223b8f0d0000004c696e757820696e6974726400"
<snip>
[1] https://lore.kernel.org/linux-efi/20201102170634.20575-1-ardb@xxxxxxxxxx/
[2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf
[3] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientSpecPlat_TPM_2p0_1p04_pub.pdf
Ard Biesheuvel (3):
efi/libstub: add prototype of
efi_tcg2_protocol::hash_log_extend_event()
efi/libstub: x86/mixed: increase supported argument count
efi/libstub: consolidate initrd handling across architectures
Ilias Apalodimas (1):
efi/libstub: measure loaded initrd info into the TPM
arch/x86/boot/compressed/efi_thunk_64.S | 14 +++-
arch/x86/include/asm/efi.h | 14 +++-
arch/x86/platform/efi/efi_thunk_64.S | 14 +++-
.../firmware/efi/libstub/efi-stub-helper.c | 73 ++++++++++++++++---
drivers/firmware/efi/libstub/efi-stub.c | 10 +--
drivers/firmware/efi/libstub/efistub.h | 30 +++++++-
drivers/firmware/efi/libstub/x86-stub.c | 26 +++----
7 files changed, 134 insertions(+), 47 deletions(-)
--
2.33.1
