Hello Matthew,
I've tested your patches (plus the verify framework) today on a Lenovo
Thinkpad X1 Carbon with 2 different setups:
a) Infineon TPM1.2 chip
b) Intel PTT firmware-based TPM2.0
It works correctly in both cases, there are measurements made by grub2
on both PCR{8,9} as expected:
(a) $ grep PCR-0[8,9] /sys/devices/pnp0/00:08/pcrs
PCR-08: 37 71 AD AB A9 10 83 D9 B2 63 B1 27 41 E6 33 F5 42 88 96 94
PCR-09: 18 46 A1 D9 31 D0 C4 66 FA 26 78 A2 B2 BA AF 80 E8 0E 8A 5D
(b) $ tpm2_listpcrs -L 0x4:8,9
Bank/Algorithm: TPM_ALG_SHA1(0x0004)
PCR_08: 37 71 ad ab a9 10 83 d9 b2 63 b1 27 41 e6 33 f5 42 88 96 94
PCR_09: 18 46 a1 d9 31 d0 c4 66 fa 26 78 a2 b2 ba af 80 e8 0e 8a 5d
Before your patches, I only saw the measurement made by shim on PCR9:
(a) $ grep PCR-0[8,9] /sys/devices/pnp0/00:08/pcrs
PCR-08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-09: C9 EC 5F CF D2 1C 25 F0 EA 9D DF 51 FF 0C BE 20 3A 93 4E 2D
(b) $ tpm2_listpcrs -L 0x4:8,9
Bank/Algorithm: TPM_ALG_SHA1(0x0004)
PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR_09: c9 ec 5f cf d2 1c 25 f0 ea 9d df 51 ff 0c be 20 3a 93 4e 2d
I've a couple of questions though, I'm new to TPM and trusted computing
in general so please forgive me if I say something wrong/silly :)
On 06/15/2017 02:21 AM, Matthew Garrett wrote:
> +
> +static grub_efi_boolean_t grub_tpm2_present(grub_efi_tpm2_protocol_t *tpm)
> +{
> + grub_efi_status_t status;
> + EFI_TCG2_BOOT_SERVICE_CAPABILITY caps;
> +
> + caps.Size = (grub_uint8_t)sizeof(caps);
> +
> + status = efi_call_2(tpm->get_capability, tpm, &caps);
> +
> + if (status != GRUB_EFI_SUCCESS || !caps.TPMPresentFlag)
> + return 0;
> +
The TCG EFI Protocol Specification (rev 00.13, March 2016) mentions that the
tdEFI_TCG2_BOOT_SERVICE_CAPABILITY StructureVersion Major and Minor should
be checked to determine the EFI_TCG2_BOOT_SERVICE_CAPABILITY struct version.
In fact, shim checks for this and instead use tdTREE_BOOT_SERVICE_CAPABILITY
if Major == 1 && Minor == 0. The EFI firmware on my Lenovo X1 Carbon reports
these values for the FW TPM2.0 so I first was expecting the code to fail. But
it works and I now see that the structures layout are equal so doesn't matter.
Do you think that we should be more strict on this? Or instead the shim code
could be simplified as you did here and avoid distinguish between the two?
> +
> +static grub_err_t
> +grub_tpm2_log_event(grub_efi_handle_t tpm_handle, unsigned char *buf,
> + grub_size_t size, grub_uint8_t pcr,
> + const char *description)
> +{
> + EFI_TCG2_EVENT *event;
> + grub_efi_status_t status;
> + grub_efi_tpm2_protocol_t *tpm;
> +
> + tpm = grub_efi_open_protocol (tpm_handle, &tpm2_guid,
> + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL);
> +
> + if (!grub_tpm2_present(tpm))
> + return 0;
> +
> + event = grub_zalloc(sizeof (EFI_TCG2_EVENT) + grub_strlen(description) +
> 1);
> + if (!event)
> + return grub_error (GRUB_ERR_OUT_OF_MEMORY,
> + N_("cannot allocate TPM event buffer"));
> +
> + event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER);
> + event->Header.HeaderVersion = 1;
> + event->Header.PCRIndex = pcr;
> + event->Header.EventType = EV_IPL;
> + event->Size = sizeof(*event) - sizeof(event->Event) +
> grub_strlen(description) + 1;
> + grub_memcpy(event->Event, description, grub_strlen(description) + 1);
> +
> + status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, buf,
> + (grub_uint64_t) size, event);
> +
Have you looked at how to get the TPM2.0 event logs from Linux? The TCG EFI
Protocol
Specification mentions that all events generated after a EFI_TCG2_GET_EVENT_LOG
call
shall be stored in a EFI_CONFIGURATION_TABLE that could be retrieved by the OS
before
a call to ExitBootServices().
I see that shim calls GetEventLogs() to trigger this switch and your patch
doesn't.
But Linux still doesn't have support to lookup this table anyways, so I think
it's OK.
It's also mentioned in the TCG ACPI (1.2 rev 8, February 2017) and TCG PC
Client PFP
(rev 00.49, January 2017) specifications, that the TPM2 ACPI table has optional
fields
for the Log Area Start Address (LASA) and Log Area Minimum Length (LAML). So
that would
be similar to the TPM1.2 TCPA ACPI table. I guess Linux should need support for
both?
Thanks a lot and best regards,
--
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
