[PATCH v3 18/19] slaunch: Introduce a hook for filling SLRT policy

Thu, 12 Dec 2024 05:44:49 -0800 

Signed-off-by: Sergii Dmytruk <sergii.dmyt...@3mdeb.com>
---
 grub-core/loader/slaunch/slrt.c | 37 ++++++++++++++++++++++++++++++++-
 include/grub/slaunch.h          | 10 +++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/grub-core/loader/slaunch/slrt.c b/grub-core/loader/slaunch/slrt.c
index b5213bcaa..0fe10041f 100644
--- a/grub-core/loader/slaunch/slrt.c
+++ b/grub-core/loader/slaunch/slrt.c
@@ -30,7 +30,7 @@
 #include <grub/i386/mmio.h>
 #include <grub/i386/txt.h>
 
-#define SLR_MAX_POLICY_ENTRIES         7
+#define SLR_MAX_POLICY_ENTRIES         16
 
 /* Area to collect and build SLR Table information */
 static grub_uint8_t slr_policy_buf[GRUB_PAGE_SIZE] = {0};
@@ -65,12 +65,30 @@ grub_setup_slrt_policy (struct grub_slaunch_params 
*slparams,
   struct grub_efi_info *efi_info = NULL;
   grub_uint64_t hi_val;
   int i = 0;
+  int added;
 
   /* A bit of work to extract the v2.08 EFI info from the linux params */
   if (boot_params != NULL)
     efi_info = (struct grub_efi_info *)((grub_uint8_t *)&(boot_params->v0208)
                                          + 2*sizeof(grub_uint32_t));
 
+  if (slparams->fill_policy_hook)
+    {
+      added = slparams->fill_policy_hook (1, SLR_MAX_POLICY_ENTRIES - i,
+                                          
&slr_policy_staging->policy_entries[i],
+                                          slparams->fill_policy_hook_data);
+      if (added < 0)
+        return grub_error (GRUB_ERR_OUT_OF_RANGE,
+                           N_("failed to prepend policy entries"));
+
+      i += added;
+    }
+
+  /* The code below always adds 7 entries. */
+  if (SLR_MAX_POLICY_ENTRIES - i < 7)
+    return grub_error (GRUB_ERR_OUT_OF_RANGE,
+                       N_("not enough policy entry slots"));
+
   /* the SLR table should be measured too, at least parts of it */
   slr_policy_staging->policy_entries[i].pcr = 18;
   slr_policy_staging->policy_entries[i].entity_type = GRUB_SLR_ET_SLRT;
@@ -159,6 +177,23 @@ grub_setup_slrt_policy (struct grub_slaunch_params 
*slparams,
     }
   else
     slr_policy_staging->policy_entries[i].entity_type = GRUB_SLR_ET_UNUSED;
+  i++;
+
+  if (slparams->fill_policy_hook)
+    {
+      added = slparams->fill_policy_hook (0, SLR_MAX_POLICY_ENTRIES - i,
+                                          
&slr_policy_staging->policy_entries[i],
+                                          slparams->fill_policy_hook_data);
+      if (added < 0)
+        return grub_error (GRUB_ERR_OUT_OF_RANGE,
+                           N_("failed to append policy entries"));
+
+      i += added;
+    }
+
+  /* Mark any unused entries with the appropriate type */
+  for (; i < SLR_MAX_POLICY_ENTRIES; ++i)
+      slr_policy_staging->policy_entries[i].entity_type = GRUB_SLR_ET_UNUSED;
 
   return GRUB_ERR_NONE;
 }
diff --git a/include/grub/slaunch.h b/include/grub/slaunch.h
index e0b51f12c..f7bea641e 100644
--- a/include/grub/slaunch.h
+++ b/include/grub/slaunch.h
@@ -68,6 +68,16 @@ struct grub_slaunch_params
   grub_uint32_t dce_size;
   grub_uint64_t tpm_evt_log_base;
   grub_uint32_t tpm_evt_log_size;
+
+  /*
+   * Can be NULL.  Called twice: when starting to add standard SLRT entries and
+   * after adding them.  Should return the number of entries added by the hook
+   * or a negative value on failure.
+   */
+  int (*fill_policy_hook)(int is_start, int available_entries,
+                          struct grub_slr_policy_entry *next_entry, void 
*data);
+  /* Data passed to fill_policy_hook. */
+  void *fill_policy_hook_data;
 };
 
 struct grub_efi_info
-- 
2.47.1


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to