This commit implements grub_tcg2_cap_pcr() for ieee1275 with the
firmware function, 2hash-ext-log, to extend the target PCR with a
SEPARATOR event and record the event into the TPM event log.
To avoid duplicate code, ibmvtpm_2hash_ext_log() is moved to tcg2.c
and exported as a global function.
Signed-off-by: Gary Lin <g...@suse.com>
---
grub-core/commands/ieee1275/ibmvtpm.c | 52 ++-------------------
grub-core/lib/ieee1275/tcg2.c | 66 +++++++++++++++++++++++++++
include/grub/ieee1275/tpm.h | 5 ++
3 files changed, 74 insertions(+), 49 deletions(-)
diff --git a/grub-core/commands/ieee1275/ibmvtpm.c
b/grub-core/commands/ieee1275/ibmvtpm.c
index 4958b04a9..d0ddc06b0 100644
--- a/grub-core/commands/ieee1275/ibmvtpm.c
+++ b/grub-core/commands/ieee1275/ibmvtpm.c
@@ -27,52 +27,6 @@
#include <grub/mm.h>
#include <grub/misc.h>
-static int
-ibmvtpm_2hash_ext_log (grub_uint8_t pcrindex,
- grub_uint32_t eventtype,
- const char *description,
- grub_size_t description_size,
- void *buf, grub_size_t size)
-{
- struct tpm_2hash_ext_log
- {
- struct grub_ieee1275_common_hdr common;
- grub_ieee1275_cell_t method;
- grub_ieee1275_cell_t ihandle;
- grub_ieee1275_cell_t size;
- grub_ieee1275_cell_t buf;
- grub_ieee1275_cell_t description_size;
- grub_ieee1275_cell_t description;
- grub_ieee1275_cell_t eventtype;
- grub_ieee1275_cell_t pcrindex;
- grub_ieee1275_cell_t catch_result;
- grub_ieee1275_cell_t rc;
- };
- struct tpm_2hash_ext_log args;
-
- INIT_IEEE1275_COMMON (&args.common, "call-method", 8, 2);
- args.method = (grub_ieee1275_cell_t) "2hash-ext-log";
- args.ihandle = grub_ieee1275_tpm_ihandle;
- args.pcrindex = pcrindex;
- args.eventtype = eventtype;
- args.description = (grub_ieee1275_cell_t) description;
- args.description_size = description_size;
- args.buf = (grub_ieee1275_cell_t) buf;
- args.size = (grub_ieee1275_cell_t) size;
-
- if (IEEE1275_CALL_ENTRY_FN (&args) == -1)
- return -1;
-
- /*
- * catch_result is set if firmware does not support 2hash-ext-log
- * rc is GRUB_IEEE1275_CELL_FALSE (0) on failure
- */
- if ((args.catch_result) || args.rc == GRUB_IEEE1275_CELL_FALSE)
- return -1;
-
- return 0;
-}
-
static grub_err_t
tpm2_log_event (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
const char *description)
@@ -80,9 +34,9 @@ tpm2_log_event (unsigned char *buf, grub_size_t size,
grub_uint8_t pcr,
static int error_displayed = 0;
int rc;
- rc = ibmvtpm_2hash_ext_log (pcr, EV_IPL,
- description, grub_strlen(description) + 1,
- buf, size);
+ rc = grub_ieee1275_ibmvtpm_2hash_ext_log (pcr, EV_IPL,
+ description,
grub_strlen(description) + 1,
+ buf, size);
if (rc && !error_displayed)
{
error_displayed++;
diff --git a/grub-core/lib/ieee1275/tcg2.c b/grub-core/lib/ieee1275/tcg2.c
index 40161c2f9..945a3469b 100644
--- a/grub-core/lib/ieee1275/tcg2.c
+++ b/grub-core/lib/ieee1275/tcg2.c
@@ -56,6 +56,52 @@ grub_ieee1275_tpm_init (void)
return GRUB_ERR_NONE;
}
+int
+grub_ieee1275_ibmvtpm_2hash_ext_log (grub_uint8_t pcrindex,
+ grub_uint32_t eventtype,
+ const char *description,
+ grub_size_t description_size,
+ void *buf, grub_size_t size)
+{
+ struct tpm_2hash_ext_log
+ {
+ struct grub_ieee1275_common_hdr common;
+ grub_ieee1275_cell_t method;
+ grub_ieee1275_cell_t ihandle;
+ grub_ieee1275_cell_t size;
+ grub_ieee1275_cell_t buf;
+ grub_ieee1275_cell_t description_size;
+ grub_ieee1275_cell_t description;
+ grub_ieee1275_cell_t eventtype;
+ grub_ieee1275_cell_t pcrindex;
+ grub_ieee1275_cell_t catch_result;
+ grub_ieee1275_cell_t rc;
+ };
+ struct tpm_2hash_ext_log args;
+
+ INIT_IEEE1275_COMMON (&args.common, "call-method", 8, 2);
+ args.method = (grub_ieee1275_cell_t) "2hash-ext-log";
+ args.ihandle = grub_ieee1275_tpm_ihandle;
+ args.pcrindex = pcrindex;
+ args.eventtype = eventtype;
+ args.description = (grub_ieee1275_cell_t) description;
+ args.description_size = description_size;
+ args.buf = (grub_ieee1275_cell_t) buf;
+ args.size = (grub_ieee1275_cell_t) size;
+
+ if (IEEE1275_CALL_ENTRY_FN (&args) == -1)
+ return -1;
+
+ /*
+ * catch_result is set if firmware does not support 2hash-ext-log
+ * rc is GRUB_IEEE1275_CELL_FALSE (0) on failure
+ */
+ if ((args.catch_result) || args.rc == GRUB_IEEE1275_CELL_FALSE)
+ return -1;
+
+ return 0;
+}
+
grub_err_t
grub_tcg2_get_max_output_size (grub_size_t *size)
{
@@ -155,3 +201,23 @@ grub_tcg2_submit_command (grub_size_t input_size,
return GRUB_ERR_NONE;
}
+
+grub_err_t
+grub_tcg2_cap_pcr (grub_uint8_t pcr)
+{
+ grub_uint8_t separator[4] = {0};
+ static int error_displayed = 0;
+ int rc;
+
+ rc = grub_ieee1275_ibmvtpm_2hash_ext_log (pcr, EV_SEPARATOR,
+ separator, sizeof(separator),
+ separator, sizeof(separator));
+ if (rc && !error_displayed)
+ {
+ error_displayed++;
+ return grub_error (GRUB_ERR_BAD_DEVICE,
+ "2HASH-EXT-LOG failed: Firmware is likely too old.\n");
+ }
+
+ return GRUB_ERR_NONE;
+}
diff --git a/include/grub/ieee1275/tpm.h b/include/grub/ieee1275/tpm.h
index fe5cb4713..01065071b 100644
--- a/include/grub/ieee1275/tpm.h
+++ b/include/grub/ieee1275/tpm.h
@@ -27,4 +27,9 @@ extern grub_ieee1275_ihandle_t grub_ieee1275_tpm_ihandle;
extern grub_err_t grub_ieee1275_tpm_init (void);
+extern int grub_ieee1275_ibmvtpm_2hash_ext_log (grub_uint8_t pcrindex,
+ grub_uint32_t eventtype,
+ const char *description,
+ grub_size_t description_size,
+ void *buf, grub_size_t size);
#endif
--
2.43.0
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
