efi: Measure into both CC and TPM if available. (#31939)

* efi: Measure into both CC and TPM if available.

It's possible that both measurement protocols are made available, so
instead of assuming only one or the other are available, measure into
both to avoid a problem like CVE-2021-42299.

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>

diff --git a/src/boot/efi/measure.c b/src/boot/efi/measure.c
index 2591c52f2200ee11df5692188abdcca8d2b99cd3..08a2ecdba8937e78e082f96c7842c0d6e80f0d6b 100644 (file)
--- a/src/boot/efi/measure.c
+++ b/src/boot/efi/measure.c
@@ -187,9 +187,39 @@ bool tpm_present(void) {
         return tcg2_interface_check();
 }
 
-EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
+static EFI_STATUS tcg2_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
         EFI_TCG2_PROTOCOL *tpm2;
+        EFI_STATUS err = EFI_SUCCESS;
+
+        assert(ret_measured);
+
+        tpm2 = tcg2_interface_check();
+        if (tpm2)
+                err = tpm2_measure_to_pcr_and_event_log(tpm2, pcrindex, buffer, buffer_size, description);
+
+        *ret_measured = tpm2 && (err == EFI_SUCCESS);
+
+        return err;
+}
+
+static EFI_STATUS cc_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
+        EFI_CC_MEASUREMENT_PROTOCOL *cc;
+        EFI_STATUS err = EFI_SUCCESS;
+
+        assert(ret_measured);
+
+        cc = cc_interface_check();
+        if (cc)
+                err = cc_measure_to_mr_and_event_log(cc, pcrindex, buffer, buffer_size, description);
+
+        *ret_measured = cc && (err == EFI_SUCCESS);
+
+        return err;
+}
+
+EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
         EFI_STATUS err;
+        bool tpm_ret_measured, cc_ret_measured;
 
         assert(description || pcrindex == UINT32_MAX);
 
@@ -203,27 +233,15 @@ EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t
                 return EFI_SUCCESS;
         }
 
-        tpm2 = tcg2_interface_check();
-        if (tpm2)
-                err = tpm2_measure_to_pcr_and_event_log(tpm2, pcrindex, buffer, buffer_size, description);
-        else {
-                EFI_CC_MEASUREMENT_PROTOCOL *cc;
-
-                cc = cc_interface_check();
-                if (cc)
-                        err = cc_measure_to_mr_and_event_log(cc, pcrindex, buffer, buffer_size, description);
-                else {
-                        /* No active TPM found, so don't return an error */
-
-                        if (ret_measured)
-                                *ret_measured = false;
+        /* Measure into both CC and TPM if both are available to avoid a problem like CVE-2021-42299 */
+        err = cc_log_event(pcrindex, buffer, buffer_size, description, &cc_ret_measured);
+        if (err != EFI_SUCCESS)
+                return err;
 
-                        return EFI_SUCCESS;
-                }
-        }
+        err = tcg2_log_event(pcrindex, buffer, buffer_size, description, &tpm_ret_measured);
 
         if (err == EFI_SUCCESS && ret_measured)
-                *ret_measured = true;
+                *ret_measured = tpm_ret_measured || cc_ret_measured;
 
         return err;
 }