From: Lennart Poettering Date: Thu, 13 Jul 2023 07:49:32 +0000 (+0200) Subject: tpm2-util: add various uefi event log definitions X-Git-Tag: v255-rc1~27^2~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a63b260166ffea469cab0122fec090b8abe86195;p=thirdparty%2Fsystemd.git tpm2-util: add various uefi event log definitions --- diff --git a/src/shared/meson.build b/src/shared/meson.build index 08441de0ad4..97ca8e5a04d 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -160,6 +160,7 @@ shared_sources = files( 'tmpfile-util-label.c', 'tomoyo-util.c', 'tpm2-util.c', + 'tpm2-event-log.c', 'udev-util.c', 'user-record-nss.c', 'user-record-show.c', diff --git a/src/shared/tpm2-event-log.c b/src/shared/tpm2-event-log.c new file mode 100644 index 00000000000..2e238468ae9 --- /dev/null +++ b/src/shared/tpm2-event-log.c @@ -0,0 +1,67 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include "tpm2-event-log.h" + +#include "sort-util.h" + +typedef struct tpm2_log_event_type_info { + uint32_t event_type; + const char *name; +} tpm2_log_event_type_info; + +static tpm2_log_event_type_info tpm2_log_event_type_table[] = { + /* Unfortunately the types are defined all over the place, hence we are not using a dense table + * here. + * + * Keep this sorted by event type, so that we can do bisection! */ + { EV_PREBOOT_CERT, "preboot-cert" }, + { EV_POST_CODE, "post-code" }, + { EV_NO_ACTION, "no-action" }, + { EV_SEPARATOR, "separator" }, + { EV_ACTION, "action" }, + { EV_EVENT_TAG, "event-tag" }, + { EV_S_CRTM_CONTENTS, "s-crtm-contents" }, + { EV_S_CRTM_VERSION, "s-crtm-version" }, + { EV_CPU_MICROCODE, "cpu-microcode" }, + { EV_PLATFORM_CONFIG_FLAGS, "platform-config-flags" }, + { EV_TABLE_OF_DEVICES, "table-of-devices" }, + { EV_COMPACT_HASH, "compact-hash" }, + { EV_IPL, "ipl" }, + { EV_IPL_PARTITION_DATA, "ipl-partition-data" }, + { EV_NONHOST_CODE, "nonhost-code" }, + { EV_NONHOST_CONFIG, "nonhost-config" }, + { EV_NONHOST_INFO, "nonhost-info" }, + { EV_OMIT_BOOT_DEVICE_EVENTS, "omit-boot-device-events" }, + /* omitting EV_EFI_EVENT_BASE, since its not an event, but just a base value for other events */ + { EV_EFI_VARIABLE_DRIVER_CONFIG, "efi-variable-driver-config" }, + { EV_EFI_VARIABLE_BOOT, "efi-variable-boot" }, + { EV_EFI_BOOT_SERVICES_APPLICATION, "efi-boot-services-application" }, + { EV_EFI_BOOT_SERVICES_DRIVER, "efi-boot-services-driver" }, + { EV_EFI_RUNTIME_SERVICES_DRIVER, "efi-runtime-services-driver" }, + { EV_EFI_GPT_EVENT, "efi-gpt-event" }, + { EV_EFI_ACTION, "efi-action" }, + { EV_EFI_PLATFORM_FIRMWARE_BLOB, "efi-platform-firmware-blob" }, + { EV_EFI_HANDOFF_TABLES, "efi-handoff-tables" }, + { EV_EFI_PLATFORM_FIRMWARE_BLOB2, "efi-platform-firmware-blob2" }, + { EV_EFI_HANDOFF_TABLES2, "efi-handoff-tables" }, + { EV_EFI_VARIABLE_BOOT2, "efi-variable-boot2" }, + { EV_EFI_HCRTM_EVENT, "efi-hcrtm-event" }, + { EV_EFI_VARIABLE_AUTHORITY, "efi-variable-authority" }, + { EV_EFI_SPDM_FIRMWARE_BLOB, "efi-spdm-firmware-blob" }, + { EV_EFI_SPDM_FIRMWARE_CONFIG, "efi-spdm-firmware-config" }, +}; + +static int tpm2_log_event_type_info_cmp(const tpm2_log_event_type_info *a, const tpm2_log_event_type_info *b) { + return CMP(ASSERT_PTR(a)->event_type, ASSERT_PTR(b)->event_type); +} + +const char *tpm2_log_event_type_to_string(uint32_t type) { + + tpm2_log_event_type_info *found, key = { + .event_type = type, + }; + + found = typesafe_bsearch(&key, tpm2_log_event_type_table, ELEMENTSOF(tpm2_log_event_type_table), tpm2_log_event_type_info_cmp); + + return found ? found->name : NULL; +} diff --git a/src/shared/tpm2-event-log.h b/src/shared/tpm2-event-log.h new file mode 100644 index 00000000000..916b805bc2c --- /dev/null +++ b/src/shared/tpm2-event-log.h @@ -0,0 +1,139 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#pragma once + +#include + +#include "tpm2-util.h" + +/* Definitions as per "TCG PC Client Specific Platform Firmware Profile Specification" + * (https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/), + * section 10.4.1 "Event Types" (at least in version 1.05 Revision 23 of the spec) */ +#ifndef EV_PREBOOT_CERT +#define EV_PREBOOT_CERT UINT32_C(0x00000000) +#define EV_POST_CODE UINT32_C(0x00000001) +#define EV_NO_ACTION UINT32_C(0x00000003) +#define EV_SEPARATOR UINT32_C(0x00000004) +#define EV_ACTION UINT32_C(0x00000005) +#define EV_EVENT_TAG UINT32_C(0x00000006) +#define EV_S_CRTM_CONTENTS UINT32_C(0x00000007) +#define EV_S_CRTM_VERSION UINT32_C(0x00000008) +#define EV_CPU_MICROCODE UINT32_C(0x00000009) +#define EV_PLATFORM_CONFIG_FLAGS UINT32_C(0x0000000a) +#define EV_TABLE_OF_DEVICES UINT32_C(0x0000000b) +#define EV_COMPACT_HASH UINT32_C(0x0000000c) +#define EV_IPL UINT32_C(0x0000000d) +#define EV_IPL_PARTITION_DATA UINT32_C(0x0000000e) +#define EV_NONHOST_CODE UINT32_C(0x0000000f) +#define EV_NONHOST_CONFIG UINT32_C(0x00000010) +#define EV_NONHOST_INFO UINT32_C(0x00000011) +#define EV_OMIT_BOOT_DEVICE_EVENTS UINT32_C(0x00000012) +#define EV_EFI_EVENT_BASE UINT32_C(0x80000000) +#define EV_EFI_VARIABLE_DRIVER_CONFIG UINT32_C(0x80000001) +#define EV_EFI_VARIABLE_BOOT UINT32_C(0x80000002) +#define EV_EFI_BOOT_SERVICES_APPLICATION UINT32_C(0x80000003) +#define EV_EFI_BOOT_SERVICES_DRIVER UINT32_C(0x80000004) +#define EV_EFI_RUNTIME_SERVICES_DRIVER UINT32_C(0x80000005) +#define EV_EFI_GPT_EVENT UINT32_C(0x80000006) +#define EV_EFI_ACTION UINT32_C(0x80000007) +#define EV_EFI_PLATFORM_FIRMWARE_BLOB UINT32_C(0x80000008) +#define EV_EFI_HANDOFF_TABLES UINT32_C(0x80000009) +#define EV_EFI_PLATFORM_FIRMWARE_BLOB2 UINT32_C(0x8000000A) +#define EV_EFI_HANDOFF_TABLES2 UINT32_C(0x8000000B) +#define EV_EFI_VARIABLE_BOOT2 UINT32_C(0x8000000C) +#define EV_EFI_HCRTM_EVENT UINT32_C(0x80000010) +#define EV_EFI_VARIABLE_AUTHORITY UINT32_C(0x800000E0) +#define EV_EFI_SPDM_FIRMWARE_BLOB UINT32_C(0x800000E1) +#define EV_EFI_SPDM_FIRMWARE_CONFIG UINT32_C(0x800000E2) +#endif + +/* Defined in drivers/firmware/efi/libstub/efistub.h in the Linux kernel sources */ +#ifndef INITRD_EVENT_TAG_ID +#define INITRD_EVENT_TAG_ID UINT32_C(0x8F3B22EC) +#endif + +#ifndef LOAD_OPTIONS_EVENT_TAG_ID +#define LOAD_OPTIONS_EVENT_TAG_ID UINT32_C(0x8F3B22ED) +#endif + +const char *tpm2_log_event_type_to_string(uint32_t type) _const_; + +#if HAVE_TPM2 + +/* UEFI event log data structures */ +typedef struct _packed_ TCG_PCClientPCREvent { + uint32_t pcrIndex; + uint32_t eventType; + uint8_t digest[20]; + uint32_t eventDataSize; + uint32_t event[]; +} TCG_PCClientPCREvent; + +typedef struct _packed_ packed_TPMT_HA { + uint16_t hashAlg; + TPMU_HA digest; +} packed_TPMT_HA; + +typedef struct _packed_ packed_TPML_DIGEST_VALUES { + uint32_t count; + packed_TPMT_HA digests[]; +} packed_TPML_DIGEST_VALUES; + +typedef struct _packed_ TCG_PCR_EVENT2 { + uint32_t pcrIndex; + uint32_t eventType; + packed_TPML_DIGEST_VALUES digests; + /* … */ +} TCG_PCR_EVENT2; + +typedef struct _packed_ TCG_EfiSpecIdEventAlgorithmSize { + uint16_t algorithmId; + uint16_t digestSize; +} TCG_EfiSpecIdEventAlgorithmSize; + +typedef struct _packed_ tdTCG_EfiSpecIdEvent { + uint8_t signature[16]; + uint32_t platformClass; + uint8_t specVersionMinor; + uint8_t specVersionMajor; + uint8_t specErrata; + uint8_t uintnSize; + uint32_t numberOfAlgorithms; + TCG_EfiSpecIdEventAlgorithmSize digestSizes[]; + /* … */ +} TCG_EfiSpecIDEvent; + +typedef struct _packed_ UEFI_VARIABLE_DATA { + uint8_t variableName[16]; + uint64_t unicodeNameLength; + uint64_t variableDataLength; + char16_t unicodeName[]; + /* … */ +} UEFI_VARIABLE_DATA; + +typedef struct _packed_ TCG_PCClientTaggedEvent{ + uint32_t taggedEventID; + uint32_t taggedEventDataSize; + uint8_t taggedEventData[]; +} TCG_PCClientTaggedEvent; + +typedef struct _packed_ packed_EFI_DEVICE_PATH { + uint8_t type; + uint8_t subType; + uint16_t length; + uint8_t path[]; +} packed_EFI_DEVICE_PATH; + +typedef struct _packed_ UEFI_IMAGE_LOAD_EVENT { + uint64_t imageLocationInMemory; + uint64_t imageLengthInMemory; + uint64_t imageLinkTimeAddress; + uint64_t lengthOfDevicePath; + packed_EFI_DEVICE_PATH devicePath[]; +} UEFI_IMAGE_LOAD_EVENT; + +typedef struct _packed_ UEFI_PLATFORM_FIRMWARE_BLOB { + uint64_t blobBase; + uint64_t blobLength; +} UEFI_PLATFORM_FIRMWARE_BLOB; + +#endif