sd-boot: trigger to record further logs to tcg 2.0 final event log area (#4302)

According to TCG EFI Protocol Specification for TPM 2.0 family,
all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG
shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka
EFI TCG 2.0 final events table. Hence, it is necessary to trigger the
internal switch through calling get_event_log() in order to allow
to retrieve the logs from OS runtime.

msekletar:
> I've looked at EDK2 and indeed log entry is added to FinalEventsTable only after
> EFI_TCG2_PROTOCOL.GetEventLog was called[1][2]. Also, same patch was currently
> merged to shim by Peter Jones [3].

[1] https://github.com/tianocore/edk2/blob/master/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c#L698
[2] https://github.com/tianocore/edk2/blob/master/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c#L824
[3] rhinstaller/shim#64

diff --git a/src/boot/efi/measure.c b/src/boot/efi/measure.c
index 7c016387c1e73c304918f666215fc5dcd6bf0904..4ac11a9bb05fe7a932b696c7aef40a9d0333825f 100644 (file)
--- a/src/boot/efi/measure.c
+++ b/src/boot/efi/measure.c
@@ -209,12 +209,35 @@ static EFI_STATUS tpm1_measure_to_pcr_and_event_log(const EFI_TCG *tcg, UINT32 p
         return EFI_SUCCESS;
 }
 
+/*
+ * According to TCG EFI Protocol Specification for TPM 2.0 family,
+ * all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG
+ * shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka
+ * EFI TCG 2.0 final events table. Hence, it is necessary to trigger the
+ * internal switch through calling get_event_log() in order to allow
+ * to retrieve the logs from OS runtime.
+ */
+static EFI_STATUS trigger_tcg2_final_events_table(const EFI_TCG2 *tcg)
+{
+        return uefi_call_wrapper(tcg->GetEventLog, 5, tcg,
+                                 EFI_TCG2_EVENT_LOG_FORMAT_TCG_2, NULL,
+                                 NULL, NULL);
+}
 
 static EFI_STATUS tpm2_measure_to_pcr_and_event_log(const EFI_TCG2 *tcg, UINT32 pcrindex, const EFI_PHYSICAL_ADDRESS buffer,
                                                     UINT64 buffer_size, const CHAR16 *description) {
         EFI_STATUS status;
         EFI_TCG2_EVENT *tcg_event;
         UINTN desc_len;
+        static BOOLEAN triggered = FALSE;
+
+        if (triggered == FALSE) {
+                status = trigger_tcg2_final_events_table(tcg);
+                if (EFI_ERROR(status))
+                        return status;
+
+                triggered = TRUE;
+        }
 
         desc_len = StrLen(description) * sizeof(CHAR16);