From dbbd87834096bc7765b68ae8ea16b2230d1004c3 Mon Sep 17 00:00:00 2001
From: Dionna Amalie Glaze <drdeeglaze@gmail.com>
Date: Tue, 26 Mar 2024 02:26:59 -0700
Subject: [PATCH] efi: Measure into both CC and TPM if available. (#31939)

* efi: Measure into both CC and TPM if available.

It's possible that both measurement protocols are made available, so
instead of assuming only one or the other are available, measure into
both to avoid a problem like CVE-2021-42299.

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
---
 src/boot/efi/measure.c | 56 ++++++++++++++++++++++++++++--------------
 1 file changed, 37 insertions(+), 19 deletions(-)

diff --git a/src/boot/efi/measure.c b/src/boot/efi/measure.c
index 2591c52f220..08a2ecdba89 100644
--- a/src/boot/efi/measure.c
+++ b/src/boot/efi/measure.c
@@ -187,9 +187,39 @@ bool tpm_present(void) {
         return tcg2_interface_check();
 }
 
-EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
+static EFI_STATUS tcg2_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
         EFI_TCG2_PROTOCOL *tpm2;
+        EFI_STATUS err = EFI_SUCCESS;
+
+        assert(ret_measured);
+
+        tpm2 = tcg2_interface_check();
+        if (tpm2)
+                err = tpm2_measure_to_pcr_and_event_log(tpm2, pcrindex, buffer, buffer_size, description);
+
+        *ret_measured = tpm2 && (err == EFI_SUCCESS);
+
+        return err;
+}
+
+static EFI_STATUS cc_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
+        EFI_CC_MEASUREMENT_PROTOCOL *cc;
+        EFI_STATUS err = EFI_SUCCESS;
+
+        assert(ret_measured);
+
+        cc = cc_interface_check();
+        if (cc)
+                err = cc_measure_to_mr_and_event_log(cc, pcrindex, buffer, buffer_size, description);
+
+        *ret_measured = cc && (err == EFI_SUCCESS);
+
+        return err;
+}
+
+EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
         EFI_STATUS err;
+        bool tpm_ret_measured, cc_ret_measured;
 
         assert(description || pcrindex == UINT32_MAX);
 
@@ -203,27 +233,15 @@ EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t
                 return EFI_SUCCESS;
         }
 
-        tpm2 = tcg2_interface_check();
-        if (tpm2)
-                err = tpm2_measure_to_pcr_and_event_log(tpm2, pcrindex, buffer, buffer_size, description);
-        else {
-                EFI_CC_MEASUREMENT_PROTOCOL *cc;
-
-                cc = cc_interface_check();
-                if (cc)
-                        err = cc_measure_to_mr_and_event_log(cc, pcrindex, buffer, buffer_size, description);
-                else {
-                        /* No active TPM found, so don't return an error */
-
-                        if (ret_measured)
-                                *ret_measured = false;
+        /* Measure into both CC and TPM if both are available to avoid a problem like CVE-2021-42299 */
+        err = cc_log_event(pcrindex, buffer, buffer_size, description, &cc_ret_measured);
+        if (err != EFI_SUCCESS)
+                return err;
 
-                        return EFI_SUCCESS;
-                }
-        }
+        err = tcg2_log_event(pcrindex, buffer, buffer_size, description, &tpm_ret_measured);
 
         if (err == EFI_SUCCESS && ret_measured)
-                *ret_measured = true;
+                *ret_measured = tpm_ret_measured || cc_ret_measured;
 
         return err;
 }
-- 
2.47.3