From: Luca Boccassi <bluca@debian.org>
Date: Mon, 2 Oct 2023 00:17:58 +0000 (+0100)
Subject: efi: add EFI_TCG2_TAGGED_EVENT and helpers
X-Git-Tag: v255-rc1~289^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d869ec4ab0063eca8697bc44ad655b559acb32cb;p=thirdparty%2Fsystemd.git

efi: add EFI_TCG2_TAGGED_EVENT and helpers
---

diff --git a/src/boot/efi/measure.c b/src/boot/efi/measure.c
index f9aabb42be4..28ec6b7d825 100644
--- a/src/boot/efi/measure.c
+++ b/src/boot/efi/measure.c
@@ -42,6 +42,50 @@ static EFI_STATUS tpm1_measure_to_pcr_and_event_log(
                         &event_log_last);
 }
 
+static EFI_STATUS tpm2_measure_to_pcr_and_tagged_event_log(
+                EFI_TCG2_PROTOCOL *tcg,
+                uint32_t pcrindex,
+                EFI_PHYSICAL_ADDRESS buffer,
+                uint64_t buffer_size,
+                uint32_t event_id,
+                const char16_t *description) {
+
+        _cleanup_free_ struct event {
+                EFI_TCG2_EVENT tcg_event;
+                EFI_TCG2_TAGGED_EVENT tcg_tagged_event;
+        } _packed_ *event = NULL;
+        size_t desc_len, event_size;
+
+        assert(tcg);
+        assert(description);
+
+        desc_len = strsize16(description);
+        event_size = offsetof(EFI_TCG2_EVENT, Event) + offsetof(EFI_TCG2_TAGGED_EVENT, Event) + desc_len;
+
+        event = xmalloc0(event_size);
+
+        *event = (struct event) {
+                .tcg_event = (EFI_TCG2_EVENT) {
+                        .Size = event_size,
+                        .Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER),
+                        .Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION,
+                        .Header.PCRIndex = pcrindex,
+                        .Header.EventType = EV_EVENT_TAG,
+                },
+                .tcg_tagged_event = {
+                        .EventId = event_id,
+                        .EventSize = desc_len,
+                },
+        };
+        memcpy(event->tcg_tagged_event.Event, description, desc_len);
+
+        return tcg->HashLogExtendEvent(
+                        tcg,
+                        0,
+                        buffer, buffer_size,
+                        &event->tcg_event);
+}
+
 static EFI_STATUS tpm2_measure_to_pcr_and_event_log(
                 EFI_TCG2_PROTOCOL *tcg,
                 uint32_t pcrindex,
@@ -185,6 +229,38 @@ EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t
         return err;
 }
 
+EFI_STATUS tpm_log_tagged_event(
+                uint32_t pcrindex,
+                EFI_PHYSICAL_ADDRESS buffer,
+                size_t buffer_size,
+                uint32_t event_id,
+                const char16_t *description,
+                bool *ret_measured) {
+
+        EFI_TCG2_PROTOCOL *tpm2;
+        EFI_STATUS err;
+
+        assert(description || pcrindex == UINT32_MAX);
+        assert(event_id > 0);
+
+        /* If EFI_SUCCESS is returned, will initialize ret_measured to true if we actually measured
+         * something, or false if measurement was turned off. */
+
+        tpm2 = tcg2_interface_check();
+        if (!tpm2 || pcrindex == UINT32_MAX) { /* PCR disabled? */
+                if (ret_measured)
+                        *ret_measured = false;
+
+                return EFI_SUCCESS;
+        }
+
+        err = tpm2_measure_to_pcr_and_tagged_event_log(tpm2, pcrindex, buffer, buffer_size, event_id, description);
+        if (err == EFI_SUCCESS && ret_measured)
+                *ret_measured = true;
+
+        return err;
+}
+
 EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) {
         _cleanup_free_ char16_t *c = NULL;
 
diff --git a/src/boot/efi/measure.h b/src/boot/efi/measure.h
index d252f0f832b..c3c4e0a9ad1 100644
--- a/src/boot/efi/measure.h
+++ b/src/boot/efi/measure.h
@@ -8,6 +8,7 @@
 bool tpm_present(void);
 EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured);
 EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured);
+EFI_STATUS tpm_log_tagged_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, uint32_t event_id, const char16_t *description, bool *ret_measured);
 EFI_STATUS tpm_log_load_options(const char16_t *cmdline, bool *ret_measured);
 
 #else
@@ -28,6 +29,12 @@ static inline EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADD
         return EFI_SUCCESS;
 }
 
+static inline EFI_STATUS tpm_log_tagged_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, uint32_t event_id, const char16_t *description, bool *ret_measured) {
+        if (ret_measured)
+                *ret_measured = false;
+        return EFI_SUCCESS;
+}
+
 static inline EFI_STATUS tpm_log_load_options(const char16_t *cmdline, bool *ret_measured) {
         if (ret_measured)
                 *ret_measured = false;
diff --git a/src/boot/efi/proto/tcg.h b/src/boot/efi/proto/tcg.h
index d8802ae0e33..b4b82962ef6 100644
--- a/src/boot/efi/proto/tcg.h
+++ b/src/boot/efi/proto/tcg.h
@@ -11,6 +11,7 @@
 #define TCG_ALG_SHA 0x4
 #define EFI_TCG2_EVENT_HEADER_VERSION 1
 #define EV_IPL 13
+#define EV_EVENT_TAG UINT32_C(6)
 
 typedef struct {
         uint8_t Major;
@@ -70,6 +71,12 @@ typedef struct {
         uint8_t Event[];
 } _packed_ EFI_TCG2_EVENT;
 
+typedef struct {
+        uint32_t EventId;
+        uint32_t EventSize;
+        uint8_t Event[];
+} _packed_ EFI_TCG2_TAGGED_EVENT;
+
 typedef struct EFI_TCG_PROTOCOL EFI_TCG_PROTOCOL;
 struct EFI_TCG_PROTOCOL {
         EFI_STATUS (EFIAPI *StatusCheck)(