Hi again,
Sorry to bring back this topic from the dead, but I had to work on another
project for little while. So, I switched to UDK2014/VS2010 and used
DxeTpmMeasureBootLib as a reference for my PCR extend.
Good news is, I can now actually send data to the PCR8. I precompute my
hash using SHA-1, fill an object, and send the request. When querying the
PCR (via /sys/devices/[...]/pcrs), I actually see a value in the register.
The strange thing is that value is not the one I pushed in my UEFI
application.
Could there be a factor I'm forgetting that would trigger this hash
modification ?
Eric Viseur
Etudiant Ingénieur Civil Electricien
LinkedIn Profile<http://www.linkedin.com/profile/view?id=193442069&trk=tab_pro>
2014-03-21 8:56 GMT+01:00 Eric Viseur <eric.vis...@gmail.com>:
> Wow, missed that one. Going to do some more tests before I confirm, but
> it appears to work. Thank you !
>
> Regards,
>
> Eric Viseur
> Etudiant Ingénieur Civil Electricien
> LinkedIn
> Profile<http://www.linkedin.com/profile/view?id=193442069&trk=tab_pro>
>
>
> 2014-03-18 12:38 GMT+01:00 Dong, Guo <guo.d...@intel.com>:
>
>
>>
>> Hi,
>>
>>
>>
>> To use HashLogExtendEvent(), there is an example for your reference in
>> SecurityPkg\Library\DxeTpmMeasurementLib\DxeTpmMeasurementLib.c
>>
>>
>>
>> Thanks,
>>
>> Guo
>>
>> *From:* Eric Viseur [mailto:eric.vis...@gmail.com]
>> *Sent:* Tuesday, March 18, 2014 6:51 PM
>>
>> *To:* edk2-devel@lists.sourceforge.net
>> *Subject:* Re: [edk2] Using the TCG protocol
>>
>>
>>
>> Hi,
>>
>>
>>
>> Sadly, adding this parameter doesn't change the problem. Do you happen
>> to have any other suggestions ? While I'm familiar with the concepts of
>> Trusted Computing, UEFI programmation is still quite new to me...
>>
>>
>>
>> Thanks,
>>
>>
>> Eric Viseur
>>
>> Etudiant Ingénieur Civil Electricien
>>
>> LinkedIn
>> Profile<http://www.linkedin.com/profile/view?id=193442069&trk=tab_pro>
>>
>>
>>
>> 2014-03-17 4:44 GMT+01:00 Long, Qin <qin.l...@intel.com>:
>>
>> Hi, Eric,
>>
>>
>>
>> For HashLogExtendEvent() function, you need to provide the
>> EventLogLastEntry parameter even if you don’t care about this. The function
>> will check if this is NULL. (*EventNumber could be NULL here.)
>>
>>
>>
>> Please try:
>>
>> ……
>>
>> EFI_PHYSICAL_ADDRESS LastEntry;
>>
>> ……
>>
>> HashLogExtendEvent(&tcg, (UINT8*)&image_content, len, sha1, &tcgLogData,
>> NULL, &LastEntry);
>>
>>
>>
>>
>>
>> Best Regards & Thanks,
>>
>> LONG, Qin
>>
>>
>>
>> *From:* Eric Viseur [mailto:eric.vis...@gmail.com]
>> *Sent:* Friday, March 14, 2014 5:02 PM
>>
>>
>> *To:* edk2-devel@lists.sourceforge.net
>> *Subject:* Re: [edk2] Using the TCG protocol
>>
>>
>>
>> I'm stuck one more. No error this time, the HashLogExtendEvent function
>> just fails with my EFI Shell becoming unresponsive. Following your advice
>> of using it to also do the hash, I tried the following :
>>
>> TCG_ALGORITHM_ID sha1 = 4;
>> UINT64 hashed_len;
>> UINT8 *hashed_content = NULL;
>>
>> // Prepare the PCR event to be used when storing the hash
>> TCG_PCR_EVENT tcgLogData;
>> tcgLogData.PCRIndex = 8;
>>
>> // Extend the hashed value into PCR8
>> HashLogExtendEvent(&tcg, (UINT8*)&image_content, len, sha1, &tcgLogData,
>> NULL, NULL);
>>
>> Also tried to set the EventType value in tcgLogData, or even omit
>> &image_content and len by putting the value returned by HashAll into
>> tcgLogData.Digest to no avail (Last one didn't even build, even with
>> typecasting).
>>
>> I'm quite sure I'm missing something obvious here...
>>
>> Regards,
>>
>>
>> Eric Viseur
>>
>> Etudiant Ingénieur Civil Electricien
>>
>> LinkedIn
>> Profile<http://www.linkedin.com/profile/view?id=193442069&trk=tab_pro>
>>
>>
>>
>> 2014-03-14 9:25 GMT+01:00 Eric Viseur <eric.vis...@gmail.com>:
>>
>> Seems like it's working now ! hashed_len indeed changes its value (to
>> 20) and I get content into the buffer. I'll do further checking and come
>> back to you should I meet another TCG-related problem.
>>
>> Thank you for your insights !
>>
>> Regards,
>>
>>
>> Eric Viseur
>>
>> Etudiant Ingénieur Civil Electricien
>>
>> LinkedIn
>> Profile<http://www.linkedin.com/profile/view?id=193442069&trk=tab_pro>
>>
>>
>>
>> 2014-03-14 8:53 GMT+01:00 Long, Qin <qin.l...@intel.com>:
>>
>>
>>
>> Please make sure you are using the correct parameters of HashAll(), e.g.
>>
>> HashAll (&tcg, (UINT8 *)&hashIn, hashInLen, sha1, &hashed_len,
>> &hashed_content);
>>
>>
>>
>> For EFI_SUCCESS return value, I guess we may didn’t catch the failed
>> result of internal memory allocation. Need double-check on this.
>>
>>
>>
>>
>>
>> Best Regards & Thanks,
>>
>> LONG, Qin
>>
>>
>>
>> *From:* Eric Viseur [mailto:eric.vis...@gmail.com]
>> *Sent:* Friday, March 14, 2014 3:20 PM
>> *To:* edk2-devel@lists.sourceforge.net
>> *Subject:* Re: [edk2] Using the TCG protocol
>>
>>
>>
>> The function returns EFI_SUCCESS (0), which is very strange. I call it
>> with the following code (if I try using a constant integer instead of the
>> file) :
>>
>> TCG_ALGORITHM_ID sha1 = 4;
>> UINT64 hashed_len = 128; (Tried with various values)
>> UINT8 *hashed_content = NULL;
>> UINT8 hashIn = 1234;
>> UINT64 hashInLen = 4;
>>
>> HashAll(&tcg, hashIn, hashInLen, sha1, hashed_len, &hashed_content);
>>
>> My output buffer remains desperately empty. I'm okay with using only
>> SHA-1 as it's only one of the many pieces of the project, as long as I get
>> it working.
>>
>> I wanted to try this one before switching to HashLogExtendEvent because
>> I'm having some trouble with the function description given in the TCG EFI
>> specifications, but I can change my course of action if needed.
>>
>> Regards,
>>
>>
>> Eric Viseur
>>
>> Etudiant Ingénieur Civil Electricien
>>
>> LinkedIn
>> Profile<http://www.linkedin.com/profile/view?id=193442069&trk=tab_pro>
>>
>>
>>
>> 2014-03-14 1:57 GMT+01:00 Dong, Guo <guo.d...@intel.com>:
>>
>>
>>
>> Viseur,
>>
>>
>>
>> What’s the return status for EFI_TCG_PROTOCOL.HashAll()?
>>
>> And for this protocol, only the SHA1 algorithm is supported.
>>
>>
>>
>> BTW, EFI_TCG_PROTOCOL.HashAll() only gets the hashed data, and if you
>> want to extend it to TPM PCR and log the event, you can simple use
>> EFI_TCG_PROTOCOL.HashLogExtendEvent() function.
>>
>>
>>
>> Thanks,
>>
>> Guo
>>
>> *From:* Eric Viseur [mailto:eric.vis...@gmail.com]
>> *Sent:* Friday, March 14, 2014 12:29 AM
>> *To:* edk2-devel@lists.sourceforge.net
>> *Subject:* [edk2] Using the TCG protocol
>>
>>
>>
>> Hi all,
>>
>> I'm currently working on a Linux project involving the use of the TPM.
>> The idea is to somehow reproduce the TPM part of TrustedGrub on UEFI,
>> except it's only to boot a fixed kernel. For various reasons it is done
>> using gnu-efi rather than EDKII. However, I think my question is generic
>> enough for this mailing-list.
>>
>> So, my current idea is to create a small EFI application that will do the
>> needed processing, and then load the linux kernel through EFI Stub. I got
>> the "processing then stub" part right, everything works, except for the PCR
>> extending.
>>
>> What I'm currently doing is loading the kernel.efi file contents into a
>> buffer using the Open and Read methods of the EFI_FILE_HANDLE handle. My
>> aim was then to send the content of this buffer as an input to the
>> EFI.TCG_PROTOCOL.HashALL() function, but I always end up with an empty
>> output buffer, even if I simply send a fixed integer instead of the file
>> contents as an input buffer.
>>
>> Is there anyone here that has already used this protocol and can help me,
>> or even redirect me to a more appropriate source of information ?
>>
>> Thanks in advance !
>>
>> Regards,
>>
>>
>> Eric Viseur
>>
>> Etudiant Ingénieur Civil Electricien
>>
>> LinkedIn
>> Profile<http://www.linkedin.com/profile/view?id=193442069&trk=tab_pro>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/13534_NeoTech
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/edk2-devel
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/13534_NeoTech
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/edk2-devel
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/13534_NeoTech
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/edk2-devel
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/13534_NeoTech
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/edk2-devel
>>
>>
>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel
