On 29.06.21 15:50, Cedric Hombourger wrote: > > On 6/29/2021 3:39 PM, Jan Kiszka wrote: >> On 28.06.21 13:28, Cedric Hombourger wrote: >>> Make use of systemd code to measure the kernel command line for the >>> selected configuration into PCR#8. This also causes the firmware >>> to add the measurement for the loaded EFI image into PCR#4 (as per >>> UEFI specs). With this change both the loaded kernel and command >>> line options are measured. Use of the TPM may be disabled by passing >>> --disable-tpm to the configure script. >>> >>> Signed-off-by: Cedric Hombourger <[email protected]> >>> --- >>> configure.ac | 16 ++++++++++++++++ >>> main.c | 12 ++++++++++++ >>> 2 files changed, 28 insertions(+) >>> >>> diff --git a/configure.ac b/configure.ac >>> index b8d2b1c..2d434d5 100644 >>> --- a/configure.ac >>> +++ b/configure.ac >>> @@ -77,6 +77,22 @@ AC_ARG_WITH([gnuefi-lib-dir], >>> AC_SUBST(GNUEFI_LIB_DIR) >>> AC_DEFINE_UNQUOTED(GNUEFI_LIB_DIR, ["$GNUEFI_LIB_DIR"], [The lib >>> directory for gnuefi]) >>> +AC_ARG_ENABLE([tpm], >>> + AS_HELP_STRING([--disable-tpm], [Disable TPM support])) >>> + >>> +AS_IF([test "x$enable_tpm" != "xno"], [ >>> + AC_DEFINE([ENABLE_TPM], [1], [TPM support]) >>> +]) >>> + >>> +AC_ARG_WITH([options-pcr], >>> + AS_HELP_STRING([--with-options-pcr=NUMBER], >>> + [specify the PCR register to use for options, >>> defaults to 8]), >>> + [OPTIONS_PCR="$withval"], >>> + [OPTIONS_PCR="8"]) >>> + >>> +AC_SUBST(OPTIONS_PCR) >>> +AC_DEFINE_UNQUOTED(OPTIONS_PCR, [$OPTIONS_PCR], [The PCR register >>> for options]) >>> + >>> dnl Define ARCH_<NAME> conditionals >>> SET_ARCH(I586, i586*) >>> SET_ARCH(I686, i686*) >>> diff --git a/main.c b/main.c >>> index 7949218..dc388a4 100644 >>> --- a/main.c >>> +++ b/main.c >>> @@ -22,6 +22,7 @@ >>> #include <configuration.h> >>> #include "version.h" >>> #include "utils.h" >>> +#include "measure.h" >>> extern const unsigned long init_array_start[]; >>> extern const unsigned long init_array_end[]; >>> @@ -192,6 +193,17 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, >>> EFI_SYSTEM_TABLE *system_table) >>> loaded_image->LoadOptionsSize = >>> (StrLen(bg_loader_params.payload_options) + 1) * >>> sizeof(CHAR16); >>> +#ifdef ENABLE_TPM >>> + /* Try to log any options to the TPM */ >>> + status = tpm_log_event(OPTIONS_PCR, >>> + (EFI_PHYSICAL_ADDRESS) (UINTN) loaded_image->LoadOptions, >>> + loaded_image->LoadOptionsSize, loaded_image->LoadOptions); >>> + /* Try to log any options to the TPM, especially manually edited >>> options */ >>> + if (EFI_ERROR(status)) { >>> + WARNING(L"Could not measure options (%x)\n", status); >>> + } >>> +#endif >>> + >>> INFO(L"Starting %s with watchdog set to %d seconds ...\n", >>> bg_loader_params.payload_path, bg_loader_params.timeout); >>> >> So, all this is just for measuring the parameters passed to the kernel >> image, right? Does it actually make sense in secure scenarios to use >> that feature? We are currently using unified kernel images, with the >> kernel parameters baked in. That permits to reject booting at all and >> automatically measures the options as well. > > So are we but systemd's measure module will do two things (1) finalize > the event table (only when called for the 1st time) (2) measure the > provided buffer (options both in their case and in this patch-series). > My understanding is that tables need to be finalized for the measurement > produced by LoadImage() to extend PCR[4]. At least that's my observation > on the different pieces of hardware (and VMs) I was able to test this > change on. > > The specs clearly state that LoadImage() must measure the PE/COFF image > before it gets relocated and that makes sense. They are not very clear > as to why the events table need to be finalized for PCR[4] to be > extended with the loaded image. >
Means the above measurement of options is primarily an "end marker" to the loading of images? Sorry, I'm not yet familiar with that measurement concept of UEFI. Jan -- Siemens AG, T RDA IOT Corporate Competence Center Embedded Linux -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/6ec6e8d4-3683-8411-4301-f6ce4d821165%40siemens.com.
