Re: [PATCH V3 3/3] verifiers: Add TPM documentation
On Mon, Dec 17, 2018 at 03:47:20PM +0100, Daniel Kiper wrote:
> On Wed, Dec 12, 2018 at 09:57:48AM -0800, Matthew Garrett wrote:
> > On Wed, Dec 12, 2018 at 6:31 AM Daniel Kiper wrote:
> > >
> > > On Mon, Dec 03, 2018 at 03:48:17PM +0100, Daniel Kiper wrote:
> > > > On Thu, Nov 29, 2018 at 11:28:10AM -0800, Matthew Garrett wrote:
> > > > > Describe the behaviour of grub when the TPM module is in use.
> > > > >
> > > > > Signed-off-by: Matthew Garrett
> > > >
> > > > Reviewed-by: Daniel Kiper
> > > >
> > > > If there are no objections I will apply the patch series in a week or
> > > > so.
> > >
> > > Pushed. However, I have had to change "enable = efi;" to "enable =
> > > x86_64_efi;"
> > > in grub-core/Makefile.core.def. Otherwise ARM EFI builds would be broken.
> > > I hope that this is not a problem for you.
> >
> > Hmm, this should have been architecture independent - what was the
> > failure? I can send a followup patch to fix that up.
>
> Please see below. As you can see all non x86_64 EFI builds fail. Failures
> look the same.
>
> **
>
> ./configure --target=aarch64-linux-gnu --with-platform=efi
> --enable-grub-mkfont --prefix="`pwd`/grub-dist"
>
> [...]
>
> aarch64-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I.. -Wall -W
> -DGRUB_MACHINE_EFI=1 -DGRUB_MACHINE=ARM64_EFI -nostdinc -isystem
> /usr/lib/gcc-cross/aarch64-linux-gnu/6/include -I../include -I../include
> -DGRUB_FILE=\"commands/efi/tpm.c\" -I. -I. -I.. -I.. -I../include
> -I../include -I../grub-core/lib/libgcrypt-grub/src/-D_FILE_OFFSET_BITS=64
> -Os -Wall -W -Wshadow -Wpointer-arith -Wundef -Wchar-subscripts -Wcomment
> -Wdeprecated-declarations -Wdisabled-optimization -Wdiv-by-zero -Wfloat-equal
> -Wformat-extra-args -Wformat-security -Wformat-y2k -Wimplicit
> -Wimplicit-function-declaration -Wimplicit-int -Wmain -Wmissing-braces
> -Wmissing-format-attribute -Wmultichar -Wparentheses -Wreturn-type
> -Wsequence-point -Wshadow -Wsign-compare -Wswitch -Wtrigraphs
> -Wunknown-pragmas -Wunused -Wunused-function -Wunused-label
> -Wunused-parameter -Wunused-value -Wunused-variable -Wwrite-strings
> -Wnested-externs -Wstrict-prototypes -g -Wredundant-decls
> -Wmissing-prototypes -Wmissing-declarations -Wcast-align -Wextra
> -Wattributes -Wendif-labels -Winit-self -Wint-to-pointer-cast -Winvalid-pch
> -Wmissing-field-initializers -Wnonnull -Woverflow -Wvla -Wpointer-to-int-cast
> -Wstrict-aliasing -Wvariadic-macros -Wvolatile-register-var -Wpointer-sign
> -Wmissing-include-dirs -Wmissing-prototypes -Wmissing-declarations -Wformat=2
> -freg-struct-return -mgeneral-regs-only -fno-dwarf2-cfi-asm
> -fno-asynchronous-unwind-tables -fno-unwind-tables -Qn -fno-PIE -fno-pie
> -fno-stack-protector -Wtrampolines -Werror -mcmodel=large -ffreestanding
> -MT commands/efi/tpm_module-tpm.o -MD -MP -MF
> commands/efi/.deps-core/tpm_module-tpm.Tpo -c -o
> commands/efi/tpm_module-tpm.o `test -f 'commands/efi/tpm.c' || echo
> './'`commands/efi/tpm.c
> In file included from commands/efi/tpm.c:23:0:
> commands/efi/tpm.c: In function ‘grub_tpm1_log_event’:
> commands/efi/tpm.c:248:52: error: passing argument 2 of
> ‘tpm->log_extend_event’ makes integer from pointer without a cast
> [-Werror=int-conversion]
>status = efi_call_7 (tpm->log_extend_event, tpm, buf, (grub_uint64_t) size,
> ^
> ../include/grub/efi/api.h:1698:55: note: in definition of macro ‘efi_call_7’
> #define efi_call_7(func, a, b, c, d, e, f, g) func(a, b, c, d, e, f, g)
>^
> commands/efi/tpm.c:248:52: note: expected ‘grub_efi_physical_address_t {aka
> long unsigned int}’ but argument is of type ‘unsigned char *’
>status = efi_call_7 (tpm->log_extend_event, tpm, buf, (grub_uint64_t) size,
> ^
> ../include/grub/efi/api.h:1698:55: note: in definition of macro ‘efi_call_7’
> #define efi_call_7(func, a, b, c, d, e, f, g) func(a, b, c, d, e, f, g)
>^
> commands/efi/tpm.c: In function ‘grub_tpm2_log_event’:
> commands/efi/tpm.c:298:60: error: passing argument 3 of
> ‘tpm->hash_log_extend_event’ from incompatible pointer type
> [-Werror=incompatible-pointer-types]
>status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, buf,
> ^
> ../include/grub/efi/api.h:1696:52: note: in definition of macro ‘efi_call_5’
> #define efi_call_5(func, a, b, c, d, e) func(a, b, c, d, e)
> ^
> commands/efi/tpm.c:298:60: note: expected ‘grub_efi_physical_address_t * {aka
> long unsigned int *}’ but argument is of type unsigned char *’
>status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, buf,
> ^
>
Re: [PATCH V3 3/3] verifiers: Add TPM documentation
On Wed, Dec 12, 2018 at 09:57:48AM -0800, Matthew Garrett wrote:
> On Wed, Dec 12, 2018 at 6:31 AM Daniel Kiper wrote:
> >
> > On Mon, Dec 03, 2018 at 03:48:17PM +0100, Daniel Kiper wrote:
> > > On Thu, Nov 29, 2018 at 11:28:10AM -0800, Matthew Garrett wrote:
> > > > Describe the behaviour of grub when the TPM module is in use.
> > > >
> > > > Signed-off-by: Matthew Garrett
> > >
> > > Reviewed-by: Daniel Kiper
> > >
> > > If there are no objections I will apply the patch series in a week or so.
> >
> > Pushed. However, I have had to change "enable = efi;" to "enable =
> > x86_64_efi;"
> > in grub-core/Makefile.core.def. Otherwise ARM EFI builds would be broken.
> > I hope that this is not a problem for you.
>
> Hmm, this should have been architecture independent - what was the
> failure? I can send a followup patch to fix that up.
Please see below. As you can see all non x86_64 EFI builds fail. Failures look
the same.
**
./configure --target=aarch64-linux-gnu --with-platform=efi --enable-grub-mkfont
--prefix="`pwd`/grub-dist"
[...]
aarch64-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I.. -Wall -W -DGRUB_MACHINE_EFI=1
-DGRUB_MACHINE=ARM64_EFI -nostdinc -isystem
/usr/lib/gcc-cross/aarch64-linux-gnu/6/include -I../include -I../include
-DGRUB_FILE=\"commands/efi/tpm.c\" -I. -I. -I.. -I.. -I../include -I../include
-I../grub-core/lib/libgcrypt-grub/src/-D_FILE_OFFSET_BITS=64 -Os -Wall -W
-Wshadow -Wpointer-arith -Wundef -Wchar-subscripts -Wcomment
-Wdeprecated-declarations -Wdisabled-optimization -Wdiv-by-zero -Wfloat-equal
-Wformat-extra-args -Wformat-security -Wformat-y2k -Wimplicit
-Wimplicit-function-declaration -Wimplicit-int -Wmain -Wmissing-braces
-Wmissing-format-attribute -Wmultichar -Wparentheses -Wreturn-type
-Wsequence-point -Wshadow -Wsign-compare -Wswitch -Wtrigraphs -Wunknown-pragmas
-Wunused -Wunused-function -Wunused-label -Wunused-parameter -Wunused-value
-Wunused-variable -Wwrite-strings -Wnested-externs -Wstrict-prototypes -g
-Wredundant-decls -Wmissing-prototypes -Wmissing-declarations -Wcast-align
-Wextra -Wattributes -Wendif-labels -Winit-self -Wint-to-pointer-cast
-Winvalid-pch -Wmissing-field-initializers -Wnonnull -Woverflow -Wvla
-Wpointer-to-int-cast -Wstrict-aliasing -Wvariadic-macros
-Wvolatile-register-var -Wpointer-sign -Wmissing-include-dirs
-Wmissing-prototypes -Wmissing-declarations -Wformat=2 -freg-struct-return
-mgeneral-regs-only -fno-dwarf2-cfi-asm -fno-asynchronous-unwind-tables
-fno-unwind-tables -Qn -fno-PIE -fno-pie -fno-stack-protector -Wtrampolines
-Werror -mcmodel=large -ffreestanding -MT commands/efi/tpm_module-tpm.o -MD
-MP -MF commands/efi/.deps-core/tpm_module-tpm.Tpo -c -o
commands/efi/tpm_module-tpm.o `test -f 'commands/efi/tpm.c' || echo
'./'`commands/efi/tpm.c
In file included from commands/efi/tpm.c:23:0:
commands/efi/tpm.c: In function ‘grub_tpm1_log_event’:
commands/efi/tpm.c:248:52: error: passing argument 2 of ‘tpm->log_extend_event’
makes integer from pointer without a cast [-Werror=int-conversion]
status = efi_call_7 (tpm->log_extend_event, tpm, buf, (grub_uint64_t) size,
^
../include/grub/efi/api.h:1698:55: note: in definition of macro ‘efi_call_7’
#define efi_call_7(func, a, b, c, d, e, f, g) func(a, b, c, d, e, f, g)
^
commands/efi/tpm.c:248:52: note: expected ‘grub_efi_physical_address_t {aka
long unsigned int}’ but argument is of type ‘unsigned char *’
status = efi_call_7 (tpm->log_extend_event, tpm, buf, (grub_uint64_t) size,
^
../include/grub/efi/api.h:1698:55: note: in definition of macro ‘efi_call_7’
#define efi_call_7(func, a, b, c, d, e, f, g) func(a, b, c, d, e, f, g)
^
commands/efi/tpm.c: In function ‘grub_tpm2_log_event’:
commands/efi/tpm.c:298:60: error: passing argument 3 of
‘tpm->hash_log_extend_event’ from incompatible pointer type
[-Werror=incompatible-pointer-types]
status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, buf,
^
../include/grub/efi/api.h:1696:52: note: in definition of macro ‘efi_call_5’
#define efi_call_5(func, a, b, c, d, e) func(a, b, c, d, e)
^
commands/efi/tpm.c:298:60: note: expected ‘grub_efi_physical_address_t * {aka
long unsigned int *}’ but argument is of type unsigned char *’
status = efi_call_5 (tpm->hash_log_extend_event, tpm, 0, buf,
^
../include/grub/efi/api.h:1696:52: note: in definition of macro ‘efi_call_5’
#define efi_call_5(func, a, b, c, d, e) func(a, b, c, d, e)
^
cc1: all warnings being treated as errors
Re: [PATCH V3 3/3] verifiers: Add TPM documentation
On Wed, Dec 12, 2018 at 6:31 AM Daniel Kiper wrote: > > On Mon, Dec 03, 2018 at 03:48:17PM +0100, Daniel Kiper wrote: > > On Thu, Nov 29, 2018 at 11:28:10AM -0800, Matthew Garrett wrote: > > > Describe the behaviour of grub when the TPM module is in use. > > > > > > Signed-off-by: Matthew Garrett > > > > Reviewed-by: Daniel Kiper > > > > If there are no objections I will apply the patch series in a week or so. > > Pushed. However, I have had to change "enable = efi;" to "enable = > x86_64_efi;" > in grub-core/Makefile.core.def. Otherwise ARM EFI builds would be broken. > I hope that this is not a problem for you. Hmm, this should have been architecture independent - what was the failure? I can send a followup patch to fix that up. ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH V3 3/3] verifiers: Add TPM documentation
On Mon, Dec 03, 2018 at 03:48:17PM +0100, Daniel Kiper wrote: > On Thu, Nov 29, 2018 at 11:28:10AM -0800, Matthew Garrett wrote: > > Describe the behaviour of grub when the TPM module is in use. > > > > Signed-off-by: Matthew Garrett > > Reviewed-by: Daniel Kiper > > If there are no objections I will apply the patch series in a week or so. Pushed. However, I have had to change "enable = efi;" to "enable = x86_64_efi;" in grub-core/Makefile.core.def. Otherwise ARM EFI builds would be broken. I hope that this is not a problem for you. Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH V3 3/3] verifiers: Add TPM documentation
On Thu, Nov 29, 2018 at 11:28:10AM -0800, Matthew Garrett wrote: > Describe the behaviour of grub when the TPM module is in use. > > Signed-off-by: Matthew Garrett Reviewed-by: Daniel Kiper If there are no objections I will apply the patch series in a week or so. Thank you for doing the work. Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH V3 3/3] verifiers: Add TPM documentation
Describe the behaviour of grub when the TPM module is in use.
Signed-off-by: Matthew Garrett
---
docs/grub.texi | 38 ++
1 file changed, 38 insertions(+)
diff --git a/docs/grub.texi b/docs/grub.texi
index 471d97c95..6bd3783a4 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -5545,6 +5545,7 @@ environment variables and commands are listed in the same
order.
* Authentication and authorisation:: Users and access control
* Using digital signatures:: Booting digitally signed code
* UEFI secure boot and shim::Booting digitally signed PE files
+* Measured Boot::Measuring boot components
@end menu
@node Authentication and authorisation
@@ -5721,6 +5722,43 @@ mentioned requirements are enforced by the shim_lock
module. And itself it
is a persistent module which means that it cannot be unloaded if it was
loaded into the memory.
+@node Measured Boot
+@section Measuring boot components
+
+If the tpm module is loaded and the platform has a Trusted Platform Module
+installed, GRUB will log each command executed and each file loaded into the
+TPM event log and extend the PCR values in the TPM correspondingly. All events
+will be logged into the PCR described below with a type of EV_IPL and an
+event description as described below.
+
+@multitable @columnfractions 0.3 0.1 0.6
+@headitem Event type @tab PCR @tab Description
+@item Command
+@tab 8
+@tab All executed commands (including those from configuration files) will be
+logged and measured as entered with a prefix of ``grub_cmd: ``
+@item Module command line
+@tab 8
+@tab Any command line passed to a kernel module will be logged and measured as
+entered with a prefix of ``module_cmdline: ``
+@item Kernel command line
+@tab 8
+@tab Any command line passed to a kernel will be logged and measured as entered
+with a prefix of ``kernel_cmdline: ''
+@item Files
+@tab 9
+@tab Any file read by GRUB will be logged and measured with a descriptive text
+corresponding to the filename.
+@end multitable
+
+GRUB will not measure its own @file{core.img} - it is expected that firmware
+will carry this out. GRUB will also not perform any measurements until the
+tpm module is loaded. As such it is recommended that the tpm module be built
+into @file{core.img} in order to avoid a potential gap in measurement between
+@file{core.img} being loaded and the tpm module being loaded.
+
+Measured boot is currently only supported on EFI platforms.
+
@node Platform limitations
@chapter Platform limitations
--
2.20.0.rc0.387.gc7a69e6b6c-goog
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
