uefi: emphasize a bit that EV_IPL event logs is the past, EV_EVENT_TAG the future

2025-01-21 22:04:01 +03:00 · 2024-06-24 12:18:03 +02:00 · 2024-06-24 12:18:03 +02:00 · 21ab3f505a
commit 21ab3f505a
parent c53580bf2e
4 changed files with 35 additions and 23 deletions
--- a/src/boot/efi/cpio.c
+++ b/src/boot/efi/cpio.c
@ -430,7 +430,7 @@ EFI_STATUS pack_cpio(
        if (err != EFI_SUCCESS)
                return log_error_status(err, "Failed to pack cpio trailer: %m");

-        err = tpm_log_event(
+        err = tpm_log_ipl_event(
                        tpm_pcr, POINTER_TO_PHYSICAL_ADDRESS(buffer), buffer_size, tpm_description, ret_measured);
        if (err != EFI_SUCCESS)
                return log_error_status(
@ -499,7 +499,7 @@ EFI_STATUS pack_cpio_literal(
        if (err != EFI_SUCCESS)
                return log_error_status(err, "Failed to pack cpio trailer: %m");

-        err = tpm_log_event(
+        err = tpm_log_ipl_event(
                        tpm_pcr, POINTER_TO_PHYSICAL_ADDRESS(buffer), buffer_size, tpm_description, ret_measured);
        if (err != EFI_SUCCESS)
                return log_error_status(
--- a/src/boot/efi/measure.c
+++ b/src/boot/efi/measure.c
@ -27,6 +27,8 @@ static EFI_STATUS tpm2_measure_to_pcr_and_tagged_event_log(
        assert(tcg);
        assert(description);

+        /* New style stuff we log as EV_EVENT_TAG with a recognizable event tag. */
+
        desc_len = strsize16(description);
        event_size = offsetof(EFI_TCG2_EVENT, Event) + offsetof(EFI_TCG2_TAGGED_EVENT, Event) + desc_len;

@ -53,7 +55,7 @@ static EFI_STATUS tpm2_measure_to_pcr_and_tagged_event_log(
                        &event->tcg_event);
 }

-static EFI_STATUS tpm2_measure_to_pcr_and_event_log(
+static EFI_STATUS tpm2_measure_to_pcr_and_ipl_event_log(
                EFI_TCG2_PROTOCOL *tcg,
                uint32_t pcrindex,
                EFI_PHYSICAL_ADDRESS buffer,
@ -66,11 +68,10 @@ static EFI_STATUS tpm2_measure_to_pcr_and_event_log(
        assert(tcg);
        assert(description);

-        /* NB: We currently record everything as EV_IPL. Which sucks, because it makes it hard to
-         * recognize from the event log which of the events are ours. Measurement logs are kinda API hence
-         * this is hard to change for existing, established events. But for future additions, let's use
-         * EV_EVENT_TAG instead, with a tag of our choosing that makes clear what precisely we are measuring
-         * here. */
+        /* We record older stuff as EV_IPL. Which sucks, because it makes it hard to recognize from the event
+         * log which of the events are ours. Measurement logs are kinda API hence this is hard to change for
+         * existing, established events. But for future additions, let's use EV_EVENT_TAG instead, with a tag
+         * of our choosing that makes clear what precisely we are measuring here. See above. */

        desc_len = strsize16(description);
        tcg_event = xmalloc(offsetof(EFI_TCG2_EVENT, Event) + desc_len);
@ -91,7 +92,7 @@ static EFI_STATUS tpm2_measure_to_pcr_and_event_log(
                        tcg_event);
 }

-static EFI_STATUS cc_measure_to_mr_and_event_log(
+static EFI_STATUS cc_measure_to_mr_and_ipl_event_log(
                EFI_CC_MEASUREMENT_PROTOCOL *cc,
                uint32_t pcrindex,
                EFI_PHYSICAL_ADDRESS buffer,
@ -187,7 +188,7 @@ bool tpm_present(void) {
        return tcg2_interface_check();
 }

-static EFI_STATUS tcg2_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
+static EFI_STATUS tcg2_log_ipl_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
        EFI_TCG2_PROTOCOL *tpm2;
        EFI_STATUS err = EFI_SUCCESS;

@ -195,7 +196,7 @@ static EFI_STATUS tcg2_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer,

        tpm2 = tcg2_interface_check();
        if (tpm2)
-                err = tpm2_measure_to_pcr_and_event_log(tpm2, pcrindex, buffer, buffer_size, description);
+                err = tpm2_measure_to_pcr_and_ipl_event_log(tpm2, pcrindex, buffer, buffer_size, description);

        *ret_measured = tpm2 && (err == EFI_SUCCESS);

@ -210,14 +211,14 @@ static EFI_STATUS cc_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, s

        cc = cc_interface_check();
        if (cc)
-                err = cc_measure_to_mr_and_event_log(cc, pcrindex, buffer, buffer_size, description);
+                err = cc_measure_to_mr_and_ipl_event_log(cc, pcrindex, buffer, buffer_size, description);

        *ret_measured = cc && (err == EFI_SUCCESS);

        return err;
 }

-EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
+EFI_STATUS tpm_log_ipl_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
        EFI_STATUS err;
        bool tpm_ret_measured, cc_ret_measured;

@ -238,7 +239,7 @@ EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t
        if (err != EFI_SUCCESS)
                return err;

-        err = tcg2_log_event(pcrindex, buffer, buffer_size, description, &tpm_ret_measured);
+        err = tcg2_log_ipl_event(pcrindex, buffer, buffer_size, description, &tpm_ret_measured);

        if (err == EFI_SUCCESS && ret_measured)
                *ret_measured = tpm_ret_measured || cc_ret_measured;
@ -278,13 +279,13 @@ EFI_STATUS tpm_log_tagged_event(
        return err;
 }

-EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) {
+EFI_STATUS tpm_log_ipl_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) {
        _cleanup_free_ char16_t *c = NULL;

        if (description)
                c = xstr8_to_16(description);

-        return tpm_log_event(pcrindex, buffer, buffer_size, c, ret_measured);
+        return tpm_log_ipl_event(pcrindex, buffer, buffer_size, c, ret_measured);
 }

 EFI_STATUS tpm_log_load_options(const char16_t *load_options, bool *ret_measured) {
@ -293,7 +294,7 @@ EFI_STATUS tpm_log_load_options(const char16_t *load_options, bool *ret_measured

        /* Measures a load options string into the TPM2, i.e. the kernel command line */

-        err = tpm_log_event(
+        err = tpm_log_ipl_event(
                        TPM2_PCR_KERNEL_CONFIG,
                        POINTER_TO_PHYSICAL_ADDRESS(load_options),
                        strsize16(load_options),
--- a/src/boot/efi/measure.h
+++ b/src/boot/efi/measure.h
@ -6,9 +6,20 @@
 #if ENABLE_TPM

 bool tpm_present(void);
-EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured);
-EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured);
+
+/* Routines for boot-time TPM PCR measurement as well as submitting an event log entry about it. The latter
+ * can be done with two different event log record types. For old stuff we use EV_IPL (which is legacy, and
+ * not great to recognize properly during PCR validation). For new stuff we use properly tagged
+ * EV_EVENT_TAG record. */
+
+/* Old stuff is logged as EV_IPL */
+EFI_STATUS tpm_log_ipl_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured);
+EFI_STATUS tpm_log_ipl_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const
+char *description, bool *ret_measured);
+
+/* New stuff is logged as EV_EVENT_TAG */
 EFI_STATUS tpm_log_tagged_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, uint32_t event_id, const char16_t *description, bool *ret_measured);
+
 EFI_STATUS tpm_log_load_options(const char16_t *cmdline, bool *ret_measured);

 #else
@ -17,13 +28,13 @@ static inline bool tpm_present(void) {
        return false;
 }

-static inline EFI_STATUS tpm_log_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
+static inline EFI_STATUS tpm_log_ipl_event(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char16_t *description, bool *ret_measured) {
        if (ret_measured)
                *ret_measured = false;
        return EFI_SUCCESS;
 }

-static inline EFI_STATUS tpm_log_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) {
+static inline EFI_STATUS tpm_log_ipl_event_ascii(uint32_t pcrindex, EFI_PHYSICAL_ADDRESS buffer, size_t buffer_size, const char *description, bool *ret_measured) {
        if (ret_measured)
                *ret_measured = false;
        return EFI_SUCCESS;
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@ -584,7 +584,7 @@ static EFI_STATUS run(EFI_HANDLE image) {
                m = false;

                /* First measure the name of the section */
-                (void) tpm_log_event_ascii(
+                (void) tpm_log_ipl_event_ascii(
                                TPM2_PCR_KERNEL_BOOT,
                                POINTER_TO_PHYSICAL_ADDRESS(unified_sections[section]),
                                strsize8(unified_sections[section]), /* including NUL byte */
@ -594,7 +594,7 @@ static EFI_STATUS run(EFI_HANDLE image) {
                sections_measured = sections_measured < 0 ? m : (sections_measured && m);

                /* Then measure the data of the section */
-                (void) tpm_log_event_ascii(
+                (void) tpm_log_ipl_event_ascii(
                                TPM2_PCR_KERNEL_BOOT,
                                POINTER_TO_PHYSICAL_ADDRESS(loaded_image->ImageBase) + addrs[section],
                                szs[section],