Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-23 05:08:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

tcg2: decouple eventlog size from efi

Browse source 
Move default eventlog size from efi to tpm for using in both
efi and measured boot.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This commit is contained in:
Raymond Mao 2025-01-27 06:49:35 -08:00 committed by Ilias Apalodimas
parent bb894c5da5
commit afe26a74dd
5 changed files with 17 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/usage/measured_boot.rst
View file

@ -24,7 +24,6 @@ Requirements
* A hardware TPM 2.0 supported by an enabled U-Boot driver * A hardware TPM 2.0 supported by an enabled U-Boot driver
* CONFIG_EFI_TCG2_PROTOCOL=y * CONFIG_EFI_TCG2_PROTOCOL=y
* CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE=y
* optional CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB=y will measure the loaded DTB * optional CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB=y will measure the loaded DTB
in PCR 1 in PCR 1

9
drivers/tpm/Kconfig
View file

@ -209,6 +209,15 @@ config TPM2_MMIO
to the device using the standard TPM Interface Specification (TIS) to the device using the standard TPM Interface Specification (TIS)
protocol. protocol.
config TPM2_EVENT_LOG_SIZE
int "EventLog size"
depends on TPM_V2
default 65536
help
Define the size of the EventLog. Note that this is going to be
allocated twice. One for the eventlog it self and one for the
configuration table that is required from the TCG2 spec
endif # TPM_V2 endif # TPM_V2
endmenu endmenu

2
include/efi_tcg2.h
View file

@ -28,8 +28,6 @@
#define EFI_TCG2_MAX_PCR_INDEX 23 #define EFI_TCG2_MAX_PCR_INDEX 23
#define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1 #define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1
#define TPM2_EVENT_LOG_SIZE CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
typedef u32 efi_tcg_event_log_bitmap; typedef u32 efi_tcg_event_log_bitmap;
typedef u32 efi_tcg_event_log_format; typedef u32 efi_tcg_event_log_format;
typedef u32 efi_tcg_event_algorithm_bitmap; typedef u32 efi_tcg_event_algorithm_bitmap;

9
lib/efi_loader/Kconfig
View file

@ -438,15 +438,6 @@ config EFI_TCG2_PROTOCOL
Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
of the platform. of the platform.
config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
int "EFI_TCG2_PROTOCOL EventLog size"
depends on EFI_TCG2_PROTOCOL
default 65536
help
Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
this is going to be allocated twice. One for the eventlog it self
and one for the configuration table that is required from the spec
config EFI_TCG2_PROTOCOL_MEASURE_DTB config EFI_TCG2_PROTOCOL_MEASURE_DTB
bool "Measure DTB with EFI_TCG2_PROTOCOL" bool "Measure DTB with EFI_TCG2_PROTOCOL"
depends on EFI_TCG2_PROTOCOL depends on EFI_TCG2_PROTOCOL

15
lib/efi_loader/efi_tcg2.c
View file

@ -112,7 +112,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type,
/* if ExitBootServices hasn't been called update the normal log */ /* if ExitBootServices hasn't been called update the normal log */
if (!event_log.ebs_called) { if (!event_log.ebs_called) {
if (event_log.truncated || if (event_log.truncated ||
event_log.pos + event_size > TPM2_EVENT_LOG_SIZE) { event_log.pos + event_size > CONFIG_TPM2_EVENT_LOG_SIZE) {
event_log.truncated = true; event_log.truncated = true;
return EFI_VOLUME_FULL; return EFI_VOLUME_FULL;
} }
@ -125,7 +125,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type,
return ret; return ret;
/* if GetEventLog has been called update FinalEventLog as well */ /* if GetEventLog has been called update FinalEventLog as well */
if (event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE) if (event_log.final_pos + event_size > CONFIG_TPM2_EVENT_LOG_SIZE)
return EFI_VOLUME_FULL; return EFI_VOLUME_FULL;
log = (void *)((uintptr_t)event_log.final_buffer + event_log.final_pos); log = (void *)((uintptr_t)event_log.final_buffer + event_log.final_pos);
@ -823,12 +823,12 @@ static efi_status_t create_final_event(void)
* EFI_TCG2_GET_EVENT_LOGS need to be stored in an instance of an * EFI_TCG2_GET_EVENT_LOGS need to be stored in an instance of an
* EFI_CONFIGURATION_TABLE * EFI_CONFIGURATION_TABLE
*/ */
ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, TPM2_EVENT_LOG_SIZE, ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, CONFIG_TPM2_EVENT_LOG_SIZE,
&event_log.final_buffer); &event_log.final_buffer);
if (ret != EFI_SUCCESS) if (ret != EFI_SUCCESS)
goto out; goto out;
memset(event_log.final_buffer, 0xff, TPM2_EVENT_LOG_SIZE); memset(event_log.final_buffer, 0xff, CONFIG_TPM2_EVENT_LOG_SIZE);
final_event = event_log.final_buffer; final_event = event_log.final_buffer;
final_event->number_of_events = 0; final_event->number_of_events = 0;
final_event->version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION; final_event->version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;
@ -914,7 +914,8 @@ static efi_status_t efi_init_event_log(void)
if (tcg2_platform_get_tpm2(&dev)) if (tcg2_platform_get_tpm2(&dev))
return EFI_DEVICE_ERROR; return EFI_DEVICE_ERROR;
ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE, ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA,
CONFIG_TPM2_EVENT_LOG_SIZE,
(void **)&event_log.buffer); (void **)&event_log.buffer);
if (ret != EFI_SUCCESS) if (ret != EFI_SUCCESS)
return ret; return ret;
@ -923,7 +924,7 @@ static efi_status_t efi_init_event_log(void)
* initialize log area as 0xff so the OS can easily figure out the * initialize log area as 0xff so the OS can easily figure out the
* last log entry * last log entry
*/ */
memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); memset(event_log.buffer, 0xff, CONFIG_TPM2_EVENT_LOG_SIZE);
/* /*
* The log header is defined to be in SHA1 event log entry format. * The log header is defined to be in SHA1 event log entry format.
@ -940,7 +941,7 @@ static efi_status_t efi_init_event_log(void)
* platforms can use different ways to do so. * platforms can use different ways to do so.
*/ */
elog.log = event_log.buffer; elog.log = event_log.buffer;
elog.log_size = TPM2_EVENT_LOG_SIZE; elog.log_size = CONFIG_TPM2_EVENT_LOG_SIZE;
rc = tcg2_log_prepare_buffer(dev, &elog, false); rc = tcg2_log_prepare_buffer(dev, &elog, false);
if (rc) { if (rc) {
ret = (rc == -ENOBUFS) ? EFI_BUFFER_TOO_SMALL : EFI_DEVICE_ERROR; ret = (rc == -ENOBUFS) ? EFI_BUFFER_TOO_SMALL : EFI_DEVICE_ERROR;