mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-11 07:34:31 +00:00
efi_loader: add ExitBootServices() measurement
TCG PC Client PFP spec requires to measure "Exit Boot Services Invocation" if ExitBootServices() is invoked. Depending upon the return code from the ExitBootServices() call, "Exit Boot Services Returned with Success" or "Exit Boot Services Returned with Failure" is also measured. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Swap two ifs in efi_exit_boot_services(). efi_tcg2_notify_exit_boot_services must have EFIAPI signature. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
parent
8fc4e0b427
commit
fdff03e5b3
3 changed files with 76 additions and 0 deletions
|
@ -499,6 +499,7 @@ efi_status_t efi_run_image(void *source_buffer, efi_uintn_t source_size);
|
||||||
efi_status_t efi_init_variables(void);
|
efi_status_t efi_init_variables(void);
|
||||||
/* Notify ExitBootServices() is called */
|
/* Notify ExitBootServices() is called */
|
||||||
void efi_variables_boot_exit_notify(void);
|
void efi_variables_boot_exit_notify(void);
|
||||||
|
efi_status_t efi_tcg2_notify_exit_boot_services_failed(void);
|
||||||
/* Measure efi application invocation */
|
/* Measure efi application invocation */
|
||||||
efi_status_t efi_tcg2_measure_efi_app_invocation(void);
|
efi_status_t efi_tcg2_measure_efi_app_invocation(void);
|
||||||
/* Measure efi application exit */
|
/* Measure efi application exit */
|
||||||
|
|
|
@ -2182,6 +2182,11 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
|
||||||
efi_set_watchdog(0);
|
efi_set_watchdog(0);
|
||||||
WATCHDOG_RESET();
|
WATCHDOG_RESET();
|
||||||
out:
|
out:
|
||||||
|
if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL)) {
|
||||||
|
if (ret != EFI_SUCCESS)
|
||||||
|
efi_tcg2_notify_exit_boot_services_failed();
|
||||||
|
}
|
||||||
|
|
||||||
return EFI_EXIT(ret);
|
return EFI_EXIT(ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1506,6 +1506,67 @@ efi_status_t efi_tcg2_measure_efi_app_exit(void)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* efi_tcg2_notify_exit_boot_services() - ExitBootService callback
|
||||||
|
*
|
||||||
|
* @event: callback event
|
||||||
|
* @context: callback context
|
||||||
|
*/
|
||||||
|
static void EFIAPI
|
||||||
|
efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context)
|
||||||
|
{
|
||||||
|
efi_status_t ret;
|
||||||
|
struct udevice *dev;
|
||||||
|
|
||||||
|
EFI_ENTRY("%p, %p", event, context);
|
||||||
|
|
||||||
|
ret = platform_get_tpm2_device(&dev);
|
||||||
|
if (ret != EFI_SUCCESS)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
|
||||||
|
strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
|
||||||
|
(u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
|
||||||
|
if (ret != EFI_SUCCESS)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
|
||||||
|
strlen(EFI_EXIT_BOOT_SERVICES_SUCCEEDED),
|
||||||
|
(u8 *)EFI_EXIT_BOOT_SERVICES_SUCCEEDED);
|
||||||
|
|
||||||
|
out:
|
||||||
|
EFI_EXIT(ret);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* efi_tcg2_notify_exit_boot_services_failed()
|
||||||
|
* - notify ExitBootServices() is failed
|
||||||
|
*
|
||||||
|
* Return: status code
|
||||||
|
*/
|
||||||
|
efi_status_t efi_tcg2_notify_exit_boot_services_failed(void)
|
||||||
|
{
|
||||||
|
struct udevice *dev;
|
||||||
|
efi_status_t ret;
|
||||||
|
|
||||||
|
ret = platform_get_tpm2_device(&dev);
|
||||||
|
if (ret != EFI_SUCCESS)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
|
||||||
|
strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
|
||||||
|
(u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
|
||||||
|
if (ret != EFI_SUCCESS)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
|
||||||
|
strlen(EFI_EXIT_BOOT_SERVICES_FAILED),
|
||||||
|
(u8 *)EFI_EXIT_BOOT_SERVICES_FAILED);
|
||||||
|
|
||||||
|
out:
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* tcg2_measure_secure_boot_variable() - measure secure boot variables
|
* tcg2_measure_secure_boot_variable() - measure secure boot variables
|
||||||
*
|
*
|
||||||
|
@ -1584,6 +1645,7 @@ efi_status_t efi_tcg2_register(void)
|
||||||
{
|
{
|
||||||
efi_status_t ret = EFI_SUCCESS;
|
efi_status_t ret = EFI_SUCCESS;
|
||||||
struct udevice *dev;
|
struct udevice *dev;
|
||||||
|
struct efi_event *event;
|
||||||
|
|
||||||
ret = platform_get_tpm2_device(&dev);
|
ret = platform_get_tpm2_device(&dev);
|
||||||
if (ret != EFI_SUCCESS) {
|
if (ret != EFI_SUCCESS) {
|
||||||
|
@ -1608,6 +1670,14 @@ efi_status_t efi_tcg2_register(void)
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ret = efi_create_event(EVT_SIGNAL_EXIT_BOOT_SERVICES, TPL_CALLBACK,
|
||||||
|
efi_tcg2_notify_exit_boot_services, NULL,
|
||||||
|
NULL, &event);
|
||||||
|
if (ret != EFI_SUCCESS) {
|
||||||
|
tcg2_uninit();
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
|
||||||
ret = tcg2_measure_secure_boot_variable(dev);
|
ret = tcg2_measure_secure_boot_variable(dev);
|
||||||
if (ret != EFI_SUCCESS) {
|
if (ret != EFI_SUCCESS) {
|
||||||
tcg2_uninit();
|
tcg2_uninit();
|
||||||
|
|
Loading…
Reference in a new issue