blob: 67a886efaa8506b68407c127f1c94d1260e35d28 [file] [log] [blame]
Heinrich Schuchardt7754a182020-11-12 19:53:10 +01001// SPDX-License-Identifier: GPL-2.0+
2/*
3 * efi_selftest_devicepath
4 *
5 * Copyright (c) 2020 Heinrich Schuchardt <xypron.glpk@gmx.de>
6 *
7 * Test the EFI_TCG2_PROTOCOL
8 */
9
10#include <efi_selftest.h>
11#include <efi_tcg2.h>
Masahisa Kojima4d1fee22021-11-04 19:45:46 +090012/*
13 * Include containing the miniapp.efi application.
14 * Note that tcg2 selftest measures the PE/COFF image,
15 * so we must have the pre-build efi application for
16 * each architecture.
17 */
18#if defined(__arm__)
19#include "efi_miniapp_tcg2_arm.h"
20#elif defined(__aarch64__)
21#include "efi_miniapp_tcg2_arm64.h"
22#elif defined(__i386__)
23#include "efi_miniapp_tcg2_ia32.h"
24#elif defined(__x86_64__)
25#include "efi_miniapp_tcg2_x86_64.h"
26#elif defined(__riscv) && (__riscv_xlen == 32)
27#include "efi_miniapp_tcg2_riscv32.h"
28#elif defined(__riscv) && (__riscv_xlen == 64)
29#include "efi_miniapp_tcg2_riscv64.h"
30#endif
31
32#include <linux/unaligned/be_byteshift.h>
33#include <linux/unaligned/le_byteshift.h>
34#include <mapmem.h>
35#include <smbios.h>
36#include <tables_csum.h>
Heinrich Schuchardt7754a182020-11-12 19:53:10 +010037
38static struct efi_boot_services *boottime;
39static const efi_guid_t guid_tcg2 = EFI_TCG2_PROTOCOL_GUID;
40
Masahisa Kojima4d1fee22021-11-04 19:45:46 +090041/* Block size of compressed disk image */
42#define COMPRESSED_DISK_IMAGE_BLOCK_SIZE 8
43
44static efi_handle_t image_handle;
45/* Decompressed file image */
46static u8 *image;
47
48/* One 8 byte block of the compressed disk image */
49struct line {
50 size_t addr;
51 char *line;
52};
53
54/* Compressed file image */
55struct compressed_file_image {
56 size_t length;
57 struct line lines[];
58};
59
60static struct compressed_file_image img = EFI_ST_DISK_IMG;
61
62static struct efi_tcg2_event *efi_tcg2_event;
63
64static struct efi_runtime_services *runtime;
65#define BOOT_NAME_1000 u"Boot1000"
66#define BOOT_NAME_1001 u"Boot1001"
67#define BOOT_NAME_1002 u"Boot1002"
68
69#define DEFAULT_ATTR (EFI_VARIABLE_NON_VOLATILE | \
70 EFI_VARIABLE_BOOTSERVICE_ACCESS | \
71 EFI_VARIABLE_RUNTIME_ACCESS)
72
73/* "efidebug boot add -b 1000 test1000 virtio 0:1 /EFI/debian/grubaa64.efi" */
74static const u8 boot_1000[] = {
750x01, 0x00, 0x00, 0x00, 0x8d, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
760x74, 0x00, 0x30, 0x00, 0x00, 0x00, 0x01, 0x04, 0x14, 0x00, 0xb9, 0x73,
770x1d, 0xe6, 0x84, 0xa3, 0xcc, 0x4a, 0xae, 0xab, 0x82, 0xe8, 0x28, 0xf3,
780x62, 0x8b, 0x01, 0x04, 0x15, 0x00, 0x92, 0x37, 0x29, 0x63, 0xf5, 0xad,
790x25, 0x93, 0xb9, 0x9f, 0x4e, 0x0e, 0x45, 0x5c, 0x1b, 0x1e, 0x00, 0x04,
800x01, 0x2a, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
810x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x57,
820x5a, 0x47, 0xc2, 0x35, 0x27, 0x44, 0x47, 0x9f, 0x01, 0x67, 0xfe, 0xfa,
830x1d, 0x06, 0xae, 0x02, 0x02, 0x04, 0x04, 0x36, 0x00, 0x5c, 0x00, 0x45,
840x00, 0x46, 0x00, 0x49, 0x00, 0x5c, 0x00, 0x64, 0x00, 0x65, 0x00, 0x62,
850x00, 0x69, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x5c, 0x00, 0x67, 0x00, 0x72,
860x00, 0x75, 0x00, 0x62, 0x00, 0x61, 0x00, 0x61, 0x00, 0x36, 0x00, 0x34,
870x00, 0x2e, 0x00, 0x65, 0x00, 0x66, 0x00, 0x69, 0x00, 0x00, 0x00, 0x7f,
880xff, 0x04, 0x00 };
89
90/* "efidebug boot add -b 1001 test1001 virtio 0:1 /EFI/debian/grubaa64.efi" */
91static const u8 boot_1001[] = {
920x01, 0x00, 0x00, 0x00, 0x8d, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
930x74, 0x00, 0x31, 0x00, 0x00, 0x00, 0x01, 0x04, 0x14, 0x00, 0xb9, 0x73,
940x1d, 0xe6, 0x84, 0xa3, 0xcc, 0x4a, 0xae, 0xab, 0x82, 0xe8, 0x28, 0xf3,
950x62, 0x8b, 0x01, 0x04, 0x15, 0x00, 0x92, 0x37, 0x29, 0x63, 0xf5, 0xad,
960x25, 0x93, 0xb9, 0x9f, 0x4e, 0x0e, 0x45, 0x5c, 0x1b, 0x1e, 0x00, 0x04,
970x01, 0x2a, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
980x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x57,
990x5a, 0x47, 0xc2, 0x35, 0x27, 0x44, 0x47, 0x9f, 0x01, 0x67, 0xfe, 0xfa,
1000x1d, 0x06, 0xae, 0x02, 0x02, 0x04, 0x04, 0x36, 0x00, 0x5c, 0x00, 0x45,
1010x00, 0x46, 0x00, 0x49, 0x00, 0x5c, 0x00, 0x64, 0x00, 0x65, 0x00, 0x62,
1020x00, 0x69, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x5c, 0x00, 0x67, 0x00, 0x72,
1030x00, 0x75, 0x00, 0x62, 0x00, 0x61, 0x00, 0x61, 0x00, 0x36, 0x00, 0x34,
1040x00, 0x2e, 0x00, 0x65, 0x00, 0x66, 0x00, 0x69, 0x00, 0x00, 0x00, 0x7f,
1050xff, 0x04, 0x00 };
106
107/* "efidebug boot add -b 1002 test1002 virtio 0:1 /EFI/debian/grubaa64.efi" */
108static const u8 boot_1002[] = {
1090x01, 0x00, 0x00, 0x00, 0x8d, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
1100x74, 0x00, 0x32, 0x00, 0x00, 0x00, 0x01, 0x04, 0x14, 0x00, 0xb9, 0x73,
1110x1d, 0xe6, 0x84, 0xa3, 0xcc, 0x4a, 0xae, 0xab, 0x82, 0xe8, 0x28, 0xf3,
1120x62, 0x8b, 0x01, 0x04, 0x15, 0x00, 0x92, 0x37, 0x29, 0x63, 0xf5, 0xad,
1130x25, 0x93, 0xb9, 0x9f, 0x4e, 0x0e, 0x45, 0x5c, 0x1b, 0x1e, 0x00, 0x04,
1140x01, 0x2a, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
1150x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x57,
1160x5a, 0x47, 0xc2, 0x35, 0x27, 0x44, 0x47, 0x9f, 0x01, 0x67, 0xfe, 0xfa,
1170x1d, 0x06, 0xae, 0x02, 0x02, 0x04, 0x04, 0x36, 0x00, 0x5c, 0x00, 0x45,
1180x00, 0x46, 0x00, 0x49, 0x00, 0x5c, 0x00, 0x64, 0x00, 0x65, 0x00, 0x62,
1190x00, 0x69, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x5c, 0x00, 0x67, 0x00, 0x72,
1200x00, 0x75, 0x00, 0x62, 0x00, 0x61, 0x00, 0x61, 0x00, 0x36, 0x00, 0x34,
1210x00, 0x2e, 0x00, 0x65, 0x00, 0x66, 0x00, 0x69, 0x00, 0x00, 0x00, 0x7f,
1220xff, 0x04, 0x00};
123
124/* "efidebug boot order 1002 1000 1001" */
125static u8 boot_order[] = {0x02, 0x10, 0x00, 0x10, 0x01, 0x10};
126
127static void *orig_smbios_table;
128static u64 dmi_addr = U32_MAX;
129#define SMBIOS_ENTRY_HEADER_SIZE 0x20
130/* smbios table for the measurement test */
131static u8 smbios_table_test[] = {
1320x5f, 0x53, 0x4d, 0x5f, 0x2c, 0x1f, 0x03, 0x00, 0x54, 0x00, 0x00, 0x00,
1330x00, 0x00, 0x00, 0x00, 0x5f, 0x44, 0x4d, 0x49, 0x5f, 0xe4, 0x5c, 0x01,
1340x20, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00,
1350x01, 0x02, 0x00, 0x00, 0x03, 0x00, 0x80, 0x08, 0x01, 0x00, 0x00, 0x00,
1360x00, 0x00, 0x00, 0x0c, 0x15, 0x0a, 0xff, 0xff, 0x55, 0x2d, 0x42, 0x6f,
1370x6f, 0x74, 0x00, 0x32, 0x30, 0x32, 0x31, 0x2e, 0x31, 0x30, 0x2d, 0x72,
1380x63, 0x34, 0x2d, 0x30, 0x30, 0x30, 0x30, 0x35, 0x2d, 0x67, 0x37, 0x32,
1390x37, 0x63, 0x33, 0x66, 0x33, 0x32, 0x35, 0x39, 0x2d, 0x64, 0x69, 0x72,
1400x74, 0x79, 0x00, 0x31, 0x30, 0x2f, 0x30, 0x31, 0x2f, 0x32, 0x30, 0x32,
1410x31, 0x00, 0x00, 0x01, 0x1b, 0x01, 0x00, 0x01, 0x02, 0x00, 0x03, 0x31,
1420x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00,
1430x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77,
1440x6e, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x50, 0x72,
1450x6f, 0x64, 0x75, 0x63, 0x74, 0x00, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
1460x37, 0x38, 0x00, 0x00, 0x02, 0x0e, 0x02, 0x00, 0x01, 0x02, 0x00, 0x04,
1470x03, 0x01, 0x01, 0x01, 0x00, 0x0a, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77,
1480x6e, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x50, 0x72,
1490x6f, 0x64, 0x75, 0x63, 0x74, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
1500x33, 0x33, 0x00, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x00,
1510x00, 0x03, 0x15, 0x03, 0x00, 0x01, 0x03, 0x00, 0x02, 0x03, 0x03, 0x03,
1520x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0x6e,
1530x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x00, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
1540x37, 0x38, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x00,
1550x00, 0x04, 0x30, 0x04, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0x00, 0x00,
1560x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00,
1570x00, 0x01, 0x06, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x02, 0x03, 0x04,
1580x04, 0x04, 0x08, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00, 0x08, 0x00, 0x01,
1590x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x00, 0x31, 0x32, 0x33,
1600x34, 0x35, 0x36, 0x37, 0x38, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
1610x33, 0x33, 0x00, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x00,
1620x00, 0x20, 0x0b, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1630x00, 0x00, 0x7f, 0x04, 0x06, 0x00, 0x00, 0x00
164};
165
166#define IDX_ARRAY_SZ 3 /* support 24 PCRs */
167#define TPM2_CMD_BUF_SIZE 64
168/* TPM command is big endian */
169#define __MSB(x) ((x) >> 8)
170#define __LSB(x) ((x) & 0xFF)
171#define tpm_u16(x) __MSB(x), __LSB(x)
172#define tpm_u32(x) tpm_u16((x) >> 16), tpm_u16((x) & 0xFFFF)
173#define TPM2_PCR_READ_HEADER_SIZE 30
174
175static u8 (*pcrs)[TPM2_SHA256_DIGEST_SIZE];
176static u8 expected_pcrs[EFI_TCG2_MAX_PCR_INDEX + 1][TPM2_SHA256_DIGEST_SIZE] = {
177 {0x91, 0x21, 0x37, 0xc7, 0x1a, 0x49, 0x19, 0xc8,
178 0xf1, 0xfb, 0xa9, 0x84, 0x5c, 0x65, 0xa9, 0xdd,
179 0x7b, 0xb9, 0xfe, 0xa1, 0xcd, 0x64, 0x49, 0xdd,
180 0xed, 0xe2, 0x65, 0x82, 0xc5, 0x3e, 0xf4, 0xc4},
181
182 {0xf5, 0x79, 0xf3, 0x20, 0x62, 0x6e, 0x8b, 0x58,
183 0x62, 0xa3, 0x4e, 0x2f, 0xb7, 0x10, 0xac, 0x34,
184 0x4e, 0x68, 0x94, 0x37, 0x87, 0x29, 0xc4, 0xbe,
185 0xa3, 0xc4, 0xd9, 0x14, 0x2b, 0x66, 0x79, 0x9b},
186
187 {0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea,
188 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d,
189 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a,
190 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69},
191
192 {0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea,
193 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d,
194 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a,
195 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69},
196
197 /* PCR[4] is different per architecture */
198 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
199 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
200 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
201 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
202
203 {0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea,
204 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d,
205 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a,
206 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69},
207
208 /* PCR[6] is different per architecture */
209 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
210 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
211 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
212 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
213
214 {0x96, 0x74, 0xae, 0xcd, 0x3f, 0x40, 0xb4, 0xa9,
215 0x36, 0xae, 0x19, 0xc8, 0x84, 0x8a, 0xb9, 0x5a,
216 0x87, 0x99, 0xd8, 0x89, 0x7f, 0xfc, 0x40, 0x48,
217 0x05, 0x99, 0x65, 0x2e, 0x55, 0xd4, 0x93, 0x32},
218
219 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
220 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
221 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
222 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
223
224 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
225 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
226 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
227 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
228
229 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
230 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
231 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
232 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
233
234 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
235 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
236 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
237 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
238
239 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
240 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
241 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
242 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
243
244 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
245 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
246 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
247 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
248
249 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
251 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
252 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
253
254 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
255 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
256 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
257 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
258
259 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
260 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
261 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
262 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
263
264 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
265 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
266 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
267 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
268
269 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
270 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
271 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
272 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
273
274 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
275 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
276 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
277 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
278
279 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
280 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
281 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
282 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
283
284 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
285 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
286 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
287 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
288
289 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
290 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
291 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
292 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
293
294 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
295 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
296 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
297 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
298};
299
300/*
301 * PCR[4] and PCR[6] have the PE/COFF image measurement,
302 * this PCRs have different value in each architecture.
303 */
304#if defined(__arm__)
305static u8 expected_pcrs_per_arch[][TPM2_SHA256_DIGEST_SIZE] = {
306 /* PCR[4] */
307 {0xcd, 0xa2, 0x06, 0xad, 0x83, 0x9b, 0x8f, 0x92,
308 0x01, 0xf9, 0xc8, 0x3d, 0xc9, 0x54, 0x66, 0xb3,
309 0x97, 0x35, 0x88, 0xe1, 0xea, 0xd3, 0x1a, 0xd6,
310 0x56, 0xee, 0x43, 0x1c, 0xdb, 0x4b, 0xf9, 0x1f},
311 /* PCR[6] */
312 {0x9c, 0xb8, 0x9d, 0x4a, 0xf6, 0x63, 0x95, 0xb0,
313 0x95, 0xfe, 0x44, 0x30, 0x0f, 0x3a, 0x0b, 0x7c,
314 0xef, 0xc7, 0xb6, 0x6a, 0x59, 0xae, 0xcb, 0xf6,
315 0xbd, 0x2d, 0xb5, 0xb9, 0xb4, 0x95, 0x7d, 0xaf}
316};
317#elif defined(__aarch64__)
318static u8 expected_pcrs_per_arch[][TPM2_SHA256_DIGEST_SIZE] = {
319 /* PCR[4] */
320 {0x69, 0xdb, 0x01, 0x5e, 0x07, 0xed, 0x9c, 0xbb,
321 0x27, 0x65, 0xb1, 0xf0, 0x7b, 0x04, 0xbc, 0x31,
322 0xd1, 0xec, 0x00, 0xe4, 0xe1, 0x49, 0xdb, 0x1e,
323 0x8b, 0x2d, 0xa2, 0x26, 0xb5, 0x8d, 0x07, 0xe2},
324 /* PCR[6] */
325 {0x53, 0x1b, 0x27, 0xb2, 0x6f, 0x2d, 0xab, 0x9b,
326 0x6f, 0xbc, 0xd1, 0x8f, 0xc9, 0x14, 0x48, 0xe7,
327 0x6d, 0x1b, 0xfb, 0x1b, 0x53, 0xc5, 0x8e, 0xf4,
328 0x41, 0x50, 0x79, 0x24, 0x66, 0x57, 0x7b, 0xf8}
329};
330#elif defined(__i386__)
331static u8 expected_pcrs_per_arch[][TPM2_SHA256_DIGEST_SIZE] = {
332 /* PCR[4] */
333 {0xec, 0x5e, 0xdb, 0x68, 0x13, 0x48, 0x36, 0x0a,
334 0x3a, 0xbc, 0x7b, 0x7b, 0xbc, 0x74, 0x7a, 0xa5,
335 0x55, 0xea, 0xb9, 0x09, 0x6a, 0x6e, 0xc3, 0x21,
336 0x51, 0x46, 0x22, 0xd2, 0x9d, 0xc9, 0xd5, 0x6a},
337 /* PCR[6] */
338 {0x26, 0x14, 0xe7, 0xde, 0x91, 0xd1, 0xf3, 0xde,
339 0x7a, 0xc2, 0x78, 0xaf, 0x4b, 0x2e, 0x05, 0x9d,
340 0x35, 0x17, 0xee, 0xcc, 0x0e, 0x77, 0x8d, 0x3f,
341 0x7e, 0x20, 0x75, 0xfa, 0xbc, 0xbc, 0x24, 0x3e}
342};
343#elif defined(__x86_64__)
344static u8 expected_pcrs_per_arch[][TPM2_SHA256_DIGEST_SIZE] = {
345 /* PCR[4] */
346 {0x9a, 0x75, 0x99, 0x8b, 0x74, 0x45, 0xb6, 0x26,
347 0x50, 0xe0, 0xbb, 0xfa, 0x2a, 0xa6, 0x19, 0xec,
348 0x97, 0x12, 0x0c, 0xb5, 0xc8, 0x2a, 0xfe, 0xe5,
349 0x29, 0xc8, 0xd3, 0x98, 0xe9, 0xd1, 0x9d, 0xd5},
350 /* PCR[6] */
351 {0xa2, 0xa2, 0xd3, 0xa7, 0x84, 0xc2, 0x95, 0x2a,
352 0xab, 0x6f, 0xe7, 0xe8, 0x86, 0x9f, 0x99, 0xc6,
353 0x6a, 0x8c, 0xcc, 0x5c, 0xb8, 0x83, 0xfa, 0x86,
354 0x56, 0x5e, 0x91, 0x17, 0x0b, 0x5f, 0x54, 0xa8}
355};
356#elif defined(__riscv) && (__riscv_xlen == 32)
357static u8 expected_pcrs_per_arch[][TPM2_SHA256_DIGEST_SIZE] = {
358 /* PCR[4] */
359 {0x64, 0xe9, 0x25, 0xb3, 0xd8, 0x33, 0xb3, 0x1b,
360 0x74, 0x0c, 0x81, 0x45, 0xef, 0x61, 0xf1, 0x87,
361 0xef, 0x65, 0x67, 0x28, 0x1a, 0x54, 0x97, 0xb2,
362 0xd3, 0x62, 0x00, 0xe7, 0xb6, 0x7a, 0xd5, 0x8e},
363 /* PCR[6] */
364 {0x82, 0xab, 0xc5, 0x6a, 0xbf, 0x08, 0x43, 0x3f,
365 0x85, 0xbd, 0x8f, 0x8e, 0x23, 0x62, 0x48, 0x4a,
366 0x44, 0x53, 0xf0, 0xae, 0x8d, 0x4c, 0xda, 0x04,
367 0x89, 0x9c, 0x0b, 0x81, 0x3a, 0x53, 0xf3, 0xac}
368};
369#elif defined(__riscv) && (__riscv_xlen == 64)
370static u8 expected_pcrs_per_arch[][TPM2_SHA256_DIGEST_SIZE] = {
371 /* PCR[4] */
372 {0x9b, 0x5f, 0x10, 0x24, 0x28, 0x5d, 0x7d, 0x1f,
373 0x9f, 0xee, 0xe9, 0x90, 0xf1, 0x7a, 0x03, 0xb1,
374 0x68, 0x7b, 0x28, 0x45, 0x98, 0x5e, 0xf5, 0x5e,
375 0xc1, 0x22, 0x61, 0x8c, 0x2f, 0xb5, 0xbf, 0x80},
376 /* PCR[6] */
377 {0x6d, 0x16, 0x17, 0xf4, 0x9a, 0xa8, 0x49, 0xc2,
378 0xf4, 0x9c, 0x35, 0x30, 0x0c, 0xde, 0x65, 0xdb,
379 0xd3, 0x37, 0x9c, 0xe2, 0x9f, 0x14, 0x81, 0x74,
380 0xc3, 0x94, 0x8a, 0x9e, 0x26, 0xbf, 0xfb, 0xb2}
381};
382#endif
383
384struct boot_variable {
385 u16 name[16];
386 u8 *buf;
387 efi_uintn_t size;
388 u32 attr;
389 const u8 *test_data;
390 efi_uintn_t test_data_size;
391};
392
393static struct boot_variable boot_variable_test[] = {
394 {u"BootOrder", NULL, 0, DEFAULT_ATTR, boot_order, sizeof(boot_order)},
395 {BOOT_NAME_1000, NULL, 0, DEFAULT_ATTR, boot_1000, sizeof(boot_1000)},
396 {BOOT_NAME_1001, NULL, 0, DEFAULT_ATTR, boot_1001, sizeof(boot_1001)},
397 {BOOT_NAME_1002, NULL, 0, DEFAULT_ATTR, boot_1002, sizeof(boot_1002)},
398};
399
400/*
401 * efi_status_t decompress() - Decompress the disk image.
402 *
403 * @image decompressed disk image
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100404 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900405 */
406static efi_status_t decompress(u8 **image)
407{
408 u8 *buf;
409 size_t i;
410 size_t addr;
411 size_t len;
412 efi_status_t ret;
413
414 ret = boottime->allocate_pool(EFI_LOADER_DATA, img.length,
415 (void **)&buf);
416 if (ret != EFI_SUCCESS) {
417 efi_st_error("Out of memory\n");
418 return ret;
419 }
420 boottime->set_mem(buf, img.length, 0);
421
422 for (i = 0; ; ++i) {
423 if (!img.lines[i].line)
424 break;
425 addr = img.lines[i].addr;
426 len = COMPRESSED_DISK_IMAGE_BLOCK_SIZE;
427 if (addr + len > img.length)
428 len = img.length - addr;
429 boottime->copy_mem(buf + addr, img.lines[i].line, len);
430 }
431 *image = buf;
432 return ret;
433}
434
435/*
436 * efi_status_t setup_boot_variable() - configure dummy boot variables
437 *
438 * Preexisting variable values are saved and will be restored by
439 * calling restore_boot_variable().
440 *
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100441 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900442 */
443static efi_status_t setup_boot_variable(void)
444{
445 efi_status_t ret;
446 u32 i;
447 efi_uintn_t size;
448
449 for (i = 0; i < ARRAY_SIZE(boot_variable_test); i++) {
450 size = 0;
451 ret = runtime->get_variable(boot_variable_test[i].name,
452 &efi_global_variable_guid,
453 &boot_variable_test[i].attr,
454 &size,
455 NULL);
456 if (ret == EFI_BUFFER_TOO_SMALL) {
457 /* Variable exists, save the current value */
458 boot_variable_test[i].size = size;
459 ret = boottime->allocate_pool(EFI_LOADER_DATA,
460 boot_variable_test[i].size,
461 (void **)&boot_variable_test[i].buf);
462 if (ret != EFI_SUCCESS) {
463 efi_st_error("Failed to allocate buffer for boot variable\n");
464 return ret;
465 }
466 ret = runtime->get_variable(boot_variable_test[i].name,
467 &efi_global_variable_guid,
468 &boot_variable_test[i].attr,
469 &boot_variable_test[i].size,
470 boot_variable_test[i].buf);
471 if (ret != EFI_SUCCESS) {
472 efi_st_error("Failed to get current boot variable\n");
473 return ret;
474 }
475 }
476
477 /* set boot variable for the measurement test */
478 ret = runtime->set_variable(boot_variable_test[i].name,
479 &efi_global_variable_guid,
480 boot_variable_test[i].attr,
481 boot_variable_test[i].test_data_size,
482 boot_variable_test[i].test_data);
483 if (ret != EFI_SUCCESS) {
484 efi_st_error("Failed to set test boot variable(%d)n", i);
485 return ret;
486 }
487 }
488
489 return 0;
490}
491
492/*
493 * efi_status_t restore_boot_variable() - restore original values
494 *
495 * Restore the variable values saved in setup_boot_variable().
496 *
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100497 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900498 */
499static efi_status_t restore_boot_variable(void)
500{
501 int i;
502 efi_status_t ret;
503
504 for (i = 0; i < ARRAY_SIZE(boot_variable_test); i++) {
505 if (boot_variable_test[i].buf) {
506 ret = runtime->set_variable(boot_variable_test[i].name,
507 &efi_global_variable_guid,
508 boot_variable_test[i].attr,
509 boot_variable_test[i].size,
510 boot_variable_test[i].buf);
511 if (ret != EFI_SUCCESS) {
512 efi_st_error("Failed to restore boot variable\n");
513 return ret;
514 }
515 ret = boottime->free_pool(boot_variable_test[i].buf);
516 if (ret != EFI_SUCCESS) {
517 efi_st_error("Failed to free boot variable\n");
518 return ret;
519 }
520 } else {
521 /* delete the variable used only for testing */
522 ret = runtime->set_variable(boot_variable_test[i].name,
523 &efi_global_variable_guid,
524 0, 0, NULL);
525 if (ret != EFI_SUCCESS) {
526 efi_st_error("Failed to delete boot variable\n");
527 return ret;
528 }
529 }
530 }
531
532 return EFI_SUCCESS;
533}
534
535/**
536 * void *find_smbios_table() - Find smbios table
537 *
538 * @systable system table
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100539 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900540 */
541static void *find_smbios_table(const struct efi_system_table *systable)
542{
543 u32 i;
544
545 for (i = 0; i < systable->nr_tables; i++) {
546 if (!guidcmp(&smbios_guid, &systable->tables[i].guid))
547 return systable->tables[i].table;
548 }
549
550 return NULL;
551}
552
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100553/**
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900554 * efi_status_t setup_smbios_table() - Prepare the dummy SMBIOS table
555 *
556 * @systable system table
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100557 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900558 */
559static efi_status_t setup_smbios_table(const struct efi_system_table *systable)
560{
561 struct smbios_entry *se;
562 efi_status_t ret;
563 /* Map within the low 32 bits, to allow for 32bit SMBIOS tables */
564 void *dmi;
565 char *istart;
566 int isize;
567
568 if (sizeof(smbios_table_test) > EFI_PAGE_SIZE)
569 return EFI_OUT_OF_RESOURCES;
570
571 orig_smbios_table = find_smbios_table(systable);
572
573 /* Reserve 4kiB page for SMBIOS */
574 ret = boottime->allocate_pages(EFI_ALLOCATE_MAX_ADDRESS,
575 EFI_RUNTIME_SERVICES_DATA, 1, &dmi_addr);
576
577 if (ret != EFI_SUCCESS) {
578 /* Could not find space in lowmem, use highmem instead */
579 ret = boottime->allocate_pages(EFI_ALLOCATE_ANY_PAGES,
580 EFI_RUNTIME_SERVICES_DATA, 1,
581 &dmi_addr);
582
583 if (ret != EFI_SUCCESS)
584 return ret;
585 }
586
587 dmi = (void *)(uintptr_t)dmi_addr;
588 se = dmi;
589 boottime->copy_mem(se, smbios_table_test, sizeof(smbios_table_test));
590
591 /* update smbios table start address */
592 se->struct_table_address = (uintptr_t)((u8 *)dmi + SMBIOS_ENTRY_HEADER_SIZE);
593
594 /* calculate checksums */
595 istart = (char *)se + SMBIOS_INTERMEDIATE_OFFSET;
596 isize = sizeof(struct smbios_entry) - SMBIOS_INTERMEDIATE_OFFSET;
597 se->intermediate_checksum = table_compute_checksum(istart, isize);
598 se->checksum = table_compute_checksum(se, sizeof(struct smbios_entry));
599
600 /* Install SMBIOS information as configuration table */
601 ret = boottime->install_configuration_table(&smbios_guid, dmi);
602 if (ret != EFI_SUCCESS) {
603 efi_st_error("Cannot install SMBIOS table\n");
604 boottime->free_pages(dmi_addr, 1);
605 }
606
607 return ret;
608}
609
610/**
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100611 * efi_st_tcg2_setup() - setup test
612 *
613 * @handle: handle of the loaded image
614 * @systable: system table
Heinrich Schuchardtfbe90212022-01-20 19:48:20 +0100615 * Return: status code
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100616 */
617static int efi_st_tcg2_setup(const efi_handle_t img_handle,
618 const struct efi_system_table *systable)
619{
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900620 efi_status_t ret;
621 struct uefi_image_load_event image_load_event;
622
623 image_handle = img_handle;
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100624 boottime = systable->boottime;
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900625 runtime = systable->runtime;
626
627 /* Load the application image into memory */
628 decompress(&image);
629
630 ret = boottime->allocate_pool(EFI_LOADER_DATA,
631 sizeof(struct efi_tcg2_event) +
632 sizeof(struct uefi_image_load_event),
633 (void **)&efi_tcg2_event);
Heinrich Schuchardt4c151372022-05-01 11:34:15 +0200634 if (ret != EFI_SUCCESS) {
635 efi_st_error("Out of memory\n");
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900636 return EFI_ST_FAILURE;
Heinrich Schuchardt4c151372022-05-01 11:34:15 +0200637 }
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900638
639 efi_tcg2_event->size = sizeof(struct efi_tcg2_event) +
640 sizeof(struct uefi_image_load_event);
641 efi_tcg2_event->header.header_size = sizeof(struct efi_tcg2_event_header);
642 efi_tcg2_event->header.header_version = 1;
643 efi_tcg2_event->header.pcr_index = 6;
644 efi_tcg2_event->header.event_type = EV_EFI_RUNTIME_SERVICES_DRIVER;
645 image_load_event.image_location_in_memory = 0x12345678;
646 image_load_event.image_length_in_memory = 0x300000;
647 image_load_event.image_link_time_address = 0x87654321;
648 image_load_event.length_of_device_path = 0;
649 boottime->copy_mem(efi_tcg2_event->event, &image_load_event,
650 sizeof(struct uefi_image_load_event));
651
652 ret = setup_boot_variable();
653 if (ret != EFI_SUCCESS)
654 return EFI_ST_FAILURE;
655
656 ret = setup_smbios_table(systable);
657 if (ret != EFI_SUCCESS)
658 return EFI_ST_FAILURE;
659
660 ret = boottime->allocate_pool(EFI_LOADER_DATA,
661 (EFI_TCG2_MAX_PCR_INDEX + 1) *
662 TPM2_SHA256_DIGEST_SIZE,
663 (void **)&pcrs);
Heinrich Schuchardt4c151372022-05-01 11:34:15 +0200664 if (ret != EFI_SUCCESS) {
665 efi_st_error("Out of memory\n");
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900666 return EFI_ST_FAILURE;
Heinrich Schuchardt4c151372022-05-01 11:34:15 +0200667 }
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900668
669 boottime->set_mem(pcrs, (EFI_TCG2_MAX_PCR_INDEX + 1) * TPM2_SHA256_DIGEST_SIZE, 0);
670
671 /* setup expected PCRs per architecture */
672 boottime->copy_mem(&expected_pcrs[4], &expected_pcrs_per_arch[0], TPM2_SHA256_DIGEST_SIZE);
673 boottime->copy_mem(&expected_pcrs[6], &expected_pcrs_per_arch[1], TPM2_SHA256_DIGEST_SIZE);
674
675 return EFI_ST_SUCCESS;
676}
677
678/**
679 * efi_status_t get_manufacturer_id() - Get manufacturer_id through submit_command API
680 *
681 * @tcg2 tcg2 protocol
682 * @manufacturer_id pointer to the manufacturer_id
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100683 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900684 */
685static efi_status_t get_manufacturer_id(struct efi_tcg2_protocol *tcg2, u32 *manufacturer_id)
686{
687 efi_status_t ret;
688 u8 cmd[TPM2_CMD_BUF_SIZE] = {
689 tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
690 tpm_u32(22), /* Length */
691 tpm_u32(TPM2_CC_GET_CAPABILITY), /* Command code */
692
693 tpm_u32(TPM2_CAP_TPM_PROPERTIES), /* Capability */
694 tpm_u32(TPM2_PT_MANUFACTURER), /* Property */
695 tpm_u32(1), /* Property count */
696 };
697 u8 resp[TPM2_CMD_BUF_SIZE];
698 unsigned int value_off;
699
700 ret = tcg2->submit_command(tcg2, 22, cmd,
701 TPM2_CMD_BUF_SIZE, resp);
702 if (ret != EFI_SUCCESS)
703 return ret;
704
705 /*
706 * In the response buffer, the properties are located after the:
707 * tag (u16), response size (u32), response code (u32),
708 * YES/NO flag (u8), TPM_CAP (u32).
709 * The value is located after count (u32), property (u32).
710 */
711 value_off = sizeof(u16) + sizeof(u32) + sizeof(u32) +
712 sizeof(u8) + sizeof(u32) + sizeof(u32) + sizeof(u32);
713 *manufacturer_id = get_unaligned_be32(&resp[value_off]);
714
715 return ret;
716}
717
718/**
719 * efi_status_t get_manufacturer_id_buffer_small() - call submit_command with small resp buffer
720 *
721 * @tcg2 tcg2 protocol
722 * @manufacturer_id pointer to the manufacturer_id
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100723 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900724 */
725static efi_status_t get_manufacturer_id_buffer_small(struct efi_tcg2_protocol *tcg2)
726{
727 efi_status_t ret;
728 u8 cmd[TPM2_CMD_BUF_SIZE] = {
729 tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
730 tpm_u32(22), /* Length */
731 tpm_u32(TPM2_CC_GET_CAPABILITY), /* Command code */
732
733 tpm_u32(TPM2_CAP_TPM_PROPERTIES), /* Capability */
734 tpm_u32(TPM2_PT_MANUFACTURER), /* Property */
735 tpm_u32(1), /* Property count */
736 };
737 u8 resp[1]; /* set smaller buffer than expected */
738
739 ret = tcg2->submit_command(tcg2, 22, cmd, 1, resp);
740
741 return ret;
742}
743
744/**
745 * efi_status_t read_pcr() - Read the PCR from the TPM device
746 *
747 * @tcg2 tcg2 protocol
748 * @idx pcr index to read
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100749 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900750 */
751static efi_status_t read_pcr(struct efi_tcg2_protocol *tcg2, u32 idx)
752{
753 efi_status_t ret;
754 u32 cmd_len = 17 + IDX_ARRAY_SZ;
755 u8 cmd[TPM2_CMD_BUF_SIZE] = {
756 tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
757 tpm_u32(cmd_len), /* Length */
758 tpm_u32(TPM2_CC_PCR_READ), /* Command code */
759 /* TPML_PCR_SELECTION */
760 tpm_u32(1), /* Number of selections */
761 tpm_u16(TPM2_ALG_SHA256), /* Algorithm of the hash */
762 IDX_ARRAY_SZ, /* Array size for selection */
763 /* bitmap(idx), Selected PCR bitmap */
764 };
765 u8 resp[TPM2_CMD_BUF_SIZE];
766 u32 pcr_sel_idx = idx / 8;
767 u8 pcr_sel_bit = BIT(idx % 8);
768
769 cmd[17 + pcr_sel_idx] = pcr_sel_bit;
770 ret = tcg2->submit_command(tcg2, cmd_len, cmd,
771 TPM2_CMD_BUF_SIZE, resp);
772 if (ret != EFI_SUCCESS) {
773 efi_st_error("tcg2->submit_command fail to read PCR\n");
774 return ret;
775 }
776
777 boottime->copy_mem(pcrs[idx], &resp[TPM2_PCR_READ_HEADER_SIZE],
778 TPM2_SHA256_DIGEST_SIZE);
779
780 return ret;
781}
782
783/**
784 * int validate_pcrs() - Compare the expected and actual pcrs
785 *
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100786 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900787 */
788static int validate_pcrs(void)
789{
790 u32 i;
791
792 /*
793 * - Skip PCR[0] validation. PCR[0] contains U-Boot version measurement
794 * it contains the commit hash, so the measurement varies every build
795 * with different commit hash.
796 * - Skip PCR[7] validation. PCR[7] contains UEFI Secure Boot variables
797 * measurement. These variables can not be updated through efi_selftest and
798 * vary depending on the platform.
799 * - Skip PCR[17..22] validation, they are not used in TCG PC Client
800 * Platform Firmware Profile Specification
801 */
802 for (i = 1; i < (EFI_TCG2_MAX_PCR_INDEX + 1); i++) {
803 if (i == 7 || (i > 16 && i < 23))
804 continue; /* skip validation */
805
806 if (memcmp(pcrs[i], expected_pcrs[i], TPM2_SHA256_DIGEST_SIZE)) {
807 efi_st_error("PCR[%d] is not the expected value\n", i);
808 return EFI_ST_FAILURE;
809 }
810 }
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100811
812 return EFI_ST_SUCCESS;
813}
814
815/**
816 * efi_st_tcg2_execute() - execute test
817 *
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900818 * Call EFI_TCG2_PROTOCOL services and check the
819 * Measured Boot behavior.
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100820 *
821 * Return: status code
822 */
823static int efi_st_tcg2_execute(void)
824{
825 struct efi_tcg2_protocol *tcg2;
826 struct efi_tcg2_boot_service_capability capability;
827 efi_status_t ret;
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900828 u32 active_pcr_banks;
829 u64 eventlog, eventlog_last_entry;
830 bool eventlog_truncated;
831 efi_handle_t handle;
832 efi_uintn_t exit_data_size = 0;
833 u16 *exit_data = NULL;
834 u32 i;
835 u32 manufacturer_id;
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100836
837 ret = boottime->locate_protocol(&guid_tcg2, NULL, (void **)&tcg2);
838 if (ret != EFI_SUCCESS) {
839 efi_st_error("TCG2 protocol is not available.\n");
840 return EFI_ST_FAILURE;
841 }
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900842
843 /* EFI_TCG2_PROTOCOL.GetCapability test */
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100844 capability.size = sizeof(struct efi_tcg2_boot_service_capability) - 1;
845 ret = tcg2->get_capability(tcg2, &capability);
846 if (ret != EFI_BUFFER_TOO_SMALL) {
847 efi_st_error("tcg2->get_capability on small buffer failed\n");
848 return EFI_ST_FAILURE;
849 }
850 capability.size = sizeof(struct efi_tcg2_boot_service_capability);
851 ret = tcg2->get_capability(tcg2, &capability);
852 if (ret != EFI_SUCCESS) {
853 efi_st_error("tcg2->get_capability failed\n");
854 return EFI_ST_FAILURE;
855 }
856 if (!capability.tpm_present_flag) {
857 efi_st_error("TPM not present\n");
858 return EFI_ST_FAILURE;
859 }
860 efi_st_printf("TPM supports 0x%.8x event logs\n",
861 capability.supported_event_logs);
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900862
863 /* EFI_TCG2_PROTOCOL.GetActivePcrBanks test */
864 ret = tcg2->get_active_pcr_banks(tcg2, &active_pcr_banks);
865 if (ret != EFI_SUCCESS) {
866 efi_st_error("tcg2->get_active_pcr_banks failed\n");
867 return EFI_ST_FAILURE;
868 }
869 if (active_pcr_banks != capability.active_pcr_banks) {
870 efi_st_error("tcg2->get_active_pcr_banks return wrong value\n");
871 return EFI_ST_FAILURE;
872 }
873
874 /* EFI_TCG2_PROTOCOL.HashLogExtendEvent test */
875 ret = tcg2->hash_log_extend_event(tcg2, EFI_TCG2_EXTEND_ONLY,
876 (uintptr_t)image,
877 img.length, efi_tcg2_event);
878 if (ret != EFI_SUCCESS) {
879 efi_st_error("tcg2->hash_log_extend_event(EXTEND_ONLY) failed\n");
880 return EFI_ST_FAILURE;
881 }
882
883 ret = tcg2->hash_log_extend_event(tcg2, PE_COFF_IMAGE, (uintptr_t)image,
884 img.length, efi_tcg2_event);
885 if (ret != EFI_SUCCESS) {
886 efi_st_error("tcg2->hash_log_extend_event(PE_COFF_IMAGE) failed\n");
887 return EFI_ST_FAILURE;
888 }
889
890 /* EFI_TCG2_PROTOCOL.SubmitCommand test */
891 ret = get_manufacturer_id_buffer_small(tcg2);
892 if (ret != EFI_OUT_OF_RESOURCES) {
893 efi_st_error("get_manufacturer_id buffer too small failed\n");
894 return EFI_ST_FAILURE;
895 }
896
897 ret = get_manufacturer_id(tcg2, &manufacturer_id);
898 if (ret != EFI_SUCCESS) {
899 efi_st_error("get_manufacturer_id failed\n");
900 return EFI_ST_FAILURE;
901 }
902 if (capability.manufacturer_id != manufacturer_id) {
903 efi_st_error("tcg2->submit_command test failed\n");
904 return EFI_ST_FAILURE;
905 }
906
907 /* tcg2_measure_pe_image test */
908 ret = boottime->load_image(false, image_handle, NULL, image,
909 img.length, &handle);
910 if (ret != EFI_SUCCESS) {
911 efi_st_error("Failed to load image\n");
912 return EFI_ST_FAILURE;
913 }
914
915 /* measure ready_to_boot event(boot variables, smbios table, etc.) */
916 /* TODO: add GPT measurement test */
917 ret = boottime->start_image(handle, &exit_data_size, &exit_data);
918 if (ret != EFI_UNSUPPORTED) {
919 efi_st_error("Wrong return value from application\n");
920 return EFI_ST_FAILURE;
921 }
922 ret = boottime->free_pool(exit_data);
923 if (ret != EFI_SUCCESS) {
924 efi_st_error("Failed to free exit data\n");
925 return EFI_ST_FAILURE;
926 }
927
928 /* validate PCR read from the TPM device */
929 for (i = 0; i < (EFI_TCG2_MAX_PCR_INDEX + 1); i++) {
930 ret = read_pcr(tcg2, i);
931 if (ret != EFI_SUCCESS) {
932 efi_st_error("read pcr error\n");
933 return EFI_ST_FAILURE;
934 }
935 }
936 if (validate_pcrs()) {
937 efi_st_error("PCR validation failed\n");
938 return EFI_ST_FAILURE;
939 }
940
941 /* EFI_TCG2_PROTOCOL.GetEventLog test */
942 ret = tcg2->get_eventlog(tcg2, TCG2_EVENT_LOG_FORMAT_TCG_2, &eventlog,
943 &eventlog_last_entry, &eventlog_truncated);
944 if (ret != EFI_SUCCESS) {
945 efi_st_error("tcg2->get_eventlog failed\n");
946 return EFI_ST_FAILURE;
947 }
948 /* TODO: eventlog format check */
949
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100950 return EFI_ST_SUCCESS;
951}
952
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900953/*
954 * efi_st_tcg2_teardown() - Tear down unit test
955 *
Heinrich Schuchardtfbe90212022-01-20 19:48:20 +0100956 * Return: EFI_ST_SUCCESS for success
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900957 */
958static int efi_st_tcg2_teardown(void)
959{
960 efi_status_t r = EFI_ST_SUCCESS;
961
962 if (image) {
963 r = boottime->free_pool(image);
964 if (r != EFI_SUCCESS) {
965 efi_st_error("Failed to free image\n");
966 return EFI_ST_FAILURE;
967 }
968 }
969 if (efi_tcg2_event) {
970 r = boottime->free_pool(efi_tcg2_event);
971 if (r != EFI_SUCCESS) {
972 efi_st_error("Failed to free efi_tcg2_event\n");
973 return EFI_ST_FAILURE;
974 }
975 }
976 if (pcrs) {
977 r = boottime->free_pool(pcrs);
978 if (r != EFI_SUCCESS) {
979 efi_st_error("Failed to free pcr\n");
980 return EFI_ST_FAILURE;
981 }
982 }
983
984 r = restore_boot_variable();
985 if (r != EFI_SUCCESS) {
986 efi_st_error("Failed to restore boot variables\n");
987 return EFI_ST_FAILURE;
988 }
989
990 /*
991 * Restore SMBIOS table
992 * If orig_smbios_table is NULL, calling install_configuration_table()
993 * removes dummy SMBIOS table form systab.
994 */
995 r = boottime->install_configuration_table(&smbios_guid, orig_smbios_table);
996 if (r != EFI_SUCCESS) {
997 efi_st_error("Failed to restore SMBOIS table\n");
998 return EFI_ST_FAILURE;
999 }
1000
1001 if (dmi_addr) {
1002 r = boottime->free_pages(dmi_addr, 1);
1003 if (r != EFI_SUCCESS) {
1004 efi_st_error("Failed to free dummy smbios table\n");
1005 return EFI_ST_FAILURE;
1006 }
1007 }
1008
1009 return r;
1010}
1011
Heinrich Schuchardt7754a182020-11-12 19:53:10 +01001012EFI_UNIT_TEST(tcg2) = {
1013 .name = "tcg2",
1014 .phase = EFI_EXECUTE_BEFORE_BOOTTIME_EXIT,
1015 .execute = efi_st_tcg2_execute,
1016 .setup = efi_st_tcg2_setup,
Masahisa Kojima4d1fee22021-11-04 19:45:46 +09001017 .teardown = efi_st_tcg2_teardown,
1018 .on_request = true,
Heinrich Schuchardt7754a182020-11-12 19:53:10 +01001019};