blob: a2b4a79e9b24e3322a471c61738cbb47a9b14c5e [file] [log] [blame]
Heinrich Schuchardt7754a182020-11-12 19:53:10 +01001// SPDX-License-Identifier: GPL-2.0+
2/*
3 * efi_selftest_devicepath
4 *
5 * Copyright (c) 2020 Heinrich Schuchardt <xypron.glpk@gmx.de>
6 *
7 * Test the EFI_TCG2_PROTOCOL
8 */
9
10#include <efi_selftest.h>
11#include <efi_tcg2.h>
Masahisa Kojima4d1fee22021-11-04 19:45:46 +090012/*
13 * Include containing the miniapp.efi application.
14 * Note that tcg2 selftest measures the PE/COFF image,
15 * so we must have the pre-build efi application for
16 * each architecture.
17 */
18#if defined(__arm__)
19#include "efi_miniapp_tcg2_arm.h"
20#elif defined(__aarch64__)
21#include "efi_miniapp_tcg2_arm64.h"
22#elif defined(__i386__)
23#include "efi_miniapp_tcg2_ia32.h"
24#elif defined(__x86_64__)
25#include "efi_miniapp_tcg2_x86_64.h"
26#elif defined(__riscv) && (__riscv_xlen == 32)
27#include "efi_miniapp_tcg2_riscv32.h"
28#elif defined(__riscv) && (__riscv_xlen == 64)
29#include "efi_miniapp_tcg2_riscv64.h"
30#endif
31
32#include <linux/unaligned/be_byteshift.h>
33#include <linux/unaligned/le_byteshift.h>
34#include <mapmem.h>
35#include <smbios.h>
36#include <tables_csum.h>
Heinrich Schuchardt7754a182020-11-12 19:53:10 +010037
38static struct efi_boot_services *boottime;
39static const efi_guid_t guid_tcg2 = EFI_TCG2_PROTOCOL_GUID;
40
Masahisa Kojima4d1fee22021-11-04 19:45:46 +090041/* Block size of compressed disk image */
42#define COMPRESSED_DISK_IMAGE_BLOCK_SIZE 8
43
44static efi_handle_t image_handle;
45/* Decompressed file image */
46static u8 *image;
47
48/* One 8 byte block of the compressed disk image */
49struct line {
50 size_t addr;
51 char *line;
52};
53
54/* Compressed file image */
55struct compressed_file_image {
56 size_t length;
57 struct line lines[];
58};
59
60static struct compressed_file_image img = EFI_ST_DISK_IMG;
61
62static struct efi_tcg2_event *efi_tcg2_event;
63
64static struct efi_runtime_services *runtime;
65#define BOOT_NAME_1000 u"Boot1000"
66#define BOOT_NAME_1001 u"Boot1001"
67#define BOOT_NAME_1002 u"Boot1002"
68
69#define DEFAULT_ATTR (EFI_VARIABLE_NON_VOLATILE | \
70 EFI_VARIABLE_BOOTSERVICE_ACCESS | \
71 EFI_VARIABLE_RUNTIME_ACCESS)
72
73/* "efidebug boot add -b 1000 test1000 virtio 0:1 /EFI/debian/grubaa64.efi" */
74static const u8 boot_1000[] = {
750x01, 0x00, 0x00, 0x00, 0x8d, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
760x74, 0x00, 0x30, 0x00, 0x00, 0x00, 0x01, 0x04, 0x14, 0x00, 0xb9, 0x73,
770x1d, 0xe6, 0x84, 0xa3, 0xcc, 0x4a, 0xae, 0xab, 0x82, 0xe8, 0x28, 0xf3,
780x62, 0x8b, 0x01, 0x04, 0x15, 0x00, 0x92, 0x37, 0x29, 0x63, 0xf5, 0xad,
790x25, 0x93, 0xb9, 0x9f, 0x4e, 0x0e, 0x45, 0x5c, 0x1b, 0x1e, 0x00, 0x04,
800x01, 0x2a, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
810x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x57,
820x5a, 0x47, 0xc2, 0x35, 0x27, 0x44, 0x47, 0x9f, 0x01, 0x67, 0xfe, 0xfa,
830x1d, 0x06, 0xae, 0x02, 0x02, 0x04, 0x04, 0x36, 0x00, 0x5c, 0x00, 0x45,
840x00, 0x46, 0x00, 0x49, 0x00, 0x5c, 0x00, 0x64, 0x00, 0x65, 0x00, 0x62,
850x00, 0x69, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x5c, 0x00, 0x67, 0x00, 0x72,
860x00, 0x75, 0x00, 0x62, 0x00, 0x61, 0x00, 0x61, 0x00, 0x36, 0x00, 0x34,
870x00, 0x2e, 0x00, 0x65, 0x00, 0x66, 0x00, 0x69, 0x00, 0x00, 0x00, 0x7f,
880xff, 0x04, 0x00 };
89
90/* "efidebug boot add -b 1001 test1001 virtio 0:1 /EFI/debian/grubaa64.efi" */
91static const u8 boot_1001[] = {
920x01, 0x00, 0x00, 0x00, 0x8d, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
930x74, 0x00, 0x31, 0x00, 0x00, 0x00, 0x01, 0x04, 0x14, 0x00, 0xb9, 0x73,
940x1d, 0xe6, 0x84, 0xa3, 0xcc, 0x4a, 0xae, 0xab, 0x82, 0xe8, 0x28, 0xf3,
950x62, 0x8b, 0x01, 0x04, 0x15, 0x00, 0x92, 0x37, 0x29, 0x63, 0xf5, 0xad,
960x25, 0x93, 0xb9, 0x9f, 0x4e, 0x0e, 0x45, 0x5c, 0x1b, 0x1e, 0x00, 0x04,
970x01, 0x2a, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
980x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x57,
990x5a, 0x47, 0xc2, 0x35, 0x27, 0x44, 0x47, 0x9f, 0x01, 0x67, 0xfe, 0xfa,
1000x1d, 0x06, 0xae, 0x02, 0x02, 0x04, 0x04, 0x36, 0x00, 0x5c, 0x00, 0x45,
1010x00, 0x46, 0x00, 0x49, 0x00, 0x5c, 0x00, 0x64, 0x00, 0x65, 0x00, 0x62,
1020x00, 0x69, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x5c, 0x00, 0x67, 0x00, 0x72,
1030x00, 0x75, 0x00, 0x62, 0x00, 0x61, 0x00, 0x61, 0x00, 0x36, 0x00, 0x34,
1040x00, 0x2e, 0x00, 0x65, 0x00, 0x66, 0x00, 0x69, 0x00, 0x00, 0x00, 0x7f,
1050xff, 0x04, 0x00 };
106
107/* "efidebug boot add -b 1002 test1002 virtio 0:1 /EFI/debian/grubaa64.efi" */
108static const u8 boot_1002[] = {
1090x01, 0x00, 0x00, 0x00, 0x8d, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00,
1100x74, 0x00, 0x32, 0x00, 0x00, 0x00, 0x01, 0x04, 0x14, 0x00, 0xb9, 0x73,
1110x1d, 0xe6, 0x84, 0xa3, 0xcc, 0x4a, 0xae, 0xab, 0x82, 0xe8, 0x28, 0xf3,
1120x62, 0x8b, 0x01, 0x04, 0x15, 0x00, 0x92, 0x37, 0x29, 0x63, 0xf5, 0xad,
1130x25, 0x93, 0xb9, 0x9f, 0x4e, 0x0e, 0x45, 0x5c, 0x1b, 0x1e, 0x00, 0x04,
1140x01, 0x2a, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00,
1150x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x57,
1160x5a, 0x47, 0xc2, 0x35, 0x27, 0x44, 0x47, 0x9f, 0x01, 0x67, 0xfe, 0xfa,
1170x1d, 0x06, 0xae, 0x02, 0x02, 0x04, 0x04, 0x36, 0x00, 0x5c, 0x00, 0x45,
1180x00, 0x46, 0x00, 0x49, 0x00, 0x5c, 0x00, 0x64, 0x00, 0x65, 0x00, 0x62,
1190x00, 0x69, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x5c, 0x00, 0x67, 0x00, 0x72,
1200x00, 0x75, 0x00, 0x62, 0x00, 0x61, 0x00, 0x61, 0x00, 0x36, 0x00, 0x34,
1210x00, 0x2e, 0x00, 0x65, 0x00, 0x66, 0x00, 0x69, 0x00, 0x00, 0x00, 0x7f,
1220xff, 0x04, 0x00};
123
124/* "efidebug boot order 1002 1000 1001" */
125static u8 boot_order[] = {0x02, 0x10, 0x00, 0x10, 0x01, 0x10};
126
127static void *orig_smbios_table;
128static u64 dmi_addr = U32_MAX;
129#define SMBIOS_ENTRY_HEADER_SIZE 0x20
130/* smbios table for the measurement test */
131static u8 smbios_table_test[] = {
1320x5f, 0x53, 0x4d, 0x5f, 0x2c, 0x1f, 0x03, 0x00, 0x54, 0x00, 0x00, 0x00,
1330x00, 0x00, 0x00, 0x00, 0x5f, 0x44, 0x4d, 0x49, 0x5f, 0xe4, 0x5c, 0x01,
1340x20, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00,
1350x01, 0x02, 0x00, 0x00, 0x03, 0x00, 0x80, 0x08, 0x01, 0x00, 0x00, 0x00,
1360x00, 0x00, 0x00, 0x0c, 0x15, 0x0a, 0xff, 0xff, 0x55, 0x2d, 0x42, 0x6f,
1370x6f, 0x74, 0x00, 0x32, 0x30, 0x32, 0x31, 0x2e, 0x31, 0x30, 0x2d, 0x72,
1380x63, 0x34, 0x2d, 0x30, 0x30, 0x30, 0x30, 0x35, 0x2d, 0x67, 0x37, 0x32,
1390x37, 0x63, 0x33, 0x66, 0x33, 0x32, 0x35, 0x39, 0x2d, 0x64, 0x69, 0x72,
1400x74, 0x79, 0x00, 0x31, 0x30, 0x2f, 0x30, 0x31, 0x2f, 0x32, 0x30, 0x32,
1410x31, 0x00, 0x00, 0x01, 0x1b, 0x01, 0x00, 0x01, 0x02, 0x00, 0x03, 0x31,
1420x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00,
1430x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77,
1440x6e, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x50, 0x72,
1450x6f, 0x64, 0x75, 0x63, 0x74, 0x00, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
1460x37, 0x38, 0x00, 0x00, 0x02, 0x0e, 0x02, 0x00, 0x01, 0x02, 0x00, 0x04,
1470x03, 0x01, 0x01, 0x01, 0x00, 0x0a, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77,
1480x6e, 0x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x50, 0x72,
1490x6f, 0x64, 0x75, 0x63, 0x74, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
1500x33, 0x33, 0x00, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x00,
1510x00, 0x03, 0x15, 0x03, 0x00, 0x01, 0x03, 0x00, 0x02, 0x03, 0x03, 0x03,
1520x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0x6e,
1530x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x00, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
1540x37, 0x38, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x00,
1550x00, 0x04, 0x30, 0x04, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0x00, 0x00,
1560x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00,
1570x00, 0x01, 0x06, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x02, 0x03, 0x04,
1580x04, 0x04, 0x08, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00, 0x08, 0x00, 0x01,
1590x00, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x00, 0x31, 0x32, 0x33,
1600x34, 0x35, 0x36, 0x37, 0x38, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
1610x33, 0x33, 0x00, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x35, 0x00,
1620x00, 0x20, 0x0b, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1630x00, 0x00, 0x7f, 0x04, 0x06, 0x00, 0x00, 0x00
164};
165
166#define IDX_ARRAY_SZ 3 /* support 24 PCRs */
167#define TPM2_CMD_BUF_SIZE 64
168/* TPM command is big endian */
169#define __MSB(x) ((x) >> 8)
170#define __LSB(x) ((x) & 0xFF)
171#define tpm_u16(x) __MSB(x), __LSB(x)
172#define tpm_u32(x) tpm_u16((x) >> 16), tpm_u16((x) & 0xFFFF)
173#define TPM2_PCR_READ_HEADER_SIZE 30
174
175static u8 (*pcrs)[TPM2_SHA256_DIGEST_SIZE];
176static u8 expected_pcrs[EFI_TCG2_MAX_PCR_INDEX + 1][TPM2_SHA256_DIGEST_SIZE] = {
177 {0x91, 0x21, 0x37, 0xc7, 0x1a, 0x49, 0x19, 0xc8,
178 0xf1, 0xfb, 0xa9, 0x84, 0x5c, 0x65, 0xa9, 0xdd,
179 0x7b, 0xb9, 0xfe, 0xa1, 0xcd, 0x64, 0x49, 0xdd,
180 0xed, 0xe2, 0x65, 0x82, 0xc5, 0x3e, 0xf4, 0xc4},
181
182 {0xf5, 0x79, 0xf3, 0x20, 0x62, 0x6e, 0x8b, 0x58,
183 0x62, 0xa3, 0x4e, 0x2f, 0xb7, 0x10, 0xac, 0x34,
184 0x4e, 0x68, 0x94, 0x37, 0x87, 0x29, 0xc4, 0xbe,
185 0xa3, 0xc4, 0xd9, 0x14, 0x2b, 0x66, 0x79, 0x9b},
186
187 {0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea,
188 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d,
189 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a,
190 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69},
191
192 {0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea,
193 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d,
194 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a,
195 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69},
196
197 /* PCR[4] is different per architecture */
198 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
199 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
200 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
201 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
202
203 {0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea,
204 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d,
205 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a,
206 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69},
207
208 /* PCR[6] is different per architecture */
209 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
210 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
211 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
212 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
213
214 {0x96, 0x74, 0xae, 0xcd, 0x3f, 0x40, 0xb4, 0xa9,
215 0x36, 0xae, 0x19, 0xc8, 0x84, 0x8a, 0xb9, 0x5a,
216 0x87, 0x99, 0xd8, 0x89, 0x7f, 0xfc, 0x40, 0x48,
217 0x05, 0x99, 0x65, 0x2e, 0x55, 0xd4, 0x93, 0x32},
218
219 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
220 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
221 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
222 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
223
224 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
225 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
226 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
227 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
228
229 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
230 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
231 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
232 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
233
234 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
235 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
236 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
237 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
238
239 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
240 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
241 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
242 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
243
244 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
245 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
246 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
247 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
248
249 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
251 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
252 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
253
254 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
255 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
256 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
257 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
258
259 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
260 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
261 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
262 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
263
264 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
265 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
266 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
267 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
268
269 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
270 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
271 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
272 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
273
274 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
275 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
276 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
277 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
278
279 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
280 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
281 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
282 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
283
284 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
285 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
286 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
287 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
288
289 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
290 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
291 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
292 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
293
294 {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
295 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
296 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
297 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
298};
299
300/*
301 * PCR[4] and PCR[6] have the PE/COFF image measurement,
302 * this PCRs have different value in each architecture.
303 */
304#if defined(__arm__)
305static u8 expected_pcrs_per_arch[][TPM2_SHA256_DIGEST_SIZE] = {
306 /* PCR[4] */
307 {0xcd, 0xa2, 0x06, 0xad, 0x83, 0x9b, 0x8f, 0x92,
308 0x01, 0xf9, 0xc8, 0x3d, 0xc9, 0x54, 0x66, 0xb3,
309 0x97, 0x35, 0x88, 0xe1, 0xea, 0xd3, 0x1a, 0xd6,
310 0x56, 0xee, 0x43, 0x1c, 0xdb, 0x4b, 0xf9, 0x1f},
311 /* PCR[6] */
312 {0x9c, 0xb8, 0x9d, 0x4a, 0xf6, 0x63, 0x95, 0xb0,
313 0x95, 0xfe, 0x44, 0x30, 0x0f, 0x3a, 0x0b, 0x7c,
314 0xef, 0xc7, 0xb6, 0x6a, 0x59, 0xae, 0xcb, 0xf6,
315 0xbd, 0x2d, 0xb5, 0xb9, 0xb4, 0x95, 0x7d, 0xaf}
316};
317#elif defined(__aarch64__)
318static u8 expected_pcrs_per_arch[][TPM2_SHA256_DIGEST_SIZE] = {
319 /* PCR[4] */
320 {0x69, 0xdb, 0x01, 0x5e, 0x07, 0xed, 0x9c, 0xbb,
321 0x27, 0x65, 0xb1, 0xf0, 0x7b, 0x04, 0xbc, 0x31,
322 0xd1, 0xec, 0x00, 0xe4, 0xe1, 0x49, 0xdb, 0x1e,
323 0x8b, 0x2d, 0xa2, 0x26, 0xb5, 0x8d, 0x07, 0xe2},
324 /* PCR[6] */
325 {0x53, 0x1b, 0x27, 0xb2, 0x6f, 0x2d, 0xab, 0x9b,
326 0x6f, 0xbc, 0xd1, 0x8f, 0xc9, 0x14, 0x48, 0xe7,
327 0x6d, 0x1b, 0xfb, 0x1b, 0x53, 0xc5, 0x8e, 0xf4,
328 0x41, 0x50, 0x79, 0x24, 0x66, 0x57, 0x7b, 0xf8}
329};
330#elif defined(__i386__)
331static u8 expected_pcrs_per_arch[][TPM2_SHA256_DIGEST_SIZE] = {
332 /* PCR[4] */
333 {0xec, 0x5e, 0xdb, 0x68, 0x13, 0x48, 0x36, 0x0a,
334 0x3a, 0xbc, 0x7b, 0x7b, 0xbc, 0x74, 0x7a, 0xa5,
335 0x55, 0xea, 0xb9, 0x09, 0x6a, 0x6e, 0xc3, 0x21,
336 0x51, 0x46, 0x22, 0xd2, 0x9d, 0xc9, 0xd5, 0x6a},
337 /* PCR[6] */
338 {0x26, 0x14, 0xe7, 0xde, 0x91, 0xd1, 0xf3, 0xde,
339 0x7a, 0xc2, 0x78, 0xaf, 0x4b, 0x2e, 0x05, 0x9d,
340 0x35, 0x17, 0xee, 0xcc, 0x0e, 0x77, 0x8d, 0x3f,
341 0x7e, 0x20, 0x75, 0xfa, 0xbc, 0xbc, 0x24, 0x3e}
342};
343#elif defined(__x86_64__)
344static u8 expected_pcrs_per_arch[][TPM2_SHA256_DIGEST_SIZE] = {
345 /* PCR[4] */
346 {0x9a, 0x75, 0x99, 0x8b, 0x74, 0x45, 0xb6, 0x26,
347 0x50, 0xe0, 0xbb, 0xfa, 0x2a, 0xa6, 0x19, 0xec,
348 0x97, 0x12, 0x0c, 0xb5, 0xc8, 0x2a, 0xfe, 0xe5,
349 0x29, 0xc8, 0xd3, 0x98, 0xe9, 0xd1, 0x9d, 0xd5},
350 /* PCR[6] */
351 {0xa2, 0xa2, 0xd3, 0xa7, 0x84, 0xc2, 0x95, 0x2a,
352 0xab, 0x6f, 0xe7, 0xe8, 0x86, 0x9f, 0x99, 0xc6,
353 0x6a, 0x8c, 0xcc, 0x5c, 0xb8, 0x83, 0xfa, 0x86,
354 0x56, 0x5e, 0x91, 0x17, 0x0b, 0x5f, 0x54, 0xa8}
355};
356#elif defined(__riscv) && (__riscv_xlen == 32)
357static u8 expected_pcrs_per_arch[][TPM2_SHA256_DIGEST_SIZE] = {
358 /* PCR[4] */
359 {0x64, 0xe9, 0x25, 0xb3, 0xd8, 0x33, 0xb3, 0x1b,
360 0x74, 0x0c, 0x81, 0x45, 0xef, 0x61, 0xf1, 0x87,
361 0xef, 0x65, 0x67, 0x28, 0x1a, 0x54, 0x97, 0xb2,
362 0xd3, 0x62, 0x00, 0xe7, 0xb6, 0x7a, 0xd5, 0x8e},
363 /* PCR[6] */
364 {0x82, 0xab, 0xc5, 0x6a, 0xbf, 0x08, 0x43, 0x3f,
365 0x85, 0xbd, 0x8f, 0x8e, 0x23, 0x62, 0x48, 0x4a,
366 0x44, 0x53, 0xf0, 0xae, 0x8d, 0x4c, 0xda, 0x04,
367 0x89, 0x9c, 0x0b, 0x81, 0x3a, 0x53, 0xf3, 0xac}
368};
369#elif defined(__riscv) && (__riscv_xlen == 64)
370static u8 expected_pcrs_per_arch[][TPM2_SHA256_DIGEST_SIZE] = {
371 /* PCR[4] */
372 {0x9b, 0x5f, 0x10, 0x24, 0x28, 0x5d, 0x7d, 0x1f,
373 0x9f, 0xee, 0xe9, 0x90, 0xf1, 0x7a, 0x03, 0xb1,
374 0x68, 0x7b, 0x28, 0x45, 0x98, 0x5e, 0xf5, 0x5e,
375 0xc1, 0x22, 0x61, 0x8c, 0x2f, 0xb5, 0xbf, 0x80},
376 /* PCR[6] */
377 {0x6d, 0x16, 0x17, 0xf4, 0x9a, 0xa8, 0x49, 0xc2,
378 0xf4, 0x9c, 0x35, 0x30, 0x0c, 0xde, 0x65, 0xdb,
379 0xd3, 0x37, 0x9c, 0xe2, 0x9f, 0x14, 0x81, 0x74,
380 0xc3, 0x94, 0x8a, 0x9e, 0x26, 0xbf, 0xfb, 0xb2}
381};
382#endif
383
384struct boot_variable {
385 u16 name[16];
386 u8 *buf;
387 efi_uintn_t size;
388 u32 attr;
389 const u8 *test_data;
390 efi_uintn_t test_data_size;
391};
392
393static struct boot_variable boot_variable_test[] = {
394 {u"BootOrder", NULL, 0, DEFAULT_ATTR, boot_order, sizeof(boot_order)},
395 {BOOT_NAME_1000, NULL, 0, DEFAULT_ATTR, boot_1000, sizeof(boot_1000)},
396 {BOOT_NAME_1001, NULL, 0, DEFAULT_ATTR, boot_1001, sizeof(boot_1001)},
397 {BOOT_NAME_1002, NULL, 0, DEFAULT_ATTR, boot_1002, sizeof(boot_1002)},
398};
399
400/*
401 * efi_status_t decompress() - Decompress the disk image.
402 *
403 * @image decompressed disk image
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100404 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900405 */
406static efi_status_t decompress(u8 **image)
407{
408 u8 *buf;
409 size_t i;
410 size_t addr;
411 size_t len;
412 efi_status_t ret;
413
414 ret = boottime->allocate_pool(EFI_LOADER_DATA, img.length,
415 (void **)&buf);
416 if (ret != EFI_SUCCESS) {
417 efi_st_error("Out of memory\n");
418 return ret;
419 }
420 boottime->set_mem(buf, img.length, 0);
421
422 for (i = 0; ; ++i) {
423 if (!img.lines[i].line)
424 break;
425 addr = img.lines[i].addr;
426 len = COMPRESSED_DISK_IMAGE_BLOCK_SIZE;
427 if (addr + len > img.length)
428 len = img.length - addr;
429 boottime->copy_mem(buf + addr, img.lines[i].line, len);
430 }
431 *image = buf;
432 return ret;
433}
434
435/*
436 * efi_status_t setup_boot_variable() - configure dummy boot variables
437 *
438 * Preexisting variable values are saved and will be restored by
439 * calling restore_boot_variable().
440 *
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100441 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900442 */
443static efi_status_t setup_boot_variable(void)
444{
445 efi_status_t ret;
446 u32 i;
447 efi_uintn_t size;
448
449 for (i = 0; i < ARRAY_SIZE(boot_variable_test); i++) {
450 size = 0;
451 ret = runtime->get_variable(boot_variable_test[i].name,
452 &efi_global_variable_guid,
453 &boot_variable_test[i].attr,
454 &size,
455 NULL);
456 if (ret == EFI_BUFFER_TOO_SMALL) {
457 /* Variable exists, save the current value */
458 boot_variable_test[i].size = size;
459 ret = boottime->allocate_pool(EFI_LOADER_DATA,
460 boot_variable_test[i].size,
461 (void **)&boot_variable_test[i].buf);
462 if (ret != EFI_SUCCESS) {
463 efi_st_error("Failed to allocate buffer for boot variable\n");
464 return ret;
465 }
466 ret = runtime->get_variable(boot_variable_test[i].name,
467 &efi_global_variable_guid,
468 &boot_variable_test[i].attr,
469 &boot_variable_test[i].size,
470 boot_variable_test[i].buf);
471 if (ret != EFI_SUCCESS) {
472 efi_st_error("Failed to get current boot variable\n");
473 return ret;
474 }
475 }
476
477 /* set boot variable for the measurement test */
478 ret = runtime->set_variable(boot_variable_test[i].name,
479 &efi_global_variable_guid,
480 boot_variable_test[i].attr,
481 boot_variable_test[i].test_data_size,
482 boot_variable_test[i].test_data);
483 if (ret != EFI_SUCCESS) {
484 efi_st_error("Failed to set test boot variable(%d)n", i);
485 return ret;
486 }
487 }
488
489 return 0;
490}
491
492/*
493 * efi_status_t restore_boot_variable() - restore original values
494 *
495 * Restore the variable values saved in setup_boot_variable().
496 *
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100497 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900498 */
499static efi_status_t restore_boot_variable(void)
500{
501 int i;
502 efi_status_t ret;
503
504 for (i = 0; i < ARRAY_SIZE(boot_variable_test); i++) {
505 if (boot_variable_test[i].buf) {
506 ret = runtime->set_variable(boot_variable_test[i].name,
507 &efi_global_variable_guid,
508 boot_variable_test[i].attr,
509 boot_variable_test[i].size,
510 boot_variable_test[i].buf);
511 if (ret != EFI_SUCCESS) {
512 efi_st_error("Failed to restore boot variable\n");
513 return ret;
514 }
515 ret = boottime->free_pool(boot_variable_test[i].buf);
516 if (ret != EFI_SUCCESS) {
517 efi_st_error("Failed to free boot variable\n");
518 return ret;
519 }
520 } else {
521 /* delete the variable used only for testing */
522 ret = runtime->set_variable(boot_variable_test[i].name,
523 &efi_global_variable_guid,
524 0, 0, NULL);
525 if (ret != EFI_SUCCESS) {
526 efi_st_error("Failed to delete boot variable\n");
527 return ret;
528 }
529 }
530 }
531
532 return EFI_SUCCESS;
533}
534
535/**
536 * void *find_smbios_table() - Find smbios table
537 *
538 * @systable system table
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100539 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900540 */
541static void *find_smbios_table(const struct efi_system_table *systable)
542{
543 u32 i;
544
545 for (i = 0; i < systable->nr_tables; i++) {
546 if (!guidcmp(&smbios_guid, &systable->tables[i].guid))
547 return systable->tables[i].table;
548 }
549
550 return NULL;
551}
552
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100553/**
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900554 * efi_status_t setup_smbios_table() - Prepare the dummy SMBIOS table
555 *
556 * @systable system table
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100557 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900558 */
559static efi_status_t setup_smbios_table(const struct efi_system_table *systable)
560{
561 struct smbios_entry *se;
562 efi_status_t ret;
563 /* Map within the low 32 bits, to allow for 32bit SMBIOS tables */
564 void *dmi;
565 char *istart;
566 int isize;
567
568 if (sizeof(smbios_table_test) > EFI_PAGE_SIZE)
569 return EFI_OUT_OF_RESOURCES;
570
571 orig_smbios_table = find_smbios_table(systable);
572
573 /* Reserve 4kiB page for SMBIOS */
574 ret = boottime->allocate_pages(EFI_ALLOCATE_MAX_ADDRESS,
575 EFI_RUNTIME_SERVICES_DATA, 1, &dmi_addr);
576
577 if (ret != EFI_SUCCESS) {
578 /* Could not find space in lowmem, use highmem instead */
579 ret = boottime->allocate_pages(EFI_ALLOCATE_ANY_PAGES,
580 EFI_RUNTIME_SERVICES_DATA, 1,
581 &dmi_addr);
582
583 if (ret != EFI_SUCCESS)
584 return ret;
585 }
586
587 dmi = (void *)(uintptr_t)dmi_addr;
588 se = dmi;
589 boottime->copy_mem(se, smbios_table_test, sizeof(smbios_table_test));
590
591 /* update smbios table start address */
592 se->struct_table_address = (uintptr_t)((u8 *)dmi + SMBIOS_ENTRY_HEADER_SIZE);
593
594 /* calculate checksums */
595 istart = (char *)se + SMBIOS_INTERMEDIATE_OFFSET;
596 isize = sizeof(struct smbios_entry) - SMBIOS_INTERMEDIATE_OFFSET;
597 se->intermediate_checksum = table_compute_checksum(istart, isize);
598 se->checksum = table_compute_checksum(se, sizeof(struct smbios_entry));
599
600 /* Install SMBIOS information as configuration table */
601 ret = boottime->install_configuration_table(&smbios_guid, dmi);
602 if (ret != EFI_SUCCESS) {
603 efi_st_error("Cannot install SMBIOS table\n");
604 boottime->free_pages(dmi_addr, 1);
605 }
606
607 return ret;
608}
609
610/**
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100611 * efi_st_tcg2_setup() - setup test
612 *
613 * @handle: handle of the loaded image
614 * @systable: system table
Heinrich Schuchardtfbe90212022-01-20 19:48:20 +0100615 * Return: status code
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100616 */
617static int efi_st_tcg2_setup(const efi_handle_t img_handle,
618 const struct efi_system_table *systable)
619{
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900620 efi_status_t ret;
621 struct uefi_image_load_event image_load_event;
622
623 image_handle = img_handle;
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100624 boottime = systable->boottime;
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900625 runtime = systable->runtime;
626
627 /* Load the application image into memory */
628 decompress(&image);
629
630 ret = boottime->allocate_pool(EFI_LOADER_DATA,
631 sizeof(struct efi_tcg2_event) +
632 sizeof(struct uefi_image_load_event),
633 (void **)&efi_tcg2_event);
634 if (!efi_tcg2_event)
635 return EFI_ST_FAILURE;
636
637 efi_tcg2_event->size = sizeof(struct efi_tcg2_event) +
638 sizeof(struct uefi_image_load_event);
639 efi_tcg2_event->header.header_size = sizeof(struct efi_tcg2_event_header);
640 efi_tcg2_event->header.header_version = 1;
641 efi_tcg2_event->header.pcr_index = 6;
642 efi_tcg2_event->header.event_type = EV_EFI_RUNTIME_SERVICES_DRIVER;
643 image_load_event.image_location_in_memory = 0x12345678;
644 image_load_event.image_length_in_memory = 0x300000;
645 image_load_event.image_link_time_address = 0x87654321;
646 image_load_event.length_of_device_path = 0;
647 boottime->copy_mem(efi_tcg2_event->event, &image_load_event,
648 sizeof(struct uefi_image_load_event));
649
650 ret = setup_boot_variable();
651 if (ret != EFI_SUCCESS)
652 return EFI_ST_FAILURE;
653
654 ret = setup_smbios_table(systable);
655 if (ret != EFI_SUCCESS)
656 return EFI_ST_FAILURE;
657
658 ret = boottime->allocate_pool(EFI_LOADER_DATA,
659 (EFI_TCG2_MAX_PCR_INDEX + 1) *
660 TPM2_SHA256_DIGEST_SIZE,
661 (void **)&pcrs);
662 if (!pcrs)
663 return EFI_ST_FAILURE;
664
665 boottime->set_mem(pcrs, (EFI_TCG2_MAX_PCR_INDEX + 1) * TPM2_SHA256_DIGEST_SIZE, 0);
666
667 /* setup expected PCRs per architecture */
668 boottime->copy_mem(&expected_pcrs[4], &expected_pcrs_per_arch[0], TPM2_SHA256_DIGEST_SIZE);
669 boottime->copy_mem(&expected_pcrs[6], &expected_pcrs_per_arch[1], TPM2_SHA256_DIGEST_SIZE);
670
671 return EFI_ST_SUCCESS;
672}
673
674/**
675 * efi_status_t get_manufacturer_id() - Get manufacturer_id through submit_command API
676 *
677 * @tcg2 tcg2 protocol
678 * @manufacturer_id pointer to the manufacturer_id
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100679 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900680 */
681static efi_status_t get_manufacturer_id(struct efi_tcg2_protocol *tcg2, u32 *manufacturer_id)
682{
683 efi_status_t ret;
684 u8 cmd[TPM2_CMD_BUF_SIZE] = {
685 tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
686 tpm_u32(22), /* Length */
687 tpm_u32(TPM2_CC_GET_CAPABILITY), /* Command code */
688
689 tpm_u32(TPM2_CAP_TPM_PROPERTIES), /* Capability */
690 tpm_u32(TPM2_PT_MANUFACTURER), /* Property */
691 tpm_u32(1), /* Property count */
692 };
693 u8 resp[TPM2_CMD_BUF_SIZE];
694 unsigned int value_off;
695
696 ret = tcg2->submit_command(tcg2, 22, cmd,
697 TPM2_CMD_BUF_SIZE, resp);
698 if (ret != EFI_SUCCESS)
699 return ret;
700
701 /*
702 * In the response buffer, the properties are located after the:
703 * tag (u16), response size (u32), response code (u32),
704 * YES/NO flag (u8), TPM_CAP (u32).
705 * The value is located after count (u32), property (u32).
706 */
707 value_off = sizeof(u16) + sizeof(u32) + sizeof(u32) +
708 sizeof(u8) + sizeof(u32) + sizeof(u32) + sizeof(u32);
709 *manufacturer_id = get_unaligned_be32(&resp[value_off]);
710
711 return ret;
712}
713
714/**
715 * efi_status_t get_manufacturer_id_buffer_small() - call submit_command with small resp buffer
716 *
717 * @tcg2 tcg2 protocol
718 * @manufacturer_id pointer to the manufacturer_id
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100719 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900720 */
721static efi_status_t get_manufacturer_id_buffer_small(struct efi_tcg2_protocol *tcg2)
722{
723 efi_status_t ret;
724 u8 cmd[TPM2_CMD_BUF_SIZE] = {
725 tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
726 tpm_u32(22), /* Length */
727 tpm_u32(TPM2_CC_GET_CAPABILITY), /* Command code */
728
729 tpm_u32(TPM2_CAP_TPM_PROPERTIES), /* Capability */
730 tpm_u32(TPM2_PT_MANUFACTURER), /* Property */
731 tpm_u32(1), /* Property count */
732 };
733 u8 resp[1]; /* set smaller buffer than expected */
734
735 ret = tcg2->submit_command(tcg2, 22, cmd, 1, resp);
736
737 return ret;
738}
739
740/**
741 * efi_status_t read_pcr() - Read the PCR from the TPM device
742 *
743 * @tcg2 tcg2 protocol
744 * @idx pcr index to read
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100745 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900746 */
747static efi_status_t read_pcr(struct efi_tcg2_protocol *tcg2, u32 idx)
748{
749 efi_status_t ret;
750 u32 cmd_len = 17 + IDX_ARRAY_SZ;
751 u8 cmd[TPM2_CMD_BUF_SIZE] = {
752 tpm_u16(TPM2_ST_NO_SESSIONS), /* TAG */
753 tpm_u32(cmd_len), /* Length */
754 tpm_u32(TPM2_CC_PCR_READ), /* Command code */
755 /* TPML_PCR_SELECTION */
756 tpm_u32(1), /* Number of selections */
757 tpm_u16(TPM2_ALG_SHA256), /* Algorithm of the hash */
758 IDX_ARRAY_SZ, /* Array size for selection */
759 /* bitmap(idx), Selected PCR bitmap */
760 };
761 u8 resp[TPM2_CMD_BUF_SIZE];
762 u32 pcr_sel_idx = idx / 8;
763 u8 pcr_sel_bit = BIT(idx % 8);
764
765 cmd[17 + pcr_sel_idx] = pcr_sel_bit;
766 ret = tcg2->submit_command(tcg2, cmd_len, cmd,
767 TPM2_CMD_BUF_SIZE, resp);
768 if (ret != EFI_SUCCESS) {
769 efi_st_error("tcg2->submit_command fail to read PCR\n");
770 return ret;
771 }
772
773 boottime->copy_mem(pcrs[idx], &resp[TPM2_PCR_READ_HEADER_SIZE],
774 TPM2_SHA256_DIGEST_SIZE);
775
776 return ret;
777}
778
779/**
780 * int validate_pcrs() - Compare the expected and actual pcrs
781 *
Heinrich Schuchardt47b4c022022-01-19 18:05:50 +0100782 * Return: status code
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900783 */
784static int validate_pcrs(void)
785{
786 u32 i;
787
788 /*
789 * - Skip PCR[0] validation. PCR[0] contains U-Boot version measurement
790 * it contains the commit hash, so the measurement varies every build
791 * with different commit hash.
792 * - Skip PCR[7] validation. PCR[7] contains UEFI Secure Boot variables
793 * measurement. These variables can not be updated through efi_selftest and
794 * vary depending on the platform.
795 * - Skip PCR[17..22] validation, they are not used in TCG PC Client
796 * Platform Firmware Profile Specification
797 */
798 for (i = 1; i < (EFI_TCG2_MAX_PCR_INDEX + 1); i++) {
799 if (i == 7 || (i > 16 && i < 23))
800 continue; /* skip validation */
801
802 if (memcmp(pcrs[i], expected_pcrs[i], TPM2_SHA256_DIGEST_SIZE)) {
803 efi_st_error("PCR[%d] is not the expected value\n", i);
804 return EFI_ST_FAILURE;
805 }
806 }
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100807
808 return EFI_ST_SUCCESS;
809}
810
811/**
812 * efi_st_tcg2_execute() - execute test
813 *
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900814 * Call EFI_TCG2_PROTOCOL services and check the
815 * Measured Boot behavior.
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100816 *
817 * Return: status code
818 */
819static int efi_st_tcg2_execute(void)
820{
821 struct efi_tcg2_protocol *tcg2;
822 struct efi_tcg2_boot_service_capability capability;
823 efi_status_t ret;
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900824 u32 active_pcr_banks;
825 u64 eventlog, eventlog_last_entry;
826 bool eventlog_truncated;
827 efi_handle_t handle;
828 efi_uintn_t exit_data_size = 0;
829 u16 *exit_data = NULL;
830 u32 i;
831 u32 manufacturer_id;
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100832
833 ret = boottime->locate_protocol(&guid_tcg2, NULL, (void **)&tcg2);
834 if (ret != EFI_SUCCESS) {
835 efi_st_error("TCG2 protocol is not available.\n");
836 return EFI_ST_FAILURE;
837 }
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900838
839 /* EFI_TCG2_PROTOCOL.GetCapability test */
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100840 capability.size = sizeof(struct efi_tcg2_boot_service_capability) - 1;
841 ret = tcg2->get_capability(tcg2, &capability);
842 if (ret != EFI_BUFFER_TOO_SMALL) {
843 efi_st_error("tcg2->get_capability on small buffer failed\n");
844 return EFI_ST_FAILURE;
845 }
846 capability.size = sizeof(struct efi_tcg2_boot_service_capability);
847 ret = tcg2->get_capability(tcg2, &capability);
848 if (ret != EFI_SUCCESS) {
849 efi_st_error("tcg2->get_capability failed\n");
850 return EFI_ST_FAILURE;
851 }
852 if (!capability.tpm_present_flag) {
853 efi_st_error("TPM not present\n");
854 return EFI_ST_FAILURE;
855 }
856 efi_st_printf("TPM supports 0x%.8x event logs\n",
857 capability.supported_event_logs);
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900858
859 /* EFI_TCG2_PROTOCOL.GetActivePcrBanks test */
860 ret = tcg2->get_active_pcr_banks(tcg2, &active_pcr_banks);
861 if (ret != EFI_SUCCESS) {
862 efi_st_error("tcg2->get_active_pcr_banks failed\n");
863 return EFI_ST_FAILURE;
864 }
865 if (active_pcr_banks != capability.active_pcr_banks) {
866 efi_st_error("tcg2->get_active_pcr_banks return wrong value\n");
867 return EFI_ST_FAILURE;
868 }
869
870 /* EFI_TCG2_PROTOCOL.HashLogExtendEvent test */
871 ret = tcg2->hash_log_extend_event(tcg2, EFI_TCG2_EXTEND_ONLY,
872 (uintptr_t)image,
873 img.length, efi_tcg2_event);
874 if (ret != EFI_SUCCESS) {
875 efi_st_error("tcg2->hash_log_extend_event(EXTEND_ONLY) failed\n");
876 return EFI_ST_FAILURE;
877 }
878
879 ret = tcg2->hash_log_extend_event(tcg2, PE_COFF_IMAGE, (uintptr_t)image,
880 img.length, efi_tcg2_event);
881 if (ret != EFI_SUCCESS) {
882 efi_st_error("tcg2->hash_log_extend_event(PE_COFF_IMAGE) failed\n");
883 return EFI_ST_FAILURE;
884 }
885
886 /* EFI_TCG2_PROTOCOL.SubmitCommand test */
887 ret = get_manufacturer_id_buffer_small(tcg2);
888 if (ret != EFI_OUT_OF_RESOURCES) {
889 efi_st_error("get_manufacturer_id buffer too small failed\n");
890 return EFI_ST_FAILURE;
891 }
892
893 ret = get_manufacturer_id(tcg2, &manufacturer_id);
894 if (ret != EFI_SUCCESS) {
895 efi_st_error("get_manufacturer_id failed\n");
896 return EFI_ST_FAILURE;
897 }
898 if (capability.manufacturer_id != manufacturer_id) {
899 efi_st_error("tcg2->submit_command test failed\n");
900 return EFI_ST_FAILURE;
901 }
902
903 /* tcg2_measure_pe_image test */
904 ret = boottime->load_image(false, image_handle, NULL, image,
905 img.length, &handle);
906 if (ret != EFI_SUCCESS) {
907 efi_st_error("Failed to load image\n");
908 return EFI_ST_FAILURE;
909 }
910
911 /* measure ready_to_boot event(boot variables, smbios table, etc.) */
912 /* TODO: add GPT measurement test */
913 ret = boottime->start_image(handle, &exit_data_size, &exit_data);
914 if (ret != EFI_UNSUPPORTED) {
915 efi_st_error("Wrong return value from application\n");
916 return EFI_ST_FAILURE;
917 }
918 ret = boottime->free_pool(exit_data);
919 if (ret != EFI_SUCCESS) {
920 efi_st_error("Failed to free exit data\n");
921 return EFI_ST_FAILURE;
922 }
923
924 /* validate PCR read from the TPM device */
925 for (i = 0; i < (EFI_TCG2_MAX_PCR_INDEX + 1); i++) {
926 ret = read_pcr(tcg2, i);
927 if (ret != EFI_SUCCESS) {
928 efi_st_error("read pcr error\n");
929 return EFI_ST_FAILURE;
930 }
931 }
932 if (validate_pcrs()) {
933 efi_st_error("PCR validation failed\n");
934 return EFI_ST_FAILURE;
935 }
936
937 /* EFI_TCG2_PROTOCOL.GetEventLog test */
938 ret = tcg2->get_eventlog(tcg2, TCG2_EVENT_LOG_FORMAT_TCG_2, &eventlog,
939 &eventlog_last_entry, &eventlog_truncated);
940 if (ret != EFI_SUCCESS) {
941 efi_st_error("tcg2->get_eventlog failed\n");
942 return EFI_ST_FAILURE;
943 }
944 /* TODO: eventlog format check */
945
Heinrich Schuchardt7754a182020-11-12 19:53:10 +0100946 return EFI_ST_SUCCESS;
947}
948
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900949/*
950 * efi_st_tcg2_teardown() - Tear down unit test
951 *
Heinrich Schuchardtfbe90212022-01-20 19:48:20 +0100952 * Return: EFI_ST_SUCCESS for success
Masahisa Kojima4d1fee22021-11-04 19:45:46 +0900953 */
954static int efi_st_tcg2_teardown(void)
955{
956 efi_status_t r = EFI_ST_SUCCESS;
957
958 if (image) {
959 r = boottime->free_pool(image);
960 if (r != EFI_SUCCESS) {
961 efi_st_error("Failed to free image\n");
962 return EFI_ST_FAILURE;
963 }
964 }
965 if (efi_tcg2_event) {
966 r = boottime->free_pool(efi_tcg2_event);
967 if (r != EFI_SUCCESS) {
968 efi_st_error("Failed to free efi_tcg2_event\n");
969 return EFI_ST_FAILURE;
970 }
971 }
972 if (pcrs) {
973 r = boottime->free_pool(pcrs);
974 if (r != EFI_SUCCESS) {
975 efi_st_error("Failed to free pcr\n");
976 return EFI_ST_FAILURE;
977 }
978 }
979
980 r = restore_boot_variable();
981 if (r != EFI_SUCCESS) {
982 efi_st_error("Failed to restore boot variables\n");
983 return EFI_ST_FAILURE;
984 }
985
986 /*
987 * Restore SMBIOS table
988 * If orig_smbios_table is NULL, calling install_configuration_table()
989 * removes dummy SMBIOS table form systab.
990 */
991 r = boottime->install_configuration_table(&smbios_guid, orig_smbios_table);
992 if (r != EFI_SUCCESS) {
993 efi_st_error("Failed to restore SMBOIS table\n");
994 return EFI_ST_FAILURE;
995 }
996
997 if (dmi_addr) {
998 r = boottime->free_pages(dmi_addr, 1);
999 if (r != EFI_SUCCESS) {
1000 efi_st_error("Failed to free dummy smbios table\n");
1001 return EFI_ST_FAILURE;
1002 }
1003 }
1004
1005 return r;
1006}
1007
Heinrich Schuchardt7754a182020-11-12 19:53:10 +01001008EFI_UNIT_TEST(tcg2) = {
1009 .name = "tcg2",
1010 .phase = EFI_EXECUTE_BEFORE_BOOTTIME_EXIT,
1011 .execute = efi_st_tcg2_execute,
1012 .setup = efi_st_tcg2_setup,
Masahisa Kojima4d1fee22021-11-04 19:45:46 +09001013 .teardown = efi_st_tcg2_teardown,
1014 .on_request = true,
Heinrich Schuchardt7754a182020-11-12 19:53:10 +01001015};