import tpm2-tools-5.2-2.el9_1
This commit is contained in:
parent
f0b25beb0d
commit
041e39d64d
@ -0,0 +1,26 @@
|
||||
From 4351d850bb664941f88463229758171c2603080a Mon Sep 17 00:00:00 2001
|
||||
From: Erik Larsson <who+github@cnackers.org>
|
||||
Date: Mon, 4 Oct 2021 10:21:49 +0200
|
||||
Subject: [PATCH 1/9] lib/tpm2_eventlog_yaml: use char16_t for UEFI characters
|
||||
|
||||
Signed-off-by: Erik Larsson <who+github@cnackers.org>
|
||||
---
|
||||
lib/tpm2_eventlog_yaml.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
|
||||
index 6e6923e5..9b048db1 100644
|
||||
--- a/lib/tpm2_eventlog_yaml.c
|
||||
+++ b/lib/tpm2_eventlog_yaml.c
|
||||
@@ -475,7 +475,7 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
|
||||
tpm2_tool_output(" Description: \"");
|
||||
int i;
|
||||
for (i = 0; (wchar_t)loadopt->Description[i] != 0; i++) {
|
||||
- wchar_t c = (wchar_t)loadopt->Description[i];
|
||||
+ char16_t c = (char16_t)loadopt->Description[i];
|
||||
tpm2_tool_output("%lc", c);
|
||||
}
|
||||
tpm2_tool_output("\"\n");
|
||||
--
|
||||
2.37.3
|
||||
|
@ -0,0 +1,151 @@
|
||||
From 2558005814e4a64f8941216b9dc3d3c3a9b35c51 Mon Sep 17 00:00:00 2001
|
||||
From: George Almasi <gheorghe@us.ibm.com>
|
||||
Date: Fri, 8 Apr 2022 15:27:05 +0000
|
||||
Subject: [PATCH 2/9] Patch set for handling of new event types in
|
||||
tpm2_eventlog: EV_EFI_PLATFORM_FIRMWARE_BLOB2, EV_EFI_HANDOFF_TABLES2,
|
||||
EV_EFI_VARIABLE_BOOT2
|
||||
|
||||
Signed-off-by: George Almasi <gheorghe@us.ibm.com>
|
||||
---
|
||||
lib/efi_event.h | 11 ++++++++
|
||||
lib/tpm2_eventlog_yaml.c | 42 ++++++++++++++++++++++++++++-
|
||||
test/unit/test_tpm2_eventlog_yaml.c | 6 +++++
|
||||
3 files changed, 58 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/efi_event.h b/lib/efi_event.h
|
||||
index 0136e32b..cc2ffc98 100644
|
||||
--- a/lib/efi_event.h
|
||||
+++ b/lib/efi_event.h
|
||||
@@ -41,6 +41,10 @@
|
||||
#define EV_EFI_ACTION EV_EFI_EVENT_BASE + 0x7
|
||||
#define EV_EFI_PLATFORM_FIRMWARE_BLOB EV_EFI_EVENT_BASE + 0x8
|
||||
#define EV_EFI_HANDOFF_TABLES EV_EFI_EVENT_BASE + 0x9
|
||||
+#define EV_EFI_PLATFORM_FIRMWARE_BLOB2 EV_EFI_EVENT_BASE + 0xa
|
||||
+#define EV_EFI_HANDOFF_TABLES2 EV_EFI_EVENT_BASE + 0xb
|
||||
+#define EV_EFI_VARIABLE_BOOT2 EV_EFI_EVENT_BASE + 0xc
|
||||
+
|
||||
#define EV_EFI_VARIABLE_AUTHORITY EV_EFI_EVENT_BASE + 0xe0
|
||||
|
||||
#ifndef PACKED
|
||||
@@ -96,6 +100,13 @@ typedef struct {
|
||||
UINT64 BlobLength;
|
||||
} PACKED UEFI_PLATFORM_FIRMWARE_BLOB;
|
||||
|
||||
+
|
||||
+typedef struct {
|
||||
+ UINT8 BlobDescriptionSize;
|
||||
+ BYTE BlobDescription[];
|
||||
+ /* UEFI_PLATFORM_FIRMWARE_BLOB comes next */
|
||||
+} PACKED UEFI_PLATFORM_FIRMWARE_BLOB2;
|
||||
+
|
||||
typedef struct {
|
||||
UINT32 pcrIndex;
|
||||
UINT32 eventType;
|
||||
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
|
||||
index 9b048db1..d2d4aefe 100644
|
||||
--- a/lib/tpm2_eventlog_yaml.c
|
||||
+++ b/lib/tpm2_eventlog_yaml.c
|
||||
@@ -90,6 +90,12 @@ char const *eventtype_to_string (UINT32 event_type) {
|
||||
return "EV_EFI_PLATFORM_FIRMWARE_BLOB";
|
||||
case EV_EFI_HANDOFF_TABLES:
|
||||
return "EV_EFI_HANDOFF_TABLES";
|
||||
+ case EV_EFI_PLATFORM_FIRMWARE_BLOB2:
|
||||
+ return "EV_EFI_PLATFORM_FIRMWARE_BLOB2";
|
||||
+ case EV_EFI_HANDOFF_TABLES2:
|
||||
+ return "EV_EFI_HANDOFF_TABLES2";
|
||||
+ case EV_EFI_VARIABLE_BOOT2:
|
||||
+ return "EV_EFI_VARIABLE_BOOT2";
|
||||
case EV_EFI_VARIABLE_AUTHORITY:
|
||||
return "EV_EFI_VARIABLE_AUTHORITY";
|
||||
default:
|
||||
@@ -433,7 +439,7 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
|
||||
uuidstr, sdata);
|
||||
free(sdata);
|
||||
return true;
|
||||
- } else if (type == EV_EFI_VARIABLE_BOOT) {
|
||||
+ } else if (type == EV_EFI_VARIABLE_BOOT || type == EV_EFI_VARIABLE_BOOT2) {
|
||||
if ((strlen(ret) == 9 && strncmp(ret, "BootOrder", 9) == 0)) {
|
||||
free(ret);
|
||||
tpm2_tool_output(" VariableData:\n");
|
||||
@@ -526,6 +532,37 @@ bool yaml_uefi_platfwblob(UEFI_PLATFORM_FIRMWARE_BLOB *data) {
|
||||
data->BlobLength);
|
||||
return true;
|
||||
}
|
||||
+
|
||||
+/* TCG PC Client PFP (02 dec 2020) section 10.2.5 */
|
||||
+bool yaml_uefi_platfwblob2(UEFI_PLATFORM_FIRMWARE_BLOB2 *data) {
|
||||
+ UINT8 blobdescsize = data->BlobDescriptionSize;
|
||||
+ UEFI_PLATFORM_FIRMWARE_BLOB * data2 = (UEFI_PLATFORM_FIRMWARE_BLOB *)((UINT8 *)data + sizeof(UINT8) + blobdescsize);
|
||||
+
|
||||
+ char * eventdesc = (char *)calloc (1, 2*blobdescsize+1);
|
||||
+ if (!eventdesc) {
|
||||
+ LOG_ERR("failed to allocate memory: %s\n", strerror(errno));
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ bytes_to_str (data->BlobDescription, blobdescsize, eventdesc, 2*blobdescsize);
|
||||
+
|
||||
+ tpm2_tool_output(" Event:\n"
|
||||
+ " BlobDescriptionSize: %d\n"
|
||||
+ " BlobDescription: \"%.*s\"\n"
|
||||
+ " BlobBase: 0x%" PRIx64 "\n"
|
||||
+ " BlobLength: 0x%" PRIx64 "\n",
|
||||
+ blobdescsize,
|
||||
+ 2*blobdescsize,
|
||||
+ eventdesc,
|
||||
+ data2->BlobBase,
|
||||
+ data2->BlobLength);
|
||||
+
|
||||
+ free(eventdesc);
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+
|
||||
/* TCG PC Client PFP section 9.4.4 */
|
||||
bool yaml_uefi_action(UINT8 const *action, size_t size) {
|
||||
|
||||
@@ -713,6 +750,7 @@ bool yaml_event2data(TCG_EVENT2 const *event, UINT32 type, uint32_t eventlog_ver
|
||||
switch (type) {
|
||||
case EV_EFI_VARIABLE_DRIVER_CONFIG:
|
||||
case EV_EFI_VARIABLE_BOOT:
|
||||
+ case EV_EFI_VARIABLE_BOOT2:
|
||||
case EV_EFI_VARIABLE_AUTHORITY:
|
||||
return yaml_uefi_var((UEFI_VARIABLE_DATA*)event->Event,
|
||||
event->EventSize, type, eventlog_version);
|
||||
@@ -721,6 +759,8 @@ bool yaml_event2data(TCG_EVENT2 const *event, UINT32 type, uint32_t eventlog_ver
|
||||
case EV_S_CRTM_CONTENTS:
|
||||
case EV_EFI_PLATFORM_FIRMWARE_BLOB:
|
||||
return yaml_uefi_platfwblob((UEFI_PLATFORM_FIRMWARE_BLOB*)event->Event);
|
||||
+ case EV_EFI_PLATFORM_FIRMWARE_BLOB2:
|
||||
+ return yaml_uefi_platfwblob2((UEFI_PLATFORM_FIRMWARE_BLOB2*)event->Event);
|
||||
case EV_EFI_ACTION:
|
||||
return yaml_uefi_action(event->Event, event->EventSize);
|
||||
case EV_IPL:
|
||||
diff --git a/test/unit/test_tpm2_eventlog_yaml.c b/test/unit/test_tpm2_eventlog_yaml.c
|
||||
index d4e30b0e..6881703b 100644
|
||||
--- a/test/unit/test_tpm2_eventlog_yaml.c
|
||||
+++ b/test/unit/test_tpm2_eventlog_yaml.c
|
||||
@@ -47,6 +47,9 @@ def_eventtype_to_string(EV_EFI_GPT_EVENT)
|
||||
def_eventtype_to_string(EV_EFI_ACTION)
|
||||
def_eventtype_to_string(EV_EFI_PLATFORM_FIRMWARE_BLOB)
|
||||
def_eventtype_to_string(EV_EFI_HANDOFF_TABLES)
|
||||
+def_eventtype_to_string(EV_EFI_PLATFORM_FIRMWARE_BLOB2)
|
||||
+def_eventtype_to_string(EV_EFI_HANDOFF_TABLES2)
|
||||
+def_eventtype_to_string(EV_EFI_VARIABLE_BOOT2)
|
||||
def_eventtype_to_string(EV_EFI_VARIABLE_AUTHORITY)
|
||||
|
||||
static void eventtype_to_string_default(void **state) {
|
||||
@@ -141,6 +144,9 @@ int main(void) {
|
||||
cmocka_unit_test(eventtype_to_string_EV_EFI_ACTION),
|
||||
cmocka_unit_test(eventtype_to_string_EV_EFI_PLATFORM_FIRMWARE_BLOB),
|
||||
cmocka_unit_test(eventtype_to_string_EV_EFI_HANDOFF_TABLES),
|
||||
+ cmocka_unit_test(eventtype_to_string_EV_EFI_PLATFORM_FIRMWARE_BLOB2),
|
||||
+ cmocka_unit_test(eventtype_to_string_EV_EFI_HANDOFF_TABLES2),
|
||||
+ cmocka_unit_test(eventtype_to_string_EV_EFI_VARIABLE_BOOT2),
|
||||
cmocka_unit_test(eventtype_to_string_EV_EFI_VARIABLE_AUTHORITY),
|
||||
cmocka_unit_test(eventtype_to_string_default),
|
||||
cmocka_unit_test(test_yaml_event2hdr_callback),
|
||||
--
|
||||
2.37.3
|
||||
|
@ -0,0 +1,27 @@
|
||||
From 18f211c7f28d204e5676a30480b681519316d87f Mon Sep 17 00:00:00 2001
|
||||
From: George Almasi <gheorghe@us.ibm.com>
|
||||
Date: Mon, 11 Apr 2022 12:12:45 +0000
|
||||
Subject: [PATCH 3/9] Code clarity fix for calculation of data member addresses
|
||||
when printing out UEFI_PLATFORM_FIRMWARE_BLOB2 structures.
|
||||
|
||||
Signed-off-by: George Almasi <gheorghe@us.ibm.com>
|
||||
---
|
||||
lib/tpm2_eventlog_yaml.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
|
||||
index d2d4aefe..647a2225 100644
|
||||
--- a/lib/tpm2_eventlog_yaml.c
|
||||
+++ b/lib/tpm2_eventlog_yaml.c
|
||||
@@ -536,7 +536,7 @@ bool yaml_uefi_platfwblob(UEFI_PLATFORM_FIRMWARE_BLOB *data) {
|
||||
/* TCG PC Client PFP (02 dec 2020) section 10.2.5 */
|
||||
bool yaml_uefi_platfwblob2(UEFI_PLATFORM_FIRMWARE_BLOB2 *data) {
|
||||
UINT8 blobdescsize = data->BlobDescriptionSize;
|
||||
- UEFI_PLATFORM_FIRMWARE_BLOB * data2 = (UEFI_PLATFORM_FIRMWARE_BLOB *)((UINT8 *)data + sizeof(UINT8) + blobdescsize);
|
||||
+ UEFI_PLATFORM_FIRMWARE_BLOB * data2 = (UEFI_PLATFORM_FIRMWARE_BLOB *)((UINT8 *)data + sizeof(data->BlobDescriptionSize) + blobdescsize);
|
||||
|
||||
char * eventdesc = (char *)calloc (1, 2*blobdescsize+1);
|
||||
if (!eventdesc) {
|
||||
--
|
||||
2.37.3
|
||||
|
55
SOURCES/0004-tpm2_eventlog-clean-up-some-magic-numbers.patch
Normal file
55
SOURCES/0004-tpm2_eventlog-clean-up-some-magic-numbers.patch
Normal file
@ -0,0 +1,55 @@
|
||||
From 2781de8cb60d0e8efb72d57eb1178f2f6df9415c Mon Sep 17 00:00:00 2001
|
||||
From: Jerry Snitselaar <jsnitsel@redhat.com>
|
||||
Date: Tue, 2 Aug 2022 11:59:06 -0700
|
||||
Subject: [PATCH 4/9] tpm2_eventlog: clean up some magic numbers
|
||||
|
||||
Make the code a bit clearer by making it clear
|
||||
we are subtracting the size of the EFI_GUID member
|
||||
from the EFI_SIGNATURE_DATA size.
|
||||
|
||||
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
|
||||
---
|
||||
lib/tpm2_eventlog_yaml.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
|
||||
index 647a2225..fee78027 100644
|
||||
--- a/lib/tpm2_eventlog_yaml.c
|
||||
+++ b/lib/tpm2_eventlog_yaml.c
|
||||
@@ -374,13 +374,13 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
|
||||
for (i = 0; i < signatures; i++) {
|
||||
EFI_SIGNATURE_DATA *s = (EFI_SIGNATURE_DATA *)signature;
|
||||
char *sdata = calloc (1,
|
||||
- BYTES_TO_HEX_STRING_SIZE(slist->SignatureSize-16));
|
||||
+ BYTES_TO_HEX_STRING_SIZE(slist->SignatureSize - sizeof(EFI_GUID)));
|
||||
if (sdata == NULL) {
|
||||
LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
- bytes_to_str(s->SignatureData, slist->SignatureSize-16,
|
||||
- sdata, BYTES_TO_HEX_STRING_SIZE(slist->SignatureSize-16));
|
||||
+ bytes_to_str(s->SignatureData, slist->SignatureSize - sizeof(EFI_GUID),
|
||||
+ sdata, BYTES_TO_HEX_STRING_SIZE(slist->SignatureSize - sizeof(EFI_GUID)));
|
||||
guid_unparse_lower(s->SignatureOwner, uuidstr);
|
||||
tpm2_tool_output(" - SignatureOwner: %s\n"
|
||||
" SignatureData: %s\n",
|
||||
@@ -426,13 +426,13 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
|
||||
EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[
|
||||
data->UnicodeNameLength];
|
||||
char *sdata = calloc (1,
|
||||
- BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - 16));
|
||||
+ BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
|
||||
if (sdata == NULL) {
|
||||
LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
- bytes_to_str(s->SignatureData, data->VariableDataLength - 16,
|
||||
- sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - 16));
|
||||
+ bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID),
|
||||
+ sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
|
||||
guid_unparse_lower(s->SignatureOwner, uuidstr);
|
||||
tpm2_tool_output(" - SignatureOwner: %s\n"
|
||||
" SignatureData: %s\n",
|
||||
--
|
||||
2.37.3
|
||||
|
@ -0,0 +1,209 @@
|
||||
From cef0317b83e06fdca25ef52a8bfd59b74d318e5a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
|
||||
Date: Thu, 29 Sep 2022 10:48:36 -0400
|
||||
Subject: [PATCH 5/9] tpm2_eventlog_yaml: fix malformed YAML for EV_IPL data
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The code for printing EV_IPL data was fairly crude and often
|
||||
did not generate valid YAML syntax. Some problems
|
||||
|
||||
* Data starting with a space would result in invalid
|
||||
indentation, a leading space requires a quoted string
|
||||
* Non-printable cahracters must generally be escaped,
|
||||
using a quoted string
|
||||
* Embedded NUL bytes were turned into newlines, which
|
||||
mangled any UTF16 encoded data.
|
||||
|
||||
This change attempts to make the YAML output much safer. It
|
||||
is not pefect as it just processes the data bytewise and
|
||||
thus could potentially emit invalid UTF-8 bytes. In practice
|
||||
this won't be a problem for known bootloader emitting EV_IPL
|
||||
events.
|
||||
|
||||
This changes the formatting slightly
|
||||
|
||||
- All strings are now surrounded with double quotes
|
||||
|
||||
- All NUL bytes, including the final trailing NUL
|
||||
are displayed in escaped format.
|
||||
|
||||
- Non-printable ASCII chars are escaped, including
|
||||
the tab character, per YAML recommendations
|
||||
|
||||
A much better long term solution would be to switch to
|
||||
using libyaml for generating the output which would give
|
||||
a strong guarantee of correct formatting.
|
||||
|
||||
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||
---
|
||||
lib/tpm2_eventlog_yaml.c | 141 ++++++++++++++++++++++++++++++++++++---
|
||||
1 file changed, 130 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
|
||||
index fee78027..66a20701 100644
|
||||
--- a/lib/tpm2_eventlog_yaml.c
|
||||
+++ b/lib/tpm2_eventlog_yaml.c
|
||||
@@ -571,6 +571,125 @@ bool yaml_uefi_action(UINT8 const *action, size_t size) {
|
||||
|
||||
return true;
|
||||
}
|
||||
+
|
||||
+
|
||||
+/*
|
||||
+ * The yaml_ipl description is received as raw bytes, but the
|
||||
+ * data will represent a printable string. Unfortunately we
|
||||
+ * are not told its encoding, and this can vary. For example,
|
||||
+ * grub will use UTF8, while sd-boot will UTF16LE.
|
||||
+ *
|
||||
+ * We need to emit YAML with some rules:
|
||||
+ *
|
||||
+ * - No leading ' ' without quoting it
|
||||
+ * - Escape non-printable ascii chars
|
||||
+ * - Double quotes if using escape sequences
|
||||
+ * - Valid UTF8 string
|
||||
+ *
|
||||
+ * This method will ignore the question of original data
|
||||
+ * encoding and apply a few simple rules to make the data
|
||||
+ * mostly YAML compliant. Where it falls down is not
|
||||
+ * guaranteeing valid UTF8, if the input was not already
|
||||
+ * valid UTF8. In practice this limitation shouldn't be
|
||||
+ * a problem given expected measured data.
|
||||
+ *
|
||||
+ * Note: one consequence of this approach is that most
|
||||
+ * UTF16LE data will be rendered with lots of \0 bytes
|
||||
+ * escaped.
|
||||
+ *
|
||||
+ * For ease of output reading, the data is also split on newlines
|
||||
+ */
|
||||
+char **yaml_split_escape_string(UINT8 const *description, size_t size)
|
||||
+{
|
||||
+ char **lines = NULL, **tmp;
|
||||
+ size_t nlines = 0;
|
||||
+ size_t i, j, k;
|
||||
+ size_t len;
|
||||
+ UINT8 *nl;
|
||||
+
|
||||
+ i = 0;
|
||||
+ do {
|
||||
+ nl = memchr(description + i, '\n', size - i);
|
||||
+ len = nl ? (size_t)(nl - (description + i)) : size - i;
|
||||
+
|
||||
+ tmp = realloc(lines, sizeof(char *) * (nlines + 2));
|
||||
+ if (!tmp) {
|
||||
+ LOG_ERR("failed to allocate memory for description lines: %s\n",
|
||||
+ strerror(errno));
|
||||
+ goto error;
|
||||
+ }
|
||||
+ lines = tmp;
|
||||
+ lines[nlines + 1] = NULL;
|
||||
+ k = 0;
|
||||
+
|
||||
+ /* Worst case: every byte needs escaping, plus start/end quotes, plus nul */
|
||||
+ lines[nlines] = calloc(1, (len * 2) + 2 + 1);
|
||||
+ if (!lines[nlines]) {
|
||||
+ LOG_ERR("failed to allocate memory for escaped string: %s\n",
|
||||
+ strerror(errno));
|
||||
+ goto error;
|
||||
+ }
|
||||
+
|
||||
+ lines[nlines][k++] = '"';
|
||||
+ for (j = i; j < (i + len); j++) {
|
||||
+ char escape = '\0';
|
||||
+
|
||||
+ switch (description[j]) {
|
||||
+ case '\0':
|
||||
+ escape = '0';
|
||||
+ break;
|
||||
+ case '\a':
|
||||
+ escape = 'a';
|
||||
+ break;
|
||||
+ case '\b':
|
||||
+ escape = 'b';
|
||||
+ break;
|
||||
+ case '\t':
|
||||
+ escape = 't';
|
||||
+ break;
|
||||
+ case '\v':
|
||||
+ escape = 'v';
|
||||
+ break;
|
||||
+ case '\f':
|
||||
+ escape = 'f';
|
||||
+ break;
|
||||
+ case '\r':
|
||||
+ escape = 'r';
|
||||
+ break;
|
||||
+ case '\e':
|
||||
+ escape = 'e';
|
||||
+ break;
|
||||
+ case '\'':
|
||||
+ escape = '\'';
|
||||
+ break;
|
||||
+ case '\\':
|
||||
+ escape = '\\';
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ if (escape == '\0') {
|
||||
+ lines[nlines][k++] = description[j];
|
||||
+ } else {
|
||||
+ lines[nlines][k++] = '\\';
|
||||
+ lines[nlines][k++] = escape;
|
||||
+ }
|
||||
+ }
|
||||
+ lines[nlines][k++] = '"';
|
||||
+
|
||||
+ nlines++;
|
||||
+ i += len + 1;
|
||||
+ } while (i < size);
|
||||
+
|
||||
+ return lines;
|
||||
+
|
||||
+ error:
|
||||
+ for (i = 0; lines != NULL && lines[i] != NULL; i++) {
|
||||
+ free(lines[i]);
|
||||
+ }
|
||||
+ free(lines);
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* TCG PC Client PFP section 9.4.1
|
||||
* This event type is extensively used by the Shim and Grub on a wide varities
|
||||
@@ -578,21 +697,21 @@ bool yaml_uefi_action(UINT8 const *action, size_t size) {
|
||||
* the loading of grub, kernel, and initrd images.
|
||||
*/
|
||||
bool yaml_ipl(UINT8 const *description, size_t size) {
|
||||
-
|
||||
+ char **lines = NULL;
|
||||
+ size_t i;
|
||||
tpm2_tool_output(" Event:\n"
|
||||
" String: |-\n");
|
||||
|
||||
- /* We need to handle when description contains multiple lines. */
|
||||
- size_t i, j;
|
||||
- for (i = 0; i < size; i++) {
|
||||
- for (j = i; j < size; j++) {
|
||||
- if (description[j] == '\n' || description[j] == '\0') {
|
||||
- break;
|
||||
- }
|
||||
- }
|
||||
- tpm2_tool_output(" %.*s\n", (int)(j - i), description+i);
|
||||
- i = j;
|
||||
+ lines = yaml_split_escape_string(description, size);
|
||||
+ if (!lines) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; lines[i] != NULL; i++) {
|
||||
+ tpm2_tool_output(" %s\n", lines[i]);
|
||||
+ free(lines[i]);
|
||||
}
|
||||
+ free(lines);
|
||||
|
||||
return true;
|
||||
}
|
||||
--
|
||||
2.37.3
|
||||
|
5678
SOURCES/0006-test-track-expected-YAML-output-for-eventlog.patch
Normal file
5678
SOURCES/0006-test-track-expected-YAML-output-for-eventlog.patch
Normal file
File diff suppressed because one or more lines are too long
@ -0,0 +1,92 @@
|
||||
From c26464eb59b71b40bea11b4829b2a848343081f2 Mon Sep 17 00:00:00 2001
|
||||
From: Thore Sommer <mail@thson.de>
|
||||
Date: Sat, 8 Oct 2022 21:29:18 +0300
|
||||
Subject: [PATCH 7/9] tpm2_eventlog_yaml: fix parsing for MokListTrusted
|
||||
|
||||
Not all data in events of the EV_EFI_VARIABLE_AUTHORITY are
|
||||
EFI_SIGNATURE_DATA. The entry for MokListTrusted is a boolean
|
||||
encoded as an integer similar to SecureBoot variable.
|
||||
|
||||
Fixes #3050
|
||||
|
||||
Signed-off-by: Thore Sommer <mail@thson.de>
|
||||
---
|
||||
lib/tpm2_eventlog_yaml.c | 60 +++++++++++++++++++++++++++-------------
|
||||
1 file changed, 41 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
|
||||
index 66a20701..0b1d0318 100644
|
||||
--- a/lib/tpm2_eventlog_yaml.c
|
||||
+++ b/lib/tpm2_eventlog_yaml.c
|
||||
@@ -418,27 +418,49 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
|
||||
}
|
||||
return true;
|
||||
}
|
||||
- /* Other variables will be printed as a hex string */
|
||||
} else if (type == EV_EFI_VARIABLE_AUTHORITY) {
|
||||
- free(ret);
|
||||
- tpm2_tool_output(" VariableData:\n");
|
||||
-
|
||||
- EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[
|
||||
- data->UnicodeNameLength];
|
||||
- char *sdata = calloc (1,
|
||||
- BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
|
||||
- if (sdata == NULL) {
|
||||
- LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
|
||||
- return false;
|
||||
+ /* The MokListTrusted is boolean option, not a EFI_SIGNATURE_DATA*/
|
||||
+ if ((strlen(ret) == 14 && strncmp(ret, "MokListTrusted", 14) == 0)) {
|
||||
+ free(ret);
|
||||
+ tpm2_tool_output(" VariableData:\n"
|
||||
+ " Enabled: ");
|
||||
+ if (data->VariableDataLength == 0) {
|
||||
+ tpm2_tool_output("'No'\n");
|
||||
+ } else if (data->VariableDataLength > 1) {
|
||||
+ LOG_ERR("MokListTrusted value length %" PRIu64 " is unexpectedly > 1\n",
|
||||
+ data->VariableDataLength);
|
||||
+ return false;
|
||||
+ } else {
|
||||
+ uint8_t *variable_data = (uint8_t *)&data->UnicodeName[
|
||||
+ data->UnicodeNameLength];
|
||||
+ if (*variable_data == 0) {
|
||||
+ tpm2_tool_output("'No'\n");
|
||||
+ } else {
|
||||
+ tpm2_tool_output("'Yes'\n");
|
||||
+ }
|
||||
+ }
|
||||
+ return true;
|
||||
+ } else {
|
||||
+ /* Other variables will be printed as a hex string */
|
||||
+ free(ret);
|
||||
+ tpm2_tool_output(" VariableData:\n");
|
||||
+ EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[
|
||||
+ data->UnicodeNameLength];
|
||||
+ char *sdata = calloc (1,
|
||||
+ BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
|
||||
+ if (sdata == NULL) {
|
||||
+ LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
|
||||
+ return false;
|
||||
+ }
|
||||
+ bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID),
|
||||
+ sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
|
||||
+ guid_unparse_lower(s->SignatureOwner, uuidstr);
|
||||
+ tpm2_tool_output(" - SignatureOwner: %s\n"
|
||||
+ " SignatureData: %s\n",
|
||||
+ uuidstr, sdata);
|
||||
+ free(sdata);
|
||||
+ return true;
|
||||
}
|
||||
- bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID),
|
||||
- sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
|
||||
- guid_unparse_lower(s->SignatureOwner, uuidstr);
|
||||
- tpm2_tool_output(" - SignatureOwner: %s\n"
|
||||
- " SignatureData: %s\n",
|
||||
- uuidstr, sdata);
|
||||
- free(sdata);
|
||||
- return true;
|
||||
} else if (type == EV_EFI_VARIABLE_BOOT || type == EV_EFI_VARIABLE_BOOT2) {
|
||||
if ((strlen(ret) == 9 && strncmp(ret, "BootOrder", 9) == 0)) {
|
||||
free(ret);
|
||||
--
|
||||
2.37.3
|
||||
|
1462
SOURCES/0008-tests-add-eventlog-for-parsing-MokListTrusted.patch
Normal file
1462
SOURCES/0008-tests-add-eventlog-for-parsing-MokListTrusted.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,87 @@
|
||||
From e05d4ac57960b9aa81943254f5757405a5217616 Mon Sep 17 00:00:00 2001
|
||||
From: Thore Sommer <mail@thson.de>
|
||||
Date: Tue, 11 Oct 2022 08:44:44 +0300
|
||||
Subject: [PATCH 9/9] tpm2_eventlog_yaml: use defines for Unicode variables
|
||||
|
||||
The used variables and their length are defined as the following:
|
||||
|
||||
- Name: NAME_{VARIABLE_NAME}
|
||||
- Length: NAME_{VARIABLE_NAME}_LEN
|
||||
|
||||
Signed-off-by: Thore Sommer <mail@thson.de>
|
||||
---
|
||||
lib/tpm2_eventlog_yaml.c | 30 +++++++++++++++++++++++-------
|
||||
1 file changed, 23 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
|
||||
index 0b1d0318..59a5d8fc 100644
|
||||
--- a/lib/tpm2_eventlog_yaml.c
|
||||
+++ b/lib/tpm2_eventlog_yaml.c
|
||||
@@ -23,6 +23,22 @@
|
||||
#include <efivar/efivar.h>
|
||||
#endif
|
||||
|
||||
+/* Valid variable unicode names and their length */
|
||||
+#define NAME_DB "db"
|
||||
+#define NAME_DB_LEN 2
|
||||
+#define NAME_DBX "dbx"
|
||||
+#define NAME_DBX_LEN 3
|
||||
+#define NAME_KEK "KEK"
|
||||
+#define NAME_KEK_LEN 3
|
||||
+#define NAME_PK "PK"
|
||||
+#define NAME_PK_LEN 2
|
||||
+#define NAME_MOKLISTTRUSTED "MokListTrusted"
|
||||
+#define NAME_MOKLISTTRUSTED_LEN 14
|
||||
+#define NAME_SECUREBOOT "SecureBoot"
|
||||
+#define NAME_SECUREBOOT_LEN 10
|
||||
+#define NAME_BOOTORDER "BootOrder"
|
||||
+#define NAME_BOOTORDER_LEN 9
|
||||
+
|
||||
static void guid_unparse_lower(EFI_GUID guid, char guid_buf[37]) {
|
||||
|
||||
snprintf(guid_buf, 37, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
|
||||
@@ -321,10 +337,10 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
|
||||
* respectively.
|
||||
*/
|
||||
if (type == EV_EFI_VARIABLE_DRIVER_CONFIG) {
|
||||
- if ((strlen(ret) == 2 && strncmp(ret, "PK", 2) == 0) ||
|
||||
- (strlen(ret) == 3 && strncmp(ret, "KEK", 3) == 0) ||
|
||||
- (strlen(ret) == 2 && strncmp(ret, "db", 2) == 0) ||
|
||||
- (strlen(ret) == 3 && strncmp(ret, "dbx", 3) == 0)) {
|
||||
+ if ((strlen(ret) == NAME_PK_LEN && strncmp(ret, NAME_PK, NAME_PK_LEN) == 0) ||
|
||||
+ (strlen(ret) == NAME_KEK_LEN && strncmp(ret, NAME_KEK, NAME_KEK_LEN) == 0) ||
|
||||
+ (strlen(ret) == NAME_DB_LEN && strncmp(ret, NAME_DB, NAME_DB_LEN) == 0) ||
|
||||
+ (strlen(ret) == NAME_DBX_LEN && strncmp(ret, NAME_DBX, NAME_DBX_LEN) == 0)) {
|
||||
|
||||
free(ret);
|
||||
tpm2_tool_output(" VariableData:\n");
|
||||
@@ -397,7 +413,7 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
|
||||
variable_data += slist->SignatureListSize;
|
||||
}
|
||||
return true;
|
||||
- } else if ((strlen(ret) == 10 && strncmp(ret, "SecureBoot", 10) == 0)) {
|
||||
+ } else if ((strlen(ret) == NAME_SECUREBOOT_LEN && strncmp(ret, NAME_SECUREBOOT, NAME_SECUREBOOT_LEN) == 0)) {
|
||||
free(ret);
|
||||
tpm2_tool_output(" VariableData:\n"
|
||||
" Enabled: ");
|
||||
@@ -420,7 +436,7 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
|
||||
}
|
||||
} else if (type == EV_EFI_VARIABLE_AUTHORITY) {
|
||||
/* The MokListTrusted is boolean option, not a EFI_SIGNATURE_DATA*/
|
||||
- if ((strlen(ret) == 14 && strncmp(ret, "MokListTrusted", 14) == 0)) {
|
||||
+ if ((strlen(ret) == NAME_MOKLISTTRUSTED_LEN && strncmp(ret, NAME_MOKLISTTRUSTED, NAME_MOKLISTTRUSTED_LEN) == 0)) {
|
||||
free(ret);
|
||||
tpm2_tool_output(" VariableData:\n"
|
||||
" Enabled: ");
|
||||
@@ -462,7 +478,7 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
|
||||
return true;
|
||||
}
|
||||
} else if (type == EV_EFI_VARIABLE_BOOT || type == EV_EFI_VARIABLE_BOOT2) {
|
||||
- if ((strlen(ret) == 9 && strncmp(ret, "BootOrder", 9) == 0)) {
|
||||
+ if ((strlen(ret) == NAME_BOOTORDER_LEN && strncmp(ret, NAME_BOOTORDER, NAME_BOOTORDER_LEN) == 0)) {
|
||||
free(ret);
|
||||
tpm2_tool_output(" VariableData:\n");
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
Name: tpm2-tools
|
||||
Version: 5.2
|
||||
Release: 1%{?candidate:.%{candidate}}%{?dist}
|
||||
Release: 2%{?candidate:.%{candidate}}%{?dist}
|
||||
Summary: A bunch of TPM testing toolS build upon tpm2-tss
|
||||
|
||||
License: BSD
|
||||
@ -11,7 +11,17 @@ Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version
|
||||
Patch0: 0019-build-Use-hardcoded-version-variable.patch
|
||||
Patch1: test-fixup.patch
|
||||
Patch2: 0001-testparms-fix-condition-for-negative-test.patch
|
||||
Patch3: 0001-lib-tpm2_eventlog_yaml-use-char16_t-for-UEFI-charact.patch
|
||||
Patch4: 0002-Patch-set-for-handling-of-new-event-types-in-tpm2_ev.patch
|
||||
Patch5: 0003-Code-clarity-fix-for-calculation-of-data-member-addr.patch
|
||||
Patch6: 0004-tpm2_eventlog-clean-up-some-magic-numbers.patch
|
||||
Patch7: 0005-tpm2_eventlog_yaml-fix-malformed-YAML-for-EV_IPL-dat.patch
|
||||
Patch8: 0006-test-track-expected-YAML-output-for-eventlog.patch
|
||||
Patch9: 0007-tpm2_eventlog_yaml-fix-parsing-for-MokListTrusted.patch
|
||||
Patch10: 0008-tests-add-eventlog-for-parsing-MokListTrusted.patch
|
||||
Patch11: 0009-tpm2_eventlog_yaml-use-defines-for-Unicode-variables.patch
|
||||
|
||||
BuildRequires: git
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libtool
|
||||
@ -32,7 +42,7 @@ Requires: tpm2-tss%{?_isa} >= 2.3.1
|
||||
tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss.
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n %{name}-%{version}%{?candidate:-%{candidate}}
|
||||
%autosetup -S git -p1 -n %{name}-%{version}%{?candidate:-%{candidate}}
|
||||
|
||||
%build
|
||||
autoreconf -i
|
||||
@ -61,6 +71,10 @@ autoreconf -i
|
||||
%{_mandir}/man1/tss2_*.1.gz
|
||||
|
||||
%changelog
|
||||
* Wed Oct 19 2022 Štěpán Horáček <shoracek@redhat.com> - 5.2-2
|
||||
- Fix eventlog output.
|
||||
Resolves: rhbz#2136215
|
||||
|
||||
* Tue May 31 2022 Jerry Snitselaar <jsnitsel@redhat.com> - 5.2-1
|
||||
- Rebase to 5.2 release.
|
||||
Resolves: rhbz#2090748
|
||||
|
Loading…
Reference in New Issue
Block a user