rpms/tpm2-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity

tpm2-tools: Fix eventlog output

Browse Source 
Resolves: rhbz#2136215

Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
This commit is contained in:
Štěpán Horáček 2022-10-12 18:02:07 +02:00
parent 836bdb63c6
commit a56816e41e
11 changed files with 7805 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
0001-lib-tpm2_eventlog_yaml-use-char16_t-for-UEFI-charact.patch Normal file
View File

@ -0,0 +1,26 @@
From 4351d850bb664941f88463229758171c2603080a Mon Sep 17 00:00:00 2001
From: Erik Larsson <who+github@cnackers.org>
Date: Mon, 4 Oct 2021 10:21:49 +0200
Subject: [PATCH 1/9] lib/tpm2_eventlog_yaml: use char16_t for UEFI characters
Signed-off-by: Erik Larsson <who+github@cnackers.org>
---
lib/tpm2_eventlog_yaml.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
index 6e6923e5..9b048db1 100644
--- a/lib/tpm2_eventlog_yaml.c
+++ b/lib/tpm2_eventlog_yaml.c
@@ -475,7 +475,7 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
tpm2_tool_output(" Description: \"");
int i;
for (i = 0; (wchar_t)loadopt->Description[i] != 0; i++) {
- wchar_t c = (wchar_t)loadopt->Description[i];
+ char16_t c = (char16_t)loadopt->Description[i];
tpm2_tool_output("%lc", c);
}
tpm2_tool_output("\"\n");
--
2.37.3

151
0002-Patch-set-for-handling-of-new-event-types-in-tpm2_ev.patch Normal file
View File

@ -0,0 +1,151 @@
From 2558005814e4a64f8941216b9dc3d3c3a9b35c51 Mon Sep 17 00:00:00 2001
From: George Almasi <gheorghe@us.ibm.com>
Date: Fri, 8 Apr 2022 15:27:05 +0000
Subject: [PATCH 2/9] Patch set for handling of new event types in
tpm2_eventlog: EV_EFI_PLATFORM_FIRMWARE_BLOB2, EV_EFI_HANDOFF_TABLES2,
EV_EFI_VARIABLE_BOOT2
Signed-off-by: George Almasi <gheorghe@us.ibm.com>
---
lib/efi_event.h | 11 ++++++++
lib/tpm2_eventlog_yaml.c | 42 ++++++++++++++++++++++++++++-
test/unit/test_tpm2_eventlog_yaml.c | 6 +++++
3 files changed, 58 insertions(+), 1 deletion(-)
diff --git a/lib/efi_event.h b/lib/efi_event.h
index 0136e32b..cc2ffc98 100644
--- a/lib/efi_event.h
+++ b/lib/efi_event.h
@@ -41,6 +41,10 @@
#define EV_EFI_ACTION EV_EFI_EVENT_BASE + 0x7
#define EV_EFI_PLATFORM_FIRMWARE_BLOB EV_EFI_EVENT_BASE + 0x8
#define EV_EFI_HANDOFF_TABLES EV_EFI_EVENT_BASE + 0x9
+#define EV_EFI_PLATFORM_FIRMWARE_BLOB2 EV_EFI_EVENT_BASE + 0xa
+#define EV_EFI_HANDOFF_TABLES2 EV_EFI_EVENT_BASE + 0xb
+#define EV_EFI_VARIABLE_BOOT2 EV_EFI_EVENT_BASE + 0xc
+
#define EV_EFI_VARIABLE_AUTHORITY EV_EFI_EVENT_BASE + 0xe0
#ifndef PACKED
@@ -96,6 +100,13 @@ typedef struct {
UINT64 BlobLength;
} PACKED UEFI_PLATFORM_FIRMWARE_BLOB;
+
+typedef struct {
+ UINT8 BlobDescriptionSize;
+ BYTE BlobDescription[];
+ /* UEFI_PLATFORM_FIRMWARE_BLOB comes next */
+} PACKED UEFI_PLATFORM_FIRMWARE_BLOB2;
+
typedef struct {
UINT32 pcrIndex;
UINT32 eventType;
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
index 9b048db1..d2d4aefe 100644
--- a/lib/tpm2_eventlog_yaml.c
+++ b/lib/tpm2_eventlog_yaml.c
@@ -90,6 +90,12 @@ char const *eventtype_to_string (UINT32 event_type) {
return "EV_EFI_PLATFORM_FIRMWARE_BLOB";
case EV_EFI_HANDOFF_TABLES:
return "EV_EFI_HANDOFF_TABLES";
+ case EV_EFI_PLATFORM_FIRMWARE_BLOB2:
+ return "EV_EFI_PLATFORM_FIRMWARE_BLOB2";
+ case EV_EFI_HANDOFF_TABLES2:
+ return "EV_EFI_HANDOFF_TABLES2";
+ case EV_EFI_VARIABLE_BOOT2:
+ return "EV_EFI_VARIABLE_BOOT2";
case EV_EFI_VARIABLE_AUTHORITY:
return "EV_EFI_VARIABLE_AUTHORITY";
default:
@@ -433,7 +439,7 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
uuidstr, sdata);
free(sdata);
return true;
- } else if (type == EV_EFI_VARIABLE_BOOT) {
+ } else if (type == EV_EFI_VARIABLE_BOOT || type == EV_EFI_VARIABLE_BOOT2) {
if ((strlen(ret) == 9 && strncmp(ret, "BootOrder", 9) == 0)) {
free(ret);
tpm2_tool_output(" VariableData:\n");
@@ -526,6 +532,37 @@ bool yaml_uefi_platfwblob(UEFI_PLATFORM_FIRMWARE_BLOB *data) {
data->BlobLength);
return true;
}
+
+/* TCG PC Client PFP (02 dec 2020) section 10.2.5 */
+bool yaml_uefi_platfwblob2(UEFI_PLATFORM_FIRMWARE_BLOB2 *data) {
+ UINT8 blobdescsize = data->BlobDescriptionSize;
+ UEFI_PLATFORM_FIRMWARE_BLOB * data2 = (UEFI_PLATFORM_FIRMWARE_BLOB *)((UINT8 *)data + sizeof(UINT8) + blobdescsize);
+
+ char * eventdesc = (char *)calloc (1, 2*blobdescsize+1);
+ if (!eventdesc) {
+ LOG_ERR("failed to allocate memory: %s\n", strerror(errno));
+ return false;
+ }
+
+ bytes_to_str (data->BlobDescription, blobdescsize, eventdesc, 2*blobdescsize);
+
+ tpm2_tool_output(" Event:\n"
+ " BlobDescriptionSize: %d\n"
+ " BlobDescription: \"%.*s\"\n"
+ " BlobBase: 0x%" PRIx64 "\n"
+ " BlobLength: 0x%" PRIx64 "\n",
+ blobdescsize,
+ 2*blobdescsize,
+ eventdesc,
+ data2->BlobBase,
+ data2->BlobLength);
+
+ free(eventdesc);
+ return true;
+}
+
+
+
/* TCG PC Client PFP section 9.4.4 */
bool yaml_uefi_action(UINT8 const *action, size_t size) {
@@ -713,6 +750,7 @@ bool yaml_event2data(TCG_EVENT2 const *event, UINT32 type, uint32_t eventlog_ver
switch (type) {
case EV_EFI_VARIABLE_DRIVER_CONFIG:
case EV_EFI_VARIABLE_BOOT:
+ case EV_EFI_VARIABLE_BOOT2:
case EV_EFI_VARIABLE_AUTHORITY:
return yaml_uefi_var((UEFI_VARIABLE_DATA*)event->Event,
event->EventSize, type, eventlog_version);
@@ -721,6 +759,8 @@ bool yaml_event2data(TCG_EVENT2 const *event, UINT32 type, uint32_t eventlog_ver
case EV_S_CRTM_CONTENTS:
case EV_EFI_PLATFORM_FIRMWARE_BLOB:
return yaml_uefi_platfwblob((UEFI_PLATFORM_FIRMWARE_BLOB*)event->Event);
+ case EV_EFI_PLATFORM_FIRMWARE_BLOB2:
+ return yaml_uefi_platfwblob2((UEFI_PLATFORM_FIRMWARE_BLOB2*)event->Event);
case EV_EFI_ACTION:
return yaml_uefi_action(event->Event, event->EventSize);
case EV_IPL:
diff --git a/test/unit/test_tpm2_eventlog_yaml.c b/test/unit/test_tpm2_eventlog_yaml.c
index d4e30b0e..6881703b 100644
--- a/test/unit/test_tpm2_eventlog_yaml.c
+++ b/test/unit/test_tpm2_eventlog_yaml.c
@@ -47,6 +47,9 @@ def_eventtype_to_string(EV_EFI_GPT_EVENT)
def_eventtype_to_string(EV_EFI_ACTION)
def_eventtype_to_string(EV_EFI_PLATFORM_FIRMWARE_BLOB)
def_eventtype_to_string(EV_EFI_HANDOFF_TABLES)
+def_eventtype_to_string(EV_EFI_PLATFORM_FIRMWARE_BLOB2)
+def_eventtype_to_string(EV_EFI_HANDOFF_TABLES2)
+def_eventtype_to_string(EV_EFI_VARIABLE_BOOT2)
def_eventtype_to_string(EV_EFI_VARIABLE_AUTHORITY)
static void eventtype_to_string_default(void **state) {
@@ -141,6 +144,9 @@ int main(void) {
cmocka_unit_test(eventtype_to_string_EV_EFI_ACTION),
cmocka_unit_test(eventtype_to_string_EV_EFI_PLATFORM_FIRMWARE_BLOB),
cmocka_unit_test(eventtype_to_string_EV_EFI_HANDOFF_TABLES),
+ cmocka_unit_test(eventtype_to_string_EV_EFI_PLATFORM_FIRMWARE_BLOB2),
+ cmocka_unit_test(eventtype_to_string_EV_EFI_HANDOFF_TABLES2),
+ cmocka_unit_test(eventtype_to_string_EV_EFI_VARIABLE_BOOT2),
cmocka_unit_test(eventtype_to_string_EV_EFI_VARIABLE_AUTHORITY),
cmocka_unit_test(eventtype_to_string_default),
cmocka_unit_test(test_yaml_event2hdr_callback),
--
2.37.3

27
0003-Code-clarity-fix-for-calculation-of-data-member-addr.patch Normal file
View File

@ -0,0 +1,27 @@
From 18f211c7f28d204e5676a30480b681519316d87f Mon Sep 17 00:00:00 2001
From: George Almasi <gheorghe@us.ibm.com>
Date: Mon, 11 Apr 2022 12:12:45 +0000
Subject: [PATCH 3/9] Code clarity fix for calculation of data member addresses
when printing out UEFI_PLATFORM_FIRMWARE_BLOB2 structures.
Signed-off-by: George Almasi <gheorghe@us.ibm.com>
---
lib/tpm2_eventlog_yaml.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
index d2d4aefe..647a2225 100644
--- a/lib/tpm2_eventlog_yaml.c
+++ b/lib/tpm2_eventlog_yaml.c
@@ -536,7 +536,7 @@ bool yaml_uefi_platfwblob(UEFI_PLATFORM_FIRMWARE_BLOB *data) {
/* TCG PC Client PFP (02 dec 2020) section 10.2.5 */
bool yaml_uefi_platfwblob2(UEFI_PLATFORM_FIRMWARE_BLOB2 *data) {
UINT8 blobdescsize = data->BlobDescriptionSize;
- UEFI_PLATFORM_FIRMWARE_BLOB * data2 = (UEFI_PLATFORM_FIRMWARE_BLOB *)((UINT8 *)data + sizeof(UINT8) + blobdescsize);
+ UEFI_PLATFORM_FIRMWARE_BLOB * data2 = (UEFI_PLATFORM_FIRMWARE_BLOB *)((UINT8 *)data + sizeof(data->BlobDescriptionSize) + blobdescsize);
char * eventdesc = (char *)calloc (1, 2*blobdescsize+1);
if (!eventdesc) {
--
2.37.3

55
0004-tpm2_eventlog-clean-up-some-magic-numbers.patch Normal file
View File

@ -0,0 +1,55 @@
From 2781de8cb60d0e8efb72d57eb1178f2f6df9415c Mon Sep 17 00:00:00 2001
From: Jerry Snitselaar <jsnitsel@redhat.com>
Date: Tue, 2 Aug 2022 11:59:06 -0700
Subject: [PATCH 4/9] tpm2_eventlog: clean up some magic numbers
Make the code a bit clearer by making it clear
we are subtracting the size of the EFI_GUID member
from the EFI_SIGNATURE_DATA size.
Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
---
lib/tpm2_eventlog_yaml.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
index 647a2225..fee78027 100644
--- a/lib/tpm2_eventlog_yaml.c
+++ b/lib/tpm2_eventlog_yaml.c
@@ -374,13 +374,13 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
for (i = 0; i < signatures; i++) {
EFI_SIGNATURE_DATA *s = (EFI_SIGNATURE_DATA *)signature;
char *sdata = calloc (1,
- BYTES_TO_HEX_STRING_SIZE(slist->SignatureSize-16));
+ BYTES_TO_HEX_STRING_SIZE(slist->SignatureSize - sizeof(EFI_GUID)));
if (sdata == NULL) {
LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
return false;
}
- bytes_to_str(s->SignatureData, slist->SignatureSize-16,
- sdata, BYTES_TO_HEX_STRING_SIZE(slist->SignatureSize-16));
+ bytes_to_str(s->SignatureData, slist->SignatureSize - sizeof(EFI_GUID),
+ sdata, BYTES_TO_HEX_STRING_SIZE(slist->SignatureSize - sizeof(EFI_GUID)));
guid_unparse_lower(s->SignatureOwner, uuidstr);
tpm2_tool_output(" - SignatureOwner: %s\n"
" SignatureData: %s\n",
@@ -426,13 +426,13 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[
data->UnicodeNameLength];
char *sdata = calloc (1,
- BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - 16));
+ BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
if (sdata == NULL) {
LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
return false;
}
- bytes_to_str(s->SignatureData, data->VariableDataLength - 16,
- sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - 16));
+ bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID),
+ sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
guid_unparse_lower(s->SignatureOwner, uuidstr);
tpm2_tool_output(" - SignatureOwner: %s\n"
" SignatureData: %s\n",
--
2.37.3

209
0005-tpm2_eventlog_yaml-fix-malformed-YAML-for-EV_IPL-dat.patch Normal file
View File

@ -0,0 +1,209 @@
From cef0317b83e06fdca25ef52a8bfd59b74d318e5a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Thu, 29 Sep 2022 10:48:36 -0400
Subject: [PATCH 5/9] tpm2_eventlog_yaml: fix malformed YAML for EV_IPL data
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The code for printing EV_IPL data was fairly crude and often
did not generate valid YAML syntax. Some problems
* Data starting with a space would result in invalid
indentation, a leading space requires a quoted string
* Non-printable cahracters must generally be escaped,
using a quoted string
* Embedded NUL bytes were turned into newlines, which
mangled any UTF16 encoded data.
This change attempts to make the YAML output much safer. It
is not pefect as it just processes the data bytewise and
thus could potentially emit invalid UTF-8 bytes. In practice
this won't be a problem for known bootloader emitting EV_IPL
events.
This changes the formatting slightly
- All strings are now surrounded with double quotes
- All NUL bytes, including the final trailing NUL
are displayed in escaped format.
- Non-printable ASCII chars are escaped, including
the tab character, per YAML recommendations
A much better long term solution would be to switch to
using libyaml for generating the output which would give
a strong guarantee of correct formatting.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
lib/tpm2_eventlog_yaml.c | 141 ++++++++++++++++++++++++++++++++++++---
1 file changed, 130 insertions(+), 11 deletions(-)
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
index fee78027..66a20701 100644
--- a/lib/tpm2_eventlog_yaml.c
+++ b/lib/tpm2_eventlog_yaml.c
@@ -571,6 +571,125 @@ bool yaml_uefi_action(UINT8 const *action, size_t size) {
return true;
}
+
+
+/*
+ * The yaml_ipl description is received as raw bytes, but the
+ * data will represent a printable string. Unfortunately we
+ * are not told its encoding, and this can vary. For example,
+ * grub will use UTF8, while sd-boot will UTF16LE.
+ *
+ * We need to emit YAML with some rules:
+ *
+ * - No leading ' ' without quoting it
+ * - Escape non-printable ascii chars
+ * - Double quotes if using escape sequences
+ * - Valid UTF8 string
+ *
+ * This method will ignore the question of original data
+ * encoding and apply a few simple rules to make the data
+ * mostly YAML compliant. Where it falls down is not
+ * guaranteeing valid UTF8, if the input was not already
+ * valid UTF8. In practice this limitation shouldn't be
+ * a problem given expected measured data.
+ *
+ * Note: one consequence of this approach is that most
+ * UTF16LE data will be rendered with lots of \0 bytes
+ * escaped.
+ *
+ * For ease of output reading, the data is also split on newlines
+ */
+char **yaml_split_escape_string(UINT8 const *description, size_t size)
+{
+ char **lines = NULL, **tmp;
+ size_t nlines = 0;
+ size_t i, j, k;
+ size_t len;
+ UINT8 *nl;
+
+ i = 0;
+ do {
+ nl = memchr(description + i, '\n', size - i);
+ len = nl ? (size_t)(nl - (description + i)) : size - i;
+
+ tmp = realloc(lines, sizeof(char *) * (nlines + 2));
+ if (!tmp) {
+ LOG_ERR("failed to allocate memory for description lines: %s\n",
+ strerror(errno));
+ goto error;
+ }
+ lines = tmp;
+ lines[nlines + 1] = NULL;
+ k = 0;
+
+ /* Worst case: every byte needs escaping, plus start/end quotes, plus nul */
+ lines[nlines] = calloc(1, (len * 2) + 2 + 1);
+ if (!lines[nlines]) {
+ LOG_ERR("failed to allocate memory for escaped string: %s\n",
+ strerror(errno));
+ goto error;
+ }
+
+ lines[nlines][k++] = '"';
+ for (j = i; j < (i + len); j++) {
+ char escape = '\0';
+
+ switch (description[j]) {
+ case '\0':
+ escape = '0';
+ break;
+ case '\a':
+ escape = 'a';
+ break;
+ case '\b':
+ escape = 'b';
+ break;
+ case '\t':
+ escape = 't';
+ break;
+ case '\v':
+ escape = 'v';
+ break;
+ case '\f':
+ escape = 'f';
+ break;
+ case '\r':
+ escape = 'r';
+ break;
+ case '\e':
+ escape = 'e';
+ break;
+ case '\'':
+ escape = '\'';
+ break;
+ case '\\':
+ escape = '\\';
+ break;
+ }
+
+ if (escape == '\0') {
+ lines[nlines][k++] = description[j];
+ } else {
+ lines[nlines][k++] = '\\';
+ lines[nlines][k++] = escape;
+ }
+ }
+ lines[nlines][k++] = '"';
+
+ nlines++;
+ i += len + 1;
+ } while (i < size);
+
+ return lines;
+
+ error:
+ for (i = 0; lines != NULL && lines[i] != NULL; i++) {
+ free(lines[i]);
+ }
+ free(lines);
+ return NULL;
+}
+
/*
* TCG PC Client PFP section 9.4.1
* This event type is extensively used by the Shim and Grub on a wide varities
@@ -578,21 +697,21 @@ bool yaml_uefi_action(UINT8 const *action, size_t size) {
* the loading of grub, kernel, and initrd images.
*/
bool yaml_ipl(UINT8 const *description, size_t size) {
-
+ char **lines = NULL;
+ size_t i;
tpm2_tool_output(" Event:\n"
" String: |-\n");
- /* We need to handle when description contains multiple lines. */
- size_t i, j;
- for (i = 0; i < size; i++) {
- for (j = i; j < size; j++) {
- if (description[j] == '\n' || description[j] == '\0') {
- break;
- }
- }
- tpm2_tool_output(" %.*s\n", (int)(j - i), description+i);
- i = j;
+ lines = yaml_split_escape_string(description, size);
+ if (!lines) {
+ return false;
+ }
+
+ for (i = 0; lines[i] != NULL; i++) {
+ tpm2_tool_output(" %s\n", lines[i]);
+ free(lines[i]);
}
+ free(lines);
return true;
}
--
2.37.3

5678
0006-test-track-expected-YAML-output-for-eventlog.patch Normal file
View File

File diff suppressed because one or more lines are too long

92
0007-tpm2_eventlog_yaml-fix-parsing-for-MokListTrusted.patch Normal file
View File

@ -0,0 +1,92 @@
From c26464eb59b71b40bea11b4829b2a848343081f2 Mon Sep 17 00:00:00 2001
From: Thore Sommer <mail@thson.de>
Date: Sat, 8 Oct 2022 21:29:18 +0300
Subject: [PATCH 7/9] tpm2_eventlog_yaml: fix parsing for MokListTrusted
Not all data in events of the EV_EFI_VARIABLE_AUTHORITY are
EFI_SIGNATURE_DATA. The entry for MokListTrusted is a boolean
encoded as an integer similar to SecureBoot variable.
Fixes #3050
Signed-off-by: Thore Sommer <mail@thson.de>
---
lib/tpm2_eventlog_yaml.c | 60 +++++++++++++++++++++++++++-------------
1 file changed, 41 insertions(+), 19 deletions(-)
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
index 66a20701..0b1d0318 100644
--- a/lib/tpm2_eventlog_yaml.c
+++ b/lib/tpm2_eventlog_yaml.c
@@ -418,27 +418,49 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
}
return true;
}
- /* Other variables will be printed as a hex string */
} else if (type == EV_EFI_VARIABLE_AUTHORITY) {
- free(ret);
- tpm2_tool_output(" VariableData:\n");
-
- EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[
- data->UnicodeNameLength];
- char *sdata = calloc (1,
- BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
- if (sdata == NULL) {
- LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
- return false;
+ /* The MokListTrusted is boolean option, not a EFI_SIGNATURE_DATA*/
+ if ((strlen(ret) == 14 && strncmp(ret, "MokListTrusted", 14) == 0)) {
+ free(ret);
+ tpm2_tool_output(" VariableData:\n"
+ " Enabled: ");
+ if (data->VariableDataLength == 0) {
+ tpm2_tool_output("'No'\n");
+ } else if (data->VariableDataLength > 1) {
+ LOG_ERR("MokListTrusted value length %" PRIu64 " is unexpectedly > 1\n",
+ data->VariableDataLength);
+ return false;
+ } else {
+ uint8_t *variable_data = (uint8_t *)&data->UnicodeName[
+ data->UnicodeNameLength];
+ if (*variable_data == 0) {
+ tpm2_tool_output("'No'\n");
+ } else {
+ tpm2_tool_output("'Yes'\n");
+ }
+ }
+ return true;
+ } else {
+ /* Other variables will be printed as a hex string */
+ free(ret);
+ tpm2_tool_output(" VariableData:\n");
+ EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[
+ data->UnicodeNameLength];
+ char *sdata = calloc (1,
+ BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
+ if (sdata == NULL) {
+ LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
+ return false;
+ }
+ bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID),
+ sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
+ guid_unparse_lower(s->SignatureOwner, uuidstr);
+ tpm2_tool_output(" - SignatureOwner: %s\n"
+ " SignatureData: %s\n",
+ uuidstr, sdata);
+ free(sdata);
+ return true;
}
- bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID),
- sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
- guid_unparse_lower(s->SignatureOwner, uuidstr);
- tpm2_tool_output(" - SignatureOwner: %s\n"
- " SignatureData: %s\n",
- uuidstr, sdata);
- free(sdata);
- return true;
} else if (type == EV_EFI_VARIABLE_BOOT || type == EV_EFI_VARIABLE_BOOT2) {
if ((strlen(ret) == 9 && strncmp(ret, "BootOrder", 9) == 0)) {
free(ret);
--
2.37.3

1462
0008-tests-add-eventlog-for-parsing-MokListTrusted.patch Normal file
View File

File diff suppressed because it is too large Load Diff

87
0009-tpm2_eventlog_yaml-use-defines-for-Unicode-variables.patch Normal file
View File

@ -0,0 +1,87 @@
From e05d4ac57960b9aa81943254f5757405a5217616 Mon Sep 17 00:00:00 2001
From: Thore Sommer <mail@thson.de>
Date: Tue, 11 Oct 2022 08:44:44 +0300
Subject: [PATCH 9/9] tpm2_eventlog_yaml: use defines for Unicode variables
The used variables and their length are defined as the following:
- Name: NAME_{VARIABLE_NAME}
- Length: NAME_{VARIABLE_NAME}_LEN
Signed-off-by: Thore Sommer <mail@thson.de>
---
lib/tpm2_eventlog_yaml.c | 30 +++++++++++++++++++++++-------
1 file changed, 23 insertions(+), 7 deletions(-)
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
index 0b1d0318..59a5d8fc 100644
--- a/lib/tpm2_eventlog_yaml.c
+++ b/lib/tpm2_eventlog_yaml.c
@@ -23,6 +23,22 @@
#include <efivar/efivar.h>
#endif
+/* Valid variable unicode names and their length */
+#define NAME_DB "db"
+#define NAME_DB_LEN 2
+#define NAME_DBX "dbx"
+#define NAME_DBX_LEN 3
+#define NAME_KEK "KEK"
+#define NAME_KEK_LEN 3
+#define NAME_PK "PK"
+#define NAME_PK_LEN 2
+#define NAME_MOKLISTTRUSTED "MokListTrusted"
+#define NAME_MOKLISTTRUSTED_LEN 14
+#define NAME_SECUREBOOT "SecureBoot"
+#define NAME_SECUREBOOT_LEN 10
+#define NAME_BOOTORDER "BootOrder"
+#define NAME_BOOTORDER_LEN 9
+
static void guid_unparse_lower(EFI_GUID guid, char guid_buf[37]) {
snprintf(guid_buf, 37, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
@@ -321,10 +337,10 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
* respectively.
*/
if (type == EV_EFI_VARIABLE_DRIVER_CONFIG) {
- if ((strlen(ret) == 2 && strncmp(ret, "PK", 2) == 0) ||
- (strlen(ret) == 3 && strncmp(ret, "KEK", 3) == 0) ||
- (strlen(ret) == 2 && strncmp(ret, "db", 2) == 0) ||
- (strlen(ret) == 3 && strncmp(ret, "dbx", 3) == 0)) {
+ if ((strlen(ret) == NAME_PK_LEN && strncmp(ret, NAME_PK, NAME_PK_LEN) == 0) ||
+ (strlen(ret) == NAME_KEK_LEN && strncmp(ret, NAME_KEK, NAME_KEK_LEN) == 0) ||
+ (strlen(ret) == NAME_DB_LEN && strncmp(ret, NAME_DB, NAME_DB_LEN) == 0) ||
+ (strlen(ret) == NAME_DBX_LEN && strncmp(ret, NAME_DBX, NAME_DBX_LEN) == 0)) {
free(ret);
tpm2_tool_output(" VariableData:\n");
@@ -397,7 +413,7 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
variable_data += slist->SignatureListSize;
}
return true;
- } else if ((strlen(ret) == 10 && strncmp(ret, "SecureBoot", 10) == 0)) {
+ } else if ((strlen(ret) == NAME_SECUREBOOT_LEN && strncmp(ret, NAME_SECUREBOOT, NAME_SECUREBOOT_LEN) == 0)) {
free(ret);
tpm2_tool_output(" VariableData:\n"
" Enabled: ");
@@ -420,7 +436,7 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
}
} else if (type == EV_EFI_VARIABLE_AUTHORITY) {
/* The MokListTrusted is boolean option, not a EFI_SIGNATURE_DATA*/
- if ((strlen(ret) == 14 && strncmp(ret, "MokListTrusted", 14) == 0)) {
+ if ((strlen(ret) == NAME_MOKLISTTRUSTED_LEN && strncmp(ret, NAME_MOKLISTTRUSTED, NAME_MOKLISTTRUSTED_LEN) == 0)) {
free(ret);
tpm2_tool_output(" VariableData:\n"
" Enabled: ");
@@ -462,7 +478,7 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
return true;
}
} else if (type == EV_EFI_VARIABLE_BOOT || type == EV_EFI_VARIABLE_BOOT2) {
- if ((strlen(ret) == 9 && strncmp(ret, "BootOrder", 9) == 0)) {
+ if ((strlen(ret) == NAME_BOOTORDER_LEN && strncmp(ret, NAME_BOOTORDER, NAME_BOOTORDER_LEN) == 0)) {
free(ret);
tpm2_tool_output(" VariableData:\n");
--
2.37.3

3
tests/runtest.sh
View File

@ -15,8 +15,9 @@ TPM2_SIM=swtpm
TPM2_TOOLS_TEST_FIXTURES=`pwd`/source/test/integration/fixtures
PATH=.:$PATH
abs_srcdir=`pwd`/source
srcdir=$abs_srcdir
test_drv=`rpm -ql automake | grep test-driver`
export TPM2_ABRMD TPM2_SIM TPM2_TOOLS_TEST_FIXTURES PATH abs_srcdir
export TPM2_ABRMD TPM2_SIM TPM2_TOOLS_TEST_FIXTURES PATH abs_srcdir srcdir
pushd source/test/integration
for t in `ls tests/*.sh`

18
tpm2-tools.spec
View File

@ -2,7 +2,7 @@
Name: tpm2-tools
Version: 5.2
Release: 1%{?candidate:.%{candidate}}%{?dist}
Release: 2%{?candidate:.%{candidate}}%{?dist}
Summary: A bunch of TPM testing toolS build upon tpm2-tss
License: BSD
@ -11,7 +11,17 @@ Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version
Patch0: 0019-build-Use-hardcoded-version-variable.patch
Patch1: test-fixup.patch
Patch2: 0001-testparms-fix-condition-for-negative-test.patch
Patch3: 0001-lib-tpm2_eventlog_yaml-use-char16_t-for-UEFI-charact.patch
Patch4: 0002-Patch-set-for-handling-of-new-event-types-in-tpm2_ev.patch
Patch5: 0003-Code-clarity-fix-for-calculation-of-data-member-addr.patch
Patch6: 0004-tpm2_eventlog-clean-up-some-magic-numbers.patch
Patch7: 0005-tpm2_eventlog_yaml-fix-malformed-YAML-for-EV_IPL-dat.patch
Patch8: 0006-test-track-expected-YAML-output-for-eventlog.patch
Patch9: 0007-tpm2_eventlog_yaml-fix-parsing-for-MokListTrusted.patch
Patch10: 0008-tests-add-eventlog-for-parsing-MokListTrusted.patch
Patch11: 0009-tpm2_eventlog_yaml-use-defines-for-Unicode-variables.patch
BuildRequires: git
BuildRequires: make
BuildRequires: gcc-c++
BuildRequires: libtool
@ -32,7 +42,7 @@ Requires: tpm2-tss%{?_isa} >= 2.3.1
tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss.
%prep
%autosetup -p1 -n %{name}-%{version}%{?candidate:-%{candidate}}
%autosetup -S git -p1 -n %{name}-%{version}%{?candidate:-%{candidate}}
%build
autoreconf -i
@ -61,6 +71,10 @@ autoreconf -i
%{_mandir}/man1/tss2_*.1.gz
%changelog
* Wed Oct 19 2022 Štěpán Horáček <shoracek@redhat.com> - 5.2-2
- Fix eventlog output.
Resolves: rhbz#2136215
* Tue May 31 2022 Jerry Snitselaar <jsnitsel@redhat.com> - 5.2-1
- Rebase to 5.2 release.
Resolves: rhbz#2090748