Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/drivers/firmware/efi/libstub/tpm.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * TPM handling.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Copyright (C) 2016 CoreOS, Inc
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  * Copyright (C) 2017 Google, Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  *     Matthew Garrett <mjg59@google.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  *     Thiebaud Weksteen <tweek@google.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #include <linux/efi.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #include <linux/tpm_eventlog.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <asm/efi.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include "efistub.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #ifdef CONFIG_RESET_ATTACK_MITIGATION
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) static const efi_char16_t efi_MemoryOverWriteRequest_name[] =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) 	L"MemoryOverwriteRequestControl";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #define MEMORY_ONLY_RESET_CONTROL_GUID \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 	EFI_GUID(0xe20939be, 0x32d4, 0x41be, 0xa1, 0x50, 0x89, 0x7f, 0x85, 0xd4, 0x98, 0x29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24)  * Enable reboot attack mitigation. This requests that the firmware clear the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25)  * RAM on next reboot before proceeding with boot, ensuring that any secrets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26)  * are cleared. If userland has ensured that all secrets have been removed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27)  * from RAM before reboot it can simply reset this variable.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) void efi_enable_reset_attack_mitigation(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 	u8 val = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 	efi_guid_t var_guid = MEMORY_ONLY_RESET_CONTROL_GUID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 	efi_status_t status;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 	unsigned long datasize = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 	status = get_efi_var(efi_MemoryOverWriteRequest_name, &var_guid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 			     NULL, &datasize, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 	if (status == EFI_NOT_FOUND)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 	set_efi_var(efi_MemoryOverWriteRequest_name, &var_guid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 		    EFI_VARIABLE_NON_VOLATILE |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 		    EFI_VARIABLE_BOOTSERVICE_ACCESS |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 		    EFI_VARIABLE_RUNTIME_ACCESS, sizeof(val), &val);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) void efi_retrieve_tpm2_eventlog(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 	efi_guid_t linux_eventlog_guid = LINUX_EFI_TPM_EVENT_LOG_GUID;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 	efi_status_t status;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 	efi_physical_addr_t log_location = 0, log_last_entry = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 	struct linux_efi_tpm_eventlog *log_tbl = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 	struct efi_tcg2_final_events_table *final_events_table = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 	unsigned long first_entry_addr, last_entry_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 	size_t log_size, last_entry_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 	efi_bool_t truncated;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 	int version = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 	efi_tcg2_protocol_t *tcg2_protocol = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 	int final_events_size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	status = efi_bs_call(locate_protocol, &tcg2_guid, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 			     (void **)&tcg2_protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	if (status != EFI_SUCCESS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 	status = efi_call_proto(tcg2_protocol, get_event_log, version,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 				&log_location, &log_last_entry, &truncated);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 	if (status != EFI_SUCCESS || !log_location) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 		version = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 		status = efi_call_proto(tcg2_protocol, get_event_log, version,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 					&log_location, &log_last_entry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 					&truncated);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 		if (status != EFI_SUCCESS || !log_location)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 			return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 	first_entry_addr = (unsigned long) log_location;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	 * We populate the EFI table even if the logs are empty.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 	if (!log_last_entry) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 		log_size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 		last_entry_addr = (unsigned long) log_last_entry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 		/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 		 * get_event_log only returns the address of the last entry.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 		 * We need to calculate its size to deduce the full size of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 		 * the logs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 		 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 		if (version == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 			/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 			 * The TCG2 log format has variable length entries,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 			 * and the information to decode the hash algorithms
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 			 * back into a size is contained in the first entry -
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 			 * pass a pointer to the final entry (to calculate its
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 			 * size) and the first entry (so we know how long each
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 			 * digest is)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 			 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 			last_entry_size =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 				__calc_tpm2_event_size((void *)last_entry_addr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 						    (void *)(long)log_location,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 						    false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 		} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 			last_entry_size = sizeof(struct tcpa_event) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 			   ((struct tcpa_event *) last_entry_addr)->event_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 		log_size = log_last_entry - log_location + last_entry_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	/* Allocate space for the logs and copy them. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 	status = efi_bs_call(allocate_pool, EFI_LOADER_DATA,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 			     sizeof(*log_tbl) + log_size, (void **)&log_tbl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 	if (status != EFI_SUCCESS) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 		efi_err("Unable to allocate memory for event log\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 	 * Figure out whether any events have already been logged to the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 	 * final events structure, and if so how much space they take up
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 	if (version == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 		final_events_table = get_efi_config_table(LINUX_EFI_TPM_FINAL_LOG_GUID);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 	if (final_events_table && final_events_table->nr_events) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 		struct tcg_pcr_event2_head *header;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 		int offset;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 		void *data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 		int event_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 		int i = final_events_table->nr_events;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 		data = (void *)final_events_table;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 		offset = sizeof(final_events_table->version) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 			sizeof(final_events_table->nr_events);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 		while (i > 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 			header = data + offset + final_events_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 			event_size = __calc_tpm2_event_size(header,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 						   (void *)(long)log_location,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 						   false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 			final_events_size += event_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 			i--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 	memset(log_tbl, 0, sizeof(*log_tbl) + log_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 	log_tbl->size = log_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 	log_tbl->final_events_preboot_size = final_events_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 	log_tbl->version = version;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 	memcpy(log_tbl->log, (void *) first_entry_addr, log_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	status = efi_bs_call(install_configuration_table,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 			     &linux_eventlog_guid, log_tbl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 	if (status != EFI_SUCCESS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 		goto err_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 	return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) err_free:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	efi_bs_call(free_pool, log_tbl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.