Open Menu / boot / bootctl / simple_meas.c
Loading...
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
// SPDX-License-Identifier: GPL-2.0+
/*
 * Simple control of which display/output to use while booting
 *
 * Copyright 2025 Canonical Ltd
 * Written by Simon Glass <simon.glass@canonical.com>
 */

#define LOG_CATEGORY	UCLASS_BOOTCTL

#include <bloblist.h>
#include <dm.h>
#include <tpm_api.h>
#include <tpm_tcg2.h>
#include <version_string.h>
#include <bootctl/measure.h>
#include <bootctl/oslist.h>
#include <linux/sizes.h>

enum {
	/* align TPM log to 4K boundary */
	ALIGN_LOG2	= 12,
};

/**
 * enum meas_algo_t - Available algorithms
 *
 * @ALGOT_SHA256: SHA256
 * @ALGOT_COUNT: Number of algorithms
 */
enum meas_algo_t {
	ALGOT_SHA256,

	ALGOT_COUNT,
};

/**
 * enum meas_payload_t - Types of things we can measure
 *
 * @PAYLOADT_OS: Operating system
 * @PAYLOADT_INITRD: Initial ramdisk
 * @PAYLOADT_FDT: Flattened devicetree
 * @PAYLOADT_CMDLINE: OS command line
 * @PAYLOADT_COUNT: Number of payload types
 */
enum meas_payload_t {
	PAYLOADT_OS,
	PAYLOADT_INITRD,
	PAYLOADT_FDT,
	PAYLOADT_CMDLINE,

	PAYLOADT_COUNT,
};

/**
 * struct meas_step - An individual measurement, e.g. for a single image
 *
 * For now only tpm-pcr is supported, so there is no field for the method - it
 * is assumed to be tpm-pcr
 *
 * These parameters are read from the devicetree.
 *
 * @payload_type: Image type to measure
 * @algos: Bitmap of algorithms to use to measure in this step
 * @pcr: TPM Platform Configuration Register to use for this step
 * @optional: true if it is OK if the image is missing and cannot be measured
 */
struct meas_step {
	enum meas_payload_t type;
	uint algos;
	uint pcr;
	bool optional;
};

/**
 * struct measure_priv - Private information for the measure driver
 *
 * @tpm: TPM to use for measurement
 * @tpm_log_size: Configured of TPM log
 * @elog: Information about TPM log
 * @steps: List of measurement steps, each struct measure_step
 */
struct measure_priv {
	struct udevice *tpm;
	u32 tpm_log_size;
	struct tcg2_event_log elog;
	struct alist steps;
};

static const char *const algo_name[ALGOT_COUNT] = {
	[ALGOT_SHA256] = "sha256"
};

static struct payload {
	const char *name;
	enum bootflow_img_t type;
} payload_info[PAYLOADT_COUNT] = {
	[PAYLOADT_OS]		= {"os", (enum bootflow_img_t)IH_TYPE_KERNEL},
	[PAYLOADT_INITRD]	= {"initrd",
				         (enum bootflow_img_t)IH_TYPE_RAMDISK},
	[PAYLOADT_FDT]		= {"fdt", (enum bootflow_img_t)IH_TYPE_FLATDT},
	[PAYLOADT_CMDLINE]	= {"cmdline", BFI_CMDLINE},
};

static int simple_start(struct udevice *dev)
{
	struct measure_priv *priv = dev_get_priv(dev);
	struct tcg2_event_log *elog = &priv->elog;
	struct udevice *tpm = priv->tpm;
	int ret, size;
	void *blob;

	if (!IS_ENABLED(CONFIG_TPM_V2) || !IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL))
		return log_msg_ret("spt", -ENOSYS);

	blob = bloblist_get_blob(BLOBLISTT_TPM_EVLOG, &size);
	if (blob) {
		if (size < priv->tpm_log_size)
			return log_msg_ret("spb", -ENOBUFS);

		/* we don't support changing the alignment at present */
		if ((ulong)blob != ALIGN((ulong)blob, 1 << ALIGN_LOG2))
			return log_msg_ret("spf", -EBADF);

		ret = bloblist_resize(BLOBLISTT_TPM_EVLOG, priv->tpm_log_size);
		if (ret)
			return log_msg_ret("msr", ret);
	} else {
		blob = bloblist_add(BLOBLISTT_TPM_EVLOG, priv->tpm_log_size,
				    ALIGN_LOG2);
		if (!blob)
			return log_msg_ret("sps", -ENOSPC);
	}

	ret = tpm_auto_start(tpm);
	if (ret)
		return log_msg_ret("spa", ret);

	elog->log = blob;
	elog->log_size = priv->tpm_log_size;
	ret = tcg2_log_init(tpm, elog);
	if (ret)
		return log_msg_ret("spi", ret);

	ret = tcg2_measure_event(tpm, elog, 0, EV_S_CRTM_VERSION,
				 strlen(version_string) + 1, version_string);
	if (ret) {
		tcg2_measurement_term(tpm, elog, true);
		return log_msg_ret("spe", ret);
	}

	return 0;
}

static const char *get_typename(enum bootflow_img_t type)
{
	switch ((int)type) {
	case IH_TYPE_KERNEL:
		return "linux";
	case IH_TYPE_RAMDISK:
		return "initrd";
	case IH_TYPE_FLATDT:
		return "dts";
	default:
		return NULL;
	}
}

static int simple_process(struct udevice *dev, const struct osinfo *osinfo,
			  struct alist *result)
{
	const struct bootflow *bflow = &osinfo->bflow;
	struct measure_priv *priv = dev_get_priv(dev);
	struct tcg2_event_log *elog = &priv->elog;
	const struct meas_step *step;

	if (!IS_ENABLED(CONFIG_TPM_V2) || !IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL))
		return log_msg_ret("ptp", -ENOSYS);

	alist_init_struct(result, struct measure_info);
	alist_for_each(step, &priv->steps) {
		enum bootflow_img_t type = payload_info[step->type].type;
		const struct bootflow_img *img;
		struct measure_info info;
		const char *typename;
		const void *ptr;
		int ret;

		log_debug("measuring %s\n", payload_info[step->type].name);
		img = bootflow_img_find(bflow, type);
		if (!img) {
			if (step->optional)
				continue;
			log_err("Missing image '%s'\n",
				bootflow_img_type_name(type));
			return log_msg_ret("smi", -ENOENT);
		}

		ptr = map_sysmem(img->addr, img->size);
		typename = get_typename(img->type);
		if (!typename) {
			log_err("Unknown image type %d (%s)\n", img->type,
				bootflow_img_type_name(img->type));
			return log_msg_ret("pim", -EINVAL);
		}

		/*
		 * TODO: Use the requested algos or at least check that the TPM
		 * supports them
		 *
		 * tcg2_measure_data() actually measures with the algorithms
		 * determined by the TPM. It also does this silently, so we
		 * don't really know what it did.
		 *
		 * See tcg2_get_pcr_info() for where this information is
		 * collected. We should add a function to the API that lets us
		 * see what is active
		 *
		 * Really the TPM code this should be integrated with the hash.h
		 * code too, rather than having parallel tables.
		 */
		ret = tcg2_measure_data(priv->tpm, elog, 8, img->size, ptr,
					EV_COMPACT_HASH, strlen(typename) + 1
					, typename);
		if (ret)
			return log_msg_ret("stc", ret);
		log_debug("Measured '%s'\n", bootflow_img_type_name(type));

		info.img = img;
		if (!alist_add(result, img))
			return log_msg_ret("sra", -ENOMEM);
	}

	return 0;
}

static int measure_probe(struct udevice *dev)
{
	struct measure_priv *priv = dev_get_priv(dev);
	struct udevice *tpm;

	if (!IS_ENABLED(CONFIG_TPM_V2))
		return log_msg_ret("spT", -ENOSYS);

	/*
	 * TODO: We have to probe TPMs to find out what version they are. This
	 * could be updated to happen in the bind() method of the TPM
	 */
	uclass_foreach_dev_probe(UCLASS_TPM, tpm) {
		if (tpm_get_version(tpm) == TPM_V2) {
			priv->tpm = tpm;
			break;
		}
	}

	/* TODO: Add policy for what to do in this case */
	if (!priv->tpm)
		log_warning("TPM not present\n");

	return 0;
}

static int measure_of_to_plat(struct udevice *dev)
{
	struct measure_priv *priv = dev_get_priv(dev);
	ofnode node;

	alist_init_struct(&priv->steps, struct meas_step);

	priv->tpm_log_size = SZ_64K;
	dev_read_u32(dev, "tpm-log-size", &priv->tpm_log_size);

	/* errors should not happen in production code, so use log_debug() */
	for (node = ofnode_first_subnode(dev_ofnode(dev)); ofnode_valid(node);
	     node = ofnode_next_subnode(node)) {
		const char *node_name = ofnode_get_name(node);
		const char *method = ofnode_read_string(node, "method");
		struct meas_step step = {0};
		int count, i, j, ret, found;

		/* for now we use the node name as the payload name */
		for (j = 0, found = -1; j < ARRAY_SIZE(payload_info); j++) {
			if (!strcmp(payload_info[j].name, node_name))
				found = j;
		}
		if (found == -1) {
			log_debug("Unknown payload '%s'\n", node_name);
			return log_msg_ret("mta", -EINVAL);
		}
		step.type = found;
		step.optional = ofnode_read_bool(node, "optional");

		if (!method || strcmp("tpm-pcr", method)) {
			log_debug("Unknown method in '%s': '%s'\n", node_name,
				  method);
			return log_msg_ret("mtp", -EINVAL);
		}

		ret = ofnode_read_u32(node, "pcr-number", &step.pcr);
		if (ret) {
			log_debug("Missing pcr-number in '%s'", node_name);
			return log_msg_ret("mtP", ret);
		}

		count = ofnode_read_string_count(node, "algos");
		if (count < 1) {
			log_debug("Missing algos in '%s'\n", node_name);
			return log_msg_ret("mta", -EINVAL);
		}

		for (i = 0; i < count; i++) {
			const char *name;

			ret = ofnode_read_string_index(node, "algos", i, &name);
			if (ret)
				return log_msg_ret("mta", ret);
			for (j = 0, found = -1;
			     j < ARRAY_SIZE(algo_name); j++) {
				if (!strcmp(algo_name[j], name))
					found = j;
			}
			if (found == -1) {
				log_debug("Unknown algo in '%s': '%s'\n",
					  node_name, name);
				return log_msg_ret("mta", -EINVAL);
			}
			step.algos |= BIT(found);
		}

		if (!alist_add(&priv->steps, step))
			return log_msg_ret("mal", -ENOMEM);
	}

	return 0;
}

static struct bc_measure_ops measure_ops = {
	.start		= simple_start,
	.process	= simple_process,
};

static const struct udevice_id measure_ids[] = {
	{ .compatible = "bootctl,simple-measure" },
	{ .compatible = "bootctl,measure" },
	{ }
};

U_BOOT_DRIVER(simple_measure) = {
	.name		= "simple_meas",
	.id		= UCLASS_BOOTCTL_MEASURE,
	.of_match	= measure_ids,
	.ops		= &measure_ops,
	.priv_auto	= sizeof(struct measure_priv),
	.of_to_plat	= measure_of_to_plat,
	.probe		= measure_probe,
};