#include <efi_tcg2.h>
#include <log.h>
#include <malloc.h>
+#include <smbios.h>
#include <version_string.h>
#include <tpm-v2.h>
#include <u-boot/hash-checksum.h>
return ret;
}
+/**
+ * tcg2_measure_smbios() - measure smbios table
+ *
+ * @dev: TPM device
+ * @entry: pointer to the smbios_entry structure
+ *
+ * Return: status code
+ */
+static efi_status_t
+tcg2_measure_smbios(struct udevice *dev,
+ const struct smbios_entry *entry)
+{
+ efi_status_t ret;
+ struct smbios_header *smbios_copy;
+ struct smbios_handoff_table_pointers2 *event = NULL;
+ u32 event_size;
+
+ /*
+ * TCG PC Client PFP Spec says
+ * "SMBIOS structures that contain static configuration information
+ * (e.g. Platform Manufacturer Enterprise Number assigned by IANA,
+ * platform model number, Vendor and Device IDs for each SMBIOS table)
+ * that is relevant to the security of the platform MUST be measured".
+ * Device dependent parameters such as serial number are cleared to
+ * zero or spaces for the measurement.
+ */
+ event_size = sizeof(struct smbios_handoff_table_pointers2) +
+ FIELD_SIZEOF(struct efi_configuration_table, guid) +
+ entry->struct_table_length;
+ event = calloc(1, event_size);
+ if (!event) {
+ ret = EFI_OUT_OF_RESOURCES;
+ goto out;
+ }
+
+ event->table_description_size = sizeof(SMBIOS_HANDOFF_TABLE_DESC);
+ memcpy(event->table_description, SMBIOS_HANDOFF_TABLE_DESC,
+ sizeof(SMBIOS_HANDOFF_TABLE_DESC));
+ put_unaligned_le64(1, &event->number_of_tables);
+ guidcpy(&event->table_entry[0].guid, &smbios_guid);
+ smbios_copy = (struct smbios_header *)((uintptr_t)&event->table_entry[0].table);
+ memcpy(&event->table_entry[0].table,
+ (void *)((uintptr_t)entry->struct_table_address),
+ entry->struct_table_length);
+
+ smbios_prepare_measurement(entry, smbios_copy);
+
+ ret = tcg2_measure_event(dev, 1, EV_EFI_HANDOFF_TABLES2, event_size,
+ (u8 *)event);
+ if (ret != EFI_SUCCESS)
+ goto out;
+
+out:
+ free(event);
+
+ return ret;
+}
+
+/**
+ * find_smbios_table() - find smbios table
+ *
+ * Return: pointer to the smbios table
+ */
+static void *find_smbios_table(void)
+{
+ u32 i;
+
+ for (i = 0; i < systab.nr_tables; i++) {
+ if (!guidcmp(&smbios_guid, &systab.tables[i].guid))
+ return systab.tables[i].table;
+ }
+
+ return NULL;
+}
+
/**
* efi_tcg2_measure_efi_app_invocation() - measure efi app invocation
*
u32 pcr_index;
struct udevice *dev;
u32 event = 0;
+ struct smbios_entry *entry;
if (tcg2_efi_app_invoked)
return EFI_SUCCESS;
if (ret != EFI_SUCCESS)
goto out;
+ entry = (struct smbios_entry *)find_smbios_table();
+ if (entry) {
+ ret = tcg2_measure_smbios(dev, entry);
+ if (ret != EFI_SUCCESS)
+ goto out;
+ }
+
for (pcr_index = 0; pcr_index <= 7; pcr_index++) {
ret = tcg2_measure_event(dev, pcr_index, EV_SEPARATOR,
sizeof(event), (u8 *)&event);
return entry;
}
-static const struct smbios_header *next_header(const struct smbios_header *curr)
+static u8 *find_next_header(u8 *pos)
{
- u8 *pos = ((u8 *)curr) + curr->length;
-
/* search for _double_ NULL bytes */
while (!((*pos == 0) && (*(pos + 1) == 0)))
pos++;
/* step behind the double NULL bytes */
pos += 2;
- return (struct smbios_header *)pos;
+ return pos;
+}
+
+static struct smbios_header *get_next_header(struct smbios_header *curr)
+{
+ u8 *pos = ((u8 *)curr) + curr->length;
+
+ return (struct smbios_header *)find_next_header(pos);
+}
+
+static const struct smbios_header *next_header(const struct smbios_header *curr)
+{
+ u8 *pos = ((u8 *)curr) + curr->length;
+
+ return (struct smbios_header *)find_next_header(pos);
}
const struct smbios_header *smbios_header(const struct smbios_entry *entry, int type)
{
const unsigned int num_header = entry->struct_count;
- const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address;
+ const struct smbios_header *header = (struct smbios_header *)((uintptr_t)entry->struct_table_address);
for (unsigned int i = 0; i < num_header; i++) {
if (header->type == type)
return NULL;
}
-static const char *string_from_smbios_table(const struct smbios_header *header,
- int idx)
+static char *string_from_smbios_table(const struct smbios_header *header,
+ int idx)
{
unsigned int i = 1;
u8 *pos;
pos++;
}
- return (const char *)pos;
+ return (char *)pos;
}
-const char *smbios_string(const struct smbios_header *header, int index)
+char *smbios_string(const struct smbios_header *header, int index)
{
if (!header)
return NULL;
if (!hdr)
return log_msg_ret("tab", -ENOENT);
bios = (struct smbios_type0 *)hdr;
- ptr = (char *)smbios_string(hdr, bios->bios_ver);
+ ptr = smbios_string(hdr, bios->bios_ver);
if (!ptr)
return log_msg_ret("str", -ENOMEDIUM);
return 0;
}
+
+struct smbios_filter_param {
+ u32 offset;
+ u32 size;
+ bool is_string;
+};
+
+struct smbios_filter_table {
+ int type;
+ struct smbios_filter_param *params;
+ u32 count;
+};
+
+struct smbios_filter_param smbios_type1_filter_params[] = {
+ {offsetof(struct smbios_type1, serial_number),
+ FIELD_SIZEOF(struct smbios_type1, serial_number), true},
+ {offsetof(struct smbios_type1, uuid),
+ FIELD_SIZEOF(struct smbios_type1, uuid), false},
+ {offsetof(struct smbios_type1, wakeup_type),
+ FIELD_SIZEOF(struct smbios_type1, wakeup_type), false},
+};
+
+struct smbios_filter_param smbios_type2_filter_params[] = {
+ {offsetof(struct smbios_type2, serial_number),
+ FIELD_SIZEOF(struct smbios_type2, serial_number), true},
+ {offsetof(struct smbios_type2, chassis_location),
+ FIELD_SIZEOF(struct smbios_type2, chassis_location), false},
+};
+
+struct smbios_filter_param smbios_type3_filter_params[] = {
+ {offsetof(struct smbios_type3, serial_number),
+ FIELD_SIZEOF(struct smbios_type3, serial_number), true},
+ {offsetof(struct smbios_type3, asset_tag_number),
+ FIELD_SIZEOF(struct smbios_type3, asset_tag_number), true},
+};
+
+struct smbios_filter_param smbios_type4_filter_params[] = {
+ {offsetof(struct smbios_type4, serial_number),
+ FIELD_SIZEOF(struct smbios_type4, serial_number), true},
+ {offsetof(struct smbios_type4, asset_tag),
+ FIELD_SIZEOF(struct smbios_type4, asset_tag), true},
+ {offsetof(struct smbios_type4, part_number),
+ FIELD_SIZEOF(struct smbios_type4, part_number), true},
+ {offsetof(struct smbios_type4, core_count),
+ FIELD_SIZEOF(struct smbios_type4, core_count), false},
+ {offsetof(struct smbios_type4, core_enabled),
+ FIELD_SIZEOF(struct smbios_type4, core_enabled), false},
+ {offsetof(struct smbios_type4, thread_count),
+ FIELD_SIZEOF(struct smbios_type4, thread_count), false},
+ {offsetof(struct smbios_type4, core_count2),
+ FIELD_SIZEOF(struct smbios_type4, core_count2), false},
+ {offsetof(struct smbios_type4, core_enabled2),
+ FIELD_SIZEOF(struct smbios_type4, core_enabled2), false},
+ {offsetof(struct smbios_type4, thread_count2),
+ FIELD_SIZEOF(struct smbios_type4, thread_count2), false},
+ {offsetof(struct smbios_type4, voltage),
+ FIELD_SIZEOF(struct smbios_type4, voltage), false},
+};
+
+struct smbios_filter_table smbios_filter_tables[] = {
+ {SMBIOS_SYSTEM_INFORMATION, smbios_type1_filter_params,
+ ARRAY_SIZE(smbios_type1_filter_params)},
+ {SMBIOS_BOARD_INFORMATION, smbios_type2_filter_params,
+ ARRAY_SIZE(smbios_type2_filter_params)},
+ {SMBIOS_SYSTEM_ENCLOSURE, smbios_type3_filter_params,
+ ARRAY_SIZE(smbios_type3_filter_params)},
+ {SMBIOS_PROCESSOR_INFORMATION, smbios_type4_filter_params,
+ ARRAY_SIZE(smbios_type4_filter_params)},
+};
+
+static void clear_smbios_table(struct smbios_header *header,
+ struct smbios_filter_param *filter,
+ u32 count)
+{
+ u32 i;
+ char *str;
+ u8 string_id;
+
+ for (i = 0; i < count; i++) {
+ if (filter[i].is_string) {
+ string_id = *((u8 *)header + filter[i].offset);
+ if (string_id == 0) /* string is empty */
+ continue;
+
+ str = smbios_string(header, string_id);
+ if (!str)
+ continue;
+
+ /* string is cleared to space, keep '\0' terminator */
+ memset(str, ' ', strlen(str));
+
+ } else {
+ memset((void *)((u8 *)header + filter[i].offset),
+ 0, filter[i].size);
+ }
+ }
+}
+
+void smbios_prepare_measurement(const struct smbios_entry *entry,
+ struct smbios_header *smbios_copy)
+{
+ u32 i, j;
+ struct smbios_header *header;
+
+ for (i = 0; i < ARRAY_SIZE(smbios_filter_tables); i++) {
+ header = smbios_copy;
+ for (j = 0; j < entry->struct_count; j++) {
+ if (header->type == smbios_filter_tables[i].type)
+ break;
+
+ header = get_next_header(header);
+ }
+ if (j >= entry->struct_count)
+ continue;
+
+ clear_smbios_table(header,
+ smbios_filter_tables[i].params,
+ smbios_filter_tables[i].count);
+ }
+}