|
 |
d9d99f |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
d9d99f |
From: Matthew Garrett <mjg59@srcf.ucam.org>
|
|
|
d9d99f |
Date: Mon, 10 Aug 2015 15:27:12 -0700
|
|
|
d9d99f |
Subject: [PATCH] Measure commands
|
|
|
d9d99f |
|
|
|
d9d99f |
Measure each command executed by grub, which includes script execution.
|
|
|
d9d99f |
---
|
|
|
d9d99f |
grub-core/script/execute.c | 25 +++++++++++++++++++++++--
|
|
|
d9d99f |
include/grub/tpm.h | 1 +
|
|
|
d9d99f |
2 files changed, 24 insertions(+), 2 deletions(-)
|
|
|
d9d99f |
|
|
|
d9d99f |
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
|
|
|
d9d99f |
index cf6cd6601d6..9ae04a05160 100644
|
|
|
d9d99f |
--- a/grub-core/script/execute.c
|
|
|
d9d99f |
+++ b/grub-core/script/execute.c
|
|
|
d9d99f |
@@ -30,6 +30,7 @@
|
|
|
d9d99f |
#ifdef GRUB_MACHINE_IEEE1275
|
|
|
d9d99f |
#include <grub/ieee1275/ieee1275.h>
|
|
|
d9d99f |
#endif
|
|
|
d9d99f |
+#include <grub/tpm.h>
|
|
|
d9d99f |
|
|
|
d9d99f |
/* Max digits for a char is 3 (0xFF is 255), similarly for an int it
|
|
|
d9d99f |
is sizeof (int) * 3, and one extra for a possible -ve sign. */
|
|
|
d9d99f |
@@ -967,8 +968,9 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
|
|
|
d9d99f |
grub_err_t ret = 0;
|
|
|
d9d99f |
grub_script_function_t func = 0;
|
|
|
d9d99f |
char errnobuf[18];
|
|
|
d9d99f |
- char *cmdname;
|
|
|
d9d99f |
- int argc;
|
|
|
d9d99f |
+ char *cmdname, *cmdstring;
|
|
|
d9d99f |
+ int argc, offset = 0, cmdlen = 0;
|
|
|
d9d99f |
+ unsigned int i;
|
|
|
d9d99f |
char **args;
|
|
|
d9d99f |
int invert;
|
|
|
d9d99f |
struct grub_script_argv argv = { 0, 0, 0 };
|
|
|
d9d99f |
@@ -977,6 +979,25 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
|
|
|
d9d99f |
if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0])
|
|
|
d9d99f |
return grub_errno;
|
|
|
d9d99f |
|
|
|
d9d99f |
+ for (i = 0; i < argv.argc; i++) {
|
|
|
d9d99f |
+ cmdlen += grub_strlen (argv.args[i]) + 1;
|
|
|
d9d99f |
+ }
|
|
|
d9d99f |
+
|
|
|
d9d99f |
+ cmdstring = grub_malloc (cmdlen);
|
|
|
d9d99f |
+ if (!cmdstring)
|
|
|
d9d99f |
+ {
|
|
|
d9d99f |
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY,
|
|
|
d9d99f |
+ N_("cannot allocate command buffer"));
|
|
|
d9d99f |
+ }
|
|
|
d9d99f |
+
|
|
|
d9d99f |
+ for (i = 0; i < argv.argc; i++) {
|
|
|
d9d99f |
+ offset += grub_snprintf (cmdstring + offset, cmdlen - offset, "%s ",
|
|
|
d9d99f |
+ argv.args[i]);
|
|
|
d9d99f |
+ }
|
|
|
d9d99f |
+ cmdstring[cmdlen-1]= '\0';
|
|
|
d9d99f |
+ grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_COMMAND_PCR,
|
|
|
d9d99f |
+ cmdstring);
|
|
|
d9d99f |
+ grub_free(cmdstring);
|
|
|
d9d99f |
invert = 0;
|
|
|
d9d99f |
argc = argv.argc - 1;
|
|
|
d9d99f |
args = argv.args + 1;
|
|
|
d9d99f |
diff --git a/include/grub/tpm.h b/include/grub/tpm.h
|
|
|
d9d99f |
index 40d3cf65ba6..7fc9d77d277 100644
|
|
|
d9d99f |
--- a/include/grub/tpm.h
|
|
|
d9d99f |
+++ b/include/grub/tpm.h
|
|
|
d9d99f |
@@ -30,6 +30,7 @@
|
|
|
d9d99f |
#define GRUB_KERNEL_PCR 10
|
|
|
d9d99f |
#define GRUB_INITRD_PCR 11
|
|
|
d9d99f |
#define GRUB_CMDLINE_PCR 12
|
|
|
d9d99f |
+#define GRUB_COMMAND_PCR 13
|
|
|
d9d99f |
|
|
|
d9d99f |
#define TPM_TAG_RQU_COMMAND 0x00C1
|
|
|
d9d99f |
#define TPM_ORD_Extend 0x14
|