rpms / tpm2-tools

Clone
Source Code
GIT

Blame SOURCES/0007-tpm2_eventlog_yaml-fix-parsing-for-MokListTrusted.patch

c7 c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta
  1.   c9
  2.   SOURCES
  3.   0007-tpm2_eventlog_yaml-fix-parsing-for-MokListTrusted.patch
Blob History Raw
c8bd4f 
From c26464eb59b71b40bea11b4829b2a848343081f2 Mon Sep 17 00:00:00 2001
c8bd4f 
From: Thore Sommer <mail@thson.de>
c8bd4f 
Date: Sat, 8 Oct 2022 21:29:18 +0300
c8bd4f 
Subject: [PATCH 7/9] tpm2_eventlog_yaml: fix parsing for MokListTrusted
c8bd4f
c8bd4f 
Not all data in events of the EV_EFI_VARIABLE_AUTHORITY are
c8bd4f 
EFI_SIGNATURE_DATA. The entry for MokListTrusted is a boolean
c8bd4f 
encoded as an integer similar to SecureBoot variable.
c8bd4f
c8bd4f 
Fixes #3050
c8bd4f
c8bd4f 
Signed-off-by: Thore Sommer <mail@thson.de>
c8bd4f 
---
c8bd4f 
 lib/tpm2_eventlog_yaml.c | 60 +++++++++++++++++++++++++++-------------
c8bd4f 
 1 file changed, 41 insertions(+), 19 deletions(-)
c8bd4f
c8bd4f 
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
c8bd4f 
index 66a20701..0b1d0318 100644
c8bd4f 
--- a/lib/tpm2_eventlog_yaml.c
c8bd4f 
+++ b/lib/tpm2_eventlog_yaml.c
c8bd4f 
@@ -418,27 +418,49 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
c8bd4f 
                 }
c8bd4f 
                 return true;
c8bd4f 
             }
c8bd4f 
-            /* Other variables will be printed as a hex string */
c8bd4f 
         } else if (type == EV_EFI_VARIABLE_AUTHORITY) {
c8bd4f 
-            free(ret);
c8bd4f 
-            tpm2_tool_output("    VariableData:\n");
c8bd4f 
-
c8bd4f 
-            EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[
c8bd4f 
-                data->UnicodeNameLength];
c8bd4f 
-            char *sdata = calloc (1,
c8bd4f 
-                BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
c8bd4f 
-            if (sdata == NULL) {
c8bd4f 
-                LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
c8bd4f 
-                return false;
c8bd4f 
+            /* The MokListTrusted is boolean option, not a EFI_SIGNATURE_DATA*/
c8bd4f 
+            if ((strlen(ret) == 14 && strncmp(ret, "MokListTrusted", 14) == 0)) {
c8bd4f 
+                free(ret);
c8bd4f 
+                tpm2_tool_output("    VariableData:\n"
c8bd4f 
+                                 "      Enabled: ");
c8bd4f 
+                if (data->VariableDataLength == 0) {
c8bd4f 
+                    tpm2_tool_output("'No'\n");
c8bd4f 
+                } else if (data->VariableDataLength > 1) {
c8bd4f 
+                    LOG_ERR("MokListTrusted value length %" PRIu64 " is unexpectedly > 1\n",
c8bd4f 
+                            data->VariableDataLength);
c8bd4f 
+                    return false;
c8bd4f 
+                } else {
c8bd4f 
+                    uint8_t *variable_data = (uint8_t *)&data->UnicodeName[
c8bd4f 
+                        data->UnicodeNameLength];
c8bd4f 
+                    if (*variable_data == 0) {
c8bd4f 
+                        tpm2_tool_output("'No'\n");
c8bd4f 
+                    } else {
c8bd4f 
+                        tpm2_tool_output("'Yes'\n");
c8bd4f 
+                    }
c8bd4f 
+                }
c8bd4f 
+                return true;
c8bd4f 
+            } else {
c8bd4f 
+                /* Other variables will be printed as a hex string */
c8bd4f 
+                free(ret);
c8bd4f 
+                tpm2_tool_output("    VariableData:\n");
c8bd4f 
+                EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[
c8bd4f 
+                    data->UnicodeNameLength];
c8bd4f 
+                char *sdata = calloc (1,
c8bd4f 
+                    BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
c8bd4f 
+                if (sdata == NULL) {
c8bd4f 
+                    LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
c8bd4f 
+                    return false;
c8bd4f 
+                }
c8bd4f 
+                bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID),
c8bd4f 
+                    sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
c8bd4f 
+                guid_unparse_lower(s->SignatureOwner, uuidstr);
c8bd4f 
+                tpm2_tool_output("    - SignatureOwner: %s\n"
c8bd4f 
+                                "      SignatureData: %s\n",
c8bd4f 
+                                uuidstr, sdata);
c8bd4f 
+                free(sdata);
c8bd4f 
+                return true;
c8bd4f 
             }
c8bd4f 
-            bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID),
c8bd4f 
-                sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
c8bd4f 
-            guid_unparse_lower(s->SignatureOwner, uuidstr);
c8bd4f 
-            tpm2_tool_output("    - SignatureOwner: %s\n"
c8bd4f 
-                             "      SignatureData: %s\n",
c8bd4f 
-                             uuidstr, sdata);
c8bd4f 
-            free(sdata);
c8bd4f 
-            return true;
c8bd4f 
         } else if (type == EV_EFI_VARIABLE_BOOT || type == EV_EFI_VARIABLE_BOOT2) {
c8bd4f 
             if ((strlen(ret) == 9 && strncmp(ret, "BootOrder", 9) == 0)) {
c8bd4f 
                 free(ret);
c8bd4f 
--
c8bd4f 
2.37.3
c8bd4f

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation