From 84556dd39531638ef69c8f1eec7f917de2c88146 Mon Sep 17 00:00:00 2001

From: Trammell hudson <hudson@trmm.net>

Date: Wed, 13 May 2020 12:00:14 +0200

Subject: [PATCH 1/6] tpm2_event_log: parse EV_POST_CODE events according to

 2.3.4.1

Signed-off-by: Trammell hudson <hudson@trmm.net>

---

 lib/tpm2_eventlog.c      |  5 ++++-

 lib/tpm2_eventlog_yaml.c | 24 ++++++++++++++++++++++++

 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/lib/tpm2_eventlog.c b/lib/tpm2_eventlog.c

index b44ae10a9..b7bea6124 100644

--- a/lib/tpm2_eventlog.c

+++ b/lib/tpm2_eventlog.c

@@ -88,8 +88,11 @@ bool parse_event2body(TCG_EVENT2 const *event, UINT32 type) {

             }

         }

         break;

-    /* TCG PC Client FPF section 9.2.5 */

+    /* TCG PC Client FPF section 2.3.4.1 and 9.4.1 */

     case EV_POST_CODE:

+        // the event is a string, so there are no length requirements.

+        break;

+    /* TCG PC Client FPF section 9.2.5 */

     case EV_S_CRTM_CONTENTS:

     case EV_EFI_PLATFORM_FIRMWARE_BLOB:

         {

diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c

index 307c4a09d..ae1406bfe 100644

--- a/lib/tpm2_eventlog_yaml.c

+++ b/lib/tpm2_eventlog_yaml.c

@@ -164,6 +164,29 @@ static bool yaml_uefi_var_data(UEFI_VARIABLE_DATA *data) {

     return true;

 }

+/*

+ * TCG PC Client FPF section 2.3.4.1 and 9.4.1:

+ * Usage of the event type EV_POST_CODE:

+ * - If a combined event is measured, the event field SHOULD

+ * be the string "POST CODE" in all caps. ...

+ * - Embedded SMM code and the code that sets it up SHOULD use

+ * the string "SMM CODE" in all caps...

+ * - BIS code (eclusing the BIS Certificate) should use event

+ * field string of "BIS CODE" in all caps. ...

+ * - ACPI flash data prior to any modifications ... should use

+ * event field string of "ACPI DATA" in all caps.

+ */

+static bool yaml_uefi_post_code(const char * data, size_t len)

+{

+    tpm2_tool_output(

+        "  Event:\n"

+        "    - Length: %zu\n"

+        "      String: '%.*s'\n",

+        len,

+        (int) len,

+        data);

+    return true;

+}

 /*

  * TCG PC Client FPF section 9.2.6

  * The tpm2_eventlog module validates the event structure but nothing within

@@ -247,6 +270,7 @@ bool yaml_event2data(TCG_EVENT2 const *event, UINT32 type) {

     case EV_EFI_VARIABLE_AUTHORITY:

         return yaml_uefi_var((UEFI_VARIABLE_DATA*)event->Event);

     case EV_POST_CODE:

+        return yaml_uefi_post_code((const char*)event->Event, event->EventSize);

     case EV_S_CRTM_CONTENTS:

     case EV_EFI_PLATFORM_FIRMWARE_BLOB:

         return yaml_uefi_platfwblob((UEFI_PLATFORM_FIRMWARE_BLOB*)event->Event);

From abfae7af25bdbb41709d09bf99a01132f2f3c24e Mon Sep 17 00:00:00 2001

From: Trammell hudson <hudson@trmm.net>

Date: Wed, 13 May 2020 12:04:49 +0200

Subject: [PATCH 2/6] tpm2_eventlog: rename postcode test to firmware blob test

Signed-off-by: Trammell hudson <hudson@trmm.net>

---

 test/unit/test_tpm2_eventlog.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/unit/test_tpm2_eventlog.c b/test/unit/test_tpm2_eventlog.c

index e992ac848..661778506 100644

--- a/test/unit/test_tpm2_eventlog.c

+++ b/test/unit/test_tpm2_eventlog.c

@@ -266,7 +266,7 @@ static void test_parse_event2body_uefivar_badlength(void **state){

     assert_false(parse_event2body(event, EV_EFI_VARIABLE_DRIVER_CONFIG));

 }

-static void test_parse_event2body_postcode_badlength(void **state){

+static void test_parse_event2body_firmware_blob_badlength(void **state){

     (void)state;

@@ -465,7 +465,7 @@ int main(void) {

         cmocka_unit_test(test_foreach_event2_parse_event2body_fail),

         cmocka_unit_test(test_parse_event2body_uefivar_badsize),

         cmocka_unit_test(test_parse_event2body_uefivar_badlength),

-        cmocka_unit_test(test_parse_event2body_postcode_badlength),

+        cmocka_unit_test(test_parse_event2body_firmware_blob_badlength),

         cmocka_unit_test(test_specid_event_nohdr),

         cmocka_unit_test(test_specid_event_badeventtype),

         cmocka_unit_test(test_specid_event_badpcrindex),

From de84d5bd6f89bded62e8dc0ae57619a3758920e5 Mon Sep 17 00:00:00 2001

From: Trammell hudson <hudson@trmm.net>

Date: Wed, 13 May 2020 12:09:45 +0200

Subject: [PATCH 3/6] tpm2_eventlog: pass TCG_EVENT2* to yaml-Uefi_post_code()

Signed-off-by: Trammell hudson <hudson@trmm.net>

---

 lib/tpm2_eventlog_yaml.c | 9 ++++++---

 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c

index ae1406bfe..e9092769d 100644

--- a/lib/tpm2_eventlog_yaml.c

+++ b/lib/tpm2_eventlog_yaml.c

@@ -171,13 +171,16 @@ static bool yaml_uefi_var_data(UEFI_VARIABLE_DATA *data) {

  * be the string "POST CODE" in all caps. ...

  * - Embedded SMM code and the code that sets it up SHOULD use

  * the string "SMM CODE" in all caps...

- * - BIS code (eclusing the BIS Certificate) should use event

+ * - BIS code (excluding the BIS Certificate) should use event

  * field string of "BIS CODE" in all caps. ...

  * - ACPI flash data prior to any modifications ... should use

  * event field string of "ACPI DATA" in all caps.

  */

-static bool yaml_uefi_post_code(const char * data, size_t len)

+static bool yaml_uefi_post_code(const TCG_EVENT2 * const event)

 {

+    const char * const data = (const char *) event->Event;

+    const size_t len = event->EventSize;

+

     tpm2_tool_output(

         "  Event:\n"

         "    - Length: %zu\n"

@@ -270,7 +273,7 @@ bool yaml_event2data(TCG_EVENT2 const *event, UINT32 type) {

     case EV_EFI_VARIABLE_AUTHORITY:

         return yaml_uefi_var((UEFI_VARIABLE_DATA*)event->Event);

     case EV_POST_CODE:

-        return yaml_uefi_post_code((const char*)event->Event, event->EventSize);

+        return yaml_uefi_post_code(event);

     case EV_S_CRTM_CONTENTS:

     case EV_EFI_PLATFORM_FIRMWARE_BLOB:

         return yaml_uefi_platfwblob((UEFI_PLATFORM_FIRMWARE_BLOB*)event->Event);

From dddeb4d3bc2e4d1eddf143a1ee70de7f7f32fbf3 Mon Sep 17 00:00:00 2001

From: Trammell hudson <hudson@trmm.net>

Date: Wed, 13 May 2020 12:55:14 +0200

Subject: [PATCH 4/6] tpm2_eventlog: use "PCRIndex:" consistently

Signed-off-by: Trammell hudson <hudson@trmm.net>

---

 lib/tpm2_eventlog_yaml.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c

index e9092769d..d1f308904 100644

--- a/lib/tpm2_eventlog_yaml.c

+++ b/lib/tpm2_eventlog_yaml.c

@@ -329,7 +329,7 @@ void yaml_eventhdr(TCG_EVENT const *event, size_t *count) {

     bytes_to_str(event->digest, sizeof(event->digest), digest_hex, sizeof(digest_hex));

     tpm2_tool_output("- Event[%zu]:\n"

-                     "  pcrIndex: %" PRIu32 "\n"

+                     "  PCRIndex: %" PRIu32 "\n"

                      "  eventType: %s\n"

                      "  digest: %s\n"

                      "  eventDataSize: %" PRIu32 "\n", (*count)++, event->pcrIndex,

From c56c70f62af9a4fe884c6efa69eeb36f39d6fe65 Mon Sep 17 00:00:00 2001

From: Trammell hudson <hudson@trmm.net>

Date: Wed, 13 May 2020 12:58:20 +0200

Subject: [PATCH 5/6] tpm2_eventlog: use "Digest:" and "EventSize:"

 consistently

Signed-off-by: Trammell hudson <hudson@trmm.net>

---

 lib/tpm2_eventlog_yaml.c | 6 +++---

 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c

index d1f308904..50bd2fa6d 100644

--- a/lib/tpm2_eventlog_yaml.c

+++ b/lib/tpm2_eventlog_yaml.c

@@ -330,9 +330,9 @@ void yaml_eventhdr(TCG_EVENT const *event, size_t *count) {

     tpm2_tool_output("- Event[%zu]:\n"

                      "  PCRIndex: %" PRIu32 "\n"

-                     "  eventType: %s\n"

-                     "  digest: %s\n"

-                     "  eventDataSize: %" PRIu32 "\n", (*count)++, event->pcrIndex,

+                     "  EventType: %s\n"

+                     "  Digest: %s\n"

+                     "  EventSize: %" PRIu32 "\n", (*count)++, event->pcrIndex,

                      eventtype_to_string(event->eventType), digest_hex,

                      event->eventDataSize);

 }

From 113ab8c213418c6d1c9045bb19069159cc5b594b Mon Sep 17 00:00:00 2001

From: Trammell hudson <hudson@trmm.net>

Date: Wed, 13 May 2020 14:16:39 +0200

Subject: [PATCH 6/6] tpm2_eventlog: use same output format for EV_EFI_ACTION

 and EV_POST_CODE

This also avoids a potential stack smash if the event log

violates the spec and has an action string longer than

permitted.

Signed-off-by: Trammell hudson <hudson@trmm.net>

---

 lib/tpm2_eventlog_yaml.c | 11 ++---------

 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c

index 50bd2fa6d..8966cae42 100644

--- a/lib/tpm2_eventlog_yaml.c

+++ b/lib/tpm2_eventlog_yaml.c

@@ -182,10 +182,7 @@ static bool yaml_uefi_post_code(const TCG_EVENT2 * const event)

     const size_t len = event->EventSize;

     tpm2_tool_output(

-        "  Event:\n"

-        "    - Length: %zu\n"

-        "      String: '%.*s'\n",

-        len,

+        "  Event: '%.*s'\n",

         (int) len,

         data);

     return true;

@@ -225,11 +222,7 @@ bool yaml_uefi_platfwblob(UEFI_PLATFORM_FIRMWARE_BLOB *data) {

 /* TCG PC Client PFP section 9.4.4 */

 bool yaml_uefi_action(UINT8 const *action, size_t size) {

-    /* longest string permitted by spec is 47 chars */

-    char buf[50] = { '\0', };

-

-    memcpy (buf, action, size);

-    tpm2_tool_output("  Event: %s\n", buf);

+    tpm2_tool_output("  Event: '%.*s'\n", (int) size, action);

     return true;

 }