From c26464eb59b71b40bea11b4829b2a848343081f2 Mon Sep 17 00:00:00 2001
From: Thore Sommer <mail@thson.de>
Date: Sat, 8 Oct 2022 21:29:18 +0300
Subject: [PATCH 7/9] tpm2_eventlog_yaml: fix parsing for MokListTrusted
Not all data in events of the EV_EFI_VARIABLE_AUTHORITY are
EFI_SIGNATURE_DATA. The entry for MokListTrusted is a boolean
encoded as an integer similar to SecureBoot variable.
Fixes #3050
Signed-off-by: Thore Sommer <mail@thson.de>
---
lib/tpm2_eventlog_yaml.c | 60 +++++++++++++++++++++++++++-------------
1 file changed, 41 insertions(+), 19 deletions(-)
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
index 66a20701..0b1d0318 100644
--- a/lib/tpm2_eventlog_yaml.c
+++ b/lib/tpm2_eventlog_yaml.c
@@ -418,27 +418,49 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
}
return true;
}
- /* Other variables will be printed as a hex string */
} else if (type == EV_EFI_VARIABLE_AUTHORITY) {
- free(ret);
- tpm2_tool_output(" VariableData:\n");
-
- EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[
- data->UnicodeNameLength];
- char *sdata = calloc (1,
- BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
- if (sdata == NULL) {
- LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
- return false;
+ /* The MokListTrusted is boolean option, not a EFI_SIGNATURE_DATA*/
+ if ((strlen(ret) == 14 && strncmp(ret, "MokListTrusted", 14) == 0)) {
+ free(ret);
+ tpm2_tool_output(" VariableData:\n"
+ " Enabled: ");
+ if (data->VariableDataLength == 0) {
+ tpm2_tool_output("'No'\n");
+ } else if (data->VariableDataLength > 1) {
+ LOG_ERR("MokListTrusted value length %" PRIu64 " is unexpectedly > 1\n",
+ data->VariableDataLength);
+ return false;
+ } else {
+ uint8_t *variable_data = (uint8_t *)&data->UnicodeName[
+ data->UnicodeNameLength];
+ if (*variable_data == 0) {
+ tpm2_tool_output("'No'\n");
+ } else {
+ tpm2_tool_output("'Yes'\n");
+ }
+ }
+ return true;
+ } else {
+ /* Other variables will be printed as a hex string */
+ free(ret);
+ tpm2_tool_output(" VariableData:\n");
+ EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[
+ data->UnicodeNameLength];
+ char *sdata = calloc (1,
+ BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
+ if (sdata == NULL) {
+ LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
+ return false;
+ }
+ bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID),
+ sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
+ guid_unparse_lower(s->SignatureOwner, uuidstr);
+ tpm2_tool_output(" - SignatureOwner: %s\n"
+ " SignatureData: %s\n",
+ uuidstr, sdata);
+ free(sdata);
+ return true;
}
- bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID),
- sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
- guid_unparse_lower(s->SignatureOwner, uuidstr);
- tpm2_tool_output(" - SignatureOwner: %s\n"
- " SignatureData: %s\n",
- uuidstr, sdata);
- free(sdata);
- return true;
} else if (type == EV_EFI_VARIABLE_BOOT || type == EV_EFI_VARIABLE_BOOT2) {
if ((strlen(ret) == 9 && strncmp(ret, "BootOrder", 9) == 0)) {
free(ret);
--
2.37.3