From 44dd2b243fdeaf460c48bbdc86d80d5baacac956 Mon Sep 17 00:00:00 2001 From: Davide Cavalca Date: Apr 22 2021 16:38:50 +0000 Subject: Backport TPM eventlog parsing fix --- diff --git a/SOURCES/2021.patch b/SOURCES/2021.patch new file mode 100644 index 0000000..089b1b4 --- /dev/null +++ b/SOURCES/2021.patch @@ -0,0 +1,245 @@ +From 84556dd39531638ef69c8f1eec7f917de2c88146 Mon Sep 17 00:00:00 2001 +From: Trammell hudson +Date: Wed, 13 May 2020 12:00:14 +0200 +Subject: [PATCH 1/6] tpm2_event_log: parse EV_POST_CODE events according to + 2.3.4.1 + +Signed-off-by: Trammell hudson +--- + lib/tpm2_eventlog.c | 5 ++++- + lib/tpm2_eventlog_yaml.c | 24 ++++++++++++++++++++++++ + 2 files changed, 28 insertions(+), 1 deletion(-) + +diff --git a/lib/tpm2_eventlog.c b/lib/tpm2_eventlog.c +index b44ae10a9..b7bea6124 100644 +--- a/lib/tpm2_eventlog.c ++++ b/lib/tpm2_eventlog.c +@@ -88,8 +88,11 @@ bool parse_event2body(TCG_EVENT2 const *event, UINT32 type) { + } + } + break; +- /* TCG PC Client FPF section 9.2.5 */ ++ /* TCG PC Client FPF section 2.3.4.1 and 9.4.1 */ + case EV_POST_CODE: ++ // the event is a string, so there are no length requirements. ++ break; ++ /* TCG PC Client FPF section 9.2.5 */ + case EV_S_CRTM_CONTENTS: + case EV_EFI_PLATFORM_FIRMWARE_BLOB: + { +diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c +index 307c4a09d..ae1406bfe 100644 +--- a/lib/tpm2_eventlog_yaml.c ++++ b/lib/tpm2_eventlog_yaml.c +@@ -164,6 +164,29 @@ static bool yaml_uefi_var_data(UEFI_VARIABLE_DATA *data) { + + return true; + } ++/* ++ * TCG PC Client FPF section 2.3.4.1 and 9.4.1: ++ * Usage of the event type EV_POST_CODE: ++ * - If a combined event is measured, the event field SHOULD ++ * be the string "POST CODE" in all caps. ... ++ * - Embedded SMM code and the code that sets it up SHOULD use ++ * the string "SMM CODE" in all caps... ++ * - BIS code (eclusing the BIS Certificate) should use event ++ * field string of "BIS CODE" in all caps. ... ++ * - ACPI flash data prior to any modifications ... should use ++ * event field string of "ACPI DATA" in all caps. ++ */ ++static bool yaml_uefi_post_code(const char * data, size_t len) ++{ ++ tpm2_tool_output( ++ " Event:\n" ++ " - Length: %zu\n" ++ " String: '%.*s'\n", ++ len, ++ (int) len, ++ data); ++ return true; ++} + /* + * TCG PC Client FPF section 9.2.6 + * The tpm2_eventlog module validates the event structure but nothing within +@@ -247,6 +270,7 @@ bool yaml_event2data(TCG_EVENT2 const *event, UINT32 type) { + case EV_EFI_VARIABLE_AUTHORITY: + return yaml_uefi_var((UEFI_VARIABLE_DATA*)event->Event); + case EV_POST_CODE: ++ return yaml_uefi_post_code((const char*)event->Event, event->EventSize); + case EV_S_CRTM_CONTENTS: + case EV_EFI_PLATFORM_FIRMWARE_BLOB: + return yaml_uefi_platfwblob((UEFI_PLATFORM_FIRMWARE_BLOB*)event->Event); + +From abfae7af25bdbb41709d09bf99a01132f2f3c24e Mon Sep 17 00:00:00 2001 +From: Trammell hudson +Date: Wed, 13 May 2020 12:04:49 +0200 +Subject: [PATCH 2/6] tpm2_eventlog: rename postcode test to firmware blob test + +Signed-off-by: Trammell hudson +--- + test/unit/test_tpm2_eventlog.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/unit/test_tpm2_eventlog.c b/test/unit/test_tpm2_eventlog.c +index e992ac848..661778506 100644 +--- a/test/unit/test_tpm2_eventlog.c ++++ b/test/unit/test_tpm2_eventlog.c +@@ -266,7 +266,7 @@ static void test_parse_event2body_uefivar_badlength(void **state){ + + assert_false(parse_event2body(event, EV_EFI_VARIABLE_DRIVER_CONFIG)); + } +-static void test_parse_event2body_postcode_badlength(void **state){ ++static void test_parse_event2body_firmware_blob_badlength(void **state){ + + (void)state; + +@@ -465,7 +465,7 @@ int main(void) { + cmocka_unit_test(test_foreach_event2_parse_event2body_fail), + cmocka_unit_test(test_parse_event2body_uefivar_badsize), + cmocka_unit_test(test_parse_event2body_uefivar_badlength), +- cmocka_unit_test(test_parse_event2body_postcode_badlength), ++ cmocka_unit_test(test_parse_event2body_firmware_blob_badlength), + cmocka_unit_test(test_specid_event_nohdr), + cmocka_unit_test(test_specid_event_badeventtype), + cmocka_unit_test(test_specid_event_badpcrindex), + +From de84d5bd6f89bded62e8dc0ae57619a3758920e5 Mon Sep 17 00:00:00 2001 +From: Trammell hudson +Date: Wed, 13 May 2020 12:09:45 +0200 +Subject: [PATCH 3/6] tpm2_eventlog: pass TCG_EVENT2* to yaml-Uefi_post_code() + +Signed-off-by: Trammell hudson +--- + lib/tpm2_eventlog_yaml.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c +index ae1406bfe..e9092769d 100644 +--- a/lib/tpm2_eventlog_yaml.c ++++ b/lib/tpm2_eventlog_yaml.c +@@ -171,13 +171,16 @@ static bool yaml_uefi_var_data(UEFI_VARIABLE_DATA *data) { + * be the string "POST CODE" in all caps. ... + * - Embedded SMM code and the code that sets it up SHOULD use + * the string "SMM CODE" in all caps... +- * - BIS code (eclusing the BIS Certificate) should use event ++ * - BIS code (excluding the BIS Certificate) should use event + * field string of "BIS CODE" in all caps. ... + * - ACPI flash data prior to any modifications ... should use + * event field string of "ACPI DATA" in all caps. + */ +-static bool yaml_uefi_post_code(const char * data, size_t len) ++static bool yaml_uefi_post_code(const TCG_EVENT2 * const event) + { ++ const char * const data = (const char *) event->Event; ++ const size_t len = event->EventSize; ++ + tpm2_tool_output( + " Event:\n" + " - Length: %zu\n" +@@ -270,7 +273,7 @@ bool yaml_event2data(TCG_EVENT2 const *event, UINT32 type) { + case EV_EFI_VARIABLE_AUTHORITY: + return yaml_uefi_var((UEFI_VARIABLE_DATA*)event->Event); + case EV_POST_CODE: +- return yaml_uefi_post_code((const char*)event->Event, event->EventSize); ++ return yaml_uefi_post_code(event); + case EV_S_CRTM_CONTENTS: + case EV_EFI_PLATFORM_FIRMWARE_BLOB: + return yaml_uefi_platfwblob((UEFI_PLATFORM_FIRMWARE_BLOB*)event->Event); + +From dddeb4d3bc2e4d1eddf143a1ee70de7f7f32fbf3 Mon Sep 17 00:00:00 2001 +From: Trammell hudson +Date: Wed, 13 May 2020 12:55:14 +0200 +Subject: [PATCH 4/6] tpm2_eventlog: use "PCRIndex:" consistently + +Signed-off-by: Trammell hudson +--- + lib/tpm2_eventlog_yaml.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c +index e9092769d..d1f308904 100644 +--- a/lib/tpm2_eventlog_yaml.c ++++ b/lib/tpm2_eventlog_yaml.c +@@ -329,7 +329,7 @@ void yaml_eventhdr(TCG_EVENT const *event, size_t *count) { + bytes_to_str(event->digest, sizeof(event->digest), digest_hex, sizeof(digest_hex)); + + tpm2_tool_output("- Event[%zu]:\n" +- " pcrIndex: %" PRIu32 "\n" ++ " PCRIndex: %" PRIu32 "\n" + " eventType: %s\n" + " digest: %s\n" + " eventDataSize: %" PRIu32 "\n", (*count)++, event->pcrIndex, + +From c56c70f62af9a4fe884c6efa69eeb36f39d6fe65 Mon Sep 17 00:00:00 2001 +From: Trammell hudson +Date: Wed, 13 May 2020 12:58:20 +0200 +Subject: [PATCH 5/6] tpm2_eventlog: use "Digest:" and "EventSize:" + consistently + +Signed-off-by: Trammell hudson +--- + lib/tpm2_eventlog_yaml.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c +index d1f308904..50bd2fa6d 100644 +--- a/lib/tpm2_eventlog_yaml.c ++++ b/lib/tpm2_eventlog_yaml.c +@@ -330,9 +330,9 @@ void yaml_eventhdr(TCG_EVENT const *event, size_t *count) { + + tpm2_tool_output("- Event[%zu]:\n" + " PCRIndex: %" PRIu32 "\n" +- " eventType: %s\n" +- " digest: %s\n" +- " eventDataSize: %" PRIu32 "\n", (*count)++, event->pcrIndex, ++ " EventType: %s\n" ++ " Digest: %s\n" ++ " EventSize: %" PRIu32 "\n", (*count)++, event->pcrIndex, + eventtype_to_string(event->eventType), digest_hex, + event->eventDataSize); + } + +From 113ab8c213418c6d1c9045bb19069159cc5b594b Mon Sep 17 00:00:00 2001 +From: Trammell hudson +Date: Wed, 13 May 2020 14:16:39 +0200 +Subject: [PATCH 6/6] tpm2_eventlog: use same output format for EV_EFI_ACTION + and EV_POST_CODE + +This also avoids a potential stack smash if the event log +violates the spec and has an action string longer than +permitted. + +Signed-off-by: Trammell hudson +--- + lib/tpm2_eventlog_yaml.c | 11 ++--------- + 1 file changed, 2 insertions(+), 9 deletions(-) + +diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c +index 50bd2fa6d..8966cae42 100644 +--- a/lib/tpm2_eventlog_yaml.c ++++ b/lib/tpm2_eventlog_yaml.c +@@ -182,10 +182,7 @@ static bool yaml_uefi_post_code(const TCG_EVENT2 * const event) + const size_t len = event->EventSize; + + tpm2_tool_output( +- " Event:\n" +- " - Length: %zu\n" +- " String: '%.*s'\n", +- len, ++ " Event: '%.*s'\n", + (int) len, + data); + return true; +@@ -225,11 +222,7 @@ bool yaml_uefi_platfwblob(UEFI_PLATFORM_FIRMWARE_BLOB *data) { + /* TCG PC Client PFP section 9.4.4 */ + bool yaml_uefi_action(UINT8 const *action, size_t size) { + +- /* longest string permitted by spec is 47 chars */ +- char buf[50] = { '\0', }; +- +- memcpy (buf, action, size); +- tpm2_tool_output(" Event: %s\n", buf); ++ tpm2_tool_output(" Event: '%.*s'\n", (int) size, action); + + return true; + } diff --git a/SPECS/tpm2-tools.spec b/SPECS/tpm2-tools.spec index 3df4ed4..03bacc2 100644 --- a/SPECS/tpm2-tools.spec +++ b/SPECS/tpm2-tools.spec @@ -2,13 +2,16 @@ Name: tpm2-tools Version: 4.3.0 -Release: 1%{?candidate:.%{candidate}}%{?dist} +Release: 1%{?candidate:.%{candidate}}.1%{?dist} Summary: A bunch of TPM testing toolS build upon tpm2-tss License: BSD URL: https://github.com/tpm2-software/tpm2-tools Source0: https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}%{?candidate:-%{candidate}}/%{name}-%{version}%{?candidate:-%{candidate}}.tar.gz +# PR#2021: Parse EV_POST_CODE as strings +Patch0: https://github.com/tpm2-software/tpm2-tools/pull/2021.patch + BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: autoconf-archive @@ -54,6 +57,9 @@ tpm2-tools is a batch of tools for tpm2.0. It is based on tpm2-tss. %{_mandir}/man1/tss2_*.1.gz %changelog +* Thu Apr 22 2021 Davide Cavalca - 4.3.0-1.1 +- Backport TPM eventlog parsing fix (PR#2021) + * Sat Aug 29 2020 Peter Robinson - 4.3.0-1 - Update to 4.3.0