diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/usr/secureboot/trustedboot_reasoncodes.H | 2 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/base/tpmLogMgr.C | 184 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/base/tpmLogMgr.H | 33 | ||||
| -rw-r--r-- | src/usr/secureboot/trusted/base/trustedTypes_base.C | 22 | ||||
| -rwxr-xr-x | src/usr/secureboot/trusted/test/tpmLogMgrTest.H | 204 | ||||
| -rwxr-xr-x | src/usr/secureboot/trusted/test/trustedbootTest.H | 9 |
6 files changed, 430 insertions, 24 deletions
diff --git a/src/include/usr/secureboot/trustedboot_reasoncodes.H b/src/include/usr/secureboot/trustedboot_reasoncodes.H index cff1bba32..2c634887c 100644 --- a/src/include/usr/secureboot/trustedboot_reasoncodes.H +++ b/src/include/usr/secureboot/trustedboot_reasoncodes.H @@ -56,6 +56,7 @@ namespace TRUSTEDBOOT MOD_TPMLOGMGR_INITIALIZE = 0x10, MOD_TPMLOGMGR_ADDEVENT = 0x11, + MOD_TPMLOGMGR_INITIALIZEEXISTLOG = 0x012, }; enum TRUSTEDReasonCode @@ -78,6 +79,7 @@ namespace TRUSTEDBOOT RC_TPM_NOFUNCTIONALTPM_FAIL = SECURE_COMP_ID | 0xAD, RC_TPM_COMMAND_FAIL = SECURE_COMP_ID | 0xAE, RC_TPM_INVALID_ARGS = SECURE_COMP_ID | 0xAF, + RC_TPMLOGMGR_LOGWALKFAIL = SECURE_COMP_ID | 0xB0, }; #ifdef __cplusplus } diff --git a/src/usr/secureboot/trusted/base/tpmLogMgr.C b/src/usr/secureboot/trusted/base/tpmLogMgr.C index d863afc3e..18e677192 100644 --- a/src/usr/secureboot/trusted/base/tpmLogMgr.C +++ b/src/usr/secureboot/trusted/base/tpmLogMgr.C @@ -58,6 +58,7 @@ namespace TRUSTEDBOOT return (sizeof(TCG_EfiSpecIdEventStruct) + val->vendorInfoSize); } +#ifdef __HOSTBOOT_MODULE errlHndl_t TpmLogMgr_initialize(TpmLogMgr* val) { errlHndl_t err = TB_SUCCESS; @@ -90,7 +91,9 @@ namespace TRUSTEDBOOT else { - val->logSize = 0; + memset(val, 0, sizeof(TpmLogMgr)); + val->logMaxSize = TPMLOG_BUFFER_SIZE; + mutex_init( &val->logMutex ); mutex_lock( &val->logMutex ); @@ -138,6 +141,69 @@ namespace TRUSTEDBOOT } return err; } +#endif + + errlHndl_t TpmLogMgr_initializeUsingExistingLog(TpmLogMgr* val, + uint8_t* eventLogPtr, + uint32_t eventLogSize) + { + errlHndl_t err = TB_SUCCESS; + TRACUCOMP( g_trac_trustedboot, + ">>initializeUsingExistingLog()"); + + do + { + + mutex_init( &val->logMutex ); + mutex_lock( &val->logMutex ); + TRACUCOMP( g_trac_trustedboot, + ">>initializeUsingExistingLog() 1"); + + val->logMaxSize = eventLogSize; + val->eventLogInMem = eventLogPtr; + + // Ok, walk the log to figure out how big this is + val->logSize = TpmLogMgr_calcLogSize(val); + TRACUCOMP( g_trac_trustedboot, + ">>initializeUsingExistingLog() 2"); + + if (0 == val->logSize) + { + TRACFCOMP( g_trac_trustedboot, + "TPM LOG INIT WALK FAIL"); + /*@ + * @errortype + * @reasoncode RC_TPMLOGMGR_LOGWALKFAIL + * @severity ERRL_SEV_UNRECOVERABLE + * @moduleid MOD_TPMLOGMGR_INITIALIZEEXISTLOG + * @userdata1 0 + * @userdata2 0 + * @devdesc TPM log header entry is missing. + */ + err = tpmCreateErrorLog(MOD_TPMLOGMGR_INITIALIZEEXISTLOG, + RC_TPMLOGMGR_LOGWALKFAIL, + 0, + 0); + break; + } + // We are good, let's move the newEventLogPtr + val->newEventPtr = val->eventLogInMem + val->logSize; + + } + while(0); + + if (TB_SUCCESS != err) + { + val->eventLogInMem = NULL; + val->newEventPtr = NULL; + val->logMaxSize = 0; + val->logSize = 0; + } + + mutex_unlock( &val->logMutex ); + + return err; + } errlHndl_t TpmLogMgr_addEvent(TpmLogMgr* val, TCG_PCR_EVENT2* logEvent) @@ -157,12 +223,14 @@ namespace TRUSTEDBOOT // Need to ensure we have room for the new event // We have to leave room for the log full event as well if (NULL == val->newEventPtr || - val->logSize + newLogSize > TPMLOG_BUFFER_SIZE) + val->logSize + newLogSize > val->logMaxSize) { TRACFCOMP( g_trac_trustedboot, - "TPM LOG ADD FAIL PNULL(%d) LS(%d) New LS(%d)", + "TPM LOG ADD FAIL PNULL(%d) LS(%d) New LS(%d)" + " Max LS(%d)", (NULL == val->newEventPtr ? 0 : 1), - (int)val->logSize, (int)newLogSize); + (int)val->logSize, (int)newLogSize, + (int)val->logMaxSize); /*@ * @errortype @@ -233,10 +301,101 @@ namespace TRUSTEDBOOT // Debug display of raw data TRACUCOMP(g_trac_trustedboot, "tpmDumpLog Size : %d\n", (int)val->logSize); - TRACUBIN(g_trac_trustedboot, "tpmDumpLog", - val->eventLog, val->logSize); + +#ifdef __HOSTBOOT_MODULE + // Debug display of raw data + if (NULL == val->eventLogInMem) + { + TRACUBIN(g_trac_trustedboot, "tpmDumpLog", + val->eventLog, val->logSize); + } + else + { +#endif + TRACUBIN(g_trac_trustedboot, "tpmDumpLog From Memory", + val->eventLogInMem, val->logSize); +#ifdef __HOSTBOOT_MODULE + } +#endif } + uint32_t TpmLogMgr_calcLogSize(TpmLogMgr* val) + { + uint32_t logSize = 0; + TCG_PCR_EVENT event; + TCG_PCR_EVENT2 event2; + bool errorFound = false; + const uint8_t* prevLogHandle = NULL; + const uint8_t* nextLogHandle = NULL; + + TRACUCOMP( g_trac_trustedboot, ">>calcLogSize"); + + // Start walking events + prevLogHandle = TpmLogMgr_getLogStartPtr(val); + do + { + + // First need to deal with the header entry + nextLogHandle = TCG_PCR_EVENT_logUnmarshal(&event, + prevLogHandle, + sizeof(TCG_PCR_EVENT), + &errorFound); + + if (NULL == nextLogHandle || errorFound || + EV_NO_ACTION != event.eventType || + 0 == event.eventSize) + { + TRACFCOMP( g_trac_trustedboot, "Header Marshal Failure"); + prevLogHandle = NULL; + break; + } + + if (( nextLogHandle - TpmLogMgr_getLogStartPtr(val)) > + val->logMaxSize) + { + TRACFCOMP( g_trac_trustedboot, "calcLogSize overflow"); + prevLogHandle = NULL; + break; + } + prevLogHandle = nextLogHandle; + + // Now iterate through all the other events + while (NULL != prevLogHandle) + { + nextLogHandle = TCG_PCR_EVENT2_logUnmarshal( + &event2, + prevLogHandle, + sizeof(TCG_PCR_EVENT2), + &errorFound); + if (NULL == nextLogHandle || errorFound) + { + // Failed parsing so we must have hit the end of log + break; + } + if (( nextLogHandle - TpmLogMgr_getLogStartPtr(val)) > + val->logMaxSize) + { + TRACFCOMP( g_trac_trustedboot, "calcLogSize overflow"); + prevLogHandle = NULL; + break; + } + prevLogHandle = nextLogHandle; + } + } + while (0); + + if (NULL == prevLogHandle) + { + logSize = 0; + } + else + { + logSize = (prevLogHandle - TpmLogMgr_getLogStartPtr(val)); + } + TRACUCOMP( g_trac_trustedboot, "<<calcLogSize : %d", logSize); + + return logSize; + } const uint8_t* TpmLogMgr_getFirstEvent(TpmLogMgr* val) { @@ -245,7 +404,7 @@ namespace TRUSTEDBOOT const uint8_t* result = NULL; // Header event in the log is always first, we skip over that - const uint8_t* firstEvent = val->eventLog; + const uint8_t* firstEvent = TpmLogMgr_getLogStartPtr(val); memset(&event, 0, sizeof(TCG_PCR_EVENT)); firstEvent = TCG_PCR_EVENT_logUnmarshal(&event, firstEvent, @@ -320,6 +479,17 @@ namespace TRUSTEDBOOT return eventLog; } + + uint8_t* TpmLogMgr_getLogStartPtr(TpmLogMgr* val) + { +#ifdef __HOSTBOOT_MODULE + return (val->eventLogInMem == NULL ? + reinterpret_cast<uint8_t*>(&(val->eventLog)) : val->eventLogInMem); +#else + return val->eventLogInMem; +#endif + } + #ifdef __cplusplus } // end TRUSTEDBOOT #endif diff --git a/src/usr/secureboot/trusted/base/tpmLogMgr.H b/src/usr/secureboot/trusted/base/tpmLogMgr.H index 69909a925..b7eed6293 100644 --- a/src/usr/secureboot/trusted/base/tpmLogMgr.H +++ b/src/usr/secureboot/trusted/base/tpmLogMgr.H @@ -86,12 +86,17 @@ namespace TRUSTEDBOOT struct _TpmLogMgr { uint32_t logSize; ///< Current byte size of log - uint8_t eventLog[TPMLOG_BUFFER_SIZE]; ///< EventLog Buffer + uint32_t logMaxSize; ///< Space allocated for log entries uint8_t* newEventPtr; ///< Pointer to location to add new event + uint8_t* eventLogInMem; ///< Event log allocated from memory +#ifdef __HOSTBOOT_MODULE + uint8_t eventLog[TPMLOG_BUFFER_SIZE]; ///< EventLog Buffer +#endif mutex_t logMutex; ///< Log mutex }; typedef struct _TpmLogMgr TpmLogMgr; +#ifdef __HOSTBOOT_MODULE /** * @brief Initialize the log manager * @param[in/out] io_logMgr Return a pointer to the log manager @@ -99,6 +104,19 @@ namespace TRUSTEDBOOT * error log. */ errlHndl_t TpmLogMgr_initialize(TpmLogMgr * io_logMgr); +#endif + + /** + * @brief Initialize the log manager to use a pre-existing buffer + * @param[in] val TpmLogMgr structure + * @param[in] eventLogPtr Pointer to event log to use + * @param[in] eventLogSize Allocated log buffer size + * @return errlHndl_t NULL if successful, otherwise a pointer to the + * error log. + */ + errlHndl_t TpmLogMgr_initializeUsingExistingLog(TpmLogMgr* val, + uint8_t* eventLogPtr, + uint32_t eventLogSize); /** * @brief Add a new event to the log @@ -116,6 +134,12 @@ namespace TRUSTEDBOOT */ uint32_t TpmLogMgr_getLogSize(TpmLogMgr* val); + /** + * @brief Calculate the log size in bytes by walking the log + * @param[in] val TpmLogMgr structure + * @return uint32_t Byte size of log + */ + uint32_t TpmLogMgr_calcLogSize(TpmLogMgr* val); /** * @brief Get pointer to first event in eventLog past the header event @@ -167,6 +191,13 @@ namespace TRUSTEDBOOT */ void TpmLogMgr_dumpLog(TpmLogMgr* val); + /** + * @brief Return a pointer to the start of the log + * @param[in] val TpmLogMgr structure + * @return uint8_t* Pointer to the start of the TPM log + */ + uint8_t* TpmLogMgr_getLogStartPtr(TpmLogMgr* val); + #ifdef __cplusplus } // end TRUSTEDBOOT namespace diff --git a/src/usr/secureboot/trusted/base/trustedTypes_base.C b/src/usr/secureboot/trusted/base/trustedTypes_base.C index 5ce0614f3..9e4b35ff6 100644 --- a/src/usr/secureboot/trusted/base/trustedTypes_base.C +++ b/src/usr/secureboot/trusted/base/trustedTypes_base.C @@ -79,12 +79,15 @@ namespace TRUSTEDBOOT const uint8_t* TPMT_HA_logUnmarshal(TPMT_HA* val, const uint8_t* i_tpmBuf, bool* o_err) { + size_t size = 0; + uint16_t* field16 = NULL; + do { *o_err = false; // algorithmId - size_t size = sizeof(val->algorithmId); - uint16_t* field16 = (uint16_t*)i_tpmBuf; + size = sizeof(val->algorithmId); + field16 = (uint16_t*)i_tpmBuf; val->algorithmId = le16toh(*field16); // Ensure a valid count if (val->algorithmId >= TPM_ALG_INVALID_ID) @@ -168,12 +171,14 @@ namespace TRUSTEDBOOT const uint8_t* i_tpmBuf, bool* o_err) { + size_t size = 0; + uint32_t* field32 = NULL; do { *o_err = false; // count - size_t size = sizeof(val->count); - uint32_t* field32 = (uint32_t*)(i_tpmBuf); + size = sizeof(val->count); + field32 = (uint32_t*)(i_tpmBuf); val->count = le32toh(*field32); // Ensure a valid count if (val->count > HASH_COUNT) @@ -350,12 +355,14 @@ namespace TRUSTEDBOOT const uint8_t* i_tpmBuf, bool* o_err) { + size_t size = 0; + uint32_t* field32 = NULL; do { *o_err = false; // Event size - size_t size = sizeof(val->eventSize); - uint32_t* field32 = (uint32_t*)(i_tpmBuf); + size = sizeof(val->eventSize); + field32 = (uint32_t*)(i_tpmBuf); val->eventSize = le32toh(*field32); i_tpmBuf += size; @@ -453,7 +460,8 @@ namespace TRUSTEDBOOT field32 = (uint32_t*)(i_tpmBuf); val->eventType = le32toh(*field32); // Ensure a valid event type - if (val->eventType >= EV_INVALID) + if (val->eventType == 0 || + val->eventType >= EV_INVALID) { *o_err = true; i_tpmBuf = NULL; diff --git a/src/usr/secureboot/trusted/test/tpmLogMgrTest.H b/src/usr/secureboot/trusted/test/tpmLogMgrTest.H index 537ada4b0..cf61de420 100755 --- a/src/usr/secureboot/trusted/test/tpmLogMgrTest.H +++ b/src/usr/secureboot/trusted/test/tpmLogMgrTest.H @@ -360,6 +360,210 @@ class TPMLogMgrTest: public CxxTest::TestSuite } while (0); } + + + /** + * @brief TPM Log calcLogSize tests + */ + void testTpmLogCalcLogSize ( void ) + { + TRACFCOMP( g_trac_trustedboot, "testTpmLogCalcLogSize - Start" ); + + do { + // Initialize logMgr + TpmLogMgr logMgr; + getTestLogMgr(&logMgr); + + size_t firstEventSize = TpmLogMgr_getLogSize(&logMgr); + + // No events beyond initial one + if ((TpmLogMgr_calcLogSize(&logMgr) != + TpmLogMgr_getLogSize(&logMgr))) + { + TS_FAIL( "testTpmLogCalcLogSize - " + "Invalid first event calc LS(%d) CS(%d)", + TpmLogMgr_getLogSize(&logMgr), + TpmLogMgr_calcLogSize(&logMgr)); + break; + } + + // Add an event to log + TCG_PCR_EVENT2 eventLog = addTestLogEvent(logMgr, + "CalcLog11"); + if (TpmLogMgr_calcLogSize(&logMgr) != + TpmLogMgr_getLogSize(&logMgr) || + ((firstEventSize + + TCG_PCR_EVENT2_marshalSize(&eventLog)) + != TpmLogMgr_getLogSize(&logMgr)) ) + { + TS_FAIL( "testTpmLogCalcLogSize - " + "Invalid second event calc LS(%d) CS(%d)", + TpmLogMgr_getLogSize(&logMgr), + TpmLogMgr_calcLogSize(&logMgr)); + break; + } + + // Add more events to log + for (int idx = 0; idx < 10; idx ++) + { + eventLog = addTestLogEvent(logMgr, + "CalcLog3434"); + if (TpmLogMgr_calcLogSize(&logMgr) != + TpmLogMgr_getLogSize(&logMgr)) + { + TS_FAIL( "testTpmLogCalcLogSize - IDX (%d) " + "Invalid additional event calc LS(%d) CS(%d)", + idx, + TpmLogMgr_getLogSize(&logMgr), + TpmLogMgr_calcLogSize(&logMgr)); + break; + } + } + } + while (0); + } + + /** + * @brief TPM Log initializeUsingExistingLog tests + */ + void testTpmLogInitExisting ( void ) + { + TRACFCOMP( g_trac_trustedboot, "testTpmLogInitExisting - Start" ); + errlHndl_t err = NULL; + TCG_PCR_EVENT2 eventLog; + + do { + // Initialize logMgr + TpmLogMgr logMgr; + getTestLogMgr(&logMgr); + // Create a logMgr clone + TpmLogMgr cloneMgr; + + err = TpmLogMgr_initializeUsingExistingLog(&cloneMgr, + TpmLogMgr_getLogStartPtr(&logMgr), + logMgr.logMaxSize); + + // No events beyond initial one + if (NULL != err || + TpmLogMgr_getLogSize(&logMgr) != + TpmLogMgr_getLogSize(&cloneMgr)) + { + TS_FAIL( "testTpmLogInitExisting - " + "test fail on initial init " + "err(%d) LMS(%d) CLS(%d)", + (NULL == err) ? 0 : 1, + TpmLogMgr_getLogSize(&logMgr), + TpmLogMgr_getLogSize(&cloneMgr)); + break; + } + + + // Add more events to log + for (int idx = 0; idx < 10; idx ++) + { + eventLog = addTestLogEvent(logMgr, + "CalcLog3434"); + } + + err = TpmLogMgr_initializeUsingExistingLog(&cloneMgr, + TpmLogMgr_getLogStartPtr(&logMgr), + logMgr.logMaxSize); + + if (NULL != err || + TpmLogMgr_getLogSize(&logMgr) != + TpmLogMgr_getLogSize(&cloneMgr)) + { + TS_FAIL( "testTpmLogInitExisting - " + "test fail on multiple log init " + "err(%d) LMS(%d) CLS(%d)", + (NULL == err) ? 0 : 1, + TpmLogMgr_getLogSize(&logMgr), + TpmLogMgr_getLogSize(&cloneMgr)); + break; + } + + // Now try adding an event to the clone logMgr + eventLog = addTestLogEvent(cloneMgr, "Clone123 23434"); + if (TpmLogMgr_getLogSize(&logMgr) == + TpmLogMgr_getLogSize(&cloneMgr)) + { + TS_FAIL( "testTpmLogInitExisting - " + "test fail on addlog to clone" + "LMS(%d) CLS(%d)", + TpmLogMgr_getLogSize(&logMgr), + TpmLogMgr_getLogSize(&cloneMgr)); + break; + } + } + while (0); + TRACFCOMP( g_trac_trustedboot, "testTpmLogInitExisting - End" ); + } + + /** + * @brief TPM Log initializeUsingExistingLog failing tests + */ + void testTpmLogInitExistingFails ( void ) + { + TRACFCOMP( g_trac_trustedboot, + "testTpmLogInitExistingFails - Start" ); + errlHndl_t err = NULL; + + do { + // Initialize logMgr + TpmLogMgr logMgr; + getTestLogMgr(&logMgr); + // Create a logMgr clone + TpmLogMgr cloneMgr; + uint8_t logBuffer[256]; + + // Zero'd buffer without initial header entry + memset(logBuffer,0, sizeof(logBuffer)); + err = TpmLogMgr_initializeUsingExistingLog(&cloneMgr, + logBuffer, + sizeof(logBuffer)); + + if (NULL == err) + { + TS_FAIL( "testTpmLogInitExistingFails - " + "test fail on initial init " + "err(%d) LMS(%d) CLS(%d)", + (NULL == err) ? 0 : 1, + TpmLogMgr_getLogSize(&logMgr), + TpmLogMgr_getLogSize(&cloneMgr)); + break; + } + else + { + delete err; + err = NULL; + } + + + // Buffer too small + err = TpmLogMgr_initializeUsingExistingLog(&cloneMgr, + TpmLogMgr_getLogStartPtr(&logMgr), + 10); + if (NULL == err) + { + TS_FAIL( "testTpmLogInitExistingFails - " + "test fail on initial init buff too small" + "err(%d) LMS(%d) CLS(%d)", + (NULL == err) ? 0 : 1, + TpmLogMgr_getLogSize(&logMgr), + TpmLogMgr_getLogSize(&cloneMgr)); + break; + } + else + { + delete err; + err = NULL; + } + } + while (0); + TRACFCOMP( g_trac_trustedboot, + "testTpmLogInitExistingFails - End" ); + } + }; #endif diff --git a/src/usr/secureboot/trusted/test/trustedbootTest.H b/src/usr/secureboot/trusted/test/trustedbootTest.H index 5fad75145..12f7a9de0 100755 --- a/src/usr/secureboot/trusted/test/trustedbootTest.H +++ b/src/usr/secureboot/trusted/test/trustedbootTest.H @@ -44,15 +44,6 @@ #include "../base/trustedboot_base.H" #include "../base/tpmLogMgr.H" -extern trace_desc_t* g_trac_trustedboot; - -// Easy macro replace for unit testing -//#define TRACUCOMP(args...) TRACFCOMP(args) -#define TRACUCOMP(args...) -//#define TRACUBIN(args...) TRACFBIN(args) -#define TRACUBIN(args...) - - using namespace TRUSTEDBOOT; |
