Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI. In future we might
want to have some sort of mechanism for choosing which events get logged
to which PCRs, but this seems like a good default policy and we can wait
to see whether anyone has a use case before adding more complexity.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
Previously we had multiboot and multiboot2 declaring the same symbols.
This can potentially lead to aliasing and strange behaviours when e.g.
module instead of module2 is used with multiboot2.
Bug: #51137
Currently multiboot2 protocol loads image exactly at address specified in
ELF or multiboot2 header. This solution works quite well on legacy BIOS
platforms. It is possible because memory regions are placed at predictable
addresses (though I was not able to find any spec which says that it is
strong requirement, so, it looks that it is just a goodwill of hardware
designers). However, EFI platforms are more volatile. Even if required
memory regions live at specific addresses then they are sometimes simply
not free (e.g. used by boot/runtime services on Dell PowerEdge R820 and
OVMF). This means that you are not able to just set up final image
destination on build time. You have to provide method to relocate image
contents to real load address which is usually different than load address
specified in ELF and multiboot2 headers.
This patch provides all needed machinery to do self relocation in image code.
First of all GRUB2 reads min_addr (min. load addr), max_addr (max. load addr),
align (required image alignment), preference (it says which memory regions are
preferred by image, e.g. none, low, high) from multiboot_header_tag_relocatable
header tag contained in binary (at this stage load addresses from multiboot2
and/or ELF headers are ignored). Later loader tries to fulfill request (not only
that one) and if it succeeds then it informs image about real load address via
multiboot_tag_load_base_addr tag. At this stage GRUB2 role is finished. Starting
from now executable must cope with relocations itself using whole static and
dynamic knowledge provided by boot loader.
This patch does not provide functionality which could do relocations using
ELF relocation data. However, I was asked by Konrad Rzeszutek Wilk and Vladimir
'phcoder' Serbinenko to investigate that thing. It looks that relevant machinery
could be added to existing code (including this patch) without huge effort.
Additionally, ELF relocation could live in parallel with self relocation provided
by this patch. However, during research I realized that first of all we should
establish the details how ELF relocatable image should look like and how it should
be build. At least to build proper test/example files.
So, this patch just provides support for self relocatable images. If ELF file
with relocs is loaded then GRUB2 complains loudly and ignores it. Support for
such files will be added later.
This patch was tested with Xen image which uses that functionality. However, this Xen
feature is still under development and new patchset will be released in about 2-3 weeks.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
Rework TPM measurements to use fewer PCRs. After discussion with upstream,
it's preferable to avoid using so many PCRs. Instead, measure into PCRs 8
and 9 but use a prefix in the event log to indicate which subsystem carried
out the measurements.
* grub-core/loader/i386/multiboot_mbi.c (grub_multiboot_get_mbi_size):
Take VBE info into account even if only text is supported.
(fill_vbe_info): Take into account the case when only VGA text
is supported.
* include/grub/multiboot.h (GRUB_MACHINE_HAS_VBE): Set to zero
on coreboot, multiboot and qemu.
* grub-core/loader/i386/multiboot_mbi.c (grub_multiboot_get_mbi_size):
Take VBE info into account.
(fill_vbe_info) [GRUB_MACHINE_HAS_VBE]: New function.
(retrieve_video_parameters) [GRUB_MACHINE_HAS_VBE]:
Call fill_vbe_info when appropriate.
(grub_multiboot_make_mbi): Account for the size occupied by VBE info.
* grub-core/loader/multiboot_mbi2.c (grub_multiboot_load): Declare tags
as supported.
(grub_multiboot_get_mbi_size): Take new tags into account.
(fill_vbe_tag) [GRUB_MACHINE_HAS_VBE]: New function.
(retrieve_video_parameters) [GRUB_MACHINE_HAS_VBE]:
Call fill_vbe_tag when appropriate.
(grub_multiboot_make_mbi): Properly align tags.
* grub-core/video/i386/pc/vbe.c (grub_vbe_bios_get_pm_interface): New
function.
* include/grub/i386/pc/vbe.h (grub_vbe_bios_get_pm_interface): New
proto.
* include/grub/multiboot.h (GRUB_MACHINE_HAS_VBE): New definition.