min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #224 from nix-community/stub-remove-tpm1 

stub: remove TPM 1 support
This commit is contained in:
Ryan Lahfa 2023-09-14 13:26:25 +00:00 committed by GitHub
parent 1255f8fc49 3dab5531b1
commit 7f92dd1e7b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 2 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
rust/uefi/Cargo.lock generated
View File

@ -103,7 +103,6 @@ dependencies = [
"bitflags", "bitflags",
"goblin", "goblin",
"log", "log",
"sha1_smol",
"uefi", "uefi",
] ]
@ -177,12 +176,6 @@ dependencies = [
"syn 2.0.32", "syn 2.0.32",
] ]
[[package]]
name = "sha1_smol"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012"
[[package]] [[package]]
name = "sha2" name = "sha2"
version = "0.10.7" version = "0.10.7"

3
rust/uefi/linux-bootloader/Cargo.toml
View File

@ -19,8 +19,5 @@ bitflags = "2.3.3"
# Even in debug builds, we don't enable the debug logs, because they generate a lot of spam from goblin. # Even in debug builds, we don't enable the debug logs, because they generate a lot of spam from goblin.
log = { version = "0.4.19", default-features = false, features = [ "max_level_info", "release_max_level_warn" ]} log = { version = "0.4.19", default-features = false, features = [ "max_level_info", "release_max_level_warn" ]}
# SHA1 for TPM TCG interface version 1.
sha1_smol = "1.0.0"
[badges] [badges]
maintenance = { status = "actively-developed" } maintenance = { status = "actively-developed" }

45
rust/uefi/linux-bootloader/src/tpm.rs
View File

@ -3,10 +3,7 @@ use core::mem::{self, MaybeUninit};
use log::warn; use log::warn;
use uefi::{ use uefi::{
prelude::BootServices, prelude::BootServices,
proto::tcg::{ proto::tcg::{v2, EventType, PcrIndex},
v1::{self, Sha1Digest},
v2, EventType, PcrIndex,
},
table::boot::ScopedProtocol, table::boot::ScopedProtocol,
}; };
@ -32,24 +29,8 @@ fn open_capable_tpm2(boot_services: &BootServices) -> uefi::Result<ScopedProtoco
Ok(tpm_protocol) Ok(tpm_protocol)
} }
fn open_capable_tpm1(boot_services: &BootServices) -> uefi::Result<ScopedProtocol<v1::Tcg>> {
let tpm_handle = boot_services.get_handle_for_protocol::<v1::Tcg>()?;
let mut tpm_protocol = boot_services.open_protocol_exclusive::<v1::Tcg>(tpm_handle)?;
let status_check = tpm_protocol.status_check()?;
if status_check.protocol_capability.tpm_deactivated()
|| !status_check.protocol_capability.tpm_present()
{
warn!("Capability `TPM present` is not there or `TPM deactivated` is there for the existing TPM TCGv1 protocol");
return Err(uefi::Status::UNSUPPORTED.into());
}
Ok(tpm_protocol)
}
pub fn tpm_available(boot_services: &BootServices) -> bool { pub fn tpm_available(boot_services: &BootServices) -> bool {
open_capable_tpm2(boot_services).is_ok() || open_capable_tpm1(boot_services).is_ok() open_capable_tpm2(boot_services).is_ok()
} }
/// Log an event in the TPM with `buffer` as data. /// Log an event in the TPM with `buffer` as data.
@ -78,28 +59,6 @@ pub fn tpm_log_event_ascii(
)?; )?;
// FIXME: what do we want as flags here? // FIXME: what do we want as flags here?
tpm2.hash_log_extend_event(Default::default(), buffer, event)?; tpm2.hash_log_extend_event(Default::default(), buffer, event)?;
} else if let Ok(mut tpm1) = open_capable_tpm1(boot_services) {
let required_size = mem::size_of::<PcrIndex>()
+ mem::size_of::<EventType>()
+ mem::size_of::<Sha1Digest>()
+ mem::size_of::<u32>()
+ description.len();
let mut event_buffer = vec![MaybeUninit::<u8>::uninit(); required_size];
// Compute sha1 of the event data
let mut m = sha1_smol::Sha1::new();
m.update(description.as_bytes());
let event = v1::PcrEvent::new_in_buffer(
event_buffer.as_mut_slice(),
pcr_index,
EventType::IPL,
m.digest().bytes(),
description.as_bytes(),
)?;
tpm1.hash_log_extend_event(event, Some(buffer))?;
} }
Ok(true) Ok(true)