Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tpm: Boot with a warning if the event log is full #657

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

tpm: Boot with a warning if the event log is full #657

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions tpm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ typedef struct {
UINTN measuredcount = 0;
VARIABLE_RECORD *measureddata = NULL;
static BOOLEAN tpm_defective = FALSE;
static BOOLEAN log_full_already_warned = FALSE;

static BOOLEAN tpm_present(efi_tpm_protocol_t *tpm)
{
Expand Down Expand Up @@ -108,6 +109,16 @@ static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm,
return EFI_NOT_FOUND;
}

static void warn_first_log_full(void)
{
if (!log_full_already_warned) {
perror(L"TPM extend operation occurred, but the event could"
" not be written to one or more event logs. Applications"
" reliant on a valid event log will not function.\n");
log_full_already_warned = TRUE;
}
}

static EFI_STATUS cc_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
UINT8 pcr, const CHAR8 *log, UINTN logsize,
UINT32 type, BOOLEAN is_pe_image)
Expand Down Expand Up @@ -143,6 +154,14 @@ static EFI_STATUS cc_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
CopyMem(event->Event, (VOID *)log, logsize);
efi_status = cc->hash_log_extend_event(cc, flags, buf, (UINT64)size,
event);
/* Per spec: The extend operation occurred, but the event could
* not be written to one or more event logs. We can still safely
* boot in this case, but also show a warning to let the user know.
*/
if (efi_status == EFI_VOLUME_FULL) {
warn_first_log_full();
efi_status = EFI_SUCCESS;
}
FreePool(event);
return efi_status;
}
Expand Down Expand Up @@ -201,11 +220,19 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
*/
efi_status = tpm2->hash_log_extend_event(tpm2,
PE_COFF_IMAGE, buf, (UINT64) size, event);
if (efi_status == EFI_VOLUME_FULL) {
warn_first_log_full();
efi_status = EFI_SUCCESS;
}
}

if (!hash || EFI_ERROR(efi_status)) {
efi_status = tpm2->hash_log_extend_event(tpm2,
0, buf, (UINT64) size, event);
if (efi_status == EFI_VOLUME_FULL) {
warn_first_log_full();
efi_status = EFI_SUCCESS;
}
}
FreePool(event);
return efi_status;
Expand Down Expand Up @@ -239,10 +266,18 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
CopyMem(event->digest, hash, sizeof(event->digest));
efi_status = tpm->log_extend_event(tpm, 0, 0,
TPM_ALG_SHA, event, &eventnum, &lastevent);
if (efi_status == EFI_VOLUME_FULL) {
warn_first_log_full();
efi_status = EFI_SUCCESS;
}
} else {
efi_status = tpm->log_extend_event(tpm, buf,
(UINT64)size, TPM_ALG_SHA, event, &eventnum,
&lastevent);
if (efi_status == EFI_VOLUME_FULL) {
warn_first_log_full();
efi_status = EFI_SUCCESS;
}
}
if (efi_status == EFI_UNSUPPORTED) {
perror(L"Could not write TPM event: %r. Considering "
Expand Down