Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-14 08:02:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
71c7adc9ff
linux/drivers/firmware
History
Ilias Apalodimas 71c7adc9ff efi/libstub: measure EFI LoadOptions 
The EFI TCG spec, in §10.2.6 "Measuring UEFI Variables and UEFI GPT
Data", only reasons about the load options passed to a loaded image in
the context of boot options booted directly from the BDS, which are
measured into PCR #5 along with the rest of the Boot#### EFI variable.

However, the UEFI spec mentions the following in the documentation of
the LoadImage() boot service and the EFI_LOADED_IMAGE protocol:

  The caller may fill in the image’s "load options" data, or add
  additional protocol support to the handle before passing control to
  the newly loaded image by calling EFI_BOOT_SERVICES.StartImage().

The typical boot sequence for Linux EFI systems is to load GRUB via a
boot option from the BDS, which [hopefully] calls LoadImage to load the
kernel image, passing the kernel command line via the mechanism
described above. This means that we cannot rely on the firmware
implementing TCG measured boot to ensure that the kernel command line
gets measured before the image is started, so the EFI stub will have to
take care of this itself.

Given that PCR #5 has an official use in the TCG measured boot spec,
let's avoid it in this case. Instead, add a measurement in PCR #9 (which
we already use for our initrd) and extend it with the LoadOptions
measurements

Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
2022-09-27 13:26:16 +02:00
..
arm_ffa firmware: arm_ffa: Remove incorrect assignment of driver_data 2022-04-29 14:51:46 +01:00
arm_scmi Power management updates for 5.20-rc1 2022-08-02 11:17:00 -07:00
broadcom firmware: tee_bnxt: Use UUID API for exporting the UUID 2022-05-05 18:14:29 -07:00
cirrus firmware: cs_dsp: Add memory chunk helpers 2022-07-22 13:40:00 +01:00
efi efi/libstub: measure EFI LoadOptions 2022-09-27 13:26:16 +02:00
google firmware: google: Properly state IOMEM dependency 2022-03-18 14:18:15 +01:00
imx firmware: imx: scu-pd: imx8q: add vpu mu resources 2022-02-20 14:55:32 +08:00
meson
psci firmware/psci: fix application of sizeof to pointer 2021-10-26 17:40:54 -05:00
smccc printk: stop including cache.h from printk.h 2022-05-13 07:20:07 -07:00
tegra firmware: tegra: Fix error check return value of debugfs_create_file() 2022-07-08 17:56:03 +02:00
xilinx firmware: xilinx: Add TF_A_PM_REGISTER_SGI SMC call 2022-06-29 14:46:22 +02:00
arm_scpi.c firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails 2022-07-04 14:28:42 +01:00
arm_sdei.c ACPI: APEI: explicit init of HEST and GHES in apci_init() 2022-03-03 20:24:22 +01:00
dmi_scan.c
dmi-id.c firmware: dmi: Move product_sku info to the end of the modalias 2021-09-02 17:28:53 +02:00
dmi-sysfs.c firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle 2022-05-19 18:56:56 +02:00
edd.c edd: simplify the check of 'attr->test' in edd_populate_dir() 2022-05-19 18:57:04 +02:00
iscsi_ibft_find.c iscsi_ibft: fix warning in reserve_ibft_region() 2021-08-05 19:47:57 -04:00
iscsi_ibft.c iscsi_ibft: Fix isa_bus_to_virt not working under ARM 2021-09-02 16:22:00 -04:00
Kconfig sound updates for 5.19-rc1 2022-05-25 16:55:16 -07:00
Makefile Follow-up tweaks for the EFI changes in v5.19 2022-06-03 13:39:30 -07:00
memmap.c firmware: memmap: use default_groups in kobj_type 2022-01-05 19:17:29 +01:00
mtk-adsp-ipc.c firmware: mediatek: Use meaningful names for mbox 2022-06-22 13:39:30 +01:00
pcdp.c
pcdp.h
qcom_scm-legacy.c firmware: qcom_scm-legacy: correct kerneldoc 2022-06-25 22:04:31 -05:00
qcom_scm-smc.c
qcom_scm.c firmware: qcom_scm: Add bw voting support to the SCM interface 2022-06-29 21:48:32 -05:00
qcom_scm.h firmware: qcom: scm: Add support for MC boot address API 2022-02-03 21:54:48 -06:00
qemu_fw_cfg.c firmware: qemu_fw_cfg: remove sysfs entries explicitly 2022-01-14 18:50:52 -05:00
raspberrypi.c firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' 2021-08-18 16:02:08 +02:00
scpi_pm_domain.c firmware: arm_scpi: Fix string overflow in SCPI genpd driver 2021-12-13 15:17:37 +01:00
stratix10-rsu.c firmware: stratix10-rsu: extend RSU driver to get DCMF status 2022-07-14 16:55:09 +02:00
stratix10-svc.c firmware: stratix10-svc: To support a command ATF Get Version 2022-07-14 16:55:09 +02:00
sysfb_simplefb.c firmware: sysfb: Make sysfb_create_simplefb() return a pdev pointer 2022-06-29 09:51:31 +02:00
sysfb.c firmware: sysfb: Add sysfb_disable() helper function 2022-06-29 09:51:41 +02:00
ti_sci.c firmware: ti_sci: Switch transport to polled mode during system suspend 2022-05-03 06:52:11 -05:00
ti_sci.h
trusted_foundations.c
turris-mox-rwtm.c mvebu drivers for 5.14 (part 1) 2021-06-23 18:57:40 -07:00