rpms / tpm2-tools

Clone
Source Code
GIT

Blame SOURCES/0007-tpm2_eventlog_yaml-fix-parsing-for-MokListTrusted.patch

c7 c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta
  1.   c9-beta
  2.   SOURCES
  3.   0007-tpm2_eventlog_yaml-fix-parsing-for-MokListTrusted.patch
Blob History Raw
0e8bff 
From c26464eb59b71b40bea11b4829b2a848343081f2 Mon Sep 17 00:00:00 2001
0e8bff 
From: Thore Sommer <mail@thson.de>
0e8bff 
Date: Sat, 8 Oct 2022 21:29:18 +0300
0e8bff 
Subject: [PATCH 7/9] tpm2_eventlog_yaml: fix parsing for MokListTrusted
0e8bff
0e8bff 
Not all data in events of the EV_EFI_VARIABLE_AUTHORITY are
0e8bff 
EFI_SIGNATURE_DATA. The entry for MokListTrusted is a boolean
0e8bff 
encoded as an integer similar to SecureBoot variable.
0e8bff
0e8bff 
Fixes #3050
0e8bff
0e8bff 
Signed-off-by: Thore Sommer <mail@thson.de>
0e8bff 
---
0e8bff 
 lib/tpm2_eventlog_yaml.c | 60 +++++++++++++++++++++++++++-------------
0e8bff 
 1 file changed, 41 insertions(+), 19 deletions(-)
0e8bff
0e8bff 
diff --git a/lib/tpm2_eventlog_yaml.c b/lib/tpm2_eventlog_yaml.c
0e8bff 
index 66a20701..0b1d0318 100644
0e8bff 
--- a/lib/tpm2_eventlog_yaml.c
0e8bff 
+++ b/lib/tpm2_eventlog_yaml.c
0e8bff 
@@ -418,27 +418,49 @@ static bool yaml_uefi_var(UEFI_VARIABLE_DATA *data, size_t size, UINT32 type,
0e8bff 
                 }
0e8bff 
                 return true;
0e8bff 
             }
0e8bff 
-            /* Other variables will be printed as a hex string */
0e8bff 
         } else if (type == EV_EFI_VARIABLE_AUTHORITY) {
0e8bff 
-            free(ret);
0e8bff 
-            tpm2_tool_output("    VariableData:\n");
0e8bff 
-
0e8bff 
-            EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[
0e8bff 
-                data->UnicodeNameLength];
0e8bff 
-            char *sdata = calloc (1,
0e8bff 
-                BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
0e8bff 
-            if (sdata == NULL) {
0e8bff 
-                LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
0e8bff 
-                return false;
0e8bff 
+            /* The MokListTrusted is boolean option, not a EFI_SIGNATURE_DATA*/
0e8bff 
+            if ((strlen(ret) == 14 && strncmp(ret, "MokListTrusted", 14) == 0)) {
0e8bff 
+                free(ret);
0e8bff 
+                tpm2_tool_output("    VariableData:\n"
0e8bff 
+                                 "      Enabled: ");
0e8bff 
+                if (data->VariableDataLength == 0) {
0e8bff 
+                    tpm2_tool_output("'No'\n");
0e8bff 
+                } else if (data->VariableDataLength > 1) {
0e8bff 
+                    LOG_ERR("MokListTrusted value length %" PRIu64 " is unexpectedly > 1\n",
0e8bff 
+                            data->VariableDataLength);
0e8bff 
+                    return false;
0e8bff 
+                } else {
0e8bff 
+                    uint8_t *variable_data = (uint8_t *)&data->UnicodeName[
0e8bff 
+                        data->UnicodeNameLength];
0e8bff 
+                    if (*variable_data == 0) {
0e8bff 
+                        tpm2_tool_output("'No'\n");
0e8bff 
+                    } else {
0e8bff 
+                        tpm2_tool_output("'Yes'\n");
0e8bff 
+                    }
0e8bff 
+                }
0e8bff 
+                return true;
0e8bff 
+            } else {
0e8bff 
+                /* Other variables will be printed as a hex string */
0e8bff 
+                free(ret);
0e8bff 
+                tpm2_tool_output("    VariableData:\n");
0e8bff 
+                EFI_SIGNATURE_DATA *s= (EFI_SIGNATURE_DATA *)&data->UnicodeName[
0e8bff 
+                    data->UnicodeNameLength];
0e8bff 
+                char *sdata = calloc (1,
0e8bff 
+                    BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
0e8bff 
+                if (sdata == NULL) {
0e8bff 
+                    LOG_ERR("Failled to allocate data: %s\n", strerror(errno));
0e8bff 
+                    return false;
0e8bff 
+                }
0e8bff 
+                bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID),
0e8bff 
+                    sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
0e8bff 
+                guid_unparse_lower(s->SignatureOwner, uuidstr);
0e8bff 
+                tpm2_tool_output("    - SignatureOwner: %s\n"
0e8bff 
+                                "      SignatureData: %s\n",
0e8bff 
+                                uuidstr, sdata);
0e8bff 
+                free(sdata);
0e8bff 
+                return true;
0e8bff 
             }
0e8bff 
-            bytes_to_str(s->SignatureData, data->VariableDataLength - sizeof(EFI_GUID),
0e8bff 
-                sdata, BYTES_TO_HEX_STRING_SIZE(data->VariableDataLength - sizeof(EFI_GUID)));
0e8bff 
-            guid_unparse_lower(s->SignatureOwner, uuidstr);
0e8bff 
-            tpm2_tool_output("    - SignatureOwner: %s\n"
0e8bff 
-                             "      SignatureData: %s\n",
0e8bff 
-                             uuidstr, sdata);
0e8bff 
-            free(sdata);
0e8bff 
-            return true;
0e8bff 
         } else if (type == EV_EFI_VARIABLE_BOOT || type == EV_EFI_VARIABLE_BOOT2) {
0e8bff 
             if ((strlen(ret) == 9 && strncmp(ret, "BootOrder", 9) == 0)) {
0e8bff 
                 free(ret);
0e8bff 
--
0e8bff 
2.37.3
0e8bff

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation