From nobody Thu Nov 28 12:57:33 2024 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D552A24211; Tue, 1 Oct 2024 03:20:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727752843; cv=none; b=ibCGysEJ7BIzbuXXys6nMqxw755ABy3LxJe5MJUQZ9KoTN7tF+RtCRVjtgbr6PwS0PaqisGgQzT7Ob3r+MOK0xMu40Y/6ta1bHvnj0YNW2UFjR86Rc9/7n4ATnqiF6cxvPiL4taI7FOO/IshXxTBmD53N51Rad96AXWXRHWwxEo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727752843; c=relaxed/simple; bh=p7OHM1nbg/aKAZsH49mg1d+8854HCwiiW0Huzc1pSrg=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=FomG223v4KPi5yV1+fWJDim2ZdPHsW6hVJRXKNwiRzrE8Jl1drvu1Bx4KQLQbzOYuy7oBHA1VnJ6cYLHBcc13FGr41ezswdBF+iXddeP5JnD4SNnYwAshjqMB+MNaeha766XQKsX47EdfDWlq8woKaPomqMu2B1xm7Ffg0QTmEg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 63BB9367; Mon, 30 Sep 2024 20:21:10 -0700 (PDT) Received: from u200865.usa.arm.com (usa-sjc-mx-foss1.foss.arm.com [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B36A63F587; Mon, 30 Sep 2024 20:20:40 -0700 (PDT) From: Jeremy Linton To: linux-efi@vger.kernel.org Cc: ardb@kernel.org, bp@alien8.de, sathyanarayanan.kuppuswamy@linux.intel.com, linux-kernel@vger.kernel.org, Jeremy Linton Subject: [PATCH] efi/libstub: measure initrd to PCR9 independent of source Date: Mon, 30 Sep 2024 22:20:28 -0500 Message-ID: <20241001032028.483199-1-jeremy.linton@arm.com> X-Mailer: git-send-email 2.46.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently the initrd is only measured if it can be loaded using the INITRD_MEDIA_GUID, if we are loading it from a path provided via the command line it is never measured. Lets move the check down a couple lines so the measurement happens independent of the source. Signed-off-by: Jeremy Linton Reviewed-by: Ilias Apalodimas --- drivers/firmware/efi/libstub/efi-stub-helper.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmw= are/efi/libstub/efi-stub-helper.c index de659f6a815f..555f84287f0b 100644 --- a/drivers/firmware/efi/libstub/efi-stub-helper.c +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c @@ -621,10 +621,6 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image, status =3D efi_load_initrd_dev_path(&initrd, hard_limit); if (status =3D=3D EFI_SUCCESS) { efi_info("Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path\n"); - if (initrd.size > 0 && - efi_measure_tagged_event(initrd.base, initrd.size, - EFISTUB_EVT_INITRD) =3D=3D EFI_SUCCESS) - efi_info("Measured initrd data into PCR 9\n"); } else if (status =3D=3D EFI_NOT_FOUND) { status =3D efi_load_initrd_cmdline(image, &initrd, soft_limit, hard_limit); @@ -637,6 +633,11 @@ efi_status_t efi_load_initrd(efi_loaded_image_t *image, if (status !=3D EFI_SUCCESS) goto failed; =20 + if (initrd.size > 0 && + efi_measure_tagged_event(initrd.base, initrd.size, + EFISTUB_EVT_INITRD) =3D=3D EFI_SUCCESS) + efi_info("Measured initrd data into PCR 9\n"); + status =3D efi_bs_call(allocate_pool, EFI_LOADER_DATA, sizeof(initrd), (void **)&tbl); if (status !=3D EFI_SUCCESS) --=20 2.46.1