aboutsummaryrefslogtreecommitdiff
path: root/drivers/firmware/efi/tpm.c
AgeCommit message (Collapse)AuthorFilesLines
2020-05-22Merge tag 'efi-fixes-for-v5.7-rc6' of ↵Borislav Petkov1-1/+4
git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi into efi/urgent Pull EFI fixes from Ard Biesheuvel: "- fix EFI framebuffer earlycon for wide fonts - avoid filling screen_info with garbage if the EFI framebuffer is not available - fix a potential host tool build error due to a symbol clash on x86 - work around a EFI firmware bug regarding the binary format of the TPM final events table - fix a missing memory free by reworking the E820 table sizing routine to not do the allocation in the first place - add CPER parsing for firmware errors"
2020-05-17tpm: check event log version before reading final eventsLoïc Yhuel1-1/+4
This fixes the boot issues since 5.3 on several Dell models when the TPM is enabled. Depending on the exact grub binary, booting the kernel would freeze early, or just report an error parsing the final events log. We get an event log in the SHA-1 format, which doesn't have a tcg_efi_specid_event_head in the first event, and there is a final events table which doesn't match the crypto agile format. __calc_tpm2_event_size reads bad "count" and "efispecid->num_algs", and either fails, or loops long enough for the machine to be appear frozen. So we now only parse the final events table, which is per the spec always supposed to be in the crypto agile format, when we got a event log in this format. Fixes: c46f3405692de ("tpm: Reserve the TPM final events table") Fixes: 166a2809d65b2 ("tpm: Don't duplicate events from the final event log in the TCG2 log") Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1779611 Signed-off-by: Loïc Yhuel <[email protected]> Link: https://lore.kernel.org/r/[email protected] Reviewed-by: Javier Martinez Canillas <[email protected]> Reviewed-by: Jerry Snitselaar <[email protected]> Reviewed-by: Matthew Garrett <[email protected]> [ardb: warn when final events table is missing or in the wrong format] Signed-off-by: Ard Biesheuvel <[email protected]>
2020-05-09gcc-10: mark more functions __init to avoid section mismatch warningsLinus Torvalds1-1/+1
It seems that for whatever reason, gcc-10 ends up not inlining a couple of functions that used to be inlined before. Even if they only have one single callsite - it looks like gcc may have decided that the code was unlikely, and not worth inlining. The code generation difference is harmless, but caused a few new section mismatch errors, since the (now no longer inlined) function wasn't in the __init section, but called other init functions: Section mismatch in reference from the function kexec_free_initrd() to the function .init.text:free_initrd_mem() Section mismatch in reference from the function tpm2_calc_event_log_size() to the function .init.text:early_memremap() Section mismatch in reference from the function tpm2_calc_event_log_size() to the function .init.text:early_memunmap() So add the appropriate __init annotation to make modpost not complain. In both cases there were trivially just a single callsite from another __init function. Signed-off-by: Linus Torvalds <[email protected]>
2019-10-31efi/tpm: Return -EINVAL when determining tpm final events log size failsJerry Snitselaar1-0/+1
Currently nothing checks the return value of efi_tpm_eventlog_init(), but in case that changes in the future make sure an error is returned when it fails to determine the tpm final events log size. Suggested-by: Dan Carpenter <[email protected]> Signed-off-by: Jerry Snitselaar <[email protected]> Signed-off-by: Ard Biesheuvel <[email protected]> Reviewed-by: Jarkko Sakkinen <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: [email protected] Fixes: e658c82be556 ("efi/tpm: Only set 'efi_tpm_final_log_size' after ...") Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Ingo Molnar <[email protected]>
2019-10-08efi/tpm: Fix sanity check of unsigned tbl_size being less than zeroColin Ian King1-1/+1
Currently the check for tbl_size being less than zero is always false because tbl_size is unsigned. Fix this by making it a signed int. Addresses-Coverity: ("Unsigned compared against 0") Signed-off-by: Colin Ian King <[email protected]> Cc: Ard Biesheuvel <[email protected]> Cc: Jerry Snitselaar <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: [email protected] Cc: [email protected] Fixes: e658c82be556 ("efi/tpm: Only set 'efi_tpm_final_log_size' after successful event log parsing") Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Ingo Molnar <[email protected]>
2019-10-07efi/tpm: Only set 'efi_tpm_final_log_size' after successful event log parsingJerry Snitselaar1-1/+8
If __calc_tpm2_event_size() fails to parse an event it will return 0, resulting tpm2_calc_event_log_size() returning -1. Currently there is no check of this return value, and 'efi_tpm_final_log_size' can end up being set to this negative value resulting in a crash like this one: BUG: unable to handle page fault for address: ffffbc8fc00866ad #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page RIP: 0010:memcpy_erms+0x6/0x10 Call Trace: tpm_read_log_efi() tpm_bios_log_setup() tpm_chip_register() tpm_tis_core_init.cold.9+0x28c/0x466 tpm_tis_plat_probe() platform_drv_probe() ... Also __calc_tpm2_event_size() returns a size of 0 when it fails to parse an event, so update function documentation to reflect this. The root cause of the issue that caused the failure of event parsing in this case is resolved by Peter Jone's patchset dealing with large event logs where crossing over a page boundary causes the page with the event count to be unmapped. Signed-off-by: Jerry Snitselaar <[email protected]> Signed-off-by: Ard Biesheuvel <[email protected]> Cc: Ben Dooks <[email protected]> Cc: Dave Young <[email protected]> Cc: Jarkko Sakkinen <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Lukas Wunner <[email protected]> Cc: Lyude Paul <[email protected]> Cc: Matthew Garrett <[email protected]> Cc: Octavian Purdila <[email protected]> Cc: Peter Jones <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Scott Talbert <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: [email protected] Cc: [email protected] Cc: [email protected] Fixes: c46f3405692de ("tpm: Reserve the TPM final events table") Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Ingo Molnar <[email protected]>
2019-10-07efi/tpm: Don't traverse an event log with no eventsPeter Jones1-5/+10
When there are no entries to put into the final event log, some machines will return the template they would have populated anyway. In this case the nr_events field is 0, but the rest of the log is just garbage. This patch stops us from trying to iterate the table with __calc_tpm2_event_size() when the number of events in the table is 0. Tested-by: Lyude Paul <[email protected]> Signed-off-by: Peter Jones <[email protected]> Signed-off-by: Jarkko Sakkinen <[email protected]> Signed-off-by: Ard Biesheuvel <[email protected]> Reviewed-by: Jarkko Sakkinen <[email protected]> Acked-by: Matthew Garrett <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Cc: Ben Dooks <[email protected]> Cc: Dave Young <[email protected]> Cc: Jerry Snitselaar <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Lukas Wunner <[email protected]> Cc: Octavian Purdila <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Scott Talbert <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: [email protected] Cc: [email protected] Cc: [email protected] Fixes: c46f3405692d ("tpm: Reserve the TPM final events table") Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Ingo Molnar <[email protected]>
2019-06-24tpm: Reserve the TPM final events tableMatthew Garrett1-4/+59
UEFI systems provide a boot services protocol for obtaining the TPM event log, but this is unusable after ExitBootServices() is called. Unfortunately ExitBootServices() itself triggers additional TPM events that then can't be obtained using this protocol. The platform provides a mechanism for the OS to obtain these events by recording them to a separate UEFI configuration table which the OS can then map. Unfortunately this table isn't self describing in terms of providing its length, so we need to parse the events inside it to figure out how long it is. Since the table isn't mapped at this point, we need to extend the length calculation function to be able to map the event as it goes along. (Fixes by Bartosz Szczepanek <[email protected]>) Signed-off-by: Matthew Garrett <[email protected]> Acked-by: Ard Biesheuvel <[email protected]> Reviewed-by: Bartosz Szczepanek <[email protected]> Tested-by: Bartosz Szczepanek <[email protected]> Reviewed-by: Jarkko Sakkinen <[email protected]> Tested-by: Jarkko Sakkinen <[email protected]> Signed-off-by: Jarkko Sakkinen <[email protected]>
2019-02-04efi: Replace GPL license boilerplate with SPDX headersArd Biesheuvel1-4/+1
Replace all GPL license blurbs with an equivalent SPDX header (most files are GPLv2, some are GPLv2+). While at it, drop some outdated header changelogs as well. Signed-off-by: Ard Biesheuvel <[email protected]> Cc: AKASHI Takahiro <[email protected]> Cc: Alexander Graf <[email protected]> Cc: Bjorn Andersson <[email protected]> Cc: Borislav Petkov <[email protected]> Cc: Heinrich Schuchardt <[email protected]> Cc: Jeffrey Hugo <[email protected]> Cc: Lee Jones <[email protected]> Cc: Leif Lindholm <[email protected]> Cc: Linus Torvalds <[email protected]> Cc: Matt Fleming <[email protected]> Cc: Peter Jones <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Sai Praneeth Prakhya <[email protected]> Cc: Thomas Gleixner <[email protected]> Cc: [email protected] Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Ingo Molnar <[email protected]>
2018-01-08efi: call get_event_log before ExitBootServicesThiebaud Weksteen1-0/+40
With TPM 2.0 specification, the event logs may only be accessible by calling an EFI Boot Service. Modify the EFI stub to copy the log area to a new Linux-specific EFI configuration table so it remains accessible once booted. When calling this service, it is possible to specify the expected format of the logs: TPM 1.2 (SHA1) or TPM 2.0 ("Crypto Agile"). For now, only the first format is retrieved. Signed-off-by: Thiebaud Weksteen <[email protected]> Reviewed-by: Javier Martinez Canillas <[email protected]> Tested-by: Javier Martinez Canillas <[email protected]> Tested-by: Jarkko Sakkinen <[email protected]> Reviewed-by: Jarkko Sakkinen <[email protected]> Signed-off-by: Jarkko Sakkinen <[email protected]>