[grub2.git] / grub-core / commands / tpm.c

/*
 *  GRUB  --  GRand Unified Bootloader
 *  Copyright (C) 2018  Free Software Foundation, Inc.
 *
 *  GRUB is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  GRUB is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
 *
 *  Core TPM support code.
 */

#include <grub/err.h>
#include <grub/i18n.h>
#include <grub/misc.h>
#include <grub/mm.h>
#include <grub/tpm.h>
#include <grub/term.h>
#include <grub/verify.h>
#include <grub/dl.h>

GRUB_MOD_LICENSE ("GPLv3+");

grub_err_t
grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
		  const char *description)
{
  return grub_tpm_log_event (buf, size, pcr, description);
}

static grub_err_t
grub_tpm_verify_init (grub_file_t io,
		      enum grub_file_type type __attribute__ ((unused)),
		      void **context, enum grub_verify_flags *flags)
{
  *context = io->name;
  *flags |= GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
  return GRUB_ERR_NONE;
}

static grub_err_t
grub_tpm_verify_write (void *context, void *buf, grub_size_t size)
{
  return grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context);
}

static grub_err_t
grub_tpm_verify_string (char *str, enum grub_verify_string_type type)
{
  const char *prefix = NULL;
  char *description;
  grub_err_t status;

  switch (type)
    {
    case GRUB_VERIFY_KERNEL_CMDLINE:
      prefix = "kernel_cmdline: ";
      break;
    case GRUB_VERIFY_MODULE_CMDLINE:
      prefix = "module_cmdline: ";
      break;
    case GRUB_VERIFY_COMMAND:
      prefix = "grub_cmd: ";
      break;
    }
  description = grub_malloc (grub_strlen (str) + grub_strlen (prefix) + 1);
  if (!description)
    return grub_errno;
  grub_memcpy (description, prefix, grub_strlen (prefix));
  grub_memcpy (description + grub_strlen (prefix), str,
	       grub_strlen (str) + 1);
  status =
    grub_tpm_measure ((unsigned char *) str, grub_strlen (str),
		      GRUB_STRING_PCR, description);
  grub_free (description);
  return status;
}

struct grub_file_verifier grub_tpm_verifier = {
  .name = "tpm",
  .init = grub_tpm_verify_init,
  .write = grub_tpm_verify_write,
  .verify_string = grub_tpm_verify_string,
};

GRUB_MOD_INIT (tpm)
{
  grub_verifier_register (&grub_tpm_verifier);
}

GRUB_MOD_FINI (tpm)
{
  grub_verifier_unregister (&grub_tpm_verifier);
}
Commit	Line	Data
d6ca0a90 MG	1	/*
	2	* GRUB -- GRand Unified Bootloader
	3	* Copyright (C) 2018 Free Software Foundation, Inc.
	4	*
	5	* GRUB is free software: you can redistribute it and/or modify
	6	* it under the terms of the GNU General Public License as published by
	7	* the Free Software Foundation, either version 3 of the License, or
	8	* (at your option) any later version.
	9	*
	10	* GRUB is distributed in the hope that it will be useful,
	11	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	* GNU General Public License for more details.
	14	*
	15	* You should have received a copy of the GNU General Public License
	16	* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
	17	*
	18	* Core TPM support code.
	19	*/
	20
	21	#include <grub/err.h>
	22	#include <grub/i18n.h>
	23	#include <grub/misc.h>
	24	#include <grub/mm.h>
	25	#include <grub/tpm.h>
	26	#include <grub/term.h>
	27	#include <grub/verify.h>
	28	#include <grub/dl.h>
	29
	30	GRUB_MOD_LICENSE ("GPLv3+");
	31
	32	grub_err_t
	33	grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
	34	const char *description)
	35	{
	36	return grub_tpm_log_event (buf, size, pcr, description);
	37	}
	38
	39	static grub_err_t
	40	grub_tpm_verify_init (grub_file_t io,
	41	enum grub_file_type type __attribute__ ((unused)),
	42	void *context, enum grub_verify_flags flags)
	43	{
	44	*context = io->name;
	45	*flags \|= GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
	46	return GRUB_ERR_NONE;
	47	}
	48
	49	static grub_err_t
	50	grub_tpm_verify_write (void context, void buf, grub_size_t size)
	51	{
	52	return grub_tpm_measure (buf, size, GRUB_BINARY_PCR, context);
	53	}
	54
	55	static grub_err_t
	56	grub_tpm_verify_string (char *str, enum grub_verify_string_type type)
	57	{
	58	const char *prefix = NULL;
	59	char *description;
	60	grub_err_t status;
	61
	62	switch (type)
	63	{
	64	case GRUB_VERIFY_KERNEL_CMDLINE:
65	prefix = "kernel_cmdline: ";
66	break;
67	case GRUB_VERIFY_MODULE_CMDLINE:
68	prefix = "module_cmdline: ";
69	break;
70	case GRUB_VERIFY_COMMAND:
71	prefix = "grub_cmd: ";
72	break;
73	}
74	description = grub_malloc (grub_strlen (str) + grub_strlen (prefix) + 1);
75	if (!description)
76	return grub_errno;
77	grub_memcpy (description, prefix, grub_strlen (prefix));
78	grub_memcpy (description + grub_strlen (prefix), str,
79	grub_strlen (str) + 1);
80	status =
81	grub_tpm_measure ((unsigned char *) str, grub_strlen (str),
82	GRUB_STRING_PCR, description);
83	grub_free (description);
84	return status;
85	}
86
87	struct grub_file_verifier grub_tpm_verifier = {
88	.name = "tpm",
89	.init = grub_tpm_verify_init,
90	.write = grub_tpm_verify_write,
91	.verify_string = grub_tpm_verify_string,
92	};
93
94	GRUB_MOD_INIT (tpm)
95	{
96	grub_verifier_register (&grub_tpm_verifier);
97	}
98
99	GRUB_MOD_FINI (tpm)
100	{
101	grub_verifier_unregister (&grub_tpm_verifier);
102	}