From 55944e5e40b1be2afc4855d8d2baf4b73d1876b5 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 10 Apr 2024 22:49:52 +0200 Subject: Adding upstream version 255.4. Signed-off-by: Daniel Baumann --- src/pcrlock/pcrlock.c | 5011 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 5011 insertions(+) create mode 100644 src/pcrlock/pcrlock.c (limited to 'src/pcrlock/pcrlock.c') diff --git a/src/pcrlock/pcrlock.c b/src/pcrlock/pcrlock.c new file mode 100644 index 0000000..bdc6bbd --- /dev/null +++ b/src/pcrlock/pcrlock.c @@ -0,0 +1,5011 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ + +#include +#include +#include +#include + +#include "sd-device.h" + +#include "ask-password-api.h" +#include "blockdev-util.h" +#include "build.h" +#include "chase.h" +#include "conf-files.h" +#include "efi-api.h" +#include "env-util.h" +#include "escape.h" +#include "fd-util.h" +#include "fileio.h" +#include "format-table.h" +#include "format-util.h" +#include "fs-util.h" +#include "gpt.h" +#include "hash-funcs.h" +#include "hexdecoct.h" +#include "initrd-util.h" +#include "main-func.h" +#include "mkdir-label.h" +#include "openssl-util.h" +#include "ordered-set.h" +#include "parse-argument.h" +#include "parse-util.h" +#include "path-util.h" +#include "pcrextend-util.h" +#include "pcrlock-firmware.h" +#include "pehash.h" +#include "pretty-print.h" +#include "proc-cmdline.h" +#include "random-util.h" +#include "recovery-key.h" +#include "sort-util.h" +#include "terminal-util.h" +#include "tpm2-util.h" +#include "unaligned.h" +#include "unit-name.h" +#include "utf8.h" +#include "verbs.h" + +static PagerFlags arg_pager_flags = 0; +static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF|JSON_FORMAT_NEWLINE; +static char **arg_components = NULL; +static uint32_t arg_pcr_mask = 0; +static char *arg_pcrlock_path = NULL; +static bool arg_pcrlock_auto = true; +static bool arg_raw_description = false; +static char *arg_location_start = NULL; +static char *arg_location_end = NULL; +static TPM2_HANDLE arg_nv_index = 0; +static bool arg_recovery_pin = false; +static char *arg_policy_path = NULL; +static bool arg_force = false; + +STATIC_DESTRUCTOR_REGISTER(arg_components, strv_freep); +STATIC_DESTRUCTOR_REGISTER(arg_pcrlock_path, freep); +STATIC_DESTRUCTOR_REGISTER(arg_location_start, freep); +STATIC_DESTRUCTOR_REGISTER(arg_location_end, freep); +STATIC_DESTRUCTOR_REGISTER(arg_policy_path, freep); + +#define PCRLOCK_SECUREBOOT_POLICY_PATH "/var/lib/pcrlock.d/240-secureboot-policy.pcrlock.d/generated.pcrlock" +#define PCRLOCK_FIRMWARE_CODE_EARLY_PATH "/var/lib/pcrlock.d/250-firmware-code-early.pcrlock.d/generated.pcrlock" +#define PCRLOCK_FIRMWARE_CONFIG_EARLY_PATH "/var/lib/pcrlock.d/250-firmware-config-early.pcrlock.d/generated.pcrlock" +#define PCRLOCK_FIRMWARE_CODE_LATE_PATH "/var/lib/pcrlock.d/550-firmware-code-late.pcrlock.d/generated.pcrlock" +#define PCRLOCK_FIRMWARE_CONFIG_LATE_PATH "/var/lib/pcrlock.d/550-firmware-config-late.pcrlock.d/generated.pcrlock" +#define PCRLOCK_GPT_PATH "/var/lib/pcrlock.d/600-gpt.pcrlock.d/generated.pcrlock" +#define PCRLOCK_SECUREBOOT_AUTHORITY_PATH "/var/lib/pcrlock.d/620-secureboot-authority.pcrlock.d/generated.pcrlock" +#define PCRLOCK_KERNEL_CMDLINE_PATH "/var/lib/pcrlock.d/710-kernel-cmdline.pcrlock.d/generated.pcrlock" +#define PCRLOCK_KERNEL_INITRD_PATH "/var/lib/pcrlock.d/720-kernel-initrd.pcrlock.d/generated.pcrlock" +#define PCRLOCK_MACHINE_ID_PATH "/var/lib/pcrlock.d/820-machine-id.pcrlock" +#define PCRLOCK_ROOT_FILE_SYSTEM_PATH "/var/lib/pcrlock.d/830-root-file-system.pcrlock" +#define PCRLOCK_FILE_SYSTEM_PATH_PREFIX "/var/lib/pcrlock.d/840-file-system-" + +/* The default set of PCRs to lock to */ +#define DEFAULT_PCR_MASK \ + ((UINT32_C(1) << TPM2_PCR_PLATFORM_CODE) | \ + (UINT32_C(1) << TPM2_PCR_PLATFORM_CONFIG) | \ + (UINT32_C(1) << TPM2_PCR_EXTERNAL_CODE) | \ + (UINT32_C(1) << TPM2_PCR_EXTERNAL_CONFIG) | \ + (UINT32_C(1) << TPM2_PCR_BOOT_LOADER_CODE) | \ + (UINT32_C(1) << TPM2_PCR_BOOT_LOADER_CONFIG) | \ + (UINT32_C(1) << TPM2_PCR_SECURE_BOOT_POLICY) | \ + (UINT32_C(1) << TPM2_PCR_KERNEL_BOOT) | \ + (UINT32_C(1) << TPM2_PCR_KERNEL_CONFIG) | \ + (UINT32_C(1) << TPM2_PCR_SYSEXTS) | \ + (UINT32_C(1) << TPM2_PCR_SHIM_POLICY) | \ + (UINT32_C(1) << TPM2_PCR_SYSTEM_IDENTITY)) + +typedef struct EventLogRecordBank EventLogRecordBank; +typedef struct EventLogRecord EventLogRecord; +typedef struct EventLogRegisterBank EventLogRegisterBank; +typedef struct EventLogRegister EventLogRegister; +typedef struct EventLogComponentVariant EventLogComponentVariant; +typedef struct EventLogComponent EventLogComponent; +typedef struct EventLog EventLog; + +struct EventLogRecordBank { + uint16_t algorithm; + TPM2B_DIGEST hash; + LIST_FIELDS(EventLogRecordBank, banks); +}; + +typedef enum EventPayloadValid { + EVENT_PAYLOAD_VALID_YES, + EVENT_PAYLOAD_VALID_NO, + EVENT_PAYLOAD_VALID_DONT_KNOW, + _EVENT_PAYLOAD_VALID_MAX, + _EVENT_PAYLOAD_VALID_INVALID = -EINVAL, +} EventPayloadValid; + +struct EventLogRecord { + EventLog *event_log; + uint32_t pcr; + + const char *source; + char *description; + + /* Data for firmware events (i.e. "TCG PC Client Platform Firmware Profile Specification" events) */ + uint32_t firmware_event_type; + void *firmware_payload; + size_t firmware_payload_size; + + /* Data for userspace events (i.e. those generated by systemd in userspace */ + Tpm2UserspaceEventType userspace_event_type; + JsonVariant *userspace_content; + + /* Validation result for the event payload itself, if the record contains enough information to validate the hash */ + EventPayloadValid event_payload_valid; + + /* If this record matches an variant of one of our defined components */ + EventLogComponentVariant **mapped; + size_t n_mapped; + + /* If this record is part of an EventLogComponentVariant */ + EventLogComponentVariant *owning_component_variant; + + LIST_HEAD(EventLogRecordBank, banks); +}; + +#define EVENT_LOG_RECORD_IS_FIRMWARE(record) ((record)->firmware_event_type != UINT32_MAX) +#define EVENT_LOG_RECORD_IS_USERSPACE(record) ((record)->userspace_event_type >= 0) + +struct EventLogRegisterBank { + TPM2B_DIGEST observed; + TPM2B_DIGEST calculated; +}; + +struct EventLogRegister { + char *color; + unsigned n_measurements; + bool fully_recognized; /* true if all measurements in this register have been recognized to match components */ + EventLogRegisterBank *banks; +}; + +struct EventLogComponentVariant { + EventLogComponent *component; + + char *id; + char *path; + + EventLogRecord **records; + size_t n_records; +}; + +struct EventLogComponent { + char *id; + + EventLogComponentVariant **variants; + size_t n_variants; +}; + +struct EventLog { + EventLogRecord **records; + size_t n_records; + + uint16_t *algorithms; + size_t n_algorithms; + bool algorithms_locked; /* if algorithms where set explicitly by user, and we should not determine them automatically */ + + const EVP_MD **mds; + + /* The hash algorithm which we focus on for matching up components */ + uint16_t primary_algorithm; + + uint8_t startup_locality; + bool startup_locality_found; + + EventLogRegister registers[TPM2_PCRS_MAX]; + + EventLogComponent **components; + size_t n_components; + + /* Number of components which we couldn't find in the event log */ + size_t n_missing_components; + + /* PCRs mask indicating all PCRs touched by unrecognized components */ + uint32_t missing_component_pcrs; +}; + +static EventLogRecordBank *event_log_record_bank_free(EventLogRecordBank *bank) { + return mfree(bank); +} + +DEFINE_TRIVIAL_CLEANUP_FUNC(EventLogRecordBank*, event_log_record_bank_free); + +static EventLogRecord *event_log_record_free(EventLogRecord *record) { + EventLogRecordBank *bank; + + if (!record) + return NULL; + + free(record->description); + free(record->firmware_payload); + json_variant_unref(record->userspace_content); + + while ((bank = LIST_POP(banks, record->banks))) + event_log_record_bank_free(bank); + + free(record->mapped); + + return mfree(record); +} + +DEFINE_TRIVIAL_CLEANUP_FUNC(EventLogRecord*, event_log_record_free); + +static void event_log_register_done(EventLog *el, EventLogRegister *reg) { + assert(reg); + + free(reg->color); + free(reg->banks); +} + +static EventLogComponentVariant* event_log_component_variant_free(EventLogComponentVariant *variant) { + if (!variant) + return NULL; + + free(variant->id); + free(variant->path); + + FOREACH_ARRAY(record, variant->records, variant->n_records) + event_log_record_free(*record); + + free(variant->records); + + return mfree(variant); +} + +DEFINE_TRIVIAL_CLEANUP_FUNC(EventLogComponentVariant*, event_log_component_variant_free); + +static EventLogComponent* event_log_component_free(EventLogComponent *component) { + if (!component) + return NULL; + + FOREACH_ARRAY(variant, component->variants, component->n_variants) + event_log_component_variant_free(*variant); + free(component->variants); + + free(component->id); + + return mfree(component); +} + +DEFINE_TRIVIAL_CLEANUP_FUNC(EventLogComponent*, event_log_component_free); + +static EventLog* event_log_free(EventLog *el) { + if (!el) + return NULL; + + FOREACH_ARRAY(p, el->registers, TPM2_PCRS_MAX) + event_log_register_done(el, p); + + FOREACH_ARRAY(rr, el->records, el->n_records) + event_log_record_free(*rr); + free(el->records); + + FOREACH_ARRAY(c, el->components, el->n_components) + event_log_component_free(*c); + free(el->components); + + free(el->algorithms); + free(el->mds); + + return mfree(el); +} + +DEFINE_TRIVIAL_CLEANUP_FUNC(EventLog*, event_log_free); + +static EventLogRecord* event_log_record_new(EventLog *el) { + EventLogRecord *record; + + record = new(EventLogRecord, 1); + if (!record) + return NULL; + + *record = (EventLogRecord) { + .event_log = el, + .firmware_event_type = UINT32_MAX, + .userspace_event_type = _TPM2_USERSPACE_EVENT_TYPE_INVALID, + .event_payload_valid = _EVENT_PAYLOAD_VALID_INVALID, + }; + + return record; +} + +static int event_log_add_record( + EventLog *el, + EventLogRecord **ret) { + + _cleanup_(event_log_record_freep) EventLogRecord *record = NULL; + + assert(el); + + if (!GREEDY_REALLOC(el->records, el->n_records+1)) + return -ENOMEM; + + record = event_log_record_new(el); + if (!record) + return -ENOMEM; + + el->records[el->n_records++] = record; + + if (ret) + *ret = record; + + TAKE_PTR(record); + + return 0; +} + +static int event_log_add_algorithm(EventLog *el, uint16_t alg) { + assert(el); + + if (el->algorithms_locked) /* algorithms configured via env var, don't add any further automatically */ + return 0; + + if (typesafe_bsearch(&alg, el->algorithms, el->n_algorithms, cmp_uint16)) + return 0; + + if (!GREEDY_REALLOC(el->algorithms, el->n_algorithms+1)) + return -ENOMEM; + + el->algorithms[el->n_algorithms++] = alg; + + typesafe_qsort(el->algorithms, el->n_algorithms, cmp_uint16); + + return 1; +} + +static int event_log_add_algorithms_from_environment(EventLog *el) { + const char *e; + int r; + + assert(el); + + e = secure_getenv("SYSTEMD_TPM2_HASH_ALGORITHMS"); + if (!e) + return 0; + + for (;;) { + _cleanup_free_ char *word = NULL; + + r = extract_first_word(&e, &word, ":", 0); + if (r < 0) + return r; + if (r == 0) + break; + + r = tpm2_hash_alg_from_string(word); + if (r < 0) + return log_error_errno(r, "Unknown hash algorithm '%s'.", word); + + r = event_log_add_algorithm(el, r); + if (r < 0) + return log_error_errno(r, "Failed to add hash algorithm '%s'.", word); + } + + if (el->n_algorithms > 0) + el->algorithms_locked = true; + + return 0; +} + +static EventLogRecordBank *event_log_record_find_bank( + const EventLogRecord *record, + uint16_t alg) { + + assert(record); + + LIST_FOREACH(banks, i, record->banks) + if (i->algorithm == alg) + return i; + + return NULL; +} + +static int event_log_record_add_bank( + EventLogRecord *record, + uint16_t algorithm, + const void *hash, + size_t hash_size, + EventLogRecordBank **ret) { + + _cleanup_(event_log_record_bank_freep) EventLogRecordBank *bank = NULL; + _cleanup_free_ void *h = NULL; + + assert(record); + assert(hash || hash_size == 0); + + if (event_log_record_find_bank(record, algorithm)) + return -EEXIST; + + if (hash_size > sizeof_field(TPM2B_DIGEST, buffer)) + return -E2BIG; + + h = memdup(hash, hash_size); + if (!h) + return -ENOMEM; + + bank = new(EventLogRecordBank, 1); + if (!bank) + return -ENOMEM; + + *bank = (EventLogRecordBank) { + .algorithm = algorithm, + .hash = TPM2B_DIGEST_MAKE(hash, hash_size), + }; + + LIST_PREPEND(banks, record->banks, bank); + + if (ret) + *ret = bank; + + TAKE_PTR(bank); + + return 0; +} + +static bool event_log_record_is_stub(EventLogRecord *rec) { + assert(rec); + + /* Recognizes the special EV_IPL events systemd-stub generates. Since EV_IPL can be used by almost + * anything, we'll check for the PCR values, to see if it's one of ours. */ + + if (rec->firmware_event_type != EV_IPL) + return false; + + if (!EVENT_LOG_RECORD_IS_FIRMWARE(rec)) + return false; + + if (!IN_SET(rec->pcr, + TPM2_PCR_KERNEL_BOOT, /* 11 */ + TPM2_PCR_KERNEL_CONFIG, /* 12 */ + TPM2_PCR_SYSEXTS)) /* 13 */ + return false; + + return true; +} + +static int event_log_record_parse_variable_data( + EventLogRecord *rec, + sd_id128_t *ret_variable_uuid, + char **ret_variable_name) { + + _cleanup_free_ char16_t *p16 = NULL; + _cleanup_free_ char *p = NULL; + + assert(rec); + assert(ret_variable_uuid); + assert(ret_variable_name); + + if (rec->firmware_payload_size < sizeof(UEFI_VARIABLE_DATA)) + return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "EFI variable field too short."); + + const UEFI_VARIABLE_DATA *vdata = rec->firmware_payload; + + if (vdata->unicodeNameLength > (SIZE_MAX - offsetof(UEFI_VARIABLE_DATA, unicodeNameLength)) / 2) + return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Unicode name length too large."); + + size_t m = offsetof(UEFI_VARIABLE_DATA, unicodeName) + vdata->unicodeNameLength * 2; + + if (vdata->variableDataLength > SIZE_MAX - m) + return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Oversize EFI variable data size."); + + if (rec->firmware_payload_size != m + vdata->variableDataLength) + return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "EFI variable data has wrong size."); + + p16 = memdup(vdata->unicodeName, vdata->unicodeNameLength * 2); /* Copy out, to align properly */ + if (!p16) + return log_oom_debug(); + + p = utf16_to_utf8(p16, vdata->unicodeNameLength * 2); + if (!p) + return log_oom_debug(); + + if (!string_is_safe(p)) + return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "Unsafe EFI variable string in record."); + + *ret_variable_uuid = efi_guid_to_id128(vdata->variableName); + *ret_variable_name = TAKE_PTR(p); + + return 0; +} + +static int event_log_record_extract_firmware_description(EventLogRecord *rec) { + _cleanup_free_ char *fallback = NULL; + int r; + + assert(rec); + + if (!EVENT_LOG_RECORD_IS_FIRMWARE(rec)) + return 0; + + if (arg_raw_description) + goto catchall; + + switch (rec->firmware_event_type) { + + case EV_EFI_VARIABLE_DRIVER_CONFIG: + case EV_EFI_VARIABLE_BOOT: + case EV_EFI_VARIABLE_BOOT2: + case EV_EFI_VARIABLE_AUTHORITY: { + _cleanup_free_ char *p = NULL; + sd_id128_t uuid; + + r = event_log_record_parse_variable_data(rec, &uuid, &p); + if (r == -ENOMEM) + return log_oom(); + if (r < 0) { + log_warning_errno(r, "EFI variable data invalid, ignoring."); + goto invalid; + } + + if (asprintf(&rec->description, "%s: %s-" SD_ID128_UUID_FORMAT_STR, + rec->firmware_event_type == EV_EFI_VARIABLE_AUTHORITY ? "Authority" : "Variable", + p, + SD_ID128_FORMAT_VAL(uuid)) < 0) + return log_oom(); + + return 1; + } + + case EV_SEPARATOR: { + if (rec->firmware_payload_size != sizeof(uint32_t)) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "EFI separator field has wrong size, ignoring."); + goto invalid; + } + + uint32_t val = unaligned_read_ne32(rec->firmware_payload); + + switch (val) { + + case 0: + case UINT32_C(0xffffffff): + (void) asprintf(&rec->description, "Separator: Success (0x%02" PRIx32 ")", val); + break; + + case 1: + rec->description = strdup("Separator: Error (0x01)"); + break; + + default: + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected separator payload %" PRIu32 ".", val); + goto invalid; + } + + if (!rec->description) + return log_oom(); + + return 1; + } + + case EV_EFI_ACTION: { + _cleanup_free_ char *d = NULL; + + r = make_cstring(rec->firmware_payload, rec->firmware_payload_size, MAKE_CSTRING_ALLOW_TRAILING_NUL, &d); + if (r < 0) + return log_error_errno(r, "Failed to make C string from EFI action string: %m"); + + if (!string_is_safe(d)) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Unsafe EFI action string in record, ignoring."); + goto invalid; + } + + rec->description = strjoin("Action: ", d); + if (!rec->description) + return log_oom(); + return 1; + } + + case EV_EFI_GPT_EVENT: { + if (rec->firmware_payload_size < sizeof(GptHeader)) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "GPT measurement too short, ignoring."); + goto invalid; + } + + const GptHeader *h = rec->firmware_payload; + + if (!gpt_header_has_signature(h)) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "GPT measurement does not cover a GPT partition table header, ignoring."); + goto invalid; + } + + if (asprintf(&rec->description, "GPT: disk " SD_ID128_UUID_FORMAT_STR, SD_ID128_FORMAT_VAL(efi_guid_to_id128(h->disk_guid))) < 0) + return log_oom(); + + return 1; + } + + case EV_IPL: { + _cleanup_free_ char *d = NULL; + + /* EV_IPL can be anything, only try to parse the description on PCRs we "own" */ + if (!event_log_record_is_stub(rec)) + break; + + /* sd-stub always sets a description string as text for these */ + + d = utf16_to_utf8(rec->firmware_payload, rec->firmware_payload_size); + if (!d) + return log_oom(); + + if (string_has_cc(d, NULL)) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Unsafe EFI action string in record, ignoring."); + goto invalid; + } + + rec->description = strjoin("String: ", d); + if (!rec->description) + return log_oom(); + + return 1; + } + + case EV_EVENT_TAG: { + TCG_PCClientTaggedEvent *tag = rec->firmware_payload; + size_t left = rec->firmware_payload_size; + + if (left == 0) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Empty tagged PC client event, ignoring."); + goto invalid; + } + + for (;;) { + uint64_t m; + + if (left < offsetof(TCG_PCClientTaggedEvent, taggedEventData)) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Tagged PC client event too short, ignoring."); + goto invalid; + } + + m = offsetof(TCG_PCClientTaggedEvent, taggedEventData) + (uint64_t) tag->taggedEventDataSize; + if (left < m) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Tagged PC client event data too short, ignoring."); + goto invalid; + } + + switch (tag->taggedEventID) { + + /* Linux kernel's own measurements: */ + case INITRD_EVENT_TAG_ID: + /* The tagged event payload is just a constant string, hence don't show it */ + if (!strextend_with_separator(&rec->description, ", ", "Linux: initrd")) + return log_oom(); + break; + + case LOAD_OPTIONS_EVENT_TAG_ID: + /* As above. */ + if (!strextend_with_separator(&rec->description, ", ", "Linux: kernel command line")) + return log_oom(); + break; + + /* systemd's measurements: */ + case LOADER_CONF_EVENT_TAG_ID: + /* As above. */ + if (!strextend_with_separator(&rec->description, ", ", "systemd-boot: loader.conf")) + return log_oom(); + break; + + case DEVICETREE_ADDON_EVENT_TAG_ID: { + _cleanup_free_ char *raw = NULL, *s = NULL; + + raw = utf16_to_utf8((const char16_t*) tag->taggedEventData, tag->taggedEventDataSize); + if (!raw) + return log_oom(); + + s = cescape(raw); + if (!s) + return log_oom(); + + r = strextendf_with_separator(&rec->description, ", ", "systemd-stub: devicetree addon %s", s); + if (r < 0) + return log_error_errno(r, "Failed to format EV_EVENT_TAG description string: %m"); + break; + } + + default: { + _cleanup_free_ char *s = NULL; + + s = cescape_length((char*) tag->taggedEventData, tag->taggedEventDataSize); + if (!s) + return log_oom(); + + r = strextendf_with_separator(&rec->description, ", ", "Tag 0x%" PRIx32 ": %s", tag->taggedEventID, s); + if (r < 0) + return log_error_errno(r, "Failed to format EV_EVENT_TAG description string: %m"); + + break; + }} + + tag = (TCG_PCClientTaggedEvent*) ((uint8_t*) tag + m); + left -= m; + + if (left == 0) + break; + } + + return 1; + } + + case EV_EFI_PLATFORM_FIRMWARE_BLOB: { + const UEFI_PLATFORM_FIRMWARE_BLOB *blob; + if (rec->firmware_payload_size != sizeof(UEFI_PLATFORM_FIRMWARE_BLOB)) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "EV_EFI_PLATFORM_FIRMWARE_BLOB of wrong size, ignoring."); + goto invalid; + } + + blob = rec->firmware_payload; + if (asprintf(&rec->description, "Blob: %s @ 0x%" PRIx64, FORMAT_BYTES(blob->blobLength), blob->blobBase) < 0) + return log_oom(); + + return 1; + } + + case EV_EFI_BOOT_SERVICES_APPLICATION: + case EV_EFI_BOOT_SERVICES_DRIVER: + case EV_EFI_RUNTIME_SERVICES_DRIVER: { + const UEFI_IMAGE_LOAD_EVENT *load; + _cleanup_free_ char *fn = NULL; + bool end = false; + + if (rec->firmware_payload_size < offsetof(UEFI_IMAGE_LOAD_EVENT, devicePath)) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Device path too short, ignoring."); + goto invalid; + } + + load = rec->firmware_payload; + if (load->lengthOfDevicePath != + rec->firmware_payload_size - offsetof(UEFI_IMAGE_LOAD_EVENT, devicePath)) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Device path size does not match, ignoring."); + goto invalid; + } + + const packed_EFI_DEVICE_PATH *dp = (const packed_EFI_DEVICE_PATH*) load->devicePath; + size_t left = load->lengthOfDevicePath; + + for (;;) { + if (left == 0) { + if (!end) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Garbage after device path end, ignoring."); + goto invalid; + } + + break; + } + + if (end) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Garbage after device path end, ignoring."); + goto invalid; + } + + if (left < offsetof(packed_EFI_DEVICE_PATH, path) || left < dp->length) { + log_warning_errno(SYNTHETIC_ERRNO(EBADMSG), "Device path element too short, ignoring."); + goto invalid; + } + + if (dp->type == 4 && dp->subType == 4) { + /* Filename, store the last node of this type as description, it should contain the file name */ + + free(fn); + fn = utf16_to_utf8((void*) dp->path, dp->length - offsetof(packed_EFI_DEVICE_PATH, path)); + if (!fn) + return log_oom(); + + } else if (dp->type == 0x7F && dp->subType == 0xFF) + /* End of Hardware Device Path */ + end = true; + else + log_debug("Ignoring device path element type=0x%02x subtype=0x%02x", dp->type, dp->subType); + + left -= dp->length; + dp = (packed_EFI_DEVICE_PATH*) ((uint8_t*) dp + dp->length); + } + + if (fn) { + rec->description = strjoin("File: ", fn); + if (!rec->description) + return log_oom(); + + return 1; + } + + break; + }} + +catchall: + /* Catchall: show binary data */ + fallback = cescape_length(rec->firmware_payload, rec->firmware_payload_size); + if (!fallback) + return log_oom(); + + rec->description = strjoin("Raw: ", fallback); + if (!rec->description) + return log_oom(); + return 1; + + +invalid: + /* Mark the payload as invalid, so that we do not bother parsing/validating it any further */ + rec->event_payload_valid = EVENT_PAYLOAD_VALID_NO; + return 0; +} + +static int event_log_add_algorithms_from_record(EventLog *el, EventLogRecord *record) { + int r; + + assert(el); + assert(record); + + if (el->algorithms_locked) + return 0; + + LIST_FOREACH(banks, i, record->banks) { + r = event_log_add_algorithm(el, i->algorithm); + if (r < 0) + return r; + } + + return 0; +} + +static int event_log_load_firmware(EventLog *el) { + const TCG_EfiSpecIdEventAlgorithmSize *algorithms; + size_t bufsize = 0, n_algorithms = 0, left = 0; + _cleanup_free_ void *buf = NULL; + const TCG_PCR_EVENT2 *event; + const char *path; + int r; + + assert(el); + + path = tpm2_firmware_log_path(); + + r = read_full_file(path, (char**) &buf, &bufsize); + if (r < 0) + return log_error_errno(r, "Failed to open TPM2 event log '%s': %m", path); + + if (bufsize == 0) { + /* Sometimes it's useful to invoke things with SYSTEMD_MEASURE_LOG_FIRMWARE=/dev/null, let's allow that, and proceed */ + log_warning("Empty firmware event log file, not loading."); + return 0; + } + + r = validate_firmware_header(buf, bufsize, &algorithms, &n_algorithms, &event, &left); + if (r < 0) + return r; + + for (const TCG_PCR_EVENT2 *next_event = NULL;; event = next_event) { + EventLogRecord *record = NULL; + const void *payload; + size_t payload_size; + + r = validate_firmware_event( + event, + left, + algorithms, + n_algorithms, + &next_event, + &left, + &payload, + &payload_size); + if (r < 0) + return r; + if (r == 0) + break; + + if (event->eventType == EV_NO_ACTION && + event->pcrIndex == 0 && + payload_size == 17 && + memcmp(payload, "StartupLocality", sizeof("StartupLocality")) == 0) { + if (el->startup_locality_found) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "StartupLocality event found twice!"); + + el->startup_locality = ((const uint8_t*) payload)[sizeof("StartupLocality")]; + el->startup_locality_found = true; + log_debug("Found StartupLocality event: %u", el->startup_locality); + continue; + } + + if (event->eventType == EV_NO_ACTION) { /* Ignore pseudo events, that don't result in a measurement */ + log_debug("Skipping NO_ACTION event."); + continue; + } + + r = event_log_add_record(el, &record); + if (r < 0) + return log_error_errno(r, "Failed to add record to event log: %m"); + + record->pcr = event->pcrIndex; + record->source = path; + record->firmware_event_type = event->eventType; + record->firmware_payload = memdup(payload, payload_size); + if (!record->firmware_payload) + return log_oom(); + record->firmware_payload_size = payload_size; + + const void *ha, *ha_next = NULL; + ha = (const uint8_t*) event + offsetof(TCG_PCR_EVENT2, digests.digests); + assert(event->digests.count == n_algorithms); + + for (size_t i = 0; i < n_algorithms; i++, ha = ha_next) { + ha_next = (const uint8_t*) ha + offsetof(TPMT_HA, digest) + algorithms[i].digestSize; + + /* The TPMT_HA is not aligned in the record, hence read the hashAlg field via an unaligned read */ + assert_cc(__builtin_types_compatible_p(uint16_t, typeof(TPMI_ALG_HASH))); + uint16_t hash_alg = unaligned_read_ne16((const uint8_t*) ha + offsetof(TPMT_HA, hashAlg)); + + if (hash_alg != algorithms[i].algorithmId) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Hash algorithms in event log record don't match log."); + + if (!tpm2_hash_alg_to_string(algorithms[i].algorithmId)) + continue; + + r = event_log_record_add_bank( + record, + algorithms[i].algorithmId, + (const uint8_t*) ha + offsetof(TPMT_HA, digest), + algorithms[i].digestSize, + /* ret= */ NULL); + if (r < 0) + return log_error_errno(r, "Failed to add bank to event log record: %m"); + } + + /* Try to extract a descriptive text */ + r = event_log_record_extract_firmware_description(record); + if (r < 0) + return r; + + r = event_log_add_algorithms_from_record(el, record); + if (r < 0) + return r; + } + + return 0; +} + +static int event_log_record_parse_json(EventLogRecord *record, JsonVariant *j) { + const char *rectype = NULL; + JsonVariant *x, *k; + uint64_t u; + int r; + + assert(record); + assert(j); + + if (!json_variant_is_object(j)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "record object is not an object."); + + x = json_variant_by_key(j, "pcr"); + if (!x) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'pcr' field missing from TPM measurement log file entry."); + if (!json_variant_is_unsigned(x)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'pcr' field is not an integer."); + + u = json_variant_unsigned(x); + if (u >= TPM2_PCRS_MAX) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'pcr' field is out of range."); + record->pcr = json_variant_unsigned(x); + + x = json_variant_by_key(j, "digests"); + if (!x) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'digests' field missing from TPM measurement log file entry."); + if (!json_variant_is_array(x)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'digests' field is not an array."); + + JSON_VARIANT_ARRAY_FOREACH(k, x) { + _cleanup_free_ void *hash = NULL; + size_t hash_size; + JsonVariant *a, *h; + int na; + + a = json_variant_by_key(k, "hashAlg"); + if (!a) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'digests' field element lacks 'hashAlg' field."); + if (!json_variant_is_string(a)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'hashAlg' field is not a string."); + + na = tpm2_hash_alg_from_string(json_variant_string(a)); + if (na < 0) { + log_debug_errno(na, "Unsupported hash '%s' in userspace event log, ignoring: %m", json_variant_string(a)); + continue; + } + + h = json_variant_by_key(k, "digest"); + if (!h) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'digests' field lacks 'digest' field"); + + r = json_variant_unhex(h, &hash, &hash_size); + if (r < 0) + return log_error_errno(r, "Failed to decode digest: %m"); + + r = event_log_record_add_bank( + record, + na, + hash, + hash_size, + /* ret= */ NULL); + if (r < 0) + return log_error_errno(r, "Failed to add bank to event log record: %m"); + } + + x = json_variant_by_key(j, "content_type"); + if (!x) + log_debug("'content_type' missing from TPM measurement log file entry, ignoring."); + else { + if (!json_variant_is_string(x)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'content_type' field is not a string."); + + rectype = json_variant_string(x); + } + + if (streq_ptr(rectype, "systemd")) { + JsonVariant *y; + + x = json_variant_by_key(j, "content"); + if (!x) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'content' field missing from TPM measurement log file entry."); + if (!json_variant_is_object(x)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'content' sub-object is not an object."); + + y = json_variant_by_key(x, "string"); + if (y) { + if (!json_variant_is_string(y)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'string' field is not a string."); + + r = free_and_strdup_warn(&record->description, json_variant_string(y)); + if (r < 0) + return r; + } + + y = json_variant_by_key(x, "eventType"); + if (y) { + if (!json_variant_is_string(y)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'eventType' field is not a string."); + + record->userspace_event_type = tpm2_userspace_event_type_from_string(json_variant_string(y)); + if (record->userspace_event_type < 0) + log_debug_errno(record->userspace_event_type, "Unknown userspace event type '%s', ignoring.", json_variant_string(y)); + } + + json_variant_unref(record->userspace_content); + record->userspace_content = json_variant_ref(x); + } + + return 0; +} + +static int event_log_load_userspace(EventLog *el) { + _cleanup_fclose_ FILE *f = NULL; + _cleanup_free_ char *b = NULL; + bool beginning = true; + const char *path; + size_t bn = 0; + int r; + + assert(el); + + path = tpm2_userspace_log_path(); + + f = fopen(path, "re"); + if (!f) { + if (errno != ENOENT) + return log_error_errno(errno, "Failed to open userspace TPM measurement log file: %m"); + + return 0; + } + + if (flock(fileno(f), LOCK_SH) < 0) + return log_error_errno(errno, "Failed to lock userspace TPM measurement log file: %m"); + + for (;;) { + _cleanup_(json_variant_unrefp) JsonVariant *j = NULL; + EventLogRecord *record; + int ch; + + ch = fgetc(f); + if (ch == EOF) { + if (ferror(f)) + return log_error_errno(errno, "Failed to read local TPM measurement log file: %m"); + + if (beginning) + break; + } else if (ch != 0x1EU) { + if (!GREEDY_REALLOC(b, bn + 2)) + return log_oom(); + + b[bn++] = (char) ch; + continue; + } + + if (beginning) { + beginning = false; + continue; + } + + if (!GREEDY_REALLOC(b, bn + 1)) + return log_oom(); + + b[bn] = 0; /* Turn it into a string */ + + if (memchr(b, 0, bn)) { + log_warning("Found record with embedded NUL byte, skipping."); + continue; + } + + r = json_parse(b, 0, &j, NULL, NULL); + if (r < 0) + return log_error_errno(r, "Failed to parse local TPM measurement log file: %m"); + + r = event_log_add_record(el, &record); + if (r < 0) + return log_error_errno(r, "Failed to add record to event log: %m"); + + record->source = path; + + r = event_log_record_parse_json(record, j); + if (r < 0) + return r; + + r = event_log_add_algorithms_from_record(el, record); + if (r < 0) + return r; + + if (ch == EOF) + break; + + b = mfree(b); + bn = 0; + } + + return 0; +} + +static EventLog *event_log_new(void) { + _cleanup_(event_log_freep) EventLog *el = NULL; + + el = new(EventLog, 1); + if (!el) + return NULL; + + *el = (EventLog) { + .primary_algorithm = UINT16_MAX, + }; + + return TAKE_PTR(el); +} + +static int event_log_load(EventLog *el) { + int r; + + assert(el); + + r = event_log_load_firmware(el); + if (r < 0) + return r; + + r = event_log_load_userspace(el); + if (r < 0) + return r; + + return 0; +} + +static int event_log_read_pcrs(EventLog *el) { + _cleanup_(tpm2_context_unrefp) Tpm2Context *tc = NULL; + int r; + + assert(el); + + r = tpm2_context_new(NULL, &tc); + if (r < 0) + return r; + + FOREACH_ARRAY(rr, el->registers, TPM2_PCRS_MAX) { + if (rr->banks) + continue; + + rr->banks = new0(EventLogRegisterBank, el->n_algorithms); + if (!rr->banks) + return log_oom(); + } + + for (size_t a = 0; a < el->n_algorithms; a++) { + _cleanup_free_ Tpm2PCRValue *pcr_values = NULL; + size_t n_pcr_values; + TPML_PCR_SELECTION selection; + + tpm2_tpml_pcr_selection_from_mask(TPM2_PCRS_MASK, el->algorithms[a], &selection); + r = tpm2_pcr_read(tc, &selection, &pcr_values, &n_pcr_values); + if (r < 0) + return r; + + FOREACH_ARRAY(v, pcr_values, n_pcr_values) { + assert(v->hash == el->algorithms[a]); + el->registers[v->index].banks[a].observed = v->value; + } + } + + return 0; +} + +static void event_log_initial_pcr_state(EventLog *el, uint32_t pcr, size_t size, TPM2B_DIGEST *ret) { + assert(el); + assert(pcr < TPM2_PCRS_MAX); + assert(size > 0); + assert(size <= sizeof_field(TPM2B_DIGEST, buffer)); + assert(ret); + + ret->size = size; + + switch (pcr) { + + case 0: + memzero(ret->buffer, ret->size-1); + ((uint8_t*) ret->buffer)[ret->size-1] = el->startup_locality_found ? el->startup_locality : 0; + break; + + case 1 ... 16: + case 23: + memzero(ret->buffer, ret->size); + break; + + case 17 ... 22: + memset(ret->buffer, 0xffu, ret->size); + break; + + default: + assert_not_reached(); + } +} + +static int event_log_calculate_pcrs(EventLog *el) { + assert(el); + + /* Iterates through the event log an calculates the expected hash values based on all listed records */ + + assert(!el->mds); + el->mds = new(const EVP_MD*, el->n_algorithms); + if (!el->mds) + return log_oom(); + + for (size_t i = 0; i < el->n_algorithms; i++) { + const EVP_MD *md; + const char *a; + + assert_se(a = tpm2_hash_alg_to_string(el->algorithms[i])); + assert_se(md = EVP_get_digestbyname(a)); + + el->mds[i] = md; + } + + for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) + for (size_t i = 0; i < el->n_algorithms; i++) { + EventLogRegisterBank *b = el->registers[pcr].banks + i; + event_log_initial_pcr_state(el, pcr, EVP_MD_size(el->mds[i]), &b->calculated); + } + + FOREACH_ARRAY(rr, el->records, el->n_records) { + EventLogRegister *reg = el->registers + (*rr)->pcr; + + for (size_t i = 0; i < el->n_algorithms; i++) { + const char *n = tpm2_hash_alg_to_string(el->algorithms[i]); + _cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *mc = NULL; + EventLogRegisterBank *reg_b; + EventLogRecordBank *rec_b; + unsigned sz; + + rec_b = event_log_record_find_bank(*rr, el->algorithms[i]); + if (!rec_b) { + log_warning_errno(SYNTHETIC_ERRNO(ENXIO), "Record with missing bank '%s', ignoring.", n); + continue; + } + + reg_b = reg->banks + i; + + mc = EVP_MD_CTX_new(); + if (!mc) + return log_oom(); + + if (EVP_DigestInit_ex(mc, el->mds[i], NULL) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize %s message digest context.", n); + + if (EVP_DigestUpdate(mc, reg_b->calculated.buffer, reg_b->calculated.size) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to run digest."); + + if (EVP_DigestUpdate(mc, rec_b->hash.buffer, rec_b->hash.size) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to run digest."); + + if (EVP_DigestFinal_ex(mc, reg_b->calculated.buffer, &sz) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize hash context."); + + assert(sz == reg_b->calculated.size); + } + + reg->n_measurements++; + } + + return 0; +} + +static int event_log_record_validate_hash_firmware( + EventLogRecord *record, + EventLogRecordBank *bank, + const EVP_MD *md) { + + _cleanup_free_ void *hdata_alternative = NULL; + size_t hsz, hsz_alternative = 0; + bool strict = false; + const void *hdata; + + assert(record); + assert(bank); + assert(md); + + if (!EVENT_LOG_RECORD_IS_FIRMWARE(record)) + return 0; + + switch (record->firmware_event_type) { + + case EV_EFI_ACTION: + case EV_EFI_GPT_EVENT: + case EV_EFI_VARIABLE_BOOT2: + case EV_EFI_VARIABLE_DRIVER_CONFIG: + case EV_EFI_VARIABLE_AUTHORITY: + case EV_SEPARATOR: + case EV_S_CRTM_VERSION: + /* Here the extended hash value is the hash value of the event payload. Note that + * EV_PLATFORM_CONFIG_FLAGS (according to the TCG PC Client Platform Firmware Profile + * Specification) is also supposed to be like this. But ovmf doesn't follow this requirement, + * hence be lenient on that one, and don't include it here. */ + hdata = record->firmware_payload; + hsz = record->firmware_payload_size; + strict = true; + break; + + case EV_EFI_VARIABLE_BOOT: { + const UEFI_VARIABLE_DATA *vdata = record->firmware_payload; + size_t skip; + + /* Here the extended hash value is the hash value of the variable data (i.e. excluding the + * name). + * + * Note: we already checked the general validity of the UEFI_VARIABLE_DATA structure, hence + * no need to do so again. */ + + assert(record->firmware_payload_size >= offsetof(UEFI_VARIABLE_DATA, unicodeName)); + skip = offsetof(UEFI_VARIABLE_DATA, unicodeName) + vdata->unicodeNameLength * 2; + + assert(record->firmware_payload_size >= skip); + hdata = (const uint8_t*) record->firmware_payload + skip; + hsz = record->firmware_payload_size - skip; + strict = true; + break; + } + + case EV_IPL: + if (event_log_record_is_stub(record)) { + /* The PE section names have a descriptive string in UTF-16 in the payload, but the + * hash is over the UTF-8 version (with suffixing 0), hence let's convert the payload + * into that format here, and see if it checks out. */ + hdata_alternative = utf16_to_utf8(record->firmware_payload, record->firmware_payload_size); + if (!hdata_alternative) + return log_oom(); + + hsz_alternative = strlen(hdata_alternative) + 1; /* with NUL byte */ + } + + _fallthrough_; + + default: + /* For the others check the data too, just in case. But usually this will not match, hence + * only report if the checksum matches, but don't complain if it does not. */ + hdata = record->firmware_payload; + hsz = record->firmware_payload_size; + strict = false; + break; + } + + int mdsz = EVP_MD_size(md); + assert(mdsz > 0); + assert((size_t) mdsz <= sizeof_field(TPM2B_DIGEST, buffer)); + + TPM2B_DIGEST payload_hash = { + .size = mdsz, + }; + + unsigned dsz = mdsz; + + if (EVP_Digest(hdata, hsz, payload_hash.buffer, &dsz, md, NULL) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to calculate event payload hash."); + assert(dsz == (unsigned) mdsz); + + /* If this didn't match then let's try the alternative format here, if we have one, and check things then. */ + if (memcmp_nn(bank->hash.buffer, bank->hash.size, payload_hash.buffer, payload_hash.size) != 0 && hdata_alternative) { + if (EVP_Digest(hdata_alternative, hsz_alternative, payload_hash.buffer, &dsz, md, NULL) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to calculate event payload hash."); + assert(dsz == (unsigned) mdsz); + } + + if (memcmp_nn(bank->hash.buffer, bank->hash.size, payload_hash.buffer, payload_hash.size) != 0) { + if (strict) + record->event_payload_valid = EVENT_PAYLOAD_VALID_NO; + else if (record->event_payload_valid != EVENT_PAYLOAD_VALID_NO) + record->event_payload_valid = EVENT_PAYLOAD_VALID_DONT_KNOW; + } else if (record->event_payload_valid < 0) + record->event_payload_valid = EVENT_PAYLOAD_VALID_YES; + + return 1; +} + +static int event_log_record_validate_hash_userspace( + EventLogRecord *record, + EventLogRecordBank *bank, + const EVP_MD *md) { + + _cleanup_free_ unsigned char *payload_hash = NULL; + unsigned payload_hash_size; + JsonVariant *js; + const char *s; + int mdsz; + + assert(record); + assert(bank); + assert(md); + + if (!EVENT_LOG_RECORD_IS_USERSPACE(record)) + return 0; + + if (!record->userspace_content) + return 0; + + js = json_variant_by_key(record->userspace_content, "string"); + if (!js) + return 0; + + assert(json_variant_is_string(js)); + s = json_variant_string(js); + + mdsz = EVP_MD_size(md); + assert(mdsz > 0); + + payload_hash_size = mdsz; + payload_hash = malloc(payload_hash_size); + if (!payload_hash) + return log_oom(); + + if (EVP_Digest(s, strlen(s), payload_hash, &payload_hash_size, md, NULL) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to calculate event payload hash."); + + assert((int) payload_hash_size == mdsz); + if (memcmp_nn(bank->hash.buffer, bank->hash.size, payload_hash, payload_hash_size) != 0) + record->event_payload_valid = EVENT_PAYLOAD_VALID_NO; + else if (record->event_payload_valid < 0) + record->event_payload_valid = EVENT_PAYLOAD_VALID_YES; + + return 0; +} + +static int event_log_validate_record_hashes(EventLog *el) { + int r; + + assert(el); + + /* For records which contain the full data to validate the hashes, do so. */ + + FOREACH_ARRAY(rr, el->records, el->n_records) { + + LIST_FOREACH(banks, bank, (*rr)->banks) { + const EVP_MD *md; + const char *a; + + assert_se(a = tpm2_hash_alg_to_string(bank->algorithm)); + assert_se(md = EVP_get_digestbyname(a)); + + r = event_log_record_validate_hash_firmware(*rr, bank, md); + if (r < 0) + return r; + + r = event_log_record_validate_hash_userspace(*rr, bank, md); + if (r < 0) + return r; + } + } + + return 0; +} + +static int event_log_component_cmp(EventLogComponent *const*a, EventLogComponent *const*b) { + const EventLogComponent *x = ASSERT_PTR(*ASSERT_PTR(a)), *y = ASSERT_PTR(*ASSERT_PTR(b)); + + return strcmp(x->id, y->id); +} + +static EventLogComponent *event_log_find_component(EventLog *el, const char *id) { + EventLogComponent k = { + .id = (char*) id, + }; + EventLogComponent *kk = &k, **found; + + assert(el); + assert(id); + + found = typesafe_bsearch( + &kk, + el->components, + el->n_components, + event_log_component_cmp); + if (!found) + return NULL; + + return *found; +} + +static int event_log_add_component(EventLog *el, const char *id, EventLogComponent **ret) { + _cleanup_(event_log_component_freep) EventLogComponent *component = NULL; + _cleanup_free_ char *id_copy = NULL; + EventLogComponent *found; + + assert(el); + assert(ret); + + found = event_log_find_component(el, id); + if (found) { + *ret = found; + return 0; + } + + if (!GREEDY_REALLOC(el->components, el->n_components+1)) + return log_oom(); + + id_copy = strdup(id); + if (!id_copy) + return log_oom(); + + component = new(EventLogComponent, 1); + if (!component) + return log_oom(); + + *component = (EventLogComponent) { + .id = TAKE_PTR(id_copy), + }; + + if (ret) + *ret = component; + + el->components[el->n_components++] = TAKE_PTR(component); + return 1; +} + +static int event_log_record_equal(const EventLogRecord *a, const EventLogRecord *b) { + EventLogRecordBank *x, *y; + + assert(a); + assert(a->event_log); + assert(b); + assert(b->event_log); + assert(a->event_log == b->event_log); + + if (a->pcr != b->pcr) + return false; + + x = event_log_record_find_bank(a, a->event_log->primary_algorithm); + y = event_log_record_find_bank(b, b->event_log->primary_algorithm); + if (!x || !y) + return false; + + assert(x->algorithm == a->event_log->primary_algorithm); + assert(y->algorithm == b->event_log->primary_algorithm); + + return memcmp_nn(x->hash.buffer, x->hash.size, y->hash.buffer, y->hash.size) == 0; +} + +static int event_log_add_component_file(EventLog *el, EventLogComponent *component, const char *path) { + _cleanup_(event_log_component_variant_freep) EventLogComponentVariant *variant = NULL; + _cleanup_free_ char *fname = NULL, *id = NULL, *path_copy = NULL; + _cleanup_(json_variant_unrefp) JsonVariant *j = NULL; + JsonVariant *records; + const char *e; + int r; + + assert(el); + + r = path_extract_filename(path, &fname); + if (r < 0) + return log_error_errno(r, "Failed to extract basename from path %s: %m", path); + + e = endswith(fname, ".pcrlock"); + if (!e) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Bad suffix: %s", fname); + + id = strndup(fname, e - fname); + if (!id) + return log_oom(); + + if (!component) { + r = event_log_add_component(el, id, &component); + if (r < 0) + return r; + } + + if (!GREEDY_REALLOC(component->variants, component->n_variants+1)) + return log_oom(); + + r = json_parse_file( + /* f= */ NULL, + path, + /* flags= */ 0, + &j, + /* ret_line= */ NULL, + /* ret_column= */ NULL); + if (r < 0) { + log_warning_errno(r, "Failed to parse component file %s, ignoring: %m", path); + return 0; + } + + if (!json_variant_is_object(j)) { + log_warning_errno(r, "Component file %s does not contain JSON object, ignoring.", path); + return 0; + } + + path_copy = strdup(path); + if (!path_copy) + return log_oom(); + + variant = new(EventLogComponentVariant, 1); + if (!variant) + return log_oom(); + + *variant = (EventLogComponentVariant) { + .component = component, + .path = TAKE_PTR(path_copy), + .id = TAKE_PTR(id), + }; + + records = json_variant_by_key(j, "records"); + if (records) { + JsonVariant *rj; + + if (!json_variant_is_array(records)) { + log_warning_errno(r, "Component records field of file %s is not an array, ignoring.", path); + return 0; + } + + JSON_VARIANT_ARRAY_FOREACH(rj, records) { + _cleanup_(event_log_record_freep) EventLogRecord *record = NULL; + + if (!GREEDY_REALLOC(variant->records, variant->n_records+1)) + return log_oom(); + + record = event_log_record_new(el); + if (!record) + return log_oom(); + + r = event_log_record_parse_json(record, rj); + if (r < 0) + return r; + + record->owning_component_variant = variant; + variant->records[variant->n_records++] = TAKE_PTR(record); + } + } + + component->variants[component->n_variants++] = TAKE_PTR(variant); + return 1; +} + +static int event_log_add_component_dir(EventLog *el, const char *path, char **base_search) { + _cleanup_free_ char *fname = NULL, *id = NULL; + _cleanup_strv_free_ char **files = NULL; + EventLogComponent *component; + const char *e; + int r; + + assert(el); + + r = path_extract_filename(path, &fname); + if (r < 0) + return log_error_errno(r, "Failed to extract basename from path %s: %m", path); + + e = endswith(fname, ".pcrlock.d"); + if (!e) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Bad suffix: %s", fname); + + id = strndup(fname, e - fname); + if (!id) + return log_oom(); + + r = event_log_add_component(el, id, &component); + if (r < 0) + return r; + + _cleanup_strv_free_ char **search = NULL; + + STRV_FOREACH(b, base_search) { + _cleanup_free_ char *q = NULL; + + q = path_join(*b, fname); + if (!q) + return log_oom(); + + r = strv_consume(&search, TAKE_PTR(q)); + if (r < 0) + return log_oom(); + } + + r = conf_files_list_strv(&files, ".pcrlock", /* root= */ NULL, CONF_FILES_REGULAR, (const char*const*) search); + if (r < 0) + return log_error_errno(r, "Failed to enumerate .pcrlock files for component '%s': %m", id); + + STRV_FOREACH(f, files) { + r = event_log_add_component_file(el, component, *f); + if (r < 0) + return r; + } + + return 0; +} + +static int event_log_load_components(EventLog *el) { + _cleanup_strv_free_ char **files = NULL; + char **dirs; + int r; + + assert(el); + + dirs = arg_components ?: + STRV_MAKE("/etc/pcrlock.d", + "/run/pcrlock.d", + "/var/lib/pcrlock.d", + "/usr/local/lib/pcrlock.d", + "/usr/lib/pcrlock.d"); + + r = conf_files_list_strv(&files, NULL, NULL, CONF_FILES_REGULAR|CONF_FILES_DIRECTORY|CONF_FILES_FILTER_MASKED, (const char*const*) dirs); + if (r < 0) + return log_error_errno(r, "Failed to enumerate .pcrlock files: %m"); + + STRV_FOREACH(f, files) { + if (endswith(*f, ".pcrlock.d")) + r = event_log_add_component_dir(el, *f, dirs); + else if (endswith(*f, ".pcrlock")) + r = event_log_add_component_file(el, NULL, *f); + else + continue; + if (r < 0) + return r; + } + + return 0; +} + +static int event_log_validate_fully_recognized(EventLog *el) { + + for (uint32_t pcr = 0; pcr < ELEMENTSOF(el->registers); pcr++) { + bool fully_recognized = true; + + FOREACH_ARRAY(rr, el->records, el->n_records) { + EventLogRecord *rec = *rr; + + if (rec->pcr != pcr) + continue; + + if (rec->n_mapped == 0) { + log_notice("Event log record %zu (PCR %" PRIu32 ", \"%s\") not matching any component.", + (size_t) (rr - el->records), rec->pcr, strna(rec->description)); + fully_recognized = false; + break; + } + } + + el->registers[pcr].fully_recognized = fully_recognized; + } + + return 0; +} + +static int event_log_match_component_variant( + EventLog *el, + size_t i, + EventLogComponentVariant *variant, + size_t j, + bool assign) { + + int r; + + assert(el); + assert(variant); + + /* It's OK to point immediately after the last record, but not further */ + assert(i <= el->n_records); + assert(j <= variant->n_records); + + /* All entries in the variant checked out? Yippieh! */ + if (j == variant->n_records) + return true; + + /* If the remainder of the variant is longer than the remainder of the event log, it cannot possibly fit. */ + if (el->n_records - i < variant->n_records - j) + return false; + + /* Does this record match? If not, let's try at the next place in the logs. */ + if (!event_log_record_equal(el->records[i], variant->records[j])) + return event_log_match_component_variant(el, i + 1, variant, j, assign); /* Recursion! */ + + /* This one matches. Good. Let's see if the rest also matches. (Recursion!) */ + r = event_log_match_component_variant(el, i + 1, variant, j + 1, assign); + if (r <= 0) + return r; + + if (assign) { + /* Take ownership (Note we allow multiple components and variants to take owneship of the same record!) */ + if (!GREEDY_REALLOC(el->records[i]->mapped, el->records[i]->n_mapped+1)) + return log_oom(); + + el->records[i]->mapped[el->records[i]->n_mapped++] = variant; + } + + return true; +} + +static uint32_t event_log_component_variant_pcrs(EventLogComponentVariant *i) { + uint32_t mask = 0; + + assert(i); + + /* returns mask of PCRs touched by this variant */ + + FOREACH_ARRAY(rr, i->records, i->n_records) + mask |= UINT32_C(1) << (*rr)->pcr; + + return mask; +} + +static uint32_t event_log_component_pcrs(EventLogComponent *c) { + uint32_t mask = 0; + + assert(c); + + /* Returns mask of PCRs touched by this component */ + + FOREACH_ARRAY(ii, c->variants, c->n_variants) + mask |= event_log_component_variant_pcrs(*ii); + + return mask; +} + +static int event_log_map_components(EventLog *el) { + _cleanup_free_ char *skipped_ids = NULL; + unsigned n_skipped = 0; + int r; + + assert(el); + + FOREACH_ARRAY(cc, el->components, el->n_components) { + _cleanup_free_ char *matching_ids = NULL; + unsigned n_matching = 0, n_empty = 0; + EventLogComponent *c = *cc; + + if (arg_location_end && strcmp(c->id, arg_location_end) > 0) { + n_skipped++; + + if (!strextend_with_separator(&skipped_ids, ", ", c->id)) + return log_oom(); + + continue; + } + + FOREACH_ARRAY(ii, c->variants, c->n_variants) { + EventLogComponentVariant *i = *ii; + + if (i->n_records == 0) { + /* The empty variant always matches */ + n_empty++; + continue; + } + + r = event_log_match_component_variant(el, 0, i, 0, n_matching + n_empty == 0); + if (r < 0) + return r; + if (r > 0) { + n_matching++; + + if (!strextend_with_separator(&matching_ids, ", ", i->id)) + return log_oom(); + } + } + + if (n_matching + n_empty == 0) { + + if (arg_location_start && strcmp(c->id, arg_location_start) >= 0) + log_info("Didn't find component '%s' in event log, assuming system hasn't reached it yet.", c->id); + else { + log_notice("Couldn't find component '%s' in event log.", c->id); + el->n_missing_components++; + el->missing_component_pcrs |= event_log_component_pcrs(c); + } + } else if (n_matching > 1) + log_debug("Found %u possible variants of component '%s' in event log (%s). Proceeding.", n_matching, c->id, matching_ids); + } + + if (n_skipped > 0) + log_notice("Skipped %u components after location '%s' (%s).", n_skipped, arg_location_end, skipped_ids); + if (el->n_missing_components > 0) + log_notice("Unable to recognize %zu components in event log.", el->n_missing_components); + + return event_log_validate_fully_recognized(el); +} + +static void hsv_to_rgb( + double h, double s, double v, + uint8_t* ret_r, uint8_t *ret_g, uint8_t *ret_b) { + + double c, x, m, r, g, b; + + assert(s >= 0 && s <= 100); + assert(v >= 0 && v <= 100); + assert(ret_r); + assert(ret_g); + assert(ret_b); + + c = (s / 100.0) * (v / 100.0); + x = c * (1 - fabs(fmod(h / 60.0, 2) - 1)); + m = (v / 100) - c; + + if (h >= 0 && h < 60) + r = c, g = x, b = 0.0; + else if (h >= 60 && h < 120) + r = x, g = c, b = 0.0; + else if (h >= 120 && h < 180) + r = 0.0, g = c, b = x; + else if (h >= 180 && h < 240) + r = 0.0, g = x, b = c; + else if (h >= 240 && h < 300) + r = x, g = 0.0, b = c; + else + r = c, g = 0.0, b = x; + + *ret_r = (uint8_t) ((r + m) * 255); + *ret_g = (uint8_t) ((g + m) * 255); + *ret_b = (uint8_t) ((b + m) * 255); +} + +#define ANSI_TRUE_COLOR_MAX (7U + 3U + 1U + 3U + 1U + 3U + 2U) + +static const char *ansi_true_color(uint8_t r, uint8_t g, uint8_t b, char ret[static ANSI_TRUE_COLOR_MAX]) { + snprintf(ret, ANSI_TRUE_COLOR_MAX, "\x1B[38;2;%u;%u;%um", r, g, b); + return ret; +} + +static char *color_for_pcr(EventLog *el, uint32_t pcr) { + char color[ANSI_TRUE_COLOR_MAX]; + uint8_t r, g, b; + + assert(el); + assert(pcr < TPM2_PCRS_MAX); + + if (el->registers[pcr].color) + return el->registers[pcr].color; + + hsv_to_rgb(360.0 / (TPM2_PCRS_MAX - 1) * pcr, 100, 90, &r, &g, &b); + ansi_true_color(r, g, b, color); + + el->registers[pcr].color = strdup(color); + return el->registers[pcr].color; +} + +static int add_algorithm_columns( + EventLog *el, + Table *table, + const char *prefix, + const char *json_field_prefix) { + + int r; + + assert(el); + assert(table); + + FOREACH_ARRAY(alg, el->algorithms, el->n_algorithms) { + const char *n = tpm2_hash_alg_to_string(*alg); + _cleanup_free_ char *v = NULL; + + if (prefix) { + v = strjoin(prefix, " ", n); + if (!v) + return log_oom(); + } + + size_t c = table_get_current_column(table); + + r = table_add_cell(table, NULL, TABLE_HEADER, v ?: n); + if (r < 0) + return table_log_add_error(r); + + if (FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF) && + el->primary_algorithm != UINT16_MAX && + *alg != el->primary_algorithm) + (void) table_hide_column_from_display(table, c); + + _cleanup_free_ char *j = NULL; + if (json_field_prefix) { + _cleanup_free_ char *m = strdup(n); + if (!m) + return log_oom(); + + j = strjoin(json_field_prefix, ascii_strupper(m)); + if (!j) + return log_oom(); + } + + (void) table_set_json_field_name(table, c, j ?: n); + } + + return 0; +} + +static int show_log_table(EventLog *el, JsonVariant **ret_variant) { + _cleanup_(table_unrefp) Table *table = NULL; + int r; + + assert(el); + + table = table_new_raw(5 + el->n_algorithms + 4); + if (!table) + return log_oom(); + + (void) table_set_ersatz_string(table, TABLE_ERSATZ_DASH); + + r = table_add_many(table, + TABLE_HEADER, "pcr", + TABLE_SET_ALIGN_PERCENT, 100, + TABLE_HEADER, "", + TABLE_HEADER, "pcrname", + TABLE_HEADER, "event", + TABLE_HEADER, "match", + TABLE_SET_ALIGN_PERCENT, 100); + if (r < 0) + return table_log_add_error(r); + + r = add_algorithm_columns(el, table, NULL, NULL); + if (r < 0) + return r; + + size_t phase_column = table_get_current_column(table); + + r = table_add_many(table, + TABLE_HEADER, "F/U", + TABLE_HEADER, "source", + TABLE_HEADER, "component", + TABLE_HEADER, "description"); + if (r < 0) + return table_log_add_error(r); + + (void) table_hide_column_from_display(table, table_get_columns(table) - 3); /* hide source */ + + if (!FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF)) + (void) table_hide_column_from_display(table, (size_t) 1); /* hide color block column */ + + (void) table_set_json_field_name(table, phase_column, "phase"); + + FOREACH_ARRAY(rr, el->records, el->n_records) { + EventLogRecord *record = *rr; + + r = table_add_many(table, + TABLE_UINT32, record->pcr, + TABLE_STRING, special_glyph(SPECIAL_GLYPH_FULL_BLOCK), + TABLE_SET_COLOR, color_for_pcr(el, record->pcr), + TABLE_STRING, tpm2_pcr_index_to_string(record->pcr)); + if (r < 0) + return table_log_add_error(r); + + if (EVENT_LOG_RECORD_IS_FIRMWARE(record)) { + const char *et; + + et = tpm2_log_event_type_to_string(record->firmware_event_type); + if (et) + r = table_add_cell(table, NULL, TABLE_STRING, et); + else + r = table_add_cell(table, NULL, TABLE_UINT32_HEX, &record->firmware_event_type); + } else if (EVENT_LOG_RECORD_IS_USERSPACE(record)) + r = table_add_cell(table, NULL, TABLE_STRING, tpm2_userspace_event_type_to_string(record->userspace_event_type)); + else + r = table_add_cell(table, NULL, TABLE_EMPTY, NULL); + if (r < 0) + return table_log_add_error(r); + + if (record->event_payload_valid < 0 || record->event_payload_valid == EVENT_PAYLOAD_VALID_DONT_KNOW) + r = table_add_cell(table, NULL, TABLE_EMPTY, NULL); + else + r = table_add_many(table, + TABLE_BOOLEAN_CHECKMARK, record->event_payload_valid == EVENT_PAYLOAD_VALID_YES, + TABLE_SET_COLOR, ansi_highlight_green_red(record->event_payload_valid == EVENT_PAYLOAD_VALID_YES)); + if (r < 0) + return table_log_add_error(r); + + FOREACH_ARRAY(alg, el->algorithms, el->n_algorithms) { + EventLogRecordBank *bank; + + bank = event_log_record_find_bank(record, *alg); + if (bank) { + _cleanup_free_ char *hex = NULL; + + hex = hexmem(bank->hash.buffer, bank->hash.size); + if (!hex) + return log_oom(); + + r = table_add_cell(table, NULL, TABLE_STRING, hex); + } else + r = table_add_cell(table, NULL, TABLE_EMPTY, NULL); + if (r < 0) + return table_log_add_error(r); + } + + r = table_add_many(table, + TABLE_STRING, EVENT_LOG_RECORD_IS_FIRMWARE(record) ? "F" : + EVENT_LOG_RECORD_IS_USERSPACE(record) ? "U" : NULL, + TABLE_PATH_BASENAME, record->source, + TABLE_PATH_BASENAME, record->n_mapped > 0 ? record->mapped[0]->component->id : NULL, + TABLE_STRING, record->description); + if (r < 0) + return table_log_add_error(r); + } + + if (ret_variant) { + r = table_to_json(table, ret_variant); + if (r < 0) + return log_error_errno(r, "Failed to format table to JSON: %m"); + + return 0; + } + + r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, /* show_header= */true); + if (r < 0) + return log_error_errno(r, "Failed to output table: %m"); + + return 0; +} + +static bool is_unset_pcr(const void *value, size_t size) { + return memeqzero(value, size) || memeqbyte(0xffu, value, size); +} + +static bool event_log_pcr_checks_out(const EventLog *el, const EventLogRegister *reg) { + assert(el); + assert(reg); + + for (size_t i = 0; i < el->n_algorithms; i++) + if (memcmp_nn(reg->banks[i].calculated.buffer, reg->banks[i].calculated.size, + reg->banks[i].observed.buffer, reg->banks[i].observed.size) != 0) + return false; + + return true; +} + +static int show_pcr_table(EventLog *el, JsonVariant **ret_variant) { + _cleanup_(table_unrefp) Table *table = NULL; + int r; + + assert(el); + + table = table_new_raw(8 + el->n_algorithms*2); + if (!table) + return log_oom(); + + (void) table_set_ersatz_string(table, TABLE_ERSATZ_DASH); + + r = table_add_many(table, + TABLE_HEADER, "pcr", + TABLE_SET_ALIGN_PERCENT, 100, + TABLE_HEADER, "", /* color block column */ + TABLE_HEADER, "", /* emoji column */ + TABLE_HEADER, "pcrname", + TABLE_HEADER, "count", + TABLE_SET_ALIGN_PERCENT, 100, + TABLE_HEADER, "h", + TABLE_SET_ALIGN_PERCENT, 100, + TABLE_HEADER, "r", + TABLE_SET_ALIGN_PERCENT, 100, + TABLE_HEADER, "c", + TABLE_SET_ALIGN_PERCENT, 100); + if (r < 0) + return table_log_add_error(r); + + r = add_algorithm_columns(el, table, "Calculated", "calculated"); + if (r < 0) + return r; + + r = add_algorithm_columns(el, table, "Observed", "observed"); + if (r < 0) + return r; + + if (!FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF)) + (void) table_hide_column_from_display(table, (size_t) 1, (size_t) 2); /* hide color block and emoji column */ + else if (!emoji_enabled()) + (void) table_hide_column_from_display(table, (size_t) 2); + + (void) table_set_json_field_name(table, 5, "hashMatchesEventLog"); + (void) table_set_json_field_name(table, 6, "allEventsMatched"); + (void) table_set_json_field_name(table, 7, "noMissingComponents"); + + for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) { + /* Check if the PCR hash value matches the event log data */ + bool hash_match = event_log_pcr_checks_out(el, el->registers + pcr); + + /* Whether all records in this PCR have a matching component */ + bool fully_recognized = el->registers[pcr].fully_recognized; + + /* Whether any unmatched components touch this PCR */ + bool missing_components = FLAGS_SET(el->missing_component_pcrs, UINT32_C(1) << pcr); + + const char *emoji = special_glyph( + !hash_match ? SPECIAL_GLYPH_DEPRESSED_SMILEY : + !fully_recognized ? SPECIAL_GLYPH_UNHAPPY_SMILEY : + missing_components ? SPECIAL_GLYPH_SLIGHTLY_HAPPY_SMILEY : + SPECIAL_GLYPH_HAPPY_SMILEY); + + r = table_add_many(table, + TABLE_UINT32, pcr, + TABLE_STRING, special_glyph(SPECIAL_GLYPH_FULL_BLOCK), + TABLE_SET_COLOR, color_for_pcr(el, pcr), + TABLE_STRING, emoji, + TABLE_STRING, tpm2_pcr_index_to_string(pcr)); + if (r < 0) + return table_log_add_error(r); + + if (el->registers[pcr].n_measurements > 0) + r = table_add_cell(table, NULL, TABLE_UINT, &el->registers[pcr].n_measurements); + else + r = table_add_cell(table, NULL, TABLE_EMPTY, NULL); + if (r < 0) + return table_log_add_error(r); + + r = table_add_many(table, + TABLE_BOOLEAN_CHECKMARK, hash_match, + TABLE_SET_COLOR, ansi_highlight_green_red(hash_match), + TABLE_BOOLEAN_CHECKMARK, fully_recognized, + TABLE_SET_COLOR, ansi_highlight_green_red(fully_recognized), + TABLE_BOOLEAN_CHECKMARK, !missing_components, + TABLE_SET_COLOR, ansi_highlight_green_red(!missing_components)); + if (r < 0) + return table_log_add_error(r); + + for (size_t i = 0; i < el->n_algorithms; i++) { + const char *color; + + color = is_unset_pcr(el->registers[pcr].banks[i].calculated.buffer, el->registers[pcr].banks[i].calculated.size) ? ANSI_GREY : NULL; + + if (el->registers[pcr].banks[i].calculated.size > 0) { + _cleanup_free_ char *hex = NULL; + + hex = hexmem(el->registers[pcr].banks[i].calculated.buffer, el->registers[pcr].banks[i].calculated.size); + if (!hex) + return log_oom(); + + r = table_add_many(table, + TABLE_STRING, hex, + TABLE_SET_COLOR, color); + } else + r = table_add_many(table, + TABLE_EMPTY, + TABLE_SET_COLOR, color); + if (r < 0) + return table_log_add_error(r); + } + + for (size_t i = 0; i < el->n_algorithms; i++) { + _cleanup_free_ char *hex = NULL; + const char *color; + + hex = hexmem(el->registers[pcr].banks[i].observed.buffer, el->registers[pcr].banks[i].observed.size); + if (!hex) + return log_oom(); + + color = !hash_match ? ANSI_HIGHLIGHT_RED : + is_unset_pcr(el->registers[pcr].banks[i].observed.buffer, el->registers[pcr].banks[i].observed.size) ? ANSI_GREY : NULL; + + r = table_add_many(table, + TABLE_STRING, hex, + TABLE_SET_COLOR, color); + if (r < 0) + return table_log_add_error(r); + } + } + + if (ret_variant) { + r = table_to_json(table, ret_variant); + if (r < 0) + return log_error_errno(r, "Failed to format table to JSON: %m"); + + return 0; + } + + r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, /* show_header= */ true); + if (r < 0) + return log_error_errno(r, "Failed to output table: %m"); + + if (FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF)) + printf("\n" + "%sLegend: H → PCR hash value matches event log%s\n" + "%s R → All event log records for this PCR have a matching component%s\n" + "%s C → No components that couldn't be matched with log records affect this PCR%s\n", + ansi_grey(), ansi_normal(), /* less on small screens automatically resets the color after long lines, hence we set it anew for each line */ + ansi_grey(), ansi_normal(), + ansi_grey(), ansi_normal()); + + return 0; +} + +static int event_determine_primary_algorithm(EventLog *el) { + assert(el); + + if (el->n_algorithms == 0) { + /* Nothing loaded to make the decision on? Then pick SHA256 */ + el->primary_algorithm = TPM2_ALG_SHA256; + return 0; + } + + FOREACH_ARRAY(alg, el->algorithms, el->n_algorithms) { + /* If we have SHA256, focus on that that */ + + if (*alg == TPM2_ALG_SHA256) { + el->primary_algorithm = *alg; + return 0; + } + } + + /* Otherwise show the "best" (i.e. the one with the highest id value) */ + el->primary_algorithm = el->algorithms[el->n_algorithms-1]; + return 0; +} + +static int event_log_load_and_process(EventLog **ret) { + _cleanup_(event_log_freep) EventLog *el = NULL; + int r; + + el = event_log_new(); + if (!el) + return log_oom(); + + r = event_log_add_algorithms_from_environment(el); + if (r < 0) + return r; + + r = event_log_load(el); + if (r < 0) + return r; + + r = event_log_read_pcrs(el); + if (r < 0) + return r; + + r = event_log_calculate_pcrs(el); + if (r < 0) + return r; + + r = event_log_validate_record_hashes(el); + if (r < 0) + return r; + + r = event_determine_primary_algorithm(el); + if (r < 0) + return r; + + r = event_log_load_components(el); + if (r < 0) + return r; + + r = event_log_map_components(el); + if (r < 0) + return r; + + *ret = TAKE_PTR(el); + return 0; +} + +static int verb_show_log(int argc, char *argv[], void *userdata) { + _cleanup_(json_variant_unrefp) JsonVariant *log_table = NULL, *pcr_table = NULL; + _cleanup_(event_log_freep) EventLog *el = NULL; + bool want_json = !FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF); + int r; + + r = event_log_load_and_process(&el); + if (r < 0) + return r; + + if (!want_json) + putchar('\n'); + + r = show_log_table(el, want_json ? &log_table : NULL); + if (r < 0) + return r; + + if (!want_json) + putchar('\n'); + + r = show_pcr_table(el, want_json ? &pcr_table : NULL); + if (r < 0) + return r; + + if (want_json) { + _cleanup_(json_variant_unrefp) JsonVariant *object = NULL; + + r = json_build(&object, JSON_BUILD_OBJECT( + JSON_BUILD_PAIR_VARIANT("log", log_table), + JSON_BUILD_PAIR_VARIANT("pcrs", pcr_table))); + if (r < 0) + return log_error_errno(r, "Failed to generate combined object: %m"); + + r = json_variant_dump(object, arg_json_format_flags, stdout, /* prefix= */ NULL); + if (r < 0) + return log_error_errno(r, "Failed to dump JSON object: %m"); + } + + return 0; +} + +static int verb_show_cel(int argc, char *argv[], void *userdata) { + _cleanup_(json_variant_unrefp) JsonVariant *array = NULL; + _cleanup_(event_log_freep) EventLog *el = NULL; + uint64_t recnum = 0; + int r; + + el = event_log_new(); + if (!el) + return log_oom(); + + r = event_log_load(el); + if (r < 0) + return r; + + /* Output the event log in TCG CEL-JSON. */ + + FOREACH_ARRAY(rr, el->records, el->n_records) { + _cleanup_(json_variant_unrefp) JsonVariant *ja = NULL, *fj = NULL; + EventLogRecord *record = *rr; + JsonVariant *cd = NULL; + const char *ct = NULL; + + LIST_FOREACH(banks, bank, record->banks) { + r = json_variant_append_arrayb( + &ja, JSON_BUILD_OBJECT( + JSON_BUILD_PAIR_STRING("hashAlg", tpm2_hash_alg_to_string(bank->algorithm)), + JSON_BUILD_PAIR_HEX("digest", bank->hash.buffer, bank->hash.size))); + if (r < 0) + return log_error_errno(r, "Failed to append CEL digest entry: %m"); + } + + if (!ja) { + r = json_variant_new_array(&ja, NULL, 0); + if (r < 0) + return log_error_errno(r, "Failed to allocate JSON array: %m"); + } + + if (EVENT_LOG_RECORD_IS_FIRMWARE(record)) { + _cleanup_free_ char *et = NULL; + const char *z; + + z = tpm2_log_event_type_to_string(record->firmware_event_type); + if (z) { + _cleanup_free_ char *b = NULL; + + b = strreplace(z, "-", "_"); + if (!b) + return log_oom(); + + et = strjoin("EV_", ascii_strupper(b)); + if (!et) + return log_oom(); + } else if (asprintf(&et, "%" PRIu32, record->firmware_event_type) < 0) + return log_oom(); + + r = json_build(&fj, JSON_BUILD_OBJECT( + JSON_BUILD_PAIR_STRING("event_type", et), + JSON_BUILD_PAIR_HEX("event_data", record->firmware_payload, record->firmware_payload_size))); + if (r < 0) + return log_error_errno(r, "Failed to build firmware event data: %m"); + + cd = fj; + ct = "pcclient_std"; + } else if (EVENT_LOG_RECORD_IS_USERSPACE(record)) { + cd = record->userspace_content; + ct = "systemd"; + } + + r = json_variant_append_arrayb(&array, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR_UNSIGNED("pcr", record->pcr), + JSON_BUILD_PAIR_UNSIGNED("recnum", ++recnum), + JSON_BUILD_PAIR_VARIANT("digests", ja), + JSON_BUILD_PAIR_CONDITION(ct, "content_type", JSON_BUILD_STRING(ct)), + JSON_BUILD_PAIR_CONDITION(cd, "content", JSON_BUILD_VARIANT(cd)))); + if (r < 0) + return log_error_errno(r, "Failed to append CEL record: %m"); + } + + if (arg_json_format_flags & (JSON_FORMAT_PRETTY|JSON_FORMAT_PRETTY_AUTO)) + pager_open(arg_pager_flags); + + json_variant_dump(array, arg_json_format_flags|JSON_FORMAT_EMPTY_ARRAY, stdout, NULL); + return 0; +} + +static int verb_list_components(int argc, char *argv[], void *userdata) { + _cleanup_(event_log_freep) EventLog *el = NULL; + _cleanup_(table_unrefp) Table *table = NULL; + enum { + BEFORE_LOCATION, + BETWEEN_LOCATION, + AFTER_LOCATION, + } loc = BEFORE_LOCATION; + int r; + + el = event_log_new(); + if (!el) + return log_oom(); + + r = event_log_add_algorithms_from_environment(el); + if (r < 0) + return r; + + r = event_determine_primary_algorithm(el); + if (r < 0) + return r; + + r = event_log_load_components(el); + if (r < 0) + return r; + + table = table_new("id", "variants"); + if (!table) + return log_oom(); + + FOREACH_ARRAY(c, el->components, el->n_components) { + + if (FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF)) { + _cleanup_free_ char *marker = NULL; + + switch (loc) { + + case BEFORE_LOCATION: + if (arg_location_end && strcmp((*c)->id, arg_location_end) >= 0) { + loc = AFTER_LOCATION; + marker = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_RIGHT), " location '", arg_location_end, "' ", special_glyph(SPECIAL_GLYPH_ARROW_LEFT)); + } else if (arg_location_start && strcmp((*c)->id, arg_location_start) >= 0) { + loc = BETWEEN_LOCATION; + marker = strjoin(special_glyph(SPECIAL_GLYPH_TREE_TOP), " start location '", arg_location_start, "' ", special_glyph(SPECIAL_GLYPH_ARROW_DOWN)); + } + + break; + + case BETWEEN_LOCATION: + if (arg_location_end && strcmp((*c)->id, arg_location_end) >= 0) { + loc = AFTER_LOCATION; + marker = strjoin(special_glyph(SPECIAL_GLYPH_TREE_RIGHT), " end location '", arg_location_end, "' ", special_glyph(SPECIAL_GLYPH_ARROW_UP)); + } + break; + + case AFTER_LOCATION: + break; + } + + if (marker) { + r = table_add_many(table, + TABLE_STRING, marker, + TABLE_SET_COLOR, ANSI_GREY, + TABLE_EMPTY); + if (r < 0) + return table_log_add_error(r); + } + } + + FOREACH_ARRAY(variant, (*c)->variants, (*c)->n_variants) { + r = table_add_many(table, + TABLE_STRING, (*c)->id, + TABLE_PATH, (*variant)->path); + if (r < 0) + return table_log_add_error(r); + } + } + + if (table_get_rows(table) > 1 || !FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF)) { + r = table_print_with_pager(table, arg_json_format_flags, arg_pager_flags, /* show_header= */ true); + if (r < 0) + return log_error_errno(r, "Failed to output table: %m"); + } + + if (FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF)) { + if (table_get_rows(table) > 1) + printf("\n%zu components listed.\n", table_get_rows(table) - 1); + else + printf("No components defined.\n"); + } + + return 0; +} + +static int event_log_pcr_mask_checks_out(EventLog *el, uint32_t mask) { + assert(el); + + for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) { + + if (!FLAGS_SET(mask, UINT32_C(1) << pcr)) + continue; + + if (!event_log_pcr_checks_out(el, el->registers + pcr)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Event log for PCR %" PRIu32 " does not match PCR state, refusing.", pcr); + } + + return 0; +} + +static int make_pcrlock_record( + uint32_t pcr, + const void *data, + size_t data_size, + JsonVariant **ret_record) { + + _cleanup_(json_variant_unrefp) JsonVariant *digests = NULL; + int r; + + assert(data || data_size == 0); + assert(ret_record); + + if (data_size == SIZE_MAX) + data_size = strlen(data); + + /* Generates a .pcrlock record for the given PCR and data/data size. This is a subset of TCG CEL. */ + + FOREACH_ARRAY(pa, tpm2_hash_algorithms, TPM2_N_HASH_ALGORITHMS) { + _cleanup_free_ unsigned char *hash = NULL; + int hash_ssize; + unsigned hash_usize; + const EVP_MD *md; + const char *a; + + assert_se(a = tpm2_hash_alg_to_string(*pa)); + assert_se(md = EVP_get_digestbyname(a)); + hash_ssize = EVP_MD_size(md); + assert_se(hash_ssize > 0); + hash_usize = hash_ssize; + + hash = malloc(hash_usize); + if (!hash) + return log_oom(); + + if (EVP_Digest(data, data_size, hash, &hash_usize, md, NULL) != 1) + return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to hash data with algorithm '%s'.", a); + + r = json_variant_append_arrayb( + &digests, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("hashAlg", JSON_BUILD_STRING(a)), + JSON_BUILD_PAIR("digest", JSON_BUILD_HEX(hash, hash_usize)))); + if (r < 0) + return log_error_errno(r, "Failed to build JSON digest object: %m"); + } + + r = json_build(ret_record, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("pcr", JSON_BUILD_UNSIGNED(pcr)), + JSON_BUILD_PAIR("digests", JSON_BUILD_VARIANT(digests)))); + if (r < 0) + return log_error_errno(r, "Failed to build record object: %m"); + + return 0; +} + +static const char *pcrlock_path(const char *default_pcrlock_path) { + return arg_pcrlock_path ?: arg_pcrlock_auto ? default_pcrlock_path : NULL; +} + +static int write_pcrlock(JsonVariant *array, const char *default_pcrlock_path) { + _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *a = NULL; + _cleanup_fclose_ FILE *f = NULL; + const char *p; + int r; + + if (!array) { + r = json_variant_new_array(&a, NULL, 0); + if (r < 0) + return log_error_errno(r, "Failed to allocate empty array: %m"); + + array = a; + } + + r = json_build(&v, JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("records", JSON_BUILD_VARIANT(array)))); + if (r < 0) + return log_error_errno(r, "Failed to build JSON object: %m"); + + p = pcrlock_path(default_pcrlock_path); + if (p) { + (void) mkdir_parents_label(p, 0755); + + f = fopen(p, "we"); + if (!f) + return log_error_errno(errno, "Failed to open %s for writing: %m", p); + } + + r = json_variant_dump(v, arg_json_format_flags, f ?: stdout, /* prefix= */ NULL); + if (r < 0) + return log_error_errno(r, "Failed to output JSON object: %m"); + + if (p) + log_info("%s written.", p); + + return 0; +} + +static int unlink_pcrlock(const char *default_pcrlock_path) { + const char *p; + + p = pcrlock_path(default_pcrlock_path); + if (!p) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No .pcrlock path specified, refusing."); + + if (unlink(p) < 0) { + if (errno != ENOENT) + return log_error_errno(errno, "Failed to delete %s: %m", p); + + log_info("%s already deleted.", p); + } else + log_info("%s deleted.", p); + + (void) rmdir_parents(p, "/var/lib"); + + return 0; +} + +static int verb_lock_raw(int argc, char *argv[], void *userdata) { + _cleanup_(json_variant_unrefp) JsonVariant *array = NULL; + _cleanup_free_ char *data = NULL; + _cleanup_fclose_ FILE *f = NULL; + size_t size; + int r; + + if (arg_pcr_mask == 0) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No PCR specified, refusing."); + + if (argc >= 2) { + f = fopen(argv[1], "re"); + if (!f) + return log_error_errno(errno, "Failed to open '%s': %m", argv[1]); + } + + r = read_full_stream(f ?: stdin, &data, &size); + if (r < 0) + return log_error_errno(r, "Failed to read data from stdin: %m"); + + for (uint32_t i = 0; i < TPM2_PCRS_MAX; i++) { + _cleanup_(json_variant_unrefp) JsonVariant *record = NULL; + + if (!FLAGS_SET(arg_pcr_mask, UINT32_C(1) << i)) + continue; + + r = make_pcrlock_record(i, data, size, &record); + if (r < 0) + return r; + + r = json_variant_append_array(&array, record); + if (r < 0) + return log_error_errno(r, "Failed to append to JSON array: %m"); + } + + return write_pcrlock(array, NULL); +} + +static int verb_unlock_simple(int argc, char *argv[], void *userdata) { + return unlink_pcrlock(NULL); +} + +static int verb_lock_secureboot_policy(int argc, char *argv[], void *userdata) { + static const struct { + sd_id128_t id; + const char *name; + int synthesize_empty; /* 0 → fail, > 0 → synthesize empty db, < 0 → skip */ + } variables[] = { + { EFI_VENDOR_GLOBAL, "SecureBoot", 0 }, + { EFI_VENDOR_GLOBAL, "PK", 1 }, + { EFI_VENDOR_GLOBAL, "KEK", 1 }, + { EFI_VENDOR_DATABASE, "db", 1 }, + { EFI_VENDOR_DATABASE, "dbx", 1 }, + { EFI_VENDOR_DATABASE, "dbt", -1 }, + { EFI_VENDOR_DATABASE, "dbr", -1 }, + }; + + _cleanup_(json_variant_unrefp) JsonVariant *array = NULL; + int r; + + /* Generates expected records from the current SecureBoot state, as readable in the EFI variables + * right now. */ + + FOREACH_ARRAY(vv, variables, ELEMENTSOF(variables)) { + _cleanup_(json_variant_unrefp) JsonVariant *record = NULL; + + _cleanup_free_ char *name = NULL; + if (asprintf(&name, "%s-" SD_ID128_UUID_FORMAT_STR, vv->name, SD_ID128_FORMAT_VAL(vv->id)) < 0) + return log_oom(); + + _cleanup_free_ void *data = NULL; + size_t data_size; + r = efi_get_variable(name, NULL, &data, &data_size); + if (r < 0) { + if (r != -ENOENT || vv->synthesize_empty == 0) + return log_error_errno(r, "Failed to read EFI variable '%s': %m", name); + if (vv->synthesize_empty < 0) + continue; + + /* If the main database variables are not set we don't consider this an error, but + * measure an empty database instead. */ + log_debug("EFI variable %s is not set, synthesizing empty variable for measurement.", name); + data_size = 0; + } + + _cleanup_free_ char16_t* name16 = utf8_to_utf16(vv->name, SIZE_MAX); + if (!name16) + return log_oom(); + size_t name16_bytes = char16_strlen(name16) * 2; + + size_t vdata_size = offsetof(UEFI_VARIABLE_DATA, unicodeName) + name16_bytes + data_size; + _cleanup_free_ UEFI_VARIABLE_DATA *vdata = malloc(vdata_size); + if (!vdata) + return log_oom(); + + *vdata = (UEFI_VARIABLE_DATA) { + .unicodeNameLength = name16_bytes / 2, + .variableDataLength = data_size, + }; + + efi_id128_to_guid(vv->id, vdata->variableName); + memcpy(mempcpy(vdata->unicodeName, name16, name16_bytes), data, data_size); + + r = make_pcrlock_record(TPM2_PCR_SECURE_BOOT_POLICY /* =7 */, vdata, vdata_size, &record); + if (r < 0) + return r; + + r = json_variant_append_array(&array, record); + if (r < 0) + return log_error_errno(r, "Failed to append to JSON array: %m"); + } + + return write_pcrlock(array, PCRLOCK_SECUREBOOT_POLICY_PATH); +} + +static int verb_unlock_secureboot_policy(int argc, char *argv[], void *userdata) { + return unlink_pcrlock(PCRLOCK_SECUREBOOT_POLICY_PATH); +} + +static int event_log_record_is_secureboot_variable(EventLogRecord *rec, sd_id128_t uuid, const char *name) { + _cleanup_free_ char *found_name = NULL; + sd_id128_t found_uuid; + int r; + + assert(rec); + assert(name); + + if (!EVENT_LOG_RECORD_IS_FIRMWARE(rec)) + return false; + + if (rec->pcr != TPM2_PCR_SECURE_BOOT_POLICY) + return false; + + if (rec->event_payload_valid != EVENT_PAYLOAD_VALID_YES) + return false; + + if (rec->firmware_event_type != EV_EFI_VARIABLE_DRIVER_CONFIG) + return false; + + r = event_log_record_parse_variable_data(rec, &found_uuid, &found_name); + if (r == -EBADMSG) + return false; + if (r < 0) + return r; + + if (!sd_id128_equal(found_uuid, uuid)) + return false; + + return streq(found_name, name); +} + +static bool event_log_record_is_secureboot_authority(EventLogRecord *rec) { + assert(rec); + + if (!EVENT_LOG_RECORD_IS_FIRMWARE(rec)) + return false; + + if (rec->pcr != TPM2_PCR_SECURE_BOOT_POLICY) + return false; + + if (rec->event_payload_valid != EVENT_PAYLOAD_VALID_YES) + return false; + + return rec->firmware_event_type == EV_EFI_VARIABLE_AUTHORITY; +} + +static int event_log_ensure_secureboot_consistency(EventLog *el) { + static const struct { + sd_id128_t id; + const char *name; + bool required; + } table[] = { + { EFI_VENDOR_GLOBAL, "SecureBoot", true }, + { EFI_VENDOR_GLOBAL, "PK", true }, + { EFI_VENDOR_GLOBAL, "KEK", true }, + { EFI_VENDOR_DATABASE, "db", true }, + { EFI_VENDOR_DATABASE, "dbx", true }, + { EFI_VENDOR_DATABASE, "dbt", false }, + { EFI_VENDOR_DATABASE, "dbr", false }, + // FIXME: ensure we also find the separator here + }; + + EventLogRecord *records[ELEMENTSOF(table)] = {}; + EventLogRecord *first_authority = NULL; + + assert(el); + + /* Ensures that the PCR 7 records are complete and in order. Before we lock down PCR 7 we want to + * ensure its state is actually consistent. */ + + FOREACH_ARRAY(rr, el->records, el->n_records) { + EventLogRecord *rec = *rr; + size_t found = SIZE_MAX; + + if (event_log_record_is_secureboot_authority(rec)) { + if (first_authority) + continue; + + first_authority = rec; + // FIXME: also check that each authority record's data is also listed in 'db' + continue; + } + + for (size_t i = 0; i < ELEMENTSOF(table); i++) + if (event_log_record_is_secureboot_variable(rec, table[i].id, table[i].name)) { + found = i; + break; + } + if (found == SIZE_MAX) + continue; + + /* Require the authority records always come *after* database measurements */ + if (first_authority) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "SecureBoot authority before variable, refusing."); + + /* Check for duplicates */ + if (records[found]) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Duplicate '%s' record, refusing.", rec->description); + + /* Check for order */ + for (size_t j = found + 1; j < ELEMENTSOF(table); j++) + if (records[j]) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "'%s' record before '%s' record, refusing.", records[j]->description, rec->description); + + records[found] = rec; + } + + /* Check for existence */ + for (size_t i = 0; i < ELEMENTSOF(table); i++) + if (table[i].required && !records[i]) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Required record '%s' not found, refusing.", table[i].name); + + /* At this point we know that all required variables have been measured, in the right order. */ + return 0; +} + +static int verb_lock_secureboot_authority(int argc, char *argv[], void *userdata) { + _cleanup_(json_variant_unrefp) JsonVariant *array = NULL; + _cleanup_(event_log_freep) EventLog *el = NULL; + int r; + + /* Lock down the EV_EFI_VARIABLE_AUTHORITY records from the existing log. Note that there's not too + * much value in locking this down too much, since it stores only the result of the primary database + * checks, and that's what we should bind policy to. Moreover it's hard to predict, since extension + * card firmware validation will result in additional records here. */ + + if (!is_efi_secure_boot()) { + log_info("SecureBoot disabled, not generating authority .pcrlock file."); + return unlink_pcrlock(PCRLOCK_SECUREBOOT_AUTHORITY_PATH); + } + + el = event_log_new(); + if (!el) + return log_oom(); + + r = event_log_add_algorithms_from_environment(el); + if (r < 0) + return r; + + r = event_log_load(el); + if (r < 0) + return r; + + r = event_log_read_pcrs(el); + if (r < 0) + return r; + + r = event_log_calculate_pcrs(el); + if (r < 0) + return r; + + /* Before we base anything on the event log records, let's check that the event log state checks + * out. */ + + r = event_log_pcr_mask_checks_out(el, UINT32_C(1) << TPM2_PCR_SECURE_BOOT_POLICY); + if (r < 0) + return r; + + r = event_log_validate_record_hashes(el); + if (r < 0) + return r; + + r = event_log_ensure_secureboot_consistency(el); + if (r < 0) + return r; + + FOREACH_ARRAY(rr, el->records, el->n_records) { + _cleanup_(json_variant_unrefp) JsonVariant *digests = NULL; + EventLogRecord *rec = *rr; + + if (!event_log_record_is_secureboot_authority(rec)) + continue; + + log_debug("Locking down authority '%s'.", strna(rec->description)); + + LIST_FOREACH(banks, bank, rec->banks) { + r = json_variant_append_arrayb( + &digests, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("hashAlg", JSON_BUILD_STRING(tpm2_hash_alg_to_string(bank->algorithm))), + JSON_BUILD_PAIR("digest", JSON_BUILD_HEX(bank->hash.buffer, bank->hash.size)))); + if (r < 0) + return log_error_errno(r, "Failed to build digests array: %m"); + } + + r = json_variant_append_arrayb( + &array, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("pcr", JSON_BUILD_UNSIGNED(rec->pcr)), + JSON_BUILD_PAIR("digests", JSON_BUILD_VARIANT(digests)))); + if (r < 0) + return log_error_errno(r, "Failed to build record array: %m"); + } + + return write_pcrlock(array, PCRLOCK_SECUREBOOT_AUTHORITY_PATH); +} + +static int verb_unlock_secureboot_authority(int argc, char *argv[], void *userdata) { + return unlink_pcrlock(PCRLOCK_SECUREBOOT_AUTHORITY_PATH); +} + +static int verb_lock_gpt(int argc, char *argv[], void *userdata) { + _cleanup_(json_variant_unrefp) JsonVariant *array = NULL, *record = NULL; + _cleanup_(sd_device_unrefp) sd_device *d = NULL; + uint8_t h[2 * 4096]; /* space for at least two 4K sectors. GPT header should definitely be in here */ + uint64_t start, n_members, member_size; + _cleanup_close_ int fd = -EBADF; + const GptHeader *p; + size_t found = 0; + ssize_t n; + int r; + + r = block_device_new_from_path( + argc >= 2 ? argv[1] : "/", + BLOCK_DEVICE_LOOKUP_WHOLE_DISK|BLOCK_DEVICE_LOOKUP_BACKING|BLOCK_DEVICE_LOOKUP_ORIGINATING, + &d); + if (r < 0) + return log_error_errno(r, "Failed to determine root block device: %m"); + + fd = sd_device_open(d, O_CLOEXEC|O_RDONLY|O_NOCTTY); + if (fd < 0) + return log_error_errno(fd, "Failed to open root block device: %m"); + + n = pread(fd, &h, sizeof(h), 0); + if (n < 0) + return log_error_errno(errno, "Failed to read GPT header of block device: %m"); + if ((size_t) n != sizeof(h)) + return log_error_errno(SYNTHETIC_ERRNO(EIO), "Short read trying to read GPT header: %m"); + + /* Try a couple of sector sizes */ + for (size_t sz = 512; sz <= 4096; sz <<= 1) { + assert(sizeof(h) >= sz * 2); + p = (const GptHeader*) (h + sz); /* 2nd sector */ + + if (!gpt_header_has_signature(p)) + continue; + + if (found != 0) + return log_error_errno(SYNTHETIC_ERRNO(ENOTUNIQ), + "Disk has partition table for multiple sector sizes, refusing."); + + found = sz; + } + + if (found == 0) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), + "Disk does not have GPT partition table, refusing."); + + p = (const GptHeader*) (h + found); + + if (le32toh(p->header_size) > found) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), + "GPT header size over long (%" PRIu32 "), refusing.", le32toh(p->header_size)); + + start = le64toh(p->partition_entry_lba); + if (start > UINT64_MAX / found) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), + "Partition table start offset overflow, refusing."); + + member_size = le32toh(p->size_of_partition_entry); + if (member_size < sizeof(GptPartitionEntry)) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), + "Partition entry size too short, refusing."); + + n_members = le32toh(p->number_of_partition_entries); + uint64_t member_bufsz = n_members * member_size; + if (member_bufsz > 1U*1024U*1024U) + return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), + "Partition table size too large, refusing."); + + member_bufsz = ROUND_UP(member_bufsz, found); + + _cleanup_free_ void *members = malloc(member_bufsz); + if (!members) + return log_oom(); + + n = pread(fd, members, member_bufsz, start * found); + if (n < 0) + return log_error_errno(errno, "Failed to read GPT partition table entries: %m"); + if ((size_t) n != member_bufsz) + return log_error_errno(SYNTHETIC_ERRNO(EIO), "Short read while reading GPT partition table entries: %m"); + + size_t vdata_size = le32toh(p->header_size) + sizeof(le64_t) + member_size * n_members; + _cleanup_free_ void *vdata = malloc0(vdata_size); + if (!vdata) + return log_oom(); + + void *n_measured_entries = mempcpy(vdata, p, sizeof(GptHeader)); /* n_measured_entries is a 64bit value */ + + void *qq = (uint8_t*) n_measured_entries + sizeof(le64_t); + + for (uint64_t i = 0; i < n_members; i++) { + const GptPartitionEntry *entry = (const GptPartitionEntry*) ((const uint8_t*) members + (member_size * i)); + + if (memeqzero(entry->partition_type_guid, sizeof(entry->partition_type_guid))) + continue; + + qq = mempcpy(qq, entry, member_size); + unaligned_write_le64(n_measured_entries, unaligned_read_le64(n_measured_entries) + 1); + } + + vdata_size = (uint8_t*) qq - (uint8_t*) vdata; + + r = make_pcrlock_record(TPM2_PCR_BOOT_LOADER_CONFIG /* =5 */, vdata, vdata_size, &record); + if (r < 0) + return r; + + r = json_variant_new_array(&array, &record, 1); + if (r < 0) + return log_error_errno(r, "Failed to append to JSON array: %m"); + + return write_pcrlock(array, PCRLOCK_GPT_PATH); +} + +static int verb_unlock_gpt(int argc, char *argv[], void *userdata) { + return unlink_pcrlock(PCRLOCK_GPT_PATH); +} + +static bool event_log_record_is_separator(const EventLogRecord *rec) { + assert(rec); + + /* Recognizes EV_SEPARATOR events */ + + if (!EVENT_LOG_RECORD_IS_FIRMWARE(rec)) + return false; + + if (rec->firmware_event_type != EV_SEPARATOR) + return false; + + return rec->event_payload_valid == EVENT_PAYLOAD_VALID_YES; /* Insist the record is consistent */ +} + +static int event_log_record_is_action_calling_efi_app(const EventLogRecord *rec) { + _cleanup_free_ char *d = NULL; + int r; + + assert(rec); + + /* Recognizes the special EV_EFI_ACTION that is issues when the firmware passes control to the boot loader. */ + + if (!EVENT_LOG_RECORD_IS_FIRMWARE(rec)) + return false; + + if (rec->pcr != TPM2_PCR_BOOT_LOADER_CODE) + return false; + + if (rec->firmware_event_type != EV_EFI_ACTION) + return false; + + if (rec->event_payload_valid != EVENT_PAYLOAD_VALID_YES) /* Insist the record is consistent */ + return false; + + r = make_cstring(rec->firmware_payload, rec->firmware_payload_size, MAKE_CSTRING_ALLOW_TRAILING_NUL, &d); + if (r < 0) + return r; + + return streq(d, "Calling EFI Application from Boot Option"); +} + +static void enable_json_sse(void) { + /* We shall write this to a single output stream? We have to output two files, hence try to be smart + * and enable JSON SSE */ + + if (!arg_pcrlock_path && arg_pcrlock_auto) + return; + + if (FLAGS_SET(arg_json_format_flags, JSON_FORMAT_SSE)) + return; + + log_notice("Enabling JSON_SEQ mode, since writing two .pcrlock files to single output."); + arg_json_format_flags |= JSON_FORMAT_SSE; +} + +static int verb_lock_firmware(int argc, char *argv[], void *userdata) { + _cleanup_(json_variant_unrefp) JsonVariant *array_early = NULL, *array_late = NULL; + _cleanup_(event_log_freep) EventLog *el = NULL; + uint32_t always_mask, separator_mask, separator_seen_mask = 0, action_seen_mask = 0; + const char *default_pcrlock_early_path, *default_pcrlock_late_path; + int r; + + enable_json_sse(); + + /* The PCRs we intend to cover. Note that we measure firmware, external *and* boot loader code/config + * here – but the latter only until the "separator" events are seen, which tell us where transition + * into OS boot loader happens. This reflects the fact that on some systems the firmware already + * measures some firmware-supplied apps into PCR 4. (e.g. Thinkpad X1 Gen9) */ + if (endswith(argv[0], "firmware-code")) { + always_mask = (UINT32_C(1) << TPM2_PCR_PLATFORM_CODE) | /* → 0 */ + (UINT32_C(1) << TPM2_PCR_EXTERNAL_CODE); /* → 2 */ + + separator_mask = UINT32_C(1) << TPM2_PCR_BOOT_LOADER_CODE; /* → 4 */ + + default_pcrlock_early_path = PCRLOCK_FIRMWARE_CODE_EARLY_PATH; + default_pcrlock_late_path = PCRLOCK_FIRMWARE_CODE_LATE_PATH; + } else { + assert(endswith(argv[0], "firmware-config")); + always_mask = (UINT32_C(1) << TPM2_PCR_PLATFORM_CONFIG) | /* → 1 */ + (UINT32_C(1) << TPM2_PCR_EXTERNAL_CONFIG); /* → 3 */ + + separator_mask = UINT32_C(1) << TPM2_PCR_BOOT_LOADER_CONFIG; /* → 5 */ + + default_pcrlock_early_path = PCRLOCK_FIRMWARE_CONFIG_EARLY_PATH; + default_pcrlock_late_path = PCRLOCK_FIRMWARE_CONFIG_LATE_PATH; + } + + el = event_log_new(); + if (!el) + return log_oom(); + + r = event_log_add_algorithms_from_environment(el); + if (r < 0) + return r; + + r = event_log_load(el); + if (r < 0) + return r; + + r = event_log_read_pcrs(el); + if (r < 0) + return r; + + r = event_log_calculate_pcrs(el); + if (r < 0) + return r; + + r = event_log_validate_record_hashes(el); + if (r < 0) + return r; + + /* Before we base anything on the event log records for any of the selected PCRs, let's check that + * the event log state checks out for them. */ + + r = event_log_pcr_mask_checks_out(el, always_mask|separator_mask); + if (r < 0) + return r; + + // FIXME: before doing this, validate ahead-of-time that EV_SEPARATOR records exist for all entries, + // and exactly once + + FOREACH_ARRAY(rr, el->records, el->n_records) { + _cleanup_(json_variant_unrefp) JsonVariant *digests = NULL; + EventLogRecord *rec = *rr; + uint32_t bit = UINT32_C(1) << rec->pcr; + + if (!EVENT_LOG_RECORD_IS_FIRMWARE(rec)) + continue; + + if (!FLAGS_SET(always_mask, bit) && + !(FLAGS_SET(separator_mask, bit) && !FLAGS_SET(separator_seen_mask|action_seen_mask, bit))) + continue; + + /* If we hit the separator record, we stop processing the PCRs listed in `separator_mask` */ + if (event_log_record_is_separator(rec)) { + separator_seen_mask |= bit; + continue; + } + + /* If we hit the special "Calling EFI Application from Boot Option" action we treat this the + * same as a separator here, as that's where firmware passes control to boot loader. Note + * that some EFI implementations forget to generate one of them. */ + r = event_log_record_is_action_calling_efi_app(rec); + if (r < 0) + return log_error_errno(r, "Failed to check if event is 'Calling EFI Application from Boot Option' action: %m"); + if (r > 0) { + action_seen_mask |= bit; + continue; + } + + LIST_FOREACH(banks, bank, rec->banks) { + r = json_variant_append_arrayb( + &digests, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("hashAlg", JSON_BUILD_STRING(tpm2_hash_alg_to_string(bank->algorithm))), + JSON_BUILD_PAIR("digest", JSON_BUILD_HEX(bank->hash.buffer, bank->hash.size)))); + if (r < 0) + return log_error_errno(r, "Failed to build digests array: %m"); + } + + r = json_variant_append_arrayb( + FLAGS_SET(separator_seen_mask, bit) ? &array_late : &array_early, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("pcr", JSON_BUILD_UNSIGNED(rec->pcr)), + JSON_BUILD_PAIR("digests", JSON_BUILD_VARIANT(digests)))); + if (r < 0) + return log_error_errno(r, "Failed to build record array: %m"); + } + + r = write_pcrlock(array_early, default_pcrlock_early_path); + if (r < 0) + return r; + + return write_pcrlock(array_late, default_pcrlock_late_path); +} + +static int verb_unlock_firmware(int argc, char *argv[], void *userdata) { + const char *default_pcrlock_early_path, *default_pcrlock_late_path; + int r; + + if (endswith(argv[0], "firmware-code")) { + default_pcrlock_early_path = PCRLOCK_FIRMWARE_CODE_EARLY_PATH; + default_pcrlock_late_path = PCRLOCK_FIRMWARE_CODE_LATE_PATH; + } else { + default_pcrlock_early_path = PCRLOCK_FIRMWARE_CONFIG_EARLY_PATH; + default_pcrlock_late_path = PCRLOCK_FIRMWARE_CONFIG_LATE_PATH; + } + + r = unlink_pcrlock(default_pcrlock_early_path); + if (r < 0) + return r; + + if (arg_pcrlock_path) /* if the path is specified don't delete the same thing twice */ + return 0; + + r = unlink_pcrlock(default_pcrlock_late_path); + if (r < 0) + return r; + + return 0; +} + +static int verb_lock_machine_id(int argc, char *argv[], void *userdata) { + _cleanup_(json_variant_unrefp) JsonVariant *record = NULL, *array = NULL; + _cleanup_free_ char *word = NULL; + int r; + + r = pcrextend_machine_id_word(&word); + if (r < 0) + return r; + + r = make_pcrlock_record(TPM2_PCR_SYSTEM_IDENTITY /* = 15 */, word, SIZE_MAX, &record); + if (r < 0) + return r; + + r = json_variant_new_array(&array, &record, 1); + if (r < 0) + return log_error_errno(r, "Failed to create record array: %m"); + + return write_pcrlock(array, PCRLOCK_MACHINE_ID_PATH); +} + +static int verb_unlock_machine_id(int argc, char *argv[], void *userdata) { + return unlink_pcrlock(PCRLOCK_MACHINE_ID_PATH); +} + +static int pcrlock_file_system_path(const char *normalized_path, char **ret) { + _cleanup_free_ char *s = NULL; + + assert(normalized_path); + + if (path_equal(normalized_path, "/")) + s = strdup(PCRLOCK_ROOT_FILE_SYSTEM_PATH); + else { + /* We reuse the escaping we use for turning paths into unit names */ + _cleanup_free_ char *escaped = NULL; + + assert(normalized_path[0] == '/'); + assert(normalized_path[1] != '/'); + + escaped = unit_name_escape(normalized_path + 1); + if (!escaped) + return log_oom(); + + s = strjoin(PCRLOCK_FILE_SYSTEM_PATH_PREFIX, escaped, ".pcrlock"); + } + if (!s) + return log_oom(); + + *ret = TAKE_PTR(s); + return 0; +} + +static int verb_lock_file_system(int argc, char *argv[], void *userdata) { + const char* paths[3] = {}; + int r; + + if (argc > 1) + paths[0] = argv[1]; + else { + dev_t a, b; + paths[0] = "/"; + + r = get_block_device("/", &a); + if (r < 0) + return log_error_errno(r, "Failed to get device of root file system: %m"); + + r = get_block_device("/var", &b); + if (r < 0) + return log_error_errno(r, "Failed to get device of /var/ file system: %m"); + + /* if backing device is distinct, then measure /var/ too */ + if (a != b) + paths[1] = "/var"; + + enable_json_sse(); + } + + STRV_FOREACH(p, paths) { + _cleanup_free_ char *word = NULL, *normalized_path = NULL, *pcrlock_file = NULL; + _cleanup_(json_variant_unrefp) JsonVariant *record = NULL, *array = NULL; + + r = pcrextend_file_system_word(*p, &word, &normalized_path); + if (r < 0) + return r; + + r = pcrlock_file_system_path(normalized_path, &pcrlock_file); + if (r < 0) + return r; + + r = make_pcrlock_record(TPM2_PCR_SYSTEM_IDENTITY /* = 15 */, word, SIZE_MAX, &record); + if (r < 0) + return r; + + r = json_variant_new_array(&array, &record, 1); + if (r < 0) + return log_error_errno(r, "Failed to create record array: %m"); + + r = write_pcrlock(array, pcrlock_file); + if (r < 0) + return r; + } + + return 0; +} + +static int verb_unlock_file_system(int argc, char *argv[], void *userdata) { + const char* paths[3] = {}; + int r; + + if (argc > 1) + paths[0] = argv[1]; + else { + paths[0] = "/"; + paths[1] = "/var"; + } + + STRV_FOREACH(p, paths) { + _cleanup_free_ char *normalized_path = NULL, *pcrlock_file = NULL; + + r = chase(*p, NULL, 0, &normalized_path, NULL); + if (r < 0) + return log_error_errno(r, "Failed to normal path '%s': %m", argv[1]); + + r = pcrlock_file_system_path(normalized_path, &pcrlock_file); + if (r < 0) + return r; + + r = unlink_pcrlock(pcrlock_file); + if (r < 0) + return r; + } + + return 0; +} + +static int verb_lock_pe(int argc, char *argv[], void *userdata) { + _cleanup_(json_variant_unrefp) JsonVariant *array = NULL; + _cleanup_close_ int fd = -EBADF; + int r; + + // FIXME: Maybe also generate a matching EV_EFI_VARIABLE_AUTHORITY records here for each signature that + // covers this PE plus its hash, as alternatives under the same component name + + if (argc >= 2) { + fd = open(argv[1], O_RDONLY|O_CLOEXEC); + if (fd < 0) + return log_error_errno(errno, "Failed to open '%s': %m", argv[1]); + } + + if (arg_pcr_mask == 0) + arg_pcr_mask = UINT32_C(1) << TPM2_PCR_BOOT_LOADER_CODE; + + for (uint32_t i = 0; i < TPM2_PCRS_MAX; i++) { + _cleanup_(json_variant_unrefp) JsonVariant *digests = NULL; + + if (!FLAGS_SET(arg_pcr_mask, UINT32_C(1) << i)) + continue; + + FOREACH_ARRAY(pa, tpm2_hash_algorithms, TPM2_N_HASH_ALGORITHMS) { + _cleanup_free_ void *hash = NULL; + size_t hash_size; + const EVP_MD *md; + const char *a; + + assert_se(a = tpm2_hash_alg_to_string(*pa)); + assert_se(md = EVP_get_digestbyname(a)); + + r = pe_hash(fd < 0 ? STDIN_FILENO : fd, md, &hash, &hash_size); + if (r < 0) + return log_error_errno(r, "Failed to hash PE binary: %m"); + + r = json_variant_append_arrayb(&digests, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("hashAlg", JSON_BUILD_STRING(a)), + JSON_BUILD_PAIR("digest", JSON_BUILD_HEX(hash, hash_size)))); + if (r < 0) + return log_error_errno(r, "Failed to build JSON digest object: %m"); + } + + r = json_variant_append_arrayb( + &array, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("pcr", JSON_BUILD_UNSIGNED(i)), + JSON_BUILD_PAIR("digests", JSON_BUILD_VARIANT(digests)))); + if (r < 0) + return log_error_errno(r, "Failed to append record object: %m"); + } + + return write_pcrlock(array, NULL); +} + +typedef void* SectionHashArray[_UNIFIED_SECTION_MAX * TPM2_N_HASH_ALGORITHMS]; + +static void section_hashes_array_done(SectionHashArray *array) { + assert(array); + + for (size_t i = 0; i < _UNIFIED_SECTION_MAX * TPM2_N_HASH_ALGORITHMS; i++) + free((*array)[i]); +} + +static int verb_lock_uki(int argc, char *argv[], void *userdata) { + _cleanup_(json_variant_unrefp) JsonVariant *array = NULL, *pe_digests = NULL; + _cleanup_(section_hashes_array_done) SectionHashArray section_hashes = {}; + size_t hash_sizes[TPM2_N_HASH_ALGORITHMS]; + _cleanup_close_ int fd = -EBADF; + int r; + + if (arg_pcr_mask != 0) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "PCR not configurable for UKI lock down."); + + if (argc >= 2) { + fd = open(argv[1], O_RDONLY|O_CLOEXEC); + if (fd < 0) + return log_error_errno(errno, "Failed to open '%s': %m", argv[1]); + } + + for (size_t i = 0; i < TPM2_N_HASH_ALGORITHMS; i++) { + _cleanup_free_ void *peh = NULL; + const EVP_MD *md; + const char *a; + + assert_se(a = tpm2_hash_alg_to_string(tpm2_hash_algorithms[i])); + assert_se(md = EVP_get_digestbyname(a)); + + r = pe_hash(fd < 0 ? STDIN_FILENO : fd, md, &peh, hash_sizes + i); + if (r < 0) + return log_error_errno(r, "Failed to hash PE binary: %m"); + + r = json_variant_append_arrayb( + &pe_digests, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("hashAlg", JSON_BUILD_STRING(a)), + JSON_BUILD_PAIR("digest", JSON_BUILD_HEX(peh, hash_sizes[i])))); + if (r < 0) + return log_error_errno(r, "Failed to build JSON digest object: %m"); + + r = uki_hash(fd < 0 ? STDIN_FILENO : fd, md, section_hashes + (i * _UNIFIED_SECTION_MAX), hash_sizes + i); + if (r < 0) + return log_error_errno(r, "Failed to UKI hash PE binary: %m"); + } + + r = json_variant_append_arrayb( + &array, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("pcr", JSON_BUILD_UNSIGNED(TPM2_PCR_BOOT_LOADER_CODE)), + JSON_BUILD_PAIR("digests", JSON_BUILD_VARIANT(pe_digests)))); + if (r < 0) + return log_error_errno(r, "Failed to append record object: %m"); + + for (UnifiedSection section = 0; section < _UNIFIED_SECTION_MAX; section++) { + _cleanup_(json_variant_unrefp) JsonVariant *section_digests = NULL, *record = NULL; + + if (!unified_section_measure(section)) + continue; + + for (size_t i = 0; i < TPM2_N_HASH_ALGORITHMS; i++) { + const char *a; + void *hash; + + hash = section_hashes[i * _UNIFIED_SECTION_MAX + section]; + if (!hash) + continue; + + assert_se(a = tpm2_hash_alg_to_string(tpm2_hash_algorithms[i])); + + r = json_variant_append_arrayb( + §ion_digests, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("hashAlg", JSON_BUILD_STRING(a)), + JSON_BUILD_PAIR("digest", JSON_BUILD_HEX(hash, hash_sizes[i])))); + if (r < 0) + return log_error_errno(r, "Failed to build JSON digest object: %m"); + } + + if (!section_digests) + continue; + + /* So we have digests for this section, hence generate a record for the section name first. */ + r = make_pcrlock_record(TPM2_PCR_KERNEL_BOOT /* =11 */, unified_sections[section], strlen(unified_sections[section]) + 1, &record); + if (r < 0) + return r; + + r = json_variant_append_array(&array, record); + if (r < 0) + return log_error_errno(r, "Failed to append JSON record array: %m"); + + /* And then append a record for the section contents digests as well */ + r = json_variant_append_arrayb( + &array, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR("pcr", JSON_BUILD_UNSIGNED(TPM2_PCR_KERNEL_BOOT /* =11 */)), + JSON_BUILD_PAIR("digests", JSON_BUILD_VARIANT(section_digests)))); + if (r < 0) + return log_error_errno(r, "Failed to append record object: %m"); + } + + return write_pcrlock(array, NULL); +} + +static int event_log_reduce_to_safe_pcrs(EventLog *el, uint32_t *pcrs) { + _cleanup_free_ char *dropped = NULL, *kept = NULL; + + assert(el); + assert(pcrs); + + /* When we compile a new PCR policy we don't want to bind to PCRs which are fishy for one of three + * reasons: + * + * 1. The PCR value doesn't match the event log + * 2. The event log for the PCR contains measurements we don't know responsible components for + * 3. The event log for the PCR does not contain measurements for components we know + * + * This function checks for the three conditions and drops the PCR from the mask. + */ + + for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) { + + if (!FLAGS_SET(*pcrs, UINT32_C(1) << pcr)) + continue; + + if (!event_log_pcr_checks_out(el, el->registers + pcr)) { + log_notice("PCR %" PRIu32 " (%s) value does not match event log. Removing from set of PCRs.", pcr, strna(tpm2_pcr_index_to_string(pcr))); + goto drop; + } + + if (!el->registers[pcr].fully_recognized) { + log_notice("PCR %" PRIu32 " (%s) event log contains unrecognized measurements. Removing from set of PCRs.", pcr, strna(tpm2_pcr_index_to_string(pcr))); + goto drop; + } + + if (FLAGS_SET(el->missing_component_pcrs, UINT32_C(1) << pcr)) { + log_notice("PCR %" PRIu32 " (%s) is touched by component we can't find in event log. Removing from set of PCRs.", pcr, strna(tpm2_pcr_index_to_string(pcr))); + goto drop; + } + + log_info("PCR %" PRIu32 " (%s) matches event log and fully consists of recognized measurements. Including in set of PCRs.", pcr, strna(tpm2_pcr_index_to_string(pcr))); + + if (strextendf_with_separator(&kept, ", ", "%" PRIu32 " (%s)", pcr, tpm2_pcr_index_to_string(pcr)) < 0) + return log_oom(); + + continue; + + drop: + *pcrs &= ~(UINT32_C(1) << pcr); + + if (strextendf_with_separator(&dropped, ", ", "%" PRIu32 " (%s)", pcr, tpm2_pcr_index_to_string(pcr)) < 0) + return log_oom(); + } + + if (dropped) + log_notice("PCRs dropped from protection mask: %s", dropped); + else + log_debug("No PCRs dropped from protection mask."); + + if (kept) + log_notice("PCRs in protection mask: %s", kept); + else + log_notice("No PCRs kept in protection mask."); + + return 0; +} + +static int verb_lock_kernel_cmdline(int argc, char *argv[], void *userdata) { + _cleanup_(json_variant_unrefp) JsonVariant *record = NULL, *array = NULL; + _cleanup_free_ char *cmdline = NULL; + int r; + + if (argc > 1) { + if (empty_or_dash(argv[1])) + r = read_full_stream(stdin, &cmdline, NULL); + else + r = read_full_file(argv[1], &cmdline, NULL); + } else + r = proc_cmdline(&cmdline); + if (r < 0) + return log_error_errno(r, "Failed to read cmdline: %m"); + + delete_trailing_chars(cmdline, "\n"); + + _cleanup_free_ char16_t *u = NULL; + u = utf8_to_utf16(cmdline, SIZE_MAX); + if (!u) + return log_oom(); + + r = make_pcrlock_record(TPM2_PCR_KERNEL_INITRD /* = 9 */, u, char16_strlen(u)*2+2, &record); + if (r < 0) + return r; + + r = json_variant_new_array(&array, &record, 1); + if (r < 0) + return log_error_errno(r, "Failed to create record array: %m"); + + r = write_pcrlock(array, PCRLOCK_KERNEL_CMDLINE_PATH); + if (r < 0) + return r; + + return 0; +} + +static int verb_unlock_kernel_cmdline(int argc, char *argv[], void *userdata) { + return unlink_pcrlock(PCRLOCK_KERNEL_CMDLINE_PATH); +} + +static int verb_lock_kernel_initrd(int argc, char *argv[], void *userdata) { + _cleanup_(json_variant_unrefp) JsonVariant *record = NULL, *array = NULL; + _cleanup_free_ void *data = NULL; + _cleanup_fclose_ FILE *f = NULL; + size_t size; + int r; + + if (argc >= 2) { + f = fopen(argv[1], "re"); + if (!f) + return log_error_errno(errno, "Failed to open '%s': %m", argv[1]); + } + + r = read_full_stream(f ?: stdin, (char**) &data, &size); + if (r < 0) + return log_error_errno(r, "Failed to read data from stdin: %m"); + + r = make_pcrlock_record(TPM2_PCR_KERNEL_INITRD /* = 9 */, data, size, &record); + if (r < 0) + return r; + + r = json_variant_new_array(&array, &record, 1); + if (r < 0) + return log_error_errno(r, "Failed to create record array: %m"); + + r = write_pcrlock(array, PCRLOCK_KERNEL_INITRD_PATH); + if (r < 0) + return r; + + return 0; +} + +static int verb_unlock_kernel_initrd(int argc, char *argv[], void *userdata) { + return unlink_pcrlock(PCRLOCK_KERNEL_INITRD_PATH); +} + +static int pcr_prediction_add_result( + Tpm2PCRPrediction *context, + Tpm2PCRPredictionResult *result, + uint32_t pcr, + const char *path, + size_t offset) { + + _cleanup_free_ Tpm2PCRPredictionResult *copy = NULL; + int r; + + assert(context); + assert(result); + + copy = newdup(Tpm2PCRPredictionResult, result, 1); + if (!copy) + return log_oom(); + + r = ordered_set_ensure_put(context->results + pcr, &tpm2_pcr_prediction_result_hash_ops, copy); + if (r == -EEXIST) /* Multiple identical results for the same PCR are totally expected */ + return 0; + if (r < 0) + return log_error_errno(r, "Failed to insert result into set: %m"); + + log_debug("Added prediction result %u for PCR %" PRIu32 " (path: %s)", ordered_set_size(context->results[pcr]), pcr, strempty(path)); + + TAKE_PTR(copy); + return 0; +} + +static const EVP_MD* evp_from_tpm2_alg(uint16_t alg) { + const char *name; + + name = tpm2_hash_alg_to_string(alg); + if (!name) + return NULL; + + return EVP_get_digestbyname(name); +} + +static int event_log_component_variant_calculate( + Tpm2PCRPrediction *context, + Tpm2PCRPredictionResult *result, + EventLogComponent *component, + EventLogComponentVariant *variant, + uint32_t pcr, + const char *path) { + + int r; + + assert(context); + assert(result); + assert(component); + assert(variant); + + FOREACH_ARRAY(rr, variant->records, variant->n_records) { + EventLogRecord *rec = *rr; + + if (rec->pcr != pcr) + continue; + + for (size_t i = 0; i < TPM2_N_HASH_ALGORITHMS; i++) { + _cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *md_ctx = NULL; + EventLogRecordBank *b; + + if (result->hash[i].size <= 0) /* already invalidated */ + continue; + + b = event_log_record_find_bank(rec, tpm2_hash_algorithms[i]); + if (!b) { + /* Can't calculate, hence invalidate */ + result->hash[i] = (TPM2B_DIGEST) {}; + continue; + } + + md_ctx = EVP_MD_CTX_new(); + if (!md_ctx) + return log_oom(); + + const EVP_MD *md = ASSERT_PTR(evp_from_tpm2_alg(tpm2_hash_algorithms[i])); + + int sz = EVP_MD_size(md); + assert(sz > 0); + assert((size_t) sz <= sizeof_field(TPM2B_DIGEST, buffer)); + + assert(sz == tpm2_hash_alg_to_size(tpm2_hash_algorithms[i])); + + assert(result->hash[i].size == (size_t) sz); + assert(b->hash.size == (size_t) sz); + + if (EVP_DigestInit_ex(md_ctx, md, NULL) != 1) + return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to initialize message digest."); + + if (EVP_DigestUpdate(md_ctx, result->hash[i].buffer, sz) != 1) + return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to hash bank value."); + + if (EVP_DigestUpdate(md_ctx, b->hash.buffer, sz) != 1) + return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to hash data value."); + + unsigned l = (unsigned) sz; + if (EVP_DigestFinal_ex(md_ctx, result->hash[i].buffer, &l) != 1) + return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to finalize message digest."); + + assert(l == (unsigned) sz); + } + + /* This is a valid result once we hit the start location */ + if (arg_location_start && strcmp(component->id, arg_location_start) >= 0) { + r = pcr_prediction_add_result(context, result, pcr, path, rr - variant->records); + if (r < 0) + return r; + } + } + + return 0; +} + +static int event_log_predict_pcrs( + EventLog *el, + Tpm2PCRPrediction *context, + Tpm2PCRPredictionResult *parent_result, + size_t component_index, + uint32_t pcr, + const char *path) { + + EventLogComponent *component; + int count = 0, r; + + assert(el); + assert(context); + assert(parent_result); + + /* Check if we reached the end of the components, generate a result, and backtrack */ + if (component_index >= el->n_components || + (arg_location_end && strcmp(el->components[component_index]->id, arg_location_end) > 0)) { + r = pcr_prediction_add_result(context, parent_result, pcr, path, /* offset= */ 0); + if (r < 0) + return r; + + return 1; + } + + component = ASSERT_PTR(el->components[component_index]); + + FOREACH_ARRAY(ii, component->variants, component->n_variants) { + _cleanup_free_ Tpm2PCRPredictionResult *result = NULL; + EventLogComponentVariant *variant = *ii; + _cleanup_free_ char *subpath = NULL; + + /* Operate on a copy of the result */ + + if (path) + subpath = strjoin(path, ":", component->id); + else + subpath = strdup(component->id); + if (!subpath) + return log_oom(); + + if (!streq(component->id, variant->id)) + if (!strextend(&subpath, "@", variant->id)) + return log_oom(); + + result = newdup(Tpm2PCRPredictionResult, parent_result, 1); + if (!result) + return log_oom(); + + r = event_log_component_variant_calculate( + context, + result, + component, + variant, + pcr, + subpath); + if (r < 0) + return r; + + r = event_log_predict_pcrs( + el, + context, + result, + component_index + 1, /* Next component */ + pcr, + subpath); + if (r < 0) + return r; + + count += r; + } + + return count; +} + +static ssize_t event_log_calculate_component_combinations(EventLog *el) { + ssize_t count = 1; + assert(el); + + FOREACH_ARRAY(cc, el->components, el->n_components) { + EventLogComponent *c = *cc; + + /* Overflow check */ + if (c->n_variants > (size_t) (SSIZE_MAX/count)) + return log_error_errno(SYNTHETIC_ERRNO(E2BIG), "Too many component combinations."); + + count *= c->n_variants; + } + + return count; +} + +static int event_log_show_predictions(Tpm2PCRPrediction *context, uint16_t alg) { + int r; + + assert(context); + + pager_open(arg_pager_flags); + + if (!FLAGS_SET(arg_json_format_flags, JSON_FORMAT_OFF)) { + _cleanup_(json_variant_unrefp) JsonVariant *j = NULL; + + for (size_t i = 0; i < TPM2_N_HASH_ALGORITHMS; i++) { + _cleanup_(json_variant_unrefp) JsonVariant *aj = NULL; + + r = tpm2_pcr_prediction_to_json( + context, + tpm2_hash_algorithms[i], + &aj); + if (r < 0) + return r; + + if (json_variant_elements(aj) == 0) + continue; + + r = json_variant_set_field( + &j, + tpm2_hash_alg_to_string(tpm2_hash_algorithms[i]), + aj); + if (r < 0) + return log_error_errno(r, "Failed to add prediction bank to object: %m"); + } + + if (!j) { + r = json_variant_new_object(&j, NULL, 0); + if (r < 0) + return log_error_errno(r, "Failed to allocated empty object: %m"); + } + + json_variant_dump(j, arg_json_format_flags, /* f= */ NULL, /* prefix= */ NULL); + return 0; + } + + for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) { + Tpm2PCRPredictionResult *result; + if (!FLAGS_SET(context->pcrs, UINT32_C(1) << pcr)) + continue; + + if (ordered_set_isempty(context->results[pcr])) { + printf("No results for PCR %u (%s).\n", pcr, tpm2_pcr_index_to_string(pcr)); + continue; + } + + printf("%sResults for PCR %u (%s):%s\n", ansi_underline(), pcr, tpm2_pcr_index_to_string(pcr), ansi_normal()); + + ORDERED_SET_FOREACH(result, context->results[pcr]) { + + _cleanup_free_ char *aa = NULL, *h = NULL; + const char *a; + + TPM2B_DIGEST *hash = tpm2_pcr_prediction_result_get_hash(result, alg); + if (!hash) + continue; + + a = ASSERT_PTR(tpm2_hash_alg_to_string(alg)); + aa = strdup(a); + if (!aa) + return log_oom(); + + ascii_strlower(aa); + + h = hexmem(hash->buffer, hash->size); + if (!h) + return log_oom(); + + printf(" %s%-6s:%s %s\n", ansi_grey(), aa, ansi_normal(), h); + } + } + + return 0; +} + +static int tpm2_pcr_prediction_run( + EventLog *el, + Tpm2PCRPrediction *context) { + + int r; + + assert(el); + assert(context); + + for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) { + _cleanup_free_ Tpm2PCRPredictionResult *result = NULL; + + if (!FLAGS_SET(context->pcrs, UINT32_C(1) << pcr)) + continue; + + result = new0(Tpm2PCRPredictionResult, 1); + if (!result) + return log_oom(); + + for (size_t i = 0; i < TPM2_N_HASH_ALGORITHMS; i++) + event_log_initial_pcr_state(el, pcr, tpm2_hash_alg_to_size(tpm2_hash_algorithms[i]), result->hash + i); + + r = event_log_predict_pcrs( + el, + context, + result, + /* component_index= */ 0, + pcr, + /* path= */ NULL); + if (r < 0) + return r; + } + + return 0; +} + +static int verb_predict(int argc, char *argv[], void *userdata) { + _cleanup_(tpm2_pcr_prediction_done) Tpm2PCRPrediction context = { + arg_pcr_mask != 0 ? arg_pcr_mask : DEFAULT_PCR_MASK, + }; + _cleanup_(event_log_freep) EventLog *el = NULL; + ssize_t count; + int r; + + r = event_log_load_and_process(&el); + if (r < 0) + return r; + + count = event_log_calculate_component_combinations(el); + if (count < 0) + return count; + + log_info("%zi combinations of components.", count); + + r = event_log_reduce_to_safe_pcrs(el, &context.pcrs); + if (r < 0) + return r; + + r = tpm2_pcr_prediction_run(el, &context); + if (r < 0) + return r; + + return event_log_show_predictions(&context, el->primary_algorithm); +} + +static int remove_policy_file(const char *path) { + assert(path); + + if (unlink(path) < 0) { + if (errno == ENOENT) + return 0; + + return log_error_errno(errno, "Failed to remove policy file '%s': %m", path); + } + + log_info("Removed policy file '%s'.", path); + return 1; +} + +static int verb_make_policy(int argc, char *argv[], void *userdata) { + int r; + + /* Here's how this all works: after predicting all possible PCR values for next boot (with + * alternatives) we'll calculate a policy from it as a combination of PolicyPCR + PolicyOR + * expressions. This is then stored in an NV index. When a component of the boot process is changed a + * new prediction is made and the NV index updated (which automatically invalidates any older + * policies). + * + * Whenever we want to lock an encrypted object (for example FDE) against this policy, we'll use a + * PolicyAuthorizeNV epxression that pins the NV index in the policy, and permits access to any + * policies matching the current NV index contents. + * + * We grant world-readable read access to the NV index. Write access is controlled by a PIN (which we + * either generate locally or which the user can provide us with) which can also be used for + * recovery. This PIN is sealed to the TPM and is locked via PolicyAuthorizeNV to the NV index it + * protects (i.e. we dogfood 🌭 🐶 hard here). This means in order to update such a policy we need + * the policy to pass. + * + * Information about the used NV Index, the SRK of the TPM, the sealed PIN and the current PCR + * prediction data are stored in a JSON file in /var/lib/. In order to be able to unlock root disks + * this data must be also copied to the ESP so that it is available to the initrd. The data is not + * sensitive, as SRK and NV index are pinned by it, and the prediction data must match the NV index + * to be useful. */ + + usec_t start_usec = now(CLOCK_MONOTONIC); + + _cleanup_(event_log_freep) EventLog *el = NULL; + r = event_log_load_and_process(&el); + if (r < 0) + return r; + + _cleanup_(tpm2_pcr_prediction_done) Tpm2PCRPrediction new_prediction = { + arg_pcr_mask != 0 ? arg_pcr_mask : DEFAULT_PCR_MASK, + }; + r = event_log_reduce_to_safe_pcrs(el, &new_prediction.pcrs); + if (r < 0) + return r; + + usec_t predict_start_usec = now(CLOCK_MONOTONIC); + + r = tpm2_pcr_prediction_run(el, &new_prediction); + if (r < 0) + return r; + + log_info("Predicted future PCRs in %s.", FORMAT_TIMESPAN(usec_sub_unsigned(now(CLOCK_MONOTONIC), predict_start_usec), 1)); + + _cleanup_(json_variant_unrefp) JsonVariant *new_prediction_json = NULL; + r = tpm2_pcr_prediction_to_json(&new_prediction, el->primary_algorithm, &new_prediction_json); + if (r < 0) + return r; + + if (DEBUG_LOGGING) + (void) json_variant_dump(new_prediction_json, JSON_FORMAT_PRETTY_AUTO|JSON_FORMAT_COLOR_AUTO, stderr, NULL); + + _cleanup_(tpm2_pcrlock_policy_done) Tpm2PCRLockPolicy old_policy = {}; + + r = tpm2_pcrlock_policy_load(arg_pcrlock_path, &old_policy); + if (r < 0) + return r; + + bool have_old_policy = r > 0; + + /* When we update the policy the old serializations for NV, SRK, PIN remain the same */ + _cleanup_(iovec_done) struct iovec + nv_blob = TAKE_STRUCT(old_policy.nv_handle), + nv_public_blob = TAKE_STRUCT(old_policy.nv_public), + srk_blob = TAKE_STRUCT(old_policy.srk_handle), + pin_public = TAKE_STRUCT(old_policy.pin_public), + pin_private = TAKE_STRUCT(old_policy.pin_private); + + if (have_old_policy) { + if (arg_nv_index != 0 && old_policy.nv_index != arg_nv_index) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Stored policy references different NV index (0x%x) than specified (0x%x), refusing.", old_policy.nv_index, arg_nv_index); + + if (!arg_force && + old_policy.algorithm == el->primary_algorithm && + tpm2_pcr_prediction_equal(&old_policy.prediction, &new_prediction, el->primary_algorithm)) { + log_info("Prediction is identical to current policy, skipping update."); + return EXIT_SUCCESS; + } + } + + _cleanup_(tpm2_context_unrefp) Tpm2Context *tc = NULL; + r = tpm2_context_new(NULL, &tc); + if (r < 0) + return log_error_errno(r, "Failed to allocate TPM2 context: %m"); + + if (!tpm2_supports_command(tc, TPM2_CC_PolicyAuthorizeNV)) + return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "TPM2 does not support PolicyAuthorizeNV command, refusing."); + + _cleanup_(tpm2_handle_freep) Tpm2Handle *srk_handle = NULL; + + if (iovec_is_set(&srk_blob)) { + r = tpm2_deserialize( + tc, + srk_blob.iov_base, + srk_blob.iov_len, + &srk_handle); + if (r < 0) + return log_error_errno(r, "Failed to deserialize SRK TR: %m"); + } else { + r = tpm2_get_or_create_srk( + tc, + /* session= */ NULL, + /* ret_public= */ NULL, + /* ret_name= */ NULL, + /* ret_qname= */ NULL, + &srk_handle); + if (r < 0) + return log_error_errno(r, "Failed to install SRK: %m"); + } + + _cleanup_(tpm2_handle_freep) Tpm2Handle *encryption_session = NULL; + r = tpm2_make_encryption_session( + tc, + srk_handle, + /* bind_key= */ &TPM2_HANDLE_NONE, + &encryption_session); + if (r < 0) + return log_error_errno(r, "Failed to allocate encryption session: %m"); + + /* Acquire a recovery PIN, either from the user, or create a randomized one */ + _cleanup_(erase_and_freep) char *pin = NULL; + if (arg_recovery_pin) { + r = getenv_steal_erase("PIN", &pin); + if (r < 0) + return log_error_errno(r, "Failed to acquire PIN from environment: %m"); + if (r == 0) { + _cleanup_(strv_free_erasep) char **l = NULL; + + r = ask_password_auto( + "Recovery PIN", + /* icon= */ NULL, + /* id= */ "pcrlock-recovery-pin", + /* key_name= */ NULL, + /* credential_name= */ "systemd-pcrlock.recovery-pin", + /* until= */ 0, + /* flags= */ 0, + &l); + if (r < 0) + return log_error_errno(r, "Failed to query for recovery PIN: %m"); + + if (strv_length(l) != 1) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Expected a single PIN only."); + + pin = TAKE_PTR(l[0]); + l = mfree(l); + } + + } else if (!have_old_policy) { + char rnd[256]; + + r = crypto_random_bytes(rnd, sizeof(rnd)); + if (r < 0) + return log_error_errno(r, "Failed to generate a randomized recovery PIN: %m"); + + (void) base64mem(rnd, sizeof(rnd), &pin); + explicit_bzero_safe(rnd, sizeof(rnd)); + if (!pin) + return log_oom(); + } + + _cleanup_(tpm2_handle_freep) Tpm2Handle *nv_handle = NULL; + TPM2_HANDLE nv_index = 0; + + if (iovec_is_set(&nv_blob)) { + r = tpm2_deserialize(tc, nv_blob.iov_base, nv_blob.iov_len, &nv_handle); + if (r < 0) + return log_error_errno(r, "Failed to deserialize NV index TR: %m"); + + nv_index = old_policy.nv_index; + } + + TPM2B_AUTH auth = {}; + CLEANUP_ERASE(auth); + + if (pin) { + r = tpm2_get_pin_auth(TPM2_ALG_SHA256, pin, &auth); + if (r < 0) + return log_error_errno(r, "Failed to hash PIN: %m"); + } else { + assert(iovec_is_set(&pin_public)); + assert(iovec_is_set(&pin_private)); + + log_debug("Retrieving PIN from sealed data."); + + usec_t pin_start_usec = now(CLOCK_MONOTONIC); + + _cleanup_(iovec_done_erase) struct iovec secret = {}; + for (unsigned attempt = 0;; attempt++) { + _cleanup_(tpm2_handle_freep) Tpm2Handle *policy_session = NULL; + + r = tpm2_make_policy_session( + tc, + srk_handle, + encryption_session, + &policy_session); + if (r < 0) + return log_error_errno(r, "Failed to allocate policy session: %m"); + + r = tpm2_policy_super_pcr( + tc, + policy_session, + &old_policy.prediction, + old_policy.algorithm); + if (r < 0) + return log_error_errno(r, "Failed to submit super PCR policy: %m"); + + r = tpm2_policy_authorize_nv( + tc, + policy_session, + nv_handle, + NULL); + if (r < 0) + return log_error_errno(r, "Failed to submit AuthorizeNV policy: %m"); + + r = tpm2_unseal_data( + tc, + &pin_public, + &pin_private, + srk_handle, + policy_session, + encryption_session, + &secret); + if (r < 0 && (r != -ESTALE || attempt >= 16)) + return log_error_errno(r, "Failed to unseal PIN: %m"); + if (r == 0) + break; + + log_debug("Trying again (attempt %u), as PCR values changed during unlock attempt.", attempt+1); + } + + if (secret.iov_len > sizeof_field(TPM2B_AUTH, buffer)) + return log_error_errno(SYNTHETIC_ERRNO(E2BIG), "Decrypted PIN too large."); + + auth = (TPM2B_AUTH) { + .size = secret.iov_len, + }; + + memcpy_safe(auth.buffer, secret.iov_base, secret.iov_len); + + log_info("Retrieved PIN from TPM2 in %s.", FORMAT_TIMESPAN(usec_sub_unsigned(now(CLOCK_MONOTONIC), pin_start_usec), 1)); + } + + TPM2B_NV_PUBLIC nv_public = {}; + + usec_t nv_index_start_usec = now(CLOCK_MONOTONIC); + + if (!iovec_is_set(&nv_blob)) { + TPM2B_DIGEST recovery_policy_digest = TPM2B_DIGEST_MAKE(NULL, TPM2_SHA256_DIGEST_SIZE); + r = tpm2_calculate_policy_auth_value(&recovery_policy_digest); + if (r < 0) + return log_error_errno(r, "Failed to calculate authentication value policy: %m"); + + log_debug("Allocating NV index to write PCR policy to..."); + r = tpm2_define_policy_nv_index( + tc, + encryption_session, + arg_nv_index, + &recovery_policy_digest, + pin, + &auth, + &nv_index, + &nv_handle, + &nv_public); + if (r == -EEXIST) + return log_error_errno(r, "NV index 0x%" PRIx32 " already allocated.", arg_nv_index); + if (r < 0) + return log_error_errno(r, "Failed to allocate NV index: %m"); + } + + r = tpm2_set_auth_binary(tc, nv_handle, &auth); + if (r < 0) + return log_error_errno(r, "Failed to set authentication value on NV index: %m"); + + _cleanup_(tpm2_handle_freep) Tpm2Handle *policy_session = NULL; + r = tpm2_make_policy_session( + tc, + srk_handle, + encryption_session, + &policy_session); + if (r < 0) + return log_error_errno(r, "Failed to allocate policy session: %m"); + + r = tpm2_policy_auth_value( + tc, + policy_session, + /* ret_policy_digest= */ NULL); + if (r < 0) + return log_error_errno(r, "Failed to submit authentication value policy: %m"); + + log_debug("Calculating new PCR policy to write..."); + TPM2B_DIGEST new_super_pcr_policy_digest = TPM2B_DIGEST_MAKE(NULL, TPM2_SHA256_DIGEST_SIZE); + + usec_t pcr_policy_start_usec = now(CLOCK_MONOTONIC); + + r = tpm2_calculate_policy_super_pcr( + &new_prediction, + el->primary_algorithm, + &new_super_pcr_policy_digest); + if (r < 0) + return log_error_errno(r, "Failed to calculate super PCR policy: %m"); + + log_info("Calculated new PCR policy in %s.", FORMAT_TIMESPAN(usec_sub_unsigned(now(CLOCK_MONOTONIC), pcr_policy_start_usec), 1)); + + log_debug("Writing new PCR policy to NV index..."); + r = tpm2_write_policy_nv_index( + tc, + policy_session, + nv_index, + nv_handle, + &new_super_pcr_policy_digest); + if (r < 0) + return log_error_errno(r, "Failed to write to NV index: %m"); + + log_info("Updated NV index in %s.", FORMAT_TIMESPAN(usec_sub_unsigned(now(CLOCK_MONOTONIC), nv_index_start_usec), 1)); + + assert(iovec_is_set(&pin_public) == iovec_is_set(&pin_private)); + if (!iovec_is_set(&pin_public)) { + TPM2B_DIGEST authnv_policy_digest = TPM2B_DIGEST_MAKE(NULL, TPM2_SHA256_DIGEST_SIZE); + + r = tpm2_calculate_policy_authorize_nv(&nv_public, &authnv_policy_digest); + if (r < 0) + return log_error_errno(r, "Failed to calculate AuthorizeNV policy: %m"); + + struct iovec data = { + .iov_base = auth.buffer, + .iov_len = auth.size, + }; + + usec_t pin_seal_start_usec = now(CLOCK_MONOTONIC); + + log_debug("Sealing PIN to NV index policy..."); + r = tpm2_seal_data( + tc, + &data, + srk_handle, + encryption_session, + &authnv_policy_digest, + &pin_public, + &pin_private); + if (r < 0) + return log_error_errno(r, "Failed to seal PIN to NV auth policy: %m"); + + log_info("Sealed PIN in %s.", FORMAT_TIMESPAN(usec_sub_unsigned(now(CLOCK_MONOTONIC), pin_seal_start_usec), 1)); + } + + if (!iovec_is_set(&nv_blob)) { + r = tpm2_serialize(tc, nv_handle, &nv_blob.iov_base, &nv_blob.iov_len); + if (r < 0) + return log_error_errno(r, "Failed to serialize NV index TR: %m"); + } + + if (!iovec_is_set(&srk_blob)) { + r = tpm2_serialize(tc, srk_handle, &srk_blob.iov_base, &srk_blob.iov_len); + if (r < 0) + return log_error_errno(r, "Failed to serialize SRK index TR: %m"); + } + + if (!iovec_is_set(&nv_public_blob)) { + r = tpm2_marshal_nv_public(&nv_public, &nv_public_blob.iov_base, &nv_public_blob.iov_len); + if (r < 0) + return log_error_errno(r, "Failed to marshal NV public area: %m"); + } + + _cleanup_(json_variant_unrefp) JsonVariant *new_configuration_json = NULL; + r = json_build(&new_configuration_json, + JSON_BUILD_OBJECT( + JSON_BUILD_PAIR_STRING("pcrBank", tpm2_hash_alg_to_string(el->primary_algorithm)), + JSON_BUILD_PAIR_VARIANT("pcrValues", new_prediction_json), + JSON_BUILD_PAIR_INTEGER("nvIndex", nv_index), + JSON_BUILD_PAIR_IOVEC_BASE64("nvHandle", &nv_blob), + JSON_BUILD_PAIR_IOVEC_BASE64("nvPublic", &nv_public_blob), + JSON_BUILD_PAIR_IOVEC_BASE64("srkHandle", &srk_blob), + JSON_BUILD_PAIR_IOVEC_BASE64("pinPublic", &pin_public), + JSON_BUILD_PAIR_IOVEC_BASE64("pinPrivate", &pin_private))); + if (r < 0) + return log_error_errno(r, "Failed to generate JSON: %m"); + + _cleanup_free_ char *text = NULL; + r = json_variant_format(new_configuration_json, 0, &text); + if (r < 0) + return log_error_errno(r, "Failed to format new configuration to JSON: %m"); + + const char *path = arg_pcrlock_path ?: (in_initrd() ? "/run/systemd/pcrlock.json" : "/var/lib/systemd/pcrlock.json"); + r = write_string_file(path, text, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_SYNC|WRITE_STRING_FILE_MKDIR_0755); + if (r < 0) + return log_error_errno(r, "Failed to write new configuration to '%s': %m", path); + + if (!arg_pcrlock_path && !in_initrd()) { + r = remove_policy_file("/run/systemd/pcrlock.json"); + if (r < 0) + return r; + } + + log_info("Written new policy to '%s' and digest to TPM2 NV index 0x%x.", path, nv_index); + + log_info("Overall time spent: %s", FORMAT_TIMESPAN(usec_sub_unsigned(now(CLOCK_MONOTONIC), start_usec), 1)); + + return 0; +} + +static int undefine_policy_nv_index( + uint32_t nv_index, + const struct iovec *nv_blob, + const struct iovec *srk_blob) { + int r; + + assert(nv_blob); + assert(srk_blob); + + _cleanup_(tpm2_context_unrefp) Tpm2Context *tc = NULL; + r = tpm2_context_new(NULL, &tc); + if (r < 0) + return r; + + _cleanup_(tpm2_handle_freep) Tpm2Handle *srk_handle = NULL; + r = tpm2_deserialize( + tc, + srk_blob->iov_base, + srk_blob->iov_len, + &srk_handle); + if (r < 0) + return log_error_errno(r, "Failed to deserialize SRK TR: %m"); + + _cleanup_(tpm2_handle_freep) Tpm2Handle *nv_handle = NULL; + r = tpm2_deserialize( + tc, + nv_blob->iov_base, + nv_blob->iov_len, + &nv_handle); + if (r < 0) + return log_error_errno(r, "Failed to deserialize NV TR: %m"); + + _cleanup_(tpm2_handle_freep) Tpm2Handle *encryption_session = NULL; + r = tpm2_make_encryption_session( + tc, + srk_handle, + /* bind_key= */ &TPM2_HANDLE_NONE, + &encryption_session); + if (r < 0) + return r; + + r = tpm2_undefine_policy_nv_index( + tc, + encryption_session, + nv_index, + nv_handle); + if (r < 0) + return r; + + log_info("Removed NV index 0x%x", nv_index); + return 0; +} + +static int verb_remove_policy(int argc, char *argv[], void *userdata) { + int r; + + _cleanup_(tpm2_pcrlock_policy_done) Tpm2PCRLockPolicy policy = {}; + r = tpm2_pcrlock_policy_load(arg_policy_path, &policy); + if (r == 0) { + log_info("No policy found."); + return 0; + } + + if (r < 0) + log_notice("Failed to load old policy file, assuming it is corrupted, removing."); + else { + r = undefine_policy_nv_index(policy.nv_index, &policy.nv_handle, &policy.srk_handle); + if (r < 0) + log_notice("Failed to remove NV index, assuming data out of date, removing policy file."); + } + + if (arg_policy_path) { + r = remove_policy_file(arg_policy_path); + if (r < 0) + return r; + + return 0; + } else { + int ret = 0; + + RET_GATHER(ret, remove_policy_file("/var/lib/systemd/pcrlock.json")); + RET_GATHER(ret, remove_policy_file("/run/systemd/pcrlock.json")); + + return ret; + } +} + +static int help(int argc, char *argv[], void *userdata) { + _cleanup_free_ char *link = NULL; + int r; + + r = terminal_urlify_man("systemd-pcrlock", "8", &link); + if (r < 0) + return log_oom(); + + printf("%1$s [OPTIONS...] COMMAND ...\n" + "\n%5$sManage a TPM2 PCR lock.%6$s\n" + "\n%3$sCommands:%4$s\n" + " log Show measurement log\n" + " cel Show measurement log in TCG CEL-JSON format\n" + " list-components List defined .pcrlock components\n" + " predict Predict PCR values\n" + " make-policy Predict PCR values and generate TPM2 policy from it\n" + " remove-policy Remove TPM2 policy\n" + "\n%3$sProtections:%4$s\n" + " lock-firmware-code Generate a .pcrlock file from current firmware code\n" + " unlock-firmware-code Remove .pcrlock file for firmware code\n" + " lock-firmware-config Generate a .pcrlock file from current firmware configuration\n" + " unlock-firmware-config Remove .pcrlock file for firmware configuration\n" + " lock-secureboot-policy Generate a .pcrlock file from current SecureBoot policy\n" + " unlock-secureboot-policy Remove .pcrlock file for SecureBoot policy\n" + " lock-secureboot-authority Generate a .pcrlock file from current SecureBoot authority\n" + " unlock-secureboot-authority Remove .pcrlock file for SecureBoot authority\n" + " lock-gpt [DISK] Generate a .pcrlock file from GPT header\n" + " unlock-gpt Remove .pcrlock file for GPT header\n" + " lock-pe [BINARY] Generate a .pcrlock file from PE binary\n" + " unlock-pe Remove .pcrlock file for PE binary\n" + " lock-uki [UKI] Generate a .pcrlock file from UKI PE binary\n" + " unlock-uki Remove .pcrlock file for UKI PE binary\n" + " lock-machine-id Generate a .pcrlock file from current machine ID\n" + " unlock-machine-id Remove .pcrlock file for machine ID\n" + " lock-file-system [PATH] Generate a .pcrlock file from current root fs + /var/\n" + " unlock-file-system [PATH] Remove .pcrlock file for root fs + /var/\n" + " lock-kernel-cmdline [FILE] Generate a .pcrlock file from kernel command line\n" + " unlock-kernel-cmdline Remove .pcrlock file for kernel command line\n" + " lock-kernel-initrd FILE Generate a .pcrlock file from an initrd file\n" + " unlock-kernel-initrd Remove .pcrlock file for an initrd file\n" + " lock-raw [FILE] Generate a .pcrlock file from raw data\n" + " unlock-raw Remove .pcrlock file for raw data\n" + "\n%3$sOptions:%4$s\n" + " -h --help Show this help\n" + " --version Print version\n" + " --no-pager Do not pipe output into a pager\n" + " --json=pretty|short|off Generate JSON output\n" + " --raw-description Show raw firmware record data as description in table\n" + " --pcr=NR Generate .pcrlock for specified PCR\n" + " --nv-index=NUMBER Use the specified NV index, instead of a random one\n" + " --components=PATH Directory to read .pcrlock files from\n" + " --location=STRING[:STRING]\n" + " Do not process components beyond this component name\n" + " --recovery-pin=yes Ask for a recovery PIN\n" + " --pcrlock=PATH .pcrlock file to write expected PCR measurement to\n" + " --policy=PATH JSON file to write policy output to\n" + " --force Write policy even if it matches existing policy\n" + "\nSee the %2$s for details.\n", + program_invocation_short_name, + link, + ansi_underline(), + ansi_normal(), + ansi_highlight(), + ansi_normal()); + + return 0; +} + +static int parse_argv(int argc, char *argv[]) { + enum { + ARG_VERSION = 0x100, + ARG_NO_PAGER, + ARG_JSON, + ARG_RAW_DESCRIPTION, + ARG_PCR, + ARG_NV_INDEX, + ARG_COMPONENTS, + ARG_LOCATION, + ARG_RECOVERY_PIN, + ARG_PCRLOCK, + ARG_POLICY, + ARG_FORCE, + }; + + static const struct option options[] = { + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, ARG_VERSION }, + { "no-pager", no_argument, NULL, ARG_NO_PAGER }, + { "json", required_argument, NULL, ARG_JSON }, + { "raw-description", no_argument, NULL, ARG_RAW_DESCRIPTION }, + { "pcr", required_argument, NULL, ARG_PCR }, + { "nv-index", required_argument, NULL, ARG_NV_INDEX }, + { "components", required_argument, NULL, ARG_COMPONENTS }, + { "location", required_argument, NULL, ARG_LOCATION }, + { "recovery-pin", required_argument, NULL, ARG_RECOVERY_PIN }, + { "pcrlock", required_argument, NULL, ARG_PCRLOCK }, + { "policy", required_argument, NULL, ARG_POLICY }, + { "force", no_argument, NULL, ARG_FORCE }, + {} + }; + + bool auto_location = true; + int c, r; + + assert(argc >= 0); + assert(argv); + + while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) + switch (c) { + + case 'h': + help(0, NULL, NULL); + return 0; + + case ARG_VERSION: + return version(); + + case ARG_NO_PAGER: + arg_pager_flags |= PAGER_DISABLE; + break; + + case ARG_JSON: + r = parse_json_argument(optarg, &arg_json_format_flags); + if (r <= 0) + return r; + break; + + case ARG_RAW_DESCRIPTION: + arg_raw_description = true; + break; + + case ARG_PCR: { + r = tpm2_parse_pcr_argument_to_mask(optarg, &arg_pcr_mask); + if (r < 0) + return log_error_errno(r, "Failed to parse PCR specification: %s", optarg); + + break; + } + + case ARG_NV_INDEX: + if (isempty(optarg)) + arg_nv_index = 0; + else { + uint32_t u; + + r = safe_atou32_full(optarg, 16, &u); + if (r < 0) + return log_error_errno(r, "Failed to parse --nv-index= argument: %s", optarg); + + if (u < TPM2_NV_INDEX_FIRST || u > TPM2_NV_INDEX_LAST) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Argument for --nv-index= outside of valid range 0x%" PRIx32 "…0x%" PRIx32 ": 0x%" PRIx32, + TPM2_NV_INDEX_FIRST, TPM2_NV_INDEX_LAST, u); + + arg_nv_index = u; + } + break; + + case ARG_COMPONENTS: { + _cleanup_free_ char *p = NULL; + + r = parse_path_argument(optarg, /* suppress_root= */ false, &p); + if (r < 0) + return r; + + r = strv_consume(&arg_components, TAKE_PTR(p)); + if (r < 0) + return log_oom(); + + break; + } + + case ARG_LOCATION: { + _cleanup_free_ char *start = NULL, *end = NULL; + const char *e; + + auto_location = false; + + if (isempty(optarg)) { + arg_location_start = mfree(arg_location_start); + arg_location_end = mfree(arg_location_end); + break; + } + + e = strchr(optarg, ':'); + if (e) { + start = strndup(optarg, e - optarg); + if (!start) + return log_oom(); + + end = strdup(e + 1); + if (!end) + return log_oom(); + } else { + start = strdup(optarg); + if (!start) + return log_oom(); + + end = strdup(optarg); + if (!end) + return log_oom(); + } + + if (!filename_is_valid(start)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Location string invalid, refusing: %s", start); + if (!filename_is_valid(end)) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Location string invalid, refusing: %s", end); + + free_and_replace(arg_location_start, start); + free_and_replace(arg_location_end, end); + break; + } + + case ARG_RECOVERY_PIN: + r = parse_boolean_argument("--recovery-pin", optarg, &arg_recovery_pin); + if (r < 0) + return r; + break; + + case ARG_PCRLOCK: + if (isempty(optarg) || streq(optarg, "-")) + arg_pcrlock_path = mfree(arg_pcrlock_path); + else { + r = parse_path_argument(optarg, /* suppress_root= */ false, &arg_pcrlock_path); + if (r < 0) + return r; + } + + arg_pcrlock_auto = false; + break; + + case ARG_POLICY: + if (isempty(optarg) || streq(optarg, "-")) + arg_policy_path = mfree(arg_policy_path); + else { + r = parse_path_argument(optarg, /* suppress_root= */ false, &arg_policy_path); + if (r < 0) + return r; + } + + break; + + case ARG_FORCE: + arg_force = true; + break; + + case '?': + return -EINVAL; + + default: + assert_not_reached(); + } + + if (auto_location) { + assert(!arg_location_start); + assert(!arg_location_end); + + arg_location_start = strdup("760-"); + if (!arg_location_start) + return log_oom(); + + arg_location_end = strdup("940-"); + if (!arg_location_end) + return log_oom(); + } + + return 1; +} + +static int pcrlock_main(int argc, char *argv[]) { + static const Verb verbs[] = { + { "help", VERB_ANY, VERB_ANY, 0, help }, + { "log", VERB_ANY, 1, VERB_DEFAULT, verb_show_log }, + { "cel", VERB_ANY, 1, 0, verb_show_cel }, + { "list-components", VERB_ANY, 1, 0, verb_list_components }, + { "predict", VERB_ANY, 1, 0, verb_predict }, + { "lock-firmware-code", VERB_ANY, 2, 0, verb_lock_firmware }, + { "unlock-firmware-code", VERB_ANY, 1, 0, verb_unlock_firmware }, + { "lock-firmware-config", VERB_ANY, 2, 0, verb_lock_firmware }, + { "unlock-firmware-config", VERB_ANY, 1, 0, verb_unlock_firmware }, + { "lock-secureboot-policy", VERB_ANY, 1, 0, verb_lock_secureboot_policy }, + { "unlock-secureboot-policy", VERB_ANY, 1, 0, verb_unlock_secureboot_policy }, + { "lock-secureboot-authority", VERB_ANY, 1, 0, verb_lock_secureboot_authority }, + { "unlock-secureboot-authority", VERB_ANY, 1, 0, verb_unlock_secureboot_authority }, + { "lock-gpt", VERB_ANY, 2, 0, verb_lock_gpt }, + { "unlock-gpt", VERB_ANY, 1, 0, verb_unlock_gpt }, + { "lock-pe", VERB_ANY, 2, 0, verb_lock_pe }, + { "unlock-pe", VERB_ANY, 1, 0, verb_unlock_simple }, + { "lock-uki", VERB_ANY, 2, 0, verb_lock_uki }, + { "unlock-uki", VERB_ANY, 1, 0, verb_unlock_simple }, + { "lock-machine-id", VERB_ANY, 1, 0, verb_lock_machine_id }, + { "unlock-machine-id", VERB_ANY, 1, 0, verb_unlock_machine_id }, + { "lock-file-system", VERB_ANY, 2, 0, verb_lock_file_system }, + { "unlock-file-system", VERB_ANY, 2, 0, verb_unlock_file_system }, + { "lock-kernel-cmdline", VERB_ANY, 2, 0, verb_lock_kernel_cmdline }, + { "unlock-kernel-cmdline", VERB_ANY, 1, 0, verb_unlock_kernel_cmdline }, + { "lock-kernel-initrd", VERB_ANY, 2, 0, verb_lock_kernel_initrd }, + { "unlock-kernel-initrd", VERB_ANY, 1, 0, verb_unlock_kernel_initrd }, + { "lock-raw", VERB_ANY, 2, 0, verb_lock_raw }, + { "unlock-raw", VERB_ANY, 1, 0, verb_unlock_simple }, + { "make-policy", VERB_ANY, 1, 0, verb_make_policy }, + { "remove-policy", VERB_ANY, 1, 0, verb_remove_policy }, + {} + }; + + return dispatch_verb(argc, argv, verbs, NULL); +} + +static int run(int argc, char *argv[]) { + int r; + + log_show_color(true); + log_parse_environment(); + log_open(); + + r = parse_argv(argc, argv); + if (r <= 0) + return r; + + return pcrlock_main(argc, argv); +} + +DEFINE_MAIN_FUNCTION(run); -- cgit v1.2.3