grub-0.97-fc5-tcg-0.2.0-beta1.patch

可信GRUB的源码

+	/* return on new stack! */
+	DATA32  ret
+
+	.code32
+#endif /* TCG_BIOS_BIGREALMODE_FIX */
+
+#endif /* TCG_ENABLE */
+	
 /*
  *  This is the area for all of the special variables.
  */
--- grub-0.97/stage2/boot.c	2004-03-30 20:44:08.000000000 +0900
+++ grub-0.97-tcg/stage2/boot.c	2006-08-28 18:47:52.000000000 +0900
@@ -30,6 +30,7 @@
 static struct mod_list mll[99];
 static int linux_mem_size;
 
+
 /*
  *  The next two functions, 'load_image' and 'load_module', are the building
  *  blocks of the multiboot loader component.  They handle essentially all
@@ -61,6 +62,27 @@
      buffer by default */
   pu.aout = (struct exec *) buffer;
 
+
+#ifdef TCG_ENABLE
+  /* we measure the whole kernel image at this point */
+  /* thus grub read the kernel twice, sorry  */
+  if  (tcg_grub_pcr_index >= 0) {
+     if (tcg_debug) grub_printf("load_image\n");
+  	tcg_buffer = 0x100000; /* TODO clear the flag to re-measure the kernel */
+    measure_eventdata(TCG_EV_GRUB_KERNEL_CMD_PCR, 
+		      TCG_EV_GRUB_KERNEL_CMD_TYPE, 
+		      grub_strlen(arg),
+		      arg); // or skip_to(0,arg));
+    /* measure kenrel image */
+    measure_file(kernel, 
+		 tcg_grub_pcr_index, /* set by kernel_func() in builtin.c*/
+		 tcg_grub_eventtype);
+    tcg_buffer=0; /* Kernel use 0x100000 as buffer */
+    tcg_grub_pcr_index = -1;
+  }
+#endif
+
+
   if (!grub_open (kernel))
     return KERNEL_TYPE_NONE;
 
@@ -74,6 +96,9 @@
       return KERNEL_TYPE_NONE;
     }
 
+
+
+
   for (i = 0; i < len; i++)
     {
       if (MULTIBOOT_FOUND ((int) (buffer + i), len - i))
@@ -776,9 +801,26 @@
       return 0;
     }
 
-  printf ("   [Multiboot-module @ 0x%x, 0x%x bytes]\n", cur_addr, len);
 
-  /* these two simply need to be set if any modules are loaded at all */
+#ifdef  TCG_ENABLE
+  if  (tcg_grub_pcr_index >= 0) {
+     if (tcg_debug) grub_printf("load_module\n");
+    /* measure */
+      measure_eventdata(TCG_EV_GRUB_CMD_PCR,  /* TODO */
+			TCG_EV_GRUB_CMD_TYPE, /* TODO */
+			grub_strlen(arg),
+			arg); // or skip_to(0,arg));
+      measure_mem(len,
+		  (unsigned char*)cur_addr,
+		  tcg_grub_pcr_index,
+		  tcg_grub_eventtype,
+		  module);
+      tcg_grub_pcr_index = -1;
+  }
+#endif /* TCG_ENABLE */
+
+
+  printf ("   [Multiboot-module @ 0x%x, 0x%x bytes]\n", cur_addr, len);  /* these two simply need to be set if any modules are loaded at all */
   mbi.flags |= MB_INFO_MODS;
   mbi.mods_addr = (int) mll;
 
@@ -844,6 +886,19 @@
 
   grub_close ();
 
+#ifdef  TCG_ENABLE
+  if  (tcg_grub_pcr_index >= 0) {
+     if (tcg_debug) grub_printf("load_initrd\n");
+    /* measure */ 
+      measure_mem(lh->ramdisk_size,
+		       (unsigned char*)lh->ramdisk_image,
+		       tcg_grub_pcr_index,
+		       tcg_grub_eventtype,
+		       initrd);
+    tcg_grub_pcr_index = -1;
+  }
+#endif /* TCG_ENABLE */
+
  fail:
   
 #ifndef NO_DECOMPRESSION
--- grub-0.97/stage2/builtins.c	2005-02-16 06:58:23.000000000 +0900
+++ grub-0.97-tcg/stage2/builtins.c	2006-08-28 18:45:13.000000000 +0900
@@ -49,6 +49,15 @@
 # include <md5.h>
 #endif
 
+#if 0
+#ifdef TCG_ENABLE
+/* TDOD really need them? */
+int   tcg_grub_pcr_index = -1;
+int   tcg_grub_eventtype = TCG_EV_GRUB_FILE_TYPE;
+char *tcg_grub_log; /**/
+#endif /* TCG_ENABLE */
+#endif // 0
+
 /* The type of kernel loaded.  */
 kernel_t kernel_type;
 /* The boot device.  */
@@ -404,6 +413,11 @@
 {
   int force = 0;
   char *file = arg;
+  //#ifdef TCG_TRUSTED_BOOT
+#ifdef TCG_ENABLE
+  int pcr_index = TCG_EV_GRUB_FILE_PCR;//TCG_FILE_PCR_INDEX;
+  int eventtype = TCG_EV_GRUB_FILE_TYPE;
+#endif
 
   /* If the option `--force' is specified?  */
   if (substring ("--force", arg) <= 0)
@@ -412,6 +426,27 @@
       file = skip_to (0, arg);
     }
 
+  //#ifdef TCG_TRUSTED_BOOT
+#ifdef TCG_ENABLE
+  if (substring ("--pcr=", file) <= 0)
+    {
+      arg = file + 6;
+      if (! safe_parse_maxint(&arg, &pcr_index))
+        return 1;
+      file = skip_to(0, arg);
+    }
+  if (substring ("--eventtype=", file) <= 0)
+    {
+      arg = file + 12;
+      if (! safe_parse_maxint(&arg, &eventtype))
+        return 1;
+      file = skip_to(0, arg);
+    }
+
+  //measure_file(file, pcr_index, 1);
+  measure_file(file, pcr_index, eventtype);
+#endif
+
   /* Open the file.  */
   if (! grub_open (file))
     {
@@ -465,9 +500,16 @@
   "chainloader",
   chainloader_func,
   BUILTIN_CMDLINE | BUILTIN_HELP_LIST,
+#ifdef TCG_TRUSTED_BOOT
+  "chainloader [--force] [--pcr=PCRINDEX] --eventtype=[EVENTTYPE] FILE",
+  "Load the chain-loader FILE. If --force is specified, then load it"
+  " forcibly, whether the boot loader signature is present or not."
+  " The option --pcr specifies PCR index for measuring the FILE."
+#else
   "chainloader [--force] FILE",
   "Load the chain-loader FILE. If --force is specified, then load it"
   " forcibly, whether the boot loader signature is present or not."
+#endif
 };
 
 
@@ -1712,6 +1754,30 @@
 static int
 initrd_func (char *arg, int flags)
 {
+#ifdef TCG_TRUSTED_BOOT
+  int pcr_index = TCG_EV_GRUB_INITRD_PCR;
+  int eventtype = TCG_EV_GRUB_INITRD_TYPE;
+
+  if (substring ("--pcr=", arg) <= 0)
+    {
+      arg += 6;
+      if (! safe_parse_maxint(&arg, &pcr_index))
+        return 1;
+      arg = skip_to(0, arg);
+    }
+  if (substring ("--eventtype=", arg) <= 0)
+    {
+      arg += 12;
+      if (! safe_parse_maxint(&arg, &eventtype))
+        return 1;
+      arg = skip_to(0, arg);
+    }
+
+  tcg_grub_pcr_index = pcr_index;
+  tcg_grub_eventtype = eventtype;
+
+#endif
+
   switch (kernel_type)
     {
     case KERNEL_TYPE_LINUX:
@@ -1733,9 +1799,17 @@
   "initrd",
   initrd_func,
   BUILTIN_CMDLINE | BUILTIN_HELP_LIST,
+#ifdef TCG_TRUSTED_BOOT
+  "initrd [--pcr=PCRINDEX] [--eventtype=EVENTTYPE] FILE [ARG ...]",
+  "Load an initial ramdisk FILE for a Linux format boot image and set the"
+  " appropriate parameters in the Linux setup area in memory."
+  " The option --pcr specifies PCR index for measuring the FILE."
+  " The option --eventtype specifies Event Type for measuring the FILE."
+#else
   "initrd FILE [ARG ...]",
   "Load an initial ramdisk FILE for a Linux format boot image and set the"
   " appropriate parameters in the Linux setup area in memory."
+#endif
 };
 
 
@@ -2331,6 +2405,11 @@
   int len;
   kernel_t suggested_type = KERNEL_TYPE_NONE;
   unsigned long load_flags = 0;
+  //#ifdef TCG_TRUSTED_BOOT
+#ifdef TCG_ENABLE
+  int pcr_index = TCG_EV_GRUB_KERNEL_PCR; //TCG_FILE_PCR_INDEX;
+  int eventtype = TCG_EV_GRUB_KERNEL_TYPE;
+#endif
 
 #ifndef AUTO_LINUX_MEM_OPT
   load_flags |= KERNEL_LOAD_NO_MEM_OPTION;
@@ -2370,6 +2449,21 @@
 	 has no effect.  */
       else if (grub_memcmp (arg, "--no-mem-option", 15) == 0)
 	load_flags |= KERNEL_LOAD_NO_MEM_OPTION;
+
+#ifdef TCG_ENABLE
+      else if (grub_memcmp (arg, "--pcr=", 6) == 0)
+        {
+          arg += 6;
+          if (! safe_parse_maxint(&arg, &pcr_index))
+            return 1;
+        }
+      else if (grub_memcmp (arg, "--eventype=", 12) == 0)
+        {
+          arg += 12;
+          if (! safe_parse_maxint(&arg, &eventtype))
+            return 1;
+        }
+#endif
       else
 	break;
 
@@ -2389,6 +2483,14 @@
 
   /* Copy the command-line to MB_CMDLINE.  */
   grub_memmove (mb_cmdline, arg, len + 1);
+
+#ifdef TCG_ENABLE 
+  /* save PCR index and EventType as global for load_image() */ 
+  /* For command line measurement, use default assignment -- TODO  */
+  tcg_grub_pcr_index =  pcr_index;
+  tcg_grub_eventtype =  eventtype;
+#endif
+
   kernel_type = load_image (arg, mb_cmdline, suggested_type, load_flags);
   if (kernel_type == KERNEL_TYPE_NONE)
     return 1;
@@ -2402,6 +2504,17 @@
   "kernel",
   kernel_func,
   BUILTIN_CMDLINE | BUILTIN_HELP_LIST,
+#ifdef TCG_ENABLE
+  "kernel [--no-mem-option] [--type=TYPE] [--pcr=PCRINDEX] --eventtype=[EVENTTYPE] FILE [ARG ...]",
+  "Attempt to load the primary boot image from FILE. The rest of the"
+  " line is passed verbatim as the \"kernel command line\".  Any modules"
+  " must be reloaded after using this command. The option --type is used"
+  " to suggest what type of kernel to be loaded. TYPE must be either of"
+  " \"netbsd\", \"freebsd\", \"openbsd\", \"linux\", \"biglinux\" and"
+  " \"multiboot\". The option --no-mem-option tells GRUB not to pass a"
+  " Linux's mem option automatically."
+  " The option --pcr specifies PCR index for measuring the FILE."
+#else
   "kernel [--no-mem-option] [--type=TYPE] FILE [ARG ...]",
   "Attempt to load the primary boot image from FILE. The rest of the"
   " line is passed verbatim as the \"kernel command line\".  Any modules"
@@ -2410,6 +2523,7 @@
   " \"netbsd\", \"freebsd\", \"openbsd\", \"linux\", \"biglinux\" and"
   " \"multiboot\". The option --no-mem-option tells GRUB not to pass a"
   " Linux's mem option automatically."
+#endif
 };
 
 
@@ -2585,6 +2699,28 @@
 module_func (char *arg, int flags)
 {
   int len = grub_strlen (arg);
+#ifdef TCG_TRUSTED_BOOT
+  int pcr_index = TCG_EV_GRUB_FILE_PCR;//TCG_FILE_PCR_INDEX;
+  int eventtype = TCG_EV_GRUB_FILE_TYPE;
+
+  if (substring ("--pcr=", arg) <= 0)
+    {
+      arg += 6;
+      if (! safe_parse_maxint(&arg, &pcr_index))
+        return 1;
+      arg = skip_to(0, arg);
+    }
+  if (substring ("--eventtype=", arg) <= 0)
+    {
+      arg += 12;
+      if (! safe_parse_maxint(&arg, &eventtype))
+        return 1;
+      arg = skip_to(0, arg);
+    }
+
+  tcg_grub_pcr_index =  pcr_index;
+  tcg_grub_eventtype =  eventtype;
+#endif
 
   switch (kernel_type)
     {
@@ -2619,12 +2755,23 @@
   "module",
   module_func,
   BUILTIN_CMDLINE | BUILTIN_HELP_LIST,
+#ifdef TCG_TRUSTED_BOOT
+  "module [--pcr=PCRINDEX] [--eventtype=EVENTTYPE] FILE [ARG ...]",
+  "Load a boot module FILE for a Multiboot format boot image (no"
+  " interpretation of the file contents is made, so users of this"
+  " command must know what the kernel in question expects). The"
+  " rest of the line is passed as the \"module command line\", like"
+  " the `kernel' command."
+  " The option --pcr specifies PCR index for measuring the FILE."
+  " The option --eventtype specifies Event Type for measuring the FILE."
+#else
   "module FILE [ARG ...]",
   "Load a boot module FILE for a Multiboot format boot image (no"
   " interpretation of the file contents is made, so users of this"
   " command must know what the kernel in question expects). The"
   " rest of the line is passed as the \"module command line\", like"
   " the `kernel' command."
+#endif
 };
 
 
@@ -2652,9 +2799,16 @@
   "modulenounzip",
   modulenounzip_func,
   BUILTIN_CMDLINE | BUILTIN_HELP_LIST,
+#ifdef TCG_TRUSTED_BOOT
+  "modulenounzip [--pcr=PCRINDEX] FILE [ARG ...]",
+  "The same as `module', except that automatic decompression is"
+  " disabled."
+  " The option --pcr specifies PCR index for measuring the FILE."
+#else
   "modulenounzip FILE [ARG ...]",
   "The same as `module', except that automatic decompression is"
   " disabled."
+#endif
 };
 
 
@@ -4790,6 +4944,169 @@
   "Probe VBE information. If the mode number MODE is specified, show only"
   " the information about only the mode."
 };
+
+
+#ifdef TCG_ENABLE
+/* 
+   measure
+
+   2006-06-20 SM renew 
+ */
+
+static int
+measure_func (char *arg, int flags)
+{
+	char *file = arg;
+	int pcr_index = TCG_EV_GRUB_FILE_PCR;
+	int eventtype = TCG_EV_GRUB_FILE_TYPE;
+	int rc=0;
+	int mode=0; /* 0:normal 1:data=>event */
+
+	while(1) {
+		if (substring ("--pcr=", file) <= 0) {
+			arg = file + 6;
+			if (! safe_parse_maxint(&arg, &pcr_index))
+	  			return 1;
+	  		file = skip_to(0, arg);
+		} else if (substring ("--eventtype=", file) <= 0) {
+			arg = file + 12;
+			if (! safe_parse_maxint(&arg, &eventtype))
+				return 1;
+			file = skip_to(0, arg);
+		} else if (substring ("--eventdata", file) <= 0) {
+			mode=1;
+			file = skip_to(0, file);
+		} else if (substring ("--mbr", file) <= 0) {
+			mode=1;
+			pcr_index = TCG_EV_GRUB_MBR_PCR;
+			eventtype = TCG_EV_GRUB_MBR_TYPE;
+			file = skip_to(0, file);
+		} else
+			break;
+	}  // while 
+
+	if (mode) { /* mode 1 eventdata = file image */
+		rc = measure_file_as_event( file, pcr_index, eventtype );
+	} else {    /* mode 0 eventdata = filename */
+		rc = measure_file( file, pcr_index, eventtype );
+	}
+	return rc;
+}
+
+static struct builtin builtin_measure =
+{
+  "measure",
+  measure_func,
+  //BUILTIN_CMDLINE | BUILTIN_MENU,
+  BUILTIN_CMDLINE | BUILTIN_MENU | BUILTIN_HELP_LIST,
+  "measure [[--pcr=PCRINDEX] [--eventtype=EVENTTYPE] [--eventdata] | [--mbr]] FILE",
+  "Perform TCG measurement operation with the FILE."
+  "--eventdata : hash data = event data,"
+  "--mbr : re-measure MBR"
+};
+
+
+/* 
+   tpm command 
+
+   How about just one command for all TPM/TCG diagnostic work
+
+   2006-06-23
+ */
+static int
+tpm_func (char *arg, int flags)
+{
+
+  if (substring ("pcrs", arg) <= 0) {
+    print_pcrs();
+    return 0;
+  }
+  if (substring ("eventlog", arg) <= 0) {
+    print_eventlog();
+    return 0;
+  }
+  if (substring ("test", arg) <= 0) {
+    arg = arg + 4;
+    arg = skip_to(0, arg);
+    if (substring ("--format=1", arg) <= 0)
+      tcg_test(1);
+    else 
+      tcg_test(2);
+    return 0;
+  }
+  if (substring ("disable", arg) <= 0) {
+    tcg_disable=1;
+    return 0;
+  }
+  if (substring ("debug", arg) <= 0) {
+    tcg_debug=1;
+    return 0;
+  }
+  if (substring ("benchmark", arg) <= 0) {
+    tcg_benchmark=1;
+    return 0;
+  }
+  if (substring ("normal", arg) <= 0) {
+    tcg_disable=0;
+    tcg_benchmark=0;
+    tcg_debug=0;
+    return 0;
+  }