grub-0.97-fc5-tcg-0.2.0-beta1.patch

可信GRUB的源码

+#if 0  /* TODO under construction */
+  if (substring ("set", arg) <= 0) {
+    arg = skip_to(0, arg+3);
+    if (substring ("--event=", arg) <= 0)
+	    arg = skip_to(0, arg+8);
+	    // TODO
+    else 
+       tcg_test(2);
+    return 0;
+  }
+#endif
+ usage:	
+  grub_printf("TCG Enhanced GRUB %s, (Applied TCG patch version is %s)\n",version_string, TCG_VERSION); // TODO 
+  grub_printf("Usage:\n");
+  grub_printf("  tpm pcrs    : \n");
+  grub_printf("  tpm eventlog: \n");
+  grub_printf("  tpm test --format=n  : \n");
+  //grub_printf("  tpm set --event=file|cmd|action --pcr=n --eventtype=n : \n");
+  grub_printf("  tpm [debug|benchmark|disable|normal] : for diagnostic\n");
+  grub_printf("Current opration mode:\n");
+  //grub_printf("  measurefile: %d\n",tcg_measurefile);
+  grub_printf("  measure mode: %d\n",tcg_measure_mode);
+  grub_printf("  debug       : %d\n",tcg_debug);
+  grub_printf("  disable     : %d\n",tcg_disable);
+  grub_printf("  benchmark   : %d\n",tcg_benchmark);
+  grub_printf("Default assignment of pcr index and eventtype:\n");
+#ifdef TCG_TRUSTED_BOOT
+  grub_printf("  stage 1     :  %d   %d\n",TCG_EV_GRUB_STAGE1_PCR,TCG_EV_GRUB_STAGE1_TYPE);
+  grub_printf("  stage 1.5   :  %d   %d\n",TCG_EV_GRUB_STAGE15_PCR,TCG_EV_GRUB_STAGE15_TYPE);
+  grub_printf("  stage 2     :  %d   %d\n",TCG_EV_GRUB_STAGE2_PCR,TCG_EV_GRUB_STAGE2_TYPE);
+  grub_printf("  grub.conf   :  %d   %d\n",TCG_EV_GRUB_CONFIG_PCR,TCG_EV_GRUB_CONFIG_TYPE);
+#endif /* TCG_TRUSTED_BOOT */
+  grub_printf("  file*       :  %d   %d\n",TCG_EV_GRUB_FILE_PCR,TCG_EV_GRUB_FILE_TYPE);
+  grub_printf("  file(decomp):  %d   %d\n",TCG_EV_GRUB_FILE_PCR,TCG_EV_GRUB_FILE_DECOMP_TYPE);
+  grub_printf("  kernel cmd  :  %d   %d\n",TCG_EV_GRUB_CMD_PCR,TCG_EV_GRUB_CMD_TYPE);
+  grub_printf("  action      :  %d   %d\n",TCG_EV_GRUB_ACTION_PCR,TCG_EV_GRUB_ACTION_TYPE);
+  grub_printf("   *configuable\n");
+
+  return (0);
+}
+
+static struct builtin builtin_tpm =
+{
+  "tpm",
+  tpm_func,
+  BUILTIN_CMDLINE | BUILTIN_MENU | BUILTIN_HELP_LIST,
+  "tpm [pcrs|log|status|test [--format=n]]",
+  "tpm utilitiy"
+  "tpm pcrs "
+  "tpm test --format=n: .n=1 n=2"
+};
+
+#endif /* TCG_ENABLE */
+  
+
   
 
 /* The table of builtin commands. Sorted in dictionary order.  */
@@ -4841,6 +5158,9 @@
 #ifdef USE_MD5_PASSWORDS
   &builtin_md5crypt,
 #endif /* USE_MD5_PASSWORDS */
+#ifdef TCG_ENABLE
+  &builtin_measure, /* new */
+#endif /* TCG_ENABLE */
   &builtin_module,
   &builtin_modulenounzip,
   &builtin_pager,
@@ -4877,6 +5197,9 @@
 #endif /* SUPPORT_NETBOOT */
   &builtin_timeout,
   &builtin_title,
+#ifdef TCG_ENABLE
+  &builtin_tpm,
+#endif /* TCG_ENABLE */
   &builtin_unhide,
   &builtin_uppermem,
   &builtin_vbeprobe,
--- grub-0.97/stage2/shared.h	2004-06-20 01:40:09.000000000 +0900
+++ grub-0.97-tcg/stage2/shared.h	2006-08-28 14:28:50.000000000 +0900
@@ -373,6 +373,25 @@
 #define strcpy grub_strcpy
 #endif /* WITHOUT_LIBC_STUBS */
 
+#if defined(TCG_TRUSTED_BOOT) || (!defined(STAGE1_5)&&defined(TCG_TEST))
+#define TCG_ENABLE 1 /* for ASM code region */
+
+#include "tcg.h"
+#if 0
+/* also stage1.h */
+#define TCG_EV_GRUB_FILE_PCR     0x08
+#define TCG_EV_GRUB_FILE_TYPE         0x05  // TODO 
+#define TCG_EV_GRUB_FILE_DECOMP_TYPE  0x05
+#define TCG_EV_GRUB_CMD_PCR      0x09
+#define TCG_EV_GRUB_CMD_TYPE          0x05
+#define TCG_EV_GRUB_ACTION_PCR   0x09
+#define TCG_EV_GRUB_ACTION_TYPE       0x05
+#define TCG_EVENTDATA_SIZE  128
+#endif // 0
+#endif // TCG_ENABLE
+#if defined(TCG_TEST)
+#define TCG_TRUSTED_BOOT_STEPBYSTEP
+#endif // TCG_TEST
 
 #ifndef ASM_FILE
 /*
@@ -991,6 +1010,126 @@
 
 void init_bios_info (void);
 
+#if defined(TCG_TRUSTED_BOOT) || (!defined(STAGE1_5)&&defined(TCG_TEST))
+#define TCG_ENABLE 1 /* for C code region */
+
+/* TCG BIOS Return Code (spec v1.2, 12.3, p84) */
+#define TCG_PC_OK          0x0000
+#define TCG_PC_TPMERROR    0x0001
+#define TCG_PC_LOGOVERFLOW 0x0002
+#define TCG_PC_UNSUPPORTED 0x0003
+
+/* TCG BIOS Return Code (spec v1.2, 13, p96) */
+#define TCG_OK          0x00
+#define TPM_RET_BASE    0x01
+#define TCG_GENERAL_ERROR    TPM_RET_BASE + 0x00
+#define TCG_TPM_IS_LOCKED    TPM_RET_BASE + 0x01
+/* TODO */
+
+#if !defined(TCG_VERSION)
+#define TCG_VERSION "0.2.0"
+#endif
+
+#define TCG_EV_GRUB_ACTION_PASSWORD_ENTER    "Password Entrerd"
+#define TCG_EV_GRUB_ACTION_PASSWORD_FAILURE  "Password Failure"
+#define TCG_EV_GRUB_ACTION_USER_INTERVENTION "Boot Sequance User Intervention"
+
+#define TCG_EVENTDATA_SIZE 128
+
+/* Ignore IBM BIOS return code (rc=3) 2006-08-15 S.Munetoh */
+//configure.ac #define TCG_IBM_BIOS_RC3
+
+/* Use TCG_HashLogExtendEvent with input Format2. 2006-08-15 S.Munetoh */
+//configure.ac #define TCG_HLEE_F2
+
+/* tcg.c */
+extern int tcg_disable;
+extern int tcg_debug;
+extern unsigned int tcg_buffer; 
+extern int tcg_benchmark;
+extern int tcg_measurefile;
+extern int tcg_measure_mode;
+extern int   tcg_grub_pcr_index;
+extern int   tcg_grub_eventtype;
+extern char *tcg_grub_log; /* TBD */
+
+/* asm.S */
+int TCG_StatusCheck(unsigned char *major, 
+		     unsigned char *minor, 
+		     unsigned char **event_log);
+int TCG_HashLogExtendEventF1(int pcr_index,
+			     int hashdatasize,
+			     unsigned char *hashdeta,
+			     int logdatasize,
+			     unsigned char *logdeta);
+int TCG_HashLogExtendEventF2(int pcr_index,
+			     int hashdatasize,
+			     unsigned char *hashdeta,
+			     int logdatasize,
+			     unsigned char *logdeta);
+/* TCG_PassThroughToTPM  */
+int tcg_extend(int pcr_index, unsigned char *digest,
+                   unsigned char *pcr_value);
+int tcg_pcr_read(int pcr_index, unsigned char *pcr_value);
+int TCG_LogExtend(int pcr_index, 
+		  int type,
+		  int logdatasize,
+		  unsigned char *logdata);
+int TCG_HashAll(int data_len, unsigned char *data, unsigned char *digest);
+int TCG_CompactHashLogExtendEvent(int pcr_index,
+				  int hashdatasize,
+				  unsigned char *hashdeta);
+
+/* tcg.c */
+int tcg_status(unsigned char **addr);
+int measure_eventdata(int pcr_index, 
+		      int eventtype, 
+		      int eventsize, 
+		      unsigned char * eventdata);
+int measure_file(char *filename, 
+		 int pcr_index, 
+		 int eventtype);
+int measure_file_as_event(char *filename, 
+		  int pcr_index, 
+		  int eventtype);
+int measure_mem(int len,
+		unsigned char *addr, 
+		int pcr_index, 
+		int eventtype,
+		char* eventdata);
+
+int print_digest (unsigned char *digest, int len);
+int print_u32 (unsigned int in);
+int print_rc (char* msg, unsigned int in);
+int print_pcrs(void);
+int print_eventlog(void);
+
+int tcg_test (int format);
+
+#define SHA1_DIGEST_SIZE 20
+// #define TCG_EVENT_SIZE 512 /* for MBR */
+
+typedef struct tdTCG_PCR_EVENT
+{
+  unsigned int pcrIndex;
+  unsigned int eventType;
+  unsigned char digest[SHA1_DIGEST_SIZE];
+  unsigned int eventDataSize;
+  unsigned char event[0];    
+} TCG_PCR_EVENT;
+/* 4 + 4 + 20 + 4 + n = 32+n */
+
+#define TCG_PCR_EVENT_BASE_SIZE 32
+
+
+typedef struct {
+    unsigned int    eventID;
+    unsigned int    eventDataSize;
+    /* (eventDataSize) bytes of event data follows */
+} PC_SPECIFIC_EVENT;
+
+#endif /* TCG_TRUSTED_BOOT */
+
 #endif /* ASM_FILE */
 
 #endif /* ! GRUB_SHARED_HEADER */
--- grub-0.97/stage2/start.S	2003-07-09 20:45:53.000000000 +0900
+++ grub-0.97-tcg/stage2/start.S	2006-08-28 16:59:57.000000000 +0900
@@ -86,11 +86,13 @@
 	je	bootit
 
 setup_sectors:	
+#ifndef TCG_TRUSTED_BOOT
 	/* check if we use LBA or CHS */
 	cmpb	$0, -1(%si)
 
 	/* jump to chs_mode if zero */
 	je	chs_mode
+#endif /* !TCG_TRUSTED_BOOT */
 
 lba_mode:	
 	/* load logical sector start */
@@ -158,6 +160,7 @@
 	jc	read_error
 
 	movw	$BUFFERSEG, %bx
+#ifndef TCG_TRUSTED_BOOT
 	jmp	copy_buffer
 			
 chs_mode:	
@@ -257,7 +260,8 @@
 
 	/* save source segment */
 	movw	%es, %bx
-	
+#endif /* !TCG_TRUSTED_BOOT */
+
 copy_buffer:	
 
 	/* load addresses for copy from disk buffer to destination */
@@ -284,6 +288,14 @@
 	xorw	%si, %si	/* zero offset of source addresses */
 	movw	%bx, %ds	/* restore the source segment */
 
+#ifdef  TCG_TRUSTED_BOOT
+	/*
+	 * ds:si = buffer address
+	 * cx : size 
+	 */
+	call    tcg_measure
+#endif
+
 	cld		/* sets the copy direction to forward */
 
 	/* perform copy */
@@ -313,7 +325,11 @@
 	MSG(notification_done)
 	popw	%dx	/* this makes sure %dl is our "boot" drive */
 #ifdef STAGE1_5
+#ifdef TCG_INFRA_MODE
+	ljmp	$0, $0x2270
+#else /* ! TCG_INFRA_MODE */
 	ljmp	$0, $0x2200
+#endif /* TCG_INFRA_MODE */
 #else /* ! STAGE1_5 */
 	ljmp	$0, $0x8200
 #endif /* ! STAGE1_5 */
@@ -339,18 +355,337 @@
 stop:	jmp	stop
 
 #ifdef STAGE1_5
+#ifdef TCG_TRUSTED_BOOT
+notification_string:	.string "Loading stage1.5t0816"
+#else
 notification_string:	.string "Loading stage1.5"
+#endif /* TCG_TRUSTED_BOOT */
 #else
 notification_string:	.string "Loading stage2"
 #endif
 
-notification_step:	.string "."
+notification_step:	.string "<+>"
 notification_done:	.string "\r\n"
 	
 geometry_error_string:	.string "Geom"
 read_error_string:	.string "Read"
 general_error_string:	.string " Error"
 
+#ifdef TCG_TRUSTED_BOOT
+tcg_debug_string:	.string "<T>"
+/*
+ * ds:si = buffer address
+ * cx    = size
+ */	
+tcg_measure:
+	pushal
+	push    %ds
+	push    %es
+
+#ifdef TCG_BIOS_BIGREALMODE_FIX
+	/*cli*/
+
+	/* Transit to big-real-mode */
+	DATA32 lgdt gdtdesc
+
+	/* turn on protected mode */
+	movl    %cr0, %eax
+	orb     $0x01, %al 
+	movl    %eax, %cr0
+
+	movw    $0x0008, %bx
+	movw    %bx, %ds
+	movw    %bx, %es
+	
+	/* Back to real mode */
+	decb    %al
+	movl    %eax, %cr0
+	
+	/* Enable A20 gate */
+	movw    $0x2401, %ax
+	int     $0x15
+
+	/*sti*/
+#endif	/* TCG_BIOS_BIGREALMODE_FIX */
+#ifdef TCG_HLEE_F2
+/*
+ * set datasize
+ */
+	movw    %ds, %di
+	xorw    %ax, %ax		/* ax =0 */
+	movw    %ax, %ds		/* ds =0 */
+	movw    %ax, %es		/* es =0 */
+	movzx   %si, %esi
+	movzx   %di, %edi
+	shll    $4,  %edi
+	addl    %edi,%esi		/* esi= (32-bit phisical address) */
+	
+	// NG movw	%cx, ABS(hlee_ipb_datasize)
+	movw    $ABS(hlee_ipb), %di	/* ES:DI = IPB */
+	movl    %esi, 4(%di)		/* HashDataPtr */
+	movw    %cx,  8(%di)		/* HashDataLen */	
+
+/*
+ * BIOS call "INT 1Ah, (AH)=BBh,(AL)=00h" TCG_StatusCheck
+ *	Call with	
+ *	  %ah = 0xBB
+ *			%al = 0x00
+ *	Return:
+ *			%eax = TCG_STATUS
+ *			%ebx = 'TCPA'
+ *
+ * Ref:	 
+ *  TCG PC Client Specific Implementation Specification for Conventional BIOS v1.2, 
+ *  Section 12.5 (page 85)
+ */
+tcg_statuscheck:
+	movw    $0xbb00, %ax   		/* TCG_LogEvent */
+	int     $0x1a
+	test	%eax, %eax
+	jnz		tcg_goback
+/*
+ * BIOS call "INT 1Ah, (AH)=BBh,(AL)=01h" TCG_HashLogExtendEvent
+ *	Call with	
+ *          %ah = 0xBB
+ *			%al = 0x01
+ *			%es:%di = segment:offset of input parametor block
+ *			%ds:%si = segment:offset of output parametor block
+ *			%ebx = 'TCPA'
+ *			%ecx = 0
+ *			%edx = 0
+ *	Return:
+ *			%eax = TCG_STATUS
+ *			%ds:%si = ?
+ *
+ * Ref:	 
+ *  TCG PC Client Specific Implementation Specification for Conventional BIOS v1.2, 
+ *  Section 12.6 (page 86)
+ *
+ *  2006-08-16 SM does not match the digest
+ * 
+ */
+tcg_hashlogextendevent:
+	/* Setup IPB */	
+#if 0
+	movw    %ds, %di
+	xorw    %ax, %ax		/* ax =0 */
+	movw    %ax, %ds		/* ds =0 */
+	movw    %ax, %es		/* es =0 */
+	movzx   %si, %esi
+	movzx   %di, %edi
+	shll    $4,  %edi
+	addl    %edi,%esi		/* esi= (32-bit phisical address) */
+#endif // 0
+	
+	movw    $ABS(hlee_ipb), %di	/* ES:DI = IPB */
+#ifdef TCG_INFRA_MODE
+	/* Fix the size */
+	addl	$0x70, 4(%di)		/* HashDataPtr + 0x70 */
+	subl    $0x70, 8(%di)		/* HashDataLen - 0x70 */
+	//subl    $0x70, ABS(hlee_ipb_datasize)
+#endif	
+
+#if 0
+	/* save HashDataSize as EventType */
+	movl    ABS(hlee_ipb_datasize),  %ecx		
+	movl	%ecx, ABS(tcg_pcr_event_type)
+#endif // 1
+
+
+	/* Call */
+	movw    $0xbb01, %ax   		/* TCG_LogEvent */
+	// NG movw    $ABS(tpe_pcrvalue),%si  /* si=OPB */
+	// NG movw    $ABS(hlee_ipb),%si  /* si=OPB */
+	// OK movw	$0x8E00, %si		/* OPB @0x8E00 - OK*/
+	movw	$0x2E00, %si		/* OPB OK */
+	xorl    %ecx, %ecx			/* ECX = 0 */
+	xorl    %edx, %edx			/* EDX = 0 */	
+	int     $0x1a
+
+	
+#ifndef TCG_IBM_BIOS_RC3
+	test	%eax, %eax
+	jz	tcg_end
+tcg_error:
+	MSG(tcg_error_string)
+#endif /*  TCG_IBM_BIOS_RC3 */
+
+#else /* TCG_HLEE_F2 */
+/*
+ * BIOS call "INT 1Ah, (AH)=BBh,(AL)=05h" TCG_HashAll 
+ *	Call with	%ah = 0xBB
+ *			%al = 0x05
+ *			%es:%di = segment:offset of input parametor block
+ *			%ds:%si = segment:offset of output parametor block
+ *			%ebx = 'TCPA'
+ *			%ecx = 0
+ *			%edx = 0
+ *	Return:
+ *			%eax = TCG_STATUS
+ *			%ds:%si = segment:offset of referenced buffer
+ *
+ * Ref:	 TCG PC Specification v1.0, Section 8.1.8 (page 49)
+ */	
+	movw    %ds, %di
+	xorw    %ax, %ax		/* ax =0 */
+	movw    %ax, %ds		/* ds =0 */
+	movw    %ax, %es		/* es =0 */
+	movw    $0xbb05, %ax	/* ah=BBh,al=05h, TCG_HashAll */
+	movzx   %si, %esi
+	movzx   %di, %edi
+	shll    $4,  %edi
+	addl    %edi,%esi		/* esi= (32-bit phisical address) */
+
+#if 0
+	movw    $ABS(tcg_memo), %di	/* IPB */
+	movl    %esi,0(%di)		/* HashDataPtr */
+	movw    %cx, 4(%di)		/* HashDataLen */
+#ifdef TCG_INFRA_MODE
+	/* Fix the size */
+	addl	$0x70, 0(%di)		/* HashDataPtr + 0x70 */
+	subl    $0x70, 4(%di)		/* HashDataLen - 0x70 */
+#endif