Skip to content

Commit d38e77e

Browse files
bgartzibgartzi
committed
TPMEvents: Remove MixModel
Knowing the group models outside of the execution is not needed. It doesn't add any value to the TPMEvents. In other words, the tpm event group-id relationships are static. They do not change over time. If they do, it will be a bug, which will be easier to fix by just changing a line of code than updating many json annotations and files wherever they are used. This commit removes the TPMEventMixModel struct from there, adds a function to set the tpm-id->group relationships, and makes the TPMEvent struct to only hold the Event ID. It also renames the field from mix, to id. Also runs some updates to the code where "mix" or anything related was referenced instead of the brand new "id". Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
1 parent 7c1a5aa commit d38e77e

File tree

3 files changed

+85
-189
lines changed

3 files changed

+85
-189
lines changed

lib/src/pcrs/tests.rs

Lines changed: 5 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
// SPDX-License-Identifier: MIT
44

55
use super::*;
6-
use crate::tpmevents::{TPMEvent, TPMEventID, TPMEventMixModel};
6+
use crate::tpmevents::{TPMEvent, TPMEventID};
77

88
#[test]
99
fn test_part_serialization() {
@@ -69,10 +69,7 @@ fn test_part_from_tpmevent() {
6969
name: "FOOBAR".into(),
7070
pcr: 255,
7171
hash: vec![0, 1, 2, 3, 4, 5, 6, 7, 8],
72-
mix: TPMEventMixModel {
73-
event: TPMEventID::Pcr4EfiCall,
74-
group: u32::MAX,
75-
},
72+
id: TPMEventID::Pcr4EfiCall,
7673
};
7774
let expected = Part {
7875
name: "FOOBAR".into(),
@@ -94,10 +91,7 @@ fn test_pcr_compilation_from_tpmevents() {
9491
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
9592
0, 0, 0, 0,
9693
],
97-
mix: TPMEventMixModel {
98-
event: TPMEventID::Pcr4EfiCall,
99-
group: u32::MAX,
100-
},
94+
id: TPMEventID::Pcr4EfiCall,
10195
},
10296
TPMEvent {
10397
name: "BARFOO".into(),
@@ -107,11 +101,8 @@ fn test_pcr_compilation_from_tpmevents() {
107101
0, 0, 0, 1,
108102
],
109103
// Having a pcr7 event here does not make sense if the previous one
110-
// was pcr4, but mix should be sane at this point in the execution
111-
mix: TPMEventMixModel {
112-
event: TPMEventID::Pcr7SecureBoot,
113-
group: u32::MAX,
114-
},
104+
// was pcr4, but id should be sane at this point in the execution
105+
id: TPMEventID::Pcr7SecureBoot,
115106
},
116107
];
117108
let expected = Pcr {

lib/src/tpmevents.rs

Lines changed: 36 additions & 131 deletions
Original file line numberDiff line numberDiff line change
@@ -51,144 +51,49 @@ pub enum TPMEventID {
5151
Pcr14MokListTrusted,
5252
}
5353

54-
#[derive(Clone, Serialize, Deserialize)]
55-
pub struct TPMEventMixModel {
56-
pub event: TPMEventID,
57-
pub group: u32,
54+
fn tpm_event_group(event: TPMEventID) -> u32 {
55+
match event {
56+
TPMEventID::Pcr4EfiCall => TPMEG_NEVER,
57+
TPMEventID::Pcr4Separator => TPMEG_NEVER,
58+
TPMEventID::Pcr4Shim => TPMEG_BOOTLOADER,
59+
TPMEventID::Pcr4Grub => TPMEG_BOOTLOADER,
60+
TPMEventID::Pcr4Vmlinuz => TPMEG_LINUX,
61+
TPMEventID::Pcr7SecureBoot => TPMEG_SECUREBOOT,
62+
TPMEventID::Pcr7Pk => TPMEG_SECUREBOOT,
63+
TPMEventID::Pcr7Kek => TPMEG_SECUREBOOT,
64+
TPMEventID::Pcr7Db => TPMEG_SECUREBOOT,
65+
TPMEventID::Pcr7Dbx => TPMEG_SECUREBOOT,
66+
TPMEventID::Pcr7Separator => TPMEG_NEVER,
67+
TPMEventID::Pcr7ShimCert => TPMEG_SECUREBOOT | TPMEG_BOOTLOADER,
68+
// Secure boot on/off also changes the logged sbatlevel
69+
TPMEventID::Pcr7SbatLevel => TPMEG_SECUREBOOT | TPMEG_BOOTLOADER,
70+
TPMEventID::Pcr7GrubDbCert => TPMEG_SECUREBOOT | TPMEG_BOOTLOADER,
71+
TPMEventID::Pcr7GrubVendorDbCert => TPMEG_SECUREBOOT | TPMEG_BOOTLOADER,
72+
TPMEventID::Pcr7GrubMokListCert => TPMEG_SECUREBOOT | TPMEG_BOOTLOADER | TPMEG_MOKVARS,
73+
TPMEventID::Pcr11Linux => TPMEG_UKI,
74+
TPMEventID::Pcr11LinuxContent => TPMEG_UKI,
75+
TPMEventID::Pcr11Osrel => TPMEG_UKI,
76+
TPMEventID::Pcr11OsrelContent => TPMEG_UKI,
77+
TPMEventID::Pcr11Cmdline => TPMEG_UKI,
78+
TPMEventID::Pcr11CmdlineContent => TPMEG_UKI,
79+
TPMEventID::Pcr11Initrd => TPMEG_UKI,
80+
TPMEventID::Pcr11InitrdContent => TPMEG_UKI,
81+
TPMEventID::Pcr11Uname => TPMEG_UKI,
82+
TPMEventID::Pcr11UnameContent => TPMEG_UKI,
83+
TPMEventID::Pcr11Sbat => TPMEG_UKI,
84+
TPMEventID::Pcr11SbatContent => TPMEG_UKI,
85+
TPMEventID::Pcr14MokList => TPMEG_MOKVARS,
86+
TPMEventID::Pcr14MokListX => TPMEG_MOKVARS,
87+
TPMEventID::Pcr14MokListTrusted => TPMEG_MOKVARS,
88+
}
5889
}
5990

60-
pub const PCR4_EFICALL: TPMEventMixModel = TPMEventMixModel {
61-
event: TPMEventID::Pcr4EfiCall,
62-
group: TPMEG_NEVER,
63-
};
64-
pub const PCR4_SEPARATOR: TPMEventMixModel = TPMEventMixModel {
65-
event: TPMEventID::Pcr4Separator,
66-
group: TPMEG_NEVER,
67-
};
68-
pub const PCR4_SHIM: TPMEventMixModel = TPMEventMixModel {
69-
event: TPMEventID::Pcr4Shim,
70-
group: TPMEG_BOOTLOADER,
71-
};
72-
pub const PCR4_GRUB: TPMEventMixModel = TPMEventMixModel {
73-
event: TPMEventID::Pcr4Shim,
74-
group: TPMEG_BOOTLOADER,
75-
};
76-
pub const PCR4_VMLINUZ: TPMEventMixModel = TPMEventMixModel {
77-
event: TPMEventID::Pcr4Vmlinuz,
78-
group: TPMEG_LINUX,
79-
};
80-
pub const PCR7_SECUREBOOT: TPMEventMixModel = TPMEventMixModel {
81-
event: TPMEventID::Pcr7SecureBoot,
82-
group: TPMEG_SECUREBOOT,
83-
};
84-
pub const PCR7_PK: TPMEventMixModel = TPMEventMixModel {
85-
event: TPMEventID::Pcr7Pk,
86-
group: TPMEG_SECUREBOOT,
87-
};
88-
pub const PCR7_KEK: TPMEventMixModel = TPMEventMixModel {
89-
event: TPMEventID::Pcr7Kek,
90-
group: TPMEG_SECUREBOOT,
91-
};
92-
pub const PCR7_DB: TPMEventMixModel = TPMEventMixModel {
93-
event: TPMEventID::Pcr7Db,
94-
group: TPMEG_SECUREBOOT,
95-
};
96-
pub const PCR7_DBX: TPMEventMixModel = TPMEventMixModel {
97-
event: TPMEventID::Pcr7Dbx,
98-
group: TPMEG_SECUREBOOT,
99-
};
100-
pub const PCR7_SEPARATOR: TPMEventMixModel = TPMEventMixModel {
101-
event: TPMEventID::Pcr7Separator,
102-
group: TPMEG_NEVER,
103-
};
104-
pub const PCR7_SHIMCERT: TPMEventMixModel = TPMEventMixModel {
105-
event: TPMEventID::Pcr7ShimCert,
106-
group: TPMEG_SECUREBOOT | TPMEG_BOOTLOADER,
107-
};
108-
// Secure boot on/off also changes the logged sbatlevel
109-
pub const PCR7_SBATLEVEL: TPMEventMixModel = TPMEventMixModel {
110-
event: TPMEventID::Pcr7SbatLevel,
111-
group: TPMEG_SECUREBOOT | TPMEG_BOOTLOADER,
112-
};
113-
pub const PCR7_GRUBDBCERT: TPMEventMixModel = TPMEventMixModel {
114-
event: TPMEventID::Pcr7GrubDbCert,
115-
group: TPMEG_SECUREBOOT | TPMEG_BOOTLOADER,
116-
};
117-
pub const PCR7_GRUBVENDORDBCERT: TPMEventMixModel = TPMEventMixModel {
118-
event: TPMEventID::Pcr7GrubVendorDbCert,
119-
group: TPMEG_SECUREBOOT | TPMEG_BOOTLOADER,
120-
};
121-
pub const PCR7_GRUBMOKLISTCERT: TPMEventMixModel = TPMEventMixModel {
122-
event: TPMEventID::Pcr7GrubMokListCert,
123-
group: TPMEG_SECUREBOOT | TPMEG_BOOTLOADER | TPMEG_MOKVARS,
124-
};
125-
pub const PCR11_LINUX: TPMEventMixModel = TPMEventMixModel {
126-
event: TPMEventID::Pcr11Linux,
127-
group: TPMEG_UKI,
128-
};
129-
pub const PCR11_LINUX_CONTENT: TPMEventMixModel = TPMEventMixModel {
130-
event: TPMEventID::Pcr11LinuxContent,
131-
group: TPMEG_UKI,
132-
};
133-
pub const PCR11_OSREL: TPMEventMixModel = TPMEventMixModel {
134-
event: TPMEventID::Pcr11Osrel,
135-
group: TPMEG_UKI,
136-
};
137-
pub const PCR11_OSREL_CONTENT: TPMEventMixModel = TPMEventMixModel {
138-
event: TPMEventID::Pcr11OsrelContent,
139-
group: TPMEG_UKI,
140-
};
141-
pub const PCR11_CMDLINE: TPMEventMixModel = TPMEventMixModel {
142-
event: TPMEventID::Pcr11Cmdline,
143-
group: TPMEG_UKI,
144-
};
145-
pub const PCR11_CMDLINE_CONTENT: TPMEventMixModel = TPMEventMixModel {
146-
event: TPMEventID::Pcr11CmdlineContent,
147-
group: TPMEG_UKI,
148-
};
149-
pub const PCR11_INITRD: TPMEventMixModel = TPMEventMixModel {
150-
event: TPMEventID::Pcr11Initrd,
151-
group: TPMEG_UKI,
152-
};
153-
pub const PCR11_INITRD_CONTENT: TPMEventMixModel = TPMEventMixModel {
154-
event: TPMEventID::Pcr11InitrdContent,
155-
group: TPMEG_UKI,
156-
};
157-
pub const PCR11_UNAME: TPMEventMixModel = TPMEventMixModel {
158-
event: TPMEventID::Pcr11Uname,
159-
group: TPMEG_UKI,
160-
};
161-
pub const PCR11_UNAME_CONTENT: TPMEventMixModel = TPMEventMixModel {
162-
event: TPMEventID::Pcr11UnameContent,
163-
group: TPMEG_UKI,
164-
};
165-
pub const PCR11_SBAT: TPMEventMixModel = TPMEventMixModel {
166-
event: TPMEventID::Pcr11Sbat,
167-
group: TPMEG_UKI,
168-
};
169-
pub const PCR11_SBAT_CONTENT: TPMEventMixModel = TPMEventMixModel {
170-
event: TPMEventID::Pcr11SbatContent,
171-
group: TPMEG_UKI,
172-
};
173-
pub const PCR14_MOKLIST: TPMEventMixModel = TPMEventMixModel {
174-
event: TPMEventID::Pcr14MokList,
175-
group: TPMEG_MOKVARS,
176-
};
177-
pub const PCR14_MOKLISTX: TPMEventMixModel = TPMEventMixModel {
178-
event: TPMEventID::Pcr14MokListX,
179-
group: TPMEG_MOKVARS,
180-
};
181-
pub const PCR14_MOKLISTTRUSTED: TPMEventMixModel = TPMEventMixModel {
182-
event: TPMEventID::Pcr14MokListTrusted,
183-
group: TPMEG_MOKVARS,
184-
};
185-
18691
#[serde_as]
18792
#[derive(Clone, Serialize, Deserialize)]
18893
pub struct TPMEvent {
18994
pub name: String,
19095
pub pcr: u8,
19196
#[serde_as(as = "serde_with::hex::Hex")]
19297
pub hash: Vec<u8>,
193-
pub mix: TPMEventMixModel,
98+
pub id: TPMEventID,
19499
}

0 commit comments

Comments
 (0)