WIP: PCR Event combination logic #45
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bgartzi
force-pushed
the
preds-split_reusability
branch
from
3c3e3cb to
779d16e
Compare
Contributor
Author
|
Still would need to fix the minimum supported toolchain tests caused by the bitshifting function calls... P.S. I underestimated clippy |
bgartzi
force-pushed
the
preds-split_reusability
branch
3 times, most recently
from
3583ac8 to
d38e77e
Compare
bgartzi
force-pushed
the
preds-split_reusability
branch
4 times, most recently
from
c1883b2 to
b833548
Compare
Part and PCR hashes were modelled as Strings. This made it a bit more difficult than it should to handle them in memory (or reuse them later). This commit uses the serde_as library to represent hash values as Vec<u8> in memory in favour of comfort but still serialize them into hex-encoded Strings for ease of comprehension. Note this is a breaking API change that could affect the way the cocl-operator consumes the library. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
And add some unit tests to check that Vec<u8> -> hex-str (de)serialization works as expected. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
TPMEvent will be the struct that will hold everything needed to support the calculation of possible PCR combinations based on different image events. The commit also add a bunch of constants that define each of the events that are modelled now, and the input-change group they belong to. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
Implement the from TPMEvent traits for Part and Pcr. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
2 steps are needed to compute PCRs: computing the TPM events, and combining all of them together into the resulting PCR hashes. Right now, we were taking both steps, all together, inside the same function. This commit breaks down those functions into event computation + hash computation for PCR4. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
2 steps are needed to compute PCRs: computing the TPM events, and combining all of them together into the resulting PCR hashes. Right now, we were taking both steps, all together, inside the same function. This commit breaks down those functions into event computation + hash computation for PCR7. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
Adds consts and enums modelling expected PCR11 events. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
2 steps are needed to compute PCRs: computing the TPM events, and combining all of them together into the resulting PCR hashes. Right now, we were taking both steps, all together, inside the same function. This commit breaks down those functions into event computation + hash computation for PCR11. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
2 steps are needed to compute PCRs: computing the TPM events, and combining all of them together into the resulting PCR hashes. Right now, we were taking both steps, all together, inside the same function. This commit breaks down those functions into event computation + hash computation for PCR14. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
collect_secure_boot_hashes is not longer used. That makes all the fancy stuff written around it as Traits and such not longer needed too. Which is a good thing as, honestly, it added unneeded complexity to the source. To remove it cleanly, this commit moves the secureboot_db implementation for EFIVarsLoader from the SecureBootdbLoader (now removed) trait into the actual context for method implementations of EFIVarsLoader. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
Knowing the group models outside of the execution is not needed. It doesn't add any value to the TPMEvents. In other words, the tpm event group-id relationships are static. They do not change over time. If they do, it will be a bug, which will be easier to fix by just changing a line of code than updating many json annotations and files wherever they are used. This commit removes the TPMEventMixModel struct from there, adds a function to set the tpm-id->group relationships, and makes the TPMEvent struct to only hold the Event ID. It also renames the field from mix, to id. Also runs some updates to the code where "mix" or anything related was referenced instead of the brand new "id". Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
Now simple trees can be build, nodes can checked for being leafs or root nodes and tree branches can be computed. All of this is tested. Children capacity of each node is set to 2 for now. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
PcrRootNodeEvent will be used as the root node of the event tree built during the TPM event combination logic. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
This will let us implement something that is close to an iterator. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
This will let us know which is the next expected TPMEventID and have something similar to an iterator, but without having to manage one. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
bgartzi
force-pushed
the
preds-split_reusability
branch
4 times, most recently
from
f3008db to
6c8998c
Compare
Until now, compiling TPMEvents into PCRs assumed that all TPMEvents were from the same PCR. This patch adds a check to the Pcr::compile_from method so it checks that all events processed belong to the same PCR. Based on that, it adds another function that computes vectors of Pcrs from an heterogeneous TPMEvent vector. Finally it adds a few slight tests to cover the new functionality and updates some old ones that for some reason assumed that having different pcr events compiled under the same compile_from call was right. Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
Combine Vec<TPMEvent> from image "this" and image "that" into a vector of all possible solutions. There's still some work to do, such as: - Logic for error recovery
Signed-off-by: Beñat Gartzia Arruabarrena <[email protected]>
bgartzi
force-pushed
the
preds-split_reusability
branch
from
6c8998c to
964001e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The main goal of this PR is to support combining events for
PCR${N}generated for image versions A and B.The logic must return all possible resulting PCR value/struct combinations. To do so, it must know which events change together, and how to combine those with the events from the other images. In other words, it's not just about combining all events from A and B in all combinations that are possible without any context, but about returning the minimum amount of combinations that are actually logically possible on a system going through an upgrade.
To do so, this PR also goes through a bunch of other tasks meanwhile, including just some housekeeping, refactoring, and actual functionality:
And probably some more things still missing that I will need to implement and figure out.
For now, I'm posting this here just for awareness while I finish the rest.