static void tpm_hash2pcr(struct xc_dom_image *dom, char *cmdline) { struct tpmfront_dev* tpm = init_tpmfront(NULL); uint8_t *resp; size_t resplen = 0; struct pcr_extend_cmd cmd; /* If all guests have access to a vTPM, it may be useful to replace this * with ASSERT(tpm) to prevent configuration errors from allowing a guest * to boot without a TPM (or with a TPM that has not been sent any * measurements, which could allow forging the measurements). */ if (!tpm) return; cmd.tag = bswap_16(TPM_TAG_RQU_COMMAND); cmd.size = bswap_32(sizeof(cmd)); cmd.ord = bswap_32(TPM_ORD_Extend); cmd.pcr = bswap_32(4); // PCR #4 for kernel sha1(dom->kernel_blob, dom->kernel_size, cmd.hash); tpmfront_cmd(tpm, (void*)&cmd, sizeof(cmd), &resp, &resplen); cmd.pcr = bswap_32(5); // PCR #5 for cmdline sha1(cmdline, strlen(cmdline), cmd.hash); tpmfront_cmd(tpm, (void*)&cmd, sizeof(cmd), &resp, &resplen); cmd.pcr = bswap_32(5); // PCR #5 for initrd sha1(dom->ramdisk_blob, dom->ramdisk_size, cmd.hash); tpmfront_cmd(tpm, (void*)&cmd, sizeof(cmd), &resp, &resplen); shutdown_tpmfront(tpm); }
static void tpm_hash2pcr(struct xc_dom_image *dom, char *cmdline) { struct tpmfront_dev* tpm = init_tpmfront(NULL); struct pcr_extend_rsp *resp; size_t resplen = 0; struct pcr_extend_cmd cmd; int rv; /* * If vtpm_label was specified on the command line, require a vTPM to be * attached and for the domain providing the vTPM to have the given * label. */ if (vtpm_label) { char ctx[128]; if (!tpm) { printf("No TPM found and vtpm_label specified, aborting!\n"); do_exit(); } rv = evtchn_get_peercontext(tpm->evtchn, ctx, sizeof(ctx) - 1); if (rv < 0) { printf("Could not verify vtpm_label: %d\n", rv); do_exit(); } ctx[127] = 0; rv = strcmp(ctx, vtpm_label); if (rv && vtpm_label[0] == '*') { int match_len = strlen(vtpm_label) - 1; int offset = strlen(ctx) - match_len; if (offset > 0) rv = strcmp(ctx + offset, vtpm_label + 1); } if (rv) { printf("Mismatched vtpm_label: '%s' != '%s'\n", ctx, vtpm_label); do_exit(); } } else if (!tpm) { return; } cmd.tag = bswap_16(TPM_TAG_RQU_COMMAND); cmd.size = bswap_32(sizeof(cmd)); cmd.ord = bswap_32(TPM_ORD_Extend); cmd.pcr = bswap_32(4); // PCR #4 for kernel sha1(dom->kernel_blob, dom->kernel_size, cmd.hash); rv = tpmfront_cmd(tpm, (void*)&cmd, sizeof(cmd), (void*)&resp, &resplen); ASSERT(rv == 0 && resp->status == 0); cmd.pcr = bswap_32(5); // PCR #5 for cmdline sha1(cmdline, strlen(cmdline), cmd.hash); rv = tpmfront_cmd(tpm, (void*)&cmd, sizeof(cmd), (void*)&resp, &resplen); ASSERT(rv == 0 && resp->status == 0); cmd.pcr = bswap_32(5); // PCR #5 for initrd sha1(dom->modules[0].blob, dom->modules[0].size, cmd.hash); rv = tpmfront_cmd(tpm, (void*)&cmd, sizeof(cmd), (void*)&resp, &resplen); ASSERT(rv == 0 && resp->status == 0); shutdown_tpmfront(tpm); }