talm

1
// This Source Code Form is subject to the terms of the Mozilla Public
2
// License, v. 2.0. If a copy of the MPL was not distributed with this
3
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
4

5
// Package secureboot contains base definitions for the Secure Boot process.
6
package secureboot
7

8
// Section is a name of a PE file section (UEFI binary).
9
type Section string
10

11
// List of well-known section names.
12
const (
13
	Linux   Section = ".linux"
14
	OSRel   Section = ".osrel"
15
	CMDLine Section = ".cmdline"
16
	Initrd  Section = ".initrd"
17
	Splash  Section = ".splash"
18
	DTB     Section = ".dtb"
19
	Uname   Section = ".uname"
20
	SBAT    Section = ".sbat"
21
	PCRSig  Section = ".pcrsig"
22
	PCRPKey Section = ".pcrpkey"
23
)
24

25
// OrderedSections returns the sections that are measured into PCR.
26
//
27
// Derived from https://github.com/systemd/systemd/blob/main/src/fundamental/tpm-pcr.h#L23-L36
28
// .pcrsig section is omitted here since that's what we are calulating here.
29
func OrderedSections() []Section {
30
	// DO NOT REARRANGE
31
	return []Section{Linux, OSRel, CMDLine, Initrd, Splash, DTB, Uname, SBAT, PCRPKey}
32
}
33

34
// Phase is the phase value extended to the PCR.
35
type Phase string
36

37
const (
38
	// EnterInitrd is the phase value extended to the PCR during the initrd.
39
	EnterInitrd Phase = "enter-initrd"
40
	// LeaveInitrd is the phase value extended to the PCR just before switching to machined.
41
	LeaveInitrd Phase = "leave-initrd"
42
	// EnterMachined is the phase value extended to the PCR before starting machined.
43
	// There should be only a signed signature for the enter-machined phase.
44
	EnterMachined Phase = "enter-machined"
45
	// StartTheWorld is the phase value extended to the PCR before starting all services.
46
	StartTheWorld Phase = "start-the-world"
47
)
48

49
// PhaseInfo describes which phase extensions are signed/measured.
50
type PhaseInfo struct {
51
	Phase              Phase
52
	CalculateSignature bool
53
}
54

55
// OrderedPhases returns the phases that are measured, in order.
56
//
57
// Derived from https://github.com/systemd/systemd/blob/v253/src/boot/measure.c#L295-L308
58
// ref: https://www.freedesktop.org/software/systemd/man/systemd-pcrphase.service.html#Description
59
//
60
// In the case of Talos disk decryption, happens in machined, so we need to only sign EnterMachined
61
// so that machined can only decrypt the disk if the system booted with the correct kernel/initrd/cmdline
62
// OrderedPhases returns the phases that are measured.
63
func OrderedPhases() []PhaseInfo {
64
	// DO NOT REARRANGE
65
	return []PhaseInfo{
66
		{
67
			Phase:              EnterInitrd,
68
			CalculateSignature: false,
69
		},
70
		{
71
			Phase:              LeaveInitrd,
72
			CalculateSignature: false,
73
		},
74
		{
75
			Phase:              EnterMachined,
76
			CalculateSignature: true,
77
		},
78
	}
79
}
80

81
const (
82
	// UKIPCR is the PCR number where sections except `.pcrsig` are measured.
83
	UKIPCR = 11
84
	// SecureBootStatePCR is the PCR number where the secure boot state and the signature are measured.
85
	// PCR 7 changes when UEFI SecureBoot mode is enabled/disabled, or firmware certificates (PK, KEK, db, dbx, …) are updated.
86
	SecureBootStatePCR = 7
87
)
88