From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 30 May 2024 08:12:12 +0000 (+0200)
Subject: pcrlock: tweak error messages when we are not looking at a TPM2 event log
X-Git-Tag: v256-rc4~83^2
X-Git-Url: http://git-history.diyao.me/?a=commitdiff_plain;h=500552241209cf96303f47bcc38b5ba7a5b40341;p=systemd%2F.git

pcrlock: tweak error messages when we are not looking at a TPM2 event log

If we are looking at a TPM1.2 event log the first log record will not be
the "EfiSpecIdEvent" but something else. Let's improve the log messages
about this, and say explicitly that this is likely not a TPM2.0 event
log.
---

diff --git a/src/pcrlock/pcrlock-firmware.c b/src/pcrlock/pcrlock-firmware.c
index 73c68c2237..6fd7363144 100644
--- a/src/pcrlock/pcrlock-firmware.c
+++ b/src/pcrlock/pcrlock-firmware.c
@@ -100,12 +100,12 @@ int validate_firmware_header(
         if (size < (uint64_t) offsetof(TCG_PCClientPCREvent, event) + (uint64_t) h->eventDataSize)
                 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Event log too short for TCG_PCClientPCREvent events data.");
 
-        if (h->pcrIndex != 0)
-                return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Event log header has unexpected PCR index %" PRIu32, h->pcrIndex);
         if (h->eventType != EV_NO_ACTION)
-                return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Event log header has unexpected event type 0x%" PRIx32, h->eventType);
+                return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Event log header has unexpected event type 0x%08" PRIx32 ". (Probably not a TPM2 event log?)", h->eventType);
+        if (h->pcrIndex != 0)
+                return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Event log header has unexpected PCR index %" PRIu32 ". (Probably not a TPM2 event log?)", h->pcrIndex);
         if (!memeqzero(h->digest, sizeof(h->digest)))
-                return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Event log header has unexpected non-zero digest.");
+                return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Event log header has unexpected non-zero digest. (Probably not a TPM2 event log?)");
 
         if (h->eventDataSize < offsetof(TCG_EfiSpecIDEvent, digestSizes))
                 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Event log header too short for TCG_EfiSpecIdEvent.");