From 1e9608c796372299ff882191c006c25292b34790 Mon Sep 17 00:00:00 2001
From: Malte Poll <mp@edgeless.systems>
Date: Tue, 18 Oct 2022 16:23:00 +0200
Subject: [PATCH] Precalculate expected PCR[4]

---
 .github/workflows/build-os-image.yml          | 37 ++++++++++
 .../measured-boot/extract_authentihash.py     | 21 ++++++
 image/mkosi/measured-boot/measure_util.sh     | 29 ++++++++
 .../mkosi/measured-boot/precalculate_pcr_4.sh | 71 +++++++++++++++++++
 4 files changed, 158 insertions(+)
 create mode 100755 image/mkosi/measured-boot/extract_authentihash.py
 create mode 100644 image/mkosi/measured-boot/measure_util.sh
 create mode 100755 image/mkosi/measured-boot/precalculate_pcr_4.sh

diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml
index ed3bc515a..fe85a1114 100644
--- a/.github/workflows/build-os-image.yml
+++ b/.github/workflows/build-os-image.yml
@@ -328,6 +328,43 @@ jobs:
         working-directory: ${{ github.workspace }}/image/mkosi
         if: ${{ matrix.csp == 'azure' }}
 
+  calculate-pcrs:
+    name: "Calculate PCRs"
+    needs: [make-os-image]
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        csp: [azure, gcp, qemu]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+
+      - name: Download OS image artifact
+        uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
+        with:
+          name: image-${{ matrix.csp }}
+
+      - name: Install dependencies
+        run: |
+          echo "::group::Install dependencies"
+          python -m pip install --user lief==0.12.2
+          sudo apt-get update
+          sudo apt-get install -y systemd-container # for systemd-dissect
+          echo "::endgroup::"
+
+      - name: Calculate expected PCRs
+        run: |
+          echo "::group::Calculate expected PCRs"
+          ./precalculate_pcr_4.sh ${{ github.workspace }}/image.raw ${{ github.workspace }}/pcrs-${{ matrix.csp }}.json >> $GITHUB_STEP_SUMMARY
+          echo "::endgroup::"
+        working-directory: ${{ github.workspace }}/image/mkosi/measured-boot
+
+      - name: Upload expected PCRs as artifact
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
+        with:
+          name: pcrs
+          path: pcrs-${{ matrix.csp }}.json
+
   generate-sbom:
     name: "Generate SBOM"
     needs: [build-dependencies, make-os-image]
diff --git a/image/mkosi/measured-boot/extract_authentihash.py b/image/mkosi/measured-boot/extract_authentihash.py
new file mode 100755
index 000000000..c3999ee2d
--- /dev/null
+++ b/image/mkosi/measured-boot/extract_authentihash.py
@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+# Copyright (c) Edgeless Systems GmbH
+#
+# SPDX-License-Identifier: AGPL-3.0-only
+
+# This script calculates the authentihash of a PE / EFI binary.
+# Install prerequisites:
+#   pip install lief
+
+import sys
+import lief
+
+def authentihash(filename):
+    pe = lief.parse(filename)
+    return pe.authentihash(lief.PE.ALGORITHMS.SHA_256)
+
+if __name__ == '__main__':
+    if len(sys.argv) != 2:
+        print(f"Usage: {sys.argv[0]} <filename>")
+        sys.exit(1)
+    print(authentihash(sys.argv[1]).hex())
diff --git a/image/mkosi/measured-boot/measure_util.sh b/image/mkosi/measured-boot/measure_util.sh
new file mode 100644
index 000000000..3713806c9
--- /dev/null
+++ b/image/mkosi/measured-boot/measure_util.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+# Copyright (c) Edgeless Systems GmbH
+#
+# SPDX-License-Identifier: AGPL-3.0-only
+
+# This script contains shared functions for pcr calculation.
+
+pcr_extend() {
+    local CURRENT_PCR="$1"
+    local EXTEND_WITH="$2"
+    local HASH_FUNCTION="$3"
+    ( echo -n "$CURRENT_PCR" | xxd -r -p ; echo -n "$EXTEND_WITH" | xxd -r -p; ) | ${HASH_FUNCTION} | cut -d " " -f 1
+}
+
+extract () {
+    local image="$1"
+    local path="$2"
+    local output="$3"
+    sudo systemd-dissect --copy-from "${image}" "${path}" "${output}"
+}
+
+mktempdir () {
+    mktemp -d
+}
+
+cleanup () {
+    local dir="$1"
+    rm -rf "${dir}"
+}
diff --git a/image/mkosi/measured-boot/precalculate_pcr_4.sh b/image/mkosi/measured-boot/precalculate_pcr_4.sh
new file mode 100755
index 000000000..0ad4af1e1
--- /dev/null
+++ b/image/mkosi/measured-boot/precalculate_pcr_4.sh
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+# Copyright (c) Edgeless Systems GmbH
+#
+# SPDX-License-Identifier: AGPL-3.0-only
+
+# This script is used to precalculate the PCR[4] value for a Constellation OS image.
+# Usage: precalculate_pcr_4.sh <path to image> <path to output file>
+
+set -euo pipefail
+source "$(dirname "$0")/measure_util.sh"
+
+ev_efi_action_sha256=3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba
+ev_efi_separator_sha256=df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119
+
+authentihash () {
+    local path="$1"
+    "$(dirname "$0")/extract_authentihash.py" "${path}"
+}
+
+write_output () {
+    local out="$1"
+    cat > "${out}" <<EOF
+{
+    "pcr4": "${expected_pcr_4}",
+    "efistages": [
+        {
+            "name": "shim",
+            "sha256": "${shim_authentihash}"
+        },
+        {
+            "name": "systemd-boot",
+            "sha256": "${sd_boot_authentihash}"
+        },
+        {
+            "name": "uki",
+            "sha256": "${uki_authentihash}"
+        }
+    ]
+}
+EOF
+}
+
+DIR=$(mktempdir)
+trap 'cleanup "${DIR}"' EXIT
+
+extract "$1" "/efi/EFI/BOOT/BOOTX64.EFI" "${DIR}/01-shim.efi"
+extract "$1" "/efi/EFI/BOOT/grubx64.efi" "${DIR}/02-sd-boot.efi"
+extract "$1" "/efi/EFI/Linux" "${DIR}/uki"
+sudo chown -R "$USER:$USER" "${DIR}/uki"
+cp ${DIR}/uki/*.efi "${DIR}/03-uki.efi"
+
+shim_authentihash=$(authentihash "${DIR}/01-shim.efi")
+sd_boot_authentihash=$(authentihash "${DIR}/02-sd-boot.efi")
+uki_authentihash=$(authentihash "${DIR}/03-uki.efi")
+cleanup "${DIR}"
+
+expected_pcr_4=0000000000000000000000000000000000000000000000000000000000000000
+expected_pcr_4=$(pcr_extend "${expected_pcr_4}" "${ev_efi_action_sha256}" "sha256sum")
+expected_pcr_4=$(pcr_extend "${expected_pcr_4}" "${ev_efi_separator_sha256}" "sha256sum")
+expected_pcr_4=$(pcr_extend "${expected_pcr_4}" "${shim_authentihash}" "sha256sum")
+expected_pcr_4=$(pcr_extend "${expected_pcr_4}" "${sd_boot_authentihash}" "sha256sum")
+expected_pcr_4=$(pcr_extend "${expected_pcr_4}" "${uki_authentihash}" "sha256sum")
+
+echo "Authentihashes:"
+echo "Stage 1 – shim:                       ${shim_authentihash}"
+echo "Stage 2 – sd-boot:                    ${sd_boot_authentihash}"
+echo "Stage 3 – Unified Kernel Image (UKI): ${uki_authentihash}"
+echo ""
+echo "Expected PCR[4]:                      ${expected_pcr_4}"
+
+write_output "$2"