From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Matthew Garrett <matthewgarrett@google.com>
Cc: linux-integrity@vger.kernel.org, peterhuewe@gmx.de, jgg@ziepe.ca,
linux-efi@vger.kernel.org, ard.biesheuvel@linaro.org,
Matthew Garrett <mjg59@google.com>,
Joe Richey <joerichey@google.com>
Subject: Re: [PATCH] tpm: Don't duplicate events from the final event log in the TCG2 log
Date: Wed, 5 Jun 2019 17:21:27 +0300 [thread overview]
Message-ID: <20190605142127.GC11331@linux.intel.com> (raw)
In-Reply-To: <20190604193511.153831-1-matthewgarrett@google.com>
On Tue, Jun 04, 2019 at 12:35:11PM -0700, Matthew Garrett wrote:
> After the first call to GetEventLog() on UEFI systems using the TCG2
> crypto agile log format, any further log events (other than those
> triggered by ExitBootServices()) will be logged in both the main log and
> also in the Final Events Log. While the kernel only calls GetEventLog()
> immediately before ExitBootServices(), we can't control whether earlier
> parts of the boot process have done so. This will result in log entries
> that exist in both logs, and so the current approach of simply appending
> the Final Event Log to the main log will result in events being
> duplicated.
Sounds flakky how UEFI firmaware works. Wonder why the ignition of the
final events log is bound to the invokation of GetEventLog() in the
first place.
> We can avoid this problem by looking at the size of the Final Event Log
> just before we call ExitBootServices() and exporting this to the main
> kernel. The kernel can then skip over all events that occured before
> ExitBootServices() and only append events that were not also logged to
> the main log.
>
> Signed-off-by: Matthew Garrett <mjg59@google.com>
> Reported-by: Joe Richey <joerichey@google.com>
> Suggested-by: Joe Richey <joerichey@google.com>
Rename final_events_early_size as final_events_preboot_size because it
is a bit more descriptive name. Other than that looks good to me.
/Jarkko
prev parent reply other threads:[~2019-06-05 14:21 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-04 19:35 [PATCH] tpm: Don't duplicate events from the final event log in the TCG2 log Matthew Garrett
2019-06-05 14:21 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190605142127.GC11331@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=ard.biesheuvel@linaro.org \
--cc=jgg@ziepe.ca \
--cc=joerichey@google.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=mjg59@google.com \
--cc=peterhuewe@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.