From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Matthew Garrett <matthewgarrett@google.com>
Cc: linux-integrity@vger.kernel.org, peterhuewe@gmx.de, jgg@ziepe.ca,
linux-efi@vger.kernel.org, ard.biesheuvel@linaro.org,
Matthew Garrett <mjg59@google.com>,
Joe Richey <joerichey@google.com>
Subject: Re: [PATCH V2 2/2] tpm: Don't duplicate events from the final event log in the TCG2 log
Date: Thu, 13 Jun 2019 17:04:40 +0300 [thread overview]
Message-ID: <20190613140440.GD12791@linux.intel.com> (raw)
In-Reply-To: <20190607205147.102904-2-matthewgarrett@google.com>
On Fri, Jun 07, 2019 at 01:51:47PM -0700, Matthew Garrett wrote:
> After the first call to GetEventLog() on UEFI systems using the TCG2
> crypto agile log format, any further log events (other than those
> triggered by ExitBootServices()) will be logged in both the main log and
> also in the Final Events Log. While the kernel only calls GetEventLog()
> immediately before ExitBootServices(), we can't control whether earlier
> parts of the boot process have done so. This will result in log entries
> that exist in both logs, and so the current approach of simply appending
> the Final Event Log to the main log will result in events being
> duplicated.
>
> We can avoid this problem by looking at the size of the Final Event Log
> just before we call ExitBootServices() and exporting this to the main
> kernel. The kernel can then skip over all events that occured before
> ExitBootServices() and only append events that were not also logged to
> the main log.
>
> Signed-off-by: Matthew Garrett <mjg59@google.com>
> Reported-by: Joe Richey <joerichey@google.com>
> Suggested-by: Joe Richey <joerichey@google.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
/Jarkko
next prev parent reply other threads:[~2019-06-13 15:06 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-07 20:51 [PATCH V2 1/2] Abstract out support for locating an EFI config table Matthew Garrett
2019-06-07 20:51 ` [PATCH V2 2/2] tpm: Don't duplicate events from the final event log in the TCG2 log Matthew Garrett
2019-06-07 21:11 ` Ard Biesheuvel
2019-06-13 14:06 ` Jarkko Sakkinen
2019-06-13 14:23 ` Ard Biesheuvel
2019-06-13 14:04 ` Jarkko Sakkinen [this message]
2019-06-07 21:10 ` [PATCH V2 1/2] Abstract out support for locating an EFI config table Ard Biesheuvel
2019-06-10 16:58 ` Jarkko Sakkinen
2019-06-10 17:46 ` Matthew Garrett
2019-06-12 19:15 ` Jarkko Sakkinen
2019-06-13 14:02 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190613140440.GD12791@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=ard.biesheuvel@linaro.org \
--cc=jgg@ziepe.ca \
--cc=joerichey@google.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=mjg59@google.com \
--cc=peterhuewe@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.