Re: [PATCH v6 3/6] tpm: Support boot measurements

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Eddie James <eajames@linux.ibm.com>
Cc: u-boot@lists.denx.de, sjg@chromium.org, xypron.glpk@gmx.de,
	joel@jms.id.au
Subject: Re: [PATCH v6 3/6] tpm: Support boot measurements
Date: Thu, 23 Feb 2023 20:07:49 +0200	[thread overview]
Message-ID: <Y/erdXXEHJi2zRWI@hera> (raw)
In-Reply-To: <2e4e1a87-00dc-4a0f-9a84-162daf578292@linux.ibm.com>

Hi Eddie,

[...]

> > But at least the kernel can find the EFI config tables properly.
> > > Also, note that the ret is efi_status_t and the new function you added
> > > returns an int.  Just switch the ret here accordingly.
> > >
> > >
> > >           * platforms can use different ways to do so.
> > >           */
> > >          ret = tcg2_init_log(dev, &elog);
> > > -       if (ret != EFI_SUCCESS)
> > > -               goto free_pool;
> > > -
> > > -       memcpy(event_log.buffer, elog.log, elog.log_position);
> > > -       event_log.pos = elog.log_position;
> > > +       if (ret == EFI_SUCCESS) {
> > > +               memcpy(event_log.buffer, elog.log, elog.log_position);
> > > +               event_log.pos = elog.log_position;
> > > +       }
> > >
> > >
> > > I'll try digging into the EFI issues more once I get some time
> > Ok Ignore the previous mail. I just noticed that the specid event is
> > generated by tcg2_log_init() and that's where the errors come from.
>
>
> OK, I think I understand the problem. One problem with your solution below
> is that it's only useful for EFI; writing the event log to a temporary
> buffer in the non-EFI case is a waste of time, since it can't go anywhere.

It's not even a 'solution', it's just an ugly hack to help you understand
where things go sideways.

>
> I have a solution where the user can pass in their buffer in the
> tcg2_event_log structure in the event that no memory region is discovered.
> EFI can use that path.

Yep that sounds sane,  that way EFI can pass the efi allocated memory and
you can call call that with NULL for non-efi code.
Please keep in mind that the EventLog, if it comes from TF-A, needs to be
replayed into hardware as well, since TF-A doesn't extend PCRs.

>
>
> Thanks for the debugging effort!

yw

Cheers
/Ilias
>
> Eddie
>
>
> >
> > So something like the *really ugly hack* fixes EFI.  Can you please
> > turn it into human-readable code
> >
> >   #include <linux/unaligned/be_byteshift.h>
> >   #include <linux/unaligned/generic.h>
> >   #include <linux/unaligned/le_byteshift.h>
> > +#include <malloc.h>
> >
> >   #include "tpm-utils.h"
> >
> > @@ -634,7 +635,7 @@ __weak int tcg2_platform_get_log(struct udevice
> > *dev, void **addr, u32 *size)
> >
> >                  if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0,
> >                                                 0, &args))
> > -                       return -ENODEV;
> > +                       goto alloc;
> >
> >                  a = ofnode_get_addr_size(args.node, "reg", &s);
> >                  if (a == FDT_ADDR_T_NONE)
> > @@ -643,6 +644,9 @@ __weak int tcg2_platform_get_log(struct udevice
> > *dev, void **addr, u32 *size)
> >                  *addr = map_physmem(a, s, MAP_NOCACHE);
> >                  *size = (u32)s;
> >          }
> > +alloc:
> > +       *addr = calloc(1, 4096);
> > +       *size = 4096;
> >
> >          return 0;
> >   }
> >
> > Cheers
> > /Ilias
> >
> > > Cheers
> > > /Ilias
> > > > Thanks!
> > > > /Ilias

next prev parent reply	other threads:[~2023-02-23 18:07 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-22 18:02 [PATCH v6 0/6] tpm: Support boot measurements Eddie James
2023-02-22 18:02 ` [PATCH v6 1/6] tpm: Fix spelling for tpmu_ha union Eddie James
2023-02-22 18:02 ` [PATCH v6 2/6] tpm: sandbox: Update for needed TPM2 capabilities Eddie James
2023-02-22 18:02 ` [PATCH v6 3/6] tpm: Support boot measurements Eddie James
2023-02-23  9:02   ` Ilias Apalodimas
2023-02-23  9:30     ` Ilias Apalodimas
2023-02-23  9:47       ` Ilias Apalodimas
2023-02-23 17:52         ` Eddie James
2023-02-23 18:07           ` Ilias Apalodimas [this message]
2023-02-23 21:17             ` Ilias Apalodimas
2023-02-22 18:02 ` [PATCH v6 4/6] bootm: Support boot measurement Eddie James
2023-02-22 19:17   ` Simon Glass
2023-02-22 18:02 ` [PATCH v6 5/6] test: Add sandbox TPM " Eddie James
2023-02-23 11:35   ` Ilias Apalodimas
2023-02-22 18:02 ` [PATCH v6 6/6] doc: Add measured boot documentation Eddie James
2023-02-22 19:17   ` Simon Glass
2023-02-22 20:26   ` Heinrich Schuchardt
2023-02-23  7:12     ` Ilias Apalodimas
2023-03-01 22:35     ` Eddie James

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y/erdXXEHJi2zRWI@hera \
    --to=ilias.apalodimas@linaro.org \
    --cc=eajames@linux.ibm.com \
    --cc=joel@jms.id.au \
    --cc=sjg@chromium.org \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.