From: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: "Andrew Cooper" <andrew.cooper3@citrix.com>,
"Roger Pau Monné" <roger.pau@citrix.com>,
"Daniel P. Smith" <dpsmith@apertussolutions.com>,
"Ross Philipson" <ross.philipson@oracle.com>,
trenchboot-devel@googlegroups.com,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH v3 10/22] x86/tpm.c: code for early hashing and extending PCRs (for TPM1.2)
Date: Sun, 28 Jun 2026 19:09:24 +0300 [thread overview]
Message-ID: <akFHNFIuGGALeaw4@MjU3Nj> (raw)
In-Reply-To: <45ad9ee7-e4a4-4f31-b8d0-723a97d7f45b@suse.com>
On Wed, Oct 22, 2025 at 04:07:35PM +0200, Jan Beulich wrote:
> > +void tpm_hash_extend(unsigned loc, unsigned pcr, const uint8_t *buf,
> > + unsigned size, uint32_t type, const uint8_t *log_data,
> > + unsigned log_data_size);
>
> Here and elsewhere: We prefer "unsigned int" over just "unsigned".
Will update.
> > + while ( (tis_read8(TPM_ACCESS_(loc)) & ACCESS_ACTIVE_LOCALITY) == 0 );
>
> Here and below - please put such semicolons on a separate line, to make more
> recognizable that no loop body follows. Also generally we prefer ! over == 0
> for such checks.
OK.
> > +static void send_cmd(unsigned loc, uint8_t *buf, unsigned i_size,
> > + unsigned *o_size)
> > +{
> > + /*
> > + * Value of "data available" bit counts only when "valid" field is set as
> > + * well.
> > + */
> > + const unsigned data_avail = STS_VALID | STS_DATA_AVAIL;
> > +
> > + unsigned i;
> > +
> > + /* Make sure TPM can accept a command. */
> > + if ( (tis_read8(TPM_STS_(loc)) & STS_COMMAND_READY) == 0 )
> > + {
> > + /* Abort current command. */
> > + tis_write8(TPM_STS_(loc), STS_COMMAND_READY);
> > + /* Wait until TPM is ready for a new one. */
> > + while ( (tis_read8(TPM_STS_(loc)) & STS_COMMAND_READY) == 0 );
> > + }
> > +
> > + for ( i = 0; i < i_size; i++ )
> > + tis_write8(TPM_DATA_FIFO_(loc), buf[i]);
> > +
> > + tis_write8(TPM_STS_(loc), STS_TPM_GO);
> > +
> > + /* Wait for the first byte of response. */
> > + while ( (tis_read8(TPM_STS_(loc)) & data_avail) != data_avail);
>
> Here you properly follow the comment at the top of the function, while ...
>
> > + for ( i = 0; i < *o_size && tis_read8(TPM_STS_(loc)) & data_avail; i++ )
>
> ... here you don't. Why?
Right, `== data_avail` was missing here. Likely a remnant from an
earlier version.
> > + buf[i] = tis_read8(TPM_DATA_FIFO_(loc));
> > +
> > + if ( i < *o_size )
> > + *o_size = i;
>
> Is there any real need for this assignment to be conditional?
There isn't, as far as I can tell, will be unconditional.
> > + uint32_t intf_version = tis_read32(TPM_INTF_CAPABILITY_(0))
> > + & INTF_VERSION_MASK;
>
> Nit: The & wants to move to the previous line and indentation of the
> continuation line wants to increase by 2.
OK.
> > + cmd_rsp.start_c = (struct sha1_start_cmd) {
> > + .h.tag = swap16(TPM_TAG_RQU_COMMAND),
> > + .h.paramSize = swap32(sizeof(struct sha1_start_cmd)),
>
> While here it may be viewed as on the edge, ...
>
> > + .h.ordinal = swap32(TPM_ORD_SHA1Start),
> > + };
> > +
> > + send_cmd(loc, cmd_rsp.buf, sizeof(struct sha1_start_cmd), &o_size);
>
> ... here and ...
>
> > + if ( o_size < sizeof(struct sha1_start_rsp) )
>
> ... here (and elsewhere) you would better use sizeof(<expression>), to make
> the connection there more clear.
OK and I'll update send_cmd() to be like in TPM2.0 case which gets rid
of duplicated expressions.
> > + max_bytes = size & ~(64 - 1);
>
> ROUNDDOWN(size, 64)
Right, didn't see this macro.
> > + o_size = sizeof(cmd_rsp);
> > +
> > + cmd_rsp.update_c = (struct sha1_update_cmd){
>
> Please, at least within a single patch, be consistent about whether there is
> a blank between ) and {.
Sure.
> > +error:
>
> Nit: Labels indented by at least one blank please.
OK, didn't see that note about `diff -p` before.
> > + new_entry = (void *)(((uint8_t *)evt_log) + evt_log->NextEventOffset);
>
> new_entry = (void *)evt_log + evt_log->NextEventOffset;
>
OK.
> > + if ( evt_log->NextEventOffset + sizeof(struct TPM12_PCREvent) + data_size
> > + > evt_log_size )
>
> Nit: Operator placement again.
OK.
> > + return NULL;
> > +
> > + evt_log->NextEventOffset += sizeof(struct TPM12_PCREvent) + data_size;
> > +
> > + new_entry->PCRIndex = pcr;
> > + new_entry->Type = type;
> > + new_entry->Size = data_size;
> > +
> > + if ( data && data_size > 0 )
> > + memcpy(new_entry->Data, data, data_size);
>
> What about "data && !data_size" or "!data && data_size"? Are these legal
> inputs that are fine to ignore? Otherwise - why the if()?
Not every event has event data, so it can be NULL and/or of zero size.
Will state that in a comment.
> > +void tpm_hash_extend(unsigned loc, unsigned pcr, const uint8_t *buf,
> > + unsigned size, uint32_t type, const uint8_t *log_data,
> > + unsigned log_data_size)
> > +{
> > + void *evt_log_addr;
> > + uint32_t evt_log_size;
> > +
> > + find_evt_log(slaunch_get_slrt(), &evt_log_addr, &evt_log_size);
> > + evt_log_addr = __va((uintptr_t)evt_log_addr);
> > +
> > + if ( is_tpm12() )
> > + {
> > + uint8_t sha1_digest[SHA1_DIGEST_SIZE];
> > +
> > + struct txt_ev_log_container_12 *evt_log = evt_log_addr;
> > + void *entry_digest = create_log_event12(evt_log, evt_log_size, pcr,
> > + type, log_data, log_data_size);
> > +
> > + /* We still need to write computed hash somewhere. */
> > + if ( entry_digest == NULL )
> > + entry_digest = sha1_digest;
> > +
> > + if ( !tpm12_hash_extend(loc, buf, size, pcr, entry_digest) )
> > + {
> > +#ifndef __EARLY_SLAUNCH__
> > + printk(XENLOG_ERR "Extending PCR%u failed\n", pcr);
> > +#endif
> > + }
> > + }
>
> And implicitly "else { ignore everything }"?
Yes, but the next version of the patch will return an error instead.
> > +#ifdef __EARLY_SLAUNCH__
> > +void asmlinkage tpm_extend_mbi(uint32_t *mbi, uint32_t slrt_pa)
>
> Pointer to const please, and then make sure ...
>
> > +{
> > + /* Need this to implement slaunch_get_slrt() for early TPM code. */
> > + slrt_location = slrt_pa;
> > +
> > + /* MBI starts with uint32_t total_size. */
> > + tpm_hash_extend(DRTM_LOC, DRTM_DATA_PCR, (uint8_t *)mbi, *mbi,
>
> ... not to cast away const-ness here.
>
> Jan
Will do.
Regards,
Sergii
next prev parent reply other threads:[~2026-06-28 16:10 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-30 13:17 [PATCH v3 00/22] x86: Trenchboot Secure Launch DRTM (Xen) Sergii Dmytruk
2025-05-30 13:17 ` [PATCH v3 01/22] x86/include/asm/intel-txt.h: constants and accessors for TXT registers and heap Sergii Dmytruk
2025-07-02 14:29 ` Jan Beulich
2025-07-02 15:57 ` ross.philipson
2025-07-06 15:57 ` Sergii Dmytruk
2025-07-07 8:24 ` Jan Beulich
2025-09-23 8:52 ` Sergii Dmytruk
2025-07-03 10:27 ` Jan Beulich
2025-07-06 15:59 ` Sergii Dmytruk
2025-05-30 13:17 ` [PATCH v3 02/22] include/xen/slr-table.h: Secure Launch Resource Table definitions Sergii Dmytruk
2025-07-02 14:36 ` Jan Beulich
2025-07-06 16:55 ` Sergii Dmytruk
2025-07-07 8:29 ` Jan Beulich
2025-07-07 17:31 ` Sergii Dmytruk
2025-07-08 6:52 ` Jan Beulich
2025-07-13 17:29 ` Sergii Dmytruk
2025-07-14 7:33 ` Jan Beulich
2025-07-14 17:06 ` Sergii Dmytruk
2025-05-30 13:17 ` [PATCH v3 03/22] x86/boot: add MLE header and Secure Launch entry point Sergii Dmytruk
2025-07-03 10:25 ` Jan Beulich
2025-07-07 21:54 ` Sergii Dmytruk
2025-07-08 7:02 ` Jan Beulich
2025-07-13 17:51 ` Sergii Dmytruk
2025-07-14 7:38 ` Jan Beulich
2025-05-30 13:17 ` [PATCH v3 04/22] x86/boot/slaunch-early: implement early initialization Sergii Dmytruk
2025-06-03 16:17 ` ross.philipson
2025-06-11 22:14 ` Sergii Dmytruk
2025-06-12 8:02 ` Jan Beulich
2025-06-12 22:11 ` Sergii Dmytruk
2025-06-12 16:30 ` ross.philipson
2025-06-12 22:08 ` Sergii Dmytruk
2025-07-03 10:50 ` Jan Beulich
2025-07-15 14:10 ` Sergii Dmytruk
2025-05-30 13:17 ` [PATCH v3 05/22] x86/boot/slaunch-early: early TXT checks and boot data retrieval Sergii Dmytruk
2025-06-03 17:03 ` ross.philipson
2025-06-11 22:36 ` Sergii Dmytruk
2025-07-08 16:00 ` Jan Beulich
2025-09-23 8:39 ` Sergii Dmytruk
2025-09-23 14:23 ` Jan Beulich
2025-05-30 13:17 ` [PATCH v3 06/22] xen/arch/x86: reserve TXT memory during Slaunch Sergii Dmytruk
2025-07-10 13:00 ` Jan Beulich
2025-09-22 21:35 ` Sergii Dmytruk
2025-09-22 22:48 ` Jan Beulich
2025-09-23 15:15 ` Sergii Dmytruk
2025-07-10 13:01 ` Jan Beulich
2025-05-30 13:17 ` [PATCH v3 07/22] x86/mtrr: expose functions for pausing caching Sergii Dmytruk
2025-07-02 14:57 ` Jan Beulich
2025-07-06 17:34 ` Sergii Dmytruk
2025-07-07 8:32 ` Jan Beulich
2025-05-30 13:17 ` [PATCH v3 08/22] x86/slaunch: restore boot MTRRs after Intel TXT DRTM Sergii Dmytruk
2025-06-03 19:43 ` ross.philipson
2025-06-13 22:01 ` Sergii Dmytruk
2025-07-02 15:11 ` Jan Beulich
2025-07-06 21:55 ` Sergii Dmytruk
2025-07-07 8:37 ` Jan Beulich
2025-05-30 13:17 ` [PATCH v3 09/22] xen/lib: add implementation of SHA-1 Sergii Dmytruk
2025-07-02 14:45 ` Jan Beulich
2025-07-06 17:07 ` Sergii Dmytruk
2025-05-30 13:17 ` [PATCH v3 10/22] x86/tpm.c: code for early hashing and extending PCRs (for TPM1.2) Sergii Dmytruk
2025-06-05 17:43 ` ross.philipson
2025-06-13 22:24 ` Sergii Dmytruk
2025-10-22 14:07 ` Jan Beulich
2026-06-28 16:09 ` Sergii Dmytruk [this message]
2025-05-30 13:17 ` [PATCH v3 11/22] x86/tpm.c: support extending PCRs of TPM2.0 Sergii Dmytruk
2025-10-22 15:13 ` Jan Beulich
2026-06-28 22:09 ` Sergii Dmytruk
2025-05-30 13:17 ` [PATCH v3 12/22] x86/hvm: check for VMX in SMX if Slaunch is active Sergii Dmytruk
2025-07-02 14:50 ` Jan Beulich
2025-07-06 17:23 ` Sergii Dmytruk
2025-05-30 13:17 ` [PATCH v3 13/22] x86/tpm.c: implement event log for TPM2.0 Sergii Dmytruk
2025-10-22 15:17 ` Jan Beulich
2025-05-30 13:17 ` [PATCH v3 14/22] x86/boot: choose AP stack based on APIC ID Sergii Dmytruk
2026-01-22 15:52 ` Jan Beulich
2025-05-30 13:17 ` [PATCH v3 15/22] x86/smpboot.c: TXT AP bringup Sergii Dmytruk
2026-01-22 16:41 ` Jan Beulich
2025-05-30 13:17 ` [PATCH v3 16/22] x86/slaunch: process DRTM policy Sergii Dmytruk
2025-05-30 13:17 ` [PATCH v3 17/22] x86/acpi: disallow S3 on Secure Launch boot Sergii Dmytruk
2025-07-02 14:48 ` Jan Beulich
2025-07-06 17:18 ` Sergii Dmytruk
2025-05-30 13:18 ` [PATCH v3 18/22] x86/boot/slaunch-early: find MBI and SLRT on AMD Sergii Dmytruk
2025-05-30 13:18 ` [PATCH v3 19/22] x86/slaunch: support AMD SKINIT Sergii Dmytruk
2025-05-30 13:18 ` [PATCH v3 20/22] x86/slaunch: support EFI boot Sergii Dmytruk
2025-05-30 13:18 ` [PATCH v3 21/22] x86/cpu: report SMX, TXT and SKINIT capabilities Sergii Dmytruk
2026-01-22 15:58 ` Jan Beulich
2025-05-30 13:18 ` [PATCH v3 22/22] MAINTAINERS: add a section for TrenchBoot Slaunch Sergii Dmytruk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=akFHNFIuGGALeaw4@MjU3Nj \
--to=sergii.dmytruk@3mdeb.com \
--cc=andrew.cooper3@citrix.com \
--cc=dpsmith@apertussolutions.com \
--cc=jbeulich@suse.com \
--cc=roger.pau@citrix.com \
--cc=ross.philipson@oracle.com \
--cc=trenchboot-devel@googlegroups.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.