From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Ard Biesheuvel <ardb+git@google.com>,
linux-efi@vger.kernel.org,
Ilias Apalodimas <ilias.apalodimas@linaro.org>
Subject: Re: [PATCH 1/4] efi/libstub: Fold efi_tcg2_tagged_event into efi_measured_event
Date: Tue, 5 Mar 2024 11:19:13 -0800 [thread overview]
Message-ID: <e48f01c3-c417-4826-bbbf-bc9b85df7dca@linux.intel.com> (raw)
In-Reply-To: <CAMj1kXHvzS6w8gmaSHiu13__uP95AUJxMXBVnOGFB6Tt1+ocfA@mail.gmail.com>
On 3/5/24 12:21 AM, Ard Biesheuvel wrote:
> On Tue, 5 Mar 2024 at 05:30, Kuppuswamy Sathyanarayanan
> <sathyanarayanan.kuppuswamy@linux.intel.com> wrote:
>>
>> On 3/4/24 2:44 AM, Ard Biesheuvel wrote:
>>> From: Ard Biesheuvel <ardb@kernel.org>
>>>
>>> In spite of the efi_ prefix, struct efi_tcg2_tagged_event is specific to
>>> the EFI stub, and so we can tweak it to our liking if needed, e.g., to
>>> accommodate the TDX variant of the TCG2 measurement protocol.
>>>
>>> In preparation for that, get rid of it entirely, and combine it with the
>>> efi_measured_event struct used by the measurement code.
>>>
>>> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
>>> ---
With nits fixed,
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
>>> drivers/firmware/efi/libstub/efi-stub-helper.c | 26 ++++++++------------
>>> drivers/firmware/efi/libstub/efistub.h | 18 ++++++++------
>>> 2 files changed, 21 insertions(+), 23 deletions(-)
>>>
>>> diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
>>> index bfa30625f5d0..0dbc9d3f4abd 100644
>>> --- a/drivers/firmware/efi/libstub/efi-stub-helper.c
>>> +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
>>> @@ -193,7 +193,7 @@ void efi_apply_loadoptions_quirk(const void **load_options, u32 *load_options_si
>>> *load_options_size = load_option_unpacked.optional_data_size;
>>> }
>>>
>>> -enum efistub_event {
>>> +enum efistub_event_type {
>>> EFISTUB_EVT_INITRD,
>>> EFISTUB_EVT_LOAD_OPTIONS,
>>> EFISTUB_EVT_COUNT,
>>> @@ -221,44 +221,38 @@ static const struct {
>>>
>>> static efi_status_t efi_measure_tagged_event(unsigned long load_addr,
>>> unsigned long load_size,
>>> - enum efistub_event event)
>>> + enum efistub_event_type event)
>>> {
>>> + struct efistub_measured_event *evt;
>>> + int size = struct_size(evt, tagged_event_data,
>>> + events[event].event_data_len);
>> Include linux/overflow.h explicitly?
>>
> Yes, good point.
>
>>> efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID;
>>> efi_tcg2_protocol_t *tcg2 = NULL;
>>> efi_status_t status;
>>>
>>> efi_bs_call(locate_protocol, &tcg2_guid, NULL, (void **)&tcg2);
>>> if (tcg2) {
>>> - struct efi_measured_event {
>>> - efi_tcg2_event_t event_data;
>>> - efi_tcg2_tagged_event_t tagged_event;
>>> - u8 tagged_event_data[];
>>> - } *evt;
>>> - int size = sizeof(*evt) + events[event].event_data_len;
>>> -
>>> status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, size,
>>> (void **)&evt);
>> It looks like in patch 3 you have converted evt as stack variable. Since that
>> change is not specific to CC fallback, can it be moved here?
>>
> Not sure what you mean here. evt is still there after parch #3
Sorry, it looks like I misread the patch # 3. Please ignore this comment.
>
>>> if (status != EFI_SUCCESS)
>>> goto fail;
>>>
>>> - evt->event_data = (struct efi_tcg2_event){
>>> + evt->event_data.tcg2_data = (struct efi_tcg2_event){
>>> .event_size = size,
>>> - .event_header.header_size = sizeof(evt->event_data.event_header),
>>> + .event_header.header_size = sizeof(evt->event_data.tcg2_data.event_header),
>>> .event_header.header_version = EFI_TCG2_EVENT_HEADER_VERSION,
>>> .event_header.pcr_index = events[event].pcr_index,
>>> .event_header.event_type = EV_EVENT_TAG,
>>> };
>>>
>>> - evt->tagged_event = (struct efi_tcg2_tagged_event){
>>> - .tagged_event_id = events[event].event_id,
>>> - .tagged_event_data_size = events[event].event_data_len,
>>> - };
>>> + evt->tagged_event_id = events[event].event_id;
>>> + evt->tagged_event_data_size = events[event].event_data_len;
>>>
>>> memcpy(evt->tagged_event_data, events[event].event_data,
>>> events[event].event_data_len);
>>>
>>> status = efi_call_proto(tcg2, hash_log_extend_event, 0,
>>> - load_addr, load_size, &evt->event_data);
>>> + load_addr, load_size, &evt->event_data.tcg2_data);
>>> efi_bs_call(free_pool, evt);
>>>
>>> if (status != EFI_SUCCESS)
>>> diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
>>> index c04b82ea40f2..b2c50dce48b8 100644
>>> --- a/drivers/firmware/efi/libstub/efistub.h
>>> +++ b/drivers/firmware/efi/libstub/efistub.h
>>> @@ -843,14 +843,7 @@ struct efi_tcg2_event {
>>> /* u8[] event follows here */
>>> } __packed;
>>>
>>> -struct efi_tcg2_tagged_event {
>>> - u32 tagged_event_id;
>>> - u32 tagged_event_data_size;
>>> - /* u8 tagged event data follows here */
>>> -} __packed;
>>> -
>>> typedef struct efi_tcg2_event efi_tcg2_event_t;
>>> -typedef struct efi_tcg2_tagged_event efi_tcg2_tagged_event_t;
>>> typedef union efi_tcg2_protocol efi_tcg2_protocol_t;
>>>
>>> union efi_tcg2_protocol {
>>> @@ -882,6 +875,17 @@ union efi_tcg2_protocol {
>>> } mixed_mode;
>>> };
>>>
>>> +union efistub_event {
>>> + efi_tcg2_event_t tcg2_data;
>>> +};
>>> +
>>> +struct efistub_measured_event {
>>> + union efistub_event event_data;
>>> + u32 tagged_event_id;
>>> + u32 tagged_event_data_size;
>>> + u8 tagged_event_data[];
>>> +} __packed;
>>> +
>> Since efistub_measured_event is only used efi-stub-helper.c, why
>> not leave it there?
>>
> Indeed. I will move it back.
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
next prev parent reply other threads:[~2024-03-05 19:19 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-04 10:44 [PATCH 0/4] efi/libstub: Fall back to CC proto for measurement Ard Biesheuvel
2024-03-04 10:44 ` [PATCH 1/4] efi/libstub: Fold efi_tcg2_tagged_event into efi_measured_event Ard Biesheuvel
2024-03-05 4:30 ` Kuppuswamy Sathyanarayanan
2024-03-05 8:21 ` Ard Biesheuvel
2024-03-05 19:19 ` Kuppuswamy Sathyanarayanan [this message]
2024-03-04 10:44 ` [PATCH 2/4] efi/libstub: Add Confidential Computing (CC) measurement typedefs Ard Biesheuvel
2024-03-05 18:00 ` Ilias Apalodimas
2024-03-05 19:27 ` Kuppuswamy Sathyanarayanan
2024-03-05 19:59 ` Ilias Apalodimas
2024-03-04 10:44 ` [PATCH 3/4] efi/libstub: Measure into CC protocol if TCG2 protocol is absent Ard Biesheuvel
2024-03-05 17:34 ` Dionna Amalie Glaze
2024-03-05 17:47 ` Ard Biesheuvel
2024-03-05 17:55 ` Ilias Apalodimas
2024-03-05 18:00 ` Dionna Amalie Glaze
2024-03-05 18:33 ` Kuppuswamy Sathyanarayanan
2024-03-05 18:46 ` Dionna Amalie Glaze
2024-03-05 19:36 ` Kuppuswamy Sathyanarayanan
2024-03-05 21:28 ` Dionna Amalie Glaze
2024-03-05 21:28 ` Ard Biesheuvel
2024-03-05 21:39 ` Kuppuswamy Sathyanarayanan
2024-03-04 10:44 ` [PATCH 4/4] efi/libstub: Add get_event_log() support for CC platforms Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e48f01c3-c417-4826-bbbf-bc9b85df7dca@linux.intel.com \
--to=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=ardb+git@google.com \
--cc=ardb@kernel.org \
--cc=ilias.apalodimas@linaro.org \
--cc=linux-efi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.