From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Ard Biesheuvel <ardb+git@google.com>,
linux-efi@vger.kernel.org,
Ilias Apalodimas <ilias.apalodimas@linaro.org>
Subject: Re: [PATCH 1/4] efi/libstub: Fold efi_tcg2_tagged_event into efi_measured_event
Date: Tue, 5 Mar 2024 11:19:13 -0800 [thread overview]
Message-ID: <e48f01c3-c417-4826-bbbf-bc9b85df7dca@linux.intel.com> (raw)
In-Reply-To: <CAMj1kXHvzS6w8gmaSHiu13__uP95AUJxMXBVnOGFB6Tt1+ocfA@mail.gmail.com>
On 3/5/24 12:21 AM, Ard Biesheuvel wrote:
> On Tue, 5 Mar 2024 at 05:30, Kuppuswamy Sathyanarayanan
> <sathyanarayanan.kuppuswamy@linux.intel.com> wrote:
>>
>> On 3/4/24 2:44 AM, Ard Biesheuvel wrote:
>>> From: Ard Biesheuvel <ardb@kernel.org>
>>>
>>> In spite of the efi_ prefix, struct efi_tcg2_tagged_event is specific to
>>> the EFI stub, and so we can tweak it to our liking if needed, e.g., to
>>> accommodate the TDX variant of the TCG2 measurement protocol.
>>>
>>> In preparation for that, get rid of it entirely, and combine it with the
>>> efi_measured_event struct used by the measurement code.
>>>
>>> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
>>> ---
With nits fixed,
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
>>> drivers/firmware/efi/libstub/efi-stub-helper.c | 26 ++++++++------------
>>> drivers/firmware/efi/libstub/efistub.h | 18 ++++++++------
>>> 2 files changed, 21 insertions(+), 23 deletions(-)
>>>
>>> diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
>>> index bfa30625f5d0..0dbc9d3f4abd 100644
>>> --- a/drivers/firmware/efi/libstub/efi-stub-helper.c
>>> +++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
>>> @@ -193,7 +193,7 @@ void efi_apply_loadoptions_quirk(const void **load_options, u32 *load_options_si
>>> *load_options_size = load_option_unpacked.optional_data_size;
>>> }
>>>
>>> -enum efistub_event {
>>> +enum efistub_event_type {
>>> EFISTUB_EVT_INITRD,
>>> EFISTUB_EVT_LOAD_OPTIONS,
>>> EFISTUB_EVT_COUNT,
>>> @@ -221,44 +221,38 @@ static const struct {
>>>
>>> static efi_status_t efi_measure_tagged_event(unsigned long load_addr,
>>> unsigned long load_size,
>>> - enum efistub_event event)
>>> + enum efistub_event_type event)
>>> {
>>> + struct efistub_measured_event *evt;
>>> + int size = struct_size(evt, tagged_event_data,
>>> + events[event].event_data_len);
>> Include linux/overflow.h explicitly?
>>
> Yes, good point.
>
>>> efi_guid_t tcg2_guid = EFI_TCG2_PROTOCOL_GUID;
>>> efi_tcg2_protocol_t *tcg2 = NULL;
>>> efi_status_t status;
>>>
>>> efi_bs_call(locate_protocol, &tcg2_guid, NULL, (void **)&tcg2);
>>> if (tcg2) {
>>> - struct efi_measured_event {
>>> - efi_tcg2_event_t event_data;
>>> - efi_tcg2_tagged_event_t tagged_event;
>>> - u8 tagged_event_data[];
>>> - } *evt;
>>> - int size = sizeof(*evt) + events[event].event_data_len;
>>> -
>>> status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, size,
>>> (void **)&evt);
>> It looks like in patch 3 you have converted evt as stack variable. Since that
>> change is not specific to CC fallback, can it be moved here?
>>
> Not sure what you mean here. evt is still there after parch #3
Sorry, it looks like I misread the patch # 3. Please ignore this comment.
>
>>> if (status != EFI_SUCCESS)
>>> goto fail;
>>>
>>> - evt->event_data = (struct efi_tcg2_event){
>>> + evt->event_data.tcg2_data = (struct efi_tcg2_event){
>>> .event_size = size,
>>> - .event_header.header_size = sizeof(evt->event_data.event_header),
>>> + .event_header.header_size = sizeof(evt->event_data.tcg2_data.event_header),
>>> .event_header.header_version = EFI_TCG2_EVENT_HEADER_VERSION,
>>> .event_header.pcr_index = events[event].pcr_index,
>>> .event_header.event_type = EV_EVENT_TAG,
>>> };
>>>
>>> - evt->tagged_event = (struct efi_tcg2_tagged_event){
>>> - .tagged_event_id = events[event].event_id,
>>> - .tagged_event_data_size = events[event].event_data_len,
>>> - };
>>> + evt->tagged_event_id = events[event].event_id;
>>> + evt->tagged_event_data_size = events[event].event_data_len;
>>>
>>> memcpy(evt->tagged_event_data, events[event].event_data,
>>> events[event].event_data_len);
>>>
>>> status = efi_call_proto(tcg2, hash_log_extend_event, 0,
>>> - load_addr, load_size, &evt->event_data);
>>> + load_addr, load_size, &evt->event_data.tcg2_data);
>>> efi_bs_call(free_pool, evt);
>>>
>>> if (status != EFI_SUCCESS)
>>> diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
>>> index c04b82ea40f2..b2c50dce48b8 100644
>>> --- a/drivers/firmware/efi/libstub/efistub.h
>>> +++ b/drivers/firmware/efi/libstub/efistub.h
>>> @@ -843,14 +843,7 @@ struct efi_tcg2_event {
>>> /* u8[] event follows here */
>>> } __packed;
>>>
>>> -struct efi_tcg2_tagged_event {
>>> - u32 tagged_event_id;
>>> - u32 tagged_event_data_size;
>>> - /* u8 tagged event data follows here */
>>> -} __packed;
>>> -
>>> typedef struct efi_tcg2_event efi_tcg2_event_t;
>>> -typedef struct efi_tcg2_tagged_event efi_tcg2_tagged_event_t;
>>> typedef union efi_tcg2_protocol efi_tcg2_protocol_t;
>>>
>>> union efi_tcg2_protocol {
>>> @@ -882,6 +875,17 @@ union efi_tcg2_protocol {
>>> } mixed_mode;
>>> };
>>>
>>> +union efistub_event {
>>> + efi_tcg2_event_t tcg2_data;
>>> +};
>>> +
>>> +struct efistub_measured_event {
>>> + union efistub_event event_data;
>>> + u32 tagged_event_id;
>>> + u32 tagged_event_data_size;
>>> + u8 tagged_event_data[];
>>> +} __packed;
>>> +
>> Since efistub_measured_event is only used efi-stub-helper.c, why
>> not leave it there?
>>
> Indeed. I will move it back.
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
next prev parent reply other threads:[~2024-03-05 19:19 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-04 10:44 [PATCH 0/4] efi/libstub: Fall back to CC proto for measurement Ard Biesheuvel
2024-03-04 10:44 ` [PATCH 1/4] efi/libstub: Fold efi_tcg2_tagged_event into efi_measured_event Ard Biesheuvel
2024-03-05 4:30 ` Kuppuswamy Sathyanarayanan
2024-03-05 8:21 ` Ard Biesheuvel
2024-03-05 19:19 ` Kuppuswamy Sathyanarayanan [this message]
2024-03-04 10:44 ` [PATCH 2/4] efi/libstub: Add Confidential Computing (CC) measurement typedefs Ard Biesheuvel
2024-03-05 18:00 ` Ilias Apalodimas
2024-03-05 19:27 ` Kuppuswamy Sathyanarayanan
2024-03-05 19:59 ` Ilias Apalodimas
2024-03-04 10:44 ` [PATCH 3/4] efi/libstub: Measure into CC protocol if TCG2 protocol is absent Ard Biesheuvel
2024-03-05 17:34 ` Dionna Amalie Glaze
2024-03-05 17:47 ` Ard Biesheuvel
2024-03-05 17:55 ` Ilias Apalodimas
2024-03-05 18:00 ` Dionna Amalie Glaze
2024-03-05 18:33 ` Kuppuswamy Sathyanarayanan
2024-03-05 18:46 ` Dionna Amalie Glaze
2024-03-05 19:36 ` Kuppuswamy Sathyanarayanan
2024-03-05 21:28 ` Dionna Amalie Glaze
2024-03-05 21:28 ` Ard Biesheuvel
2024-03-05 21:39 ` Kuppuswamy Sathyanarayanan
2024-03-04 10:44 ` [PATCH 4/4] efi/libstub: Add get_event_log() support for CC platforms Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e48f01c3-c417-4826-bbbf-bc9b85df7dca@linux.intel.com \
--to=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=ardb+git@google.com \
--cc=ardb@kernel.org \
--cc=ilias.apalodimas@linaro.org \
--cc=linux-efi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox