From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Javier Martinez Canillas <javierm@redhat.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
ltp@lists.linux.it, linux-integrity@vger.kernel.org,
Petr Vorel <pvorel@suse.cz>,
"Tricca, Philip B" <philip.b.tricca@intel.com>,
Thiebaud Weksteen <tweek@google.com>,
Petr Vandrovec <petr@vmware.com>
Subject: Re: Hidden TPM questions in the LTP IMA posts
Date: Thu, 8 Feb 2018 14:36:24 +0200 [thread overview]
Message-ID: <20180208123624.3ib7w7hgj2kk7pfu@linux.intel.com> (raw)
In-Reply-To: <3279a223-a638-a21d-aa24-1879cf20df4c@redhat.com>
On Mon, Feb 05, 2018 at 02:34:49PM +0100, Javier Martinez Canillas wrote:
> Support for reading from EFI is what landed for this release, but only the
> TPM 1.2 (SHA1) format is supported, there's still not support for TPM 2.0
> (crypto agile). You can see that in drivers/firmware/efi/libstub/tpm.c:
>
> void efi_retrieve_tpm2_eventlog_1_2(efi_system_table_t *sys_table_arg)
> {
> ...
> status = efi_call_proto(efi_tcg2_protocol, get_event_log, tcg2_protocol,
> EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2,
> &log_location, &log_last_entry, &truncated);
> ...
> }
>
> void efi_retrieve_tpm2_eventlog(efi_system_table_t *sys_table_arg)
> {
> /* Only try to retrieve the logs in 1.2 format. */
> efi_retrieve_tpm2_eventlog_1_2(sys_table_arg);
> }
>
> But all the bits for TPM 2.0 (crypto agile) support seems to already be in
> drivers/char/tpm/tpm2_eventlog.c, are only missing in the EFI stub AFAICT.
This is correct. DT based platforms already support crypto agile.
> Now, on latest TCG ACPI Specification (Revision 8, August 18, 2017) [1],
> the spec does mention that the ACPI table with signature 'TPM2' can have
> the LASA and LAML as optional fields. This is mentioned in section 7.3
> "ACPI Table for TPM 2.0".
Oh, this is new to me. We can support it as soon as there is a plaform
that has it. I do not have any at this point.
/Jarkko
prev parent reply other threads:[~2018-02-08 12:36 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-26 14:49 Hidden TPM questions in the LTP IMA posts Mimi Zohar
2018-01-31 13:32 ` Jarkko Sakkinen
2018-01-31 13:43 ` Petr Vorel
2018-01-31 16:29 ` Mimi Zohar
2018-02-05 8:42 ` Jarkko Sakkinen
2018-02-05 13:34 ` Javier Martinez Canillas
2018-02-08 12:36 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180208123624.3ib7w7hgj2kk7pfu@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=javierm@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=petr@vmware.com \
--cc=philip.b.tricca@intel.com \
--cc=pvorel@suse.cz \
--cc=tweek@google.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox