Re: [Qemu-devel] TPM status

[Stefan Berger <stefanb@linux.vnet.ibm.com>]

On 06/29/2017 10:07 AM, Javier Martinez Canillas wrote:
> Hello Stefan,
>
> On 06/28/2017 10:57 PM, Stefan Berger wrote:
>> On 06/28/2017 12:44 PM, Laszlo Ersek wrote:
>>> On 06/28/17 17:22, Peter Jones wrote:
>>>> On Tue, Jun 27, 2017 at 12:12:50PM -0400, Stefan Berger wrote:
> [snip]
>
>>>>> To support measurements logs to be written by the firmware, e.g.
>>>>> SeaBIOS, a TCPA table is implemented. This table provides a 64kb
>>>>> buffer where the firmware can write its log into.
>>>> How does this work if we boot with edk2?
>>> My expectation is that it doesn't work at all, without doing some OVMF
>>> platform enablement first. (See
>>> <https://bugzilla.tianocore.org/show_bug.cgi?id=594>.) My plan is to use
>>> Stefan's document as a starting point for the edk2 / OVMF investigation
>>> -- one known and one unknown are better than two unknowns (to me).
>>>> Do we get what's described in
>>>> https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf
>>>> instead of this interface?  As well as it?  It'd be good to have some
>>>> text about this here.
>>> I don't think that Stefan has spent any time on EFI enablement, so this
>>> part of the document will have to be written later, once there is any
>>> EFI-related functionality we can document. (I expect.)
>> Right, I did not spend any time on EFI. I suppose the ACPI tables going to a BIOS are also useful for EFI.
>>
>> For BIOS there is unfortunately only a spec for TPM 1.2, none anymore for
>> TPM2, at least back then when I last looked for it. So I ended up passing
>> that TCPA table that has the pointer for the logging area also in case of
>> a TPM 2. So SeaBIOS writes its log to it in both cases, following the TPM 2
> But this isn't correct from a TPM2 pov, right? Because the TPM2 spec says
> that the ACPI table that contains the TPM2.0 event logs is the TPM2 table.

The problem is the lack of specs for BIOS to support TPM. I don't see 
how the TPM2 could hold the log pointer. I am looking at section 7.3 in 
this document here:

https://www.trustedcomputinggroup.org/wp-content/uploads/TCG_ACPIGeneralSpecification_1-10_0-37-Published.pdf


>
> So instead the LASA field in the passed TPM2 ACPI table should point to the
> allocated buffer used by the firmware to store the event logs.

I only see LAML and LASA for TCPA ACPI table (sections 7.1.2 & 7.2.2),  
which seems to only be valid for TPM 1.2.


>> format form the EFI specs for the entries. The Linux driver in the meantime
>> has modified the code so  that it doesn't show the log anymore in case of
>> TPM 2 :-( . I think the above referenced specs would explain how the logging
> Do you mean that in the past Linux exposed the securityfs files with the event
> logs for TPM2 chips as well? My understanding is that Linux does the correct
> thing now, since as mentioned the TCPA table should only be used for TPM1.2.

There may have been a version or two of the driver that did that, yes.

This version has this check:

http://elixir.free-electrons.com/linux/v4.11.8/source/drivers/char/tpm/tpm_acpi.c#L57

This version does not have this check:

http://elixir.free-electrons.com/linux/v4.10.17/source/drivers/char/tpm/tpm_acpi.c



>
> There are patches posted to add Linux support to read the event logs for TPM2
> chips but from the TPM2 ACPI table. I see that hose haven't landed yet though:
>
> https://patchwork.kernel.org/project/tpmdd-devel/list/?submitter=7143

Aha, so I see this person is following some draft spec that isn't 
referenced via above page, yet.

"Latest draft of TPM 2 ACPI specification added TCG log start/length
to the TPM2 ACPI table.  So Linux kernel can now read it without
having to get involved with boot loader, same way TPM1/TCPA tables
work."

https://patchwork.kernel.org/patch/9651005/

> Best regards,