Re: [PATCH v6 3/6] tpm: Support boot measurements

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Eddie James <eajames@linux.ibm.com>
Cc: u-boot@lists.denx.de, sjg@chromium.org, xypron.glpk@gmx.de,
	joel@jms.id.au
Subject: Re: [PATCH v6 3/6] tpm: Support boot measurements
Date: Thu, 23 Feb 2023 20:07:49 +0200	[thread overview]
Message-ID: <Y/erdXXEHJi2zRWI@hera> (raw)
In-Reply-To: <2e4e1a87-00dc-4a0f-9a84-162daf578292@linux.ibm.com>

Hi Eddie,

[...]

> > But at least the kernel can find the EFI config tables properly.
> > > Also, note that the ret is efi_status_t and the new function you added
> > > returns an int.  Just switch the ret here accordingly.
> > >
> > >
> > >           * platforms can use different ways to do so.
> > >           */
> > >          ret = tcg2_init_log(dev, &elog);
> > > -       if (ret != EFI_SUCCESS)
> > > -               goto free_pool;
> > > -
> > > -       memcpy(event_log.buffer, elog.log, elog.log_position);
> > > -       event_log.pos = elog.log_position;
> > > +       if (ret == EFI_SUCCESS) {
> > > +               memcpy(event_log.buffer, elog.log, elog.log_position);
> > > +               event_log.pos = elog.log_position;
> > > +       }
> > >
> > >
> > > I'll try digging into the EFI issues more once I get some time
> > Ok Ignore the previous mail. I just noticed that the specid event is
> > generated by tcg2_log_init() and that's where the errors come from.
>
>
> OK, I think I understand the problem. One problem with your solution below
> is that it's only useful for EFI; writing the event log to a temporary
> buffer in the non-EFI case is a waste of time, since it can't go anywhere.

It's not even a 'solution', it's just an ugly hack to help you understand
where things go sideways.

>
> I have a solution where the user can pass in their buffer in the
> tcg2_event_log structure in the event that no memory region is discovered.
> EFI can use that path.

Yep that sounds sane,  that way EFI can pass the efi allocated memory and
you can call call that with NULL for non-efi code.
Please keep in mind that the EventLog, if it comes from TF-A, needs to be
replayed into hardware as well, since TF-A doesn't extend PCRs.

>
>
> Thanks for the debugging effort!

yw

Cheers
/Ilias
>
> Eddie
>
>
> >
> > So something like the *really ugly hack* fixes EFI.  Can you please
> > turn it into human-readable code
> >
> >   #include <linux/unaligned/be_byteshift.h>
> >   #include <linux/unaligned/generic.h>
> >   #include <linux/unaligned/le_byteshift.h>
> > +#include <malloc.h>
> >
> >   #include "tpm-utils.h"
> >
> > @@ -634,7 +635,7 @@ __weak int tcg2_platform_get_log(struct udevice
> > *dev, void **addr, u32 *size)
> >
> >                  if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0,
> >                                                 0, &args))
> > -                       return -ENODEV;
> > +                       goto alloc;
> >
> >                  a = ofnode_get_addr_size(args.node, "reg", &s);
> >                  if (a == FDT_ADDR_T_NONE)
> > @@ -643,6 +644,9 @@ __weak int tcg2_platform_get_log(struct udevice
> > *dev, void **addr, u32 *size)
> >                  *addr = map_physmem(a, s, MAP_NOCACHE);
> >                  *size = (u32)s;
> >          }
> > +alloc:
> > +       *addr = calloc(1, 4096);
> > +       *size = 4096;
> >
> >          return 0;
> >   }
> >
> > Cheers
> > /Ilias
> >
> > > Cheers
> > > /Ilias
> > > > Thanks!
> > > > /Ilias

next prev parent reply	other threads:[~2023-02-23 18:07 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-22 18:02 [PATCH v6 0/6] tpm: Support boot measurements Eddie James
2023-02-22 18:02 ` [PATCH v6 1/6] tpm: Fix spelling for tpmu_ha union Eddie James
2023-02-22 18:02 ` [PATCH v6 2/6] tpm: sandbox: Update for needed TPM2 capabilities Eddie James
2023-02-22 18:02 ` [PATCH v6 3/6] tpm: Support boot measurements Eddie James
2023-02-23  9:02   ` Ilias Apalodimas
2023-02-23  9:30     ` Ilias Apalodimas
2023-02-23  9:47       ` Ilias Apalodimas
2023-02-23 17:52         ` Eddie James
2023-02-23 18:07           ` Ilias Apalodimas [this message]
2023-02-23 21:17             ` Ilias Apalodimas
2023-02-22 18:02 ` [PATCH v6 4/6] bootm: Support boot measurement Eddie James
2023-02-22 19:17   ` Simon Glass
2023-02-22 18:02 ` [PATCH v6 5/6] test: Add sandbox TPM " Eddie James
2023-02-23 11:35   ` Ilias Apalodimas
2023-02-22 18:02 ` [PATCH v6 6/6] doc: Add measured boot documentation Eddie James
2023-02-22 19:17   ` Simon Glass
2023-02-22 20:26   ` Heinrich Schuchardt
2023-02-23  7:12     ` Ilias Apalodimas
2023-03-01 22:35     ` Eddie James

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y/erdXXEHJi2zRWI@hera \
    --to=ilias.apalodimas@linaro.org \
    --cc=eajames@linux.ibm.com \
    --cc=joel@jms.id.au \
    --cc=sjg@chromium.org \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox