[PATCH 1/5] efi_loader: increase eventlog buffer size

Heinrich Schuchardt xypron.glpk at gmx.de
Thu Jul 15 17:29:53 CEST 2021



On 15.07.21 17:18, Simon Glass wrote:
> Hi Heinrich,
>
> On Thu, 15 Jul 2021 at 08:38, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>>
>> On 7/15/21 2:57 PM, Simon Glass wrote:
>>> Hi Ilias,
>>>
>>> On Thu, 15 Jul 2021 at 00:20, Ilias Apalodimas
>>> <ilias.apalodimas at linaro.org> wrote:
>>>>
>>>> On Wed, Jul 14, 2021 at 08:52:07AM -0600, Simon Glass wrote:
>>>>> Hi Ilias,
>>>>>
>>>>> On Mon, 12 Jul 2021 at 03:28, Ilias Apalodimas
>>>>> <ilias.apalodimas at linaro.org> wrote:
>>>>>>
>>>>>> On Mon, 12 Jul 2021 at 11:40, Masahisa Kojima
>>>>>> <masahisa.kojima at linaro.org> wrote:
>>>>>>>
>>>>>>> Hi Simon,
>>>>>>>
>>>>>>> On Sun, 11 Jul 2021 at 09:01, Simon Glass <sjg at chromium.org> wrote:
>>>>>>>>
>>>>>>>> Hi Masahisa,
>>>>>>>>
>>>>>>>> On Wed, 7 Jul 2021 at 20:21, Masahisa Kojima <masahisa.kojima at linaro.org> wrote:
>>>>>>>>>
>>>>>>>>> On Wed, 7 Jul 2021 at 22:47, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 7/7/21 3:36 PM, Masahisa Kojima wrote:
>>>>>>>>>>> This is a preperation to add eventlog support
>>>>>>>>>>> described in TCG PC Client PFP spec.
>>>>>>>>>>>
>>>>>>>>>>> Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
>>>>>>>>>>> ---
>>>>>>>>>>>     lib/efi_loader/Kconfig | 2 +-
>>>>>>>>>>>     1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>>>>>>>
>>>>>>>>>>> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
>>>>>>>>>>> index b2ab48a048..a87bf3cc98 100644
>>>>>>>>>>> --- a/lib/efi_loader/Kconfig
>>>>>>>>>>> +++ b/lib/efi_loader/Kconfig
>>>>>>>>>>> @@ -327,7 +327,7 @@ config EFI_TCG2_PROTOCOL
>>>>>>>>>>>     config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
>>>>>>>>>>>         int "EFI_TCG2_PROTOCOL EventLog size"
>>>>>>>>>>>         depends on EFI_TCG2_PROTOCOL
>>>>>>>>>>> -     default 4096
>>>>>>>>>>> +     default 16384
>>>>>>>>>>
>>>>>>>>>> I found this text in EDK II:
>>>>>>>>>>
>>>>>>>>>> Minimum length(in bytes) of the system preboot TCG event log area(LAML)
>>>>>>>>>> -----------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>> For PC Client Implementation spec up to and including 1.2 the minimum
>>>>>>>>>> log size is 64KB. (SecurityPkg/SecurityPkg.dec)
>>>>>>>>>
>>>>>>>>> Thank you for your feedback.
>>>>>>>>> I have not checked this.
>>>>>>>>> TCG spec also says "The Log Area Minimum Length for the TCG event log
>>>>>>>>> MUST be at least 64KB." in ACPI chapter.
>>>>>>>>> I will update to set 64KB as default.
>>>>>>>>>
>>>>>>>>
>>>>>>>> Is this the same as the BLOBLISTT_TPM2_TCG_LOG thing? If so, can we
>>>>>>>> put this in the bloblist? We want to avoid adding code in EFI which is
>>>>>>>> in U-Boot.
>>>>>>>
>>>>>>> I think bloblist is used for data passing from SPL/TPL to u-boot.
>>>>>>> Is your comment saying that the eventlog generated
>>>>>>> in u-boot(done in efi_tcg2.c with this patch series) should be appended
>>>>>>> into the buffer pointed by BLOBLISTT_TPM2_TCG_LOG blob?
>>>>>>>
>>>>>>
>>>>>> Even in that case the eventlog can't be appended.  The TCG eventlog
>>>>>> hould be copied into EFI memory, since the kernel expects to find it
>>>>>> there.
>>>>>
>>>>> Typically bloblist is relocated by U-Boot. There are lots of tables
>>>>> that must be passed to linux, including ACPI and SMBIOS. With bloblist
>>>>> they can all be in one place.
>>>>
>>>>
>>>> The eventlog must be allocated in EFI memory though.
>>>
>>> There is really only one memory in U-Boot. I feel that all stuff that
>>> EFI passes on to linux should be in a single bloblist.
>>
>> We have should follow existing standards and not invent our own. LInux
>> is not the only OS booted via U-Boot.
>
> Perhaps we can talk about it in the next call. My point is not about
> avoiding standards!
>
> What I am saying is that if we put things in a bloblist, and make that
> available to Linux (or other OS) via EFI, things should work, but

Which operating would be aware of your bloblist? Windows, BSD, Haiku?

We want U-Boot to be interchangable with other UEFI firmware like EDK
II. This will only work if we program against the same specs and don't
invent new interfaces.

Best regards

Heinrich

> non-EFI people are happy too. See the ACPI stuff for example - we put
> all of those bits in a bloblist, which is really just a contiguous
> area of memory. It is more convenient for U-Boot than allocating
> memory willy nilly. Plus the 'bloblist' command lets you see what is
> there.
>
> Anyway I really don't understand all of this well enough to say what
> we should do. I am just passing on hints. There is way too much
> 'separate' EFI code in U-Boot at present and we need to work to reduce
> that and hopefully not add more.
>
> [..]
>
> Regards,
> Simon
>


More information about the U-Boot mailing list