[PATCH 1/5] efi_loader: increase eventlog buffer size

Simon Glass sjg at chromium.org
Thu Jul 15 18:09:58 CEST 2021 

Hi Heinrich,

On Thu, 15 Jul 2021 at 09:35, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>
>
>
> On 15.07.21 17:18, Simon Glass wrote:
> > Hi Heinrich,
> >
> > On Thu, 15 Jul 2021 at 08:38, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
> >>
> >> On 7/15/21 2:57 PM, Simon Glass wrote:
> >>> Hi Ilias,
> >>>
> >>> On Thu, 15 Jul 2021 at 00:20, Ilias Apalodimas
> >>> <ilias.apalodimas at linaro.org> wrote:
> >>>>
> >>>> On Wed, Jul 14, 2021 at 08:52:07AM -0600, Simon Glass wrote:
> >>>>> Hi Ilias,
> >>>>>
> >>>>> On Mon, 12 Jul 2021 at 03:28, Ilias Apalodimas
> >>>>> <ilias.apalodimas at linaro.org> wrote:
> >>>>>>
> >>>>>> On Mon, 12 Jul 2021 at 11:40, Masahisa Kojima
> >>>>>> <masahisa.kojima at linaro.org> wrote:
> >>>>>>>
> >>>>>>> Hi Simon,
> >>>>>>>
> >>>>>>> On Sun, 11 Jul 2021 at 09:01, Simon Glass <sjg at chromium.org> wrote:
> >>>>>>>>
> >>>>>>>> Hi Masahisa,
> >>>>>>>>
> >>>>>>>> On Wed, 7 Jul 2021 at 20:21, Masahisa Kojima <masahisa.kojima at linaro.org> wrote:
> >>>>>>>>>
> >>>>>>>>> On Wed, 7 Jul 2021 at 22:47, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On 7/7/21 3:36 PM, Masahisa Kojima wrote:
> >>>>>>>>>>> This is a preperation to add eventlog support
> >>>>>>>>>>> described in TCG PC Client PFP spec.
> >>>>>>>>>>>
> >>>>>>>>>>> Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> >>>>>>>>>>> ---
> >>>>>>>>>>>     lib/efi_loader/Kconfig | 2 +-
> >>>>>>>>>>>     1 file changed, 1 insertion(+), 1 deletion(-)
> >>>>>>>>>>>
> >>>>>>>>>>> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> >>>>>>>>>>> index b2ab48a048..a87bf3cc98 100644
> >>>>>>>>>>> --- a/lib/efi_loader/Kconfig
> >>>>>>>>>>> +++ b/lib/efi_loader/Kconfig
> >>>>>>>>>>> @@ -327,7 +327,7 @@ config EFI_TCG2_PROTOCOL
> >>>>>>>>>>>     config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
> >>>>>>>>>>>         int "EFI_TCG2_PROTOCOL EventLog size"
> >>>>>>>>>>>         depends on EFI_TCG2_PROTOCOL
> >>>>>>>>>>> -     default 4096
> >>>>>>>>>>> +     default 16384
> >>>>>>>>>>
> >>>>>>>>>> I found this text in EDK II:
> >>>>>>>>>>
> >>>>>>>>>> Minimum length(in bytes) of the system preboot TCG event log area(LAML)
> >>>>>>>>>> -----------------------------------------------------------------------
> >>>>>>>>>>
> >>>>>>>>>> For PC Client Implementation spec up to and including 1.2 the minimum
> >>>>>>>>>> log size is 64KB. (SecurityPkg/SecurityPkg.dec)
> >>>>>>>>>
> >>>>>>>>> Thank you for your feedback.
> >>>>>>>>> I have not checked this.
> >>>>>>>>> TCG spec also says "The Log Area Minimum Length for the TCG event log
> >>>>>>>>> MUST be at least 64KB." in ACPI chapter.
> >>>>>>>>> I will update to set 64KB as default.
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> Is this the same as the BLOBLISTT_TPM2_TCG_LOG thing? If so, can we
> >>>>>>>> put this in the bloblist? We want to avoid adding code in EFI which is
> >>>>>>>> in U-Boot.
> >>>>>>>
> >>>>>>> I think bloblist is used for data passing from SPL/TPL to u-boot.
> >>>>>>> Is your comment saying that the eventlog generated
> >>>>>>> in u-boot(done in efi_tcg2.c with this patch series) should be appended
> >>>>>>> into the buffer pointed by BLOBLISTT_TPM2_TCG_LOG blob?
> >>>>>>>
> >>>>>>
> >>>>>> Even in that case the eventlog can't be appended.  The TCG eventlog
> >>>>>> hould be copied into EFI memory, since the kernel expects to find it
> >>>>>> there.
> >>>>>
> >>>>> Typically bloblist is relocated by U-Boot. There are lots of tables
> >>>>> that must be passed to linux, including ACPI and SMBIOS. With bloblist
> >>>>> they can all be in one place.
> >>>>
> >>>>
> >>>> The eventlog must be allocated in EFI memory though.
> >>>
> >>> There is really only one memory in U-Boot. I feel that all stuff that
> >>> EFI passes on to linux should be in a single bloblist.
> >>
> >> We have should follow existing standards and not invent our own. LInux
> >> is not the only OS booted via U-Boot.
> >
> > Perhaps we can talk about it in the next call. My point is not about
> > avoiding standards!
> >
> > What I am saying is that if we put things in a bloblist, and make that
> > available to Linux (or other OS) via EFI, things should work, but
>
> Which operating would be aware of your bloblist? Windows, BSD, Haiku?

None, it is not necessary. The bloblist is a U-Boot construct, a
container for blobs. We can pass a pointer to the blob through the EFI
tables, as we do with ACPI.

>
> We want U-Boot to be interchangable with other UEFI firmware like EDK
> II. This will only work if we program against the same specs and don't
> invent new interfaces.

This is not a new interface. Let's chat about it in a contributor call.

Regards,
Simon

>
> Best regards
>
> Heinrich
>
> > non-EFI people are happy too. See the ACPI stuff for example - we put
> > all of those bits in a bloblist, which is really just a contiguous
> > area of memory. It is more convenient for U-Boot than allocating
> > memory willy nilly. Plus the 'bloblist' command lets you see what is
> > there.
> >
> > Anyway I really don't understand all of this well enough to say what
> > we should do. I am just passing on hints. There is way too much
> > 'separate' EFI code in U-Boot at present and we need to work to reduce
> > that and hopefully not add more.
> >
> > [..]
> >
> > Regards,
> > Simon
> >

More information about the U-Boot mailing list