[PATCH] efi_loader: explicitly return EFI_UNSUPPORTED for TCG 1.0 compatibility
Stuart Yoder
stuart.yoder at arm.com
Wed May 31 22:40:23 CEST 2023
On 5/31/23 3:10 PM, Heinrich Schuchardt wrote:
> On 5/31/23 21:37, Stuart Yoder wrote:
>>
>> Unfortunately, the TCG spec is very confusing in section 6.4.4 #2 and
>> #3. They attempted to clarify in an errata:
>> https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-Errata-v.5.pdf
>>
>> ...but it is still confusing.
>>
>> Ilias and I had discussed the ambiguities, and back in March 2022 I
>> requested clarification from the TCG workgroup. In cases of
>> ambiguity TCG frequently will defer to how EDK2 has implemented
>> a point in the spec.
>>
>> Here are my notes following the call with TCG about the intent
>> of #2 and #3, which was based on their review of the EDK2
>> implementation:
>>
>> a. If a client passes in a Size that is the full size including all
>> fields including ActivePcrBanks, the return code is SUCCESS and
>> all fields are populated. [This is a 1.1 client scenario]
>>
>> b. If a client passes in a Size that includes all fields up to
>> and including the vendor ID, the return code is SUCCESS and all
>> fields up to including the vendor ID are populated. [This is a
>> 1.0 client scenario, so a populated 1.0 struct is returned]
>
> This contradicts the TCG EFI Protocol Specifiction which knows of no 1.0
> structure but requires:
>
> If the input ProtocolCapability.Size <
> sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY) the function will initialize
> the fields included in ProtocolCapability.Size. The values of the
> remaining fields will be undefined.
>
> We should stick with what is specified.
>
> The above requirement is not yet implemented in U-Boot.
>
> Could you, please, indicated where the 1.0 structure was ever defined. I
> could not find any a document linked on
> https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/
I can't find any public spec with the 1.0 struct.
>>
>> c. If a client passes in a Size that is less than the size up to
>> and including the vendor ID, the return code is BUFFER_TOO_SMALL
>> and the Size field is populated with the full size of the struct
>> supported by the firmware. [This allows a client to determine
>> whether it is talking to 1.0 or 1.1 firmware]
>
> Yes, it is the client's task to check the protocol version and not the
> firmware's task to guess what the client has in mind.
>
> ARM should fix their tests that don't comply with the TCG EFI Protocol
> Specification and then upstream them to edk-test. U-Boot should not try
> to work around incorrect vendor tests.
The spec is not clear. And the committee that owns the spec provided
the clarifications I outlined. They were supposed to provide an errata
update to publish those clarifications, but it seems somehow that
didn't happen.
I specifically defined the SCT test spec based on what the committee
told me:
https://github.com/stuyod01/edk2-test/blob/master/uefi-sct/Doc/UEFI-SCT-Case-Spec/30_Protocols_TCG2_Test.md
The Arm created tests match what I've been told is the the _intent_ of
the spec. What is missing is getting TCG to publish errata documenting
that.
Thanks,
Stuart
More information about the U-Boot
mailing list