[PATCH 2/2] tpm: get tpm event log from bloblist

[Raymond Mao]

Hi Tom,

On Thu, 2 Jan 2025 at 10:48, Tom Rini <trini at konsulko.com> wrote:

> On Thu, Jan 02, 2025 at 10:25:15AM -0500, Raymond Mao wrote:
>
> [snip]
> > As I said, we need an kconfig here to decide whether a user should look
> for
> > TPM log (and all other handoff information defined by the Firmware
> Handoff
> > specification) from the bloblist or not.
> > We don't have such kconfig now.
>
> We do we need this knob? I don't think that we do. The case of bloblist
> not existing where we looked for it needs to work. And the case of the
> bloblist not having an entry needs to work (or if it *must* exist,
> that's a separate option to add, ie CONFIG_TPM_BLOBLIST_LOG_REQUIRED).
>
> I think this kconfig should not be only for TPM log, but for all general
blob tags which are required to be handed over.
User should have a choice to hand over *all* required handoff data from a
blobllist (if exists) or to stay in each data's own legacy way (from DT or
whatever)
Aka, the switch should be general and "one for all", otherwise, we have to
add multiple CONFIG_XXX_BLOBLIST_REQUIRED in the future.


> > > > There's at least two sets of challenges here. One, being solved by
> > > > vexpress64 right now, is that we didn't have CONFIG_BLOBLIST_PASSAGE
> as
> > > > an actual option. And in that case, there's no U-Boot before full
> U-Boot
> > > > and the bloblist exists for us. Two, U-Boot is what is creating the
> > > > bloblist. The contentious parts are *when* it's created and *where*
> it
> > > > resides prior to full U-Boot seeing it.
> > >
> > > There isn't contention, so far as I am aware. The normal case is that
> > > U-Boot creates and uses the bloblist itself. Pre-U-Boot blobs (like
> > > TF-A, sadly) are not the normal case and should be discouraged in an
> > > open-source project. That doesn't mean we shouldn't support them, but
> > > it is the tail wagging the dog.
> > >
> > TBH, I am confused with this statement which means we should not use the
> > bloblist library from the beginning to hand over data from the previous
> > stage.
> > If U-Boot bloblist only intends to consume the data created by itself, we
> > have to introduce another library to do the handoff, like what was done
> in
> > TF-A and OP-TEE -
> > then finally we can have a standard handoff library that can be used in
> all
> > projects and keep bloblist as it was.
>
> Simon doesn't speak for the U-Boot project, he speaks for himself. I
> don't see why U-Boot shouldn't look for an use a bloblist for things
> that need to be passed from one stage of the boot process to another.
>
> Thanks for clarifying this.

Thanks and regards,
Raymond