[PATCH 2/2] tpm: get tpm event log from bloblist
Tom Rini
trini at konsulko.com
Thu Jan 2 17:53:02 CET 2025
On Thu, Jan 02, 2025 at 11:00:02AM -0500, Raymond Mao wrote:
> Hi Tom,
>
> On Thu, 2 Jan 2025 at 10:48, Tom Rini <trini at konsulko.com> wrote:
>
> > On Thu, Jan 02, 2025 at 10:25:15AM -0500, Raymond Mao wrote:
> >
> > [snip]
> > > As I said, we need an kconfig here to decide whether a user should look
> > for
> > > TPM log (and all other handoff information defined by the Firmware
> > Handoff
> > > specification) from the bloblist or not.
> > > We don't have such kconfig now.
> >
> > We do we need this knob? I don't think that we do. The case of bloblist
> > not existing where we looked for it needs to work. And the case of the
> > bloblist not having an entry needs to work (or if it *must* exist,
> > that's a separate option to add, ie CONFIG_TPM_BLOBLIST_LOG_REQUIRED).
> >
> I think this kconfig should not be only for TPM log, but for all general
> blob tags which are required to be handed over.
> User should have a choice to hand over *all* required handoff data from a
> blobllist (if exists) or to stay in each data's own legacy way (from DT or
> whatever)
> Aka, the switch should be general and "one for all", otherwise, we have to
> add multiple CONFIG_XXX_BLOBLIST_REQUIRED in the future.
Since we're just getting this effort really moving forward now, I'd
like to go with the assumption that bloblists will be complete if
passed. So if the TPM code wants to do:
if (IS_ENABLED(CONFIG_BLOBLIST))
... no event log found ... hang("No eventlog in bloblist!") ...
That's fine and how we can enforce requirements. But we don't know for
certain what a previous to U-Boot stage will or will not have done. It
could be TF-A, it could be U-Boot, it could be something else. We also
don't have a list of strictly required tags, so that too is perhaps part
of the problem.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250102/772dd8cb/attachment.sig>
More information about the U-Boot
mailing list