[PATCH v5 2/3] tcg2: decouple eventlog size from efi
Ilias Apalodimas
ilias.apalodimas at linaro.org
Thu Jan 16 15:00:38 CET 2025
On Tue, 14 Jan 2025 at 17:20, Raymond Mao <raymond.mao at linaro.org> wrote:
>
> Move default eventlog size from efi to tpm for using in both
> efi and measured boot.
>
> Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> ---
> Changes in v5
> - Move eventlog size kconfig from EFI to TPM2, so that it can be used by
> both EFI and MEASURED_BOOT.
>
> doc/usage/measured_boot.rst | 1 -
> drivers/tpm/Kconfig | 9 +++++++++
> include/efi_tcg2.h | 2 --
> lib/efi_loader/Kconfig | 9 ---------
> lib/efi_loader/efi_tcg2.c | 15 ++++++++-------
> 5 files changed, 17 insertions(+), 19 deletions(-)
>
> diff --git a/doc/usage/measured_boot.rst b/doc/usage/measured_boot.rst
> index 05c439e9ac..488dd546f1 100644
> --- a/doc/usage/measured_boot.rst
> +++ b/doc/usage/measured_boot.rst
> @@ -24,7 +24,6 @@ Requirements
>
> * A hardware TPM 2.0 supported by an enabled U-Boot driver
> * CONFIG_EFI_TCG2_PROTOCOL=y
> -* CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE=y
> * optional CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB=y will measure the loaded DTB
> in PCR 1
>
> diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
> index d59102d9a6..01bc686d36 100644
> --- a/drivers/tpm/Kconfig
> +++ b/drivers/tpm/Kconfig
> @@ -209,6 +209,15 @@ config TPM2_MMIO
> to the device using the standard TPM Interface Specification (TIS)
> protocol.
>
> +config TPM2_EVENT_LOG_SIZE
> + int "EventLog size"
> + depends on TPM_V2
> + default 65536
> + help
> + Define the size of the EventLog. Note that this is going to be
> + allocated twice. One for the eventlog it self and one for the
> + configuration table that is required from the TCG2 spec
> +
> endif # TPM_V2
>
> endmenu
> diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h
> index 8dfb1bc952..7ed8880991 100644
> --- a/include/efi_tcg2.h
> +++ b/include/efi_tcg2.h
> @@ -28,8 +28,6 @@
> #define EFI_TCG2_MAX_PCR_INDEX 23
> #define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1
>
> -#define TPM2_EVENT_LOG_SIZE CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
> -
> typedef u32 efi_tcg_event_log_bitmap;
> typedef u32 efi_tcg_event_log_format;
> typedef u32 efi_tcg_event_algorithm_bitmap;
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index c46ffe3a9d..d703e901ed 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -437,15 +437,6 @@ config EFI_TCG2_PROTOCOL
> Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
> of the platform.
>
> -config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
> - int "EFI_TCG2_PROTOCOL EventLog size"
> - depends on EFI_TCG2_PROTOCOL
> - default 65536
> - help
> - Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
> - this is going to be allocated twice. One for the eventlog it self
> - and one for the configuration table that is required from the spec
> -
> config EFI_TCG2_PROTOCOL_MEASURE_DTB
> bool "Measure DTB with EFI_TCG2_PROTOCOL"
> depends on EFI_TCG2_PROTOCOL
> diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
> index a15c73162e..6dba8b1406 100644
> --- a/lib/efi_loader/efi_tcg2.c
> +++ b/lib/efi_loader/efi_tcg2.c
> @@ -111,7 +111,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type,
> /* if ExitBootServices hasn't been called update the normal log */
> if (!event_log.ebs_called) {
> if (event_log.truncated ||
> - event_log.pos + event_size > TPM2_EVENT_LOG_SIZE) {
> + event_log.pos + event_size > CONFIG_TPM2_EVENT_LOG_SIZE) {
> event_log.truncated = true;
> return EFI_VOLUME_FULL;
> }
> @@ -124,7 +124,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type,
> return ret;
>
> /* if GetEventLog has been called update FinalEventLog as well */
> - if (event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE)
> + if (event_log.final_pos + event_size > CONFIG_TPM2_EVENT_LOG_SIZE)
> return EFI_VOLUME_FULL;
>
> log = (void *)((uintptr_t)event_log.final_buffer + event_log.final_pos);
> @@ -822,12 +822,12 @@ static efi_status_t create_final_event(void)
> * EFI_TCG2_GET_EVENT_LOGS need to be stored in an instance of an
> * EFI_CONFIGURATION_TABLE
> */
> - ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, TPM2_EVENT_LOG_SIZE,
> + ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, CONFIG_TPM2_EVENT_LOG_SIZE,
> &event_log.final_buffer);
> if (ret != EFI_SUCCESS)
> goto out;
>
> - memset(event_log.final_buffer, 0xff, TPM2_EVENT_LOG_SIZE);
> + memset(event_log.final_buffer, 0xff, CONFIG_TPM2_EVENT_LOG_SIZE);
> final_event = event_log.final_buffer;
> final_event->number_of_events = 0;
> final_event->version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;
> @@ -913,7 +913,8 @@ static efi_status_t efi_init_event_log(void)
> if (tcg2_platform_get_tpm2(&dev))
> return EFI_DEVICE_ERROR;
>
> - ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE,
> + ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA,
> + CONFIG_TPM2_EVENT_LOG_SIZE,
> (void **)&event_log.buffer);
> if (ret != EFI_SUCCESS)
> return ret;
> @@ -922,7 +923,7 @@ static efi_status_t efi_init_event_log(void)
> * initialize log area as 0xff so the OS can easily figure out the
> * last log entry
> */
> - memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE);
> + memset(event_log.buffer, 0xff, CONFIG_TPM2_EVENT_LOG_SIZE);
>
> /*
> * The log header is defined to be in SHA1 event log entry format.
> @@ -939,7 +940,7 @@ static efi_status_t efi_init_event_log(void)
> * platforms can use different ways to do so.
> */
> elog.log = event_log.buffer;
> - elog.log_size = TPM2_EVENT_LOG_SIZE;
> + elog.log_size = CONFIG_TPM2_EVENT_LOG_SIZE;
> rc = tcg2_log_prepare_buffer(dev, &elog, false);
> if (rc) {
> ret = (rc == -ENOBUFS) ? EFI_BUFFER_TOO_SMALL : EFI_DEVICE_ERROR;
> --
> 2.25.1
>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
More information about the U-Boot
mailing list