[PATCH v5 3/3] tpm: get tpm event log from bloblist
Ilias Apalodimas
ilias.apalodimas at linaro.org
Sat Jan 18 11:07:20 CET 2025
On Sat, 18 Jan 2025 at 06:31, Simon Glass <sjg at chromium.org> wrote:
>
> Hi Ilias,
>
> On Thu, 16 Jan 2025 at 07:35, Ilias Apalodimas <ilias.apalodimas at linaro.org> wrote:
> >
> > On Wed, 15 Jan 2025 at 03:17, Simon Glass <sjg at chromium.org> wrote:
> > >
> > > Hi Raymond,
> > >
> > > On Tue, 14 Jan 2025 at 08:20, Raymond Mao <raymond.mao at linaro.org> wrote:
> > > >
> > > > Get tpm event log from bloblist instead of FDT when bloblist is
> > > > enabled and valid from previous boot stage.
> > > >
> > > > As a fallback, when no event log from previous stage is observed
> > > > and no user buffer is passed, malloc a default buffer to initialize
> > > > the event log.
> > > >
> > > > Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> > > > ---
> > > > Changes in v2
> > > > - Remove patch dependency.
> > > > - Remove the fallback to FDT when BLOBLIST is selected.
> > > > Changes in v3
> > > > - Malloc an 8KB buffer when user eventlog buffer does not exist.
> > > > Changes in v4
> > > > - Replace the default eventlog size with TPM2_EVENT_LOG_SIZE.
> > > > Changes in v5
> > > > - Replace TPM2_EVENT_LOG_SIZE with CONFIG_TPM2_EVENT_LOG_SIZE.
> > > > - Add an inline TODO comment.
> > > >
> > > > lib/tpm_tcg2.c | 61 ++++++++++++++++++++++++++++++++++----------------
> > > > 1 file changed, 42 insertions(+), 19 deletions(-)
> > >
> > > Reviewed-by: Simon Glass <sjg at chromium.org>
> > >
> > > nit in case you respin again: -ENODEV is for driver model, when there
> > > is no device. It is actually handling specially by driver model. So
> > > -ENOENT is what I try to use for things that don't exist but aren't
> > > devices.
> > >
> >
> > +1,
> >
> >
> > > >
> > > > diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
> > > > index 4134d93a35..2d9076f091 100644
> > > > --- a/lib/tpm_tcg2.c
> > > > +++ b/lib/tpm_tcg2.c
> > > > @@ -5,6 +5,7 @@
> > > >
> > > > #include <dm.h>
> > > > #include <dm/of_access.h>
> > > > +#include <malloc.h>
> > > > #include <tpm_api.h>
> > > > #include <tpm-common.h>
> > > > #include <tpm-v2.h>
> > > > @@ -19,6 +20,7 @@
> > > > #include <linux/unaligned/generic.h>
> > > > #include <linux/unaligned/le_byteshift.h>
> > > > #include "tpm-utils.h"
> > > > +#include <bloblist.h>
> > > >
> > > > int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_bank, u32 *active_bank,
> > > > u32 *bank_num)
> > > > @@ -615,15 +617,24 @@ int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog,
> > > > elog->found = log.found;
> > > > }
> > > >
> > > > + if (elog->found)
> > > > + return 0;
> > > > +
> > > > /*
> > > > - * Initialize the log buffer if no log was discovered and the buffer is
> > > > - * valid. User's can pass in their own buffer as a fallback if no
> > > > - * memory region is found.
> > > > + * Initialize the log buffer if no log was discovered.
> > > > + * User can pass in their own buffer as a fallback if no memory region
> > > > + * is found, else malloc a buffer if it does not exist.
> > > > */
> > > > - if (!elog->found && elog->log_size)
> > > > - rc = tcg2_log_init(dev, elog);
> > > > + if (!elog->log_size) {
> > > > + elog->log = malloc(CONFIG_TPM2_EVENT_LOG_SIZE);
> > > > + if (!elog->log)
> > > > + return -ENOMEM;
> > > > +
> > > > + memset(elog->log, 0, CONFIG_TPM2_EVENT_LOG_SIZE);
> > > > + elog->log_size = CONFIG_TPM2_EVENT_LOG_SIZE;
> >
> > Why are you doing this? There are 2 ways to pass an EventLog to the
> > kernel. Either via a config table from EFI, or using sml-base and
> > sml-size in a DT (which are both required). IOW you will create an
> > EventLog no one will discover
>
> My understanding is that it is still added to those tables (e.g. EFI). Linux does not see the bloblist structure.
No that's not what happens.
We either explicitly allocate memory from the EFI subsystem and use
that, or parse the DT and map whatever the DT tells us, If you want to
use malloc for allocating a non-EFI consumed EventLog you have to
inject these values to a DT otherwise the OS won't be able to find it.
>
> Regards,
> Simon
More information about the U-Boot
mailing list