[PATCH v7 2/3] tcg2: decouple eventlog size from efi

Raymond Mao raymond.mao at linaro.org
Mon Jan 27 15:49:35 CET 2025 

Move default eventlog size from efi to tpm for using in both
efi and measured boot.

Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
---
Changes in v5
- Move eventlog size kconfig from EFI to TPM2, so that it can be used by
  both EFI and MEASURED_BOOT.
Changes in v6
- None.
Changes in v7
- None.

 doc/usage/measured_boot.rst |  1 -
 drivers/tpm/Kconfig         |  9 +++++++++
 include/efi_tcg2.h          |  2 --
 lib/efi_loader/Kconfig      |  9 ---------
 lib/efi_loader/efi_tcg2.c   | 15 ++++++++-------
 5 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/doc/usage/measured_boot.rst b/doc/usage/measured_boot.rst
index 05c439e9ac..488dd546f1 100644
--- a/doc/usage/measured_boot.rst
+++ b/doc/usage/measured_boot.rst
@@ -24,7 +24,6 @@ Requirements
 
 * A hardware TPM 2.0 supported by an enabled U-Boot driver
 * CONFIG_EFI_TCG2_PROTOCOL=y
-* CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE=y
 * optional CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB=y will measure the loaded DTB
   in PCR 1
 
diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig
index d59102d9a6..01bc686d36 100644
--- a/drivers/tpm/Kconfig
+++ b/drivers/tpm/Kconfig
@@ -209,6 +209,15 @@ config TPM2_MMIO
 	  to the device using the standard TPM Interface Specification (TIS)
 	  protocol.
 
+config TPM2_EVENT_LOG_SIZE
+	int "EventLog size"
+	depends on TPM_V2
+	default 65536
+	help
+	  Define the size of the EventLog. Note that this is going to be
+	  allocated twice. One for the eventlog it self and one for the
+	  configuration table that is required from the TCG2 spec
+
 endif # TPM_V2
 
 endmenu
diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h
index 8dfb1bc952..7ed8880991 100644
--- a/include/efi_tcg2.h
+++ b/include/efi_tcg2.h
@@ -28,8 +28,6 @@
 #define EFI_TCG2_MAX_PCR_INDEX 23
 #define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1
 
-#define TPM2_EVENT_LOG_SIZE CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
-
 typedef u32 efi_tcg_event_log_bitmap;
 typedef u32 efi_tcg_event_log_format;
 typedef u32 efi_tcg_event_algorithm_bitmap;
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index c46ffe3a9d..d703e901ed 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -437,15 +437,6 @@ config EFI_TCG2_PROTOCOL
 	  Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
 	  of the platform.
 
-config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE
-	int "EFI_TCG2_PROTOCOL EventLog size"
-	depends on EFI_TCG2_PROTOCOL
-	default 65536
-	help
-		Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that
-		this is going to be allocated twice. One for the eventlog it self
-		and one for the configuration table that is required from the spec
-
 config EFI_TCG2_PROTOCOL_MEASURE_DTB
 	bool "Measure DTB with EFI_TCG2_PROTOCOL"
 	depends on EFI_TCG2_PROTOCOL
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index a15c73162e..6dba8b1406 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -111,7 +111,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type,
 	/* if ExitBootServices hasn't been called update the normal log */
 	if (!event_log.ebs_called) {
 		if (event_log.truncated ||
-		    event_log.pos + event_size > TPM2_EVENT_LOG_SIZE) {
+		    event_log.pos + event_size > CONFIG_TPM2_EVENT_LOG_SIZE) {
 			event_log.truncated = true;
 			return EFI_VOLUME_FULL;
 		}
@@ -124,7 +124,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type,
 		return ret;
 
 	/* if GetEventLog has been called update FinalEventLog as well */
-	if (event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE)
+	if (event_log.final_pos + event_size > CONFIG_TPM2_EVENT_LOG_SIZE)
 		return EFI_VOLUME_FULL;
 
 	log = (void *)((uintptr_t)event_log.final_buffer + event_log.final_pos);
@@ -822,12 +822,12 @@ static efi_status_t create_final_event(void)
 	 * EFI_TCG2_GET_EVENT_LOGS need to be stored in an instance of an
 	 * EFI_CONFIGURATION_TABLE
 	 */
-	ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, TPM2_EVENT_LOG_SIZE,
+	ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, CONFIG_TPM2_EVENT_LOG_SIZE,
 				&event_log.final_buffer);
 	if (ret != EFI_SUCCESS)
 		goto out;
 
-	memset(event_log.final_buffer, 0xff, TPM2_EVENT_LOG_SIZE);
+	memset(event_log.final_buffer, 0xff, CONFIG_TPM2_EVENT_LOG_SIZE);
 	final_event = event_log.final_buffer;
 	final_event->number_of_events = 0;
 	final_event->version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;
@@ -913,7 +913,8 @@ static efi_status_t efi_init_event_log(void)
 	if (tcg2_platform_get_tpm2(&dev))
 		return EFI_DEVICE_ERROR;
 
-	ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE,
+	ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA,
+				CONFIG_TPM2_EVENT_LOG_SIZE,
 				(void **)&event_log.buffer);
 	if (ret != EFI_SUCCESS)
 		return ret;
@@ -922,7 +923,7 @@ static efi_status_t efi_init_event_log(void)
 	 * initialize log area as 0xff so the OS can easily figure out the
 	 * last log entry
 	 */
-	memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE);
+	memset(event_log.buffer, 0xff, CONFIG_TPM2_EVENT_LOG_SIZE);
 
 	/*
 	 * The log header is defined to be in SHA1 event log entry format.
@@ -939,7 +940,7 @@ static efi_status_t efi_init_event_log(void)
 	 * platforms can use different ways to do so.
 	 */
 	elog.log = event_log.buffer;
-	elog.log_size = TPM2_EVENT_LOG_SIZE;
+	elog.log_size = CONFIG_TPM2_EVENT_LOG_SIZE;
 	rc = tcg2_log_prepare_buffer(dev, &elog, false);
 	if (rc) {
 		ret = (rc == -ENOBUFS) ? EFI_BUFFER_TOO_SMALL : EFI_DEVICE_ERROR;
-- 
2.25.1

More information about the U-Boot mailing list