[PATCH] tpm: Export the function to set up the TPM log

Ilias Apalodimas ilias.apalodimas at linaro.org
Sat May 24 20:24:18 CEST 2025 

On Sat, 24 May 2025 at 20:59, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
> Thanks Tom
>
> On Sat, 24 May 2025 at 17:26, Tom Rini <trini at konsulko.com> wrote:
> >
> > On Sat, May 24, 2025 at 08:13:46AM -0600, Simon Glass wrote:
> >
> > > In some cases, we may wish to set up the TPM log under full control of
> > > a driver in U-Boot. Export the required function to make this possible.
> > >
> > > This avoids calling the weak function tcg2_platform_get_log() when the
> > > caller already knows where the log is.
>
> This doesn't make too much sense to me. If the caller knows where the
> log is, he needs to replay it in hardware.  Which also means you need
> to check the logs vs the active PCR banks.
>
> This has all been abstracted in tcg2_measurement_init().
> The UEFI subsystem calls tcg2_log_prepare_buffer(), but that's a
> remnant from when measured boot was only supported in EFI. I was
> planning to get rid of it and call tcg2_measurement_init() from EFI as
> well.
>
> Is there a reason you can't use that? Is it slowing down the boot time
> significantly?
>

Oh and looking at it a bit closer, calling tcg2_log_init() doesn't add
an EV_S_CRTM_VERSION event which makes the generated eventlog violate
the spec. So that function should just remain static

/Ilias
> Thanks
> /Ilias
> > >
> > > Signed-off-by: Simon Glass <sjg at chromium.org>
> > > ---
> > >
> > >  include/tpm_tcg2.h | 9 +++++++++
> > >  lib/tpm_tcg2.c     | 2 +-
> > >  2 files changed, 10 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/include/tpm_tcg2.h b/include/tpm_tcg2.h
> > > index eb6afe49e77..189a93ee840 100644
> > > --- a/include/tpm_tcg2.h
> > > +++ b/include/tpm_tcg2.h
> > > @@ -345,4 +345,13 @@ void tcg2_platform_startup_error(struct udevice *dev, int rc);
> > >   */
> > >  u32 tcg2_algorithm_to_mask(enum tpm2_algorithms);
> > >
> > > +/**
> > > + * tcg2_log_init() - Set up the elog
> > > + *
> > > + * @dev: TPM device, used to find the number of PCRs
> > > + * @elog     Platform event log
> > > + * Return: zero on success, negative errno otherwise
> > > + */
> > > +int tcg2_log_init(struct udevice *dev, struct tcg2_event_log *elog);
> > > +
> > >  #endif /* __TPM_TCG_V2_H */
> > > diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
> > > index c314b401d0b..9909d9e14d5 100644
> > > --- a/lib/tpm_tcg2.c
> > > +++ b/lib/tpm_tcg2.c
> > > @@ -220,7 +220,7 @@ static int tcg2_log_append_check(struct tcg2_event_log *elog, u32 pcr_index,
> > >       return 0;
> > >  }
> > >
> > > -static int tcg2_log_init(struct udevice *dev, struct tcg2_event_log *elog)
> > > +int tcg2_log_init(struct udevice *dev, struct tcg2_event_log *elog)
> > >  {
> > >       struct tpm_chip_priv *priv = dev_get_uclass_priv(dev);
> > >       struct tcg_efi_spec_id_event *ev;
> > > --
> > > 2.43.0
> > >
> > > base-commit: bab54f5942c428be698216224fd10b91d974d4da
> > > branch: tpma
> >
> > This is based on mainline, but you forgot to CC the TPM maintainer.
> >
> > --
> > Tom

More information about the U-Boot mailing list