[PATCH v2 3/3] tpm: allocate tpm event log if missing

[Ilias Apalodimas]

Hi Ludwig,

[...]

> >>>
> >>> I'd like the eventlog to be initialized before calling this (look below).
> >>
> >> What if I removed the log parameter from those tcg2_* functions instead?
> >> The event log belongs to the tpm device IMO, so should be initialized
> >> with the device.
> >
> > Measured boot EventLogs etc are primarily described by the TCG specs &
> > EFI and we only have a specification for it there. The DT describes on
> > how to pass it over to linux with sml-base etc.
> > However, in the EFI case the Eventlog is allocated as ACPI memory. So
> > you cannot allocate the EventLog a priori, until you figure out what
> > method you are using to boot. We also have use cases people using it
> > only for RNG, due to limited memory, so we can't just allocate it on
> > the device bringup. And lastly... Some first stage bootloaders do not
> > initialize the TPM & drivers. What they do is prepare an EventLog and
> > expect U-Boot to replay it once the TPM is up and running. In that
> > case we obviously need to preserve what we have instead of starting
> > from scratch.
>
> Ack, we are on the same page here.
>
> > My main concern is that I *don't* want the EFI and non-EFI code to
> > deviate. I have some patches that I am playing around for quite some
> > time and rebased them last week for this reason [1]. If you think
> > those help your use case or make your life easier feel free to include
> > them.
>
> Good idea and orthogonal to what I am doing I think. This duplication in
> EFI stressed my brain too but I can't care about EFI right now :-)

It is, but the deviation in EFI is pretty minimal atm.
- EFI calls tcg2_log_prepare_buffer instead of tcg2_measurement_init()
-- That's what my patches fix
- EFI has it's own version of tcg2_measure_event() -- That's easy to
fix as well,.

>
> IIUC you are centering the change around calling
> tcg2_log_prepare_buffer() in efi_init_event_log(). What do you think
> about aiming for tcg2_measurement_init() as central starting point
> instead?
> That would allow to remove even more duplicated code.
> It should be sufficient to have tcg2_measurement_init() accept an
> optional pointer to pre-allocated log buffer memory. Attached patch
> maybe explains the idea better (just as idea, won't compile).

I agree. In fact I mistyped the functions names on my previous
email.... I really meant tcg2_measurement_init(). The patchset I
pointed you to already converts tcg2_log_prepare_buffer() to static.

>
> >> I am not sure what the intention of the current api is tbh. The event
> >> log basically documents when and how PCR registers were extended. We
> >> have to build that log ourselves as the TPM doesn't do it for us. The
> >> api weirdly allows to have partial local logs even though there's only
> >> one set of PCR registers.
> >
> > Where?
>
> The elog parameters of tcg2_log_prepare_buffer() and tcg2_measure_data()
> are not related to the dev parameter. So it looks like the intention is
> to be able to call it on the same tpm but with different event logs.

Ah no. The reason was that the non EFI code was retrofitted way later,
and it was eiaster to just allocate the buffer on the spot. I always
had the idea of abstracting this even more in the future

Cheers
/Ilias
>
> cu
> Ludwig
>
> --
> Ludwig Nussel
> Siemens AG
> www.siemens.com