Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1083656ybi; Wed, 3 Jul 2019 09:13:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqymqzv8vo+6v3tteY3uPDBDAI4vgX6ivoWvsbCEGsj+Of0KujRSNVtbmwLl4pYixBU6MwDt X-Received: by 2002:a63:b547:: with SMTP id u7mr39084073pgo.322.1562170391536; Wed, 03 Jul 2019 09:13:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562170391; cv=none; d=google.com; s=arc-20160816; b=xz1wGrqsyCGuZ+/CjrHOmibCtGQRLB4CzU1yGM80AY1ac868Uh+YM4Rdkal6mz1yPd adUKvLQ5yLeqZ1BPRNznLgCf59AJUXoc81ina80vcrR4i+tUheXw+onCVbLvVsHRYbPC mCdHlfWk0HP/GMH+V4AOSKyrIJ3VEpETKPL/POX10S0qDfeTZYyHxBt4ipB5alqkL2cd U4ysEWef0lBHyK6ZkKAMPx6phhApbleeYwu4UOKWtPF48tjRhiilAXWk6U16XwiZzblg nQC2+PZdacdIRBpPZ3YHBp6vn2jUHhhYuLZ6Z1JcTmgNTyz6xArCFKENSP1U6nx1n3TL Kagg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=62GPlw1Mk80ECIWkVdl1hGN1wiBVdPqABN71d+GcsWg=; b=iLAZvBhFSTRkzp5o67BOjNnm5cDdm74xox+Ab8o9lyxPhHNteZrLxrwSSTzB1R8cE1 86Vnp0xvpDRPLcNjh12hz9c2yBNap79+h9E0TRY3qeiH+Nt/6YczjuyLmfq+cwnyzu1c 80G++jfBdbGv6vYy671iF5vZSLXtQbTKT763l6OU3+z44aLkifcSkJn54r0HFFqKqNMy Frb2QwSlHXCwS37h2n/YzXNvem9HXUtvNfUhCHgbpyplmltgQmyuQT9iagXdqyL3icsB ceyGHoK0N4KiEZ30joZU0HI7UCwbp2Ffs6zva1/6C5mcJvY3zMmLvUPGSuP4mTcakbzY 3Qbw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h1si2625169pld.195.2019.07.03.09.12.55; Wed, 03 Jul 2019 09:13:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727066AbfGCQLV (ORCPT + 99 others); Wed, 3 Jul 2019 12:11:21 -0400 Received: from mga02.intel.com ([134.134.136.20]:48176 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726574AbfGCQLV (ORCPT ); Wed, 3 Jul 2019 12:11:21 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Jul 2019 09:11:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.63,446,1557212400"; d="scan'208";a="172182766" Received: from jsakkine-mobl1.tm.intel.com (HELO localhost) ([10.237.50.189]) by FMSMGA003.fm.intel.com with ESMTP; 03 Jul 2019 09:11:17 -0700 From: Jarkko Sakkinen To: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org Cc: tweek@google.com, matthewgarrett@google.com, Jarkko Sakkinen , Jonathan Corbet Subject: [PATCH] tpm: Document UEFI event log quirks Date: Wed, 3 Jul 2019 19:11:05 +0300 Message-Id: <20190703161109.22935-1-jarkko.sakkinen@linux.intel.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Type: text/plain; charset=y Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There are some weird quirks when it comes to UEFI event log. Provide a brief introduction to TPM event log mechanism and describe the quirks and how they can be sorted out. Signed-off-by: Jarkko Sakkinen --- Documentation/security/tpm/tpm-eventlog.rst | 53 +++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 Documentation/security/tpm/tpm-eventlog.rst diff --git a/Documentation/security/tpm/tpm-eventlog.rst b/Documentation/security/tpm/tpm-eventlog.rst new file mode 100644 index 000000000000..2ca8042bdb17 --- /dev/null +++ b/Documentation/security/tpm/tpm-eventlog.rst @@ -0,0 +1,53 @@ +.. SPDX-License-Identifier: GPL-2.0 + +============= +TPM Event Log +============= + +| Authors: +| Stefan Berger + +This document briefly describes what TPM log is and how it is handed +over from the preboot firmware to the operating system. + +Introduction +============ + +The preboot firmware maintains an event log that gets new entries every +time something gets hashed by it to any of the PCR registers. The events +are segregated by their type and contain the value of the hashed PCR +register. Typically, the preboot firmware will hash the components to +who execution is to be handed over or actions relevant to the boot +process. + +The main application for this is remote attestation and the reason why +it is useful is nicely put in the very first section of [1]: + +"Attestation is used to provide information about the platform’s state +to a challenger. However, PCR contents are difficult to interpret; +therefore, attestation is typically more useful when the PCR contents +are accompanied by a measurement log. While not trusted on their own, +the measurement log contains a richer set of information than do the PCR +contents. The PCR contents are used to provide the validation of the +measurement log." + +UEFI event log +============== + +UEFI provided event log has a few somewhat weird quirks. + +Before calling ExitBootServices() Linux EFI stub copies the event log to +a custom configuration table defined by the stub itself. Unfortanely, +the events generated by ExitBootServices() do end up to the table. + +The firmware provides so called final events configuration table to sort +out this issue. Events gets mirrored to this table after the first time +EFI_TCG2_PROTOCOL.GetEventLog() gets called. + +This introduces another problem: nothing guarantees that it is not +called before the stub gets to run. Thus, it needs to copy the final +events table preboot size to the custom configuration table so that +kernel offset it later on. + +[1] https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/ +[2] The final concatenation is done in drivers/char/tpm/eventlog/efi.c -- 2.20.1