Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp2048223rdb; Sun, 4 Feb 2024 12:28:12 -0800 (PST) X-Google-Smtp-Source: AGHT+IGTt1n/z8zJPjDXmfVKJiVpD6cOEXKZzYaNA3BnTPQT/RvuAeqOR/2m6o1kT3iN9e0Mgn2u X-Received: by 2002:a05:6402:12ca:b0:55f:4602:bf7d with SMTP id k10-20020a05640212ca00b0055f4602bf7dmr3418115edx.26.1707078492026; Sun, 04 Feb 2024 12:28:12 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707078492; cv=pass; d=google.com; s=arc-20160816; b=qZ9uoX4/dQkOTHjNDs2oBLEgx++teONhBJ4OVkqO3Mqnto8LJj6U7qlJ40EHml+JB6 Zx9lIOKEy5Jqr2G4HuIxIxggYPjZQJcABN45DIU7GX+O0uAtwePVYKwcrogthW4zLQl5 KyR3efTWhWeNZrtXEzclgCenlGnkNuDQWMBx+Hnv01EICErHlXj/Ka22HDaeEMf4jfaP lh2JgmQEbOkIHQWCagO/eX/Fz+YQI9sNrrPHHts1fOARpSGLeQpzljcFfU4DikYmuPuS F9Aaf+JwWSyBBd0ALu0GVx4KBewiy9RK6upaSNK5V+9T5u97ODKYeSIlU64AF+9rJNBZ IwKg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=GBtOC0nzJmwnAEwROwdzy4fdgQ06t7M720nBPy9kgOQ=; fh=G2NhTDkWgzNjMkwqLMVN0T1+tKVIXfYwSKNYl5Ja/6k=; b=uBdBdr70haP6b4LfsTMmwdTkwomnro6LklUSWLtUnnUL/LH+kuFQAKhFTOUKRDdoI0 UMXKUvoQUWhS8GLNyqdsM2F2t7wsXPaYe0LO4TlkOX4iv8MsC/3VbKlsSN7nwNl4XaCq Epxj9WfwiCNZjPsahpG6x1Xm5jRgfopiiRWNXq2GDIKhIIvj9nCvYeSlivgdKRwuhTtM wZ3z+2VS2GsMBNe+W4zb4a3MB4E0k76BUtesX0dxXE5Q/GG3xX3RxZY4Pw00hj+ZGswI ST6SfauBGc/z0cUwBmvMczna7X5k+OpkOmEoLar090lwC0RdIIdZyLMRe2Z1t1FBi+sX 2c3Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=GBn5Ddon; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-51878-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-51878-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=1; AJvYcCUtsCeO5rPdUFOI6mzn/mptxMNQU8QTeBdTbdFPMKQ7sYqwb13slNq9IejCy4+KI/IGsuxk5AeycTFf/TY/Xyyftx/p+Sr6BgBEP8DStw== Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id b18-20020a50b412000000b0055a61376aeesi3168997edh.240.2024.02.04.12.28.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 04 Feb 2024 12:28:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-51878-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=GBn5Ddon; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-51878-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-51878-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id C05501F21EEB for ; Sun, 4 Feb 2024 20:28:11 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 131BA26AC1; Sun, 4 Feb 2024 20:28:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="GBn5Ddon" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8BBF625622; Sun, 4 Feb 2024 20:28:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.7 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707078483; cv=none; b=qiSMRKMNC2+LQcTHPkTaTBTb4kw1clN6F5X0lgDl2aA9N2RxgWduqIPlmujbjkwAVlwrJuXuS8gH9Wn57bK5CgpOiPWVNMj+i+EX0YcEyOQviRItd8ckgcF3WI09qccFgshaLxe96p4BrJ3T71TQlapggK6S2saS5jGDh5Y8MzM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707078483; c=relaxed/simple; bh=pYUDma7IeNGn5sB0DMsKBMM7M0vpq2RmkTAySdwqiIE=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=nNz1PizMfxv5bcZncFp/07OYpGPpKD9KAvoe62h4bSdNZ+TNgls/neyIKuVTg7P7oInHiItQyr/IU5ns00pBlL071WJE3BH0vZmnzwUppQyhtk7ctVuQzwRSjmZIvuUp9x9Pzzjra6Ryv4QNbQGuVPu/nwLzu9pLGqC5BX5xX60= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=GBn5Ddon; arc=none smtp.client-ip=192.198.163.7 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707078481; x=1738614481; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=pYUDma7IeNGn5sB0DMsKBMM7M0vpq2RmkTAySdwqiIE=; b=GBn5Ddon6IYh7nSYE0umg5jhZSJS7avPinYl+hA/n7NQS1WaUMN4NQTA LatmrEfVZPim9LRhTBtfx9yFNFgy1ZIiHkk4KTDwrfRDr2GW5S3JBPXmf I0hNRCbeqp30yjmwgIl0p/sQF3Ep25YncIYQh+ESqoR8s9KPu0pPrp/87 YBoR7FyPSHRJx70pqk2E71rNQeAFNevjbupZqDyfR89hOF/xTxH+njLbq RvS3+yKIAMrWOTJAsjVRg7K+0RBKpJwvc02XHXoqZ/Bd7eSSxsAKJKbjE 5SeDod4vDaHlRueb4U+TkhVLDmBlyygFxRIZMU1FqgE1lqqCPO9or1+O+ A==; X-IronPort-AV: E=McAfee;i="6600,9927,10973"; a="25864383" X-IronPort-AV: E=Sophos;i="6.05,242,1701158400"; d="scan'208";a="25864383" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmvoesa101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Feb 2024 12:28:01 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10973"; a="909116928" X-IronPort-AV: E=Sophos;i="6.05,242,1701158400"; d="scan'208";a="909116928" Received: from cluevan6-mobl.amr.corp.intel.com (HELO [10.209.72.230]) ([10.209.72.230]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Feb 2024 12:28:00 -0800 Message-ID: <6a696340-b57c-4fa5-bb2e-b3a0257453bc@linux.intel.com> Date: Sun, 4 Feb 2024 12:27:59 -0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v1] efi/libstub: Add Confidential Computing (CC) measurement support Content-Language: en-US To: James Bottomley , Ard Biesheuvel Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, "Yao, Jiewen" , "Lu, Ken" References: <20240203075736.3982371-1-sathyanarayanan.kuppuswamy@linux.intel.com> <82a84e769875c70279348179c1b2b63a16770c8e.camel@HansenPartnership.com> From: Kuppuswamy Sathyanarayanan In-Reply-To: <82a84e769875c70279348179c1b2b63a16770c8e.camel@HansenPartnership.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit +Jiewen & Ken (RTMR firmware owner) On 2/3/24 10:46 PM, James Bottomley wrote: > On Sat, 2024-02-03 at 07:57 +0000, Kuppuswamy Sathyanarayanan wrote: >> If the virtual firmware implements TPM support, TCG2 protocol will be >> used for kernel measurements and event logging support. But in CC >> environment, not all platforms support or enable the TPM feature. >> UEFI specification [1] exposes protocol and interfaces used for >> kernel measurements in CC platforms without TPM support. >> >> Currently, the efi-stub only supports the kernel related measurements >> for the platform that supports TCG2 protocol. So, extend it add >> CC measurement protocol (EFI_CC_MEASUREMENT_PROTOCOL) and event >> logging support. Event logging format in the CC environment is the >> same as TCG2. > Why do we have to do this anymore? Given that you're already pushing > patches that map RTMRs to TPM PCRs: > > https://lore.kernel.org/lkml/20240128212532.2754325-4-sameo@rivosinc.com/ IMHO, I am not sure whether we need this mapping support . I have already mentioned the same comment in [1]. If we support extension and logging via configFS ABI, why again support PCR mapping? https://lore.kernel.org/lkml/2bd7c80b-9cd8-4450-a410-c3739d224167@linux.intel.com/ [1] > > Can't you just add a stub TCG2 driver to EFI that exposes only the > ability to log and measure using this mapping? That way all our > existing code will "just work" without the need to understand anything > about confidential computing or add new code to do the measurement? I am not familiar with the EFI implementation, but I think a new protocol is added to handle future CC extensions (which could deviate from TCG2) and to support platforms that does not support or enable TPM feature. So modifying the TCG2 driver in EFI may not work for the above-mentioned cases. I think the EFI driver part of this support is already merged. Jiewen/Ken may have more comments about this proposal. > > James > -- Sathyanarayanan Kuppuswamy Linux Kernel Developer