Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp662949lql; Mon, 11 Mar 2024 13:33:54 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVqoA37ifzAhhr78kQhi7RKgnwc8NUoL3oq+RuBFYx63N8QVtwlX9Dgd+BSDs+kIFJ/+iTE8s6smI3CTxEAgdBPXPOHTHgaqvkYqqkjQw== X-Google-Smtp-Source: AGHT+IEW64ajMcKRuxl2EPl9du97tcuNhyxZxHwhv0BVObXMPIvzLhiT4ArL4FFFGNskU55Wzvkl X-Received: by 2002:a17:903:11ce:b0:1db:ea2b:d2c4 with SMTP id q14-20020a17090311ce00b001dbea2bd2c4mr10587496plh.15.1710189234543; Mon, 11 Mar 2024 13:33:54 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710189234; cv=pass; d=google.com; s=arc-20160816; b=Glwi9GhsTAP+oLpdvUpWckczw9kLQEgnAsMdUU52dSOZoMmB2upMqlKZiwPzhoeVRO a2UvU1wBB33qH797zGHWiHAJMi+H5FwbMWk1vuWntqFeAH0pWtHk4Xpqz2D7DYFtPELN HvaR53GJvrWZ3OHrt+bJLAbL8D2t+rhvZ/Atyi82RCtwtt1nRShFqcm39BKthhtpWdSW tBs41rZcpYie6vmLh9u8btzBBWmYcZqSm9idycg4Ti2O8+ViBLjvvZ+4jjPTiPWK5Aqt CpE084fDUPyVN5WNS/g0JH1nc0s1bJn/cut48Zb3wV5vZNDf6Bxbd+RSZf/EUBRE35F2 +79A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=sXFr27bQDiRiOge2BNvqQUpm9MexS3FoxPTB1IZaFlE=; fh=u3TACtiOiCsLmxxERTKPH2/1b1bwcFtgj5ti4HWRwVE=; b=Gp/skUsRZzx/6X16jacnAjeCrqO3qyRVcPORvECXvo6MAQNiCtV8UrdM5UoDsWt1H2 fdsRBcwQnzQbJVmw8JfsPDVTz8wJkL5OatMc/sy93S7U32YlPUlo3hk18H+D2z+C1QJ0 +8Tvib53S7+fpRbgh9JjO7aw7Xft8MEmh0pUcjLdVt0lV6Ja1O3GnwC9xV0TkILXwTtm wyIKqD7wXjTtO2FKc38Y4sZOj+0Bf8dOHbRTKt3QuzTSuFLbPDh2p483UTfejQ01RWcK P+vuOwMVbtNP21QBC0vvtYgs5EsPCC+i2YREv1If0jwL5beKbkrS/HR8NffBZZxqUEb2 edkw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=PyrLLxCS; arc=pass (i=1 spf=pass spfdomain=linux.ibm.com dkim=pass dkdomain=ibm.com dmarc=pass fromdomain=linux.ibm.com); spf=pass (google.com: domain of linux-kernel+bounces-99517-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-99517-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id e11-20020a170903240b00b001dd3cdeeab0si5649204plo.113.2024.03.11.13.33.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 13:33:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-99517-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=PyrLLxCS; arc=pass (i=1 spf=pass spfdomain=linux.ibm.com dkim=pass dkdomain=ibm.com dmarc=pass fromdomain=linux.ibm.com); spf=pass (google.com: domain of linux-kernel+bounces-99517-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-99517-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 86C87B20E09 for ; Mon, 11 Mar 2024 20:33:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9512D433D6; Mon, 11 Mar 2024 20:33:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="PyrLLxCS" Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2365FCA47; Mon, 11 Mar 2024 20:33:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.158.5 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710189219; cv=none; b=YOPDPwbwOCnCJsIMH3sx5d9ATrsSxadrfWe8NVtzFFqxvtUby3oRqyIW3xeU5DIdaUHzP09V2jXd4cUc1z01a3XXzTJrX8ozwokH8X64HERbghEtZ7ja+QF/7OHI/gymeQxVje1W16MFn3HhieBQ6jpWTHQePoVCI8/XwHly6SU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710189219; c=relaxed/simple; bh=p6NY3TH8C+93105l9cgG/APZLkrvK91XHirdtc2MYlU=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=HK2lV7zETppLJ+xZuOmvRa+FQJbj1Q03kNGPtjMeBA8RBVM7nVVlncysdtgRjKY5woa4YBBv90oNnImshcMqT5G5jFJ807NZakyi+zVO2X/3pN08dWra9R9bd88Jr+pTmPkxvBI3bLUrlEpp5031C6Hc2518mOZZdyhncyQ+h4A= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=PyrLLxCS; arc=none smtp.client-ip=148.163.158.5 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Received: from pps.filterd (m0353722.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 42BKRknK026132; Mon, 11 Mar 2024 20:33:23 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : mime-version : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding; s=pp1; bh=sXFr27bQDiRiOge2BNvqQUpm9MexS3FoxPTB1IZaFlE=; b=PyrLLxCSSUAQExJl8o+7Er/W6Tmef9K100zzQRCrn++6d2mORuoaha8dvwv+IOA0hhDp PqouCRPlOrKB4s5+L2rDFxqknjc4jjhQrXGJ3heieGiL4lcHnR4OCdwtd+XLR6j70tuA gCTtS/XGcqTapdQOyXLhT8HrSnFY8U948usCprnl8dexMwK28ZxRtllarEFIVQLHW+5Z 5wTmwa0Xv/WI1coVSnbDypqZhp10ZZAVOfuwWMOPlBlVb11r83DSeREXjRci0XiDijgt RX2xmZf+gYtfnA9+ZIBtO8CpV8uWHAUmv0MrPIy2JRuttMrvBtalDhDwbqGyu0PaH+W4 vQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3wt90x83b5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 11 Mar 2024 20:33:23 +0000 Received: from m0353722.ppops.net (m0353722.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 42BKV23Z003321; Mon, 11 Mar 2024 20:33:22 GMT Received: from ppma23.wdc07v.mail.ibm.com (5d.69.3da9.ip4.static.sl-reverse.com [169.61.105.93]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3wt90x83ay-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 11 Mar 2024 20:33:22 +0000 Received: from pps.filterd (ppma23.wdc07v.mail.ibm.com [127.0.0.1]) by ppma23.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 42BJhkIC020435; Mon, 11 Mar 2024 20:33:22 GMT Received: from smtprelay06.dal12v.mail.ibm.com ([172.16.1.8]) by ppma23.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3ws3kktr6b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 11 Mar 2024 20:33:21 +0000 Received: from smtpav01.wdc07v.mail.ibm.com (smtpav01.wdc07v.mail.ibm.com [10.39.53.228]) by smtprelay06.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 42BKXIPG29425932 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 11 Mar 2024 20:33:20 GMT Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9116458066; Mon, 11 Mar 2024 20:33:18 +0000 (GMT) Received: from smtpav01.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8337858063; Mon, 11 Mar 2024 20:33:17 +0000 (GMT) Received: from [9.47.158.152] (unknown [9.47.158.152]) by smtpav01.wdc07v.mail.ibm.com (Postfix) with ESMTP; Mon, 11 Mar 2024 20:33:17 +0000 (GMT) Message-ID: <916fb19b-daf8-4c1b-bc25-f071d2b3ae33@linux.ibm.com> Date: Mon, 11 Mar 2024 16:33:17 -0400 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RFC PATCH v2 3/3] tpm: of: If available use linux,sml-log to get the log and its size Content-Language: en-US To: Jarkko Sakkinen , mpe@ellerman.id.au, linux-integrity@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Cc: linux-kernel@vger.kernel.org, rnsastry@linux.ibm.com, peterhuewe@gmx.de, viparash@in.ibm.com, devicetree@vger.kernel.org, jsnitsel@redhat.com References: <20240311132030.1103122-1-stefanb@linux.ibm.com> <20240311132030.1103122-4-stefanb@linux.ibm.com> From: Stefan Berger In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-GUID: -jVqDx0V8NJBMzGIKWEGNVFA9ho9AuWn X-Proofpoint-ORIG-GUID: 8JcFWMEzsYR8oR4fF6-zlEthl9OmVA-N X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-11_11,2024-03-11_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 mlxscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 priorityscore=1501 spamscore=0 mlxlogscore=999 phishscore=0 bulkscore=0 adultscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311290000 definitions=main-2403110157 On 3/11/24 16:25, Jarkko Sakkinen wrote: > On Mon Mar 11, 2024 at 3:20 PM EET, Stefan Berger wrote: >> If linux,sml-log is available use it to get the TPM log rather than the >> pointer found in linux,sml-base. This resolves an issue on PowerVM and KVM >> on Power where after a kexec the memory pointed to by linux,sml-base may >> have become inaccessible or corrupted. Also, linux,sml-log has replaced >> linux,sml-base and linux,sml-size on these two platforms. >> >> Keep the handling of linux,sml-base/sml-size for powernv platforms that >> provide the two properties via skiboot. >> >> Fixes: c5df39262dd5 ("drivers/char/tpm: Add securityfs support for event log") >> Signed-off-by: Stefan Berger > > I'm worried about not being up to date and instead using "cached" values > when verifying anything from a security chip. Does this guarantee that > TPM log is corrupted and will not get updated somehow? What do you mean 'guarantee that TPM log is corrupted'? The TPM was handed over from the firmware to Linux and the firmware then freed all memory associated with the log and will then not create a new log or touch the TPM or do anything that would require an update to the handed-over log. Linux also does not append to the firmware log. So whatever we now find in linux,sml-log would be the latest firmware log and the state of the 'firmware PCRs' computed from it should correspond to the current state of the 'firmware PCRs'. > > BR, Jarkko >