Received: by 10.223.164.221 with SMTP id h29csp246110wrb;
        Fri, 3 Nov 2017 08:29:19 -0700 (PDT)
X-Google-Smtp-Source: ABhQp+SbiAxDxEN3pqr3BRlilqaNSaMXCizjkbd96NF5yy5WL7FqUPkWeMvR+YgOrYYzfhhEhYba
X-Received: by 10.98.223.137 with SMTP id d9mr7933982pfl.98.1509722959673;
        Fri, 03 Nov 2017 08:29:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1509722959; cv=none;
        d=google.com; s=arc-20160816;
        b=w6jQEuL5Ugly9NRCrD6uXceBYZM1LnlSNZ5lhOP07h9tIAfcqRp2GvouwhYqS283Uq
         /xpmISBp2Ft4BzUw3N55R82+xVKKpnhw3Kz7igbfLh7mrushld2Bwu+7WfvaoZ1WpTvq
         iBjuHQu6V4ftLK/uUx67iZH9gwYyemrsP/QnUEF+Lq6ooCd7ixhVfm9KSkw7GdX+kIsO
         K5VoWxpKEvabs0Hc+o4zZ14XfN1rHS/NoE5omTYgkUvCJQ5alUffkyAXqZY+NM0H1kzo
         oYIyAWBNbApDvDx2qDrQkX5dRaBc57o4uCLpAyb83KRZIu+u9QNUejFelFZMMrmyfubY
         ImKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:organization:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=taXCfPLYODg0BieDYUpOtB0staIvuI7s3sunzXkOJrI=;
        b=U0bkx4St42AClTCOI1g7VUs94hO0+wywUq3+icerQ8bwmHMkJxuIUhrBfZEPsVz3Ix
         KyfWow5qFvGpfHAnjdwEW/aSomRAFPyj2vv5uJO7bgD1cIPSzFVNlLAMIzFQhSNoJmS3
         toHiR+eytXjYKwPxnWLHg0BeXPa67gYPtLdFWoZ8HN48UfpCSZ0wm2Gs3naBZsNVfv8u
         bHu+LonYHU6D9W8lyk5lWB3tsOd8a/r5hYKiSl0tgQj4YgXLJOJsIc6hvdaIZjhxZrhv
         hvIKiDUTbHyD5l/VuZ4VkuNzKXbGt8nwWgeEqgIxyWh77KizdLv5jnR49wyTUqvWJP9g
         cCzQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a91si4905277pla.788.2017.11.03.08.29.06;
        Fri, 03 Nov 2017 08:29:19 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755994AbdKCP1V (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 95 others);
        Fri, 3 Nov 2017 11:27:21 -0400
Received: from mga02.intel.com ([134.134.136.20]:11036 "EHLO mga02.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1755841AbdKCP1K (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 3 Nov 2017 11:27:10 -0400
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Nov 2017 08:27:10 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.44,339,1505804400"; 
   d="scan'208";a="1213916458"
Received: from unknown (HELO localhost) ([10.249.254.218])
  by fmsmga001.fm.intel.com with ESMTP; 03 Nov 2017 08:27:05 -0700
Date:   Fri, 3 Nov 2017 17:27:03 +0200
From:   Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To:     Thiebaud Weksteen <tweek@google.com>
Cc:     linux-efi@vger.kernel.org, ard.biesheuvel@linaro.org,
        matt@codeblueprint.co.uk, linux-kernel@vger.kernel.org,
        mjg59@google.com, tpmdd-devel@lists.sourceforge.net,
        peterhuewe@gmx.de, jgunthorpe@obsidianresearch.com,
        tpmdd@selhorst.net
Subject: Re: [PATCH v2 0/3] Call GetEventLog before ExitBootServices
Message-ID: <20171103152703.f224mvtg3luubqa3@linux.intel.com>
References: <20170911100022.7251-1-tweek@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20170911100022.7251-1-tweek@google.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Sep 11, 2017 at 12:00:19PM +0200, Thiebaud Weksteen wrote:
> With TPM 1.2, the ACPI table ("TCPA") has two fields to recover the Event Log
> Area (LAML and LASA). These logs are useful to understand and rebuild the
> final values of PCRs.
> 
> With TPM 2.0, the ACPI table ("TPM2") does not contain these fields anymore.
> The recommended method is now to call the GetEventLog EFI protocol before
> ExitBootServices.
> 
> Implement this method within the EFI stub and create copy of the logs for the
> TPM device. This will create /sys/kernel/security/tpm0/binary_bios_measurements
> for TPM 2.0 devices (similarly to the current behaviour for TPM 1.2 devices).
> 
> -------------------------------------------------------------------------------
> 
> Patchset Changelog:
> 
> Version 2:
> - Move tpm_eventlog.h to top include directory, add commit for this.
> - Use EFI_LOADER_DATA to store the configuration table
> - Whitespace and new lines fixes
> 
> 
> Thiebaud Weksteen (3):
>   tpm: move tpm_eventlog.h outside of drivers folder
>   efi: call get_event_log before ExitBootServices
>   tpm: parse TPM event logs based on EFI table
> 
>  arch/x86/boot/compressed/eboot.c                   |  1 +
>  drivers/char/tpm/Makefile                          |  2 +-
>  drivers/char/tpm/tpm-chip.c                        |  3 +-
>  drivers/char/tpm/tpm-interface.c                   |  2 +-
>  drivers/char/tpm/tpm.h                             | 35 ++++++++--
>  drivers/char/tpm/tpm1_eventlog.c                   | 17 +++--
>  drivers/char/tpm/tpm2_eventlog.c                   |  2 +-
>  drivers/char/tpm/tpm_acpi.c                        |  2 +-
>  drivers/char/tpm/tpm_efi.c                         | 66 ++++++++++++++++++
>  drivers/char/tpm/tpm_of.c                          |  2 +-
>  drivers/firmware/efi/Makefile                      |  2 +-
>  drivers/firmware/efi/efi.c                         |  4 ++
>  drivers/firmware/efi/libstub/Makefile              |  3 +-
>  drivers/firmware/efi/libstub/tpm.c                 | 81 ++++++++++++++++++++++
>  drivers/firmware/efi/tpm.c                         | 39 +++++++++++
>  include/linux/efi.h                                | 50 +++++++++++++
>  {drivers/char/tpm => include/linux}/tpm_eventlog.h | 32 ++-------
>  17 files changed, 301 insertions(+), 42 deletions(-)
>  create mode 100644 drivers/char/tpm/tpm_efi.c
>  create mode 100644 drivers/firmware/efi/tpm.c
>  rename {drivers/char/tpm => include/linux}/tpm_eventlog.h (77%)
> 
> -- 
> 2.14.1.581.gf28d330327-goog
> 

Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.cpm>

/Jarkko

From 1578510128075648372@xxx Thu Sep 14 10:22:47 +0000 2017
X-GM-THRID: 1578237002426688672
X-Gmail-Labels: Inbox,Category Forums