Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp2299423lqt; Mon, 22 Apr 2024 07:13:27 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU2uHrkbDxQmBw9BCDWDv+pKR9jgOsmS2C0TiUoXxPBozADmD91xazHl43MJ1xhUl+E9EVvkwtNge0vUo2axrLSNPMZNvVycZ4q4EE/Aw== X-Google-Smtp-Source: AGHT+IEEowtyHADNgc1qzE5wIBc8v0LiMwYnWMWTbYNy3OGjY1NCHPBNoZ6DR7UgwX1bGTtRexsp X-Received: by 2002:a05:6a20:3ca0:b0:1a9:7ad8:79f with SMTP id b32-20020a056a203ca000b001a97ad8079fmr11406364pzj.13.1713795206921; Mon, 22 Apr 2024 07:13:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713795206; cv=pass; d=google.com; s=arc-20160816; b=LTdaTIMQwST+mm1gUCvOxLaiWPFcx7MBPYcRA7HX6qvWV6RWnfXPlGl63mHYmb2ywH uBYqDssxUigIy5zo2a8GOqShCHThKt23MqaTACblstBLBoz4IdxXBpmGWMxuwGkDeseC n5GabNZUkY5XizvODz+AZHjKwtcdOngFH7YUQyZoVzMDrLmijnfx5fTH/H1lC8BIoKK8 1ZxfsT2FG0jbDK7IbZyUz5GNhCgPbjZAkJTSEhCs7flBoJZuOxl21pCOFl059XX+lMpD UaVLLQF+c+SZRCJJIeH1x4Rtyxuw3MOwmLia6Djg5kOTAiUdCy2cZZLZMSj3wHYulXv6 ryfQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=2wUr8A6N46atUY/DKzgo42AitBlyVp1xej9/CqcLFTk=; fh=dKYKOLEQeFQj+qNWVqCdr869FYHRMkUCK8R3EMZtEmE=; b=TIZoaPHKwcW1sKp2DZSQnKQxqRKWP+bYHk2u8DvnAegq4pcJJZKVqpZthvVUtYWWcd ZmzSnbTC+9QiZvX0aSZjvok2KYJbQHZ2f2jfsa6AH9nlkvC8kO/J2zAcpsIrvyoB5XAz dOruMPWjmKfjGEU7r0htz2SG5BJH3n8c1OxLAn1xD+yu0jextg7hKey/clofzp9NKaUU 31EHA+sj0k1Duk7iFijuhibL0XZHfVhHnoganSGdI7VpL6hQB8C5SxyPZLmzAnj+6LzZ 7+BHyLPmFsHojzfyi2JJLF57B3x/LCsV2i+YMl3DtTMzOm8sonahobU5Xm6T3T4OwCms LBxw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Q7w4Ko1U; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-153505-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-153505-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id i21-20020aa78d95000000b006eac25f3a21si7778221pfr.43.2024.04.22.07.13.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Apr 2024 07:13:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-153505-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Q7w4Ko1U; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-153505-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-153505-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id EA4A6B268DA for ; Mon, 22 Apr 2024 13:55:15 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 34445150997; Mon, 22 Apr 2024 13:55:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="Q7w4Ko1U" Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com [209.85.167.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A0CDF746E for ; Mon, 22 Apr 2024 13:55:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.48 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713794107; cv=none; b=eWnFY90j3qZHm0L4E4pY+9nBpj9ISvGTrv5l9+1SmoN4m00BEYhhG3dRx4XGzIe180yIdT9s3n3GT7K4ialLHx+MnQ6Ai3Wgmy7BtmFDfLOepJbxZIjiV6W1n+odChhtT3S72Im11Pou5D3SJkgUb5kIsrg9uLzo2DNunanPZt4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713794107; c=relaxed/simple; bh=qdxEzvr6nvLKZQIAmlq3J0QgmLEaC1FRhBzYdR4eq8o=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=NYsrWet4+D2//JTW5X931iZBUwlAgA0WeVomBLQqcn3L4k5Qyw5cAkzQjYlEPg0wL0baCZ7/U18iJU3y94ip8PZvuaQHzBGeDlu7QVjTRaCCgWchjfCBbc+VWcB4QO+ozHrpiFkE+dF7YKaKas/PPCgB0IHE/8VEvXNgo3uD+gM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=Q7w4Ko1U; arc=none smtp.client-ip=209.85.167.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-lf1-f48.google.com with SMTP id 2adb3069b0e04-518a3e0d2ecso6618517e87.3 for ; Mon, 22 Apr 2024 06:55:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1713794104; x=1714398904; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=2wUr8A6N46atUY/DKzgo42AitBlyVp1xej9/CqcLFTk=; b=Q7w4Ko1U7CqmIN6Rew/VcwKD6Cmk4JdYB0kzU/jGZ10TjYAyxkhAa1H5+SjCL/cP5G /st1GOrKn2TOA+dUBEGQHS46PvkcuoBzLspLzv8OANBb3+i71ijtGDD4GtiD7vO0qA+o fIvIGXwW0ewNUoEXLSXOZPv36EswcwguK7X469yBqVv9qks0sVatAdRaGMuqA5oMN+YL FEmPgsYrJKRqKgEiIBJG8nlPtn1pJzeNo4vismhpx7lIPRS2h9kk6W2kJokEar4t9gtU L1/x4krqYsDO5W5N2otsvEoWfVctIajXWN52+YopV0kHMON4EzZobb8kgAi/TvC1t+8Y Jh7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713794104; x=1714398904; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2wUr8A6N46atUY/DKzgo42AitBlyVp1xej9/CqcLFTk=; b=b8aDzXh1ngXZgepWd6OM0I0/wW8B9ECp5Eer834z8sBr0TL+AS1n7iqlxvCiqceZqk TiugUAwsCLPjnMLoFP3hEjAL72c+VT78mSCPRrM00Li+0ItooUBCi98DrsugPORx11+1 M4hE98Km6GFTPjW2bKC94lb/1EkjQXreYF7fLt3CImGjQbCMyftcHvAz66mRtF4kTw/q 61XNpUnrg6GN7qI05xOtbtxQTqtZwQ+/UthXQ48IyZsEg4/m8TVMntnp21l4YogsGjqt TKwjxHkCjR9iNHW2HRokwaJ216ifv1B1C/Ff6SFzbffnsFRlTOg7fftKyuOcMFSgWlmC h8Mg== X-Forwarded-Encrypted: i=1; AJvYcCXQgYlUZCFDJ85jKJXWerct8457McBvXmJZCZ3BJ6n/f63r/ja/bHnB68QsPdnYgC+yi7gBxvnSHvl9XuATAoDc7zMjqVg/oiXCK9qo X-Gm-Message-State: AOJu0YwwYnIkQOdLxrqgyYxeiZpAh/WMMYtyjEC2PXAnKnD/OkkbXuUX GNAJxTQViOZnNou0XozPBroUPwopbnW1s/vdPgojZAZoOB3arwvGtDr2gpUUT9WH2nU1y1srrCR JI03gci/DWoW5H2c66fCSeY0Z1mwDIOH/p5D6Jw== X-Received: by 2002:a05:6512:370f:b0:518:c8e1:478 with SMTP id z15-20020a056512370f00b00518c8e10478mr7686445lfr.58.1713794103828; Mon, 22 Apr 2024 06:55:03 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240422112711.362779-1-mikko.rapeli@linaro.org> <6e751959b9056884c1b9d3ba23e303d1737d8763.camel@HansenPartnership.com> In-Reply-To: From: Ilias Apalodimas Date: Mon, 22 Apr 2024 16:54:26 +0300 Message-ID: Subject: Re: [PATCH] efi: expose TPM event log to userspace via sysfs To: James Bottomley Cc: Mikko Rapeli , Ard Biesheuvel , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, Lennart Poettering , linux-integrity@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Hi James On Mon, 22 Apr 2024 at 16:38, James Bottomley wrote: > > On Mon, 2024-04-22 at 16:32 +0300, Ilias Apalodimas wrote: > > Hi all, > > > > On Mon, 22 Apr 2024 at 16:08, Mikko Rapeli > > wrote: > > > > > > Hi, > > > > > > On Mon, Apr 22, 2024 at 08:42:41AM -0400, James Bottomley wrote: > > > > On Mon, 2024-04-22 at 14:27 +0300, Mikko Rapeli wrote: > > > > > Userspace needs to know if TPM kernel drivers need to be loaded > > > > > and related services started early in the boot if TPM device > > > > > is used and available. > > > > > > > > This says what but not why. We already have module autoloading > > > > that works correctly for TPM devices, so why is this needed? > > > > > > > > We do have a chicken and egg problem with IMA in that the TPM > > > > driver needs to be present *before* any filesystem, including the > > > > one the TPM modules would be on, is mounted so executions can be > > > > measured into IMA (meaning that if you use IMA the TPM drivers > > > > must be built in) but this sounds to be something different. > > > > However, because of the IMA problem, most distributions don't end > > > > up compiling TPM drivers as modules anyway. > > > > > > > > Is what you want simply that tpm modules be loaded earlier? > > > > > > Yes, ealier is the problem. In my specific testing case the machine > > > is qemu arm64 with swtpm with EFI firmware for secure boot and TPM > > > support. > > > > > > Firmware uses TPM and does measurements and thus TPM event log is > > > available on this machine and a bunch of other arm64 boards. > > > Visible in early boot dmesg as TPMEventLog lines like: > > > > > > [ 0.000000] efi: ESRT=0xf0ea5040 TPMFinalLog=0xf0ea9040 > > > RTPROP=0xf0ea7040 SMBIOS=0xf0ea3000 TPMEventLog=0xeb3b3040 > > > INITRD=0xeb3b2040 RNG=0xe5c0f040 MEMRESERVE=0xe5c0e040 > > > > > > Different boards use different TPM HW and drivers so compiling all > > > these in is possible but a bit ugly. systemd recently gained > > > support for a specific tpm2.target which makes TPM support modular > > > and also works with kernel modules for some TPM use cases but not > > > rootfs encryption. > > > > > > In my test case we have a kernel+initramfs uki binary which is > > > loaded by EFI firmware as a secure boot binary. TPM support on > > > various boards is visible in devicetree but not as ACPI table > > > entries. systemd currently detect TPM2 support either via ACPI > > > table /sys/firmware/acpi/tables/TPM2 or TPM entry or via firmware > > > measurement via /sys/kernel/security/tpm0/binary_bios_measurements > > > . > > > > One corner case worth noting here is that scanning the device tree > > won't always work for non-ACPI systems... The reason is that a > > firmware TPM (running in OP-TEE) might or might not have a DT entry, > > since OP-TEE can discover the device dynamically and doesn't always > > rely on a DT entry. > > > > I don't particularly love the idea that an EventLog existence > > automatically means a TPM will be there, but it seems that systemd > > already relies on that and it does solve the problem we have. > > Well, quite. That's why the question I was interested in, perhaps not > asked as clearly as it could be is: since all the TPM devices rely on > discovery mechanisms like ACPI or DT or the like which are ready quite > early, should we simply be auto loading the TPM drivers earlier? This would be an elegant way to solve this and on top of that, we have a single discovery mechanism from userspace -- e.g ls /dev/tpmX. But to answer that we need more feedback from systemd. What 'earlier' means? Autload it from the kernel before we go into launching the initrd? Thanks /Ilias > James >