Received: by 2002:a89:48b:0:b0:1f5:f2ab:c469 with SMTP id a11csp1117294lqd; Thu, 25 Apr 2024 06:36:43 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCX6GmA1S1tpPAtWd4DFDauPP9EuI9Pk6uE6DhSPxKfU/Tgzf2zYQVIKoPb94JLFKrv5G1H6VOl2GUP416mbwVtm4eyvM371ZjkJ0xJTFw== X-Google-Smtp-Source: AGHT+IE9unrIMKIADziysIvKg9URbwyHlSVXvsWesVb0ynxAf+QviLBvbRIbyJ6I3WlsR8KqZaeZ X-Received: by 2002:a05:6a20:d80f:b0:1ad:7e4a:d681 with SMTP id iv15-20020a056a20d80f00b001ad7e4ad681mr6664576pzb.25.1714052203136; Thu, 25 Apr 2024 06:36:43 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714052203; cv=pass; d=google.com; s=arc-20160816; b=mGMtUvHu2k7M1bOlinbeM/4XHz6Zplc+FF3V8nLGwZdTZgn70oid4BLa6/2k6TKrks cIFOsZIKntY+wlPbn06073XBu8uIOvp88WgdLXbMmie+pdSRezsbUIkLLu0jsM79REbl M6ibIQC/HPMe63VP0wLi47cgXZiazr37i3mkMMBYV+y20Li4m/alzXrKlPdjIz/dNf5M ERiP7b5MsLLA6NBuJr5BZDKC6Ave2673rkvmul07DVKfG8Y8twjwnemfQp/tx8/oOf4y IvlPC29VdESeL4JDQ5oZl6WxPjrpKcxlcvSD4Pfp7MG4QQypvZHD1H1jBghUJABclq5n U4hg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date; bh=WIHy+O7SQ3pXn8pbT1UfZprqhJH5m5djH0Bwidq4l50=; fh=+VJ/KBCyPdeH34+kfRIYXbToO2sjovhaLESs/xGH9m8=; b=mUhokX7UklR6lX48cbyYALKkpi7DL9VqIdkb5UOW10z1FymHEpstbGBzJKQ9UuQRxC 3Pulzj18j8VCH1PzPDIMArloOC9X42GV8wPiL/tMElUnpTWNV+nvdDJBDZ0LhSGLy45k WfDhfMNvAX0F8OM114v/1KAaZPTUms9DLoou193GHcwEBzYXYWGsjOHDANsYQborYeKH n2t7iGF+n/l94zgkRnbw3/ZjH4qefjmVvEquUnOt2cAJWurkKan1ho/TyyPvqF3KGYCd pCas4CTIJRCEGSZCaJ+sMyPS2/p6bgd4DBeFiua6fPl0OLWhfBviVuWvhZLotaHAn3cN Bnmw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=0pointer.de); spf=pass (google.com: domain of linux-kernel+bounces-158611-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-158611-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id x64-20020a638643000000b005f7fd30b1dcsi11291655pgd.106.2024.04.25.06.36.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Apr 2024 06:36:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-158611-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=0pointer.de); spf=pass (google.com: domain of linux-kernel+bounces-158611-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-158611-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id BFB5D281843 for ; Thu, 25 Apr 2024 13:36:42 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E5C85149C6E; Thu, 25 Apr 2024 13:36:38 +0000 (UTC) Received: from gardel.0pointer.net (gardel.0pointer.net [85.214.157.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5CD6F3717F; Thu, 25 Apr 2024 13:36:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=85.214.157.71 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714052198; cv=none; b=D7PSJj7UZfavbV3HyENWgHS74f1BQgmtPUc/OWPysKYTKVmt81t+7TqR/HHVt6pOpTWmHoYWQT+3Is+Rrp4vn6KWPXXNBsMP0llk7gXDf/FiSe9tF58WaEnIuBeXYlbflj6oNzxOSyIzf4nvbECElLb+UMe/iVLlRmxnHNl2Dns= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714052198; c=relaxed/simple; bh=WIHy+O7SQ3pXn8pbT1UfZprqhJH5m5djH0Bwidq4l50=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=UPWllPNRuNO6lBDuqu8hHzOMbUIHXkodDf4/F4g0ohK/7ObyV4fyIPW/zk5SnhcjsD2IqIl/sev1BN5oO0ztB5trCBybhdsWG84CeAvPneOKPqCrgnRL5YSxgDFEzCdygcmLXaFz5c8/NJak08Jj5WQDQoJLc8R6r9n4neVS9L8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=0pointer.de; spf=pass smtp.mailfrom=0pointer.de; arc=none smtp.client-ip=85.214.157.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=0pointer.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=0pointer.de Received: from gardel-login.0pointer.net (gardel-mail [IPv6:2a01:238:43ed:c300:10c3:bcf3:3266:da74]) by gardel.0pointer.net (Postfix) with ESMTP id 06EDAE80EF2; Thu, 25 Apr 2024 15:36:31 +0200 (CEST) Received: by gardel-login.0pointer.net (Postfix, from userid 1000) id 802E2160029; Thu, 25 Apr 2024 15:36:30 +0200 (CEST) Date: Thu, 25 Apr 2024 15:36:30 +0200 From: Lennart Poettering To: Ilias Apalodimas Cc: Ard Biesheuvel , James Bottomley , Mikko Rapeli , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: Re: [PATCH] efi: expose TPM event log to userspace via sysfs Message-ID: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Do, 25.04.24 14:47, Ilias Apalodimas (ilias.apalodimas@linaro.org) wrote: > > Yeah, the physical address is of no interest to us. We just need to > > know the existance, and that independently of any actualy tpm device > > having shown up. i.e. existance of > > /sys/kernel/security/tpm0/binary_bios_measurements would be good > > enough for is if it was available without "tpm0" actually being > > around... > > IIRC 'binary_bios_measurements' is only created after the TPM drivers > probe the device, so that wouldn't work. > Ard is right though the TPMEventLog is an EFI stub construct, so > exposing this is Linux-specific (and stub-specific). > The TPMFinalLog OTOH is described by the TCG spec so exposing that > even using the address address would work for systemd Hmm, let me ask explicitly: is there any good reason for 'binary_bios_measurements' being tied to specific TPM devices? i mean it just exposes some firmware-provided memory area, no? So, if the answer to that question is "no", maybe we can just move the file to some generic place that is not tied to "tpm0" being around, and then make the current file a symlink to that new place for compat? i.e. /sys/kernel/security/tpm0/binary_bios_measurements could be a symlink to → /sys/kernel/security/binary_bios_measurements and the latter could be something the kernel always exposes, before any tpm drivers are loaded? Lennart -- Lennart Poettering, Berlin