Received: by 2002:a89:48b:0:b0:1f5:f2ab:c469 with SMTP id a11csp1119856lqd; Thu, 25 Apr 2024 06:40:09 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWtqvBwXLGRjoEspiy8EXOZrD7Ff3z9/ZWS34e2bncO1rsiQKaJrZ2ml10wHczorjh5vlzo66stOOuUMxGX3von/ruU5xAbr7pwyrxd7w== X-Google-Smtp-Source: AGHT+IEbc3i8gv6DixrbzSRRrZbcjxOQK2SNSxdaXhJjlOubGUbskaLY5EzTI4qZxhyCSX/tW5vq X-Received: by 2002:a17:906:a46:b0:a55:5ed2:44d5 with SMTP id x6-20020a1709060a4600b00a555ed244d5mr3821717ejf.68.1714052409504; Thu, 25 Apr 2024 06:40:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714052409; cv=pass; d=google.com; s=arc-20160816; b=r9JYFnNTWlDW9V2SUjGCd/gks7QtcQPjxsOuZx7llJIzc1VG8PR/WBMrhp0g6a7PGQ DwfIlMSPx4J+FOgGdA7Z3YkBWvj58Nbox4GM8GEmoNuoCLtQyI5ikGRqGvycgw6dnYPm 1/cc+cWBXN7/ZYepROoyoZESoxgrUjb7/jorI5kociDJFhToNRlGQvaAuMYJUgzglixN MkpdCV9QUMutFjDp7TU+vuIHlvymBnvIDdKNiVwcc8PHCE5x8jQnZuioZL2PLI59AypX 36hZy/uRMhhVE9gOsaVktIyrUlVpsHT3yOfXWAB7AXqGAkppQ/9oLm1g/68aDU71VdtN bTpg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=OBB6iHa1DFexaylbLPu7OCjWw+zETYmnkR2w2e4JHJI=; fh=SRZVb0/+CGkE5R3qiurYkvqVFMzh150ur/KHfE8O2J8=; b=ncD8RQKxKeDHR1fF94g93zPieeJwbLtj86NAc4bKTKw7zjEvxw4PiZx3fAEMjGYem+ pklU7NSnssTPsuTRkIkM95jxC1vXDaP25m9Hh444x1LjeDabxRQagu8zftb1DFnNVqMm etGeOcmQYsPJwCuS2PwHKhlMpBqyAvooqUHgbO45jbXHJGDTMwnUWfr9SegEofVPnHjA Ktk/PB3cptDt2GgqvL7e2/8D8M4R4Sk/e8+j8O+69eH9HLCI/Xrb2x3Zc2SJ5XAhQx8T WEGVrGbXt20dUhUJaDo/iXYMsK98mUQSyzKVM/C0qgEH7YeWLbUp07PRwvnfMnhVMNOI OlvA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GzpBQzle; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-158612-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-158612-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id d6-20020a1709067f0600b00a5592a9bea6si7491841ejr.175.2024.04.25.06.40.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Apr 2024 06:40:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-158612-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GzpBQzle; arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass dkdomain=linaro.org dmarc=pass fromdomain=linaro.org); spf=pass (google.com: domain of linux-kernel+bounces-158612-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-158612-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id F2B971F21396 for ; Thu, 25 Apr 2024 13:40:08 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 57327149C71; Thu, 25 Apr 2024 13:40:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="GzpBQzle" Received: from mail-lj1-f176.google.com (mail-lj1-f176.google.com [209.85.208.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E4FD584FC9 for ; Thu, 25 Apr 2024 13:39:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.176 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714052400; cv=none; b=lV5J1UA3Cmym847H7lBA/GUnw25IIOs5KAJUTdNjjBc786RpZs4Z/ExZDikIvlqCnDVbbFcwthuCdP6M01PRqB8/zL4R0PoeZxJKTMq+BPz6CWvYA1YEA/shM5dY+oRXN8zrVMRzgNZ30qCcfWgqO2OLEWGYl7hS49xhbFgIXIk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714052400; c=relaxed/simple; bh=bXoyo74idfaeP23Csyi+9QlLYhTnXr+jINGhM2Cr4qs=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=q8XTEw62PdZSFCJMz8r+X+PV2ONPMvwB4tGhNxvfaO2hjX4EjOSrvG1Zzo0JUPLlH5lk1f94u15OvBqOX5zN+ERgC3MueLW+Hkx2H6GHJKmssdPB4/W1bIvrTXdgYbSPdHJZKl+pYO+NhNq12JPKgJSrUPqRjyKsEI/8cJxARAE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org; spf=pass smtp.mailfrom=linaro.org; dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b=GzpBQzle; arc=none smtp.client-ip=209.85.208.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-lj1-f176.google.com with SMTP id 38308e7fff4ca-2ddc2ea2091so9309991fa.1 for ; Thu, 25 Apr 2024 06:39:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1714052397; x=1714657197; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=OBB6iHa1DFexaylbLPu7OCjWw+zETYmnkR2w2e4JHJI=; b=GzpBQzleH+e/gWKZd3KvFvsdwIJapoClMYjLvcPjVmZI5Phbpb3DhKj3//kbw4Jr2M aX/kPGgp9BVrRAxCZXnrP+Z/IIFBuWYltdw9RCv5GROR/fKaSC7MOXjOmJK4oyTCrSSQ V++QCBYo1XzddAWuSxE2KEzfN/mdA7pKe++sE895fMjOnZKNz8wNGXfAQ2S9tRKK3Bkr LP93+/NMI+lGpm6CsNKOWQ3atieZiwdZQ6eoEeThLCeuhKQ8//qPtFMDjiMxU5sW7jTj eUyVScJ3sCIGlds7hvr40mzxQqrnSAZaTbj1iE4XFEVQy2eT+SdZpPYnoK9w+ZUZEoQ1 7ulQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714052397; x=1714657197; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=OBB6iHa1DFexaylbLPu7OCjWw+zETYmnkR2w2e4JHJI=; b=BEznierLzXjwJkYMC+//B7Rteb/RjA8kGFRxfgpgVktt6qn+S+o36l3gyDnTbX6RwW VcD14FGgC51jjmssYOENLrVSokLzBoKkVI4d4n9VoZjj882rs2+TrY9bjibWvFt7jr5x tm2FitGEk6wRUM237JeJfZYhZTlp7TbK38hyTRuNr7H+7LRgOR7/AJ3YDCI8coqsVHkq d+bT1N8fnh1vPVRXi0aCJ4oChwg5eluQ0F6GGrr3ydcMBHae3dB4/2hWSdGuG1FKjDR6 zl+sX7tsRm5ry6YVRw/ah5OUoZbT+v+CxIMxTiqVqhFSJwiE9mbf8nDvu25CoVJoO4bU GFiw== X-Forwarded-Encrypted: i=1; AJvYcCW5vmd8eZ8qlidoBzyJlU4uuy7dh9Ak6BHN8Wb+rCElchdVgO/utyiONQTM2cUTkBeoTNDBOGFwX//nZZdlQtYLRi1knsjlpPoPzuPM X-Gm-Message-State: AOJu0YzRoNOBLjSrPfsQp30yjI0OahEBC+1iUy2Nzp3WUY5HR1Y1PLnP qOok/KAI3ldMK6BkLVgislpb2xXcLJwOLlakwdZ9vW3Ou//V0680HkuYEfV26ZW+iuh5oj+WgMM ztAc= X-Received: by 2002:a2e:9184:0:b0:2d9:eb66:6d39 with SMTP id f4-20020a2e9184000000b002d9eb666d39mr3740353ljg.19.1714052397101; Thu, 25 Apr 2024 06:39:57 -0700 (PDT) Received: from nuoska (87-100-245-199.bb.dnainternet.fi. [87.100.245.199]) by smtp.gmail.com with ESMTPSA id u5-20020a2e9f05000000b002dd7b339bdesm1289452ljk.1.2024.04.25.06.39.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Apr 2024 06:39:56 -0700 (PDT) Date: Thu, 25 Apr 2024 16:39:54 +0300 From: Mikko Rapeli To: James Bottomley Cc: Lennart Poettering , Ard Biesheuvel , Ilias Apalodimas , linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org Subject: Re: [PATCH] efi: expose TPM event log to userspace via sysfs Message-ID: References: <6e751959b9056884c1b9d3ba23e303d1737d8763.camel@HansenPartnership.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Hi, On Thu, Apr 25, 2024 at 09:24:48AM -0400, James Bottomley wrote: > On Thu, 2024-04-25 at 11:58 +0200, Lennart Poettering wrote: > [...] > > General purpose distros typically don't build all TPM drivers into > > the kernel, but ship some in the initrd instead. Then, udev is > > responsible for iterating all buses/devices and auto-loading the > > necessary drivers. Each loaded bus driver might make more devices > > available for which more drivers then need to be loaded, and so on. > > Some of the busses are "slow" in the sense that we don't really know > > a precise time when we know that all devices have now shown up, there > > might always be slow devices that haven't popped up yet. Iterating > > through the entire tree of devices in sysfs is often quite slow in > > itself too, it's one of the most time consuming parts of the boot in > > fact. This all is done asynchronously hence: we > > enumerate/trigger/kmod all devices as quickly as we can, but we > > continue doing other stuff at the same time. > > So let me make a suggestion that you can use now. Since all you > currently care about is the EFI/ACPI device, there is always a single > sysfs entry that corresponds to that (so you shouldn't need the log > entry as an indicator): > > /sys/bus/acpi/devices/MSFT0101\:00 > > That link (or a kobject uevent if you prefer to look for that) will > always appear regardless of whether a driver has attached or not. When > the driver actually attaches, a driver/ directory will appear where the > link points. > > The device link is added when the acpi scan is initiated as a > subsys_initcall, which is before all the filesystem initcalls, so it > should run before the initrd is mounted. > > Is this enough for now and we can think about a more generic indicator > that all drivers have been probed later? This covers EFI ACPI devices but not devices without ACPI. Some boards have the TPM device data in devicetree. Some boards have a firmware TPM which is not listed in devicetree but is detected at runtime once optee drivers, tee-supplicant, etc have loaded. Based on the comments here, I could propose a v2 with TPMFinalLog based sysfs file which is empty but existence of the file shows to systemd that EFI firmware used a TPM device and that can queue in the normal ACPI, devicetree or other mechanisms of detecting the real TPM device, loading drivers and possibly needed userspace components like tee-supplicant for optee and fTPM. I don't know how non-EFI firmware could be supported, unless they show the ACPI TPM entry. Cheers, -Mikko