Re: Add support for TCG2 log format on UEFI systems
On Tue, Apr 02, 2019 at 10:15:39AM -0700, Matthew Garrett wrote: > On Tue, Apr 2, 2019 at 6:07 AM Jarkko Sakkinen > wrote: > > Reviewed-by: Jarkko Sakkinen > > Tested-by: Jarkko Sakkinen > > > > I'll apply all patches soonish and include them to the next PR. > > Thanks! Looks like I need some fixes to deal with non-x86 > architectures, I'll get on that today. Great thanks. I'll check them tomorrow (Thu). /Jarkko
Re: Add support for TCG2 log format on UEFI systems
On Tue, Apr 2, 2019 at 6:07 AM Jarkko Sakkinen wrote: > Reviewed-by: Jarkko Sakkinen > Tested-by: Jarkko Sakkinen > > I'll apply all patches soonish and include them to the next PR. Thanks! Looks like I need some fixes to deal with non-x86 architectures, I'll get on that today.
Re: Add support for TCG2 log format on UEFI systems
On Mon, Apr 01, 2019 at 08:32:26PM -0700, Matthew Garrett wrote:
> On Mon, Apr 1, 2019 at 4:52 PM Jarkko Sakkinen
> wrote:
> >
> > On Wed, Feb 27, 2019 at 12:26:54PM -0800, Matthew Garrett wrote:
> > > Identical to V4, but based on tpmdd-next
> >
> > OK, so on my GLK NUC I get valid final log and invalid event log
> > after adding some extra klogs.
> >
> > I.e.
> >
> > - if (efi.tpm_log == EFI_INVALID_TABLE_ADDR)
> > + if (efi.tpm_log == EFI_INVALID_TABLE_ADDR) {
>
> Just to make sure - are you booting via the EFI boot stub? We need to
> obtain the boot log before ExitBootServices() is called, so if you're
> booting directly into the 32-bit entry point (eg, by using the "linux"
> command in grub) then you won't get a log.
... and I was wondering why it used to work when I tested the first
flush of patches. Ugh, sorry. The only excuse is too much multitasking
lately.
Anyway:
Reviewed-by: Jarkko Sakkinen
Tested-by: Jarkko Sakkinen
I'll apply all patches soonish and include them to the next PR.
/Jarkko
Re: Add support for TCG2 log format on UEFI systems
On Mon, Apr 1, 2019 at 4:52 PM Jarkko Sakkinen
wrote:
>
> On Wed, Feb 27, 2019 at 12:26:54PM -0800, Matthew Garrett wrote:
> > Identical to V4, but based on tpmdd-next
>
> OK, so on my GLK NUC I get valid final log and invalid event log
> after adding some extra klogs.
>
> I.e.
>
> - if (efi.tpm_log == EFI_INVALID_TABLE_ADDR)
> + if (efi.tpm_log == EFI_INVALID_TABLE_ADDR) {
Just to make sure - are you booting via the EFI boot stub? We need to
obtain the boot log before ExitBootServices() is called, so if you're
booting directly into the 32-bit entry point (eg, by using the "linux"
command in grub) then you won't get a log.
Re: Add support for TCG2 log format on UEFI systems
On Wed, Feb 27, 2019 at 12:26:54PM -0800, Matthew Garrett wrote:
> Identical to V4, but based on tpmdd-next
OK, so on my GLK NUC I get valid final log and invalid event log
after adding some extra klogs.
I.e.
- if (efi.tpm_log == EFI_INVALID_TABLE_ADDR)
+ if (efi.tpm_log == EFI_INVALID_TABLE_ADDR) {
+ pr_err("No event log\n");
return -ENODEV;
+ }
will result
[2.654392] No event log
but still
[0.00] efi: ACPI 2.0=0x69ca2000 ACPI=0x69ca2000
TPMFinalLog=0x69ce4000 SMBIOS=0x69f63000 SMBIOS 3.0=0x69f62000
ESRT=0x69f3e818 MEMATTR=0x63475118
Tomas, I wonder if you are able to get the log out with some machine?
/Jarkko
Re: Add support for TCG2 log format on UEFI systems
On Thu, Mar 14, 2019 at 02:04:02PM -0700, Matthew Garrett wrote: > On Thu, Mar 14, 2019 at 2:35 AM Jarkko Sakkinen > wrote: > > > > On Wed, Feb 27, 2019 at 12:26:54PM -0800, Matthew Garrett wrote: > > > Identical to V4, but based on tpmdd-next > > > > This is not found /sys/kernel/security/tpm0/ascii_bios_measurements > > That's expected - the existing kernel TCG2 log code doesn't expose > ascii_bios_measurements, only binary_bios_measurements. This patchset > doesn't change that. Oops, I meant to point out that the binary_bios_measurents is not found (i.e. ascii was a typo). The whole tpm0 directory is missing. I'll try to pinpoint next week where things might go wrong on my system. /Jarkko
Re: Add support for TCG2 log format on UEFI systems
On Thu, Mar 14, 2019 at 2:35 AM Jarkko Sakkinen wrote: > > On Wed, Feb 27, 2019 at 12:26:54PM -0800, Matthew Garrett wrote: > > Identical to V4, but based on tpmdd-next > > This is not found /sys/kernel/security/tpm0/ascii_bios_measurements That's expected - the existing kernel TCG2 log code doesn't expose ascii_bios_measurements, only binary_bios_measurements. This patchset doesn't change that.
Re: Add support for TCG2 log format on UEFI systems
On Wed, Feb 27, 2019 at 12:26:54PM -0800, Matthew Garrett wrote: > Identical to V4, but based on tpmdd-next This is not found /sys/kernel/security/tpm0/ascii_bios_measurements But still [0.00] efi: ACPI 2.0=0x69ca2000 ACPI=0x69ca2000 TPMFinalLog=0x69ce4000 SMBIOS=0x69f63000 SMBIOS 3.0=0x69f62000 ESRT=0x69f3e818 MEMATTR=0x63448018 Tried this with too machines now. I wonder if anyone else has had success... /Jarkko
Add support for TCG2 log format on UEFI systems
Identical to V4, but based on tpmdd-next
