Hi Simon, On Fri, 29 Dec 2023 at 07:36, Simon Glass <s...@chromium.org> wrote: > > Hi Ilias, > > On Fri, Dec 22, 2023 at 12:02 PM Ilias Apalodimas > <ilias.apalodi...@linaro.org> wrote: > > > > Hi Simon > > > > I'll respond to the rest more thoroughly but I since I caught this early, > > > > [...] > > > > > > > > 5. Avoid calling efi_allocate_pages() and efi_allocate_pool() outside > > > boot-time services. This solves the problem 6. If memory is needed by > > > an app, allocate it with malloc() and see 3. There are only two > > > efi_allocate_pages() (smbios and efi_runtime). There are more calls of > > > efi_allocate_pool(), but most of these seem easy to fix up. For > > > example, efi_init_event_log() allocates a buffer, but this can be > > > allocated in normal malloc() space or in a bloblist. > > > > The TCG event log is only valid in the EFI world and is described by > > the EFI spec extensions [0]. I prefer it to remain as is > > How does that relate to [1] ?
We use that today. The tl;dr is that TF-A measures the early stages, but doesn't have drivers to extend TPM PCRs. Instead, it creates an EventLog which hands over to U-Boot. The TPM subsystem searches for that and if it finds one && PCR0 == 0 replays the EventLog in hardware and copies it over to EFI memory. That being said, I'd much prefer using a bloblist for that EventLog (which also contains information on replaying), over a DT entry that's only described in TF-A docs. But that's a future improvement. > > > > > > > > > 6. Don't worry too much about whether EFI will be used for booting. > > > The cost is likely not that great: use bootstage to measure it as is > > > done for driver model. Try to minmise the cost of its tables, > > > particularly for execution time, but otherwise just rely on the > > > ability to disable EFI_LOADER. > > > > > > – > > > > > > Regards, > > > Simon > > > > [0] > > https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf > > Thanks > > /Ilias > > [1] > https://trustedfirmware-a.readthedocs.io/en/latest/components/measured_boot/event_log.html Cheers /Ilias