Re: [Qemu-devel] TPM status

[Stefan Berger]

On 06/29/2017 10:07 AM, Javier Martinez Canillas wrote:
> Hello Stefan,
>
> On 06/28/2017 10:57 PM, Stefan Berger wrote:
> > On 06/28/2017 12:44 PM, Laszlo Ersek wrote:
> > > On 06/28/17 17:22, Peter Jones wrote:
> > > > On Tue, Jun 27, 2017 at 12:12:50PM -0400, Stefan Berger wrote:
> [snip]
>
> > > > > To support measurements logs to be written by the firmware, e.g.
> > > > > SeaBIOS, a TCPA table is implemented. This table provides a 64kb
> > > > > buffer where the firmware can write its log into.
> > > > How does this work if we boot with edk2?
> > > My expectation is that it doesn't work at all, without doing some OVMF
> > > platform enablement first. (See
> > > <https://bugzilla.tianocore.org/show_bug.cgi?id=594>.) My plan is to use
> > > Stefan's document as a starting point for the edk2 / OVMF investigation
> > > -- one known and one unknown are better than two unknowns (to me).
> > > > Do we get what's described in
> > > > https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf
> > > > instead of this interface?  As well as it?  It'd be good to have some
> > > > text about this here.
> > > I don't think that Stefan has spent any time on EFI enablement, so this
> > > part of the document will have to be written later, once there is any
> > > EFI-related functionality we can document. (I expect.)
> > Right, I did not spend any time on EFI. I suppose the ACPI tables going to a 
> > BIOS are also useful for EFI.
> >
> > For BIOS there is unfortunately only a spec for TPM 1.2, none anymore for
> > TPM2, at least back then when I last looked for it. So I ended up passing
> > that TCPA table that has the pointer for the logging area also in case of
> > a TPM 2. So SeaBIOS writes its log to it in both cases, following the TPM 2
> But this isn't correct from a TPM2 pov, right? Because the TPM2 spec says
> that the ACPI table that contains the TPM2.0 event logs is the TPM2 table.

The problem is the lack of specs for BIOS to support TPM. I don't see 
how the TPM2 could hold the log pointer. I am looking at section 7.3 in 
this document here:

https://www.trustedcomputinggroup.org/wp-content/uploads/TCG_ACPIGeneralSpecification_1-10_0-37-Published.pdf


> So instead the LASA field in the passed TPM2 ACPI table should point to the
> allocated buffer used by the firmware to store the event logs.

I only see LAML and LASA for TCPA ACPI table (sections 7.1.2 & 7.2.2),  
which seems to only be valid for TPM 1.2.


> > format form the EFI specs for the entries. The Linux driver in the meantime
> > has modified the code so  that it doesn't show the log anymore in case of
> > TPM 2 :-( . I think the above referenced specs would explain how the logging
> Do you mean that in the past Linux exposed the securityfs files with the event
> logs for TPM2 chips as well? My understanding is that Linux does the correct
> thing now, since as mentioned the TCPA table should only be used for TPM1.2.

There may have been a version or two of the driver that did that, yes.

This version has this check:

http://elixir.free-electrons.com/linux/v4.11.8/source/drivers/char/tpm/tpm_acpi.c#L57

This version does not have this check:

http://elixir.free-electrons.com/linux/v4.10.17/source/drivers/char/tpm/tpm_acpi.c



> There are patches posted to add Linux support to read the event logs for TPM2
> chips but from the TPM2 ACPI table. I see that hose haven't landed yet though:
>
> https://patchwork.kernel.org/project/tpmdd-devel/list/?submitter=7143

Aha, so I see this person is following some draft spec that isn't 
referenced via above page, yet.

"Latest draft of TPM 2 ACPI specification added TCG log start/length
to the TPM2 ACPI table.  So Linux kernel can now read it without
having to get involved with boot loader, same way TPM1/TCPA tables
work."

https://patchwork.kernel.org/patch/9651005/

> Best regards,