Re: [PATCH v2 6/6] ibmvtpm: Add support for trusted boot using a vTPM 2.0

[Daniel Kiper]

On Tue, Dec 13, 2022 at 01:18:34PM -0500, Stefan Berger wrote:
> On 12/13/22 11:35, Daniel Kiper wrote:
> > On Thu, Dec 01, 2022 at 04:12:01PM -0500, Stefan Berger wrote:
> > > Add support for trusted boot using a vTPM 2.0 on the IBM IEEE1275
> > > PowerPC platform. With this patch grub now measures text and binary data
> > > into the TPM's PCRs 8 and 9 in the same way as the x86_64 platform
> > > does.
> > > +}
> > > +
> > > +grub_err_t
> > > +grub_tpm_measure (unsigned char *buf, grub_size_t size, grub_uint8_t pcr,
> > > +           const char *description)
> > > +{
> > > +  grub_err_t err = tpm_init ();
> >
> > This should happen on module load. Then code in tpm_init() and here should
> > be much simpler.
>
> I tried moving this into GRUB_MOD_INIT() but at that point it doesn't
> succeed to find the device it seems. I have to repeat the tpm_init ()
> call then later on in this function here when an actual measurement is
> to be done and then it is able to find the device. I'd rather leave it
> as-is now.

Hmmm... It looks like a bug in a firmware or initial TPM communication
fails/timeouts for some reason. Do not you loose some initial
measurements this way? Could you check what will happen when you call
tpm_init() from GRUB_MOD_INIT 10, 50, 100 times?

> It looked like this:
>
> GRUB_MOD_INIT (ibmvtpm)
> {
>   init_success = tpm_init ();
> }
>
> GRUB_MOD_FINI (ibmvtpm)
> {
>   if (tpm_ihandle != IEEE1275_IHANDLE_INVALID)
>     grub_ieee1275_close (tpm_ihandle);
> }

LGTM... Weird...

Daniel