| Message ID | 20250114152022.933662-2-raymond.mao@linaro.org |
|---|---|
| State | Superseded |
| Delegated to: | Tom Rini |
| Headers | show |
| Series | [v5,1/3] bloblist: add api to get blob with size | expand |
On Tue, 14 Jan 2025 at 17:20, Raymond Mao <raymond.mao@linaro.org> wrote: > > Move default eventlog size from efi to tpm for using in both > efi and measured boot. > > Signed-off-by: Raymond Mao <raymond.mao@linaro.org> > --- > Changes in v5 > - Move eventlog size kconfig from EFI to TPM2, so that it can be used by > both EFI and MEASURED_BOOT. > > doc/usage/measured_boot.rst | 1 - > drivers/tpm/Kconfig | 9 +++++++++ > include/efi_tcg2.h | 2 -- > lib/efi_loader/Kconfig | 9 --------- > lib/efi_loader/efi_tcg2.c | 15 ++++++++------- > 5 files changed, 17 insertions(+), 19 deletions(-) > > diff --git a/doc/usage/measured_boot.rst b/doc/usage/measured_boot.rst > index 05c439e9ac..488dd546f1 100644 > --- a/doc/usage/measured_boot.rst > +++ b/doc/usage/measured_boot.rst > @@ -24,7 +24,6 @@ Requirements > > * A hardware TPM 2.0 supported by an enabled U-Boot driver > * CONFIG_EFI_TCG2_PROTOCOL=y > -* CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE=y > * optional CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB=y will measure the loaded DTB > in PCR 1 > > diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig > index d59102d9a6..01bc686d36 100644 > --- a/drivers/tpm/Kconfig > +++ b/drivers/tpm/Kconfig > @@ -209,6 +209,15 @@ config TPM2_MMIO > to the device using the standard TPM Interface Specification (TIS) > protocol. > > +config TPM2_EVENT_LOG_SIZE > + int "EventLog size" > + depends on TPM_V2 > + default 65536 > + help > + Define the size of the EventLog. Note that this is going to be > + allocated twice. One for the eventlog it self and one for the > + configuration table that is required from the TCG2 spec > + > endif # TPM_V2 > > endmenu > diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h > index 8dfb1bc952..7ed8880991 100644 > --- a/include/efi_tcg2.h > +++ b/include/efi_tcg2.h > @@ -28,8 +28,6 @@ > #define EFI_TCG2_MAX_PCR_INDEX 23 > #define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1 > > -#define TPM2_EVENT_LOG_SIZE CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE > - > typedef u32 efi_tcg_event_log_bitmap; > typedef u32 efi_tcg_event_log_format; > typedef u32 efi_tcg_event_algorithm_bitmap; > diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig > index c46ffe3a9d..d703e901ed 100644 > --- a/lib/efi_loader/Kconfig > +++ b/lib/efi_loader/Kconfig > @@ -437,15 +437,6 @@ config EFI_TCG2_PROTOCOL > Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware > of the platform. > > -config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE > - int "EFI_TCG2_PROTOCOL EventLog size" > - depends on EFI_TCG2_PROTOCOL > - default 65536 > - help > - Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that > - this is going to be allocated twice. One for the eventlog it self > - and one for the configuration table that is required from the spec > - > config EFI_TCG2_PROTOCOL_MEASURE_DTB > bool "Measure DTB with EFI_TCG2_PROTOCOL" > depends on EFI_TCG2_PROTOCOL > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c > index a15c73162e..6dba8b1406 100644 > --- a/lib/efi_loader/efi_tcg2.c > +++ b/lib/efi_loader/efi_tcg2.c > @@ -111,7 +111,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type, > /* if ExitBootServices hasn't been called update the normal log */ > if (!event_log.ebs_called) { > if (event_log.truncated || > - event_log.pos + event_size > TPM2_EVENT_LOG_SIZE) { > + event_log.pos + event_size > CONFIG_TPM2_EVENT_LOG_SIZE) { > event_log.truncated = true; > return EFI_VOLUME_FULL; > } > @@ -124,7 +124,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type, > return ret; > > /* if GetEventLog has been called update FinalEventLog as well */ > - if (event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE) > + if (event_log.final_pos + event_size > CONFIG_TPM2_EVENT_LOG_SIZE) > return EFI_VOLUME_FULL; > > log = (void *)((uintptr_t)event_log.final_buffer + event_log.final_pos); > @@ -822,12 +822,12 @@ static efi_status_t create_final_event(void) > * EFI_TCG2_GET_EVENT_LOGS need to be stored in an instance of an > * EFI_CONFIGURATION_TABLE > */ > - ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, TPM2_EVENT_LOG_SIZE, > + ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, CONFIG_TPM2_EVENT_LOG_SIZE, > &event_log.final_buffer); > if (ret != EFI_SUCCESS) > goto out; > > - memset(event_log.final_buffer, 0xff, TPM2_EVENT_LOG_SIZE); > + memset(event_log.final_buffer, 0xff, CONFIG_TPM2_EVENT_LOG_SIZE); > final_event = event_log.final_buffer; > final_event->number_of_events = 0; > final_event->version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION; > @@ -913,7 +913,8 @@ static efi_status_t efi_init_event_log(void) > if (tcg2_platform_get_tpm2(&dev)) > return EFI_DEVICE_ERROR; > > - ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE, > + ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, > + CONFIG_TPM2_EVENT_LOG_SIZE, > (void **)&event_log.buffer); > if (ret != EFI_SUCCESS) > return ret; > @@ -922,7 +923,7 @@ static efi_status_t efi_init_event_log(void) > * initialize log area as 0xff so the OS can easily figure out the > * last log entry > */ > - memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); > + memset(event_log.buffer, 0xff, CONFIG_TPM2_EVENT_LOG_SIZE); > > /* > * The log header is defined to be in SHA1 event log entry format. > @@ -939,7 +940,7 @@ static efi_status_t efi_init_event_log(void) > * platforms can use different ways to do so. > */ > elog.log = event_log.buffer; > - elog.log_size = TPM2_EVENT_LOG_SIZE; > + elog.log_size = CONFIG_TPM2_EVENT_LOG_SIZE; > rc = tcg2_log_prepare_buffer(dev, &elog, false); > if (rc) { > ret = (rc == -ENOBUFS) ? EFI_BUFFER_TOO_SMALL : EFI_DEVICE_ERROR; > -- > 2.25.1 > Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
diff --git a/doc/usage/measured_boot.rst b/doc/usage/measured_boot.rst index 05c439e9ac..488dd546f1 100644 --- a/doc/usage/measured_boot.rst +++ b/doc/usage/measured_boot.rst @@ -24,7 +24,6 @@ Requirements * A hardware TPM 2.0 supported by an enabled U-Boot driver * CONFIG_EFI_TCG2_PROTOCOL=y -* CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE=y * optional CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB=y will measure the loaded DTB in PCR 1 diff --git a/drivers/tpm/Kconfig b/drivers/tpm/Kconfig index d59102d9a6..01bc686d36 100644 --- a/drivers/tpm/Kconfig +++ b/drivers/tpm/Kconfig @@ -209,6 +209,15 @@ config TPM2_MMIO to the device using the standard TPM Interface Specification (TIS) protocol. +config TPM2_EVENT_LOG_SIZE + int "EventLog size" + depends on TPM_V2 + default 65536 + help + Define the size of the EventLog. Note that this is going to be + allocated twice. One for the eventlog it self and one for the + configuration table that is required from the TCG2 spec + endif # TPM_V2 endmenu diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h index 8dfb1bc952..7ed8880991 100644 --- a/include/efi_tcg2.h +++ b/include/efi_tcg2.h @@ -28,8 +28,6 @@ #define EFI_TCG2_MAX_PCR_INDEX 23 #define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1 -#define TPM2_EVENT_LOG_SIZE CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE - typedef u32 efi_tcg_event_log_bitmap; typedef u32 efi_tcg_event_log_format; typedef u32 efi_tcg_event_algorithm_bitmap; diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index c46ffe3a9d..d703e901ed 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -437,15 +437,6 @@ config EFI_TCG2_PROTOCOL Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware of the platform. -config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE - int "EFI_TCG2_PROTOCOL EventLog size" - depends on EFI_TCG2_PROTOCOL - default 65536 - help - Define the size of the EventLog for EFI_TCG2_PROTOCOL. Note that - this is going to be allocated twice. One for the eventlog it self - and one for the configuration table that is required from the spec - config EFI_TCG2_PROTOCOL_MEASURE_DTB bool "Measure DTB with EFI_TCG2_PROTOCOL" depends on EFI_TCG2_PROTOCOL diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index a15c73162e..6dba8b1406 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -111,7 +111,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type, /* if ExitBootServices hasn't been called update the normal log */ if (!event_log.ebs_called) { if (event_log.truncated || - event_log.pos + event_size > TPM2_EVENT_LOG_SIZE) { + event_log.pos + event_size > CONFIG_TPM2_EVENT_LOG_SIZE) { event_log.truncated = true; return EFI_VOLUME_FULL; } @@ -124,7 +124,7 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type, return ret; /* if GetEventLog has been called update FinalEventLog as well */ - if (event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE) + if (event_log.final_pos + event_size > CONFIG_TPM2_EVENT_LOG_SIZE) return EFI_VOLUME_FULL; log = (void *)((uintptr_t)event_log.final_buffer + event_log.final_pos); @@ -822,12 +822,12 @@ static efi_status_t create_final_event(void) * EFI_TCG2_GET_EVENT_LOGS need to be stored in an instance of an * EFI_CONFIGURATION_TABLE */ - ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, TPM2_EVENT_LOG_SIZE, + ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, CONFIG_TPM2_EVENT_LOG_SIZE, &event_log.final_buffer); if (ret != EFI_SUCCESS) goto out; - memset(event_log.final_buffer, 0xff, TPM2_EVENT_LOG_SIZE); + memset(event_log.final_buffer, 0xff, CONFIG_TPM2_EVENT_LOG_SIZE); final_event = event_log.final_buffer; final_event->number_of_events = 0; final_event->version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION; @@ -913,7 +913,8 @@ static efi_status_t efi_init_event_log(void) if (tcg2_platform_get_tpm2(&dev)) return EFI_DEVICE_ERROR; - ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE, + ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, + CONFIG_TPM2_EVENT_LOG_SIZE, (void **)&event_log.buffer); if (ret != EFI_SUCCESS) return ret; @@ -922,7 +923,7 @@ static efi_status_t efi_init_event_log(void) * initialize log area as 0xff so the OS can easily figure out the * last log entry */ - memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE); + memset(event_log.buffer, 0xff, CONFIG_TPM2_EVENT_LOG_SIZE); /* * The log header is defined to be in SHA1 event log entry format. @@ -939,7 +940,7 @@ static efi_status_t efi_init_event_log(void) * platforms can use different ways to do so. */ elog.log = event_log.buffer; - elog.log_size = TPM2_EVENT_LOG_SIZE; + elog.log_size = CONFIG_TPM2_EVENT_LOG_SIZE; rc = tcg2_log_prepare_buffer(dev, &elog, false); if (rc) { ret = (rc == -ENOBUFS) ? EFI_BUFFER_TOO_SMALL : EFI_DEVICE_ERROR;
Move default eventlog size from efi to tpm for using in both efi and measured boot. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> --- Changes in v5 - Move eventlog size kconfig from EFI to TPM2, so that it can be used by both EFI and MEASURED_BOOT. doc/usage/measured_boot.rst | 1 - drivers/tpm/Kconfig | 9 +++++++++ include/efi_tcg2.h | 2 -- lib/efi_loader/Kconfig | 9 --------- lib/efi_loader/efi_tcg2.c | 15 ++++++++------- 5 files changed, 17 insertions(+), 19 deletions(-)