[v5,3/3] tpm: get tpm event log from bloblist

Message ID	20250114152022.933662-3-raymond.mao@linaro.org
State	Superseded
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: Raymond Mao <raymond.mao@linaro.org> To: u-boot@lists.denx.de Cc: Raymond Mao <raymond.mao@linaro.org>, Tom Rini <trini@konsulko.com>, Ilias Apalodimas <ilias.apalodimas@linaro.org>, Heinrich Schuchardt <xypron.glpk@gmx.de>, Simon Glass <sjg@chromium.org>, Andrew Goodbody <andrew.goodbody@linaro.org>, Dan Carpenter <dan.carpenter@linaro.org>, Levi Yun <yeoreum.yun@arm.com>, Patrick Rudolph <patrick.rudolph@9elements.com>, Evgeny Bachinin <EABachinin@salutedevices.com>, AKASHI Takahiro <akashi.tkhro@gmail.com>, Adriano Cordova <adrianox@gmail.com>, Michal Simek <michal.simek@amd.com>, Caleb Connolly <caleb.connolly@linaro.org>, Tim Harvey <tharvey@gateworks.com>, Masahisa Kojima <kojima.masahisa@socionext.com> Subject: [PATCH v5 3/3] tpm: get tpm event log from bloblist Date: Tue, 14 Jan 2025 07:20:18 -0800 Message-Id: <20250114152022.933662-3-raymond.mao@linaro.org> In-Reply-To: <20250114152022.933662-1-raymond.mao@linaro.org> References: <20250114152022.933662-1-raymond.mao@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	[v5,1/3] bloblist: add api to get blob with size \| expand [v5,1/3] bloblist: add api to get blob with size [v5,2/3] tcg2: decouple eventlog size from efi [v5,3/3] tpm: get tpm event log from bloblist

Message ID

20250114152022.933662-3-raymond.mao@linaro.org

State

Superseded

Delegated to:

Tom Rini

Headers

From: Raymond Mao <raymond.mao@linaro.org>
To: u-boot@lists.denx.de
Cc: Raymond Mao <raymond.mao@linaro.org>, Tom Rini <trini@konsulko.com>,
 Ilias Apalodimas <ilias.apalodimas@linaro.org>,
 Heinrich Schuchardt <xypron.glpk@gmx.de>, Simon Glass <sjg@chromium.org>,
 Andrew Goodbody <andrew.goodbody@linaro.org>,
 Dan Carpenter <dan.carpenter@linaro.org>, Levi Yun <yeoreum.yun@arm.com>,
 Patrick Rudolph <patrick.rudolph@9elements.com>,
 Evgeny Bachinin <EABachinin@salutedevices.com>,
 AKASHI Takahiro <akashi.tkhro@gmail.com>,
 Adriano Cordova <adrianox@gmail.com>, Michal Simek <michal.simek@amd.com>,
 Caleb Connolly <caleb.connolly@linaro.org>,
 Tim Harvey <tharvey@gateworks.com>,
 Masahisa Kojima <kojima.masahisa@socionext.com>
Subject: [PATCH v5 3/3] tpm: get tpm event log from bloblist
Date: Tue, 14 Jan 2025 07:20:18 -0800
Message-Id: <20250114152022.933662-3-raymond.mao@linaro.org>
In-Reply-To: <20250114152022.933662-1-raymond.mao@linaro.org>
References: <20250114152022.933662-1-raymond.mao@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

[v5,1/3] bloblist: add api to get blob with size | expand

Commit Message

Raymond Mao Jan. 14, 2025, 3:20 p.m. UTC

Get tpm event log from bloblist instead of FDT when bloblist is
enabled and valid from previous boot stage.

As a fallback, when no event log from previous stage is observed
and no user buffer is passed, malloc a default buffer to initialize
the event log.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
---
Changes in v2
- Remove patch dependency.
- Remove the fallback to FDT when BLOBLIST is selected.
Changes in v3
- Malloc an 8KB buffer when user eventlog buffer does not exist.
Changes in v4
- Replace the default eventlog size with TPM2_EVENT_LOG_SIZE.
Changes in v5
- Replace TPM2_EVENT_LOG_SIZE with CONFIG_TPM2_EVENT_LOG_SIZE.
- Add an inline TODO comment.

 lib/tpm_tcg2.c | 61 ++++++++++++++++++++++++++++++++++----------------
 1 file changed, 42 insertions(+), 19 deletions(-)

Comments

Simon Glass Jan. 15, 2025, 1:16 a.m. UTC | #1

Hi Raymond,

On Tue, 14 Jan 2025 at 08:20, Raymond Mao <raymond.mao@linaro.org> wrote:
>
> Get tpm event log from bloblist instead of FDT when bloblist is
> enabled and valid from previous boot stage.
>
> As a fallback, when no event log from previous stage is observed
> and no user buffer is passed, malloc a default buffer to initialize
> the event log.
>
> Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
> ---
> Changes in v2
> - Remove patch dependency.
> - Remove the fallback to FDT when BLOBLIST is selected.
> Changes in v3
> - Malloc an 8KB buffer when user eventlog buffer does not exist.
> Changes in v4
> - Replace the default eventlog size with TPM2_EVENT_LOG_SIZE.
> Changes in v5
> - Replace TPM2_EVENT_LOG_SIZE with CONFIG_TPM2_EVENT_LOG_SIZE.
> - Add an inline TODO comment.
>
>  lib/tpm_tcg2.c | 61 ++++++++++++++++++++++++++++++++++----------------
>  1 file changed, 42 insertions(+), 19 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>

nit in case you respin again: -ENODEV is for driver model, when there
is no device. It is actually handling specially by driver model. So
-ENOENT is what I try to use for things that don't exist but aren't
devices.

>
> diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
> index 4134d93a35..2d9076f091 100644
> --- a/lib/tpm_tcg2.c
> +++ b/lib/tpm_tcg2.c
> @@ -5,6 +5,7 @@
>
>  #include <dm.h>
>  #include <dm/of_access.h>
> +#include <malloc.h>
>  #include <tpm_api.h>
>  #include <tpm-common.h>
>  #include <tpm-v2.h>
> @@ -19,6 +20,7 @@
>  #include <linux/unaligned/generic.h>
>  #include <linux/unaligned/le_byteshift.h>
>  #include "tpm-utils.h"
> +#include <bloblist.h>
>
>  int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_bank, u32 *active_bank,
>                       u32 *bank_num)
> @@ -615,15 +617,24 @@ int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog,
>                 elog->found = log.found;
>         }
>
> +       if (elog->found)
> +               return 0;
> +
>         /*
> -        * Initialize the log buffer if no log was discovered and the buffer is
> -        * valid. User's can pass in their own buffer as a fallback if no
> -        * memory region is found.
> +        * Initialize the log buffer if no log was discovered.
> +        * User can pass in their own buffer as a fallback if no memory region
> +        * is found, else malloc a buffer if it does not exist.
>          */
> -       if (!elog->found && elog->log_size)
> -               rc = tcg2_log_init(dev, elog);
> +       if (!elog->log_size) {
> +               elog->log = malloc(CONFIG_TPM2_EVENT_LOG_SIZE);
> +               if (!elog->log)
> +                       return -ENOMEM;
> +
> +               memset(elog->log, 0, CONFIG_TPM2_EVENT_LOG_SIZE);
> +               elog->log_size = CONFIG_TPM2_EVENT_LOG_SIZE;
> +       }
>
> -       return rc;
> +       return tcg2_log_init(dev, elog);
>  }
>
>  int tcg2_measurement_init(struct udevice **dev, struct tcg2_event_log *elog,
> @@ -676,10 +687,25 @@ __weak int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size)
>         const __be32 *size_prop;
>         int asize;
>         int ssize;
> +       struct ofnode_phandle_args args;
> +       phys_addr_t a;
> +       fdt_size_t s;
>
>         *addr = NULL;
>         *size = 0;
>
> +       *addr = bloblist_get_blob(BLOBLISTT_TPM_EVLOG, size);
> +       if (*addr && *size)
> +               return 0;
> +       /*
> +        * TODO:
> +        * replace BLOBLIST with a new kconfig for handoff all components
> +        * (fdt, tpm event log, etc...) from previous boot stage via bloblist
> +        * mandatorily following Firmware Handoff spec.
> +        */
> +       else if (CONFIG_IS_ENABLED(BLOBLIST))
> +               return -ENODEV;
> +
>         addr_prop = dev_read_prop(dev, "tpm_event_log_addr", &asize);
>         if (!addr_prop)
>                 addr_prop = dev_read_prop(dev, "linux,sml-base", &asize);
> @@ -694,22 +720,19 @@ __weak int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size)
>
>                 *addr = map_physmem(a, s, MAP_NOCACHE);
>                 *size = (u32)s;
> -       } else {
> -               struct ofnode_phandle_args args;
> -               phys_addr_t a;
> -               fdt_size_t s;
>
> -               if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0,
> -                                              0, &args))
> -                       return -ENODEV;
> +               return 0;
> +       }
>
> -               a = ofnode_get_addr_size(args.node, "reg", &s);
> -               if (a == FDT_ADDR_T_NONE)
> -                       return -ENOMEM;
> +       if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0, 0, &args))
> +               return -ENODEV;
>
> -               *addr = map_physmem(a, s, MAP_NOCACHE);
> -               *size = (u32)s;
> -       }
> +       a = ofnode_get_addr_size(args.node, "reg", &s);
> +       if (a == FDT_ADDR_T_NONE)
> +               return -ENOMEM;
> +
> +       *addr = map_physmem(a, s, MAP_NOCACHE);
> +       *size = (u32)s;
>
>         return 0;
>  }
> --
> 2.25.1
>

Regards,
SImon

Ilias Apalodimas Jan. 16, 2025, 2:35 p.m. UTC | #2

On Wed, 15 Jan 2025 at 03:17, Simon Glass <sjg@chromium.org> wrote:
>
> Hi Raymond,
>
> On Tue, 14 Jan 2025 at 08:20, Raymond Mao <raymond.mao@linaro.org> wrote:
> >
> > Get tpm event log from bloblist instead of FDT when bloblist is
> > enabled and valid from previous boot stage.
> >
> > As a fallback, when no event log from previous stage is observed
> > and no user buffer is passed, malloc a default buffer to initialize
> > the event log.
> >
> > Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
> > ---
> > Changes in v2
> > - Remove patch dependency.
> > - Remove the fallback to FDT when BLOBLIST is selected.
> > Changes in v3
> > - Malloc an 8KB buffer when user eventlog buffer does not exist.
> > Changes in v4
> > - Replace the default eventlog size with TPM2_EVENT_LOG_SIZE.
> > Changes in v5
> > - Replace TPM2_EVENT_LOG_SIZE with CONFIG_TPM2_EVENT_LOG_SIZE.
> > - Add an inline TODO comment.
> >
> >  lib/tpm_tcg2.c | 61 ++++++++++++++++++++++++++++++++++----------------
> >  1 file changed, 42 insertions(+), 19 deletions(-)
>
> Reviewed-by: Simon Glass <sjg@chromium.org>
>
> nit in case you respin again: -ENODEV is for driver model, when there
> is no device. It is actually handling specially by driver model. So
> -ENOENT is what I try to use for things that don't exist but aren't
> devices.
>

+1,


> >
> > diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
> > index 4134d93a35..2d9076f091 100644
> > --- a/lib/tpm_tcg2.c
> > +++ b/lib/tpm_tcg2.c
> > @@ -5,6 +5,7 @@
> >
> >  #include <dm.h>
> >  #include <dm/of_access.h>
> > +#include <malloc.h>
> >  #include <tpm_api.h>
> >  #include <tpm-common.h>
> >  #include <tpm-v2.h>
> > @@ -19,6 +20,7 @@
> >  #include <linux/unaligned/generic.h>
> >  #include <linux/unaligned/le_byteshift.h>
> >  #include "tpm-utils.h"
> > +#include <bloblist.h>
> >
> >  int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_bank, u32 *active_bank,
> >                       u32 *bank_num)
> > @@ -615,15 +617,24 @@ int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog,
> >                 elog->found = log.found;
> >         }
> >
> > +       if (elog->found)
> > +               return 0;
> > +
> >         /*
> > -        * Initialize the log buffer if no log was discovered and the buffer is
> > -        * valid. User's can pass in their own buffer as a fallback if no
> > -        * memory region is found.
> > +        * Initialize the log buffer if no log was discovered.
> > +        * User can pass in their own buffer as a fallback if no memory region
> > +        * is found, else malloc a buffer if it does not exist.
> >          */
> > -       if (!elog->found && elog->log_size)
> > -               rc = tcg2_log_init(dev, elog);
> > +       if (!elog->log_size) {
> > +               elog->log = malloc(CONFIG_TPM2_EVENT_LOG_SIZE);
> > +               if (!elog->log)
> > +                       return -ENOMEM;
> > +
> > +               memset(elog->log, 0, CONFIG_TPM2_EVENT_LOG_SIZE);
> > +               elog->log_size = CONFIG_TPM2_EVENT_LOG_SIZE;

Why are you doing this? There are 2 ways to pass an EventLog to the
kernel. Either via a config table from EFI, or using sml-base and
sml-size in a DT (which are both required). IOW you will create an
EventLog no one will discover

Cheers
/Ilias


> > +       }
> >
> > -       return rc;
> > +       return tcg2_log_init(dev, elog);
> >  }
> >
> >  int tcg2_measurement_init(struct udevice **dev, struct tcg2_event_log *elog,
> > @@ -676,10 +687,25 @@ __weak int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size)
> >         const __be32 *size_prop;
> >         int asize;
> >         int ssize;
> > +       struct ofnode_phandle_args args;
> > +       phys_addr_t a;
> > +       fdt_size_t s;
> >
> >         *addr = NULL;
> >         *size = 0;
> >
> > +       *addr = bloblist_get_blob(BLOBLISTT_TPM_EVLOG, size);
> > +       if (*addr && *size)
> > +               return 0;
> > +       /*
> > +        * TODO:
> > +        * replace BLOBLIST with a new kconfig for handoff all components
> > +        * (fdt, tpm event log, etc...) from previous boot stage via bloblist
> > +        * mandatorily following Firmware Handoff spec.
> > +        */
> > +       else if (CONFIG_IS_ENABLED(BLOBLIST))
> > +               return -ENODEV;
> > +
> >         addr_prop = dev_read_prop(dev, "tpm_event_log_addr", &asize);
> >         if (!addr_prop)
> >                 addr_prop = dev_read_prop(dev, "linux,sml-base", &asize);
> > @@ -694,22 +720,19 @@ __weak int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size)
> >
> >                 *addr = map_physmem(a, s, MAP_NOCACHE);
> >                 *size = (u32)s;
> > -       } else {
> > -               struct ofnode_phandle_args args;
> > -               phys_addr_t a;
> > -               fdt_size_t s;
> >
> > -               if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0,
> > -                                              0, &args))
> > -                       return -ENODEV;
> > +               return 0;
> > +       }
> >
> > -               a = ofnode_get_addr_size(args.node, "reg", &s);
> > -               if (a == FDT_ADDR_T_NONE)
> > -                       return -ENOMEM;
> > +       if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0, 0, &args))
> > +               return -ENODEV;
> >
> > -               *addr = map_physmem(a, s, MAP_NOCACHE);
> > -               *size = (u32)s;
> > -       }
> > +       a = ofnode_get_addr_size(args.node, "reg", &s);
> > +       if (a == FDT_ADDR_T_NONE)
> > +               return -ENOMEM;
> > +
> > +       *addr = map_physmem(a, s, MAP_NOCACHE);
> > +       *size = (u32)s;
> >
> >         return 0;
> >  }
> > --
> > 2.25.1
> >
>
> Regards,
> SImon

Simon Glass Jan. 18, 2025, 4:31 a.m. UTC | #3

Hi Ilias,

On Thu, 16 Jan 2025 at 07:35, Ilias Apalodimas <ilias.apalodimas@linaro.org>
wrote:
>
> On Wed, 15 Jan 2025 at 03:17, Simon Glass <sjg@chromium.org> wrote:
> >
> > Hi Raymond,
> >
> > On Tue, 14 Jan 2025 at 08:20, Raymond Mao <raymond.mao@linaro.org>
wrote:
> > >
> > > Get tpm event log from bloblist instead of FDT when bloblist is
> > > enabled and valid from previous boot stage.
> > >
> > > As a fallback, when no event log from previous stage is observed
> > > and no user buffer is passed, malloc a default buffer to initialize
> > > the event log.
> > >
> > > Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
> > > ---
> > > Changes in v2
> > > - Remove patch dependency.
> > > - Remove the fallback to FDT when BLOBLIST is selected.
> > > Changes in v3
> > > - Malloc an 8KB buffer when user eventlog buffer does not exist.
> > > Changes in v4
> > > - Replace the default eventlog size with TPM2_EVENT_LOG_SIZE.
> > > Changes in v5
> > > - Replace TPM2_EVENT_LOG_SIZE with CONFIG_TPM2_EVENT_LOG_SIZE.
> > > - Add an inline TODO comment.
> > >
> > >  lib/tpm_tcg2.c | 61
++++++++++++++++++++++++++++++++++----------------
> > >  1 file changed, 42 insertions(+), 19 deletions(-)
> >
> > Reviewed-by: Simon Glass <sjg@chromium.org>
> >
> > nit in case you respin again: -ENODEV is for driver model, when there
> > is no device. It is actually handling specially by driver model. So
> > -ENOENT is what I try to use for things that don't exist but aren't
> > devices.
> >
>
> +1,
>
>
> > >
> > > diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
> > > index 4134d93a35..2d9076f091 100644
> > > --- a/lib/tpm_tcg2.c
> > > +++ b/lib/tpm_tcg2.c
> > > @@ -5,6 +5,7 @@
> > >
> > >  #include <dm.h>
> > >  #include <dm/of_access.h>
> > > +#include <malloc.h>
> > >  #include <tpm_api.h>
> > >  #include <tpm-common.h>
> > >  #include <tpm-v2.h>
> > > @@ -19,6 +20,7 @@
> > >  #include <linux/unaligned/generic.h>
> > >  #include <linux/unaligned/le_byteshift.h>
> > >  #include "tpm-utils.h"
> > > +#include <bloblist.h>
> > >
> > >  int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_bank, u32
*active_bank,
> > >                       u32 *bank_num)
> > > @@ -615,15 +617,24 @@ int tcg2_log_prepare_buffer(struct udevice
*dev, struct tcg2_event_log *elog,
> > >                 elog->found = log.found;
> > >         }
> > >
> > > +       if (elog->found)
> > > +               return 0;
> > > +
> > >         /*
> > > -        * Initialize the log buffer if no log was discovered and the
buffer is
> > > -        * valid. User's can pass in their own buffer as a fallback
if no
> > > -        * memory region is found.
> > > +        * Initialize the log buffer if no log was discovered.
> > > +        * User can pass in their own buffer as a fallback if no
memory region
> > > +        * is found, else malloc a buffer if it does not exist.
> > >          */
> > > -       if (!elog->found && elog->log_size)
> > > -               rc = tcg2_log_init(dev, elog);
> > > +       if (!elog->log_size) {
> > > +               elog->log = malloc(CONFIG_TPM2_EVENT_LOG_SIZE);
> > > +               if (!elog->log)
> > > +                       return -ENOMEM;
> > > +
> > > +               memset(elog->log, 0, CONFIG_TPM2_EVENT_LOG_SIZE);
> > > +               elog->log_size = CONFIG_TPM2_EVENT_LOG_SIZE;
>
> Why are you doing this? There are 2 ways to pass an EventLog to the
> kernel. Either via a config table from EFI, or using sml-base and
> sml-size in a DT (which are both required). IOW you will create an
> EventLog no one will discover

My understanding is that it is still added to those tables (e.g. EFI).
Linux does not see the bloblist structure.

Regards,
Simon

Ilias Apalodimas Jan. 18, 2025, 10:07 a.m. UTC | #4

On Sat, 18 Jan 2025 at 06:31, Simon Glass <sjg@chromium.org> wrote:
>
> Hi Ilias,
>
> On Thu, 16 Jan 2025 at 07:35, Ilias Apalodimas <ilias.apalodimas@linaro.org> wrote:
> >
> > On Wed, 15 Jan 2025 at 03:17, Simon Glass <sjg@chromium.org> wrote:
> > >
> > > Hi Raymond,
> > >
> > > On Tue, 14 Jan 2025 at 08:20, Raymond Mao <raymond.mao@linaro.org> wrote:
> > > >
> > > > Get tpm event log from bloblist instead of FDT when bloblist is
> > > > enabled and valid from previous boot stage.
> > > >
> > > > As a fallback, when no event log from previous stage is observed
> > > > and no user buffer is passed, malloc a default buffer to initialize
> > > > the event log.
> > > >
> > > > Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
> > > > ---
> > > > Changes in v2
> > > > - Remove patch dependency.
> > > > - Remove the fallback to FDT when BLOBLIST is selected.
> > > > Changes in v3
> > > > - Malloc an 8KB buffer when user eventlog buffer does not exist.
> > > > Changes in v4
> > > > - Replace the default eventlog size with TPM2_EVENT_LOG_SIZE.
> > > > Changes in v5
> > > > - Replace TPM2_EVENT_LOG_SIZE with CONFIG_TPM2_EVENT_LOG_SIZE.
> > > > - Add an inline TODO comment.
> > > >
> > > >  lib/tpm_tcg2.c | 61 ++++++++++++++++++++++++++++++++++----------------
> > > >  1 file changed, 42 insertions(+), 19 deletions(-)
> > >
> > > Reviewed-by: Simon Glass <sjg@chromium.org>
> > >
> > > nit in case you respin again: -ENODEV is for driver model, when there
> > > is no device. It is actually handling specially by driver model. So
> > > -ENOENT is what I try to use for things that don't exist but aren't
> > > devices.
> > >
> >
> > +1,
> >
> >
> > > >
> > > > diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
> > > > index 4134d93a35..2d9076f091 100644
> > > > --- a/lib/tpm_tcg2.c
> > > > +++ b/lib/tpm_tcg2.c
> > > > @@ -5,6 +5,7 @@
> > > >
> > > >  #include <dm.h>
> > > >  #include <dm/of_access.h>
> > > > +#include <malloc.h>
> > > >  #include <tpm_api.h>
> > > >  #include <tpm-common.h>
> > > >  #include <tpm-v2.h>
> > > > @@ -19,6 +20,7 @@
> > > >  #include <linux/unaligned/generic.h>
> > > >  #include <linux/unaligned/le_byteshift.h>
> > > >  #include "tpm-utils.h"
> > > > +#include <bloblist.h>
> > > >
> > > >  int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_bank, u32 *active_bank,
> > > >                       u32 *bank_num)
> > > > @@ -615,15 +617,24 @@ int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog,
> > > >                 elog->found = log.found;
> > > >         }
> > > >
> > > > +       if (elog->found)
> > > > +               return 0;
> > > > +
> > > >         /*
> > > > -        * Initialize the log buffer if no log was discovered and the buffer is
> > > > -        * valid. User's can pass in their own buffer as a fallback if no
> > > > -        * memory region is found.
> > > > +        * Initialize the log buffer if no log was discovered.
> > > > +        * User can pass in their own buffer as a fallback if no memory region
> > > > +        * is found, else malloc a buffer if it does not exist.
> > > >          */
> > > > -       if (!elog->found && elog->log_size)
> > > > -               rc = tcg2_log_init(dev, elog);
> > > > +       if (!elog->log_size) {
> > > > +               elog->log = malloc(CONFIG_TPM2_EVENT_LOG_SIZE);
> > > > +               if (!elog->log)
> > > > +                       return -ENOMEM;
> > > > +
> > > > +               memset(elog->log, 0, CONFIG_TPM2_EVENT_LOG_SIZE);
> > > > +               elog->log_size = CONFIG_TPM2_EVENT_LOG_SIZE;
> >
> > Why are you doing this? There are 2 ways to pass an EventLog to the
> > kernel. Either via a config table from EFI, or using sml-base and
> > sml-size in a DT (which are both required). IOW you will create an
> > EventLog no one will discover
>
> My understanding is that it is still added to those tables (e.g. EFI). Linux does not see the bloblist structure.

No that's not what happens.
We either explicitly allocate memory from the EFI subsystem and use
that, or parse the DT and map whatever the DT tells us, If you want to
use malloc for allocating a non-EFI consumed EventLog you have to
inject these values to a DT otherwise the OS won't be able to find it.

>
> Regards,
> Simon

diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
index 4134d93a35..2d9076f091 100644
--- a/lib/tpm_tcg2.c
+++ b/lib/tpm_tcg2.c
@@ -5,6 +5,7 @@ 
 
 #include <dm.h>
 #include <dm/of_access.h>
+#include <malloc.h>
 #include <tpm_api.h>
 #include <tpm-common.h>
 #include <tpm-v2.h>
@@ -19,6 +20,7 @@ 
 #include <linux/unaligned/generic.h>
 #include <linux/unaligned/le_byteshift.h>
 #include "tpm-utils.h"
+#include <bloblist.h>
 
 int tcg2_get_pcr_info(struct udevice *dev, u32 *supported_bank, u32 *active_bank,
 		      u32 *bank_num)
@@ -615,15 +617,24 @@  int tcg2_log_prepare_buffer(struct udevice *dev, struct tcg2_event_log *elog,
 		elog->found = log.found;
 	}
 
+	if (elog->found)
+		return 0;
+
 	/*
-	 * Initialize the log buffer if no log was discovered and the buffer is
-	 * valid. User's can pass in their own buffer as a fallback if no
-	 * memory region is found.
+	 * Initialize the log buffer if no log was discovered.
+	 * User can pass in their own buffer as a fallback if no memory region
+	 * is found, else malloc a buffer if it does not exist.
 	 */
-	if (!elog->found && elog->log_size)
-		rc = tcg2_log_init(dev, elog);
+	if (!elog->log_size) {
+		elog->log = malloc(CONFIG_TPM2_EVENT_LOG_SIZE);
+		if (!elog->log)
+			return -ENOMEM;
+
+		memset(elog->log, 0, CONFIG_TPM2_EVENT_LOG_SIZE);
+		elog->log_size = CONFIG_TPM2_EVENT_LOG_SIZE;
+	}
 
-	return rc;
+	return tcg2_log_init(dev, elog);
 }
 
 int tcg2_measurement_init(struct udevice **dev, struct tcg2_event_log *elog,
@@ -676,10 +687,25 @@  __weak int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size)
 	const __be32 *size_prop;
 	int asize;
 	int ssize;
+	struct ofnode_phandle_args args;
+	phys_addr_t a;
+	fdt_size_t s;
 
 	*addr = NULL;
 	*size = 0;
 
+	*addr = bloblist_get_blob(BLOBLISTT_TPM_EVLOG, size);
+	if (*addr && *size)
+		return 0;
+	/*
+	 * TODO:
+	 * replace BLOBLIST with a new kconfig for handoff all components
+	 * (fdt, tpm event log, etc...) from previous boot stage via bloblist
+	 * mandatorily following Firmware Handoff spec.
+	 */
+	else if (CONFIG_IS_ENABLED(BLOBLIST))
+		return -ENODEV;
+
 	addr_prop = dev_read_prop(dev, "tpm_event_log_addr", &asize);
 	if (!addr_prop)
 		addr_prop = dev_read_prop(dev, "linux,sml-base", &asize);
@@ -694,22 +720,19 @@  __weak int tcg2_platform_get_log(struct udevice *dev, void **addr, u32 *size)
 
 		*addr = map_physmem(a, s, MAP_NOCACHE);
 		*size = (u32)s;
-	} else {
-		struct ofnode_phandle_args args;
-		phys_addr_t a;
-		fdt_size_t s;
 
-		if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0,
-					       0, &args))
-			return -ENODEV;
+		return 0;
+	}
 
-		a = ofnode_get_addr_size(args.node, "reg", &s);
-		if (a == FDT_ADDR_T_NONE)
-			return -ENOMEM;
+	if (dev_read_phandle_with_args(dev, "memory-region", NULL, 0, 0, &args))
+		return -ENODEV;
 
-		*addr = map_physmem(a, s, MAP_NOCACHE);
-		*size = (u32)s;
-	}
+	a = ofnode_get_addr_size(args.node, "reg", &s);
+	if (a == FDT_ADDR_T_NONE)
+		return -ENOMEM;
+
+	*addr = map_physmem(a, s, MAP_NOCACHE);
+	*size = (u32)s;
 
 	return 0;
 }

[v5,3/3] tpm: get tpm event log from bloblist

Commit Message

Comments

Patch