Hi Simon, Ilias,
On Wed, 14 Jul 2021 at 23:50, Simon Glass sjg@chromium.org wrote:
Hi Masahisa,
On Mon, 12 Jul 2021 at 02:40, Masahisa Kojima masahisa.kojima@linaro.org wrote:
Hi Simon,
On Sun, 11 Jul 2021 at 09:01, Simon Glass sjg@chromium.org wrote:
Hi Masahisa,
On Wed, 7 Jul 2021 at 20:21, Masahisa Kojima masahisa.kojima@linaro.org wrote:
On Wed, 7 Jul 2021 at 22:47, Heinrich Schuchardt xypron.glpk@gmx.de wrote:
On 7/7/21 3:36 PM, Masahisa Kojima wrote:
This is a preperation to add eventlog support described in TCG PC Client PFP spec.
Signed-off-by: Masahisa Kojima masahisa.kojima@linaro.org
lib/efi_loader/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index b2ab48a048..a87bf3cc98 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -327,7 +327,7 @@ config EFI_TCG2_PROTOCOL config EFI_TCG2_PROTOCOL_EVENTLOG_SIZE int "EFI_TCG2_PROTOCOL EventLog size" depends on EFI_TCG2_PROTOCOL
default 4096
default 16384I found this text in EDK II:
Minimum length(in bytes) of the system preboot TCG event log area(LAML)
For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB. (SecurityPkg/SecurityPkg.dec)
Thank you for your feedback. I have not checked this. TCG spec also says "The Log Area Minimum Length for the TCG event log MUST be at least 64KB." in ACPI chapter. I will update to set 64KB as default.
Is this the same as the BLOBLISTT_TPM2_TCG_LOG thing? If so, can we put this in the bloblist? We want to avoid adding code in EFI which is in U-Boot.
I think bloblist is used for data passing from SPL/TPL to u-boot.
It can also be used to place things in memory that end up accessed by Linux, e.g. ACPI tables. So I think it fits.
I understand bloblist can be used for eventlog, I will check further.
Is your comment saying that the eventlog generated in u-boot(done in efi_tcg2.c with this patch series) should be appended into the buffer pointed by BLOBLISTT_TPM2_TCG_LOG blob?
I suppose so, but this logic should be implemented in the TPM layer I think, not just in EFI. Otherwise we end up with another parallel implementation.
Current u-boot/lib/efi_loader/efi_tcg2.c includes the code not directly related to EFI. I would like to suggest to divide u-boot/lib/efi_loader/efi_tcg2.c into two files.
1) u-boot/lib/efi_loader/efi_tcg2.c This file implements the EFI interfaces required in TCG EFI Protocol Specification(https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/).
2) u-boot/lib/tcg2.c(new file) This file implements the functionality required in TCG PC Client Platform Firmware Profile Specification(https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmw...). This file contains the common functions to extend eventlog and PCRs, etc.
In addition, this is different topic, I found some tpm related files under u-boot/lib directory, I think it better to have new directory like "tcg" and move tpm related files such as tpm_api.c, tpm-v2.c and tpm-common.c into lib/tcg(new directory).
Thanks, Masahisa Kojima
Regards, Simon