lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190903182742.rmqthgu6rms3uill@cantor>
Date:   Tue, 3 Sep 2019 11:27:42 -0700
From:   Jerry Snitselaar <jsnitsel@...hat.com>
To:     Jordan Hand <jorhand@...ux.microsoft.com>
Cc:     jarkko.sakkinen@...ux.intel.com, Peter Huewe <peterhuewe@....de>,
        Jason Gunthorpe <jgg@...pe.ca>, Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Allison Randal <allison@...utok.net>,
        linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4] tpm: Parse event log from TPM2 ACPI table

On Fri Aug 30 19, Jordan Hand wrote:
>For systems with a TPM2 chip which use ACPI to expose event logs, retrieve the
>crypto-agile event log from the TPM2 ACPI table. The TPM2 table is defined
>in section 7.3 of the TCG ACPI Specification (see link).
>
>The TPM2 table is used by SeaBIOS in place of the TCPA table when the system's
>TPM is version 2.0 to denote (among other metadata) the location of the
>crypto-agile log.
>
>Link: https://trustedcomputinggroup.org/resource/tcg-acpi-specification/
>Signed-off-by: Jordan Hand <jorhand@...ux.microsoft.com>
>---
> drivers/char/tpm/eventlog/acpi.c | 60 ++++++++++++++++++++++----------
> 1 file changed, 41 insertions(+), 19 deletions(-)
>
>diff --git a/drivers/char/tpm/eventlog/acpi.c b/drivers/char/tpm/eventlog/acpi.c
>index 63ada5e53f13..38a8bcec1dd5 100644
>--- a/drivers/char/tpm/eventlog/acpi.c
>+++ b/drivers/char/tpm/eventlog/acpi.c
>@@ -41,17 +41,23 @@ struct acpi_tcpa {
> 	};
> };
>
>+/* If an event log is present, the TPM2 ACPI table will contain the full
>+ * trailer
>+ */
>+
> /* read binary bios log */
> int tpm_read_log_acpi(struct tpm_chip *chip)
> {
>-	struct acpi_tcpa *buff;
>+	struct acpi_table_header *buff;
>+	struct acpi_tcpa *tcpa;
>+	struct acpi_tpm2_trailer *tpm2_trailer;
> 	acpi_status status;
> 	void __iomem *virt;
> 	u64 len, start;
>+	int log_type;
> 	struct tpm_bios_log *log;
>-
>-	if (chip->flags & TPM_CHIP_FLAG_TPM2)
>-		return -ENODEV;
>+	bool is_tpm2 = chip->flags & TPM_CHIP_FLAG_TPM2;
>+	acpi_string table_sig;
>
> 	log = &chip->log;
>
>@@ -61,26 +67,42 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
> 	if (!chip->acpi_dev_handle)
> 		return -ENODEV;
>
>-	/* Find TCPA entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
>-	status = acpi_get_table(ACPI_SIG_TCPA, 1,
>-				(struct acpi_table_header **)&buff);
>+	/* Find TCPA or TPM2 entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
>+	table_sig = is_tpm2 ? ACPI_SIG_TPM2 : ACPI_SIG_TCPA;
>+	status = acpi_get_table(table_sig, 1, &buff);
>
> 	if (ACPI_FAILURE(status))
> 		return -ENODEV;
>
>-	switch(buff->platform_class) {
>-	case BIOS_SERVER:
>-		len = buff->server.log_max_len;
>-		start = buff->server.log_start_addr;
>-		break;
>-	case BIOS_CLIENT:
>-	default:
>-		len = buff->client.log_max_len;
>-		start = buff->client.log_start_addr;
>-		break;
>+	if (!is_tpm2) {
>+		tcpa = (struct acpi_tcpa *)buff;
>+		switch (tcpa->platform_class) {
>+		case BIOS_SERVER:
>+			len = tcpa->server.log_max_len;
>+			start = tcpa->server.log_start_addr;
>+			break;
>+		case BIOS_CLIENT:
>+		default:
>+			len = tcpa->client.log_max_len;
>+			start = tcpa->client.log_start_addr;
>+			break;
>+		}
>+		log_type = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
>+	} else if (buff->length ==
>+		   sizeof(struct acpi_table_tpm2) +
>+		   sizeof(struct acpi_tpm2_trailer)) {
>+		tpm2_trailer = (struct acpi_tpm2_trailer *)buff;
>+
>+		len = tpm2_trailer.minimum_log_length;
>+		start = tpm2_trailer.log_address;

Are your builds not failing here? Both v3 and v4 have this.

>+		log_type = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
>+	} else {
>+		return -ENODEV;
> 	}
>+
> 	if (!len) {
>-		dev_warn(&chip->dev, "%s: TCPA log area empty\n", __func__);
>+		dev_warn(&chip->dev, "%s: %s log area empty\n",
>+			 __func__, table_sig);
> 		return -EIO;
> 	}
>
>@@ -98,7 +120,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
> 	memcpy_fromio(log->bios_event_log, virt, len);
>
> 	acpi_os_unmap_iomem(virt, len);
>-	return EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
>+	return log_type;
>
> err:
> 	kfree(log->bios_event_log);
>-- 
>2.20.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ