[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <7241153a-626d-4ea5-ab9e-d6842b662064@linux.intel.com>
Date: Mon, 5 Feb 2024 12:13:40 -0800
From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: James Bottomley <James.Bottomley@...senpartnership.com>,
linux-kernel@...r.kernel.org, linux-efi@...r.kernel.org,
"Yao, Jiewen" <jiewen.yao@...el.com>, "Lu, Ken" <ken.lu@...el.com>
Subject: Re: [PATCH v1] efi/libstub: Add Confidential Computing (CC)
measurement support
On 2/4/24 2:03 PM, Ard Biesheuvel wrote:
> On Sun, 4 Feb 2024 at 21:28, Kuppuswamy Sathyanarayanan
> <sathyanarayanan.kuppuswamy@...ux.intel.com> wrote:
>> +Jiewen & Ken (RTMR firmware owner)
>>
>> On 2/3/24 10:46 PM, James Bottomley wrote:
>>> On Sat, 2024-02-03 at 07:57 +0000, Kuppuswamy Sathyanarayanan wrote:
>>>> If the virtual firmware implements TPM support, TCG2 protocol will be
>>>> used for kernel measurements and event logging support. But in CC
>>>> environment, not all platforms support or enable the TPM feature.
>>>> UEFI specification [1] exposes protocol and interfaces used for
>>>> kernel measurements in CC platforms without TPM support.
>>>>
>>>> Currently, the efi-stub only supports the kernel related measurements
>>>> for the platform that supports TCG2 protocol. So, extend it add
>>>> CC measurement protocol (EFI_CC_MEASUREMENT_PROTOCOL) and event
>>>> logging support. Event logging format in the CC environment is the
>>>> same as TCG2.
>>> Why do we have to do this anymore? Given that you're already pushing
>>> patches that map RTMRs to TPM PCRs:
>>>
>>> https://lore.kernel.org/lkml/20240128212532.2754325-4-sameo@rivosinc.com/
>> IMHO, I am not sure whether we need this mapping support . I have already
>> mentioned the same comment in [1]. If we support extension and logging
>> via configFS ABI, why again support PCR mapping?
>>
>> https://lore.kernel.org/lkml/2bd7c80b-9cd8-4450-a410-c3739d224167@linux.intel.com/ [1]
>>
>>> Can't you just add a stub TCG2 driver to EFI that exposes only the
>>> ability to log and measure using this mapping? That way all our
>>> existing code will "just work" without the need to understand anything
>>> about confidential computing or add new code to do the measurement?
>> I am not familiar with the EFI implementation, but I think a new protocol
>> is added to handle future CC extensions (which could deviate from
>> TCG2) and to support platforms that does not support or enable TPM
>> feature. So modifying the TCG2 driver in EFI may not work for the
>> above-mentioned cases. I think the EFI driver part of this support
>> is already merged.
>>
>> Jiewen/Ken may have more comments about this proposal.
>>
> I don't think it is sufficient to wire up the CC protocol here. There
> is more code in drivers/firmware/efi/libstub/tpm.c that deals with the
> event log.
>
> Given that the EFI CC protocol was specifically designed to act as a
> substitute for the TCG2 protocol, I would expect all occurrences of
> TCG2 protocol invocations to be handled accordingly.
>
> So I think the approach here should be to provide a local wrapper
> around get_event_log() and hash_log_extend_event() that is backed by
> either the TCG2 protocol of the EFI cc protocol, and all current
> callers invoke this wrapper rather than the TCG2 protocol directly.
Ah, I missed that part. Thanks for pointing out. I will fix this in
next version.
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
Powered by blists - more mailing lists