[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <916fb19b-daf8-4c1b-bc25-f071d2b3ae33@linux.ibm.com>
Date: Mon, 11 Mar 2024 16:33:17 -0400
From: Stefan Berger <stefanb@...ux.ibm.com>
To: Jarkko Sakkinen <jarkko@...nel.org>, mpe@...erman.id.au,
linux-integrity@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org
Cc: linux-kernel@...r.kernel.org, rnsastry@...ux.ibm.com, peterhuewe@....de,
viparash@...ibm.com, devicetree@...r.kernel.org, jsnitsel@...hat.com
Subject: Re: [RFC PATCH v2 3/3] tpm: of: If available use linux,sml-log to get
the log and its size
On 3/11/24 16:25, Jarkko Sakkinen wrote:
> On Mon Mar 11, 2024 at 3:20 PM EET, Stefan Berger wrote:
>> If linux,sml-log is available use it to get the TPM log rather than the
>> pointer found in linux,sml-base. This resolves an issue on PowerVM and KVM
>> on Power where after a kexec the memory pointed to by linux,sml-base may
>> have become inaccessible or corrupted. Also, linux,sml-log has replaced
>> linux,sml-base and linux,sml-size on these two platforms.
>>
>> Keep the handling of linux,sml-base/sml-size for powernv platforms that
>> provide the two properties via skiboot.
>>
>> Fixes: c5df39262dd5 ("drivers/char/tpm: Add securityfs support for event log")
>> Signed-off-by: Stefan Berger <stefanb@...ux.ibm.com>
>
> I'm worried about not being up to date and instead using "cached" values
> when verifying anything from a security chip. Does this guarantee that
> TPM log is corrupted and will not get updated somehow?
What do you mean 'guarantee that TPM log is corrupted'?
The TPM was handed over from the firmware to Linux and the firmware then
freed all memory associated with the log and will then not create a new
log or touch the TPM or do anything that would require an update to the
handed-over log. Linux also does not append to the firmware log. So
whatever we now find in linux,sml-log would be the latest firmware log
and the state of the 'firmware PCRs' computed from it should correspond
to the current state of the 'firmware PCRs'.
>
> BR, Jarkko
>
Powered by blists - more mailing lists