| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGxU2F5WtVZWEgJNwzoWUX0gcq8fe6evnU026R1hHXqCfG2v9w@mail.gmail.com> Date: Tue, 1 Apr 2025 10:58:41 +0200 From: Stefano Garzarella <sgarzare@...hat.com> To: James Bottomley <James.Bottomley@...senpartnership.com>, Dionna Amalie Glaze <dionnaglaze@...gle.com> Cc: Jarkko Sakkinen <jarkko@...nel.org>, linux-kernel@...r.kernel.org, Jason Gunthorpe <jgg@...pe.ca>, Dave Hansen <dave.hansen@...ux.intel.com>, Borislav Petkov <bp@...en8.de>, linux-integrity@...r.kernel.org, Peter Huewe <peterhuewe@....de>, Ingo Molnar <mingo@...hat.com>, linux-coco@...ts.linux.dev, Dov Murik <dovmurik@...ux.ibm.com>, Thomas Gleixner <tglx@...utronix.de>, Joerg Roedel <jroedel@...e.de>, x86@...nel.org, Tom Lendacky <thomas.lendacky@....com>, Claudio Carvalho <cclaudio@...ux.ibm.com>, "H. Peter Anvin" <hpa@...or.com> Subject: Re: [PATCH v5 3/4] tpm: add SNP SVSM vTPM driver On Tue, 1 Apr 2025 at 00:59, James Bottomley <James.Bottomley@...senpartnership.com> wrote: > > On Mon, 2025-03-31 at 15:23 -0700, Dionna Amalie Glaze wrote: > > On Mon, Mar 31, 2025 at 2:26 PM James Bottomley > > <James.Bottomley@...senpartnership.com> wrote: > > > > > > On Mon, 2025-03-31 at 13:56 -0700, Dionna Amalie Glaze wrote: > > > [...] > > > > I might be unclear on how I should be testing this, but I do see > > > > /dev/tpm0 and /dev/tpmrm0 when I build with CONFIG_TCG_SVSM=y, > > > > but I don't see the event log in securityfs. What am I missing? > > > > > > The vtpm driver for EDK2/OVMF I suspect ... without that the UEFI > > > won't lay down and event log for the kernel to pick up. > > > > This test is with Oliver's PR > > https://github.com/tianocore/edk2/pull/6527 > > Well, since the event log is searched for in tpm_chip_register(), I > really don't think it can be the kernel driver. Best guess is there's > something wrong with that patch set (or the vTPM didn't activate in > OVMF for some reason). Yep, I also think it should be something in edk2. I'm using edk2 from https://github.com/coconut-svsm/edk2/pull/62 which should contain the commits from that PR + a fix not yet merged upstream. I'm building it with: build -a X64 -b DEBUG -t GCC5 -DTPM2_ENABLE \ --pcd PcdUninstallMemAttrProtocol=TRUE -p OvmfPkg/OvmfPkgX64.dsc And in Linux I see the devices and the event log: # ls /dev/tpm* /dev/tpm0 /dev/tpmrm0 # ls /sys/kernel/security/tpm0/ binary_bios_measurements # tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements --- version: 1 events: - EventNum: 0 PCRIndex: 0 EventType: EV_NO_ACTION Digest: "0000000000000000000000000000000000000000" EventSize: 37 ... If I remove `-DTPM2_ENABLE` when building edk2, I can still see the /dev/tpm* devices (of course), but I can't see the event log anymore. And also most PCRs are 0 (unlike when I have tpm driver enabled in edk2). Thanks, Stefano
Powered by blists - more mailing lists