lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aGczaEkhPuOqhRUv@kernel.org>
Date: Fri, 4 Jul 2025 04:50:32 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: yangge1116@....com
Cc: ardb@...nel.org, sathyanarayanan.kuppuswamy@...ux.intel.com,
	ilias.apalodimas@...aro.org, jgg@...pe.ca,
	linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org, liuzixing@...on.cn
Subject: Re: [PATCH] efi/tpm: Fix the issue where the CC platforms event log
 header can't be correctly identified

On Thu, Jul 03, 2025 at 10:38:37AM +0800, yangge1116@....com wrote:
> From: Ge Yang <yangge1116@....com>
> 
> Since commit d228814b1913 ("efi/libstub: Add get_event_log() support
> for CC platforms") reuses TPM2 support code for the CC platforms, when
> launching a TDX virtual machine with coco measurement enabled, the
> following error log is generated:
> 
> [Firmware Bug]: Failed to parse event in TPM Final Events Log
> 
> Call Trace:
> efi_config_parse_tables()
>   efi_tpm_eventlog_init()
>     tpm2_calc_event_log_size()
>       __calc_tpm2_event_size()
> 
> The pcr_idx value in the Intel TDX log header is 1, causing the
> function __calc_tpm2_event_size() to fail to recognize the log header,
> ultimately leading to the "Failed to parse event in TPM Final Events
> Log" error.
> 
> According to UEFI Spec 2.10 Section 38.4.1: For Tdx, TPM PCR 0 maps to
> MRTD, so the log header uses TPM PCR 1. To successfully parse the TDX
> event log header, the check for a pcr_idx value of 0 has been removed
> here, and it appears that this will not affect other functionalities.

I'm not familiar with the original change but with a quick check it did
not change __calc_tpm2_event_size(). Your change is changing semantics
to two types of callers:

1. Those that caused the bug.
2. Those that nothing to do with this bug.

I'm not seeing anything explaining that your change is guaranteed not to
have any consequences to "innocent" callers, which have no relation to
the bug.

> 
> Link: https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html#intel-trust-domain-extension
> Fixes: d228814b1913 ("efi/libstub: Add get_event_log() support for CC platforms")
> Signed-off-by: Ge Yang <yangge1116@....com>
> Cc: stable@...r.kernel.org
> ---
>  include/linux/tpm_eventlog.h | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/include/linux/tpm_eventlog.h b/include/linux/tpm_eventlog.h
> index 891368e..05c0ae5 100644
> --- a/include/linux/tpm_eventlog.h
> +++ b/include/linux/tpm_eventlog.h
> @@ -202,8 +202,7 @@ static __always_inline u32 __calc_tpm2_event_size(struct tcg_pcr_event2_head *ev
>  	event_type = event->event_type;
>  
>  	/* Verify that it's the log header */
> -	if (event_header->pcr_idx != 0 ||
> -	    event_header->event_type != NO_ACTION ||
> +	if (event_header->event_type != NO_ACTION ||
>  	    memcmp(event_header->digest, zero_digest, sizeof(zero_digest))) {
>  		size = 0;
>  		goto out;
> -- 
> 2.7.4
> 

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ