| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9b67baf0-79ee-4156-bb64-1b8ccf073ae9@126.com>
Date: Sat, 12 Jul 2025 10:24:49 +0800
From: Ge Yang <yangge1116@....com>
To: Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@...ux.intel.com>,
James Bottomley <James.Bottomley@...senPartnership.com>, ardb@...nel.org
Cc: jarkko@...nel.org, ilias.apalodimas@...aro.org, jgg@...pe.ca,
linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org, liuzixing@...on.cn
Subject: Re: [PATCH V4] efi/tpm: Fix the issue where the CC platforms event
log header can't be correctly identified
在 2025/7/12 1:01, Sathyanarayanan Kuppuswamy 写道:
>
> On 7/11/25 7:00 AM, James Bottomley wrote:
>> On Tue, 2025-07-08 at 15:54 +0800, yangge1116@....com wrote:
>>> From: Ge Yang <yangge1116@....com>
>>>
>>> Since commit d228814b1913 ("efi/libstub: Add get_event_log() support
>>> for CC platforms") reuses TPM2 support code for the CC platforms,
>>> when launching a TDX virtual machine with coco measurement enabled,
>>> the following error log is generated:
>>>
>>> [Firmware Bug]: Failed to parse event in TPM Final Events Log
>>>
>>> Call Trace:
>>> efi_config_parse_tables()
>>> efi_tpm_eventlog_init()
>>> tpm2_calc_event_log_size()
>>> __calc_tpm2_event_size()
>>>
>>> The pcr_idx value in the Intel TDX log header is 1, causing the
>>> function __calc_tpm2_event_size() to fail to recognize the log
>>> header, ultimately leading to the "Failed to parse event in TPM Final
>>> Events Log" error.
>>>
>>> According to UEFI Specification 2.10, Section 38.4.1: For TDX, TPM
>>> PCR 0 maps to MRTD, so the log header uses TPM PCR 1 instead. To
>>> successfully parse the TDX event log header, the check for a pcr_idx
>>> value of 0 must be skipped.
>>>
>>> According to Table 6 in Section 10.2.1 of the TCG PC Client
>>> Specification, the index field does not require the PCR index to be
>>> fixed at zero. Therefore, skipping the check for a pcr_idx value of
>>> 0 for CC platforms is safe.
>> This is wrong: the spec does not allow a header EV_ACTION to be
>> recorded with anything other than pcrIndex == 0.
>>
>> However, the fact that Intel, who practically wrote the TPM spec, can
>> get this wrong shows that others can too. So the best way to fix this
>> is to remove the pcrIndex check for the first event. There's no danger
>> of this causing problems because we check for the TCG_SPECID_SIG
>> signature as the next thing. That means you don't need to thread
>> knowledge of whether this is a CC environment and we're pre-emptively
>> ready for any other spec violators who misread the spec in the same way
>> Intel did.
>
>
> I agree with James Bottomley's suggestion to remove the pcr_index check
> without adding any replacement checks.
>
> This check was originally introduced in the following commit to handle a
> case where certain Dell platforms provided an event log without a valid
> header:
>
> commit 7dfc06a0f25b593a9f51992f540c0f80a57f3629
> Author: Fabian Vogt <fvogt@...e.de>
> Date: Mon Jun 15 09:16:36 2020 +0200
>
> efi/tpm: Verify event log header before parsing
>
> At first, I was concerned that the pcr_index check might still be
> important for
> this fix. However, after re-reading the commit and reviewing the intent,
> it appears
> that relying on the event_type and digest checks should be sufficient
> for validating
> the event log header.
>
>
>
Thanks to the suggestions from Bottomley and Sathyanarayanan. Now, I'll
submit another version of the patch.
>
>> Regards,
>>
>> James
>>
Powered by blists - more mailing lists