From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web11.17785.1663579078661380584 for ; Mon, 19 Sep 2022 02:17:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=YbROrWnj; spf=pass (domain: redhat.com, ip: 170.10.129.124, mailfrom: imammedo@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1663579077; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tWRFRC2GANRMZtpStuedChhkN/nbROQJx5uJx094m30=; b=YbROrWnjuaokcdFC6RLZF+hWhOdmeqCK1IXv/pu74VwiG3zPtnMjn6pn5uUVSf+A5w51ei ++1J9fpHroZjjhjfmNniweT9QA9J57He1zTwrs9mCcKOdp9yIqC7JrE8XxhlcuFGW0PzeK JQMJHNQuOpDl+1UQZmlIgntSv9+0SQs= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-529-FLQMzWJTPi-9sPSLyT7UMA-1; Mon, 19 Sep 2022 05:17:56 -0400 X-MC-Unique: FLQMzWJTPi-9sPSLyT7UMA-1 Received: by mail-ej1-f69.google.com with SMTP id xc12-20020a170907074c00b007416699ea14so10266535ejb.19 for ; Mon, 19 Sep 2022 02:17:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date; bh=tWRFRC2GANRMZtpStuedChhkN/nbROQJx5uJx094m30=; b=saugA7Kutbn+UKm9dnGm6kkpIwgTFhAFWUfUabksnj6xxXjqQqSNCcJu9vbKjORV8O LPQN4dnSo0gP7kVy0qw+4wttOoAzTpTIEZnGcQ/e+IUWlm2WPG+cBawG7+ln72/MBxyn xif+CExxDMJ+P/9RGM2MGfNYNm1Ln6a8pwmczTIZt6kbW4BDF5iOiAWZ8HUVHUv5vuvb 1C0ZMjgWizmFPSK6ui0pFUw+tTr4Xl7ECd7mR2/9lTqeKNbti2ZDcipvEoofy1euat3D odQ38nQM9S6u/7EeMFsOM614NJYlWtVYwDRFpNqdsSlYoBJxFMCZeGBWShZ3oCSxBRRw XBSQ== X-Gm-Message-State: ACrzQf11xMKNKPoImpYDRmMLWRXOsYu3Yyki4N0IKyDlWXCSdMALVb/r jsXaKNTuMpsR9XzP4gtJDnBnQYNNpMwjvpQo8qPt5UNyN4QJg3XiOVuLKZvB6dJteYlz8BnmsOO TLGjl57hnHbKfqA== X-Received: by 2002:a17:906:4795:b0:781:397:63de with SMTP id cw21-20020a170906479500b00781039763demr5887111ejc.339.1663579074715; Mon, 19 Sep 2022 02:17:54 -0700 (PDT) X-Google-Smtp-Source: AMsMyM55p74gGRbB8iav4A7Vj+/roS0GuUT2hnSghpl6PEnFx8CYlH/rWPv1u6e7xdOvroY3nV3dBg== X-Received: by 2002:a17:906:4795:b0:781:397:63de with SMTP id cw21-20020a170906479500b00781039763demr5887100ejc.339.1663579074486; Mon, 19 Sep 2022 02:17:54 -0700 (PDT) Return-Path: Received: from localhost (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id r6-20020a1709062cc600b007262a5e2204sm15359819ejr.153.2022.09.19.02.17.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Sep 2022 02:17:53 -0700 (PDT) Date: Mon, 19 Sep 2022 11:17:53 +0200 From: "Igor Mammedov" To: "Jason Andryuk" Cc: devel@edk2.groups.io, Stefan Berger Subject: Re: [edk2-devel] TPM2 EventLog EFI vs. ACPI Message-ID: <20220919111753.0d17e87a@redhat.com> In-Reply-To: References: X-Mailer: Claws Mail 4.1.0 (GTK 3.24.34; x86_64-redhat-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Fri, 16 Sep 2022 15:45:38 -0400 "Jason Andryuk" wrote: CCing Stefan as he is probably the best person to talk about qemu impl. of TPM > Hi, > > I've noticed an issue with the TPM2 EventLog. OVMF exposes the TPM > Event Log via EFI and ACPI, but they have different addresses. The > EFI one retrievable by GetEventLog() is populated. The ACPI is empty. > Oh, there are actually two EFI Event Logs for the two formats: > EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 > EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 > > The debug log from the Fedora 36 OVMF shows: > Tcg2GetEventLog (EventLogLocation - 7EEB2000) > which matches the address retrieved with GetEventLog(). > And hexdump-ing the TPM2 ACPI table shows 0x7fbe6000. > > On a different build, I added output for both EFI logs, and the addresses are: > 0x7ec3d000 - EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 > 0x7ec1b000 - EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 > 0x7fbe6000 - ACPI > > The ACPI one is a little more user friendly as its address is > available through the table during runtime. The EFI addresses can > only be grabbed before exiting boot services. > > I think the issue is that the ACPI tables are created from Qemu fw_cfg > data, which allocates memory for the log and places the address in > ACPI tables. Meanwhile, > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c:SetupEventLog() allocates its own > event log memory. SetupEventLog() saves the size and address in > PcdTpm2AcpiTableLaml & PcdTpm2AcpiTableLasa, but nothing puts those > values in the actual ACPI tables. > > It seems like SetupEventLog would be better structured to check > existing ACPI tables and look for a log in a TPM2 section. If found, > use that, otherwise create a new log area. > > The other wrinkle is that the Tcg2 code is keeping two event logs in > the two formats. It seems to me that for TPM2, it would be easier to > just keep only the newer EFI_TCG2_EVENT_LOG_FORMAT_TCG_2. If support > for both is needed, then the EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 one > should share the same region as the ACPI table. > > Regards, > Jason > > > > >