From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6A4292119F05B for ; Fri, 14 Dec 2018 01:32:36 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 12B4499C4B; Fri, 14 Dec 2018 09:32:36 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-97.rdu2.redhat.com [10.10.120.97]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7D78A662FA; Fri, 14 Dec 2018 09:32:31 +0000 (UTC) To: Matthew Garrett Cc: edk2-devel@lists.01.org, Jiewen Yao , =?UTF-8?Q?Marc-Andr=c3=a9_Lureau?= , Stefan Berger References: <20181213011750.bfzfyhrr4ufsiu6j@srcf.ucam.org> <20181213185502.lytmgkpl5u3flyyp@srcf.ucam.org> From: Laszlo Ersek Message-ID: <4473c61d-6b34-b974-0d42-ec4bd51fb6db@redhat.com> Date: Fri, 14 Dec 2018 10:32:29 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20181213185502.lytmgkpl5u3flyyp@srcf.ucam.org> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Fri, 14 Dec 2018 09:32:36 +0000 (UTC) Subject: Re: Obtaining TCG final events on systems without TCG2 log support X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Dec 2018 09:32:37 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 12/13/18 19:55, Matthew Garrett wrote: > On Thu, Dec 13, 2018 at 01:36:09PM +0100, Laszlo Ersek wrote: > >> (2) EFI_TCG2_FINAL_EVENTS_TABLE is defined with TCG_PCR_EVENT2 entries >> *only*. TCG_PCR_EVENT is not accommodated. >> >> >> That's the contradiction. If a platform is unable to produce >> TCG_PCR_EVENT2 entries in GetEventLog(), it is fairly certainly also >> unable to produce them in the final events table. > > If a platform is unable to produce them in the final events table then > it's violating the spec. The question is why it's made impossible to comply with the spec if the platform only supports the 1.2 format. > If the platform only offers the 1.2 log format > then it seems reasonable to expect that the events in the final events > table would only contain a SHA1, but a TCG_PCR_EVENT2 structure that > only contains SHA1s isn't significantly more complicated than an old > style event. > OK... I guess that can be a valid interpretation. Would you please file a TianoCore BZ ticket about it, as a feature request? - URL: https://bugzilla.tianocore.org - Product: Tianocore Feature Requests - Component: Code - Package: SecurityPkg (I'm assuming this isn't a regression, i.e., it's not the case that the feature used to work, but commit fd46e831bc33 regressed it.) Thanks, Laszlo