TPM2 EventLog EFI vs. ACPI

["Jason Andryuk" <jandryuk@gmail.com>]

Hi,

I've noticed an issue with the TPM2 EventLog.  OVMF exposes the TPM
Event Log via EFI and ACPI, but they have different addresses.  The
EFI one retrievable by GetEventLog() is populated.  The ACPI is empty.
Oh, there are actually two EFI Event Logs for the two formats:
EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
EFI_TCG2_EVENT_LOG_FORMAT_TCG_2

The debug log from the Fedora 36 OVMF shows:
Tcg2GetEventLog (EventLogLocation - 7EEB2000)
which matches the address retrieved with GetEventLog().
And hexdump-ing the TPM2 ACPI table shows 0x7fbe6000.

On a different build, I added output for both EFI logs, and the addresses are:
0x7ec3d000 - EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
0x7ec1b000 - EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
0x7fbe6000 - ACPI

The ACPI one is a little more user friendly as its address is
available through the table during runtime.  The EFI addresses can
only be grabbed before exiting boot services.

I think the issue is that the ACPI tables are created from Qemu fw_cfg
data, which allocates memory for the log and places the address in
ACPI tables.  Meanwhile,
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c:SetupEventLog() allocates its own
event log memory.  SetupEventLog() saves the size and address in
PcdTpm2AcpiTableLaml & PcdTpm2AcpiTableLasa, but nothing puts those
values in the actual ACPI tables.

It seems like SetupEventLog would be better structured to check
existing ACPI tables and look for a log in a TPM2 section.  If found,
use that, otherwise create a new log area.

The other wrinkle is that the Tcg2 code is keeping two event logs in
the two formats.  It seems to me that for TPM2, it would be easier to
just keep only the newer EFI_TCG2_EVENT_LOG_FORMAT_TCG_2.  If support
for both is needed, then the EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 one
should share the same region as the ACPI table.

Regards,
Jason