From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com [209.85.208.42]) by mx.groups.io with SMTP id smtpd.web10.38.1663357552558808063 for ; Fri, 16 Sep 2022 12:45:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=E9bFeSiR; spf=pass (domain: gmail.com, ip: 209.85.208.42, mailfrom: jandryuk@gmail.com) Received: by mail-ed1-f42.google.com with SMTP id e18so33036463edj.3 for ; Fri, 16 Sep 2022 12:45:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date; bh=oemgji549qvpGBBfIhHsvnspaLmAU/zJTXEqvxFLgN8=; b=E9bFeSiRuWyE2mm9m2l16Wl7BqdyYl7URvy13GlyQrFlMxuchtnlN+3oNMhOLjNET6 JF7t5ZG6ikeAFmxd2brjH9Isktw1qRXu+Um/6t1ZxURkbuubCrda0Thoc5D0b1+Y+fEp eCz5RJ6PcODyAwHF8T16Mqs/krsv0DfXvmtp/EjC6Wei0gEdkhF8Xp3SiqGnW30dIyOa rGCqJGJY7tf7yk2IKbo2xm8pmxJN0xCUVlFwB4GO/ozjhQr3z1DNeC4BH8bBMW3vZPwE 5fnYf2c3a9eZkY6d/6/Y8PLxsx2X679/bly7NSZ8qdvksScE6JwuIFaAXVAgKSqxKRX8 9hKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date; bh=oemgji549qvpGBBfIhHsvnspaLmAU/zJTXEqvxFLgN8=; b=BelpoAUyRf3efmhTIyeWYQZHpkEVq3x6lPTDwUWevkMdM/O2aMx9ZUCjk7c414BpSo D9zNWM/Ee4zwf6BlVJ5prjKy34R9lLRAHFZcPD4pclyiRXkNNLiHQe9YV57VlgUnPxQk AOQxdolRpJ6Km6GXR9EZ28zGtqpt9ySLcrVdS4U1ZZJcCkkfLKF4dg/vpYQraWO6c0QF jpNd6bozNAnS7Sy27E8AGvDlSQa/Kag5XetENyAnrJwLpaQmIOi+ROlDSga7HGJgI8Ci Kunq03I7S00izfxhAjEzpSxmZbHMq/1jY2whBmgvVnj6qCFHmfb7ofclwyMOiJe0PeEI ycSA== X-Gm-Message-State: ACrzQf1WX3R0jpApv6XhaRYi/t+et8WlU8gP8blA3l2TUO/3EmsGSiFG yN6m2hA9s1vaRQPQzKn4Fndp8NtRvWFi8ron7WGavtrN X-Google-Smtp-Source: AMsMyM7qQzVHbppRLeIKyzSxiOh3JW+YITXF9mJAI8NAqjRQr1lqDuQeoBx65V8D0KcvvMqok8T+BqY0SBaIv7iOT70= X-Received: by 2002:a05:6402:40d3:b0:451:5249:d516 with SMTP id z19-20020a05640240d300b004515249d516mr5238564edb.154.1663357550509; Fri, 16 Sep 2022 12:45:50 -0700 (PDT) MIME-Version: 1.0 From: "Jason Andryuk" Date: Fri, 16 Sep 2022 15:45:38 -0400 Message-ID: Subject: TPM2 EventLog EFI vs. ACPI To: devel@edk2.groups.io Content-Type: text/plain; charset="UTF-8" Hi, I've noticed an issue with the TPM2 EventLog. OVMF exposes the TPM Event Log via EFI and ACPI, but they have different addresses. The EFI one retrievable by GetEventLog() is populated. The ACPI is empty. Oh, there are actually two EFI Event Logs for the two formats: EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 The debug log from the Fedora 36 OVMF shows: Tcg2GetEventLog (EventLogLocation - 7EEB2000) which matches the address retrieved with GetEventLog(). And hexdump-ing the TPM2 ACPI table shows 0x7fbe6000. On a different build, I added output for both EFI logs, and the addresses are: 0x7ec3d000 - EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x7ec1b000 - EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x7fbe6000 - ACPI The ACPI one is a little more user friendly as its address is available through the table during runtime. The EFI addresses can only be grabbed before exiting boot services. I think the issue is that the ACPI tables are created from Qemu fw_cfg data, which allocates memory for the log and places the address in ACPI tables. Meanwhile, SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c:SetupEventLog() allocates its own event log memory. SetupEventLog() saves the size and address in PcdTpm2AcpiTableLaml & PcdTpm2AcpiTableLasa, but nothing puts those values in the actual ACPI tables. It seems like SetupEventLog would be better structured to check existing ACPI tables and look for a log in a TPM2 section. If found, use that, otherwise create a new log area. The other wrinkle is that the Tcg2 code is keeping two event logs in the two formats. It seems to me that for TPM2, it would be easier to just keep only the newer EFI_TCG2_EVENT_LOG_FORMAT_TCG_2. If support for both is needed, then the EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 one should share the same region as the ACPI table. Regards, Jason