From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web11.10624.1619610437161055186 for ; Wed, 28 Apr 2021 04:47:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=OFA/DMkK; spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1619610436; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1fkZBIiKl7NNhzh3CyXm0oFBp971fMIIhL6bqmHJiRo=; b=OFA/DMkKFC31z5i6kIXEG93faX3c6eerMmrpijFZ/A4SY8vMHyT2nnsWYGKK64xV9O+znJ Mg5dKUDte8TCFKiBU2XrtOuSr2roFwcKMcy9sMC/0uashp4Z7lXew3Sjcma1KRDHgcrFq8 6POgrY79xVejTsoc1BdYLyDoax7Mv9s= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-364-LGxuxk-9MpGTZiOtnXndxA-1; Wed, 28 Apr 2021 07:47:12 -0400 X-MC-Unique: LGxuxk-9MpGTZiOtnXndxA-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 701E980ED91; Wed, 28 Apr 2021 11:47:11 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-114-188.ams2.redhat.com [10.36.114.188]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3000A6E6F5; Wed, 28 Apr 2021 11:47:09 +0000 (UTC) Subject: Re: [edk2-devel] Problem: TPM 2.0 event log by OVMF is shown empty in Linux kernel versions after 5.8 To: James Bottomley , devel@edk2.groups.io, public@thson.de Cc: ardb+tianocore@kernel.org References: <8f68431ac5e7ef1f28037856f92da8327cdfb737.camel@HansenPartnership.com> From: "Laszlo Ersek" Message-ID: Date: Wed, 28 Apr 2021 13:47:09 +0200 MIME-Version: 1.0 In-Reply-To: <8f68431ac5e7ef1f28037856f92da8327cdfb737.camel@HansenPartnership.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 04/27/21 01:44, James Bottomley wrote: > On Mon, 2021-04-26 at 21:56 +0200, Thore Sommer wrote: >> Dear Maintainers, >> >> during my testing with OVMF and swtpm I found out that kernel >> versions newer than 5.8 don't show any information in >> "/sys/kernel/security/tpm0/binary_bios_measurements" if swtpm >> emulates a TPM 2.0 device. The file is still created but is empty. >> The expected result would be that >> "/sys/kernel/security/tpm0/binary_bios_measurements" contains the >> TPM event log. TPM 1.2 devices are not affected. > > I don't confirm this. I have Linux version 5.12.0-rc5+ installed and I > see the attached in my binary_bios_measurements (I've run it through > tpm2-eventlog so you can see the actual events). > >> With the help of git bisect I found out that the breaking kernel >> commit is 85467f63a05c43364ba0b90d0c05bb89191543fa. >> Reverting this on top the 5.12 release restores the expected >> functionality. >> >> Thanks to apalos and leiflindholm on the #edk2 IRC channel for >> helping me with that. >> >> I don't know if this is a bug in OVMF or in the Linux kernel, because >> on a real device with a TPM 2.0 the output was as expected. >> >> Tested with edk2-ovmf 202102, swtpm 0.5.2 and qemu 5.2.0 on Ubuntu >> 20.04. >> >> If further information is needed to resolve this problem, I'd be >> happy to provide them. > > What that commit did was to allow the event log to be provided by the > ACPI table if one existed rather than always defaulting to it being > provided by the EFI configuration table. What I suspect has happened > from this: > >> [ 0.017358] ACPI: Reserving TPM2 table memory at [mem >> 0x7eb77000-0x7eb7704b] > > Is that somehow you've got an empty TPM2 table installed in ACPI but I > don't know how you've done this. On my OVMF boot I'm using the direct > kernel command line and I have secure boot enabled but not activated, > which is why you only see PCRs 0-7 in the log. IIRC the QEMU ACPI linker/loader exposes a TPM2 ACPI table as well; maybe that conflicts with the edk2 TPM2 machinery built into OVMF, somehow. An OVMF log (enabling DEBUG_VERBOSE) might help. Running acpidump + iasl in the guest might help as well (for determining some inconsistency). My gut feeling is that it's a fight between QEMU's ACPI generator and the edk2 TPM infrastructure, over the ownership of the TPM-related ACPI table(s). Laszlo