Problem: TPM 2.0 event log by OVMF is shown empty in Linux kernel versions after 5.8

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: Thore Sommer <public@thson.de>
To: devel@edk2.groups.io
Cc: lersek@redhat.com, ardb+tianocore@kernel.org
Subject: Problem: TPM 2.0 event log by OVMF is shown empty in Linux kernel versions after 5.8
Date: Mon, 26 Apr 2021 21:56:37 +0200	[thread overview]
Message-ID: <ef28092c-88a3-0726-b5d7-7b154fd344c1@thson.de> (raw)

Dear Maintainers,

during my testing with OVMF and swtpm I found out that kernel versions 
newer than 5.8 don't show any information in 
"/sys/kernel/security/tpm0/binary_bios_measurements" if swtpm emulates a 
TPM 2.0 device.
The file is still created but is empty.
The expected result would be that 
"/sys/kernel/security/tpm0/binary_bios_measurements" contains the TPM 
event log. TPM 1.2 devices are not affected.

With the help of git bisect I found out that the breaking kernel commit 
is 85467f63a05c43364ba0b90d0c05bb89191543fa.
Reverting this on top the 5.12 release restores the expected functionality.

Thanks to apalos and leiflindholm on the #edk2 IRC channel for helping 
me with that.

I don't know if this is a bug in OVMF or in the Linux kernel, because on 
a real device with a TPM 2.0 the output was as expected.

Tested with edk2-ovmf 202102, swtpm 0.5.2 and qemu 5.2.0 on Ubuntu 20.04.

If further information is needed to resolve this problem, I'd be happy 
to provide them.

Best regards
Thore Sommer

efi and TPM dmesg output
...
[    0.000000] efi: EFI v2.70 by EDK II
[    0.000000] efi: SMBIOS=0x7e9d8000 TPMFinalLog=0x7ebf7000 
ACPI=0x7eb7e000 ACPI 2.0=0x7eb7e014 MEMATTR=0x7da77298 RNG=0x7e9c4a98 
TPMEventLog=0x7da6f018
[    0.000000] efi: seeding entropy pool
[    0.000000] random: fast init done
[    0.000000] SMBIOS 2.8 present.
...
[    0.017241] ACPI: Early table checksum verification disabled
[    0.017275] ACPI: RSDP 0x000000007EB7E014 000024 (v02 BOCHS )
[    0.017284] ACPI: XSDT 0x000000007EB7D0E8 000054 (v01 BOCHS  BXPCFACP 
00000001      01000013)
[    0.017295] ACPI: FACP 0x000000007EB79000 0000F4 (v03 BOCHS  BXPCFACP 
00000001 BXPC 00000001)
[    0.017308] ACPI: DSDT 0x000000007EB7A000 0021C8 (v01 BOCHS  BXPCDSDT 
00000001 BXPC 00000001)
[    0.017321] ACPI: FACS 0x000000007EBC5000 000040
[    0.017326] ACPI: APIC 0x000000007EB78000 000088 (v01 BOCHS  BXPCAPIC 
00000001 BXPC 00000001)
[    0.017333] ACPI: TPM2 0x000000007EB77000 00004C (v04 BOCHS  BXPCTPM2 
00000001 BXPC 00000001)
[    0.017338] ACPI: MCFG 0x000000007EB76000 00003C (v01 BOCHS  BXPCMCFG 
00000001 BXPC 00000001)
[    0.017343] ACPI: WAET 0x000000007EB75000 000028 (v01 BOCHS  BXPCWAET 
00000001 BXPC 00000001)
[    0.017347] ACPI: BGRT 0x000000007EB74000 000038 (v01 INTEL  EDK2 
00000002      01000013)
[    0.017351] ACPI: Reserving FACP table memory at [mem 
0x7eb79000-0x7eb790f3]
[    0.017354] ACPI: Reserving DSDT table memory at [mem 
0x7eb7a000-0x7eb7c1c7]
[    0.017355] ACPI: Reserving FACS table memory at [mem 
0x7ebc5000-0x7ebc503f]
[    0.017356] ACPI: Reserving APIC table memory at [mem 
0x7eb78000-0x7eb78087]
[    0.017358] ACPI: Reserving TPM2 table memory at [mem 
0x7eb77000-0x7eb7704b]
[    0.017359] ACPI: Reserving MCFG table memory at [mem 
0x7eb76000-0x7eb7603b]
[    0.017360] ACPI: Reserving WAET table memory at [mem 
0x7eb75000-0x7eb75027]
[    0.017361] ACPI: Reserving BGRT table memory at [mem 
0x7eb74000-0x7eb74037]
[    0.017390] ACPI: Local APIC address 0xfee00000

next             reply	other threads:[~2021-04-26 19:57 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-26 19:56 Thore Sommer [this message]
2021-04-26 23:44 ` [edk2-devel] Problem: TPM 2.0 event log by OVMF is shown empty in Linux kernel versions after 5.8 James Bottomley
2021-04-27  7:40   ` Thore Sommer
2021-04-27 14:00     ` Lendacky, Thomas
2021-04-27 15:35       ` Thore Sommer
2021-04-27 16:28       ` James Bottomley
2021-04-28 11:47   ` Laszlo Ersek
2021-04-28 14:56     ` Thore Sommer
2021-04-28 17:19       ` James Bottomley
2021-04-28 20:31         ` Thore Sommer
2021-04-28 22:03         ` James Bottomley
2021-04-29  8:20           ` Thore Sommer
2021-04-29  9:43           ` Thore Sommer
2021-04-30 15:51             ` Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ef28092c-88a3-0726-b5d7-7b154fd344c1@thson.de \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox