From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jarkko Sakkinen Subject: Re: [PATCH v3 4/5] efi: call get_event_log before ExitBootServices Date: Wed, 18 Oct 2017 18:11:28 +0300 Message-ID: <20171018151128.reuteqhzleztchvr@linux.intel.com> References: <20170929171617.yq4dvn66czvnebns@linux.intel.com> <20171004105113.mcho3rlytaxfruyf@linux.intel.com> <20171010141419.e4uv4fkmcmpc7sdc@linux.intel.com> <20171011115254.2n4zs77ixyl2mdgm@linux.intel.com> <20171016112833.txbg2sm5tjocp6qh@linux.intel.com> <20171016114946.phj3n6vyjdbpj2sj@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Thiebaud Weksteen Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-integrity-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, Ard Biesheuvel , Matt Fleming , linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Matthew Garrett , peterhuewe-Mmb7MZpHnFY@public.gmane.org, Jason Gunthorpe , tpmdd-yWjUBOtONefk1uMJSBkQmQ@public.gmane.org List-Id: tpmdd-devel@lists.sourceforge.net On Tue, Oct 17, 2017 at 10:00:15AM +0200, Thiebaud Weksteen wrote: > On Mon, Oct 16, 2017 at 1:49 PM, Jarkko Sakkinen > wrote: > > On Mon, Oct 16, 2017 at 02:28:33PM +0300, Jarkko Sakkinen wrote: > >> On Wed, Oct 11, 2017 at 02:52:54PM +0300, Jarkko Sakkinen wrote: > >> > On Wed, Oct 11, 2017 at 12:54:26PM +1100, James Morris wrote: > >> > > On Tue, 10 Oct 2017, Jarkko Sakkinen wrote: > >> > > > >> > > > The way I've agreed with James Morris to have my tree is to be rooted to > >> > > > security trees next branch. > >> > > > > >> > > > James, what actions should we take? > >> > > > >> > > This process has changed recently -- I posted to lsm but forgot to post to > >> > > linux-integrity. > >> > > > >> > > http://kernsec.org/pipermail/linux-security-module-archive/2017-September/003356.html > >> > > > >> > > Summary: please track the next-general branch in my tree for your > >> > > development, it replaces 'next'. > >> > > > >> > > > >> > > - James > >> > > -- > >> > > James Morris > >> > > > >> > > >> > Ah I'm subscribed to that list but lately been busy getting a huge patch > >> > set to platform-driver-x86 [1] for review, which has prioritized out > >> > reading much else than linux-integrity. > >> > > >> > Thank you. I'll retry the patches tomorrow. > >> > > >> > /Jarkko > >> > >> Cannot observer binary_bios_measuremens file. > >> > >> What kind of hardware was used to develop/test this? > >> > >> I tried it with Kabylake and PTT (firmware TPM). > >> > >> /Jarkko > > > > My guess would be wrong event log format. > > > > At minimum this patch set should add a klog (info level) message to tell > > that unsupported event log format is being used. > > > > /Jarkko > > This patch was mainly developed and tested on Kabylake with PTT as well. > > It could be a few things. Are you booting with the EFI stub? Is the > TPM enabled within the BIOS? Does tpm_tis get loaded? Does it produce > any log? > If the logs are recovered (but not parsed), you should already see an > entry in the logs like: > > efi: SMBIOS=0x7fed6000 ACPI=0x7ff00000 TPMEventLog=0x..... > > Can you see the TPMEventLog part? > > The issue with extra logging is that the log recovery happens within > the EFI stub phase where limited logging is available (which I think > has been limited to error and fatal message only). > For now, it cannot be a version mismatch as the stub will only request > the version 1.2 format. Thank you for the great tips. I'll retry tomorrow. /Jarkko