From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.3 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 882CBC54E4A for ; Tue, 12 May 2020 12:30:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6319B206F5 for ; Tue, 12 May 2020 12:30:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1589286637; bh=J3dCJ8ubzx0/h11Me5hEiE/dLV/HBQNq47FFE6myQYo=; h=References:In-Reply-To:From:Date:Subject:To:Cc:List-ID:From; b=e2N/isBb4GMDTea+TBp1X4umqz/rRs0HcLe43jmT95799YUKt5vayGmVMJrYzB4VE esA7MA3tqUQYYj0NKlJn+DEfs5nMXfjL0PtOnYxDUiPxPMdUiKF7yoWduy9tidfzBE dOMneN2sWVhQLBEk/1R16Ilh4UBHDQFORXbMlaB4= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728283AbgELMah (ORCPT ); Tue, 12 May 2020 08:30:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:45538 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727859AbgELMag (ORCPT ); Tue, 12 May 2020 08:30:36 -0400 Received: from mail-io1-f46.google.com (mail-io1-f46.google.com [209.85.166.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4E028206F5 for ; Tue, 12 May 2020 12:30:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1589286636; bh=J3dCJ8ubzx0/h11Me5hEiE/dLV/HBQNq47FFE6myQYo=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=PIeLOogVJwtCQyhlqBPFq5HJvWUpJRyaibS4Mluqtzy5Vcn43CugA4gePgdZMuhQe B/EzUmTU6Bz3z4+TYyAX+RdjCNmRWti9fIM6C4+ZeQWBpUASXxksUJNVFm7GlSbjlE Djd+wDwXHrAHtLMWUAHxdAgYQ8bqVV5TjOJ1+Bm8= Received: by mail-io1-f46.google.com with SMTP id i19so13632432ioh.12 for ; Tue, 12 May 2020 05:30:36 -0700 (PDT) X-Gm-Message-State: AGi0PuZvid7jJq5gefOlMBAARn2kYuz1WZJz3BtYmeelCPkI8BMA7jCQ fGk45XVlL28+6vQIUsgJrHv+8bJpNxKc9pgf4wc= X-Google-Smtp-Source: APiQypLuYgpL+sZ3x5KoQ/eLalULDNGCbngRq9Pk8CHwSeG+fqpBv/4gSUl1val8Y70Ee2N2VCyJJEVv6wfWoPXWP0k= X-Received: by 2002:a5e:8705:: with SMTP id y5mr7771528ioj.142.1589286635753; Tue, 12 May 2020 05:30:35 -0700 (PDT) MIME-Version: 1.0 References: <20200512040113.277768-1-loic.yhuel@gmail.com> In-Reply-To: From: Ard Biesheuvel Date: Tue, 12 May 2020 14:30:24 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] tpm: check event log version before reading final events To: =?UTF-8?Q?Lo=C3=AFc_Yhuel?= Cc: linux-integrity@vger.kernel.org, Matthew Garrett , Jarkko Sakkinen , javierm@redhat.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Tue, 12 May 2020 at 13:40, Lo=C3=AFc Yhuel wrote: > > Le mar. 12 mai 2020 =C3=A0 08:45, Ard Biesheuvel a =C3= =A9crit : > > So what functionality do we lose here? Can we still make meaningful > > use of the event log without the final log? I thought one was > > incomplete without the other? > The char driver (drivers/char/tpm/eventlog/efi.c), already ignores > efi.tpm_final_log > if the event log version isn't EFI_TCG2_EVENT_LOG_FORMAT_TCG_2. > So there currently no code making use of the final log contents on > those machines, > besides the two cases I patched which only try to determine its size. > Ah ok, thanks for clarifying. If we never consume it anyway, then I agree this is the correct fix. > I don't know if the table contains bad data, or just doesn't follow > the specification > and uses the older SHA-1 log format. If this is the case, perhaps we > could try to > support it, and modify the code to allow returning the additional > events it might > contain to the userspace.