Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v5] tpm: Parse event log from TPM2 ACPI table
@ 2019-09-03 18:52 Jordan Hand
  2019-09-07 17:28 ` Jarkko Sakkinen
  0 siblings, 1 reply; 2+ messages in thread
From: Jordan Hand @ 2019-09-03 18:52 UTC (permalink / raw)
  To: jarkko.sakkinen
  Cc: Jordan Hand, Peter Huewe, Jason Gunthorpe, Arnd Bergmann,
	Greg Kroah-Hartman, Thomas Gleixner, Allison Randal,
	linux-integrity, linux-kernel

For systems with a TPM2 chip which use ACPI to expose event logs,
retrieve the crypto-agile event log from the TPM2 ACPI table. The TPM2
table is defined in section 7.3 of the TCG ACPI Specification (see link).

The TPM2 table is used by SeaBIOS in place of the TCPA table when the
system's TPM is version 2.0 to denote (among other metadata) the location
of the crypto-agile log.

Link: https://trustedcomputinggroup.org/resource/tcg-acpi-specification/
Signed-off-by: Jordan Hand <jorhand@linux.microsoft.com>
---

Notes:
    Changelog v2:
    - Fix compile error
    
    Changelog v3:
    - Fix commit message to be more specific and remove inconsistencies.
    - Remove acpi_tpm2 struct from earlier versions, use existing
    acpi_tpm2_trailer instead
    
    Changelog v4:
    - Address kbuild bot build errors
    - Add changelog for all earlier versions

 drivers/char/tpm/eventlog/acpi.c | 58 +++++++++++++++++++++-----------
 1 file changed, 39 insertions(+), 19 deletions(-)

diff --git a/drivers/char/tpm/eventlog/acpi.c b/drivers/char/tpm/eventlog/acpi.c
index 63ada5e53f13..09059c1623fd 100644
--- a/drivers/char/tpm/eventlog/acpi.c
+++ b/drivers/char/tpm/eventlog/acpi.c
@@ -44,14 +44,16 @@ struct acpi_tcpa {
 /* read binary bios log */
 int tpm_read_log_acpi(struct tpm_chip *chip)
 {
-	struct acpi_tcpa *buff;
+	struct acpi_table_header *buff;
+	struct acpi_tcpa *tcpa;
+	struct acpi_tpm2_trailer *tpm2_trailer;
 	acpi_status status;
 	void __iomem *virt;
 	u64 len, start;
+	int log_type;
 	struct tpm_bios_log *log;
-
-	if (chip->flags & TPM_CHIP_FLAG_TPM2)
-		return -ENODEV;
+	bool is_tpm2 = chip->flags & TPM_CHIP_FLAG_TPM2;
+	acpi_string table_sig;
 
 	log = &chip->log;
 
@@ -61,26 +63,44 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
 	if (!chip->acpi_dev_handle)
 		return -ENODEV;
 
-	/* Find TCPA entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
-	status = acpi_get_table(ACPI_SIG_TCPA, 1,
-				(struct acpi_table_header **)&buff);
+	/* Find TCPA or TPM2 entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
+	table_sig = is_tpm2 ? ACPI_SIG_TPM2 : ACPI_SIG_TCPA;
+	status = acpi_get_table(table_sig, 1, &buff);
 
 	if (ACPI_FAILURE(status))
 		return -ENODEV;
 
-	switch(buff->platform_class) {
-	case BIOS_SERVER:
-		len = buff->server.log_max_len;
-		start = buff->server.log_start_addr;
-		break;
-	case BIOS_CLIENT:
-	default:
-		len = buff->client.log_max_len;
-		start = buff->client.log_start_addr;
-		break;
+	if (!is_tpm2) {
+		tcpa = (struct acpi_tcpa *)buff;
+		switch (tcpa->platform_class) {
+		case BIOS_SERVER:
+			len = tcpa->server.log_max_len;
+			start = tcpa->server.log_start_addr;
+			break;
+		case BIOS_CLIENT:
+		default:
+			len = tcpa->client.log_max_len;
+			start = tcpa->client.log_start_addr;
+			break;
+		}
+		log_type = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
+	} else if (buff->length ==
+		   sizeof(struct acpi_table_tpm2) +
+		   sizeof(struct acpi_tpm2_trailer)) {
+		tpm2_trailer =
+		    (struct acpi_tpm2_trailer *)((char *)buff +
+						 sizeof(struct acpi_table_tpm2));
+
+		len = tpm2_trailer->minimum_log_length;
+		start = tpm2_trailer->log_address;
+		log_type = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
+	} else {
+		return -ENODEV;
 	}
+
 	if (!len) {
-		dev_warn(&chip->dev, "%s: TCPA log area empty\n", __func__);
+		dev_warn(&chip->dev, "%s: %s log area empty\n",
+			 __func__, table_sig);
 		return -EIO;
 	}
 
@@ -98,7 +118,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
 	memcpy_fromio(log->bios_event_log, virt, len);
 
 	acpi_os_unmap_iomem(virt, len);
-	return EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
+	return log_type;
 
 err:
 	kfree(log->bios_event_log);
-- 
2.17.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH v5] tpm: Parse event log from TPM2 ACPI table
  2019-09-03 18:52 [PATCH v5] tpm: Parse event log from TPM2 ACPI table Jordan Hand
@ 2019-09-07 17:28 ` Jarkko Sakkinen
  0 siblings, 0 replies; 2+ messages in thread
From: Jarkko Sakkinen @ 2019-09-07 17:28 UTC (permalink / raw)
  To: Jordan Hand
  Cc: Peter Huewe, Jason Gunthorpe, Arnd Bergmann, Greg Kroah-Hartman,
	Thomas Gleixner, Allison Randal, linux-integrity, linux-kernel

On Tue, 2019-09-03 at 11:52 -0700, Jordan Hand wrote:
> For systems with a TPM2 chip which use ACPI to expose event logs,
> retrieve the crypto-agile event log from the TPM2 ACPI table. The TPM2
> table is defined in section 7.3 of the TCG ACPI Specification (see link).
> 
> The TPM2 table is used by SeaBIOS in place of the TCPA table when the
> system's TPM is version 2.0 to denote (among other metadata) the location
> of the crypto-agile log.
> 
> Link: https://trustedcomputinggroup.org/resource/tcg-acpi-specification/
> Signed-off-by: Jordan Hand <jorhand@linux.microsoft.com>

You should rather rename the existing function as
tpm_read_log_acpi_tcpa() and create a new one with the name
tpm_read_log_acpi_tpm2().

/Jarkko


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-03 18:52 [PATCH v5] tpm: Parse event log from TPM2 ACPI table Jordan Hand
2019-09-07 17:28 ` Jarkko Sakkinen

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org linux-integrity@archiver.kernel.org
	public-inbox-index linux-integrity


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/ public-inbox