* [PATCH v7 0/2] tpm2: Make TPM2 logs accessible for non-UEFI firmware @ 2020-06-25 21:49 Stefan Berger 2020-06-25 21:49 ` [PATCH v7 1/2] acpi: Extend TPM2 ACPI table with missing log fields Stefan Berger 2020-06-25 21:50 ` [PATCH v7 2/2] tpm: Add support for event log pointer found in TPM2 ACPI table Stefan Berger 0 siblings, 2 replies; 4+ messages in thread From: Stefan Berger @ 2020-06-25 21:49 UTC (permalink / raw) To: linux-integrity, linux-kernel, jarkko.sakkinen, linux-acpi, linux-security-module Cc: Stefan Berger From: Stefan Berger <stefanb@linux.ibm.com> This series of patches adds an optional extensions for the TPM2 ACPI table with additional fields found in the TPM2 TCG ACPI specification (reference is in the patch) that allow access to the log's address and its size. We then modify the code that so far only enables access to a TPM 1.2's log for a TPM2 as well. This then enables access to the TPM2's log on non-UEFI system that for example run SeaBIOS. Stefan v6->v7: - Added empty lines and R-b. v5->v6: - Moved extensions of TPM2 table into acpi_tpm2_phy. v4->v5: - Added R-bs and A-bs. v3->v4: - Repost as one series v2->v3: - Split the series into two separate patches - Added comments to ACPI table fields - Added check for null pointer to log area and zero log size v1->v2: - Repost of the series Stefan Berger (2): acpi: Extend TPM2 ACPI table with missing log fields tpm: Add support for event log pointer found in TPM2 ACPI table drivers/char/tpm/eventlog/acpi.c | 62 +++++++++++++++++++++----------- include/acpi/actbl3.h | 7 ++++ 2 files changed, 48 insertions(+), 21 deletions(-) -- 2.26.2 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v7 1/2] acpi: Extend TPM2 ACPI table with missing log fields 2020-06-25 21:49 [PATCH v7 0/2] tpm2: Make TPM2 logs accessible for non-UEFI firmware Stefan Berger @ 2020-06-25 21:49 ` Stefan Berger 2020-06-25 21:50 ` [PATCH v7 2/2] tpm: Add support for event log pointer found in TPM2 ACPI table Stefan Berger 1 sibling, 0 replies; 4+ messages in thread From: Stefan Berger @ 2020-06-25 21:49 UTC (permalink / raw) To: linux-integrity, linux-kernel, jarkko.sakkinen, linux-acpi, linux-security-module Cc: Stefan Berger, Rafael J . Wysocki From: Stefan Berger <stefanb@linux.ibm.com> Recent extensions of the TPM2 ACPI table added 3 more fields including 12 bytes of start method specific parameters and Log Area Minimum Length (u32) and Log Area Start Address (u64). So, we define a new structure acpi_tpm2_phy that holds these optional new fields. The new fields allow non-UEFI systems to access the TPM2's log. The specification that has the new fields is the following: TCG ACPI Specification Family "1.2" and "2.0" Version 1.2, Revision 8 https://trustedcomputinggroup.org/wp-content/uploads/TCG_ACPIGeneralSpecification_v1.20_r8.pdf Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Cc: linux-acpi@vger.kernel.org Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- include/acpi/actbl3.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/acpi/actbl3.h b/include/acpi/actbl3.h index b0b163b9efc6..bdcac69fa6bd 100644 --- a/include/acpi/actbl3.h +++ b/include/acpi/actbl3.h @@ -415,6 +415,13 @@ struct acpi_table_tpm2 { /* Platform-specific data follows */ }; +/* Optional trailer for revision 4 holding platform-specific data */ +struct acpi_tpm2_phy { + u8 start_method_specific[12]; + u32 log_area_minimum_length; + u64 log_area_start_address; +}; + /* Values for start_method above */ #define ACPI_TPM2_NOT_ALLOWED 0 -- 2.26.2 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v7 2/2] tpm: Add support for event log pointer found in TPM2 ACPI table 2020-06-25 21:49 [PATCH v7 0/2] tpm2: Make TPM2 logs accessible for non-UEFI firmware Stefan Berger 2020-06-25 21:49 ` [PATCH v7 1/2] acpi: Extend TPM2 ACPI table with missing log fields Stefan Berger @ 2020-06-25 21:50 ` Stefan Berger 2020-06-26 13:27 ` Jarkko Sakkinen 1 sibling, 1 reply; 4+ messages in thread From: Stefan Berger @ 2020-06-25 21:50 UTC (permalink / raw) To: linux-integrity, linux-kernel, jarkko.sakkinen, linux-acpi, linux-security-module Cc: Stefan Berger From: Stefan Berger <stefanb@linux.ibm.com> In case a TPM2 is attached, search for a TPM2 ACPI table when trying to get the event log from ACPI. If one is found, use it to get the start and length of the log area. This allows non-UEFI systems, such as SeaBIOS, to pass an event log when using a TPM2. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- drivers/char/tpm/eventlog/acpi.c | 62 +++++++++++++++++++++----------- 1 file changed, 41 insertions(+), 21 deletions(-) diff --git a/drivers/char/tpm/eventlog/acpi.c b/drivers/char/tpm/eventlog/acpi.c index 63ada5e53f13..e2258cfa6cb1 100644 --- a/drivers/char/tpm/eventlog/acpi.c +++ b/drivers/char/tpm/eventlog/acpi.c @@ -49,9 +49,9 @@ int tpm_read_log_acpi(struct tpm_chip *chip) void __iomem *virt; u64 len, start; struct tpm_bios_log *log; - - if (chip->flags & TPM_CHIP_FLAG_TPM2) - return -ENODEV; + struct acpi_table_tpm2 *tbl; + struct acpi_tpm2_phy *t2phy; + int format; log = &chip->log; @@ -61,23 +61,43 @@ int tpm_read_log_acpi(struct tpm_chip *chip) if (!chip->acpi_dev_handle) return -ENODEV; - /* Find TCPA entry in RSDT (ACPI_LOGICAL_ADDRESSING) */ - status = acpi_get_table(ACPI_SIG_TCPA, 1, - (struct acpi_table_header **)&buff); - - if (ACPI_FAILURE(status)) - return -ENODEV; - - switch(buff->platform_class) { - case BIOS_SERVER: - len = buff->server.log_max_len; - start = buff->server.log_start_addr; - break; - case BIOS_CLIENT: - default: - len = buff->client.log_max_len; - start = buff->client.log_start_addr; - break; + if (chip->flags & TPM_CHIP_FLAG_TPM2) { + status = acpi_get_table("TPM2", 1, + (struct acpi_table_header **)&tbl); + if (ACPI_FAILURE(status)) + return -ENODEV; + + if (tbl->header.length < + sizeof(*tbl) + sizeof(struct acpi_tpm2_phy)) + return -ENODEV; + + t2phy = (void *)tbl + sizeof(*tbl); + len = t2phy->log_area_minimum_length; + + start = t2phy->log_area_start_address; + if (!start || !len) + return -ENODEV; + + format = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2; + } else { + /* Find TCPA entry in RSDT (ACPI_LOGICAL_ADDRESSING) */ + status = acpi_get_table(ACPI_SIG_TCPA, 1, + (struct acpi_table_header **)&buff); + if (ACPI_FAILURE(status)) + return -ENODEV; + + switch (buff->platform_class) { + case BIOS_SERVER: + len = buff->server.log_max_len; + start = buff->server.log_start_addr; + break; + case BIOS_CLIENT: + default: + len = buff->client.log_max_len; + start = buff->client.log_start_addr; + break; + } + format = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2; } if (!len) { dev_warn(&chip->dev, "%s: TCPA log area empty\n", __func__); @@ -98,7 +118,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip) memcpy_fromio(log->bios_event_log, virt, len); acpi_os_unmap_iomem(virt, len); - return EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2; + return format; err: kfree(log->bios_event_log); -- 2.26.2 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v7 2/2] tpm: Add support for event log pointer found in TPM2 ACPI table 2020-06-25 21:50 ` [PATCH v7 2/2] tpm: Add support for event log pointer found in TPM2 ACPI table Stefan Berger @ 2020-06-26 13:27 ` Jarkko Sakkinen 0 siblings, 0 replies; 4+ messages in thread From: Jarkko Sakkinen @ 2020-06-26 13:27 UTC (permalink / raw) To: Stefan Berger Cc: linux-integrity, linux-kernel, linux-acpi, linux-security-module, Stefan Berger On Thu, Jun 25, 2020 at 05:50:00PM -0400, Stefan Berger wrote: > From: Stefan Berger <stefanb@linux.ibm.com> > > In case a TPM2 is attached, search for a TPM2 ACPI table when trying > to get the event log from ACPI. If one is found, use it to get the > start and length of the log area. This allows non-UEFI systems, such > as SeaBIOS, to pass an event log when using a TPM2. > > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> > --- > drivers/char/tpm/eventlog/acpi.c | 62 +++++++++++++++++++++----------- > 1 file changed, 41 insertions(+), 21 deletions(-) > > diff --git a/drivers/char/tpm/eventlog/acpi.c b/drivers/char/tpm/eventlog/acpi.c > index 63ada5e53f13..e2258cfa6cb1 100644 > --- a/drivers/char/tpm/eventlog/acpi.c > +++ b/drivers/char/tpm/eventlog/acpi.c > @@ -49,9 +49,9 @@ int tpm_read_log_acpi(struct tpm_chip *chip) > void __iomem *virt; > u64 len, start; > struct tpm_bios_log *log; > - > - if (chip->flags & TPM_CHIP_FLAG_TPM2) > - return -ENODEV; > + struct acpi_table_tpm2 *tbl; > + struct acpi_tpm2_phy *t2phy; > + int format; > > log = &chip->log; > > @@ -61,23 +61,43 @@ int tpm_read_log_acpi(struct tpm_chip *chip) > if (!chip->acpi_dev_handle) > return -ENODEV; > > - /* Find TCPA entry in RSDT (ACPI_LOGICAL_ADDRESSING) */ > - status = acpi_get_table(ACPI_SIG_TCPA, 1, > - (struct acpi_table_header **)&buff); > - > - if (ACPI_FAILURE(status)) > - return -ENODEV; > - > - switch(buff->platform_class) { > - case BIOS_SERVER: > - len = buff->server.log_max_len; > - start = buff->server.log_start_addr; > - break; > - case BIOS_CLIENT: > - default: > - len = buff->client.log_max_len; > - start = buff->client.log_start_addr; > - break; > + if (chip->flags & TPM_CHIP_FLAG_TPM2) { > + status = acpi_get_table("TPM2", 1, > + (struct acpi_table_header **)&tbl); > + if (ACPI_FAILURE(status)) > + return -ENODEV; > + > + if (tbl->header.length < > + sizeof(*tbl) + sizeof(struct acpi_tpm2_phy)) > + return -ENODEV; > + > + t2phy = (void *)tbl + sizeof(*tbl); > + len = t2phy->log_area_minimum_length; > + > + start = t2phy->log_area_start_address; > + if (!start || !len) > + return -ENODEV; > + > + format = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2; > + } else { > + /* Find TCPA entry in RSDT (ACPI_LOGICAL_ADDRESSING) */ > + status = acpi_get_table(ACPI_SIG_TCPA, 1, > + (struct acpi_table_header **)&buff); > + if (ACPI_FAILURE(status)) > + return -ENODEV; > + > + switch (buff->platform_class) { > + case BIOS_SERVER: > + len = buff->server.log_max_len; > + start = buff->server.log_start_addr; > + break; > + case BIOS_CLIENT: > + default: > + len = buff->client.log_max_len; > + start = buff->client.log_start_addr; > + break; > + } Empty line as in the first branch after the conditional statement. > + format = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2; > } > if (!len) { > dev_warn(&chip->dev, "%s: TCPA log area empty\n", __func__); > @@ -98,7 +118,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip) > memcpy_fromio(log->bios_event_log, virt, len); > > acpi_os_unmap_iomem(virt, len); > - return EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2; > + return format; > > err: > kfree(log->bios_event_log); > -- > 2.26.2 > /Jarkko ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-06-26 13:27 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-06-25 21:49 [PATCH v7 0/2] tpm2: Make TPM2 logs accessible for non-UEFI firmware Stefan Berger 2020-06-25 21:49 ` [PATCH v7 1/2] acpi: Extend TPM2 ACPI table with missing log fields Stefan Berger 2020-06-25 21:50 ` [PATCH v7 2/2] tpm: Add support for event log pointer found in TPM2 ACPI table Stefan Berger 2020-06-26 13:27 ` Jarkko Sakkinen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).