Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v4] tpm: Parse event log from TPM2 ACPI table
@ 2019-08-31  5:10 Jordan Hand
  2019-08-31 17:15 ` kbuild test robot
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Jordan Hand @ 2019-08-31  5:10 UTC (permalink / raw)
  To: jarkko.sakkinen
  Cc: Jordan Hand, Peter Huewe, Jason Gunthorpe, Arnd Bergmann,
	Greg Kroah-Hartman, Thomas Gleixner, Allison Randal,
	linux-integrity, linux-kernel

For systems with a TPM2 chip which use ACPI to expose event logs, retrieve the
crypto-agile event log from the TPM2 ACPI table. The TPM2 table is defined
in section 7.3 of the TCG ACPI Specification (see link).

The TPM2 table is used by SeaBIOS in place of the TCPA table when the system's
TPM is version 2.0 to denote (among other metadata) the location of the
crypto-agile log.

Link: https://trustedcomputinggroup.org/resource/tcg-acpi-specification/
Signed-off-by: Jordan Hand <jorhand@linux.microsoft.com>
---
 drivers/char/tpm/eventlog/acpi.c | 60 ++++++++++++++++++++++----------
 1 file changed, 41 insertions(+), 19 deletions(-)

diff --git a/drivers/char/tpm/eventlog/acpi.c b/drivers/char/tpm/eventlog/acpi.c
index 63ada5e53f13..38a8bcec1dd5 100644
--- a/drivers/char/tpm/eventlog/acpi.c
+++ b/drivers/char/tpm/eventlog/acpi.c
@@ -41,17 +41,23 @@ struct acpi_tcpa {
 	};
 };
 
+/* If an event log is present, the TPM2 ACPI table will contain the full
+ * trailer
+ */
+
 /* read binary bios log */
 int tpm_read_log_acpi(struct tpm_chip *chip)
 {
-	struct acpi_tcpa *buff;
+	struct acpi_table_header *buff;
+	struct acpi_tcpa *tcpa;
+	struct acpi_tpm2_trailer *tpm2_trailer;
 	acpi_status status;
 	void __iomem *virt;
 	u64 len, start;
+	int log_type;
 	struct tpm_bios_log *log;
-
-	if (chip->flags & TPM_CHIP_FLAG_TPM2)
-		return -ENODEV;
+	bool is_tpm2 = chip->flags & TPM_CHIP_FLAG_TPM2;
+	acpi_string table_sig;
 
 	log = &chip->log;
 
@@ -61,26 +67,42 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
 	if (!chip->acpi_dev_handle)
 		return -ENODEV;
 
-	/* Find TCPA entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
-	status = acpi_get_table(ACPI_SIG_TCPA, 1,
-				(struct acpi_table_header **)&buff);
+	/* Find TCPA or TPM2 entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
+	table_sig = is_tpm2 ? ACPI_SIG_TPM2 : ACPI_SIG_TCPA;
+	status = acpi_get_table(table_sig, 1, &buff);
 
 	if (ACPI_FAILURE(status))
 		return -ENODEV;
 
-	switch(buff->platform_class) {
-	case BIOS_SERVER:
-		len = buff->server.log_max_len;
-		start = buff->server.log_start_addr;
-		break;
-	case BIOS_CLIENT:
-	default:
-		len = buff->client.log_max_len;
-		start = buff->client.log_start_addr;
-		break;
+	if (!is_tpm2) {
+		tcpa = (struct acpi_tcpa *)buff;
+		switch (tcpa->platform_class) {
+		case BIOS_SERVER:
+			len = tcpa->server.log_max_len;
+			start = tcpa->server.log_start_addr;
+			break;
+		case BIOS_CLIENT:
+		default:
+			len = tcpa->client.log_max_len;
+			start = tcpa->client.log_start_addr;
+			break;
+		}
+		log_type = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
+	} else if (buff->length ==
+		   sizeof(struct acpi_table_tpm2) +
+		   sizeof(struct acpi_tpm2_trailer)) {
+		tpm2_trailer = (struct acpi_tpm2_trailer *)buff;
+
+		len = tpm2_trailer.minimum_log_length;
+		start = tpm2_trailer.log_address;
+		log_type = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
+	} else {
+		return -ENODEV;
 	}
+
 	if (!len) {
-		dev_warn(&chip->dev, "%s: TCPA log area empty\n", __func__);
+		dev_warn(&chip->dev, "%s: %s log area empty\n",
+			 __func__, table_sig);
 		return -EIO;
 	}
 
@@ -98,7 +120,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
 	memcpy_fromio(log->bios_event_log, virt, len);
 
 	acpi_os_unmap_iomem(virt, len);
-	return EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
+	return log_type;
 
 err:
 	kfree(log->bios_event_log);
-- 
2.20.1


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v4] tpm: Parse event log from TPM2 ACPI table
  2019-08-31  5:10 [PATCH v4] tpm: Parse event log from TPM2 ACPI table Jordan Hand
@ 2019-08-31 17:15 ` kbuild test robot
  2019-09-02 13:46 ` Jarkko Sakkinen
  2019-09-03 18:27 ` Jerry Snitselaar
  2 siblings, 0 replies; 5+ messages in thread
From: kbuild test robot @ 2019-08-31 17:15 UTC (permalink / raw)
  To: Jordan Hand
  Cc: kbuild-all, jarkko.sakkinen, Jordan Hand, Peter Huewe,
	Jason Gunthorpe, Arnd Bergmann, Greg Kroah-Hartman,
	Thomas Gleixner, Allison Randal, linux-integrity, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 4083 bytes --]

Hi Jordan,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on jss-tpmdd/next]
[cannot apply to v5.3-rc6 next-20190830]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Jordan-Hand/tpm-Parse-event-log-from-TPM2-ACPI-table/20190831-234702
base:   git://git.infradead.org/users/jjs/linux-tpmdd next
config: x86_64-rhel (attached as .config)
compiler: gcc-7 (Debian 7.4.0-11) 7.4.0
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   drivers/char/tpm/eventlog/acpi.c: In function 'tpm_read_log_acpi':
>> drivers/char/tpm/eventlog/acpi.c:96:21: error: 'tpm2_trailer' is a pointer; did you mean to use '->'?
      len = tpm2_trailer.minimum_log_length;
                        ^
                        ->
   drivers/char/tpm/eventlog/acpi.c:97:23: error: 'tpm2_trailer' is a pointer; did you mean to use '->'?
      start = tpm2_trailer.log_address;
                          ^
                          ->

vim +96 drivers/char/tpm/eventlog/acpi.c

    43	
    44	/* If an event log is present, the TPM2 ACPI table will contain the full
    45	 * trailer
    46	 */
    47	
    48	/* read binary bios log */
    49	int tpm_read_log_acpi(struct tpm_chip *chip)
    50	{
    51		struct acpi_table_header *buff;
    52		struct acpi_tcpa *tcpa;
    53		struct acpi_tpm2_trailer *tpm2_trailer;
    54		acpi_status status;
    55		void __iomem *virt;
    56		u64 len, start;
    57		int log_type;
    58		struct tpm_bios_log *log;
    59		bool is_tpm2 = chip->flags & TPM_CHIP_FLAG_TPM2;
    60		acpi_string table_sig;
    61	
    62		log = &chip->log;
    63	
    64		/* Unfortuntely ACPI does not associate the event log with a specific
    65		 * TPM, like PPI. Thus all ACPI TPMs will read the same log.
    66		 */
    67		if (!chip->acpi_dev_handle)
    68			return -ENODEV;
    69	
    70		/* Find TCPA or TPM2 entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
    71		table_sig = is_tpm2 ? ACPI_SIG_TPM2 : ACPI_SIG_TCPA;
    72		status = acpi_get_table(table_sig, 1, &buff);
    73	
    74		if (ACPI_FAILURE(status))
    75			return -ENODEV;
    76	
    77		if (!is_tpm2) {
    78			tcpa = (struct acpi_tcpa *)buff;
    79			switch (tcpa->platform_class) {
    80			case BIOS_SERVER:
    81				len = tcpa->server.log_max_len;
    82				start = tcpa->server.log_start_addr;
    83				break;
    84			case BIOS_CLIENT:
    85			default:
    86				len = tcpa->client.log_max_len;
    87				start = tcpa->client.log_start_addr;
    88				break;
    89			}
    90			log_type = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
    91		} else if (buff->length ==
    92			   sizeof(struct acpi_table_tpm2) +
    93			   sizeof(struct acpi_tpm2_trailer)) {
    94			tpm2_trailer = (struct acpi_tpm2_trailer *)buff;
    95	
  > 96			len = tpm2_trailer.minimum_log_length;
    97			start = tpm2_trailer.log_address;
    98			log_type = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
    99		} else {
   100			return -ENODEV;
   101		}
   102	
   103		if (!len) {
   104			dev_warn(&chip->dev, "%s: %s log area empty\n",
   105				 __func__, table_sig);
   106			return -EIO;
   107		}
   108	
   109		/* malloc EventLog space */
   110		log->bios_event_log = kmalloc(len, GFP_KERNEL);
   111		if (!log->bios_event_log)
   112			return -ENOMEM;
   113	
   114		log->bios_event_log_end = log->bios_event_log + len;
   115	
   116		virt = acpi_os_map_iomem(start, len);
   117		if (!virt)
   118			goto err;
   119	
   120		memcpy_fromio(log->bios_event_log, virt, len);
   121	
   122		acpi_os_unmap_iomem(virt, len);
   123		return log_type;
   124	
   125	err:
   126		kfree(log->bios_event_log);
   127		log->bios_event_log = NULL;
   128		return -EIO;
   129	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 43523 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v4] tpm: Parse event log from TPM2 ACPI table
  2019-08-31  5:10 [PATCH v4] tpm: Parse event log from TPM2 ACPI table Jordan Hand
  2019-08-31 17:15 ` kbuild test robot
@ 2019-09-02 13:46 ` Jarkko Sakkinen
  2019-09-03 18:27 ` Jerry Snitselaar
  2 siblings, 0 replies; 5+ messages in thread
From: Jarkko Sakkinen @ 2019-09-02 13:46 UTC (permalink / raw)
  To: Jordan Hand
  Cc: Peter Huewe, Jason Gunthorpe, Arnd Bergmann, Greg Kroah-Hartman,
	Thomas Gleixner, Allison Randal, linux-integrity, linux-kernel

On Fri, Aug 30, 2019 at 10:10:27PM -0700, Jordan Hand wrote:
> For systems with a TPM2 chip which use ACPI to expose event logs, retrieve the
> crypto-agile event log from the TPM2 ACPI table. The TPM2 table is defined
> in section 7.3 of the TCG ACPI Specification (see link).
> 
> The TPM2 table is used by SeaBIOS in place of the TCPA table when the system's
> TPM is version 2.0 to denote (among other metadata) the location of the
> crypto-agile log.
> 
> Link: https://trustedcomputinggroup.org/resource/tcg-acpi-specification/
> Signed-off-by: Jordan Hand <jorhand@linux.microsoft.com>

Where is the changelog for v2 and v3 i.e. what happened in those
updates?

/Jarkko

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v4] tpm: Parse event log from TPM2 ACPI table
  2019-08-31  5:10 [PATCH v4] tpm: Parse event log from TPM2 ACPI table Jordan Hand
  2019-08-31 17:15 ` kbuild test robot
  2019-09-02 13:46 ` Jarkko Sakkinen
@ 2019-09-03 18:27 ` Jerry Snitselaar
  2019-09-03 19:15   ` Jordan Hand
  2 siblings, 1 reply; 5+ messages in thread
From: Jerry Snitselaar @ 2019-09-03 18:27 UTC (permalink / raw)
  To: Jordan Hand
  Cc: jarkko.sakkinen, Peter Huewe, Jason Gunthorpe, Arnd Bergmann,
	Greg Kroah-Hartman, Thomas Gleixner, Allison Randal,
	linux-integrity, linux-kernel

On Fri Aug 30 19, Jordan Hand wrote:
>For systems with a TPM2 chip which use ACPI to expose event logs, retrieve the
>crypto-agile event log from the TPM2 ACPI table. The TPM2 table is defined
>in section 7.3 of the TCG ACPI Specification (see link).
>
>The TPM2 table is used by SeaBIOS in place of the TCPA table when the system's
>TPM is version 2.0 to denote (among other metadata) the location of the
>crypto-agile log.
>
>Link: https://trustedcomputinggroup.org/resource/tcg-acpi-specification/
>Signed-off-by: Jordan Hand <jorhand@linux.microsoft.com>
>---
> drivers/char/tpm/eventlog/acpi.c | 60 ++++++++++++++++++++++----------
> 1 file changed, 41 insertions(+), 19 deletions(-)
>
>diff --git a/drivers/char/tpm/eventlog/acpi.c b/drivers/char/tpm/eventlog/acpi.c
>index 63ada5e53f13..38a8bcec1dd5 100644
>--- a/drivers/char/tpm/eventlog/acpi.c
>+++ b/drivers/char/tpm/eventlog/acpi.c
>@@ -41,17 +41,23 @@ struct acpi_tcpa {
> 	};
> };
>
>+/* If an event log is present, the TPM2 ACPI table will contain the full
>+ * trailer
>+ */
>+
> /* read binary bios log */
> int tpm_read_log_acpi(struct tpm_chip *chip)
> {
>-	struct acpi_tcpa *buff;
>+	struct acpi_table_header *buff;
>+	struct acpi_tcpa *tcpa;
>+	struct acpi_tpm2_trailer *tpm2_trailer;
> 	acpi_status status;
> 	void __iomem *virt;
> 	u64 len, start;
>+	int log_type;
> 	struct tpm_bios_log *log;
>-
>-	if (chip->flags & TPM_CHIP_FLAG_TPM2)
>-		return -ENODEV;
>+	bool is_tpm2 = chip->flags & TPM_CHIP_FLAG_TPM2;
>+	acpi_string table_sig;
>
> 	log = &chip->log;
>
>@@ -61,26 +67,42 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
> 	if (!chip->acpi_dev_handle)
> 		return -ENODEV;
>
>-	/* Find TCPA entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
>-	status = acpi_get_table(ACPI_SIG_TCPA, 1,
>-				(struct acpi_table_header **)&buff);
>+	/* Find TCPA or TPM2 entry in RSDT (ACPI_LOGICAL_ADDRESSING) */
>+	table_sig = is_tpm2 ? ACPI_SIG_TPM2 : ACPI_SIG_TCPA;
>+	status = acpi_get_table(table_sig, 1, &buff);
>
> 	if (ACPI_FAILURE(status))
> 		return -ENODEV;
>
>-	switch(buff->platform_class) {
>-	case BIOS_SERVER:
>-		len = buff->server.log_max_len;
>-		start = buff->server.log_start_addr;
>-		break;
>-	case BIOS_CLIENT:
>-	default:
>-		len = buff->client.log_max_len;
>-		start = buff->client.log_start_addr;
>-		break;
>+	if (!is_tpm2) {
>+		tcpa = (struct acpi_tcpa *)buff;
>+		switch (tcpa->platform_class) {
>+		case BIOS_SERVER:
>+			len = tcpa->server.log_max_len;
>+			start = tcpa->server.log_start_addr;
>+			break;
>+		case BIOS_CLIENT:
>+		default:
>+			len = tcpa->client.log_max_len;
>+			start = tcpa->client.log_start_addr;
>+			break;
>+		}
>+		log_type = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
>+	} else if (buff->length ==
>+		   sizeof(struct acpi_table_tpm2) +
>+		   sizeof(struct acpi_tpm2_trailer)) {
>+		tpm2_trailer = (struct acpi_tpm2_trailer *)buff;
>+
>+		len = tpm2_trailer.minimum_log_length;
>+		start = tpm2_trailer.log_address;

Are your builds not failing here? Both v3 and v4 have this.

>+		log_type = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
>+	} else {
>+		return -ENODEV;
> 	}
>+
> 	if (!len) {
>-		dev_warn(&chip->dev, "%s: TCPA log area empty\n", __func__);
>+		dev_warn(&chip->dev, "%s: %s log area empty\n",
>+			 __func__, table_sig);
> 		return -EIO;
> 	}
>
>@@ -98,7 +120,7 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
> 	memcpy_fromio(log->bios_event_log, virt, len);
>
> 	acpi_os_unmap_iomem(virt, len);
>-	return EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
>+	return log_type;
>
> err:
> 	kfree(log->bios_event_log);
>-- 
>2.20.1
>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v4] tpm: Parse event log from TPM2 ACPI table
  2019-09-03 18:27 ` Jerry Snitselaar
@ 2019-09-03 19:15   ` Jordan Hand
  0 siblings, 0 replies; 5+ messages in thread
From: Jordan Hand @ 2019-09-03 19:15 UTC (permalink / raw)
  To: jarkko.sakkinen, Peter Huewe, Jason Gunthorpe, Arnd Bergmann,
	Greg Kroah-Hartman, Thomas Gleixner, Allison Randal,
	linux-integrity, linux-kernel

On 9/3/19 11:27 AM, Jerry Snitselaar wrote:
>> +        len = tpm2_trailer.minimum_log_length;
>> +        start = tpm2_trailer.log_address;
> 
> Are your builds not failing here? Both v3 and v4 have this.
> 

Ya, I saw the kbuild bot failure and fixed in v5. I'm not entirely sure
why I didn't catch it locally. Maybe a was compiling against the wrong
tree or something silly like that.

Thanks,
Jordan

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, back to index

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-31  5:10 [PATCH v4] tpm: Parse event log from TPM2 ACPI table Jordan Hand
2019-08-31 17:15 ` kbuild test robot
2019-09-02 13:46 ` Jarkko Sakkinen
2019-09-03 18:27 ` Jerry Snitselaar
2019-09-03 19:15   ` Jordan Hand

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org linux-integrity@archiver.kernel.org
	public-inbox-index linux-integrity


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/ public-inbox