From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Stefan Berger" <stefanb@linux.ibm.com>, <mpe@ellerman.id.au>,
<linux-integrity@vger.kernel.org>,
<linuxppc-dev@lists.ozlabs.org>
Cc: devicetree@vger.kernel.org, rnsastry@linux.ibm.com,
jsnitsel@redhat.com, linux-kernel@vger.kernel.org,
peterhuewe@gmx.de, viparash@in.ibm.com
Subject: Re: [RFC PATCH v2 1/3] powerpc/prom_init: Replace linux,sml-base/sml-size with linux,sml-log
Date: Mon, 11 Mar 2024 22:21:38 +0200 [thread overview]
Message-ID: <CZR7866WNY28.3KDPSXW81I82N@kernel.org> (raw)
In-Reply-To: <20240311132030.1103122-2-stefanb@linux.ibm.com>
On Mon Mar 11, 2024 at 3:20 PM EET, Stefan Berger wrote:
> linux,sml-base holds the address of a buffer with the TPM log. This
> buffer may become invalid after a kexec. To avoid accessing an invalid
> address or corrupted buffer, embed the whole TPM log in the device tree
> property linux,sml-log. This helps to protect the log since it is
> properly carried across a kexec soft reboot with both of the kexec
> syscalls.
- Describe the environment where TPM log gets corrupted.
- Describe why TPM log gets corrupted on kexec.
>
> Avoid having the firmware ingest the whole TPM log when calling
> prom_setprop but only create the linux,sml-log property as a place holder.
> Insert the actual TPM log during the tree flattening phase.
This commit message should shed some light about reasons of the
corruption in order to conclude that it should be fixed up like
this. I.e. why the "post-state" is a legit state where can be
continued despite a log being corrupted. Especially in security
features this is pretty essential information.
BR, Jarkko
next prev parent reply other threads:[~2024-03-11 20:22 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-11 13:20 [RFC PATCH v2 0/3] Preserve TPM log across kexec Stefan Berger
2024-03-11 13:20 ` [RFC PATCH v2 1/3] powerpc/prom_init: Replace linux,sml-base/sml-size with linux,sml-log Stefan Berger
2024-03-11 17:24 ` Christophe Leroy
2024-03-11 19:10 ` Stefan Berger
2024-03-11 17:47 ` Jerry Snitselaar
2024-03-11 20:21 ` Jarkko Sakkinen [this message]
2024-03-11 13:20 ` [RFC PATCH v2 2/3] dt-bindings: tpm: Add linux,sml-log to ibm,vtpm.yaml Stefan Berger
2024-03-12 11:11 ` Lukas Wunner
2024-03-12 14:12 ` Stefan Berger
2024-03-12 15:52 ` Jarkko Sakkinen
2024-03-11 13:20 ` [RFC PATCH v2 3/3] tpm: of: If available use linux,sml-log to get the log and its size Stefan Berger
2024-03-11 20:25 ` Jarkko Sakkinen
2024-03-11 20:33 ` Stefan Berger
2024-03-12 15:43 ` Jarkko Sakkinen
2024-03-12 19:37 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CZR7866WNY28.3KDPSXW81I82N@kernel.org \
--to=jarkko@kernel.org \
--cc=devicetree@vger.kernel.org \
--cc=jsnitsel@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=peterhuewe@gmx.de \
--cc=rnsastry@linux.ibm.com \
--cc=stefanb@linux.ibm.com \
--cc=viparash@in.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).