* TPM2.0: No binary_bios_measurements file in securityFS
@ 2017-09-11 22:44 Nasim, Kam
[not found] ` <CA352AD04C14CE4985F6AEB6AB8C130E3EDB8751-/c0cZIGrDsgyzarUywkIaosyD1qQU09I@public.gmane.org>
0 siblings, 1 reply; 5+ messages in thread
From: Nasim, Kam @ 2017-09-11 22:44 UTC (permalink / raw)
To: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
[-- Attachment #1.1: Type: text/plain, Size: 1607 bytes --]
Hi folks,
I am building my TPM 2.0 driver as Kernel modules (tpm.ko, tpm_tis_core.ko and tpm_tis.ko).
I noticed that while my /sys/kernel/security directory is created and mounted to securityFS, it is empty.
Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is being done during chip registration:
if (chip->flags & TPM_CHIP_FLAG_TPM2)
chip->bin_log_seqops.seqops =
&tpm2_binary_b_measurements_seqops;
else
chip->bin_log_seqops.seqops =
&tpm_binary_b_measurements_seqops;
chip->bios_dir[cnt] =
securityfs_create_file("binary_bios_measurements",
0440, chip->bios_dir[0],
(void *)&chip->bin_log_seqops,
&tpm_bios_measurements_ops);
if (IS_ERR(chip->bios_dir[cnt]))
goto err;
My TPM modules are loaded properly and I can interact with TPM using userspace TSS2 applications:
$ sudo lsmod | grep tpm
Password:
tpm_crb 6458 0
tpm_tis 5950 0
tpm_tis_core 10054 1 tpm_tis
tpm 48093 3 tpm_crb,tpm_tis,tpm_tis_core
2017-09-08T19:39:16.239 controller-0 kernel: warning [ 0.000000] ACPI: TPM2 000000007b7c8000 00034 (v03 INTEL S2600WT 00000002 INTL 01000013)
2017-09-08T19:39:16.252 controller-0 kernel: info [ 5.457568] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16)
How and when would this file be created? For that matter I don't even have a /sys/devices/pnp0/<pnp#>/pcrs file present
(I am on CentOS 7.3)
Thoughts?
Thanks,
Kam
[-- Attachment #1.2: Type: text/html, Size: 7084 bytes --]
[-- Attachment #2: Type: text/plain, Size: 202 bytes --]
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
[-- Attachment #3: Type: text/plain, Size: 192 bytes --]
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: TPM2.0: No binary_bios_measurements file in securityFS
[not found] ` <CA352AD04C14CE4985F6AEB6AB8C130E3EDB8751-/c0cZIGrDsgyzarUywkIaosyD1qQU09I@public.gmane.org>
@ 2017-09-12 6:40 ` Thiebaud Weksteen via tpmdd-devel
[not found] ` <CA+zpnLcwMaHAEEE0rTnL-TLixK6J7mXpX8t=J7QVxk8nLEMxAw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-09-13 12:03 ` Nayna Jain
1 sibling, 1 reply; 5+ messages in thread
From: Thiebaud Weksteen via tpmdd-devel @ 2017-09-12 6:40 UTC (permalink / raw)
To: Nasim, Kam; +Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
[-- Attachment #1.1: Type: text/plain, Size: 2563 bytes --]
Hi Kam,
Access to the binary event log for TPM 2.0 is not fully supported. I've
recently sent a patch to implement it: https://lkml.org/lkml/2017/9/11/118
Thanks,
Thiebaud
On Tue, Sep 12, 2017 at 12:44 AM, Nasim, Kam <Kam.Nasim-CWA4WttNNZF54TAoqtyWWQ@public.gmane.org>
wrote:
> Hi folks,
>
>
> I am building my TPM 2.0 driver as Kernel modules (tpm.ko, tpm_tis_core.ko
> and tpm_tis.ko).
>
>
>
> I noticed that while my /sys/kernel/security directory is created and
> mounted to securityFS, it is empty.
>
>
>
> Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is
> being done during chip registration:
>
>
>
> if (chip->flags & TPM_CHIP_FLAG_TPM2)
>
> chip->bin_log_seqops.seqops =
>
> &tpm2_binary_b_measurements_seqops;
>
> else
>
> chip->bin_log_seqops.seqops =
>
> &tpm_binary_b_measurements_seqops;
>
>
>
>
>
> chip->bios_dir[cnt] =
>
> securityfs_create_file("binary_bios_measurements",
>
> 0440, chip->bios_dir[0],
>
> (void *)&chip->bin_log_seqops,
>
> &tpm_bios_measurements_ops);
>
> if (IS_ERR(chip->bios_dir[cnt]))
>
> goto err;
>
>
>
>
>
> My TPM modules are loaded properly and I can interact with TPM using
> userspace TSS2 applications:
>
>
>
> $ sudo lsmod | grep tpm
>
> Password:
>
> tpm_crb 6458 0
>
> tpm_tis 5950 0
>
> tpm_tis_core 10054 1 tpm_tis
>
> tpm 48093 3 tpm_crb,tpm_tis,tpm_tis_core
>
>
>
>
>
> 2017-09-08T19:39:16.239 controller-0 kernel: warning [ 0.000000] ACPI:
> TPM2 000000007b7c8000 00034 (v03 INTEL S2600WT 00000002 INTL 01000013)
>
> 2017-09-08T19:39:16.252 controller-0 kernel: info [ 5.457568] tpm_tis
> MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16)
>
>
>
>
>
> How and when would this file be created? For that matter I don’t even have
> a /sys/devices/pnp0/<pnp#>/pcrs file present
>
> (I am on CentOS 7.3)
>
>
>
>
>
> Thoughts?
>
>
>
> Thanks,
>
> Kam
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> tpmdd-devel mailing list
> tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
>
>
[-- Attachment #1.2: Type: text/html, Size: 6461 bytes --]
[-- Attachment #2: Type: text/plain, Size: 202 bytes --]
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
[-- Attachment #3: Type: text/plain, Size: 192 bytes --]
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: TPM2.0: No binary_bios_measurements file in securityFS
[not found] ` <CA+zpnLcwMaHAEEE0rTnL-TLixK6J7mXpX8t=J7QVxk8nLEMxAw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2017-09-12 14:17 ` Nasim, Kam
0 siblings, 0 replies; 5+ messages in thread
From: Nasim, Kam @ 2017-09-12 14:17 UTC (permalink / raw)
To: Thiebaud Weksteen; +Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
[-- Attachment #1.1: Type: text/plain, Size: 2816 bytes --]
Thanks Thiebaud. I am going to apply your patch and give it a go.
So just to confirm, did /sys/kernel/security/tpm0/binary_bios_measurements never worked for TPM 2.0? I am using a grub bootloader btw (not UEFI or any other form of Secure / Trusted boot)
From: Thiebaud Weksteen [mailto:tweek@google.com]
Sent: Tuesday, September 12, 2017 2:41 AM
To: Nasim, Kam
Cc: tpmdd-devel@lists.sourceforge.net
Subject: Re: [tpmdd-devel] TPM2.0: No binary_bios_measurements file in securityFS
Hi Kam,
Access to the binary event log for TPM 2.0 is not fully supported. I've recently sent a patch to implement it: https://lkml.org/lkml/2017/9/11/118
Thanks,
Thiebaud
On Tue, Sep 12, 2017 at 12:44 AM, Nasim, Kam <Kam.Nasim@windriver.com<mailto:Kam.Nasim@windriver.com>> wrote:
Hi folks,
I am building my TPM 2.0 driver as Kernel modules (tpm.ko, tpm_tis_core.ko and tpm_tis.ko).
I noticed that while my /sys/kernel/security directory is created and mounted to securityFS, it is empty.
Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is being done during chip registration:
if (chip->flags & TPM_CHIP_FLAG_TPM2)
chip->bin_log_seqops.seqops =
&tpm2_binary_b_measurements_seqops;
else
chip->bin_log_seqops.seqops =
&tpm_binary_b_measurements_seqops;
chip->bios_dir[cnt] =
securityfs_create_file("binary_bios_measurements",
0440, chip->bios_dir[0],
(void *)&chip->bin_log_seqops,
&tpm_bios_measurements_ops);
if (IS_ERR(chip->bios_dir[cnt]))
goto err;
My TPM modules are loaded properly and I can interact with TPM using userspace TSS2 applications:
$ sudo lsmod | grep tpm
Password:
tpm_crb 6458 0
tpm_tis 5950 0
tpm_tis_core 10054 1 tpm_tis
tpm 48093 3 tpm_crb,tpm_tis,tpm_tis_core
2017-09-08T19:39:16.239 controller-0 kernel: warning [ 0.000000] ACPI: TPM2 000000007b7c8000 00034 (v03 INTEL S2600WT 00000002 INTL 01000013)
2017-09-08T19:39:16.252 controller-0 kernel: info [ 5.457568] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16)
How and when would this file be created? For that matter I don’t even have a /sys/devices/pnp0/<pnp#>/pcrs file present
(I am on CentOS 7.3)
Thoughts?
Thanks,
Kam
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net<mailto:tpmdd-devel@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[-- Attachment #1.2: Type: text/html, Size: 12661 bytes --]
[-- Attachment #2: Type: text/plain, Size: 202 bytes --]
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
[-- Attachment #3: Type: text/plain, Size: 192 bytes --]
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: TPM2.0: No binary_bios_measurements file in securityFS
[not found] ` <CA352AD04C14CE4985F6AEB6AB8C130E3EDB8751-/c0cZIGrDsgyzarUywkIaosyD1qQU09I@public.gmane.org>
2017-09-12 6:40 ` Thiebaud Weksteen via tpmdd-devel
@ 2017-09-13 12:03 ` Nayna Jain
[not found] ` <e9ea0327-ba94-cd19-f35f-dbfae5c8ab03-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
1 sibling, 1 reply; 5+ messages in thread
From: Nayna Jain @ 2017-09-13 12:03 UTC (permalink / raw)
To: Nasim, Kam, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
[-- Attachment #1.1: Type: text/plain, Size: 2339 bytes --]
On 09/12/2017 04:14 AM, Nasim, Kam wrote:
>
> Hi folks,
>
>
> I am building my TPM 2.0 driver as Kernel modules (tpm.ko,
> tpm_tis_core.ko and tpm_tis.ko).
>
> I noticed that while my /sys/kernel/security directory is created and
> mounted to securityFS, it is empty.
>
> Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is
> being done during chip registration:
>
TPM 2.0 binary_bios_measurements event log file support is currently not
available for ACPI based platform. It is only for device tree based
platform. And I think you are using ACPI.
Thanks & Regards,
- Nayna
>
> if (chip->flags & TPM_CHIP_FLAG_TPM2)
>
> chip->bin_log_seqops.seqops =
>
> &tpm2_binary_b_measurements_seqops;
>
> else
>
> chip->bin_log_seqops.seqops =
>
> &tpm_binary_b_measurements_seqops;
>
> chip->bios_dir[cnt] =
>
> securityfs_create_file("binary_bios_measurements",
>
> 0440, chip->bios_dir[0],
>
> (void *)&chip->bin_log_seqops,
>
> &tpm_bios_measurements_ops);
>
> if (IS_ERR(chip->bios_dir[cnt]))
>
> goto err;
>
> My TPM modules are loaded properly and I can interact with TPM using
> userspace TSS2 applications:
>
> $ sudo lsmod | grep tpm
>
> Password:
>
> tpm_crb 6458 0
>
> tpm_tis 5950 0
>
> tpm_tis_core 10054 1 tpm_tis
>
> tpm 48093 3 tpm_crb,tpm_tis,tpm_tis_core
>
> 2017-09-08T19:39:16.239 controller-0 kernel: warning [ 0.000000]
> ACPI: TPM2 000000007b7c8000 00034 (v03 INTEL S2600WT 00000002 INTL
> 01000013)
>
> 2017-09-08T19:39:16.252 controller-0 kernel: info [ 5.457568]
> tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16)
>
> How and when would this file be created? For that matter I don’t even
> have a /sys/devices/pnp0/<pnp#>/pcrs file present
>
> (I am on CentOS 7.3)
>
> Thoughts?
>
> Thanks,
>
> Kam
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> tpmdd-devel mailing list
> tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[-- Attachment #1.2: Type: text/html, Size: 8456 bytes --]
[-- Attachment #2: Type: text/plain, Size: 202 bytes --]
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
[-- Attachment #3: Type: text/plain, Size: 192 bytes --]
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: TPM2.0: No binary_bios_measurements file in securityFS
[not found] ` <e9ea0327-ba94-cd19-f35f-dbfae5c8ab03-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
@ 2017-09-13 15:01 ` Nasim, Kam
0 siblings, 0 replies; 5+ messages in thread
From: Nasim, Kam @ 2017-09-13 15:01 UTC (permalink / raw)
To: Nayna Jain, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
[-- Attachment #1.1: Type: text/plain, Size: 3075 bytes --]
Thank you Nayna for getting back to me, yes I am using ACPI so that would explain it.
Which brings me to my last issue, I am not seeing the PCRS file in either of these locations:
/sys/devices/pnp0/<pnp#>/pcrs
/sys/devices/platform/tpm_tis/pcrs
I am loading TPM as kernel modules so is this behavior not supported when TPM is not built-in, or are these files specific to TPM 1.2?
Thanks,
Kam
From: Nayna Jain [mailto:nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org]
Sent: Wednesday, September 13, 2017 8:04 AM
To: Nasim, Kam; tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: [tpmdd-devel] TPM2.0: No binary_bios_measurements file in securityFS
On 09/12/2017 04:14 AM, Nasim, Kam wrote:
Hi folks,
I am building my TPM 2.0 driver as Kernel modules (tpm.ko, tpm_tis_core.ko and tpm_tis.ko).
I noticed that while my /sys/kernel/security directory is created and mounted to securityFS, it is empty.
Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is being done during chip registration:
TPM 2.0 binary_bios_measurements event log file support is currently not available for ACPI based platform. It is only for device tree based platform. And I think you are using ACPI.
Thanks & Regards,
- Nayna
if (chip->flags & TPM_CHIP_FLAG_TPM2)
chip->bin_log_seqops.seqops =
&tpm2_binary_b_measurements_seqops;
else
chip->bin_log_seqops.seqops =
&tpm_binary_b_measurements_seqops;
chip->bios_dir[cnt] =
securityfs_create_file("binary_bios_measurements",
0440, chip->bios_dir[0],
(void *)&chip->bin_log_seqops,
&tpm_bios_measurements_ops);
if (IS_ERR(chip->bios_dir[cnt]))
goto err;
My TPM modules are loaded properly and I can interact with TPM using userspace TSS2 applications:
$ sudo lsmod | grep tpm
Password:
tpm_crb 6458 0
tpm_tis 5950 0
tpm_tis_core 10054 1 tpm_tis
tpm 48093 3 tpm_crb,tpm_tis,tpm_tis_core
2017-09-08T19:39:16.239 controller-0 kernel: warning [ 0.000000] ACPI: TPM2 000000007b7c8000 00034 (v03 INTEL S2600WT 00000002 INTL 01000013)
2017-09-08T19:39:16.252 controller-0 kernel: info [ 5.457568] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16)
How and when would this file be created? For that matter I don't even have a /sys/devices/pnp0/<pnp#>/pcrs file present
(I am on CentOS 7.3)
Thoughts?
Thanks,
Kam
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org<mailto:tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
[-- Attachment #1.2: Type: text/html, Size: 11548 bytes --]
[-- Attachment #2: Type: text/plain, Size: 202 bytes --]
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
[-- Attachment #3: Type: text/plain, Size: 192 bytes --]
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-09-13 15:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-11 22:44 TPM2.0: No binary_bios_measurements file in securityFS Nasim, Kam
[not found] ` <CA352AD04C14CE4985F6AEB6AB8C130E3EDB8751-/c0cZIGrDsgyzarUywkIaosyD1qQU09I@public.gmane.org>
2017-09-12 6:40 ` Thiebaud Weksteen via tpmdd-devel
[not found] ` <CA+zpnLcwMaHAEEE0rTnL-TLixK6J7mXpX8t=J7QVxk8nLEMxAw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-09-12 14:17 ` Nasim, Kam
2017-09-13 12:03 ` Nayna Jain
[not found] ` <e9ea0327-ba94-cd19-f35f-dbfae5c8ab03-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-09-13 15:01 ` Nasim, Kam
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).