* TPM2.0: No binary_bios_measurements file in securityFS
@ 2017-09-11 22:44 Nasim, Kam
[not found] ` <CA352AD04C14CE4985F6AEB6AB8C130E3EDB8751-/c0cZIGrDsgyzarUywkIaosyD1qQU09I@public.gmane.org>
0 siblings, 1 reply; 5+ messages in thread
From: Nasim, Kam @ 2017-09-11 22:44 UTC (permalink / raw)
To: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
[-- Attachment #1.1: Type: text/plain, Size: 1607 bytes --]
Hi folks,
I am building my TPM 2.0 driver as Kernel modules (tpm.ko, tpm_tis_core.ko and tpm_tis.ko).
I noticed that while my /sys/kernel/security directory is created and mounted to securityFS, it is empty.
Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is being done during chip registration:
if (chip->flags & TPM_CHIP_FLAG_TPM2)
chip->bin_log_seqops.seqops =
&tpm2_binary_b_measurements_seqops;
else
chip->bin_log_seqops.seqops =
&tpm_binary_b_measurements_seqops;
chip->bios_dir[cnt] =
securityfs_create_file("binary_bios_measurements",
0440, chip->bios_dir[0],
(void *)&chip->bin_log_seqops,
&tpm_bios_measurements_ops);
if (IS_ERR(chip->bios_dir[cnt]))
goto err;
My TPM modules are loaded properly and I can interact with TPM using userspace TSS2 applications:
$ sudo lsmod | grep tpm
Password:
tpm_crb 6458 0
tpm_tis 5950 0
tpm_tis_core 10054 1 tpm_tis
tpm 48093 3 tpm_crb,tpm_tis,tpm_tis_core
2017-09-08T19:39:16.239 controller-0 kernel: warning [ 0.000000] ACPI: TPM2 000000007b7c8000 00034 (v03 INTEL S2600WT 00000002 INTL 01000013)
2017-09-08T19:39:16.252 controller-0 kernel: info [ 5.457568] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16)
How and when would this file be created? For that matter I don't even have a /sys/devices/pnp0/<pnp#>/pcrs file present
(I am on CentOS 7.3)
Thoughts?
Thanks,
Kam
[-- Attachment #1.2: Type: text/html, Size: 7084 bytes --]
[-- Attachment #2: Type: text/plain, Size: 202 bytes --]
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
[-- Attachment #3: Type: text/plain, Size: 192 bytes --]
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
^ permalink raw reply [flat|nested] 5+ messages in thread[parent not found: <CA352AD04C14CE4985F6AEB6AB8C130E3EDB8751-/c0cZIGrDsgyzarUywkIaosyD1qQU09I@public.gmane.org>]
* Re: TPM2.0: No binary_bios_measurements file in securityFS [not found] ` <CA352AD04C14CE4985F6AEB6AB8C130E3EDB8751-/c0cZIGrDsgyzarUywkIaosyD1qQU09I@public.gmane.org> @ 2017-09-12 6:40 ` Thiebaud Weksteen via tpmdd-devel [not found] ` <CA+zpnLcwMaHAEEE0rTnL-TLixK6J7mXpX8t=J7QVxk8nLEMxAw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2017-09-13 12:03 ` Nayna Jain 1 sibling, 1 reply; 5+ messages in thread From: Thiebaud Weksteen via tpmdd-devel @ 2017-09-12 6:40 UTC (permalink / raw) To: Nasim, Kam; +Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f [-- Attachment #1.1: Type: text/plain, Size: 2563 bytes --] Hi Kam, Access to the binary event log for TPM 2.0 is not fully supported. I've recently sent a patch to implement it: https://lkml.org/lkml/2017/9/11/118 Thanks, Thiebaud On Tue, Sep 12, 2017 at 12:44 AM, Nasim, Kam <Kam.Nasim-CWA4WttNNZF54TAoqtyWWQ@public.gmane.org> wrote: > Hi folks, > > > I am building my TPM 2.0 driver as Kernel modules (tpm.ko, tpm_tis_core.ko > and tpm_tis.ko). > > > > I noticed that while my /sys/kernel/security directory is created and > mounted to securityFS, it is empty. > > > > Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is > being done during chip registration: > > > > if (chip->flags & TPM_CHIP_FLAG_TPM2) > > chip->bin_log_seqops.seqops = > > &tpm2_binary_b_measurements_seqops; > > else > > chip->bin_log_seqops.seqops = > > &tpm_binary_b_measurements_seqops; > > > > > > chip->bios_dir[cnt] = > > securityfs_create_file("binary_bios_measurements", > > 0440, chip->bios_dir[0], > > (void *)&chip->bin_log_seqops, > > &tpm_bios_measurements_ops); > > if (IS_ERR(chip->bios_dir[cnt])) > > goto err; > > > > > > My TPM modules are loaded properly and I can interact with TPM using > userspace TSS2 applications: > > > > $ sudo lsmod | grep tpm > > Password: > > tpm_crb 6458 0 > > tpm_tis 5950 0 > > tpm_tis_core 10054 1 tpm_tis > > tpm 48093 3 tpm_crb,tpm_tis,tpm_tis_core > > > > > > 2017-09-08T19:39:16.239 controller-0 kernel: warning [ 0.000000] ACPI: > TPM2 000000007b7c8000 00034 (v03 INTEL S2600WT 00000002 INTL 01000013) > > 2017-09-08T19:39:16.252 controller-0 kernel: info [ 5.457568] tpm_tis > MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16) > > > > > > How and when would this file be created? For that matter I don’t even have > a /sys/devices/pnp0/<pnp#>/pcrs file present > > (I am on CentOS 7.3) > > > > > > Thoughts? > > > > Thanks, > > Kam > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > tpmdd-devel mailing list > tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org > https://lists.sourceforge.net/lists/listinfo/tpmdd-devel > > [-- Attachment #1.2: Type: text/html, Size: 6461 bytes --] [-- Attachment #2: Type: text/plain, Size: 202 bytes --] ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot [-- Attachment #3: Type: text/plain, Size: 192 bytes --] _______________________________________________ tpmdd-devel mailing list tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org https://lists.sourceforge.net/lists/listinfo/tpmdd-devel ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <CA+zpnLcwMaHAEEE0rTnL-TLixK6J7mXpX8t=J7QVxk8nLEMxAw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>]
* Re: TPM2.0: No binary_bios_measurements file in securityFS [not found] ` <CA+zpnLcwMaHAEEE0rTnL-TLixK6J7mXpX8t=J7QVxk8nLEMxAw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> @ 2017-09-12 14:17 ` Nasim, Kam 0 siblings, 0 replies; 5+ messages in thread From: Nasim, Kam @ 2017-09-12 14:17 UTC (permalink / raw) To: Thiebaud Weksteen; +Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f [-- Attachment #1.1: Type: text/plain, Size: 2816 bytes --] Thanks Thiebaud. I am going to apply your patch and give it a go. So just to confirm, did /sys/kernel/security/tpm0/binary_bios_measurements never worked for TPM 2.0? I am using a grub bootloader btw (not UEFI or any other form of Secure / Trusted boot) From: Thiebaud Weksteen [mailto:tweek@google.com] Sent: Tuesday, September 12, 2017 2:41 AM To: Nasim, Kam Cc: tpmdd-devel@lists.sourceforge.net Subject: Re: [tpmdd-devel] TPM2.0: No binary_bios_measurements file in securityFS Hi Kam, Access to the binary event log for TPM 2.0 is not fully supported. I've recently sent a patch to implement it: https://lkml.org/lkml/2017/9/11/118 Thanks, Thiebaud On Tue, Sep 12, 2017 at 12:44 AM, Nasim, Kam <Kam.Nasim@windriver.com<mailto:Kam.Nasim@windriver.com>> wrote: Hi folks, I am building my TPM 2.0 driver as Kernel modules (tpm.ko, tpm_tis_core.ko and tpm_tis.ko). I noticed that while my /sys/kernel/security directory is created and mounted to securityFS, it is empty. Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is being done during chip registration: if (chip->flags & TPM_CHIP_FLAG_TPM2) chip->bin_log_seqops.seqops = &tpm2_binary_b_measurements_seqops; else chip->bin_log_seqops.seqops = &tpm_binary_b_measurements_seqops; chip->bios_dir[cnt] = securityfs_create_file("binary_bios_measurements", 0440, chip->bios_dir[0], (void *)&chip->bin_log_seqops, &tpm_bios_measurements_ops); if (IS_ERR(chip->bios_dir[cnt])) goto err; My TPM modules are loaded properly and I can interact with TPM using userspace TSS2 applications: $ sudo lsmod | grep tpm Password: tpm_crb 6458 0 tpm_tis 5950 0 tpm_tis_core 10054 1 tpm_tis tpm 48093 3 tpm_crb,tpm_tis,tpm_tis_core 2017-09-08T19:39:16.239 controller-0 kernel: warning [ 0.000000] ACPI: TPM2 000000007b7c8000 00034 (v03 INTEL S2600WT 00000002 INTL 01000013) 2017-09-08T19:39:16.252 controller-0 kernel: info [ 5.457568] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16) How and when would this file be created? For that matter I don’t even have a /sys/devices/pnp0/<pnp#>/pcrs file present (I am on CentOS 7.3) Thoughts? Thanks, Kam ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net<mailto:tpmdd-devel@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel [-- Attachment #1.2: Type: text/html, Size: 12661 bytes --] [-- Attachment #2: Type: text/plain, Size: 202 bytes --] ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot [-- Attachment #3: Type: text/plain, Size: 192 bytes --] _______________________________________________ tpmdd-devel mailing list tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org https://lists.sourceforge.net/lists/listinfo/tpmdd-devel ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: TPM2.0: No binary_bios_measurements file in securityFS [not found] ` <CA352AD04C14CE4985F6AEB6AB8C130E3EDB8751-/c0cZIGrDsgyzarUywkIaosyD1qQU09I@public.gmane.org> 2017-09-12 6:40 ` Thiebaud Weksteen via tpmdd-devel @ 2017-09-13 12:03 ` Nayna Jain [not found] ` <e9ea0327-ba94-cd19-f35f-dbfae5c8ab03-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> 1 sibling, 1 reply; 5+ messages in thread From: Nayna Jain @ 2017-09-13 12:03 UTC (permalink / raw) To: Nasim, Kam, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f [-- Attachment #1.1: Type: text/plain, Size: 2339 bytes --] On 09/12/2017 04:14 AM, Nasim, Kam wrote: > > Hi folks, > > > I am building my TPM 2.0 driver as Kernel modules (tpm.ko, > tpm_tis_core.ko and tpm_tis.ko). > > I noticed that while my /sys/kernel/security directory is created and > mounted to securityFS, it is empty. > > Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is > being done during chip registration: > TPM 2.0 binary_bios_measurements event log file support is currently not available for ACPI based platform. It is only for device tree based platform. And I think you are using ACPI. Thanks & Regards, - Nayna > > if (chip->flags & TPM_CHIP_FLAG_TPM2) > > chip->bin_log_seqops.seqops = > > &tpm2_binary_b_measurements_seqops; > > else > > chip->bin_log_seqops.seqops = > > &tpm_binary_b_measurements_seqops; > > chip->bios_dir[cnt] = > > securityfs_create_file("binary_bios_measurements", > > 0440, chip->bios_dir[0], > > (void *)&chip->bin_log_seqops, > > &tpm_bios_measurements_ops); > > if (IS_ERR(chip->bios_dir[cnt])) > > goto err; > > My TPM modules are loaded properly and I can interact with TPM using > userspace TSS2 applications: > > $ sudo lsmod | grep tpm > > Password: > > tpm_crb 6458 0 > > tpm_tis 5950 0 > > tpm_tis_core 10054 1 tpm_tis > > tpm 48093 3 tpm_crb,tpm_tis,tpm_tis_core > > 2017-09-08T19:39:16.239 controller-0 kernel: warning [ 0.000000] > ACPI: TPM2 000000007b7c8000 00034 (v03 INTEL S2600WT 00000002 INTL > 01000013) > > 2017-09-08T19:39:16.252 controller-0 kernel: info [ 5.457568] > tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16) > > How and when would this file be created? For that matter I don’t even > have a /sys/devices/pnp0/<pnp#>/pcrs file present > > (I am on CentOS 7.3) > > Thoughts? > > Thanks, > > Kam > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > tpmdd-devel mailing list > tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org > https://lists.sourceforge.net/lists/listinfo/tpmdd-devel [-- Attachment #1.2: Type: text/html, Size: 8456 bytes --] [-- Attachment #2: Type: text/plain, Size: 202 bytes --] ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot [-- Attachment #3: Type: text/plain, Size: 192 bytes --] _______________________________________________ tpmdd-devel mailing list tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org https://lists.sourceforge.net/lists/listinfo/tpmdd-devel ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <e9ea0327-ba94-cd19-f35f-dbfae5c8ab03-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>]
* Re: TPM2.0: No binary_bios_measurements file in securityFS [not found] ` <e9ea0327-ba94-cd19-f35f-dbfae5c8ab03-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> @ 2017-09-13 15:01 ` Nasim, Kam 0 siblings, 0 replies; 5+ messages in thread From: Nasim, Kam @ 2017-09-13 15:01 UTC (permalink / raw) To: Nayna Jain, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f [-- Attachment #1.1: Type: text/plain, Size: 3075 bytes --] Thank you Nayna for getting back to me, yes I am using ACPI so that would explain it. Which brings me to my last issue, I am not seeing the PCRS file in either of these locations: /sys/devices/pnp0/<pnp#>/pcrs /sys/devices/platform/tpm_tis/pcrs I am loading TPM as kernel modules so is this behavior not supported when TPM is not built-in, or are these files specific to TPM 1.2? Thanks, Kam From: Nayna Jain [mailto:nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org] Sent: Wednesday, September 13, 2017 8:04 AM To: Nasim, Kam; tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org Subject: Re: [tpmdd-devel] TPM2.0: No binary_bios_measurements file in securityFS On 09/12/2017 04:14 AM, Nasim, Kam wrote: Hi folks, I am building my TPM 2.0 driver as Kernel modules (tpm.ko, tpm_tis_core.ko and tpm_tis.ko). I noticed that while my /sys/kernel/security directory is created and mounted to securityFS, it is empty. Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is being done during chip registration: TPM 2.0 binary_bios_measurements event log file support is currently not available for ACPI based platform. It is only for device tree based platform. And I think you are using ACPI. Thanks & Regards, - Nayna if (chip->flags & TPM_CHIP_FLAG_TPM2) chip->bin_log_seqops.seqops = &tpm2_binary_b_measurements_seqops; else chip->bin_log_seqops.seqops = &tpm_binary_b_measurements_seqops; chip->bios_dir[cnt] = securityfs_create_file("binary_bios_measurements", 0440, chip->bios_dir[0], (void *)&chip->bin_log_seqops, &tpm_bios_measurements_ops); if (IS_ERR(chip->bios_dir[cnt])) goto err; My TPM modules are loaded properly and I can interact with TPM using userspace TSS2 applications: $ sudo lsmod | grep tpm Password: tpm_crb 6458 0 tpm_tis 5950 0 tpm_tis_core 10054 1 tpm_tis tpm 48093 3 tpm_crb,tpm_tis,tpm_tis_core 2017-09-08T19:39:16.239 controller-0 kernel: warning [ 0.000000] ACPI: TPM2 000000007b7c8000 00034 (v03 INTEL S2600WT 00000002 INTL 01000013) 2017-09-08T19:39:16.252 controller-0 kernel: info [ 5.457568] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16) How and when would this file be created? For that matter I don't even have a /sys/devices/pnp0/<pnp#>/pcrs file present (I am on CentOS 7.3) Thoughts? Thanks, Kam ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org<mailto:tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel [-- Attachment #1.2: Type: text/html, Size: 11548 bytes --] [-- Attachment #2: Type: text/plain, Size: 202 bytes --] ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot [-- Attachment #3: Type: text/plain, Size: 192 bytes --] _______________________________________________ tpmdd-devel mailing list tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org https://lists.sourceforge.net/lists/listinfo/tpmdd-devel ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-09-13 15:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-11 22:44 TPM2.0: No binary_bios_measurements file in securityFS Nasim, Kam
[not found] ` <CA352AD04C14CE4985F6AEB6AB8C130E3EDB8751-/c0cZIGrDsgyzarUywkIaosyD1qQU09I@public.gmane.org>
2017-09-12 6:40 ` Thiebaud Weksteen via tpmdd-devel
[not found] ` <CA+zpnLcwMaHAEEE0rTnL-TLixK6J7mXpX8t=J7QVxk8nLEMxAw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-09-12 14:17 ` Nasim, Kam
2017-09-13 12:03 ` Nayna Jain
[not found] ` <e9ea0327-ba94-cd19-f35f-dbfae5c8ab03-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-09-13 15:01 ` Nasim, Kam
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).