Hi, I've noticed an issue with the TPM2 EventLog. OVMF exposes the TPM Event Log via EFI and ACPI, but they have different addresses. The EFI one retrievable by GetEventLog() is populated. The ACPI is empty. Oh, there are actually two EFI Event Logs for the two formats: EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
The debug log from the Fedora 36 OVMF shows: Tcg2GetEventLog (EventLogLocation - 7EEB2000) which matches the address retrieved with GetEventLog(). And hexdump-ing the TPM2 ACPI table shows 0x7fbe6000. On a different build, I added output for both EFI logs, and the addresses are: 0x7ec3d000 - EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x7ec1b000 - EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x7fbe6000 - ACPI The ACPI one is a little more user friendly as its address is available through the table during runtime. The EFI addresses can only be grabbed before exiting boot services. I think the issue is that the ACPI tables are created from Qemu fw_cfg data, which allocates memory for the log and places the address in ACPI tables. Meanwhile, SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c:SetupEventLog() allocates its own event log memory. SetupEventLog() saves the size and address in PcdTpm2AcpiTableLaml & PcdTpm2AcpiTableLasa, but nothing puts those values in the actual ACPI tables. It seems like SetupEventLog would be better structured to check existing ACPI tables and look for a log in a TPM2 section. If found, use that, otherwise create a new log area. The other wrinkle is that the Tcg2 code is keeping two event logs in the two formats. It seems to me that for TPM2, it would be easier to just keep only the newer EFI_TCG2_EVENT_LOG_FORMAT_TCG_2. If support for both is needed, then the EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 one should share the same region as the ACPI table. Regards, Jason -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#93912): https://edk2.groups.io/g/devel/message/93912 Mute This Topic: https://groups.io/mt/93730585/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
