Sounds great! :-) BTW: Do you know if there is TPM2 passthrough support for QEMU? The TCG is moving to TPM2 now...
Thank you Yao Jiewen -----Original Message----- From: David Van Arnem [mailto:dvanar...@cmlab.biz] Sent: Friday, August 28, 2015 4:56 AM To: edk2-devel@lists.01.org; Yao, Jiewen Subject: Re: [edk2] Measured boot in OVMF with QEMU TPM passthrough? On 08/25/2015 06:55 PM, Yao, Jiewen wrote: > Do you mean TcgPei is added in FDF, but not dispatched by PEI core? > If so, please make sure you have below dependency satisfied. I guess you have > 1st and 2nd. > For 3rd, you can consider adding Tcg2Config driver, or produce > gEfiTpmDeviceSelectedGuid in your platform module. > > [Depex] > gEfiPeiMasterBootModePpiGuid AND > gEfiPeiReadOnlyVariable2PpiGuid AND > gEfiTpmDeviceSelectedGuid Thank you so much! As you said, I was not meeting the dependency requirements for TcgPei, specifically gEfiPeiReadOnlyVariable2PpiGuid and gEfiTpmDeviceSelectedGuid. Once I installed them in PlatformPei/Platform.c and added the name/value in OvmfPkg.dec, the module is now being dispatched. I have one other dependency issue with one of the PPIs needed for PhysicalPresencePei, but hopefully after adding that in the same manner, I will be able to get TCG trusted boot going. David > -----Original Message----- > From: David Van Arnem [mailto:dvanar...@cmlab.biz] > Sent: Wednesday, August 26, 2015 3:28 AM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen > Subject: Re: [edk2] Measured boot in OVMF with QEMU TPM passthrough? > > On 08/22/2015 06:41 AM, Yao, Jiewen wrote: >> Hi >> Some clarification: >> 1) TPM is to support TCG trusted boot, it is not related to UEFI secure >> boot. So enabling UEFI secure boot does not mean TCG trusted boot is enabled. > Ok, thank you. I knew UEFI secure boot was not the same as TCG trusted boot, > but I wasn't sure how related they were. My focus is TCG trusted boot. >> 2) I think you need add both TcgPei and TcgDxe to record measured boot log, >> because TPM device is started from TcgPei. Just adding TcgDxe may still >> cause error. > I am using a TPM1.2, so I have added the TcgPei, TcgDxe, and related modules > to OVMF (in both the platform DSC and FDF files), and I modeled my changes > after the Vlv2TbltDevicePkg files. I spoke incorrectly in one of my previous > emails; I see PhysicalPresencePei and TcgPei in both Ovmf.map and > PEIFV.Fv.map after OVMF build, so they should be present in the OVMF image, > but they are not being loaded according to the OVMF debug output. The DXE > TCG modules *are* being loaded, but are throwing an error presumably because > the necessary setup was not performed during PEI. I thought that the SEC or > PEI core would kind of "automatically" > find and load them, so I have not been able to determine why they are not > loading. Do you have any thoughts on this? >> 3) TcgSmm is to support TPM PP and MOR, which is NOT related to measured >> boot record. > Ok, thank you again. >> BTW: Would you please let me know your TPM passthru is for TPM1.2 or TPM2.0? >> For later, you need include Tcg2Pei/Tcg2Dxe, instead of TcgPei/TcgDxe. >> >> Let me know if you have more question. >> >> Thank you >> Yao Jiewen >> >> -----Original Message----- >> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf >> Of David Van Arnem >> Sent: Saturday, August 22, 2015 12:44 AM To:edk2-devel@lists.01.org >> Subject: Re: [edk2] Measured boot in OVMF with QEMU TPM passthrough? >> >> Hello again, >> >> I've done some analysis and here's where I'm at with measured boot with OVMF >> in a QEMU guest: >> >> I've verified that most of the relevant modules that need to be added >> according to the instructions >> athttp://tianocore.sourceforge.net/wiki/How_to_Enable_Security#HOW_TO >> _ ENABLE_TCG_TPM are being placed in the OVMF image by looking at >> Ovmf.map. They are also loaded when OVMF boots, which I've verified from >> the OVMF debug output. I believe the only one I've added to OvmfX64.dsc/fdf >> that does not appear in the map or debug output is TcgSmm, which handles the >> ACPI methods for TCG. I think this is a problem: I do see a TCPA table when >> I dump the ACPI tables in my guest, and it has an address to the start of >> the Event Log, but I still don't have any measurements recorded in >> /sys/kernel/security/tpm0/ascii_bios_measurements. And, the PCR values from >> /sys/class/tpm/tpm0/device/pcrs don't change whether I have OVMF Secure Boot >> enabled or not (I think it's supposed to extend PCR[07]?). >> >> So, my question about whether or not measured boot with event logging should >> be possible in OVMF with a QEMU VM still stands. Additonally, I'm curious if >> the way I've added components to the OvmfX64.dsc file is correct. For >> example, here's how I added the TcgDxe component: >> >> SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { >> <LibraryClasses> >> TpmCommLib|SecurityPkg/Library/TpmCommLib/TpmCommLib.inf >> } >> >> I added the LibraryClasses subsection after the build tool complained about >> an instance of that class not being found, and did the same for the other >> modules that had the same issue. I see other LibraryClasses in TcgDxe.inf >> that don't require an instance in the subsection, why is that? >> >> Finally, where in the code should I do steps 1 and 2 (clear memory, process >> request) from the instructions linked above? >> >> Any guidance would be appreciated. >> >> Thanks, >> David >> >> On 08/19/2015 05:17 PM, David Van Arnem wrote: >>> Hello, >>> >>> Should it be possible to perform measured boot in OVMF to measure a >>> QEMU guest (extend and log PCRs) using a TPM passed-through from the >>> host? >>> >>> I have a host machine with a TPM (v1.2), and a QEMU Linux guest >>> booting using an OVMF image with the modifications suggested in the >>> following link (modifications were done to OvmfX64.dsc): >>> http://tianocore.sourceforge.net/wiki/How_to_Enable_Security >>> (section "How To Enable TCG TPM"). I've enabled QEMU TPM >>> passthrough from the host to the guest, and I'm able to query the >>> TPM in the guest using commands like tpm_version, tpm_getpubek, etc. >>> However, there are no measurements recorded in >>> /sys/kernel/security/tpm0/ascii_bios_measurements. Additionally, >>> though I can view the PCR list from /sys/class/tpm/tpm0/device/pcrs, >>> the list contains the same values that I saw when looking at the >>> same file on my host before enabling TPM passthrough. So, it >>> appears measurement is not happening on the guest, and I wanted to >>> check here to see if that's a limitation of OVMF/TPM passthrough, or >>> if I just did something incorrectly when modifying the OVMF package. >>> >>> Thanks, >>> David >>> >>> _______________________________________________ >>> edk2-devel mailing list >>> edk2-devel@lists.01.org >>> https://lists.01.org/mailman/listinfo/edk2-devel >> _______________________________________________ >> edk2-devel mailing list >> edk2-devel@lists.01.org >> https://lists.01.org/mailman/listinfo/edk2-devel >> _______________________________________________ >> edk2-devel mailing list >> edk2-devel@lists.01.org >> https://lists.01.org/mailman/listinfo/edk2-devel > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
