On 2/7/24 12:16 PM, Xing, Cedric wrote: > On 2/6/2024 6:02 PM, Dan Williams wrote: >> James Bottomley wrote: >>> There isn't really anything more complex about an interface that takes >>> a log entry, and does the record an extend, than an interface which >>> takes a PCR extension value. So best practice would say that you >>> should create the ABI that you can't get wrong (log and record) rather >>> than creating one that causes additional problems for userspace. >> >> Agree, there's no need for the kernel to leave deliberately pointy edges >> for userspace to trip over. >> >> Cedric, almost every time we, kernel community, build an interface where >> userspace says "trust us, we know what we are doing" it inevitably >> results later in "whoops, turns out it would have helped if the kernel >> enforced structure here". So the log ABI adds that structure for the >> primary use cases. > > Dan, I agree with your statement generally. But with the precedent of TPM > module not maintaining a log, I just wonder if the addition of log would > cause problems or force more changes to existing usages than necessary. For > example, IMA has its own log and if changed to use RTMR, how would those 2 > logs interoperate? We would also need to decide on a log format that can > accommodate all applications.
IIUC, CC event logging in firmware uses TCG2 format. Since IMA internally uses TPM calls, I assume it also uses the TCG2 format. I think we can follow the same format for RTMR extension. I am wondering where will the event log be stored? Is it in the log_area region of CCEL table? -- Sathyanarayanan Kuppuswamy Linux Kernel Developer
