Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log
On Thu, Nov 24, 2016 at 09:51:03PM -0500, Stefan Berger wrote: > On 11/24/2016 04:10 PM, Jarkko Sakkinen wrote: > > On Wed, Nov 23, 2016 at 12:27:37PM -0500, Nayna Jain wrote: > > > Unlike the device driver support for TPM 1.2, the TPM 2.0 does > > > not support the securityfs pseudo files for displaying the > > > firmware event log. > > > > > > This patch enables support for providing the TPM 2.0 event log in > > > binary form. TPM 2.0 event log supports a crypto agile format that > > > records multiple digests, which is different from TPM 1.2. This > > > patch enables the tpm_bios_log_setup for TPM 2.0 and adds the > > > event log parser which understand the TPM 2.0 crypto agile format. > > > > > > Signed-off-by: Nayna Jain> > I don't want to say much about this before I've tested it. I wonder > > what cheap hardware I could use to test this. Any advice is on this > > from anyone is much appreciated. > > Virtual hardware would be cheap :-) > > I tested this series with QEMU + vTPM + SeaBIOS with TPM 1.2 + TPM 2 support > (basing the log on ACPI). I had to fix an endianess issue on the SeaBIOS > side, which made it work. So for this version of the patches I can give it > my tested-by: > > Tested-by: Stefan Berger Your Tested-by is much appreciated because the 4.10 release cycle has shown how important it is to exercise code changes with tpm_vtpm_proxy to catch all the regressions. I still would like to run these changes with a real hardware to be able to trust them, though. /Jarkko -- ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log
On Thu, Nov 24, 2016 at 11:10:57PM +0200, Jarkko Sakkinen wrote: > On Wed, Nov 23, 2016 at 12:27:37PM -0500, Nayna Jain wrote: > > Unlike the device driver support for TPM 1.2, the TPM 2.0 does > > not support the securityfs pseudo files for displaying the > > firmware event log. > > > > This patch enables support for providing the TPM 2.0 event log in > > binary form. TPM 2.0 event log supports a crypto agile format that > > records multiple digests, which is different from TPM 1.2. This > > patch enables the tpm_bios_log_setup for TPM 2.0 and adds the > > event log parser which understand the TPM 2.0 crypto agile format. > > > > Signed-off-by: Nayna Jain> > I don't want to say much about this before I've tested it. I wonder > what cheap hardware I could use to test this. Any advice is on this > from anyone is much appreciated. If you found a small ARM system with TPM you could customize the uboot to build an event log and pass it in via DT. Not sure how much work that would be, does uboot have tpm code already? Jason -- ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log
On Thu, Nov 24, 2016 at 09:51:03PM -0500, Stefan Berger wrote: > On 11/24/2016 04:10 PM, Jarkko Sakkinen wrote: > > On Wed, Nov 23, 2016 at 12:27:37PM -0500, Nayna Jain wrote: > > > Unlike the device driver support for TPM 1.2, the TPM 2.0 does > > > not support the securityfs pseudo files for displaying the > > > firmware event log. > > > > > > This patch enables support for providing the TPM 2.0 event log in > > > binary form. TPM 2.0 event log supports a crypto agile format that > > > records multiple digests, which is different from TPM 1.2. This > > > patch enables the tpm_bios_log_setup for TPM 2.0 and adds the > > > event log parser which understand the TPM 2.0 crypto agile format. > > > > > > Signed-off-by: Nayna Jain> > I don't want to say much about this before I've tested it. I wonder > > what cheap hardware I could use to test this. Any advice is on this > > from anyone is much appreciated. > > Virtual hardware would be cheap :-) > > I tested this series with QEMU + vTPM + SeaBIOS with TPM 1.2 + TPM 2 support > (basing the log on ACPI). I had to fix an endianess issue on the SeaBIOS > side, which made it work. So for this version of the patches I can give it > my tested-by: > > Tested-by: Stefan Berger Thanks. /Jarkko -- ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log
On 11/24/2016 04:10 PM, Jarkko Sakkinen wrote: > On Wed, Nov 23, 2016 at 12:27:37PM -0500, Nayna Jain wrote: >> Unlike the device driver support for TPM 1.2, the TPM 2.0 does >> not support the securityfs pseudo files for displaying the >> firmware event log. >> >> This patch enables support for providing the TPM 2.0 event log in >> binary form. TPM 2.0 event log supports a crypto agile format that >> records multiple digests, which is different from TPM 1.2. This >> patch enables the tpm_bios_log_setup for TPM 2.0 and adds the >> event log parser which understand the TPM 2.0 crypto agile format. >> >> Signed-off-by: Nayna Jain> I don't want to say much about this before I've tested it. I wonder > what cheap hardware I could use to test this. Any advice is on this > from anyone is much appreciated. Virtual hardware would be cheap :-) I tested this series with QEMU + vTPM + SeaBIOS with TPM 1.2 + TPM 2 support (basing the log on ACPI). I had to fix an endianess issue on the SeaBIOS side, which made it work. So for this version of the patches I can give it my tested-by: Tested-by: Stefan Berger > > /Jarkko > > -- > ___ > tpmdd-devel mailing list > tpmdd-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tpmdd-devel > -- ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log
On Wed, Nov 23, 2016 at 12:27:37PM -0500, Nayna Jain wrote: > Unlike the device driver support for TPM 1.2, the TPM 2.0 does > not support the securityfs pseudo files for displaying the > firmware event log. > > This patch enables support for providing the TPM 2.0 event log in > binary form. TPM 2.0 event log supports a crypto agile format that > records multiple digests, which is different from TPM 1.2. This > patch enables the tpm_bios_log_setup for TPM 2.0 and adds the > event log parser which understand the TPM 2.0 crypto agile format. > > Signed-off-by: Nayna JainI don't want to say much about this before I've tested it. I wonder what cheap hardware I could use to test this. Any advice is on this from anyone is much appreciated. /Jarkko -- ___ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel