[tpmdd-devel] [PATCH v2 0/3] Call GetEventLog before ExitBootServices

With TPM 1.2, the ACPI table ("TCPA") has two fields to recover the Event Log Area (LAML and LASA). These logs are useful to understand and rebuild the final values of PCRs. With TPM 2.0, the ACPI table ("TPM2") does not contain these fields anymore. The recommended method is now to call the GetEv

[tpmdd-devel] [PATCH v2 2/3] efi: call get_event_log before ExitBootServices

With TPM 2.0 specification, the event logs may only be accessible by calling an EFI Boot Service. Modify the EFI stub to copy the log area to a new Linux-specific EFI configuration table so it remains accessible once booted. When calling this service, it is possible to specify the expected format

Re: [tpmdd-devel] [PATCH v3] tpm-dev-common: Reject too short writes

> On Sat, Sep 09, 2017 at 12:37:39AM +0300, Jarkko Sakkinen wrote: > > On Fri, Sep 08, 2017 at 05:21:32PM +0200, Alexander Steffen wrote: > > > tpm_transmit() does not offer an explicit interface to indicate the > number > > > of valid bytes in the communication buffer. Instead, it relies on the >

[tpmdd-devel] [PATCH v2 1/3] tpm: move tpm_eventlog.h outside of drivers folder

The generic definitions of data structures in tpm_eventlog.h are required by other part of the kernel (namely, the EFI stub). Signed-off-by: Thiebaud Weksteen --- drivers/char/tpm/tpm-chip.c| 3 +- drivers/char/tpm/tpm-interface.c | 2 +- drivers/char/

[tpmdd-devel] [PATCH v4] tpm_tis_spi: Use DMA-safe memory for SPI transfers

The buffers used as tx_buf/rx_buf in a SPI transfer need to be DMA-safe. This cannot be guaranteed for the buffers passed to tpm_tis_spi_read_bytes and tpm_tis_spi_write_bytes. Therefore, we need to use our own DMA-safe buffer and copy the data to/from it. The buffer needs to be allocated separate

[tpmdd-devel] [PATCH v2 3/3] tpm: parse TPM event logs based on EFI table

If we are not able to retrieve the TPM event logs from the ACPI table, check the EFI configuration table (Linux-specific GUID). The format version of the log may be returned by the function. If not specified (by previous implementation: tpm_acpi and tpm_of), we default to the version of the chip (

Re: [tpmdd-devel] [PATCH v2 0/4] additional TPM performance improvements

> After further discussions with the Device Driver working group (ddwg), > the following changes were made: > > * Check for burstcount at least once to confirm the TPM is ready to accept > the data. Similarly, query for the TPM Expect status as sanity check at > the end. > > * Make the sleep for

Re: [tpmdd-devel] [PATCH v2 3/3] tpm: parse TPM event logs based on EFI table

On Mon, Sep 11, 2017 at 12:00:22PM +0200, Thiebaud Weksteen wrote: > chip->bin_log_seqops.chip = chip; > - if (chip->flags & TPM_CHIP_FLAG_TPM2) > + > + if (log_version == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 || > + (!log_version && (chip->flags & TPM_CHIP_FLAG_TPM2))) >

[tpmdd-devel] IMA running as a Kernel module against TPM 2.0 driver

Hi folks, Im stumped with some issues with getting IMA to talk to the TPM interface driver, and was hoping you guys could help me out. I am building IMA as an out-of-tree Kernel module. We are based off CentOS v7.3 which is still sitting at the Linux v3.10 baseline (sad I know!). Everything se

[tpmdd-devel] TPM2.0: No binary_bios_measurements file in securityFS

Hi folks, I am building my TPM 2.0 driver as Kernel modules (tpm.ko, tpm_tis_core.ko and tpm_tis.ko). I noticed that while my /sys/kernel/security directory is created and mounted to securityFS, it is empty. Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is being done duri

Re: [tpmdd-devel] TPM2.0: No binary_bios_measurements file in securityFS

Hi Kam, Access to the binary event log for TPM 2.0 is not fully supported. I've recently sent a patch to implement it: https://lkml.org/lkml/2017/9/11/118 Thanks, Thiebaud On Tue, Sep 12, 2017 at 12:44 AM, Nasim, Kam wrote: > Hi folks, > > > I am building my TPM 2.0 driver as Kernel modules (t