Re: [tpmdd-devel] TPM2.0: No binary_bios_measurements file in securityFS

Tue, 12 Sep 2017 07:18:09 -0700 

Thanks Thiebaud. I am going to apply your patch and give it a go.

So just to confirm, did /sys/kernel/security/tpm0/binary_bios_measurements 
never worked for TPM 2.0? I am using a grub bootloader btw (not UEFI or any 
other form of Secure / Trusted boot)

From: Thiebaud Weksteen [mailto:tw...@google.com]
Sent: Tuesday, September 12, 2017 2:41 AM
To: Nasim, Kam
Cc: tpmdd-devel@lists.sourceforge.net
Subject: Re: [tpmdd-devel] TPM2.0: No binary_bios_measurements file in 
securityFS

Hi Kam,

Access to the binary event log for TPM 2.0 is not fully supported. I've 
recently sent a patch to implement it: https://lkml.org/lkml/2017/9/11/118

Thanks,
Thiebaud

On Tue, Sep 12, 2017 at 12:44 AM, Nasim, Kam 
<kam.na...@windriver.com<mailto:kam.na...@windriver.com>> wrote:
Hi folks,

I am building my TPM 2.0 driver as Kernel modules (tpm.ko, tpm_tis_core.ko and 
tpm_tis.ko).

I noticed that while my /sys/kernel/security directory is created and mounted 
to securityFS, it is empty.

Looking at tpm_bios_log_setup() in tpm1_event.log, I see that this is being 
done during chip registration:

if (chip->flags & TPM_CHIP_FLAG_TPM2)
        chip->bin_log_seqops.seqops =
            &tpm2_binary_b_measurements_seqops;
    else
        chip->bin_log_seqops.seqops =
            &tpm_binary_b_measurements_seqops;


    chip->bios_dir[cnt] =
        securityfs_create_file("binary_bios_measurements",
                   0440, chip->bios_dir[0],
                   (void *)&chip->bin_log_seqops,
                   &tpm_bios_measurements_ops);
    if (IS_ERR(chip->bios_dir[cnt]))
        goto err;


My TPM modules are loaded properly and I can interact with TPM using userspace 
TSS2 applications:

$ sudo lsmod | grep tpm
Password:
tpm_crb                 6458  0
tpm_tis                 5950  0
tpm_tis_core           10054  1 tpm_tis
tpm                    48093  3 tpm_crb,tpm_tis,tpm_tis_core


2017-09-08T19:39:16.239 controller-0 kernel: warning [    0.000000] ACPI: TPM2 
000000007b7c8000 00034 (v03 INTEL   S2600WT 00000002 INTL 01000013)
2017-09-08T19:39:16.252 controller-0 kernel: info [    5.457568] tpm_tis 
MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16)


How and when would this file be created? For that matter I don’t even have a 
/sys/devices/pnp0/<pnp#>/pcrs file present
(I am on CentOS 7.3)


Thoughts?

Thanks,
Kam

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net<mailto:tpmdd-devel@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Reply via email to