On Sat, 24 May 2025 at 20:59, Ilias Apalodimas
<ilias.apalodi...@linaro.org> wrote:
>
> Thanks Tom
>
> On Sat, 24 May 2025 at 17:26, Tom Rini <tr...@konsulko.com> wrote:
> >
> > On Sat, May 24, 2025 at 08:13:46AM -0600, Simon Glass wrote:
> >
> > > In some cases, we may wish to set up the TPM log under full control of
> > > a driver in U-Boot. Export the required function to make this possible.
> > >
> > > This avoids calling the weak function tcg2_platform_get_log() when the
> > > caller already knows where the log is.
>
> This doesn't make too much sense to me. If the caller knows where the
> log is, he needs to replay it in hardware. Which also means you need
> to check the logs vs the active PCR banks.
>
> This has all been abstracted in tcg2_measurement_init().
> The UEFI subsystem calls tcg2_log_prepare_buffer(), but that's a
> remnant from when measured boot was only supported in EFI. I was
> planning to get rid of it and call tcg2_measurement_init() from EFI as
> well.
>
> Is there a reason you can't use that? Is it slowing down the boot time
> significantly?
>
Oh and looking at it a bit closer, calling tcg2_log_init() doesn't add
an EV_S_CRTM_VERSION event which makes the generated eventlog violate
the spec. So that function should just remain static
/Ilias
> Thanks
> /Ilias
> > >
> > > Signed-off-by: Simon Glass <s...@chromium.org>
> > > ---
> > >
> > > include/tpm_tcg2.h | 9 +++++++++
> > > lib/tpm_tcg2.c | 2 +-
> > > 2 files changed, 10 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/include/tpm_tcg2.h b/include/tpm_tcg2.h
> > > index eb6afe49e77..189a93ee840 100644
> > > --- a/include/tpm_tcg2.h
> > > +++ b/include/tpm_tcg2.h
> > > @@ -345,4 +345,13 @@ void tcg2_platform_startup_error(struct udevice
> > > *dev, int rc);
> > > */
> > > u32 tcg2_algorithm_to_mask(enum tpm2_algorithms);
> > >
> > > +/**
> > > + * tcg2_log_init() - Set up the elog
> > > + *
> > > + * @dev: TPM device, used to find the number of PCRs
> > > + * @elog Platform event log
> > > + * Return: zero on success, negative errno otherwise
> > > + */
> > > +int tcg2_log_init(struct udevice *dev, struct tcg2_event_log *elog);
> > > +
> > > #endif /* __TPM_TCG_V2_H */
> > > diff --git a/lib/tpm_tcg2.c b/lib/tpm_tcg2.c
> > > index c314b401d0b..9909d9e14d5 100644
> > > --- a/lib/tpm_tcg2.c
> > > +++ b/lib/tpm_tcg2.c
> > > @@ -220,7 +220,7 @@ static int tcg2_log_append_check(struct
> > > tcg2_event_log *elog, u32 pcr_index,
> > > return 0;
> > > }
> > >
> > > -static int tcg2_log_init(struct udevice *dev, struct tcg2_event_log
> > > *elog)
> > > +int tcg2_log_init(struct udevice *dev, struct tcg2_event_log *elog)
> > > {
> > > struct tpm_chip_priv *priv = dev_get_uclass_priv(dev);
> > > struct tcg_efi_spec_id_event *ev;
> > > --
> > > 2.43.0
> > >
> > > base-commit: bab54f5942c428be698216224fd10b91d974d4da
> > > branch: tpma
> >
> > This is based on mainline, but you forgot to CC the TPM maintainer.
> >
> > --
> > Tom
