[do not merge] Combined TPM eventlog #517
Conversation
SergiiDmytruk
force-pushed
the
combined-eventlog
branch
from
b0c8288 to
aac7bc9
Compare
SergiiDmytruk
force-pushed
the
combined-eventlog
branch
from
aac7bc9 to
e5b3dfd
Compare
SergiiDmytruk
force-pushed
the
combined-eventlog
branch
from
e5b3dfd to
6b33572
Compare
|
@SergiiDmytruk Not sure if it's due to your PR but when I tested latest artifact: https://github.com/Dasharo/coreboot/actions/runs/9800367204/job/27062155366 on Protectli VP2420 |
Probably caused by lack of Dasharo/edk2#148 after the bug was introduced in Dasharo/edk2#144 / Dasharo/DasharoModulePkg#50 |
SergiiDmytruk
force-pushed
the
combined-eventlog
branch
from
6b33572 to
1b53a6d
Compare
|
@m-iwanicki I saw that but assumed a messed up |
SergiiDmytruk
force-pushed
the
combined-eventlog
branch
from
1b53a6d to
daa6111
Compare
This was supposed to fix it: d3b8531 Do we have some insights why it doesn't work/what is the problem exactly? |
This PR is older than that commit. |
SergiiDmytruk
force-pushed
the
combined-eventlog
branch
from
daa6111 to
7bdab15
Compare
|
@macpijan do we have some working setups with socketable TPM1.2 and TPM2.0 in the lab? |
|
IIRC one of KGPEs should still have TPM1.2 which was used for AEM. Note that it currently has ASUS BIOS, on 16Mb chip. |
@krystian-hebel something that will run on this coreboot version :) |
SergiiDmytruk
force-pushed
the
combined-eventlog
branch
from
7bdab15 to
97909e2
Compare
|
Force-pushed to get deterministic variable measurements. |
SergiiDmytruk
force-pushed
the
combined-eventlog
branch
from
97909e2 to
2825d4c
Compare
|
Rebased: updated EDK2 hash which also fixed merge conflict. |
miczyg1
force-pushed
the
combined-eventlog
branch
from
2e69210 to
0d4d664
Compare
|
Rebased on top of recent dasharo branch |
Change-Id: Iacee23253d2766d9f3835860d0d64d84b5bcd880 Signed-off-by: Sergii Dmytruk <[email protected]>
EDK will publish its own version of the log after parsing and importing coreboot's log discovered through CBMEM. Publishing is done by appending a table, so coreboot must avoid adding corresponding log tables to let OS find a more complete one from EDK. Change-Id: Iec92c2b5c426ee003e81996937862d81cb4ead24 Signed-off-by: Sergii Dmytruk <[email protected]>
No functional changes. This replaces a macro with an inline function to make code more readable and more convenient to extend in the future. Change-Id: I456bc3bb749a9b58fba72f5562195525e55290bf Signed-off-by: Sergii Dmytruk <[email protected]>
This event log format option automatically selects TCG log format depending on which TPM is present. Change-Id: I1997396f24ff6362fe64ac56f8e61efcf2ffb0f7 Signed-off-by: Sergii Dmytruk <[email protected]>
coreboot can only extend a single PCR bank of TPM2 and this change results in all available PCRs being extended. This is an alternative to making coreboot extend all active PCRs. Change-Id: I4e21ab77f191e9b36cb467cd61ad0a3e347035cb Signed-off-by: Sergii Dmytruk <[email protected]>
SergiiDmytruk
force-pushed
the
combined-eventlog
branch
from
0d4d664 to
961f17b
Compare
Change-Id: I8573a65bdbd7727dc11f0634fdbd62711b36ddac Signed-off-by: Maciej Pijanowski <[email protected]>
SergiiDmytruk
force-pushed
the
combined-eventlog
branch
from
961f17b to
8df91b7
Compare
Actual code changes are in EDK, coreboot only needs to not publish related ACPI entries.
Testing on APUs won't work without reverting modifications in src/drivers/pc80/tpm/tis.c which somehow disables a working TPM.EDK PR: Dasharo/edk2#139
This now also includes picking TCG log format at runtime.