Re: [PATCH v3 4/5] efi: call get_event_log before ExitBootServices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Oct 17, 2017 at 10:00:15AM +0200, Thiebaud Weksteen wrote:
> On Mon, Oct 16, 2017 at 1:49 PM, Jarkko Sakkinen
> <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote:
> > On Mon, Oct 16, 2017 at 02:28:33PM +0300, Jarkko Sakkinen wrote:
> >> On Wed, Oct 11, 2017 at 02:52:54PM +0300, Jarkko Sakkinen wrote:
> >> > On Wed, Oct 11, 2017 at 12:54:26PM +1100, James Morris wrote:
> >> > > On Tue, 10 Oct 2017, Jarkko Sakkinen wrote:
> >> > >
> >> > > > The way I've agreed with James Morris to have my tree is to be rooted to
> >> > > > security trees next branch.
> >> > > >
> >> > > > James, what actions should we take?
> >> > >
> >> > > This process has changed recently -- I posted to lsm but forgot to post to
> >> > > linux-integrity.
> >> > >
> >> > > http://kernsec.org/pipermail/linux-security-module-archive/2017-September/003356.html
> >> > >
> >> > > Summary: please track the next-general branch in my tree for your
> >> > > development, it replaces 'next'.
> >> > >
> >> > >
> >> > > - James
> >> > > --
> >> > > James Morris
> >> > > <jmorris@xxxxxxxxx>
> >> >
> >> > Ah I'm subscribed to that list but lately been busy getting a huge patch
> >> > set to platform-driver-x86 [1] for review, which has prioritized out
> >> > reading much else than linux-integrity.
> >> >
> >> > Thank you. I'll retry the patches tomorrow.
> >> >
> >> > /Jarkko
> >>
> >> Cannot observer binary_bios_measuremens file.
> >>
> >> What kind of hardware was used to develop/test this?
> >>
> >> I tried it with Kabylake and PTT (firmware TPM).
> >>
> >> /Jarkko
> >
> > My guess would be wrong event log format.
> >
> > At minimum this patch set should add a klog (info level) message to tell
> > that unsupported event log format is being used.
> >
> > /Jarkko
> 
> This patch was mainly developed and tested on Kabylake with PTT as well.
> 
> It could be a few things. Are you booting with the EFI stub? Is the
> TPM enabled within the BIOS? Does tpm_tis get loaded? Does it produce
> any log?
> If the logs are recovered (but not parsed), you should already see an
> entry in the logs like:
> 
> efi:  SMBIOS=0x7fed6000  ACPI=0x7ff00000  TPMEventLog=0x.....
> 
> Can you see the TPMEventLog part?
> 
> The issue with extra logging is that the log recovery happens within
> the EFI stub phase where limited logging is available (which I think
> has been limited to error and fatal message only).
> For now, it cannot be a version mismatch as the stub will only request
> the version 1.2 format.

Thank you for the great tips. I'll retry tomorrow.

/Jarkko



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux