On Tue, 12 May 2020 at 13:40, Loïc Yhuel <loic.yhuel@xxxxxxxxx> wrote: > > Le mar. 12 mai 2020 à 08:45, Ard Biesheuvel <ardb@xxxxxxxxxx> a écrit : > > So what functionality do we lose here? Can we still make meaningful > > use of the event log without the final log? I thought one was > > incomplete without the other? > The char driver (drivers/char/tpm/eventlog/efi.c), already ignores > efi.tpm_final_log > if the event log version isn't EFI_TCG2_EVENT_LOG_FORMAT_TCG_2. > So there currently no code making use of the final log contents on > those machines, > besides the two cases I patched which only try to determine its size. > Ah ok, thanks for clarifying. If we never consume it anyway, then I agree this is the correct fix. > I don't know if the table contains bad data, or just doesn't follow > the specification > and uses the older SHA-1 log format. If this is the case, perhaps we > could try to > support it, and modify the code to allow returning the additional > events it might > contain to the userspace.
