On Mon, May 15, 2023 at 09:11:15PM -0400, Daniel P. Smith wrote: > On 5/12/23 12:17, Ross Philipson wrote: > > This is a good point. At this point it is really something we > > overlooked. We will have to revisit this and figure out the best way to > > find the final event log depending on how things booted. > > I believe Ross misunderstood what you were asking for here. There are two > reasons this is not possible or desired. The first reason is that on Intel, > the DRTM log is not initialized by TrenchBoot code in the preamble. It is > only responsible for allocating a buffer and recording the location in the > TXT structures. When the SINIT ACM is executed, it will initialize the log > and record the measurement that CPU sent directly to the TPM and then the > measurements the ACM makes of the environment. If you pointed at the SRTM > log, then the ACM would write over existing log, which I don't think you > want. Now if you pointed at the tail end of the SRTM log, you would still > end up with a second, separate log that just happens to be memory adjacent. Ok. I think it would be clearer if either the function names or some comments expressly indicated that this refers to the DRTM event log and that that's a separate entity from the SRTM one, "event log" on its own is likely to cause people to think of the existing log rather than associate it with something else.
