From patchwork Thu Feb 15 03:00:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kuppuswamy Sathyanarayanan X-Patchwork-Id: 20409 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:b825:b0:106:860b:bbdd with SMTP id da37csp162110dyb; Wed, 14 Feb 2024 20:20:34 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWc6aYSpraPJS2V3HjDr+8n0W1XvkOxv5CKyBjZpCbZjS6EPK1L61hcoQcRc0KlLgrGT1pqYH9pf8kizkGR0vE13fvL7Q== X-Google-Smtp-Source: AGHT+IF1zzhJrMJClgZT8owcvykR3QBk5eM4yz9FXkIqw2dHihkFubi+iAauoWQuKdv/A3a1lh+q X-Received: by 2002:a37:ef0c:0:b0:785:b3a3:d29c with SMTP id j12-20020a37ef0c000000b00785b3a3d29cmr862393qkk.38.1707970833767; Wed, 14 Feb 2024 20:20:33 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707970833; cv=pass; d=google.com; s=arc-20160816; b=N6rfyCnXyg8WsxaC0kidLjPJzLcecObnMHahTvRdLqaZZ0G6gHD24ZX6au+NR02ERJ GtLvUNg5OSrNCL2blpxjijVbiTkG2NwNYFs+gw5hwMU8nLTIwJ1es8Lsd12Rib1YnjO8 59E1ENI0g6lUvvEe8YwFEbGHzMMBKhkE50lu2xN/qvzgZ4GM6TrED2ghuPsNfvb1Lnk5 6NMBQRUL6V1fu4v/UpIt13ERCv/wYhxwKH2F3NeKPAB4kBVlwTzyN53S/RXmRgpwVnlt ac+lAy/9fONZK28LrhBC6Q9rfmP1GFLtAOqFbT6mq+rp/kJl+lh/EqxoGepLbDPCKo4o +82Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=pw4YTtSOdDOPDxoKOdEI2ZVd51sZiXnmPExgEBzcjPk=; fh=iD/MczRtHkuHfagxWYOljcXdeTYLpAMVPt7j6YQwWzA=; b=Vy9WPyUxlZO+CZNXIsFswWJ+NSEzRuOZ39YYDQssBI2TW2/+84V7ZOkH40M5DRc6ZQ ae7Q0UuZJNfGAIye/EB+o3wYKfnLUSnHNiqeHXPgxJrvrxLTfgKH1TMMcbGsfK0tFF4a nQklDEOtSBF4DYfhysW0gGEPP6JC4jqjn+PYGyfruZz6HiRv6UMWJ+UBpZToqf+3K9gO yWgqGKrKUKPGJnjOHWsnGfYktFtZfHbzdWscIhjZAftHyE0Cnj4Abj6kVqYqOaFky0ep 5aOh5S6Em95Gwq0ecLLuKsV0betxcyo3cyD/6rB6xxOXae5g6/pde/frEu97YG4kiUM6 B1dw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=NC7z5DQh; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-66247-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-66247-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id vz18-20020a05620a495200b0078726f5e34fsi661869qkn.102.2024.02.14.20.20.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 20:20:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-66247-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=NC7z5DQh; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-66247-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-66247-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 515011C2287F for ; Thu, 15 Feb 2024 03:02:25 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6344D6ABA; Thu, 15 Feb 2024 03:02:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="NC7z5DQh" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AB80A1864; Thu, 15 Feb 2024 03:02:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707966127; cv=none; b=rSo0nV9t5prjYZ2X4kFn6DsdEV1cH9k0bTsH+4UipuCTTj+fNMrRmW8YdKJVQNIaOku4uL8mw1WpSlTLy+kmxmMMboZVkI0n4Q8mKT2IBOQfwdmfVca4t/cEY2HvF48jCsdULMcG64i3pEfX0CXB21nV9eWSL1aogbjrqKd7+4I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707966127; c=relaxed/simple; bh=9cutMbdi58gyhcptcGgn3SBIVIJ8WZRGKaEC+ywx0o4=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=rrl+vjjUrEJaTJJeKrbka08DUdmc5xn+wXIozpfXa7EPNdSC4zcRnoUsn3xpUSBO7JOCDWRdbiSgAU29b/AFhuDDlZ18SkqYLdbOVpdx8b48fOJQgAvNsZ4m5CjsJjE1LybNTUDO38ipGx3cX6V/9E/g9W9mOzlhJppcMWsDzXM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=NC7z5DQh; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1707966126; x=1739502126; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=9cutMbdi58gyhcptcGgn3SBIVIJ8WZRGKaEC+ywx0o4=; b=NC7z5DQhJzTAKEYHABoNiWBsxBC9AtSxXn0ntAz3AEkh34+wj/D5ocss A9GKGxQy4zP96vb5fiCnC7xXrVg6AiEbfi9PkQAQ5B6qMtgjzlxreUCqW N15WAjX8JUbEAVJB7LlqIHd0nQYeiNRrUPdyjbuIuS/vH3h/uhnBjxZCt Au0S3Os6Dey+nVPQFxiAJs/tSe/aD73OX6RMV7pIH1INkB+RZwmn8VIVt HHAwwEyNEixpzjEffr/gEcREnSU+f4XdTFQOZ1hSAuF5HYf8ynr49pin5 16KE4fKu5aio1x9HyElMzksBriXOxBt281r2df2DFN0Jsr7Im3P3teXym g==; X-IronPort-AV: E=McAfee;i="6600,9927,10984"; a="5007274" X-IronPort-AV: E=Sophos;i="6.06,161,1705392000"; d="scan'208";a="5007274" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Feb 2024 19:02:05 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,161,1705392000"; d="scan'208";a="8010505" Received: from skuppusw-desk2.jf.intel.com ([10.165.154.101]) by fmviesa003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Feb 2024 19:02:04 -0800 From: Kuppuswamy Sathyanarayanan To: Ard Biesheuvel Cc: Ilias Apalodimas , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org Subject: [PATCH v2 0/2] Add measurement and event log support for CC platforms Date: Thu, 15 Feb 2024 03:00:00 +0000 Message-Id: <20240215030002.281456-1-sathyanarayanan.kuppuswamy@linux.intel.com> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790937225141098155 X-GMAIL-MSGID: 1790937225141098155 In a Confidential Computing (CC) environment, not all platforms implement TPM support. Instead, it may support measurement and event logging based upon the hardware Trusted Execution Environment (TEE) capability. For such cases, UEFI specification [1] defines an alternative measurement protocol and interfaces. This patch set enables this support in EFI bootstub. https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html#efi-cc-measurement-protocol [1] Changes since v1: * Add missing tagged event data. * Add support for get_event_log(). Kuppuswamy Sathyanarayanan (2): efi/libstub: Add Confidential Computing (CC) measurement support efi/libstub: Add get_event_log() support for CC platforms .../firmware/efi/libstub/efi-stub-helper.c | 127 ++++++++++++++---- drivers/firmware/efi/libstub/efi-stub.c | 2 +- drivers/firmware/efi/libstub/efistub.h | 78 ++++++++++- drivers/firmware/efi/libstub/tpm.c | 78 +++++++---- drivers/firmware/efi/libstub/x86-stub.c | 2 +- include/linux/efi.h | 4 + 6 files changed, 235 insertions(+), 56 deletions(-)