From: Ard Biesheuvel <ardb@kernel.org>
To: Muhammad Usama Anjum <usama.anjum@collabora.com>
Cc: Ard Biesheuvel <ardb+git@google.com>,
"Kuppuswamy Sathyanarayanan,"
<sathyanarayanan.kuppuswamy@linux.intel.com>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
linux-efi@vger.kernel.org
Subject: Re: [Bug Report] Bug in "efi/libstub: Add get_event_log() support for CC platforms"
Date: Thu, 7 Mar 2024 12:30:06 +0100 [thread overview]
Message-ID: <CAMj1kXG3ySsqU0v5dnC2V+xiKGxdFnY_WSOFzrqb0sr9gDT7Zw@mail.gmail.com> (raw)
In-Reply-To: <CAMj1kXGFLwsgPo9Xy_-9gaOUUO=wDd_K12ccYUhP1nWf3KLb0w@mail.gmail.com>
On Thu, 7 Mar 2024 at 12:13, Ard Biesheuvel <ardb@kernel.org> wrote:
>
> On Thu, 7 Mar 2024 at 12:08, Ard Biesheuvel <ardb@kernel.org> wrote:
> >
> > Hi Muhammad,
> >
> > Thanks for the report.
> >
> > On Thu, 7 Mar 2024 at 12:02, Muhammad Usama Anjum
> > <usama.anjum@collabora.com> wrote:
> > >
> > > Hi,
> > >
> > > The recent patch:
> > > 276805fb9c305: efi/libstub: Add get_event_log() support for CC platforms
> > > has introduced
> > > #define EFI_CC_EVENT_LOG_FORMAT_TCG_2 0x00000002
> > >
> > > But EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 has the same numerical value:
> > > #define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x2
> > >
> > > Thus there is dead code in efi_retrieve_tcg2_eventlog() i.e, multiple if
> > > conditions with (version == 2) I'm unable to decide on what is wrong and
> > > what is right here. Please have a look.
> > >
> >
> > Why is this a problem? The compiler will recognize this and simplify
> > the conditional. The code as written is semantically correct, the fact
> > that the symbolic constants resolve to the same numerical value is
> > just an implementation detail.
>
> Ah hold on. I see what you mean now:
>
> if (version == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
> final_events_table = get_efi_config_table(LINUX_EFI_TPM_FINAL_LOG_GUID);
> + else if (version == EFI_CC_EVENT_LOG_FORMAT_TCG_2)
> + final_events_table = get_efi_config_table(LINUX_EFI_CC_FINAL_LOG_GUID);
>
> Yes, that is broken.
Could we fix it like this perhaps?
--- a/drivers/firmware/efi/libstub/tpm.c
+++ b/drivers/firmware/efi/libstub/tpm.c
@@ -75,8 +75,7 @@
*
* CC Event log also uses TCG2 format, handle it same as TPM2.
*/
if (version > EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2) {
/*
* The TCG2 log format has variable length entries,
* and the information to decode the hash algorithms
@@ -109,10 +108,11 @@
* Figure out whether any events have already been logged to the
* final events structure, and if so how much space they take up
*/
if (version > EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2)
final_events_table =
get_efi_config_table(LINUX_EFI_TPM_FINAL_LOG_GUID) ?:
get_efi_config_table(LINUX_EFI_CC_FINAL_LOG_GUID);
next prev parent reply other threads:[~2024-03-07 11:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-07 11:03 [Bug Report] Bug in "efi/libstub: Add get_event_log() support for CC platforms" Muhammad Usama Anjum
2024-03-07 11:08 ` Ard Biesheuvel
2024-03-07 11:13 ` Ard Biesheuvel
2024-03-07 11:30 ` Ard Biesheuvel [this message]
2024-03-07 15:36 ` Kuppuswamy Sathyanarayanan
2024-03-07 15:41 ` Ard Biesheuvel
2024-03-07 16:21 ` Kuppuswamy Sathyanarayanan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMj1kXG3ySsqU0v5dnC2V+xiKGxdFnY_WSOFzrqb0sr9gDT7Zw@mail.gmail.com \
--to=ardb@kernel.org \
--cc=ardb+git@google.com \
--cc=ilias.apalodimas@linaro.org \
--cc=linux-efi@vger.kernel.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=usama.anjum@collabora.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.