Issue #420 has been reported by Krystian Hebel.
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_... ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
Issue #420 has been updated by Krystian Hebel.
Related links updated
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420#change-1107
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...
Request to admin or someone with permissions to add as subtasks: - https://ticket.coreboot.org/issues/421 - https://ticket.coreboot.org/issues/422 - https://ticket.coreboot.org/issues/423 - https://ticket.coreboot.org/issues/424 - https://ticket.coreboot.org/issues/425 - https://ticket.coreboot.org/issues/426 ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
Issue #420 has been updated by Arthur Heymans.
https://review.coreboot.org/c/coreboot/+/51710 Implements the TCG one. The coreboot implementation is not a 'proprietary' format. That would imply that there is a license restriction on using it which there is not. A lot of the TCG spec simply does not make a lot of sense for coreboot which is why it's not implemented.
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420#change-1159
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...
Request to admin or someone with permissions to add as subtasks: - https://ticket.coreboot.org/issues/421 - https://ticket.coreboot.org/issues/422 - https://ticket.coreboot.org/issues/423 - https://ticket.coreboot.org/issues/424 - https://ticket.coreboot.org/issues/425 - https://ticket.coreboot.org/issues/426 ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
Issue #420 has been updated by Michał Żygowski.
Related links updated
Arthur Heymans wrote in #note-2:
https://review.coreboot.org/c/coreboot/+/51710 Implements the TCG one. The coreboot implementation is not a 'proprietary' format. That would imply that there is a license restriction on using it which there is not. A lot of the TCG spec simply does not make a lot of sense for coreboot which is why it's not implemented.
Yes, it is not "proprietary", "custom" would be a better word here. Anyway, having an option for TCG compliant event log will not hurt.
Thank you for pointing the patch, adding to Related Links.
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420#change-1161
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...
Request to admin or someone with permissions to add as subtasks: - https://ticket.coreboot.org/issues/421 - https://ticket.coreboot.org/issues/422 - https://ticket.coreboot.org/issues/423 - https://ticket.coreboot.org/issues/424 - https://ticket.coreboot.org/issues/425 - https://ticket.coreboot.org/issues/426
TCG TPM2 event log patch: https://review.coreboot.org/c/coreboot/+/51710 ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
Issue #420 has been updated by Michał Żygowski.
Related to Cleanup #421: Change API of functions taking hash as an argument added
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420#change-1162
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...
Request to admin or someone with permissions to add as subtasks: - https://ticket.coreboot.org/issues/421 - https://ticket.coreboot.org/issues/422 - https://ticket.coreboot.org/issues/423 - https://ticket.coreboot.org/issues/424 - https://ticket.coreboot.org/issues/425 - https://ticket.coreboot.org/issues/426
TCG TPM2 event log patch: https://review.coreboot.org/c/coreboot/+/51710 ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
Issue #420 has been updated by Michał Żygowski.
Related to Feature #422: Create Kconfig menu for TPM event log format added
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420#change-1164
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...
Request to admin or someone with permissions to add as subtasks: - https://ticket.coreboot.org/issues/421 - https://ticket.coreboot.org/issues/422 - https://ticket.coreboot.org/issues/423 - https://ticket.coreboot.org/issues/424 - https://ticket.coreboot.org/issues/425 - https://ticket.coreboot.org/issues/426
TCG TPM2 event log patch: https://review.coreboot.org/c/coreboot/+/51710 ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
Issue #420 has been updated by Michał Żygowski.
Related to Feature #423: Implement legacy and crypto agile TPM event log formats added
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420#change-1166
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...
Request to admin or someone with permissions to add as subtasks: - https://ticket.coreboot.org/issues/421 - https://ticket.coreboot.org/issues/422 - https://ticket.coreboot.org/issues/423 - https://ticket.coreboot.org/issues/424 - https://ticket.coreboot.org/issues/425 - https://ticket.coreboot.org/issues/426
TCG TPM2 event log patch: https://review.coreboot.org/c/coreboot/+/51710 ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
Issue #420 has been updated by Michał Żygowski.
Related to Feature #424: Create and implement option to choose either TCG or vboot PCR assignment added
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420#change-1168
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...
Request to admin or someone with permissions to add as subtasks: - https://ticket.coreboot.org/issues/421 - https://ticket.coreboot.org/issues/422 - https://ticket.coreboot.org/issues/423 - https://ticket.coreboot.org/issues/424 - https://ticket.coreboot.org/issues/425 - https://ticket.coreboot.org/issues/426
TCG TPM2 event log patch: https://review.coreboot.org/c/coreboot/+/51710 ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
Issue #420 has been updated by Michał Żygowski.
Related to Feature #425: Add parsing of new TPM event log formats to cbmem utility added
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420#change-1170
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...
Request to admin or someone with permissions to add as subtasks: - https://ticket.coreboot.org/issues/421 - https://ticket.coreboot.org/issues/422 - https://ticket.coreboot.org/issues/423 - https://ticket.coreboot.org/issues/424 - https://ticket.coreboot.org/issues/425 - https://ticket.coreboot.org/issues/426
TCG TPM2 event log patch: https://review.coreboot.org/c/coreboot/+/51710 ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
Issue #420 has been updated by Michał Żygowski.
Related to Documentation #426: Document existing and added TPM event log formats and PCR usage added
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420#change-1172
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...
Request to admin or someone with permissions to add as subtasks: - https://ticket.coreboot.org/issues/421 - https://ticket.coreboot.org/issues/422 - https://ticket.coreboot.org/issues/423 - https://ticket.coreboot.org/issues/424 - https://ticket.coreboot.org/issues/425 - https://ticket.coreboot.org/issues/426
TCG TPM2 event log patch: https://review.coreboot.org/c/coreboot/+/51710 ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
Issue #420 has been updated by Michał Żygowski.
Adding subtask seems to be a new issue creation. In order to avoid duplication, I have added these issues from related links to the Related Issues section.
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420#change-1174
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...
Request to admin or someone with permissions to add as subtasks: - https://ticket.coreboot.org/issues/421 - https://ticket.coreboot.org/issues/422 - https://ticket.coreboot.org/issues/423 - https://ticket.coreboot.org/issues/424 - https://ticket.coreboot.org/issues/425 - https://ticket.coreboot.org/issues/426
TCG TPM2 event log patch: https://review.coreboot.org/c/coreboot/+/51710 ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
Issue #420 has been updated by Michał Żygowski.
Related links updated
Michał Żygowski wrote in #note-10:
Adding subtask seems to be a new issue creation. In order to avoid duplication, I have added these issues from related links to the Related Issues section.
NVM, I can assign Parent Task to the other issues and it will automatically link as subtask.
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420#change-1181
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...
TCG TPM2 event log patch: https://review.coreboot.org/c/coreboot/+/51710 ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
Issue #420 has been updated by Sergii Dmytruk.
2 out of 6 subtasks are closed, but really all of them are done by now, including this one.
---------------------------------------- Feature #420: Use standard format of TPM event log https://ticket.coreboot.org/issues/420#change-1888
* Author: Krystian Hebel * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-12 * Related links: [1] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientImplementat... [2] https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_...
TCG TPM2 event log patch: https://review.coreboot.org/c/coreboot/+/51710 ---------------------------------------- Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.
Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.
These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.
This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.
-
Arthur Heymans -
Krystian Hebel
-
Michał Żygowski
-
Sergii Dmytruk