"Kevin O'Connor" <kevin@koconnor.net> wrote on 11/20/2015 12:26:08 PM:

>
> On Fri, Nov 20, 2015 at 05:09:07PM +0000, Stefan Berger wrote:
> > "Kevin O'Connor" <kevin@koconnor.net> wrote on 11/20/2015 11:12:53 AM:
> > > I don't understand the error handling in tpm_extend_acpi_log() and
> > > tpm_extend().  Why does a log overflow in tpm_extend_acpi_log()
> > > shutdown the tpm chip (via tpm_set_failure() )?  In particular,
> > > tpm_extend_acpi_log can be called from clients via the 16bit BIOS
> > > interface, and it's the only way a client could cause the tpm chip to
> > > shutdown.  Why does tpm_extend() call reset_acpi_log() on failure?  It
> > > seems odd that a failure in communication with the TPM chip would
> > > result in an ACPI log reset - no other TPM chip failure does that.
> >
> > The intention here was to invalidate the log that is supposed to be
> > written along with PCR extensions, resulting in attestation not being
> > possible due to a failure in the extend.
>
> Okay - so there isn't a specific need to handle a failure in
> tpm_extend_acpi_log() differently from a failure in tpm_extend()?
> That is, the goal is just to prevent attestation after a failed
> request?


tpm_shutdown can be removed; tpm_extend could also call tpm_set_failure() instead of tpm_shutdown()

>
> > > Is it expected that the tcpa ACPI table could move or be modified at
> > > runtime?  The code rescans for the table twice on every call to
> > > tpm_extend_acpi_log() - if it can't move or be modified then I think
> > > it would be simpler to cache the values.
> >
> > I will have a look whether we can cache that. I guess for as long as it's
> > scanned for 'early' we are not write-protected, yet. You may have seen I
> > am also rescanning the log every time something is appended to it. Here
> > the reason was that we are running in ROM mode and I cannot write to
> > static variables anymore that would allow to set the pointer to the last
> > entry. So back when I wrote this I handled the ACPI table in the same way
> > - rescanning.
>
> Oh, so the code could assume that the tcpa table is not moved nor
> modified _and_ that the BIOS is also the only writer to the log?


Unless there is way that the bootloader could give back control to the BIOS, the BIOS would be the only writer to the log.

>
> BTW, to make a global variable read/writable at runtime, one can add
> the VARLOW attribute to the variable.


Ok.

Regards,
    Stefan