Project

General

Profile

Actions

Feature #420

open

Use standard format of TPM event log

Added by Krystian Hebel about 2 years ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
10/12/2022
Due date:
% Done:

33%

Estimated time:
(Total: 0.00 h)
Affected versions:
Needs backport to:
Affected hardware:
Affected OS:

Description

Currently coreboot uses proprietary format for TPM event log. TCG has standardized log formats, differently for TPM1.2 (aka legacy or SHA1) [1] and TPM2.0 (aka crypto agile) [2], both of which can be parsed by Linux kernel and exposed in sysfs. I don't know of any tool outside of cbmem which can parse coreboot format; this includes payloads which may be interested in continuing chain of trust started by coreboot.

Another incompatibility is caused by vboot's assignment of PCRs. Roles of PCRs are roughly specified by TCG in both of mentioned documents, they are more or less compatible with each other, but not with current coreboot code.

These changes could break assumptions made by existing platforms, so they should be made as Kconfig options.

This is a tracking issue to collect subtasks that need to be done in order to support standard event log formats.


Subtasks 6 (4 open2 closed)

Cleanup #421: Change API of functions taking hash as an argumentNew10/12/2022

Actions
Feature #422: Create Kconfig menu for TPM event log formatNew10/12/2022

Actions
Feature #423: Implement legacy and crypto agile TPM event log formatsNew10/12/2022

Actions
Feature #424: Create and implement option to choose either TCG or vboot PCR assignmentNew10/12/2022

Actions
Feature #425: Add parsing of new TPM event log formats to cbmem utilityResolved10/12/2022

Actions
Documentation #426: Document existing and added TPM event log formats and PCR usageResolved10/12/2022

Actions
Actions

Also available in: Atom PDF