From: Kent Y. <shp...@gm...> - 2012-10-03 21:54:55
|
On Fri, Sep 28, 2012 at 9:26 PM, Wei, Gang <gan...@in...> wrote: > I am current trying to make a TXT driver and it will expose the TXT event > log(located in TXT heap) via sysfs interface to userspace. That sounds good, thanks Jimmy. Kent > Jimmy > > Kent Yoder wrote on 2012-09-28: >>> We had discussion about the event log before. >>> I think standard structure is desirable for this TXT event log. >> >> Thanks for the context, Seiji. I agree, something in the PCClient >> standard structure would be good - it could be consumed by trousers >> without modifications. This could be exposed automatically if we had a >> kernel module for it. Does integrating that into intel_iommu.ko make >> sense? >> >> Kent >> >>> On Sat, Apr 26, 2008 at 4:40 AM, Cihula, Joseph <jos...@in...> >> wrote: >>>> On Friday, April 25, 2008 7:47 AM, Jun Koi wrote: >>>>> On 4/17/08, Seiji Munetoh <sei...@gm...> wrote: >>>>>> Hi Folks, >>>>>> >>>>>> Is there any way to validate the PCR[17] and PCR18] values? >>>>>> >>>>>> In case of Static-RTM, we can validate the PCR values by using >>>>>> the BIOS eventlog stored at ACPI table. >>>>>> But for Dynamic-RTM we don't have such eventlog. >>>>> >>>>> Do you know if there is any good reason why tboot doesn't log events >>>>> into eventlog? >>>> >>>> Did you mean why tboot doesn't copy the extend information into the BIOS >>>> event log or why TXT itself doesn't put them there? >>>> >>>> For the former, it is a combination of lack of time, issues with the >>>> eventlog, and motivation. Regarding the eventlog, the current TCG >>>> specification does not provide for BIOS to indicate where the log data >>>> ends. There is a soon-to-be-released update for the spec that will >>>> specify that the end space be filled with ff's, but that will require >>>> updated BIOSes. Regarding motivation, it wasn't clear how useful or >>>> important it would be. >>>> >>>> The values for PCR 17 and 18 are available in the SinitMleData struct in >>>> the TXT heap. So MLEs can access it and expose it to whatever SW needs >>>> it. >>>> >>>> For TXT not doing it, the reasons are very similar. In addition, we >>>> didn't want to tie the launch process to BIOS and its configuration. >>>> >>>> Joe >>> >>> -- >>> Seiji >>> >>> P.S. OpenPTS is generating the eventlog from txt-stat message as a >>> quick-and-dirty way. >>> >>> >>> On Thu, Sep 27, 2012 at 3:44 AM, Kent Yoder <shp...@gm...> >> wrote: >>>> Hi, >>>> >>>> Is there a standard way of grabbing the event log after a TXT >>>> launch? I see it looks like it lives in the os_mle_data_t struct on >>>> the txt heap, but there doesn't seem to be a way to print it from >>>> txt-stat. Is the code missing or can I dump it some other way? >>>> >>>> Thanks, >>>> Kent >>>> >>>> -- >>>> IBM LTC Security -- IBM LTC Security |