[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v1 1/1] Fix missing measurements on confidential computing en
From: |
Kuppuswamy Sathyanarayanan |
Subject: |
Re: [PATCH v1 1/1] Fix missing measurements on confidential computing enabled platform |
Date: |
Wed, 5 Jun 2024 06:38:47 -0700 |
On Mon, Jun 3, 2024 at 2:37 PM Hector Cao <hector.cao@canonical.com> wrote:
>
> The measurements for confidential computing has been introduced in the commit
> 4c76565b6 (efi/tpm: Add EFI_CC_MEASUREMENT_PROTOCOL support). Recently
> this patch 30708dfe3 (tpm: Disable the tpm verifier if the TPM device
> is not present) has been introduced to optimize the memory usage when
> TPM device is not available on the platform. This patch will prevent the
> tpm module to be loaded on confidential computing platform (for example
> Intel TDX) where no TPM device is available.
>
> In this patch, we propose to load the tpm module for this use case
> by generalizing the tpm feature detection in order to cover CC platforms.
> Basically, do we it by detecting the availability of the EFI protocol
> EFI_CC_MEASUREMENT_PROTOCOL.
>
> Fixes bug : https://savannah.gnu.org/bugs/?65821
>
> Signed-off-by: Hector Cao <hector.cao@canonical.com>
> ---
Looks good to me
Reviewed-by: Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>
> grub-core/commands/efi/tpm.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
> index f250c30db..40845af7a 100644
> --- a/grub-core/commands/efi/tpm.c
> +++ b/grub-core/commands/efi/tpm.c
> @@ -292,6 +292,13 @@ grub_tpm_present (void)
> {
> grub_efi_handle_t tpm_handle;
> grub_efi_uint8_t protocol_version;
> + grub_efi_cc_protocol_t *cc;
> +
> + /* if confidential computing measurement protocol is enabled
> + we consider TPM is present */
> + cc = grub_efi_locate_protocol (&cc_measurement_guid, NULL);
> + if (cc != NULL)
> + return 1;
>
> if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
> return 0;
> --
> 2.39.2
>
>
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel