On Tue, 1 Apr 2025 at 00:59, James Bottomley <james.bottom...@hansenpartnership.com> wrote: > > On Mon, 2025-03-31 at 15:23 -0700, Dionna Amalie Glaze wrote: > > On Mon, Mar 31, 2025 at 2:26 PM James Bottomley > > <james.bottom...@hansenpartnership.com> wrote: > > > > > > On Mon, 2025-03-31 at 13:56 -0700, Dionna Amalie Glaze wrote: > > > [...] > > > > I might be unclear on how I should be testing this, but I do see > > > > /dev/tpm0 and /dev/tpmrm0 when I build with CONFIG_TCG_SVSM=y, > > > > but I don't see the event log in securityfs. What am I missing? > > > > > > The vtpm driver for EDK2/OVMF I suspect ... without that the UEFI > > > won't lay down and event log for the kernel to pick up. > > > > This test is with Oliver's PR > > https://github.com/tianocore/edk2/pull/6527 > > Well, since the event log is searched for in tpm_chip_register(), I > really don't think it can be the kernel driver. Best guess is there's > something wrong with that patch set (or the vTPM didn't activate in > OVMF for some reason).
Yep, I also think it should be something in edk2. I'm using edk2 from https://github.com/coconut-svsm/edk2/pull/62 which should contain the commits from that PR + a fix not yet merged upstream. I'm building it with: build -a X64 -b DEBUG -t GCC5 -DTPM2_ENABLE \ --pcd PcdUninstallMemAttrProtocol=TRUE -p OvmfPkg/OvmfPkgX64.dsc And in Linux I see the devices and the event log: # ls /dev/tpm* /dev/tpm0 /dev/tpmrm0 # ls /sys/kernel/security/tpm0/ binary_bios_measurements # tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements --- version: 1 events: - EventNum: 0 PCRIndex: 0 EventType: EV_NO_ACTION Digest: "0000000000000000000000000000000000000000" EventSize: 37 ... If I remove `-DTPM2_ENABLE` when building edk2, I can still see the /dev/tpm* devices (of course), but I can't see the event log anymore. And also most PCRs are 0 (unlike when I have tpm driver enabled in edk2). Thanks, Stefano
