heads
heads copied to clipboard
linuxboot
cbmem -L broken under coreboot 4.21+
@JonathonHall-Purism
Well, TBH I'm not sure a lot of other use so much measured boot outside of Heads @JonathonHall-Purism ? This shows its not tested a lot, or as you said, since cbmem is built by musl-cross-make related doubts, which is compiler buillding everything tools.cpio related under Heads, including cbmem here), that might as well be an undesired artifact of those? (modified quote)
I took the time to use rom produced here (4.22.01 tag release codebase built with measured boot and coreboot custom event log format) and test cbmem built on top of ubuntu 23.10/debian trixie OS (to remove musl-cross-make doubts).
Interestingly enough:
sudo ~/Downloada/coreboot-4.22.01/util/cbmem/cbmem -L:Unknown TPM log specification:: FAILsudo ~/Downloada/coreboot-4.19/util/cbmem/cbmem -L:coreboot TPM log: [...]: OK
So now, let's test cbmem behavior in between those release versions:
sudo ~/Downloada/coreboot-4.21/util/cbmem/cbmem -L:Unknown TPM log specification:: FAILsudo ~/Downloada/coreboot-4.20.1/util/cbmem/cbmem -L:coreboot TPM log: [...]: OK
So
cbmem -Lbroke somewhere between 4.20.1 and 4.21.
Raised awareness under #coreboot channel at https://matrix.to/#/!EhaGFZyYcbyhdSgStq:matrix.org/$DJW_mF5d1PfhJIvoM-_HvX8s3BpzNvtNu77auhvKBo0?via=matrix.org&via=sibnsk.net&via=datanauten.de. @miczyg1 said he would take a look at https://matrix.to/#/!EhaGFZyYcbyhdSgStq:matrix.org/$34SHe96Ef5Qrv2pIXtmi2lqpSwnh1GsKXlZCR9I7PpY?via=matrix.org&via=sibnsk.net&via=datanauten.de
Originally posted by @tlaurion in https://github.com/linuxboot/heads/issues/1604#issuecomment-1942087004
Issued a PR that should address the issue: https://github.com/linuxboot/heads/pull/1609
As far as heads is concerned, it doesn't matter which event log format is used right? Or rather coreboot's custom format is preferred @tlaurion ?
Why cbmem -L does not work with the standard TPM log per specifications is a separate matter (I suspect the first event in the event log is not SpecID event, but why? not sure yet).
@miczyg1 @JonathonHall-Purism theoritically, tpm1.2 vs coreboot log format should not matter since from my understanding, they use PCR2 for operations.
For our interest here and where the bug was discovered (all ivy/sandy/haswell boards were based on 4.19 since edp/fhd patch was not merged upstream), boards stayed on 4.19. But since https://review.coreboot.org/c/coreboot/+/28950 got merged yesterday as https://github.com/coreboot/coreboot/commit/a88dd4b6fbac8748a6f4580ad6363da47f5b3bc2, I'll prepare a PR switching all boards to that commit and be able to give traces, switching boards to TCG TPM1.2 TPM Event log format and go from there.
Logs provided and analysis at https://github.com/linuxboot/heads/pull/1609#issuecomment-1944461330 and further comments
TCPA log entry 10: PCR: -967035966 Event type: Unknown (0xace82028 >= 19) Digest: d97f7b94ead60f73575cdf71010ef9fd99ed6b28 Event data:Looks like coreboot didn't terminate the event log... cbmem checks for a zero_block of one TCPA entry length, if it isn;t found, then it goes further... We could add more safety checks to cbmem to avoid that ~~but also make sure coreboot properly terminates the eventlog (or at least clear the cbmem entry with the log while creating it...)~~
@SergiiDmytruk cc
EDIT:
coreboot is clearing the cbmem areas with TCG logs in
src/security/tpm/tspi/log-tpm1.candsrc/security/tpm/tspi/log-tpm2.c:memset(tclt, 0, tpm_log_len);, so a memory corruption?
Discussion under thread at https://matrix.to/#/!pAlHOfxQNPXOgFGTmo:matrix.org/$CQDLxAckANKmXAu8ZDtcDIHUn1dgvgfzyifZidHr7SA?via=matrix.org&via=nitro.chat&via=fairydust.space leading to traces requests by @krystian-hebel and @miczyg1
Ok, so to trace this better
Coreboot custom event log format:
- https://github.com/tlaurion/heads/tree/422_fhd at commit https://github.com/tlaurion/heads/commit/4bb831720e323cb75c29a400d005561d4016e3ca used here to test on x230 (coreboot custom event log format)
- https://output.circle-artifacts.com/output/job/cfdd3b68-2cd1-401f-8758-0ef2715e1cce/artifacts/0/build/x86/x230-maximized/heads-x230-maximized-v0.2.0-2026-g4bb8317.zip
- cbmem -L "Unknown TPM log specification"
- cbmem -1: Event log reported in coreboot logs fine
- cbmem_list_custom_coreboot_format.log
- cbmem_54435041_coreboot_format.log
- cbmem_434f4e53_coreboot_console.log
- https://output.circle-artifacts.com/output/job/cfdd3b68-2cd1-401f-8758-0ef2715e1cce/artifacts/0/build/x86/x230-maximized/heads-x230-maximized-v0.2.0-2026-g4bb8317.zip
TCG event log format
- https://github.com/tlaurion/heads/tree/422_fhd at commit https://github.com/tlaurion/heads/commit/6b61f61e6e209192ebf0b9a413744f7daaab06e8 used here to test on x230 (TCG event log format)
- https://output.circle-artifacts.com/output/job/f7813a8c-8a95-4933-9353-98c56d806916/artifacts/0/build/x86/x230-maximized/heads-x230-maximized-v0.2.0-2027-g6b61f61.zip
- cbmem -L: good until log entry 11 (corrupted to PCR0 and entry 12 bogus)
- cbmem -1: Event log reported in coreboot logs fine
- cbmem_list_TCG_format.log
- cbmem_54445041_TCG_format.log
- cbmem_434f4e53_TCG_console.log
- https://output.circle-artifacts.com/output/job/f7813a8c-8a95-4933-9353-98c56d806916/artifacts/0/build/x86/x230-maximized/heads-x230-maximized-v0.2.0-2027-g6b61f61.zip
Issued a PR that should address the issue: #1609
@miczyg1 #1609 closed as explained under https://github.com/linuxboot/heads/issues/1608#issuecomment-1952968828 : switching to coreboot custom format doesn't fix anything at all. The recap of the discussion leading to log dropped today above happened in the thread pointed by https://github.com/linuxboot/heads/issues/1608#issuecomment-1952939422
Let me know here if anything else is needed to troubleshoot coreboot upstream issue from Heads side.
This is related to coreboot changes from TCPA->TPM event log and is still present under coreboot master (24.05) and affects all forks since coreboot 4.21 where that change occurred