Bug 1187360 - tpm2_eventlog cannot read /sys/kernel/security/tpm0/binary_bios_measurements
tpm2_eventlog cannot read /sys/kernel/security/tpm0/binary_bios_measurements
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Basesystem
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: E-mail List
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-06-15 15:18 UTC by Alberto Planas Dominguez
Modified: 2021-12-13 12:35 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alberto Planas Dominguez 2021-06-15 15:18:52 UTC
(Note, I think that this is a kernel issue because after fixing bsc#1185869, this was working. See c11 in the previous report for confirmation)

In Tumbleweed tpm2_eventlog do not work when pointed to the securefs:

# uname -a
Linux dhcp189 5.12.9-1-default #1 SMP Thu Jun 3 07:44:58 UTC 2021 (f17eb01) x86_64 x86_64 x86_64 GNU/Linux

# tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements
ERROR: Unable to run tpm2_eventlog

But works when reading the copied file:

# cp /sys/kernel/security/tpm0/binary_bios_measurements binary_bios_measurements

# tpm2_eventlog binary_bios_measurements | head
---
version: 1
events:
- EventNum: 0
  PCRIndex: 0
  EventType: EV_NO_ACTION
  Digest: "0000000000000000000000000000000000000000"
  EventSize: 37
  SpecID:
  - Signature: Spec ID Event03


Running strace shows this:

# strace tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements
...
futex(0x7fba8bafbe18, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "/sys/kernel/security/tpm0/binary_bios_measurements", O_RDONLY) = 3
lseek(3, 0, SEEK_CUR)                   = 0
newfstatat(3, "", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_EMPTY_PATH) = 0
newfstatat(3, "", {st_mode=S_IFREG|0440, st_size=0, ...}, AT_EMPTY_PATH) = 0
lseek(3, 0, SEEK_SET)                   = 0
lseek(3, 0, SEEK_SET)                   = 0
close(3)                                = 0
write(2, "ERROR: ", 7ERROR: )                  = 7
write(2, "Unable to run eventlog", 22Unable to run eventlog)  = 22
write(2, "\n", 1
)                       = 1
exit_group(1)                           = ?
+++ exited with 1 +++


# strace tpm2_eventlog binary_bios_measurements
...
futex(0x7fb147cede18, FUTEX_WAKE_PRIVATE, 2147483647) = 0
openat(AT_FDCWD, "binary_bios_measurements", O_RDONLY) = 3
lseek(3, 0, SEEK_CUR)                   = 0
newfstatat(3, "", {st_mode=S_IFREG|0440, st_size=10494, ...}, AT_EMPTY_PATH) = 0
newfstatat(3, "", {st_mode=S_IFREG|0440, st_size=10494, ...}, AT_EMPTY_PATH) = 0
lseek(3, 8192, SEEK_SET)                = 8192
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2302) = 2302
lseek(3, 0, SEEK_SET)                   = 0
close(3)                                = 0
openat(AT_FDCWD, "binary_bios_measurements", O_RDONLY) = 3
newfstatat(3, "", {st_mode=S_IFREG|0440, st_size=10494, ...}, AT_EMPTY_PATH) = 0
read(3, "\0\0\0\0\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0%\0\0\0"..., 8192) = 8192
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 2302
close(3)                                = 0
write(1, "---", 3)                      = 3
...
Comment 1 Alberto Planas Dominguez 2021-06-17 09:47:02 UTC
@Gary Ching-Pang Lin, you help me a lot with the last kernel bug about the TPM event log. Maybe you have a clue in this one.
Comment 2 Gary Ching-Pang Lin 2021-06-18 02:47:01 UTC
It seems tpm2_eventlog tried to do "fseek(fp, 0, SEEK_END)" but the securityfs entry didn't return the size.

I didn't see any suspicious change in tpm driver between 5.12.4 and 5.12.9 and there is even no change in securityfs (security/inode.c).
Comment 3 Alberto Planas Dominguez 2021-06-18 09:17:08 UTC
(In reply to Gary Ching-Pang Lin from comment #2)
> It seems tpm2_eventlog tried to do "fseek(fp, 0, SEEK_END)" but the
> securityfs entry didn't return the size.
> 
> I didn't see any suspicious change in tpm driver between 5.12.4 and 5.12.9
> and there is even no change in securityfs (security/inode.c).

Interesting. I will share this with upstream.

The test that I did in https://bugzilla.suse.com/show_bug.cgi?id=1185869#c11 suggest that this was working as expected before, and I am still using the same tpm2-tools version.
Comment 4 Gary Ching-Pang Lin 2021-06-18 09:37:09 UTC
(In reply to Alberto Planas Dominguez from comment #3)
> (In reply to Gary Ching-Pang Lin from comment #2)
> > It seems tpm2_eventlog tried to do "fseek(fp, 0, SEEK_END)" but the
> > securityfs entry didn't return the size.
> > 
> > I didn't see any suspicious change in tpm driver between 5.12.4 and 5.12.9
> > and there is even no change in securityfs (security/inode.c).
> 
> Interesting. I will share this with upstream.
> 
Thanks.

> The test that I did in https://bugzilla.suse.com/show_bug.cgi?id=1185869#c11
> suggest that this was working as expected before, and I am still using the
> same tpm2-tools version.

I guess some other kernel change caused the seek failure. Maybe vfs?
Comment 5 Alberto Planas Dominguez 2021-06-18 14:48:40 UTC
(In reply to Gary Ching-Pang Lin from comment #4)

> I guess some other kernel change caused the seek failure. Maybe vfs?

I think that I am in the wrong here. I fixed the code upstream:

https://github.com/tpm2-software/tpm2-tools/pull/2776

Thanks for helping and pointing me in the right direction.
Comment 6 OBSbugzilla Bot 2021-06-18 15:30:06 UTC
This is an autogenerated message for OBS integration:
This bug (1187360) was mentioned in
https://build.opensuse.org/request/show/900775 Factory / tpm2.0-tools