An Unified TPM Event Log for Linux (asg2023)

The TPM event log contains a history of all measurements made with the TPM. Complete with some context information for each measurement it is intended to help with recreating the current PCR contents. What was meant as a debugging tool turns out to be of vital importance when trying to remotely attest real life systems. This is mostly because of the overuse of certain PCR and the general mess that is x86 firmware. Sadly, there are many event logs. UEFI keeps one for its measurements and those done by EFI applications like GRUB and shim. If a system is booted in an MLE using tboot the ACM firmware code also maintains an event log that can be accessed via a pointer in an ACPI table. Now, systemd also has an event log that is mixed into the general journal log. Finally Linux IMA maintains it's own event log -- an append-only, in-kernel data structure. On top of that every bootloader or userspace application that wants to measure something into the TPM will also need to maintain an event log. How about we fix that? The talk will sketch out a solution that maintains a unified, global event log of the whole system on disk and exposes an interface for other applications that wish to measure things into the TPM. We'll also fix a race conditions in IMA as well as correctly handle S3 resume w.r.t measured boot while we're at it. about this event: https://cfp.all-systems-go.io/all-systems-go-2023/talk/HGMV9U/