From patchwork Wed Nov 24 15:08:56 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ruchika Gupta <ruchika.gupta@linaro.org>
X-Patchwork-Id: 519350
Delivered-To: patch@linaro.org
Received: by 2002:ac0:c605:0:0:0:0:0 with SMTP id p5csp10528585imj;
 Wed, 24 Nov 2021 07:09:28 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxQDFRKwxU5EcwfhEayGfSzR/U/otLCaHQoKQ8S1VrV88wKc62mS/c4MoESYKfwJfFSLWbj
X-Received: by 2002:a05:6402:5194:: with SMTP id
 q20mr26075682edd.250.1637766568061;
 Wed, 24 Nov 2021 07:09:28 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1637766568; cv=none;
 d=google.com; s=arc-20160816;
 b=xYGxN5ETwfY0v6AGqNc5csJZ3adz1jFi1L/M+PlVpSQWvOWJWELUWra4GZYdBfT7Rd
 n2j/D7g9Vg/pBvv5HIRQxFMLNyGprGxhYjycNp5qUApfUQwLB9tjZ4BBwr4KrI0EjUcW
 aSWYNRSUoDeZxUO1LmkmknaCGG6QNur3oZUdQ8aPwETcA6tFcWEJKJyo0JyPsU9kwdt2
 yFSdbulfVvlY530ltTUwiY0JNJwF+0uL8yVfZqcPPWyD/vsoAHh+MVCi1mX/TeX/bQUf
 uWMATbw+t3j6yf7lNdcDTy0aogOc1N73PcN7CTHO8NSNVo6pGBFeqJCtJ+iRc8Tt6H7I
 2S9w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:message-id:date:subject:cc:to:from:dkim-signature;
 bh=lffyGzhS3w2kQLIN0ufWC1cF6MmHv0GNbKe/cM1y11Q=;
 b=yaG44sZl1j4QfHpwjQc07HQR7+R/bXdC1AMVBw1We53wEl6yUKqrTmQtpMAX2Qb58R
 /CAycWYQXwjtexvJU1CBxbK7n/cTL0odYNwTvadUC9zYRXCLuu6Egf+/Z425T+X4vQma
 mm1do1LbNSxk7wuO1Hr5hiS1RyIUbpsQe4ipZewR5nep+PyyTY/jErrkmt48D6C24vnI
 fuOr1G0jp2HSb9AQcqAMYyFZc22sMJVU/RIYOI1xhUqh7QLVtiWNdPdiuG6BessrSE2f
 B1MouhfTAqOPTouL582QM4iraNTwezv8h39/UolDaV7WFpw0ZYCxy6pgjEbjJDy4IaaA
 0L+A==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=SbVH4FPF;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates
 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61])
 by mx.google.com with ESMTPS id gk1si231117ejc.48.2021.11.24.07.09.27
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 24 Nov 2021 07:09:28 -0800 (PST)
Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
 designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=SbVH4FPF;
 spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates
 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
 by phobos.denx.de (Postfix) with ESMTP id 3B7D38365E;
 Wed, 24 Nov 2021 16:09:23 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key;
 unprotected) header.d=linaro.org header.i=@linaro.org header.b="SbVH4FPF";
 dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 2AC9281DB4; Wed, 24 Nov 2021 16:09:21 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
 autolearn=ham autolearn_force=no version=3.4.2
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com
 [IPv6:2607:f8b0:4864:20::1033])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 9CA4780FAE
 for <u-boot@lists.denx.de>; Wed, 24 Nov 2021 16:09:08 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=ruchika.gupta@linaro.org
Received: by mail-pj1-x1033.google.com with SMTP id v23so2775419pjr.5
 for <u-boot@lists.denx.de>; Wed, 24 Nov 2021 07:09:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=lffyGzhS3w2kQLIN0ufWC1cF6MmHv0GNbKe/cM1y11Q=;
 b=SbVH4FPFqt39wIgmHs+ed/n3RqCsC5RxYpdk/4R4TsUyo62mTzfENU8M3+ouFYQRzS
 NRUSJgwWZIcGZ6dbz6c5mujkhVtM5IZToFGmMhrZZPdYK0Et17j0BG+YBjTKoCZ9HeEu
 I43cnIzIeadqoRVI5FJ/EtdU8lhtpOJAL1GtcMKVNfYXEv9SsslQyh1r9+L0UEIJRO1+
 cAVHTQfYLa/jO8EfmQSkJ0STHlYDiW4TKNfou4zUt5u9m31vdsjGmJ81SfrwvU32cdWP
 xii6Bx+/2A8YNoaOOILABKm6nsWQW5XJXKhDtA//BP614mpRftIIHVSvGdEVPFB9airr
 8eIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=lffyGzhS3w2kQLIN0ufWC1cF6MmHv0GNbKe/cM1y11Q=;
 b=4JozgO2iBXgH7la2eu3Lw10h0qSwyyMAC14+5E+WNT4EM24H5i3hU53ALLfnP5/a+W
 +akG3cHu3SXVhDli1tMF+dwpnPyLKk4rz2RGpxysoa1JJSw9myDTBRed/3Bgifztd2Hk
 8c9E8N4vmEQs7hRsqilHIAHxD9eySQeoCa8MfAWVY/xBGN7qAVnGg2YQzEGrRKMoUEiU
 IextG2XInLauHwrIkxSoLX3TRJaKVFjxjwXszinzkwfF036+I64h2y0gcYrMeLM9wyTB
 UhPuR/tczc8+Y3uolCx+SnWnCUXCpvhjW+pCyHBlwENTTjZVydvRC9NGh+1x06jyjz9b
 Wgng==
X-Gm-Message-State: AOAM533Zc1UAw9KPOBGaKMX4DYhTLqc17OPRyBT42yQfTGo8FOkukHlV
 5X6MCCvH0DnxMIRrOrKTU5NFAFBONF9wgg==
X-Received: by 2002:a17:902:b716:b0:141:d36c:78fc with SMTP id
 d22-20020a170902b71600b00141d36c78fcmr19401828pls.59.1637766546047;
 Wed, 24 Nov 2021 07:09:06 -0800 (PST)
Received: from localhost.localdomain ([106.215.91.18])
 by smtp.gmail.com with ESMTPSA id t67sm60967pfd.24.2021.11.24.07.09.03
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 24 Nov 2021 07:09:05 -0800 (PST)
From: Ruchika Gupta <ruchika.gupta@linaro.org>
To: u-boot@lists.denx.de, ilias.apalodimas@linaro.org, xypron.glpk@gmx.de,
 agraf@csgraf.de, masahisa.kojima@linaro.org
Cc: Ruchika Gupta <ruchika.gupta@linaro.org>
Subject: [PATCH v5 1/3] efi_loader: Add check for event log passed from
 firmware
Date: Wed, 24 Nov 2021 20:38:56 +0530
Message-Id: <20211124150858.496805-1-ruchika.gupta@linaro.org>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.37
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

Platforms may have support to measure their initial firmware components
and pass the event log to u-boot. The event log address can be passed
in property tpm_event_log_addr and tpm_event_log_size of the tpm node.
Platforms may choose their own specific mechanism to do so. A weak
function is added to check if even log has been passed to u-boot
from earlier firmware components. If available, the eventlog is parsed
to check for its correctness and further event logs are appended to the
passed log.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
v5:
Shift the efi_init_event_log() to a different location in the file.
This help fixes compilation issue introduced by calling efi_append_scrtm_version()
from it.

v4:
Add SCRTM version to log only if previous firmware doesn't pass the eventlog

v3:
Return as soon as you detect error

v2:
Moved firmware eventlog code parsing to tcg2_get_fw_eventlog()

 lib/efi_loader/efi_tcg2.c | 438 ++++++++++++++++++++++++++++++++------
 1 file changed, 369 insertions(+), 69 deletions(-)

diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index 8c1f22e337..a789c44660 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -324,6 +324,45 @@ __weak efi_status_t platform_get_tpm2_device(struct udevice **dev)
 	return EFI_NOT_FOUND;
 }
 
+/**
+ * platform_get_eventlog() - retrieve the eventlog address and size
+ *
+ * This function retrieves the eventlog address and size if the underlying
+ * firmware has done some measurements and passed them.
+ *
+ * This function may be overridden based on platform specific method of
+ * passing the eventlog address and size.
+ *
+ * @dev:	udevice
+ * @addr:	eventlog address
+ * @sz:		eventlog size
+ * Return:	status code
+ */
+__weak efi_status_t platform_get_eventlog(struct udevice *dev, u64 *addr,
+					  u32 *sz)
+{
+	const u64 *basep;
+	const u32 *sizep;
+
+	basep = dev_read_prop(dev, "tpm_event_log_addr", NULL);
+	if (!basep)
+		return EFI_NOT_FOUND;
+
+	*addr = be64_to_cpup((__force __be64 *)basep);
+
+	sizep = dev_read_prop(dev, "tpm_event_log_size", NULL);
+	if (!sizep)
+		return EFI_NOT_FOUND;
+
+	*sz = be32_to_cpup((__force __be32 *)sizep);
+	if (*sz == 0) {
+		log_debug("event log empty\n");
+		return EFI_NOT_FOUND;
+	}
+
+	return EFI_SUCCESS;
+}
+
 /**
  * tpm2_get_max_command_size() - get the supported max command size
  *
@@ -1181,6 +1220,250 @@ static const struct efi_tcg2_protocol efi_tcg2_protocol = {
 	.get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks,
 };
 
+/**
+ * parse_event_log_header() -  Parse and verify the event log header fields
+ *
+ * @buffer:			Pointer to the event header
+ * @size:			Size of the eventlog
+ * @pos:			Position in buffer after event log header
+ *
+ * Return:	status code
+ */
+efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos)
+{
+	struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer;
+	int i = 0;
+
+	if (size < sizeof(*event_header))
+		return EFI_COMPROMISED_DATA;
+
+	if (get_unaligned_le32(&event_header->pcr_index) != 0 ||
+	    get_unaligned_le32(&event_header->event_type) != EV_NO_ACTION)
+		return EFI_COMPROMISED_DATA;
+
+	for (i = 0; i < sizeof(event_header->digest); i++) {
+		if (event_header->digest[i] != 0)
+			return EFI_COMPROMISED_DATA;
+	}
+
+	*pos += sizeof(*event_header);
+
+	return EFI_SUCCESS;
+}
+
+/**
+ * parse_specid_event() -  Parse and verify the specID Event in the eventlog
+ *
+ * @dev:		udevice
+ * @buffer:		Pointer to the start of the eventlog
+ * @log_size:		Size of the eventlog
+ * @pos:		Offset in the evenlog where specID event starts
+ *
+ * Return:		status code
+ * @pos			Offset in the eventlog where the specID event ends
+ * @digest_list:	list of digests in the event
+ */
+efi_status_t parse_specid_event(struct udevice *dev, void *buffer, u32 log_size,
+				u32 *pos,
+				struct tpml_digest_values *digest_list)
+{
+	struct tcg_efi_spec_id_event *spec_event;
+	struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer;
+	size_t spec_event_size;
+	u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0;
+	u32 spec_active = 0;
+	u16 hash_alg, hash_sz;
+	u8 vendor_sz;
+	int err, i;
+
+	/* Check specID event data */
+	spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer + *pos);
+	/* Check for signature */
+	if (memcmp(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03,
+		   sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) {
+		log_err("specID Event: Signature mismatch\n");
+		return EFI_COMPROMISED_DATA;
+	}
+
+	if (spec_event->spec_version_minor !=
+			TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 ||
+	    spec_event->spec_version_major !=
+			TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2)
+		return EFI_COMPROMISED_DATA;
+
+	if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
+	    spec_event->number_of_algorithms < 1) {
+		log_err("specID Event: Number of algorithms incorrect\n");
+		return EFI_COMPROMISED_DATA;
+	}
+
+	alg_count = spec_event->number_of_algorithms;
+
+	err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count);
+	if (err)
+		return EFI_DEVICE_ERROR;
+
+	digest_list->count = 0;
+	/*
+	 * We may need to worry about the order of algs in this structure as
+	 * subsequent entries in event should be in same order
+	 */
+	for (i = 0; i < alg_count; i++) {
+		hash_alg =
+		  get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id);
+		hash_sz =
+		   get_unaligned_le16(&spec_event->digest_sizes[i].digest_size);
+
+		if (!(supported & alg_to_mask(hash_alg))) {
+			log_err("specID Event: Unsupported algorithm\n");
+			return EFI_COMPROMISED_DATA;
+		}
+		digest_list->digests[digest_list->count++].hash_alg = hash_alg;
+
+		spec_active |= alg_to_mask(hash_alg);
+	}
+
+	/* TCG spec expects the event log to have hashes for all active PCR's */
+	if (spec_active != active) {
+		/*
+		 * Previous stage bootloader should know all the active PCR's
+		 * and use them in the Eventlog.
+		 */
+		log_err("specID Event: All active hash alg not present\n");
+		return EFI_COMPROMISED_DATA;
+	}
+
+	/*
+	 * the size of the spec event and placement of vendor_info_size
+	 * depends on supported algoriths
+	 */
+	spec_event_size =
+		offsetof(struct tcg_efi_spec_id_event, digest_sizes) +
+		alg_count * sizeof(spec_event->digest_sizes[0]);
+
+	vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos + spec_event_size);
+
+	spec_event_size += sizeof(vendor_sz) + vendor_sz;
+	*pos += spec_event_size;
+
+	if (get_unaligned_le32(&event_header->event_size) != spec_event_size) {
+		log_err("specID event: header event size mismatch\n");
+		/* Right way to handle this can be to call SetActive PCR's */
+		return EFI_COMPROMISED_DATA;
+	}
+
+	return EFI_SUCCESS;
+}
+
+efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer, u32 log_size,
+			      u32 *offset, struct tpml_digest_values *digest_list,
+			      u32 *pcr)
+{
+	struct tcg_pcr_event2 *event = NULL;
+	u32 event_type, count, size, event_size;
+	size_t pos;
+
+	if (*offset > log_size)
+		return EFI_COMPROMISED_DATA;
+
+	event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset);
+
+	*pcr = get_unaligned_le32(&event->pcr_index);
+
+	event_size = tcg_event_final_size(digest_list);
+
+	if (*offset + event_size > log_size) {
+		log_err("Event exceeds log size\n");
+		return EFI_COMPROMISED_DATA;
+	}
+
+	event_type = get_unaligned_le32(&event->event_type);
+
+	/* get the count */
+	count = get_unaligned_le32(&event->digests.count);
+	if (count != digest_list->count)
+		return EFI_COMPROMISED_DATA;
+
+	pos = offsetof(struct tcg_pcr_event2, digests);
+	pos += offsetof(struct tpml_digest_values, digests);
+
+	for (int i = 0; i < digest_list->count; i++) {
+		u16 alg;
+		u16 hash_alg = digest_list->digests[i].hash_alg;
+		u8 *digest = (u8 *)&digest_list->digests[i].digest;
+
+		alg = get_unaligned_le16((void *)((uintptr_t)event + pos));
+
+		if (alg != hash_alg)
+			return EFI_COMPROMISED_DATA;
+
+		pos += offsetof(struct tpmt_ha, digest);
+		memcpy(digest, (void *)((uintptr_t)event + pos), alg_to_len(hash_alg));
+		pos += alg_to_len(hash_alg);
+	}
+
+	size = get_unaligned_le32((void *)((uintptr_t)event + pos));
+	event_size += size;
+	pos += sizeof(u32); /* tcg_pcr_event2 event_size*/
+	pos += size;
+
+	/* make sure the calculated buffer is what we checked against */
+	if (pos != event_size)
+		return EFI_COMPROMISED_DATA;
+
+	if (pos > log_size)
+		return EFI_COMPROMISED_DATA;
+
+	*offset += pos;
+
+	return EFI_SUCCESS;
+}
+
+efi_status_t tcg2_get_fw_eventlog(struct udevice *dev, void *log_buffer,
+				  size_t *log_sz)
+{
+	struct tpml_digest_values digest_list;
+	void *buffer;
+	efi_status_t ret;
+	u32 pcr, pos;
+	u64 base;
+	u32 sz;
+
+	ret = platform_get_eventlog(dev, &base, &sz);
+	if (ret != EFI_SUCCESS)
+		return ret;
+
+	if (sz > TPM2_EVENT_LOG_SIZE)
+		return EFI_VOLUME_FULL;
+
+	buffer = (void *)base;
+	pos = 0;
+	/* Parse the eventlog to check for its validity */
+	ret = parse_event_log_header(buffer, sz, &pos);
+	if (ret || pos > sz)
+		return EFI_COMPROMISED_DATA;
+
+	ret = parse_specid_event(dev, buffer, sz, &pos, &digest_list);
+	if (ret || pos > sz) {
+		log_err("Error parsing SPEC ID Event\n");
+		return EFI_COMPROMISED_DATA;
+	}
+
+	while (pos < sz) {
+		ret = tcg2_parse_event(dev, buffer, sz, &pos, &digest_list,
+				       &pcr);
+		if (ret) {
+			log_err("Error parsing event\n");
+			return ret;
+		}
+	}
+
+	memcpy(log_buffer, buffer, sz);
+	*log_sz = sz;
+
+	return ret;
+}
+
 /**
  * create_specid_event() - Create the first event in the eventlog
  *
@@ -1312,69 +1595,6 @@ out:
 	return ret;
 }
 
-/**
- * efi_init_event_log() - initialize an eventlog
- */
-static efi_status_t efi_init_event_log(void)
-{
-	/*
-	 * vendor_info_size is currently set to 0, we need to change the length
-	 * and allocate the flexible array member if this changes
-	 */
-	struct tcg_pcr_event *event_header = NULL;
-	struct udevice *dev;
-	size_t spec_event_size;
-	efi_status_t ret;
-
-	ret = platform_get_tpm2_device(&dev);
-	if (ret != EFI_SUCCESS)
-		goto out;
-
-	ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE,
-				(void **)&event_log.buffer);
-	if (ret != EFI_SUCCESS)
-		goto out;
-
-	/*
-	 * initialize log area as 0xff so the OS can easily figure out the
-	 * last log entry
-	 */
-	memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE);
-	event_log.pos = 0;
-	event_log.last_event_size = 0;
-	event_log.get_event_called = false;
-	event_log.ebs_called = false;
-	event_log.truncated = false;
-
-	/*
-	 * The log header is defined to be in SHA1 event log entry format.
-	 * Setup event header
-	 */
-	event_header =  (struct tcg_pcr_event *)event_log.buffer;
-	put_unaligned_le32(0, &event_header->pcr_index);
-	put_unaligned_le32(EV_NO_ACTION, &event_header->event_type);
-	memset(&event_header->digest, 0, sizeof(event_header->digest));
-	ret = create_specid_event(dev, (void *)((uintptr_t)event_log.buffer + sizeof(*event_header)),
-				  &spec_event_size);
-	if (ret != EFI_SUCCESS)
-		goto free_pool;
-	put_unaligned_le32(spec_event_size, &event_header->event_size);
-	event_log.pos = spec_event_size + sizeof(*event_header);
-	event_log.last_event_size = event_log.pos;
-
-	ret = create_final_event();
-	if (ret != EFI_SUCCESS)
-		goto free_pool;
-
-out:
-	return ret;
-
-free_pool:
-	efi_free_pool(event_log.buffer);
-	event_log.buffer = NULL;
-	return ret;
-}
-
 /**
  * tcg2_measure_event() - common function to add event log and extend PCR
  *
@@ -1427,6 +1647,92 @@ static efi_status_t efi_append_scrtm_version(struct udevice *dev)
 	return ret;
 }
 
+/**
+ * efi_init_event_log() - initialize an eventlog
+ */
+static efi_status_t efi_init_event_log(void)
+{
+	/*
+	 * vendor_info_size is currently set to 0, we need to change the length
+	 * and allocate the flexible array member if this changes
+	 */
+	struct tcg_pcr_event *event_header = NULL;
+	struct udevice *dev;
+	size_t spec_event_size;
+	efi_status_t ret;
+
+	ret = platform_get_tpm2_device(&dev);
+	if (ret != EFI_SUCCESS)
+		goto out;
+
+	ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE,
+				(void **)&event_log.buffer);
+	if (ret != EFI_SUCCESS)
+		goto out;
+
+	/*
+	 * initialize log area as 0xff so the OS can easily figure out the
+	 * last log entry
+	 */
+	memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE);
+
+	/*
+	 * The log header is defined to be in SHA1 event log entry format.
+	 * Setup event header
+	 */
+	event_header =  (struct tcg_pcr_event *)event_log.buffer;
+	event_log.pos = 0;
+	event_log.last_event_size = 0;
+	event_log.get_event_called = false;
+	event_log.ebs_called = false;
+	event_log.truncated = false;
+
+	/*
+	 * Check if earlier firmware have passed any eventlog. Different
+	 * platforms can use different ways to do so
+	 */
+	ret = tcg2_get_fw_eventlog(dev, event_log.buffer, &event_log.pos);
+	/*
+	 * If earlier firmware hasn't passed any eventlog, go ahead and
+	 * create the eventlog header
+	 */
+	if (ret == EFI_NOT_FOUND) {
+		put_unaligned_le32(0, &event_header->pcr_index);
+		put_unaligned_le32(EV_NO_ACTION, &event_header->event_type);
+		memset(&event_header->digest, 0, sizeof(event_header->digest));
+		ret = create_specid_event(dev,
+					  (void *)((uintptr_t)event_log.buffer +
+						   sizeof(*event_header)),
+					  &spec_event_size);
+		if (ret != EFI_SUCCESS)
+			goto free_pool;
+		put_unaligned_le32(spec_event_size, &event_header->event_size);
+		event_log.pos = spec_event_size + sizeof(*event_header);
+		event_log.last_event_size = event_log.pos;
+
+		/*
+		 * Add SCRTM version to the log if previous firmmware
+		 * doesn't pass an eventlog
+		 */
+		ret = efi_append_scrtm_version(dev);
+	}
+
+	if (ret != EFI_SUCCESS)
+		goto free_pool;
+
+	ret = create_final_event();
+	if (ret != EFI_SUCCESS)
+		goto free_pool;
+
+out:
+	return ret;
+
+free_pool:
+	efi_free_pool(event_log.buffer);
+	event_log.buffer = NULL;
+	return ret;
+}
+
 /**
  * tcg2_measure_variable() - add variable event log and extend PCR
  *
@@ -1963,12 +2269,6 @@ efi_status_t efi_tcg2_register(void)
 	if (ret != EFI_SUCCESS)
 		goto fail;
 
-	ret = efi_append_scrtm_version(dev);
-	if (ret != EFI_SUCCESS) {
-		tcg2_uninit();
-		goto fail;
-	}
-
 	ret = efi_add_protocol(efi_root, &efi_guid_tcg2_protocol,
 			       (void *)&efi_tcg2_protocol);
 	if (ret != EFI_SUCCESS) {