sd-boot: Remove unnecessary call to GetEventLog
This PR reverts #4302 and part of #7568, as the call to GetEventLog
isn't necessary to get the logs from the OS runtime.
This has already been reverted in shim, see:
https://github.com/rhboot/shim/commit/
fd7c3bd920ba39082cb7c619afb7203d150a4cd3
The reasoning for the change that added this is wrong, explained below:
> According to TCG EFI Protocol Specification for TPM 2.0 family,
> all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG
> shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka
> EFI TCG 2.0 final events table.
This is correct and a valid reading of the TCG spec.
> Hence, it is necessary to trigger the internal switch through calling
> get_event_log() in order to allow to retrieve the logs from OS runtime.
However, this reasoning is incorrect. The "EFI TCG 2.0 final events
table" exists to allow the OS Runtime to get TCG events created during
or after the call to ExitBootServices. If systemd-boot didn't call
trigger_tcg2_final_events_table(), the call to HashLogExtendEvent will
write the event to the normal events table (i.e. the same place the
PCR 0 - 7 related events are written). Then the OS can obtain these
systemd-boot events in the same way it obtains normal events, via a
call to GetEventLog().
Tested on amd64 w/ TPM2 using the newest Linux kernel patches that
get the TPM2 formatted log:
https://www.lkml.org/lkml/2019/5/20/1590
I confirmed that this change still lets the OS runtime obtain the log
entries created by systemd-boot.
Signed-off-by: Joe Richey <joerichey@google.com>
projects / thirdparty / systemd.git / commit
