[U-Boot] Patches for this merge window

Simon Glass sjg at chromium.org
Mon Apr 1 21:01:07 CEST 2013 

Hi Tom,

On Wed, Mar 20, 2013 at 1:07 PM, Tom Rini <trini at ti.com> wrote:

> On Wed, Mar 20, 2013 at 12:53:06PM -0700, Simon Glass wrote:
> > Hi Tom,
> >
> > [sorry I wrote this yesterday and didn't send]
> >
> > On Mon, Feb 11, 2013 at 12:47 PM, Tom Rini <trini at ti.com> wrote:
> > > [take 2 for me, gmail defaults to reply not reply-all]
> > >
> > > On Sun, Feb 10, 2013 at 11:48 PM, Simon Glass <sjg at google.com> wrote:
> > [..]
> > >> Generic board is also a big change, but since it is sort-of parallel
> > >> to existing code and only turned on on a board-by-board basis the risk
> > >> is lower - it just need some weeks of review time IMO.
> > >
> > > Sounds good, thanks!
> >
> > And generic board is in also now, which is a big step. Thanks for all
> > your effort on that.
> >
> > I am about to rev the verified boot series, and FIT image series base
> > on feedback.
> >
> > Also, what is happening on the TPM side? I think we have all the
> > pieces for making the TPM work properly in U-Boot, as previously
> > discussed. Along with verified boot we have a pretty solid
> > implementation now.
>
> So, I really want Wolfgang to weigh in on the verified boot side of
> things (and I need to review it harder and think myself).  On a related
> note, have you seen
>
> http://prosauce.org/blog/2013/2/11/embedded-trust-p2-u-boot-secured-boot.html
> yet?  It almost looks like easy enough that I could get that wired up
> here but is also another real life case we should take into account and
> make easy enough to handle and support in mainline.


Yes it would be good to get Wolfgang's feedback. I will also update the
follow-on 'image' series.

I had a good look through this, after doing a rough rebase to master.

The main parts are:

- RSA
- A move comprehensive TPM library
- Plumbing to call tpm_extend when there is user data loaded (environment,
kernel, ramdisk, command line...)

It brings in some additional code from the Chromium tree, which we have
been upstreaming.

The first two (RSA and TPM library) are mostly covered by my vboot series
and Che-Liang's TPM work. I suggest that the TPM additions in sboot could
be done by adding the missing features on top of Che-Liang's work. For the
third part (the plumbing), this could become a CONFIG option I think.

The two verified boot implementations use similar infrastructure, but are
somewhat different. My one works around FIT images, assuming a read-only
root of trust, and is intended to use the TPM for rollback protection only
so far. Images within the FIT are verified with a public key, and image
verification can be chained.

The sboot implementation also requires some trusted read-only code, but
then uses tpm_extend on each new chunk of user data/code loaded. It
requires the chain of tpm_extends to be played back and stored in the TPM,
then the TPM is locked and future boots must replay with the same code. So
it is not quite as easy to upgrade images (e.g. move to a new kernel)
although I'm sure this problem could be solved using a suitable mechanism.

It would be possible to support much of the functionality of the sboot
implementation within FIT, and certainly the fact that both need similar
infrastructure means that I think the FIT-based verified boot is a good
basis for upstreaming the sboot implementation when this is ready.

If you are interested I pushed my rebased branch to the x86 tree (branch is
try-sboot) - this is missing some code since I didn't do a proper rebase,
but if is much easier to diff against master.

Regards,
Simon

More information about the U-Boot mailing list