[U-Boot] [PATCH] sandbox_flattree: Switch to TPMv2 support

Miquel Raynal miquel.raynal at bootlin.com
Fri Jul 13 21:35:23 UTC 2018 

Hi Simon,


> >> >> > > > In order to have the test.py tests for TPMv2 run automatically we need
> >> >> > > > to have one of our sandbox builds use TPMv2 rather than TPMv1.  Switch
> >> >> > > > sandbox_flattree over to this style of TPM.  
> >> >> > >
> >> >> > > The problem seems to be that the sandbox driver is only built with
> >> >> > > either TPMv1 or TPMv2. It needs to be able to build with both, so we
> >> >> > > can run tests with both.  
> >> >> >
> >> >> > Right.  But we don't have any run-time automatic tests for TPMv1 as the
> >> >> > 'tpm test' command needs to be done manually, at least today (unless I'm
> >> >> > missing something under test/py/tests/).  And we can't (functionally in
> >> >> > real uses) have both TPM types available.  Perhaps we should make TPMv2
> >> >> > the default for sandbox?  All of the TPMv1 code will still be getting
> >> >> > build-time exercised due to platforms with TPMv1 on them.  
> >> >>
> >> >> I'll take a look at this. It should actually be quite easy to have two
> >> >> TPMs in sandbox, one v1 and one v2. At least I don't know of any
> >> >> impediment.
> >> >>  
> >> >> >  
> >> >> > > It really doesn't make any sense to have build-time branches for sandbox.
> >> >> > >
> >> >> > > We currently have:
> >> >> > >
> >> >> > > sandbox - should be used for most tests
> >> >> > > sandbox64 - special build that forces a 64-bit host
> >> >> > > sandbox_flattree - builds with dev_read_...() functions defined as
> >> >> > > inline. We need this build so that we can test those inline functions,
> >> >> > > and we cannot build with both the inline functions and the non-inline
> >> >> > > functions since they are named the same
> >> >> > > sandbox_noblk - builds without CONFIG_BLK, which means the legacy
> >> >> > > block drivers are used. We cannot use both the legacy and driver-model
> >> >> > > block drivers since they implement the same functions
> >> >> > > sandbox_spl - builds sandbox with SPL support, so you can run
> >> >> > > spl/u-boot-spl and it will start up and then load ./u-boot. We could
> >> >> > > probably remove this and add SPL support to the vanilla sandbox build,
> >> >> > > since people can still run ./u-boot directly
> >> >> > >
> >> >> > > At present there are unnecessary config differences between these
> >> >> > > builds. This is explained by the fact that it is a pain for people to
> >> >> > > have to add configs separately to each defconfig. But we should
> >> >> > > probably make them more common. I will take a look.  
> >> >> >
> >> >> > OK.
> >> >> >  
> >> >> > > What do you think about dropping sandbox_spl and make sandbox build
> >> >> > > SPL? It does take slightly longer to build, perhaps 25%.  
> >> >> >
> >> >> > That's fine with me.
> >> >> >  
> >> >> > > > Cc: Simon Glass <sjg at chromium.org>
> >> >> > > > Signed-off-by: Tom Rini <trini at konsulko.com>
> >> >> > > > ---
> >> >> > > > I'm tempted to switch the main sandbox target over instead as I don't
> >> >> > > > quite see where we're running the tpm1.x tests automatically.  Would
> >> >> > > > that be a better idea?
> >> >> > > > ---  
> >> >> > >
> >> >> > > Miquel, can we adjust the code to build both TPMv1 and v2 for sandbox,
> >> >> > > and select at run-time?  
> >> >> >
> >> >> > I thought we had talked about that before and couldn't easily?  One
> >> >> > thing I am a bit wary of is adding indirection for build coverage sake.  
> >> >>
> >> >> Yes, I am hoping that it is just different drivers with the same API
> >> >> but perhaps I am going to be disappointed.  
> >> >
> >> > Indeed, both versions share the same 'architecture' but quite a few
> >> > structures/functions are defined differently for each TPM flavour in
> >> > different files. What makes the magic are the
> >> > #ifdef TPM_V1
> >> > #else
> >> > #endif
> >> > blocks around includes, making them mutually exclusive.
> >> >
> >> > Choice has been made not to use both flavours at the same time in the
> >> > second series, when I clearly made a separation between v1 code and v2
> >> > code. Trying to compile them both with just some Kconfig hacks would
> >> > simply not work IMHO.
> >> >
> >> > My apologies for not being helpful at all... As Tom said, there are no
> >> > tests running on v1 code so maybe it's better to exercise v2 code in
> >> > Sandbox and let people compile-test the former on their own?  
> >>
> >> I had a play with this and it does not seem too tricky.
> >>
> >> With a bit of fiddling I got it to build except for this:
> >>
> >> /home/sjg/c/src/third_party/u-boot/files/cmd/tpm-v2.c:324: multiple
> >> definition of `get_tpm_commands'  
> >
> > That's one problem. I'm pretty sure at some point we will need to
> > declare differently tpm_chip_priv depending on the version. Using two
> > structures in an enumeration could be the way to handle it.  
> 
> I think you can just remove the #ifdef from inside struct
> tpm_chip_priv - it's not really a nice thing to do anyway.
> 
> >
> > Another point is that doing so, you embed twice the code and symbols
> > than what's really needed. Is not having mutually exclusive
> > code better than enlarging U-Boot binary?  
> 
> The sandbox binary is enormous since it enables as many features as it
> can. We can always create a minimal sandbox if it becomes useful, but
> for now sandbox is mostly for testing.
> 
> >  
> >>
> >> I think if you adjust it to check the driver version (v1 or v2), then
> >> you can use either the v1 or v2 command set. You could move the
> >> get_tpm_commands function into the uclass so it can check the driver.  
> >
> > It means patching all drivers if we want to do it cleanly.  
> 
> Yes, you could have a field that needs to be set so that the uclass
> knows which version it is. Alternatively if you want to save a patch
> you could have an is_v2 bool, which defaults to 0 for v1 drivers.
> 
> >  
> >> As to whether the driver is v1 or v2, I wonder if the driver could set
> >> a 'version' flag in tpm_chip_priv() ?  
> >
> > Probably.
> >  
> >> I really don't like the idea of having mutually exclusive code in
> >> driver model, so it would be good to fix this.  
> >
> > I'll be away the next weeks, so I won't work on it before end of June.
> > Can you share a diff of your changes?  
> 
> Yes I pushed a patch to u-boot-dm branch tpm-working.

I think I got a proper patch for the above request.

One thing I could not figure out:
There is one U_BOOT_CMD() definition per file (v1 and v2). Because now
I have to call them 'tpm' and 'tpm2', it creates two commands instead of
one. I've got the whole logic behind for the driver to tell which stack
it wants to use, but the user still has to use either one command or the
other because now both are defined (and we can't define twice
U_BOOT_CMD() with 'tpm' as command name.

Do you have a solution in mind?

Otherwise people already using TPM v2 (if any) will have to change their
scripts to use 'tpm2' instead of 'tpm' (the tests in test/py/tests
will also change). I really dislike this change just for compile
testing while I had both stacks hidden behind a single command...

What do you think?

Here is the patch:
https://github.com/miquelraynal/u-boot/commit/549822f82d797d6125a25af207eae12d45737fb7

Thanks,
Miquèl

More information about the U-Boot mailing list