[U-Boot] tpm / measured boot in u-boot

Simon Glass sjg at chromium.org
Wed Oct 30 01:49:13 UTC 2019

Hi Stuart,

On Mon, 28 Oct 2019 at 17:27, Stuart Yoder <b08248 at gmail.com> wrote:
> I saw Simon's write-up here: https://lwn.net/Articles/571031/, which
> references TPM
> and trusted boot support using the TPM.
> I've started looking at the TPM support code in u-boot, and am trying
> to understand
> it.  Before getting too far I wanted to check if there were any
> pointers anyone might
> have around any documentation or material that provides more detail on what the
> u-boot TPM support does and does not do.  I didn't see any .txt files in u-boot.
> The supports seems oriented around using commands and scripts to
> measure images.  One
> specific thing I'm interested is how the u-boot script itself that takes the TPM
> measurements is protected against tampering.

Actually verified boot does not use the TPM at all.

What do you want the TPM to do? If you want measured boot then you
would need to call measure / extend before/after loading each stage.

> Also, it doesn't look like TCG compliant event logs are supported.

OK, might need to be added.


More information about the U-Boot mailing list