[PATCH v2 2/6] efi_loader: add secure boot variable measurement
Simon Glass
sjg at chromium.org
Tue Jul 20 20:33:06 CEST 2021
Hi,
On Wed, 14 Jul 2021 at 06:59, Masahisa Kojima
<masahisa.kojima at linaro.org> wrote:
>
> TCG PC Client PFP spec requires to measure the secure
> boot policy before validating the UEFI image.
> This commit adds the secure boot variable measurement
> of "SecureBoot", "PK", "KEK", "db" and "dbx".
>
> Note that this implementation assumes that secure boot
> variables are pre-configured and not be set/updated in runtime.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> ---
>
> Changes in v2:
> - missing null check for getting variable data
> - some minor fix for readability
>
> include/efi_tcg2.h | 20 ++++++
> lib/efi_loader/efi_tcg2.c | 139 ++++++++++++++++++++++++++++++++++++++
> 2 files changed, 159 insertions(+)
It looks like this code should be in lib/tpm or similar as much of it
is not specific to EFI?
Regards,
Simon
More information about the U-Boot
mailing list