[PATCH v2 2/6] efi_loader: add secure boot variable measurement

Simon Glass sjg at chromium.org
Tue Jul 20 20:33:06 CEST 2021


Hi,

On Wed, 14 Jul 2021 at 06:59, Masahisa Kojima
<masahisa.kojima at linaro.org> wrote:
>
> TCG PC Client PFP spec requires to measure the secure
> boot policy before validating the UEFI image.
> This commit adds the secure boot variable measurement
> of "SecureBoot", "PK", "KEK", "db" and "dbx".
>
> Note that this implementation assumes that secure boot
> variables are pre-configured and not be set/updated in runtime.
>
> Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> ---
>
> Changes in v2:
> - missing null check for getting variable data
> - some minor fix for readability
>
>  include/efi_tcg2.h        |  20 ++++++
>  lib/efi_loader/efi_tcg2.c | 139 ++++++++++++++++++++++++++++++++++++++
>  2 files changed, 159 insertions(+)

It looks like this code should be in lib/tpm or similar as much of it
is not specific to EFI?

Regards,
Simon


More information about the U-Boot mailing list