[PATCH v10 03/10] tpm: Support boot measurements

Simon Glass sjg at chromium.org
Thu Aug 10 03:15:02 CEST 2023 

Hi Eddie,

On Mon, 7 Aug 2023 at 09:17, Eddie James <eajames at linux.ibm.com> wrote:
>
> Add TPM2 functions to support boot measurement. This includes
> starting up the TPM, initializing/appending the event log, and
> measuring the U-Boot version. Much of the code was used in the
> EFI subsystem, so remove it there and use the common functions.
>
> Signed-off-by: Eddie James <eajames at linux.ibm.com>
> ---
> Changes since v8:
>  - Fix log parsing again - any data corruption seen while replaying the
>    event log was failing the entire measurement.
>  - Added an option to ignore the existing log. This should only be used
>    for systems that know that U-Boot is the first stage bootloader. This
>    is necessary because the reserved memory region may persist through
>    resets and so U-Boot attempts to append to the previous boot's log.
>
> Changes since v7:
>  - Change name of tcg2_init_log and add more documentation
>  - Add a check, when parsing the event log header, to ensure that the
>    previous stage bootloader used all the active PCRs.
>  - Change name of tcg2_log_find_end
>  - Fix the greater than or equal to check to exit the log parsing
>  - Make sure log_position is 0 if there is any error discovering the log
>  - Return errors parsing the log if the data is corrupt so that we don't
>    end up with half a log
>
> Changes since v6:
>  - Added Linaro copyright for all the EFI moved code
>  - Changed tcg2_init_log (and by extension, tcg2_measurement_init) to
>    copy any discovered event log to the user's log if passed in.
>
> Changes since v5:
>  - Remove unused platform_get_eventlog in efi_tcg2.c
>  - First look for tpm_event_log_* properties instead of linux,sml-*
>  - Fix efi_tcg2.c compilation
>  - Select SHA* configs
>
> Changes since v4:
>  - Remove tcg2_measure_event function and check for NULL data in
>    tcg2_measure_data
>  - Use tpm_auto_startup
>  - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
>
> Changes since v3:
>  - Reordered headers
>  - Refactored more of EFI code into common code
>     Removed digest_info structure and instead used the common alg_to_mask
>       and alg_to_len
>     Improved event log parsing in common code to get it equivalent to EFI
>       Common code now extends PCR if previous bootloader stage couldn't
>       No need to allocate memory in the common code, so EFI copies the
>       discovered buffer like it did before
>     Rename efi measure_event function
>
> Changes since v1:
>  - Refactor TPM layer functions to allow EFI system to use them, and
>    remove duplicate EFI functions
>
>  include/efi_tcg2.h        |   44 --
>  include/tpm-v2.h          |  259 +++++++++
>  lib/Kconfig               |    4 +
>  lib/efi_loader/efi_tcg2.c | 1054 +++----------------------------------
>  lib/tpm-v2.c              |  814 ++++++++++++++++++++++++++++
>  5 files changed, 1154 insertions(+), 1021 deletions(-)

This is adding a lot more code to the TPM implementation and I see you
have added more tests. But do we have enough unit testing in
test/dm/tpm.c for these new functions?

Regards,
Simon

More information about the U-Boot mailing list