[PATCH v5 0/6] tpm: Support boot measurements

Ilias Apalodimas ilias.apalodimas at linaro.org
Mon Feb 6 13:20:07 CET 2023 

Thanks Eddie, 

I quickly tested this but the EFI subsystem fails to initialize the TCG
protocol properly now.  Unfortunately I am on a business trip and I won't
be able to take a look into why till next week

Cheers
/Ilias

On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote:
> This series adds support for measuring the boot images more generically
> than the existing EFI support. Several EFI functions have been moved to
> the TPM layer. The series includes optional measurement from the bootm 
> command.
> A new test case has been added for the bootm measurement to test the new
> path, and the sandbox TPM2 driver has been updated to support this use
> case.
> This series is based on Ilias' auto-startup series:
> https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodimas@linaro.org/
> 
> Changes since v4:
>  - Remove tcg2_measure_event function and check for NULL data in
>    tcg2_measure_data
>  - Use tpm_auto_startup
>  - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
>  - Change PCR indexes for initrd and dtb
>  - Drop u8 casting in measurement test
>  - Use bullets in documentation
> 
> Changes since v3:
>  - Reordered headers
>  - Refactored more of EFI code into common code
>     Removed digest_info structure and instead used the common alg_to_mask
>       and alg_to_len
>     Improved event log parsing in common code to get it equivalent to EFI
>       Common code now extends PCR if previous bootloader stage couldn't
>       No need to allocate memory in the common code, so EFI copies the
>       discovered buffer like it did before
>     Rename efi measure_event function
> 
> Changes since v2:
>  - Add documentation.
>  - Changed reserved memory address to the top of the RAM for sandbox dts.
>  - Add measure state to booti and bootz.
>  - Skip measurement for EFI images that should be measured
> 
> Changes since v1:
>  - Refactor TPM layer functions to allow EFI system to use them, and
>    remove duplicate EFI functions.
>  - Add test case
>  - Drop #ifdefs for bootm
>  - Add devicetree measurement config option
>  - Update sandbox TPM driver
> 
> Eddie James (6):
>   tpm: Fix spelling for tpmu_ha union
>   tpm: Support boot measurements
>   bootm: Support boot measurement
>   tpm: sandbox: Update for needed TPM2 capabilities
>   test: Add sandbox TPM boot measurement
>   doc: Add measured boot documentation
> 
>  arch/sandbox/dts/sandbox.dtsi  |   14 +
>  arch/sandbox/dts/test.dts      |   13 +
>  boot/Kconfig                   |   23 +
>  boot/bootm.c                   |   70 +++
>  cmd/booti.c                    |    1 +
>  cmd/bootm.c                    |    2 +
>  cmd/bootz.c                    |    1 +
>  configs/sandbox_defconfig      |    1 +
>  doc/usage/index.rst            |    1 +
>  doc/usage/measured_boot.rst    |   23 +
>  drivers/tpm/tpm2_tis_sandbox.c |  100 +++-
>  include/bootm.h                |    2 +
>  include/efi_tcg2.h             |   44 --
>  include/image.h                |    1 +
>  include/test/suites.h          |    1 +
>  include/tpm-v2.h               |  246 +++++++-
>  lib/efi_loader/efi_tcg2.c      | 1010 +++-----------------------------
>  lib/tpm-v2.c                   |  771 ++++++++++++++++++++++++
>  test/boot/Makefile             |    1 +
>  test/boot/measurement.c        |   66 +++
>  test/cmd_ut.c                  |    2 +
>  21 files changed, 1383 insertions(+), 1010 deletions(-)
>  create mode 100644 doc/usage/measured_boot.rst
>  create mode 100644 test/boot/measurement.c
> 
> -- 
> 2.31.1
>

More information about the U-Boot mailing list