[PATCH v5 0/6] tpm: Support boot measurements

Eddie James eajames at linux.ibm.com
Tue Feb 21 23:38:58 CET 2023 

On 2/6/23 06:20, Ilias Apalodimas wrote:
> Thanks Eddie,
>
> I quickly tested this but the EFI subsystem fails to initialize the TCG
> protocol properly now.  Unfortunately I am on a business trip and I won't
> be able to take a look into why till next week


Hi Ilias,


I haven't had the opportunity to test this, have you?


Thanks,

Eddie


>
> Cheers
> /Ilias
>
> On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote:
>> This series adds support for measuring the boot images more generically
>> than the existing EFI support. Several EFI functions have been moved to
>> the TPM layer. The series includes optional measurement from the bootm
>> command.
>> A new test case has been added for the bootm measurement to test the new
>> path, and the sandbox TPM2 driver has been updated to support this use
>> case.
>> This series is based on Ilias' auto-startup series:
>> https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodimas@linaro.org/
>>
>> Changes since v4:
>>   - Remove tcg2_measure_event function and check for NULL data in
>>     tcg2_measure_data
>>   - Use tpm_auto_startup
>>   - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
>>   - Change PCR indexes for initrd and dtb
>>   - Drop u8 casting in measurement test
>>   - Use bullets in documentation
>>
>> Changes since v3:
>>   - Reordered headers
>>   - Refactored more of EFI code into common code
>>      Removed digest_info structure and instead used the common alg_to_mask
>>        and alg_to_len
>>      Improved event log parsing in common code to get it equivalent to EFI
>>        Common code now extends PCR if previous bootloader stage couldn't
>>        No need to allocate memory in the common code, so EFI copies the
>>        discovered buffer like it did before
>>      Rename efi measure_event function
>>
>> Changes since v2:
>>   - Add documentation.
>>   - Changed reserved memory address to the top of the RAM for sandbox dts.
>>   - Add measure state to booti and bootz.
>>   - Skip measurement for EFI images that should be measured
>>
>> Changes since v1:
>>   - Refactor TPM layer functions to allow EFI system to use them, and
>>     remove duplicate EFI functions.
>>   - Add test case
>>   - Drop #ifdefs for bootm
>>   - Add devicetree measurement config option
>>   - Update sandbox TPM driver
>>
>> Eddie James (6):
>>    tpm: Fix spelling for tpmu_ha union
>>    tpm: Support boot measurements
>>    bootm: Support boot measurement
>>    tpm: sandbox: Update for needed TPM2 capabilities
>>    test: Add sandbox TPM boot measurement
>>    doc: Add measured boot documentation
>>
>>   arch/sandbox/dts/sandbox.dtsi  |   14 +
>>   arch/sandbox/dts/test.dts      |   13 +
>>   boot/Kconfig                   |   23 +
>>   boot/bootm.c                   |   70 +++
>>   cmd/booti.c                    |    1 +
>>   cmd/bootm.c                    |    2 +
>>   cmd/bootz.c                    |    1 +
>>   configs/sandbox_defconfig      |    1 +
>>   doc/usage/index.rst            |    1 +
>>   doc/usage/measured_boot.rst    |   23 +
>>   drivers/tpm/tpm2_tis_sandbox.c |  100 +++-
>>   include/bootm.h                |    2 +
>>   include/efi_tcg2.h             |   44 --
>>   include/image.h                |    1 +
>>   include/test/suites.h          |    1 +
>>   include/tpm-v2.h               |  246 +++++++-
>>   lib/efi_loader/efi_tcg2.c      | 1010 +++-----------------------------
>>   lib/tpm-v2.c                   |  771 ++++++++++++++++++++++++
>>   test/boot/Makefile             |    1 +
>>   test/boot/measurement.c        |   66 +++
>>   test/cmd_ut.c                  |    2 +
>>   21 files changed, 1383 insertions(+), 1010 deletions(-)
>>   create mode 100644 doc/usage/measured_boot.rst
>>   create mode 100644 test/boot/measurement.c
>>
>> -- 
>> 2.31.1
>>

More information about the U-Boot mailing list