[PATCH v5 0/6] tpm: Support boot measurements
Ilias Apalodimas
ilias.apalodimas at linaro.org
Wed Feb 22 11:22:44 CET 2023
Hi Eddie,
On Tue, Feb 21, 2023 at 04:38:58PM -0600, Eddie James wrote:
>
> On 2/6/23 06:20, Ilias Apalodimas wrote:
> > Thanks Eddie,
> >
> > I quickly tested this but the EFI subsystem fails to initialize the TCG
> > protocol properly now. Unfortunately I am on a business trip and I won't
> > be able to take a look into why till next week
>
>
> Hi Ilias,
>
>
> I haven't had the opportunity to test this, have you?
Not yet, apologies. I'll try looking into it this week.
Thanks
/Ilias
>
>
> Thanks,
>
> Eddie
>
>
> >
> > Cheers
> > /Ilias
> >
> > On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote:
> > > This series adds support for measuring the boot images more generically
> > > than the existing EFI support. Several EFI functions have been moved to
> > > the TPM layer. The series includes optional measurement from the bootm
> > > command.
> > > A new test case has been added for the bootm measurement to test the new
> > > path, and the sandbox TPM2 driver has been updated to support this use
> > > case.
> > > This series is based on Ilias' auto-startup series:
> > > https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodimas@linaro.org/
> > >
> > > Changes since v4:
> > > - Remove tcg2_measure_event function and check for NULL data in
> > > tcg2_measure_data
> > > - Use tpm_auto_startup
> > > - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
> > > - Change PCR indexes for initrd and dtb
> > > - Drop u8 casting in measurement test
> > > - Use bullets in documentation
> > >
> > > Changes since v3:
> > > - Reordered headers
> > > - Refactored more of EFI code into common code
> > > Removed digest_info structure and instead used the common alg_to_mask
> > > and alg_to_len
> > > Improved event log parsing in common code to get it equivalent to EFI
> > > Common code now extends PCR if previous bootloader stage couldn't
> > > No need to allocate memory in the common code, so EFI copies the
> > > discovered buffer like it did before
> > > Rename efi measure_event function
> > >
> > > Changes since v2:
> > > - Add documentation.
> > > - Changed reserved memory address to the top of the RAM for sandbox dts.
> > > - Add measure state to booti and bootz.
> > > - Skip measurement for EFI images that should be measured
> > >
> > > Changes since v1:
> > > - Refactor TPM layer functions to allow EFI system to use them, and
> > > remove duplicate EFI functions.
> > > - Add test case
> > > - Drop #ifdefs for bootm
> > > - Add devicetree measurement config option
> > > - Update sandbox TPM driver
> > >
> > > Eddie James (6):
> > > tpm: Fix spelling for tpmu_ha union
> > > tpm: Support boot measurements
> > > bootm: Support boot measurement
> > > tpm: sandbox: Update for needed TPM2 capabilities
> > > test: Add sandbox TPM boot measurement
> > > doc: Add measured boot documentation
> > >
> > > arch/sandbox/dts/sandbox.dtsi | 14 +
> > > arch/sandbox/dts/test.dts | 13 +
> > > boot/Kconfig | 23 +
> > > boot/bootm.c | 70 +++
> > > cmd/booti.c | 1 +
> > > cmd/bootm.c | 2 +
> > > cmd/bootz.c | 1 +
> > > configs/sandbox_defconfig | 1 +
> > > doc/usage/index.rst | 1 +
> > > doc/usage/measured_boot.rst | 23 +
> > > drivers/tpm/tpm2_tis_sandbox.c | 100 +++-
> > > include/bootm.h | 2 +
> > > include/efi_tcg2.h | 44 --
> > > include/image.h | 1 +
> > > include/test/suites.h | 1 +
> > > include/tpm-v2.h | 246 +++++++-
> > > lib/efi_loader/efi_tcg2.c | 1010 +++-----------------------------
> > > lib/tpm-v2.c | 771 ++++++++++++++++++++++++
> > > test/boot/Makefile | 1 +
> > > test/boot/measurement.c | 66 +++
> > > test/cmd_ut.c | 2 +
> > > 21 files changed, 1383 insertions(+), 1010 deletions(-)
> > > create mode 100644 doc/usage/measured_boot.rst
> > > create mode 100644 test/boot/measurement.c
> > >
> > > --
> > > 2.31.1
> > >
More information about the U-Boot
mailing list