[PATCH v6 6/6] doc: Add measured boot documentation

Heinrich Schuchardt xypron.glpk at gmx.de
Wed Feb 22 21:26:06 CET 2023



Am 22. Februar 2023 19:02:42 MEZ schrieb Eddie James <eajames at linux.ibm.com>:
>Briefly describe the feature and specify the requirements.
>
>Signed-off-by: Eddie James <eajames at linux.ibm.com>
>---
> doc/usage/index.rst         |  1 +
> doc/usage/measured_boot.rst | 23 +++++++++++++++++++++++
> 2 files changed, 24 insertions(+)
> create mode 100644 doc/usage/measured_boot.rst
>
>diff --git a/doc/usage/index.rst b/doc/usage/index.rst
>index cde7dcb14a..0cf78cb0e7 100644
>--- a/doc/usage/index.rst
>+++ b/doc/usage/index.rst
>@@ -12,6 +12,7 @@ Use U-Boot
>    partitions
>    cmdline
>    semihosting
>+   measured_boot
> 
> Shell commands
> --------------
>diff --git a/doc/usage/measured_boot.rst b/doc/usage/measured_boot.rst
>new file mode 100644
>index 0000000000..8357b1f480
>--- /dev/null
>+++ b/doc/usage/measured_boot.rst
>@@ -0,0 +1,23 @@
>+.. SPDX-License-Identifier: GPL-2.0+
>+
>+Measured Boot
>+=====================

This completely misses o describe measured boot with UEFI.

@Ilias, do you want to add that in a follow up patch?

>+
>+U-Boot can perform a measured boot, the process of hashing various components
>+of the boot process, extending the results in the TPM and logging the
>+component's measurement in memory for the operating system to consume.
>+
>+Requirements
>+---------------------
>+
>+* A hardware TPM 2.0 supported by the U-Boot drivers
>+* CONFIG_TPM=y
>+* CONFIG_MEASURED_BOOT=y
>+* Device-tree configuration of the TPM device to specify the memory area
>+  for event logging. The TPM device node must either contain a phandle to
>+  a reserved memory region or "linux,sml-base" and "linux,sml-size"
>+  indicating the address and size of the memory region. An example can be
>+  found in arch/sandbox/dts/test.dts
>+* The operating system must also be configured to use the memory regions
>+  specified in the U-Boot device-tree in order to make use of the event
>+  log.

Please, provide enough information such that a reader can set this up. This should include example code.

Best regards

Heinrich 


More information about the U-Boot mailing list