[PATCH v2 0/5] tpm: Support boot measurements

Heinrich Schuchardt xypron.glpk at gmx.de
Tue Jan 10 00:35:01 CET 2023 

On 1/9/23 22:55, Eddie James wrote:
> This series adds support for measuring the boot images more generically
> than the existing EFI support. Several EFI functions have been moved to
> the TPM layer. The series includes optional measurement from the bootm
> command.
> A new test case has been added for the bootm measurement to test the new
> path, and the sandbox TPM2 driver has been updated to support this use
> case.
>
> Changes since v1:
>   - Refactor TPM layer functions to allow EFI system to use them, and
>     remove duplicate EFI functions.
>   - Add test case
>   - Drop #ifdefs for bootm
>   - Add devicetree measurement config option
>   - Update sandbox TPM driver

This looks like a useful feature to me. Some questions remain:

How about the booti and bootz commands. Are they covered by the change?

What are the consequences of your changes for UEFI FIT images (cf.
CONFIG_BOOTM_EFI)?

>
> Eddie James (5):
>    tpm: Fix spelling for tpmu_ha union
>    tpm: Support boot measurements
>    bootm: Support boot measurement
>    tpm: sandbox: Update for needed TPM2 capabilities
>    test: Add sandbox TPM boot measurement

I am missing the documentation changes. These should describe which
changes in the device-tree and in the configuration are needed to enable
measurements. This should be in doc/usage/

@Ilias:
Could you contribute the UEFI part for the document, please.

Best regards

Heinrich

>
>   arch/sandbox/dts/test.dts      |  12 +
>   boot/Kconfig                   |  23 ++
>   boot/bootm.c                   |  64 +++
>   cmd/bootm.c                    |   2 +
>   configs/sandbox_defconfig      |   1 +
>   drivers/tpm/tpm2_tis_sandbox.c | 100 +++--
>   include/bootm.h                |   2 +
>   include/efi_tcg2.h             |  44 --
>   include/image.h                |   1 +
>   include/test/suites.h          |   1 +
>   include/tpm-v2.h               | 215 +++++++++-
>   lib/efi_loader/efi_tcg2.c      | 362 +----------------
>   lib/tpm-v2.c                   | 708 +++++++++++++++++++++++++++++++++
>   test/boot/Makefile             |   1 +
>   test/boot/measurement.c        |  66 +++
>   test/cmd_ut.c                  |   2 +
>   16 files changed, 1187 insertions(+), 417 deletions(-)
>   create mode 100644 test/boot/measurement.c
>

More information about the U-Boot mailing list