[PATCH v2 5/5] test: Add sandbox TPM boot measurement
Heinrich Schuchardt
xypron.glpk at gmx.de
Tue Jan 10 23:02:06 CET 2023
On 1/10/23 17:38, Eddie James wrote:
>
> On 1/9/23 17:26, Heinrich Schuchardt wrote:
>> On 1/10/23 00:13, Heinrich Schuchardt wrote:
>>> On 1/9/23 22:55, Eddie James wrote:
>>>> Use the sandbox TPM driver to measure some boot images in a unit
>>>> test case.
>>>>
>>>> $ ./u-boot -T -c "ut measurement"
>>>> Running 1 measurement tests
>>>> Test: measure: measurement.c
>>>> Failures: 0
>>>>
>>>> Signed-off-by: Eddie James <eajames at linux.ibm.com>
>>>> ---
>>>> arch/sandbox/dts/test.dts | 12 +++++++
>>>> configs/sandbox_defconfig | 1 +
>>>> include/test/suites.h | 1 +
>>>> test/boot/Makefile | 1 +
>>>> test/boot/measurement.c | 66
>>>> +++++++++++++++++++++++++++++++++++++++
>>>> test/cmd_ut.c | 2 ++
>>>> 6 files changed, 83 insertions(+)
>>>> create mode 100644 test/boot/measurement.c
>>>>
>>>> diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts
>>>> index dffe10adbf..ad90bf0541 100644
>>>> --- a/arch/sandbox/dts/test.dts
>>>> +++ b/arch/sandbox/dts/test.dts
>>>> @@ -66,6 +66,17 @@
>>>> osd0 = "/osd";
>>>> };
>>>>
>>>> + reserved-memory {
>>>> + #address-cells = <1>;
>>>> + #size-cells = <1>;
>>>> + ranges;
>>>> +
>>>> + event_log: tcg_event_log at d0e000 {
>>>> + no-map;
>>>> + reg = <0x00d0e000 0x2000>;
>>
>> How should this work if you don't define linux,sml-base and
>> linux,sml-size?
>
>
> I have sent a patch to the linux list for using a reserved memory
> region, as I have also added in the u-boot TPM layer for the event log.
>
> https://patchwork.kernel.org/project/linux-integrity/patch/20230103162010.381214-1-eajames@linux.ibm.com/
Thank you for the clarification.
The kernel patch seems to need rework:
https://lore.kernel.org/all/202301040834.YsMHDMpw-lkp@intel.com/
Shouldn't the sandbox device-tree support these properties? This will
allow us to write a test application that the sandbox can run via
booti/bootz (depending on bitness) and bootm. This test application can
retrieve the event log and print it via Linux system calls.
Best regards
Heinrich
More information about the U-Boot
mailing list