[PATCH v2 0/5] tpm: Support boot measurements
Heinrich Schuchardt
xypron.glpk at gmx.de
Tue Jan 10 23:08:29 CET 2023
On 1/10/23 22:42, Eddie James wrote:
>
> On 1/9/23 17:35, Heinrich Schuchardt wrote:
>> On 1/9/23 22:55, Eddie James wrote:
>>> This series adds support for measuring the boot images more generically
>>> than the existing EFI support. Several EFI functions have been moved to
>>> the TPM layer. The series includes optional measurement from the bootm
>>> command.
>>> A new test case has been added for the bootm measurement to test the new
>>> path, and the sandbox TPM2 driver has been updated to support this use
>>> case.
>>>
>>> Changes since v1:
>>> - Refactor TPM layer functions to allow EFI system to use them, and
>>> remove duplicate EFI functions.
>>> - Add test case
>>> - Drop #ifdefs for bootm
>>> - Add devicetree measurement config option
>>> - Update sandbox TPM driver
>>
>> This looks like a useful feature to me. Some questions remain:
>>
>> How about the booti and bootz commands. Are they covered by the change?
>
>
> No, not yet.
Please, add the measurements in common code for all boot commands
(except bootefi).
>
>
>>
>> What are the consequences of your changes for UEFI FIT images (cf.
>> CONFIG_BOOTM_EFI)?
>
>
> I suppose the image would be measured twice, but only if the user
> selected both of the relevant config options.
We should have a test case for this.
Best regards
Heinrich
More information about the U-Boot
mailing list