[PATCH v2 5/5] test: Add sandbox TPM boot measurement

Eddie James eajames at linux.ibm.com
Tue Jan 10 23:11:09 CET 2023


On 1/10/23 16:02, Heinrich Schuchardt wrote:
> On 1/10/23 17:38, Eddie James wrote:
>>
>> On 1/9/23 17:26, Heinrich Schuchardt wrote:
>>> On 1/10/23 00:13, Heinrich Schuchardt wrote:
>>>> On 1/9/23 22:55, Eddie James wrote:
>>>>> Use the sandbox TPM driver to measure some boot images in a unit
>>>>> test case.
>>>>>
>>>>> $ ./u-boot -T -c "ut measurement"
>>>>> Running 1 measurement tests
>>>>> Test: measure: measurement.c
>>>>> Failures: 0
>>>>>
>>>>> Signed-off-by: Eddie James <eajames at linux.ibm.com>
>>>>> ---
>>>>>   arch/sandbox/dts/test.dts | 12 +++++++
>>>>>   configs/sandbox_defconfig |  1 +
>>>>>   include/test/suites.h     |  1 +
>>>>>   test/boot/Makefile        |  1 +
>>>>>   test/boot/measurement.c   | 66
>>>>> +++++++++++++++++++++++++++++++++++++++
>>>>>   test/cmd_ut.c             |  2 ++
>>>>>   6 files changed, 83 insertions(+)
>>>>>   create mode 100644 test/boot/measurement.c
>>>>>
>>>>> diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts
>>>>> index dffe10adbf..ad90bf0541 100644
>>>>> --- a/arch/sandbox/dts/test.dts
>>>>> +++ b/arch/sandbox/dts/test.dts
>>>>> @@ -66,6 +66,17 @@
>>>>>           osd0 = "/osd";
>>>>>       };
>>>>>
>>>>> +    reserved-memory {
>>>>> +        #address-cells = <1>;
>>>>> +        #size-cells = <1>;
>>>>> +        ranges;
>>>>> +
>>>>> +        event_log: tcg_event_log at d0e000 {
>>>>> +            no-map;
>>>>> +            reg = <0x00d0e000 0x2000>;
>>>
>>> How should this work if you don't define linux,sml-base and
>>> linux,sml-size?
>>
>>
>> I have sent a patch to the linux list for using a reserved memory
>> region, as I have also added in the u-boot TPM layer for the event log.
>>
>> https://patchwork.kernel.org/project/linux-integrity/patch/20230103162010.381214-1-eajames@linux.ibm.com/ 
>>
>
> Thank you for the clarification.
>
> The kernel patch seems to need rework:
> https://lore.kernel.org/all/202301040834.YsMHDMpw-lkp@intel.com/


Yes I'll address that.


>
> Shouldn't the sandbox device-tree support these properties? This will
> allow us to write a test application that the sandbox can run via
> booti/bootz (depending on bitness) and bootm. This test application can
> retrieve the event log and print it via Linux system calls.


OK, I can add it to the main sandbox device-tree as well then. It is 
added to the sandbox test device-tree, used by the unit test case I added.


Thanks,

Eddie


>
> Best regards
>
> Heinrich


More information about the U-Boot mailing list