[PATCH v8 0/6] tpm: Support boot measurements

Eddie James eajames at linux.ibm.com
Wed Mar 8 22:12:22 CET 2023 

On 3/6/23 00:58, Ilias Apalodimas wrote:
> Hi Eddie,
>
> This has a few failures on the CI [0].
> Please have a look and let me know if you can't understand the failures


Hi, I think I have fixed the sandbox ones for v9. I'm unsure about the 
EFI selftest one in qemu targets...


Thanks,

Eddie


>
> [0] https://source.denx.de/u-boot/custodians/u-boot-tpm/-/pipelines/15471
>
> Regards
> /Ilias
> On Fri, Mar 03, 2023 at 01:25:00PM -0600, Eddie James wrote:
>> This series adds support for measuring the boot images more generically
>> than the existing EFI support. Several EFI functions have been moved to
>> the TPM layer. The series includes optional measurement from the bootm
>> command.
>> A new test case has been added for the bootm measurement to test the new
>> path, and the sandbox TPM2 driver has been updated to support this use
>> case.
>> This series is based on Ilias' auto-startup series and Simon's additions.
>>
>> Changes since v7:
>>   - Change name of tcg2_init_log and add more documentation
>>   - Add a check, when parsing the event log header, to ensure that the
>>     previous stage bootloader used all the active PCRs.
>>   - Change name of tcg2_log_find_end
>>   - Fix the greater than or equal to check to exit the log parsing
>>   - Make sure log_position is 0 if there is any error discovering the log
>>   - Return errors parsing the log if the data is corrupt so that we don't
>>     end up with half a log
>>
>> Changes since v6:
>>   - Added comment for bootm_measure
>>   - Fixed line length in bootm_measure
>>   - Added Linaro copyright for all the EFI moved code
>>   - Changed tcg2_init_log (and by extension, tcg2_measurement_init) to
>>     copy any discovered event log to the user's log if passed in.
>>
>> Changes since v5:
>>   - Re-ordered the patches to put the sandbox TPM driver patch second
>>   - Remove unused platform_get_eventlog in efi_tcg2.c
>>   - First look for tpm_event_log_* properties instead of linux,sml-*
>>   - Fix efi_tcg2.c compilation
>>   - Select SHA* configs
>>   - Remove the !SANDBOX dependency for EFI TCG2
>>   - Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
>>     is enabled
>>
>> Changes since v4:
>>   - Remove tcg2_measure_event function and check for NULL data in
>>     tcg2_measure_data
>>   - Use tpm_auto_startup
>>   - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
>>   - Change PCR indexes for initrd and dtb
>>   - Drop u8 casting in measurement test
>>   - Use bullets in documentation
>>
>> Changes since v3:
>>   - Reordered headers
>>   - Refactored more of EFI code into common code
>>      Removed digest_info structure and instead used the common alg_to_mask
>>        and alg_to_len
>>      Improved event log parsing in common code to get it equivalent to EFI
>>        Common code now extends PCR if previous bootloader stage couldn't
>>        No need to allocate memory in the common code, so EFI copies the
>>        discovered buffer like it did before
>>      Rename efi measure_event function
>>
>> Changes since v2:
>>   - Add documentation.
>>   - Changed reserved memory address to the top of the RAM for sandbox dts.
>>   - Add measure state to booti and bootz.
>>   - Skip measurement for EFI images that should be measured
>>
>> Changes since v1:
>>   - Refactor TPM layer functions to allow EFI system to use them, and
>>     remove duplicate EFI functions.
>>   - Add test case
>>   - Drop #ifdefs for bootm
>>   - Add devicetree measurement config option
>>   - Update sandbox TPM driver
>>
>> Eddie James (6):
>>    tpm: Fix spelling for tpmu_ha union
>>    tpm: sandbox: Update for needed TPM2 capabilities
>>    tpm: Support boot measurements
>>    bootm: Support boot measurement
>>    test: Add sandbox TPM boot measurement
>>    doc: Add measured boot documentation
>>
>>   arch/sandbox/dts/sandbox.dtsi  |   13 +
>>   arch/sandbox/dts/test.dts      |   13 +
>>   boot/Kconfig                   |   23 +
>>   boot/bootm.c                   |   72 +++
>>   cmd/booti.c                    |    1 +
>>   cmd/bootm.c                    |    2 +
>>   cmd/bootz.c                    |    1 +
>>   configs/sandbox_defconfig      |    1 +
>>   doc/usage/index.rst            |    1 +
>>   doc/usage/measured_boot.rst    |   23 +
>>   drivers/tpm/tpm2_tis_sandbox.c |  100 ++-
>>   include/bootm.h                |   11 +
>>   include/efi_tcg2.h             |   44 --
>>   include/image.h                |    1 +
>>   include/test/suites.h          |    1 +
>>   include/tpm-v2.h               |  255 +++++++-
>>   lib/Kconfig                    |    4 +
>>   lib/efi_loader/Kconfig         |    2 -
>>   lib/efi_loader/efi_tcg2.c      | 1054 +++-----------------------------
>>   lib/tpm-v2.c                   |  815 ++++++++++++++++++++++++
>>   test/boot/Makefile             |    1 +
>>   test/boot/measurement.c        |   66 ++
>>   test/cmd_ut.c                  |    4 +
>>   23 files changed, 1455 insertions(+), 1053 deletions(-)
>>   create mode 100644 doc/usage/measured_boot.rst
>>   create mode 100644 test/boot/measurement.c
>>
>> --
>> 2.31.1
>>

More information about the U-Boot mailing list