[PATCH v12 5/8] test: Add sandbox TPM boot measurement

Eddie James eajames at linux.ibm.com
Thu Oct 19 15:29:35 CEST 2023 

On 10/13/23 12:22, Ilias Apalodimas wrote:
> Hi Eddie,
>
> This doesn't apply on -master, can you please rebase?


Ugh I thought you wanted -next... I can rebase again.


>
> Thanks
> /Ilias
>
> On Thu, 12 Oct 2023 at 16:49, Eddie James <eajames at linux.ibm.com> wrote:
>> Use the sandbox TPM driver to measure some boot images in a unit
>> test case.
>>
>> Signed-off-by: Eddie James <eajames at linux.ibm.com>
>> Reviewed-by: Simon Glass <sjg at chromium.org>
>> Acked-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
>> ---
>> Changes since v5:
>>   - Only compile in the measurement u-boot command when
>>     CONFIG_MEASURED_BOOT is enabled.
>>
>>   arch/sandbox/dts/sandbox.dtsi | 13 +++++++
>>   arch/sandbox/dts/test.dts     | 13 +++++++
>>   configs/sandbox_defconfig     |  1 +
>>   include/test/suites.h         |  1 +
>>   test/boot/Makefile            |  1 +
>>   test/boot/measurement.c       | 66 +++++++++++++++++++++++++++++++++++
>>   test/cmd_ut.c                 |  4 +++
>>   7 files changed, 99 insertions(+)
>>   create mode 100644 test/boot/measurement.c
>>
>> diff --git a/arch/sandbox/dts/sandbox.dtsi b/arch/sandbox/dts/sandbox.dtsi
>> index ff7e5584c5..241f397ba6 100644
>> --- a/arch/sandbox/dts/sandbox.dtsi
>> +++ b/arch/sandbox/dts/sandbox.dtsi
>> @@ -4,11 +4,23 @@
>>    * and sandbox64 builds.
>>    */
>>
>> +#include <config.h>
>>   #include <dt-bindings/input/input.h>
>>
>>   #define USB_CLASS_HUB                  9
>>
>>   / {
>> +       reserved-memory {
>> +               #address-cells = <1>;
>> +               #size-cells = <1>;
>> +               ranges;
>> +
>> +               event_log: tcg_event_log {
>> +                       no-map;
>> +                       reg = <(CFG_SYS_SDRAM_SIZE - 0x2000) 0x2000>;
>> +               };
>> +       };
>> +
>>          binman {
>>          };
>>
>> @@ -342,6 +354,7 @@
>>
>>          tpm2 {
>>                  compatible = "sandbox,tpm2";
>> +               memory-region = <&event_log>;
>>          };
>>
>>          triangle {
>> diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts
>> index 9a863ea732..bb2ddd9bf2 100644
>> --- a/arch/sandbox/dts/test.dts
>> +++ b/arch/sandbox/dts/test.dts
>> @@ -9,6 +9,7 @@
>>
>>   /dts-v1/;
>>
>> +#include <config.h>
>>   #include <dt-bindings/gpio/gpio.h>
>>   #include <dt-bindings/gpio/sandbox-gpio.h>
>>   #include <dt-bindings/input/input.h>
>> @@ -68,6 +69,17 @@
>>                  osd0 = "/osd";
>>          };
>>
>> +       reserved-memory {
>> +               #address-cells = <1>;
>> +               #size-cells = <1>;
>> +               ranges;
>> +
>> +               event_log: tcg_event_log {
>> +                       no-map;
>> +                       reg = <(CFG_SYS_SDRAM_SIZE - 0x2000) 0x2000>;
>> +               };
>> +       };
>> +
>>          binman: binman {
>>          };
>>
>> @@ -1422,6 +1434,7 @@
>>
>>          tpm2 {
>>                  compatible = "sandbox,tpm2";
>> +               memory-region = <&event_log>;
>>          };
>>
>>          tpm {
>> diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
>> index d667cb9ae4..12c387a77e 100644
>> --- a/configs/sandbox_defconfig
>> +++ b/configs/sandbox_defconfig
>> @@ -349,3 +349,4 @@ CONFIG_UNIT_TEST=y
>>   CONFIG_UT_TIME=y
>>   CONFIG_UT_DM=y
>>   CONFIG_ARM_FFA_TRANSPORT=y
>> +CONFIG_MEASURED_BOOT=y
>> diff --git a/include/test/suites.h b/include/test/suites.h
>> index 1c7dc65966..48ed549c13 100644
>> --- a/include/test/suites.h
>> +++ b/include/test/suites.h
>> @@ -45,6 +45,7 @@ int do_ut_font(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
>>   int do_ut_lib(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
>>   int do_ut_loadm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
>>   int do_ut_log(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]);
>> +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]);
>>   int do_ut_mem(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
>>   int do_ut_optee(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
>>   int do_ut_overlay(struct cmd_tbl *cmdtp, int flag, int argc,
>> diff --git a/test/boot/Makefile b/test/boot/Makefile
>> index 52947580ae..068522cb9e 100644
>> --- a/test/boot/Makefile
>> +++ b/test/boot/Makefile
>> @@ -4,6 +4,7 @@
>>
>>   obj-$(CONFIG_BOOTSTD) += bootdev.o bootstd_common.o bootflow.o bootmeth.o
>>   obj-$(CONFIG_FIT) += image.o
>> +obj-$(CONFIG_MEASURED_BOOT) += measurement.o
>>
>>   obj-$(CONFIG_EXPO) += expo.o
>>   obj-$(CONFIG_CEDIT) += cedit.o
>> diff --git a/test/boot/measurement.c b/test/boot/measurement.c
>> new file mode 100644
>> index 0000000000..9db2ed324c
>> --- /dev/null
>> +++ b/test/boot/measurement.c
>> @@ -0,0 +1,66 @@
>> +// SPDX-License-Identifier: GPL-2.0+
>> +/*
>> + * Test for measured boot functions
>> + *
>> + * Copyright 2023 IBM Corp.
>> + * Written by Eddie James <eajames at linux.ibm.com>
>> + */
>> +
>> +#include <common.h>
>> +#include <bootm.h>
>> +#include <malloc.h>
>> +#include <test/suites.h>
>> +#include <test/test.h>
>> +#include <test/ut.h>
>> +#include <asm/io.h>
>> +
>> +#define MEASUREMENT_TEST(_name, _flags)        \
>> +       UNIT_TEST(_name, _flags, measurement_test)
>> +
>> +static int measure(struct unit_test_state *uts)
>> +{
>> +       struct bootm_headers images;
>> +       const size_t size = 1024;
>> +       u8 *kernel;
>> +       u8 *initrd;
>> +       size_t i;
>> +
>> +       kernel = malloc(size);
>> +       initrd = malloc(size);
>> +
>> +       images.os.image_start = map_to_sysmem(kernel);
>> +       images.os.image_len = size;
>> +
>> +       images.rd_start = map_to_sysmem(initrd);
>> +       images.rd_end = images.rd_start + size;
>> +
>> +       images.ft_addr = malloc(size);
>> +       images.ft_len = size;
>> +
>> +       env_set("bootargs", "measurement testing");
>> +
>> +       for (i = 0; i < size; ++i) {
>> +               kernel[i] = 0xf0 | (i & 0xf);
>> +               initrd[i] = (i & 0xf0) | 0xf;
>> +               images.ft_addr[i] = i & 0xff;
>> +       }
>> +
>> +       ut_assertok(bootm_measure(&images));
>> +
>> +       free(images.ft_addr);
>> +       free(initrd);
>> +       free(kernel);
>> +
>> +       return 0;
>> +}
>> +MEASUREMENT_TEST(measure, 0);
>> +
>> +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc,
>> +                     char *const argv[])
>> +{
>> +       struct unit_test *tests = UNIT_TEST_SUITE_START(measurement_test);
>> +       const int n_ents = UNIT_TEST_SUITE_COUNT(measurement_test);
>> +
>> +       return cmd_ut_category("measurement", "measurement_test_", tests,
>> +                              n_ents, argc, argv);
>> +}
>> diff --git a/test/cmd_ut.c b/test/cmd_ut.c
>> index 0f56409e80..e87adcb71e 100644
>> --- a/test/cmd_ut.c
>> +++ b/test/cmd_ut.c
>> @@ -99,6 +99,10 @@ static struct cmd_tbl cmd_ut_sub[] = {
>>   #if CONFIG_IS_ENABLED(UT_UNICODE) && !defined(API_BUILD)
>>          U_BOOT_CMD_MKENT(unicode, CONFIG_SYS_MAXARGS, 1, do_ut_unicode, "", ""),
>>   #endif
>> +#ifdef CONFIG_MEASURED_BOOT
>> +       U_BOOT_CMD_MKENT(measurement, CONFIG_SYS_MAXARGS, 1, do_ut_measurement,
>> +                        "", ""),
>> +#endif
>>   #ifdef CONFIG_SANDBOX
>>          U_BOOT_CMD_MKENT(compression, CONFIG_SYS_MAXARGS, 1, do_ut_compression,
>>                           "", ""),
>> --
>> 2.39.3
>>

More information about the U-Boot mailing list