[PATCH v14 4/8] bootm: Support boot measurement
Heinrich Schuchardt
xypron.glpk at gmx.de
Wed Oct 25 15:03:13 CEST 2023
On 24.10.23 17:43, Eddie James wrote:
> Add a configuration option to measure the boot through the bootm
> function. Add the measurement state to the booti and bootz paths
> as well.
>
> Signed-off-by: Eddie James <eajames at linux.ibm.com>
> Reviewed-by: Simon Glass <sjg at chromium.org>
> ---
> Changes since v8:
> - Added a configuration option to select to ignore any existing
> event log. This would only be selected for systems that know
> that U-Boot is the first stage bootloader. This is necessary
> because the reserved memory region may persist through resets
> and so U-Boot attempts to append to the previous boot's log.
>
> Changes since v6:
> - Added comment for bootm_measure
> - Fixed line length in bootm_measure
>
> boot/Kconfig | 32 +++++++++++++++++++++
> boot/bootm.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++
> cmd/booti.c | 1 +
> cmd/bootm.c | 2 ++
> cmd/bootz.c | 1 +
> include/bootm.h | 11 ++++++++
> include/image.h | 1 +
> 7 files changed, 122 insertions(+)
>
> diff --git a/boot/Kconfig b/boot/Kconfig
> index a01e6cb8aa..abbc72f4cf 100644
> --- a/boot/Kconfig
> +++ b/boot/Kconfig
> @@ -685,6 +685,38 @@ config LEGACY_IMAGE_FORMAT
> loaded. If a board needs the legacy image format support in this
> case, enable it here.
>
> +config MEASURED_BOOT
> + bool "Measure boot images and configuration to TPM and event log"
> + depends on HASH && TPM_V2
> + help
> + This option enables measurement of the boot process. Measurement
> + involves creating cryptographic hashes of the binary images that
> + are booting and storing them in the TPM. In addition, a log of
> + these hashes is stored in memory for the OS to verify the booted
> + images and configuration. Enable this if the OS has configured
> + some memory area for the event log and you intend to use some
> + attestation tools on your system.
> +
> +if MEASURED_BOOT
> + config MEASURE_DEVICETREE
> + bool "Measure the devicetree image"
> + default y if MEASURED_BOOT
> + help
> + On some platforms, the devicetree is not static as it may contain
> + random MAC addresses or other such data that changes each boot.
> + Therefore, it should not be measured into the TPM. In that case,
> + disable the measurement here.
I guess the device-tree should be measured before fix-ups.
A main source of randomness is the KASLR seed.
@Ilias: How are we handling this in the EFI case?
Best regards
Heinrich
More information about the U-Boot
mailing list