[PATCH v14 4/8] bootm: Support boot measurement

Ilias Apalodimas ilias.apalodimas at linaro.org
Wed Oct 25 15:21:51 CEST 2023 

On Wed, 25 Oct 2023 at 16:08, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>
> On 24.10.23 17:43, Eddie James wrote:
> > Add a configuration option to measure the boot through the bootm
> > function. Add the measurement state to the booti and bootz paths
> > as well.
> >
> > Signed-off-by: Eddie James <eajames at linux.ibm.com>
> > Reviewed-by: Simon Glass <sjg at chromium.org>
> > ---
> > Changes since v8:
> >   - Added a configuration option to select to ignore any existing
> >     event log. This would only be selected for systems that know
> >     that U-Boot is the first stage bootloader. This is necessary
> >     because the reserved memory region may persist through resets
> >     and so U-Boot attempts to append to the previous boot's log.
> >
> > Changes since v6:
> >   - Added comment for bootm_measure
> >   - Fixed line length in bootm_measure
> >
> >   boot/Kconfig    | 32 +++++++++++++++++++++
> >   boot/bootm.c    | 74 +++++++++++++++++++++++++++++++++++++++++++++++++
> >   cmd/booti.c     |  1 +
> >   cmd/bootm.c     |  2 ++
> >   cmd/bootz.c     |  1 +
> >   include/bootm.h | 11 ++++++++
> >   include/image.h |  1 +
> >   7 files changed, 122 insertions(+)
> >
> > diff --git a/boot/Kconfig b/boot/Kconfig
> > index a01e6cb8aa..abbc72f4cf 100644
> > --- a/boot/Kconfig
> > +++ b/boot/Kconfig
> > @@ -685,6 +685,38 @@ config LEGACY_IMAGE_FORMAT
> >         loaded. If a board needs the legacy image format support in this
> >         case, enable it here.
> >
> > +config MEASURED_BOOT
> > +     bool "Measure boot images and configuration to TPM and event log"
> > +     depends on HASH && TPM_V2
> > +     help
> > +       This option enables measurement of the boot process. Measurement
> > +       involves creating cryptographic hashes of the binary images that
> > +       are booting and storing them in the TPM. In addition, a log of
> > +       these hashes is stored in memory for the OS to verify the booted
> > +       images and configuration. Enable this if the OS has configured
> > +       some memory area for the event log and you intend to use some
> > +       attestation tools on your system.
> > +
> > +if MEASURED_BOOT
> > +     config MEASURE_DEVICETREE
> > +     bool "Measure the devicetree image"
> > +     default y if MEASURED_BOOT
> > +     help
> > +       On some platforms, the devicetree is not static as it may contain
> > +       random MAC addresses or other such data that changes each boot.
> > +       Therefore, it should not be measured into the TPM. In that case,
> > +       disable the measurement here.
>
> I guess the device-tree should be measured before fix-ups.
>
> A main source of randomness is the KASLR seed.
>
> @Ilias: How are we handling this in the EFI case?

We unconditionally strip the KASLR node if EFI_RNG is installed.
efi_try_purge_kaslr_seed() has a useful comment on how the kernel's
EFI-stub behaves.
In any case, we measure selected parts of the DTB, not all of it,
efi_tcg2_measure_dtb() has the details and we keep the DTB measurement
under a Kconfig node.

Regards
/Ilias
>
> Best regards
>
> Heinrich

More information about the U-Boot mailing list