[PATCH v14 4/8] bootm: Support boot measurement

Eddie James eajames at linux.ibm.com
Wed Oct 25 15:53:49 CEST 2023 

On 10/25/23 07:41, Ilias Apalodimas wrote:
> On Tue, 24 Oct 2023 at 18:44, Eddie James <eajames at linux.ibm.com> wrote:
>> Add a configuration option to measure the boot through the bootm
>> function. Add the measurement state to the booti and bootz paths
>> as well.
>>
>> Signed-off-by: Eddie James <eajames at linux.ibm.com>
>> Reviewed-by: Simon Glass <sjg at chromium.org>
>> ---
>> Changes since v8:
>>   - Added a configuration option to select to ignore any existing
>>     event log. This would only be selected for systems that know
>>     that U-Boot is the first stage bootloader. This is necessary
>>     because the reserved memory region may persist through resets
>>     and so U-Boot attempts to append to the previous boot's log.
>>
>> Changes since v6:
>>   - Added comment for bootm_measure
>>   - Fixed line length in bootm_measure
>>
>>   boot/Kconfig    | 32 +++++++++++++++++++++
>>   boot/bootm.c    | 74 +++++++++++++++++++++++++++++++++++++++++++++++++
>>   cmd/booti.c     |  1 +
>>   cmd/bootm.c     |  2 ++
>>   cmd/bootz.c     |  1 +
>>   include/bootm.h | 11 ++++++++
>>   include/image.h |  1 +
>>   7 files changed, 122 insertions(+)
>>
>> diff --git a/boot/Kconfig b/boot/Kconfig
>> index a01e6cb8aa..abbc72f4cf 100644
>> --- a/boot/Kconfig
>> +++ b/boot/Kconfig
>> @@ -685,6 +685,38 @@ config LEGACY_IMAGE_FORMAT
>>            loaded. If a board needs the legacy image format support in this
>>            case, enable it here.
>>
>> +config MEASURED_BOOT
>> +       bool "Measure boot images and configuration to TPM and event log"
>> +       depends on HASH && TPM_V2
> I know Simon reviewed this already, but don't we need to add !EFI here?
> UEFI already supports measurements via the TCG protocol implementation.
> But since EFI is 'default y' nowadays anyone minds if I change the
> help & bool messages during merge?
> Something along the lines of
> bool "Measure boot images and configuration to TPM and event log when
> booting without EFI"


Oh right, yes, go ahead, that sounds good, thanks.

Eddie


>
> [...]
>
> Thanks
> /Ilias

More information about the U-Boot mailing list