[PATCH] doc: describe UEFI measured boot

[Heinrich Schuchardt]

On 14.06.24 11:40, Ilias Apalodimas wrote:
> We currently only describe the process to enable measured boot using
> bootm. Describe the UEFI requirements as well which predate bootm.
>
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> ---
>   doc/usage/measured_boot.rst | 24 ++++++++++++++++++++++--
>   1 file changed, 22 insertions(+), 2 deletions(-)
>
> diff --git a/doc/usage/measured_boot.rst b/doc/usage/measured_boot.rst
> index 9691904a9d8a..1b5dd1dcc438 100644
> --- a/doc/usage/measured_boot.rst
> +++ b/doc/usage/measured_boot.rst
> @@ -7,6 +7,26 @@ U-Boot can perform a measured boot, the process of hashing various components
>   of the boot process, extending the results in the TPM and logging the
>   component's measurement in memory for the operating system to consume.
>
> +The functionality is available when booting via the EFI subsystem or 'bootm'

Thanks for adding a description for legacy measured boot.

@Eddie
Is it really only the bootm command? How about booti and bootz? Not
measuring there would be quite inconsistent.

Please, add a document link to doc/usage/cmd/bootm.rst.

> +command.
> +
> +UEFI subsystem

UEFI measured boot

> +--------------
> +The EFI subsystem implements the `EFI TCG protocol
> +<https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/>`_
> +and the `TCG PC Client Specific Platform Firmware Profile Specification
> +<https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/>`_
> +which defines the binaries to be measured and the corresponding PCRs used.

to be used.

> +
> +UEFI requirements
> +~~~~~~~~~~~~~~~~~
> +* A hardware TPM 2.0 supported by the U-Boot drivers

by an enabled U-Boot driver.

> +* CONFIG_EFI_TCG2_PROTOCOL=y
> +* CONFIG_EFI_TCG2_PROTOCOL_EVENTLOG_SIZE=y
> +* optional CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB=y will measure the loaded DTB in PCR 0

Why does this setting not default to yes?

Should EFI_TCG2_PROTOCOL_MEASURE_DTB depend on !GENERATE_ACPI_TABLE as
we won't load the device-tree in this case?

I can't find any reference to device-trees in `TCG PC Client Platform
Firmware Profile Specification`. Where is PCR 0 for the device-tree
specified? I read:

"In general, the platform firmware measures into PCR[1] the
configuration data that is associated with the code that measured into
PCR[0]".

This looks like PCR 1 should be the target for the device-tree.

Do we already measure ACPI and SMBIOS tables into PCR1 as required by
the specification.

> +
> +bootm

Measured legacy boot with bootm command

Please, consider in your description that the bootm command may be used
to load a FIT image with an EFI binary.

> +-----
>   By default, U-Boot will measure the operating system (linux) image, the
>   initrd image, and the "bootargs" environment variable. By enabling
>   CONFIG_MEASURE_DEVICETREE, U-Boot will also measure the devicetree image.
> @@ -15,8 +35,8 @@ The operating system typically would verify that the hashes found in the
>   TPM PCRs match the contents of the event log. This can further be checked
>   against the hash results of previous boots.
>
> -Requirements
> -------------
> +bootm requirements

This is already a sub-section of bootm. No need to repeat it.

> +~~~~~~~~~~~~~~~~~~
>
>   * A hardware TPM 2.0 supported by the U-Boot drivers

by an enabled U-Boot driver.

>   * CONFIG_TPM=y

CONFIG_TPM_V2=y is required?

Best regards

Heinrich