[PATCH v3 10/18] tpm: Avoid code bloat when not using EFI_TCG2_PROTOCOL
Ilias Apalodimas
ilias.apalodimas at linaro.org
Fri Jun 21 07:32:40 CEST 2024
Hi Simon,
On Fri, 21 Jun 2024 at 02:06, Simon Glass <sjg at chromium.org> wrote:
>
> It does not make sense to enable all SHA algorithms unless they are
> needed. It bloats the code and in this case, causes chromebook_link to
> fail to build. That board does use the TPM, but not with measured boot,
> nor EFI.
>
> Since EFI_TCG2_PROTOCOL already selects these options, we just need to
> add them to MEASURED_BOOT as well.
>
> Note that the original commit combines refactoring and new features,
> which makes it hard to see what is going on.
>
> Fixes: 97707f12fda tpm: Support boot measurements
> Reviewed-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
> Signed-off-by: Simon Glass <sjg at chromium.org>
> ---
>
> (no changes since v2)
There was a discussion in the previous version, bout enabling these on
CMD_TPM as they are required.
Thanks
/Ilias
>
> Changes in v2:
> - Put the conditions under EFI_TCG2_PROTOCOL
> - Consider MEASURED_BOOT too
>
> boot/Kconfig | 4 ++++
> lib/Kconfig | 4 ----
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/boot/Kconfig b/boot/Kconfig
> index 6f3096c15a6..b061891e109 100644
> --- a/boot/Kconfig
> +++ b/boot/Kconfig
> @@ -734,6 +734,10 @@ config LEGACY_IMAGE_FORMAT
> config MEASURED_BOOT
> bool "Measure boot images and configuration when booting without EFI"
> depends on HASH && TPM_V2
> + select SHA1
> + select SHA256
> + select SHA384
> + select SHA512
> help
> This option enables measurement of the boot process when booting
> without UEFI . Measurement involves creating cryptographic hashes
> diff --git a/lib/Kconfig b/lib/Kconfig
> index 189e6eb31aa..568892fce44 100644
> --- a/lib/Kconfig
> +++ b/lib/Kconfig
> @@ -438,10 +438,6 @@ config TPM
> bool "Trusted Platform Module (TPM) Support"
> depends on DM
> imply DM_RNG
> - select SHA1
> - select SHA256
> - select SHA384
> - select SHA512
> help
> This enables support for TPMs which can be used to provide security
> features for your board. The TPM can be connected via LPC or I2C
> --
> 2.34.1
>
More information about the U-Boot
mailing list