Pull request for tpm-master-28012025

Ilias Apalodimas ilias.apalodimas at linaro.org
Wed Jan 29 11:21:02 CET 2025 

The following changes since commit a517796cfa5d8f4ca2f0c11c78c24a08a102c047:

  Prepare v2025.04-rc1 (2025-01-27 16:38:46 -0600)

are available in the Git repository at:

  https://source.denx.de/u-boot/custodians/u-boot-tpm/ tags/tpm-master-28012025

for you to fetch changes up to 8895ff8ae2186b53b4a073966ef16b09c12a69b8:

  tpm: get tpm event log from bloblist (2025-01-28 09:09:32 +0200)

The CI https://source.denx.de/u-boot/custodians/u-boot-tpm/-/pipelines/24375
didn't show any errors

Please pull
/Ilias
----------------------------------------------------------------
We have use cases where a previous stage boot loader doesn't have any
TPM drivers. Instead of extending the hardware PCRs it produces an
EventLog that U-Boot later replays on the hardware.

The only real example we have is TF-A, which produces the EventLog using
hashing algorithms created at compile time. This creates a problem to the
TPM since measurements need to extend all active PCR banks. Up to now
we were exiting refusing the extend measurements.

TPMs can be instructed to change their active PCR banks, as long as the
device resets immediately after a reconfiguration. U-Boot can now scan
the active TPM PCR banks, the ones U-Boot was compiled to support and the
ones present in an EventLog. It the reconfigures the TPM on the fly with
the correct algorithms.

On top of that it's adding code to retrieve the EventLog from a Transfer List
entry instead of a DT entry (if present).
----------------------------------------------------------------

Raymond Mao (9):
      tpm: add TPM2_Shutdown command
      tpm: add TPM2_PCR_Allocate command
      tpm: add wrapper and helper APIs for PCR allocate
      tpm: add PCR allocate into the eventlog handling
      tpm: PCR allocate during PCR extend to disable the unsupported algorithms
      board: qemu-arm: select TPM_PCR_ALLOCATE
      bloblist: add api to get blob with size
      tcg2: decouple eventlog size from efi
      tpm: get tpm event log from bloblist

 cmd/tpm-v2.c                 | 128 ++++++++++++++++++++-
 common/bloblist.c            |  17 ++-
 configs/qemu_arm64_defconfig |   1 +
 doc/usage/measured_boot.rst  |   1 -
 drivers/tpm/Kconfig          |   9 ++
 include/bloblist.h           |  18 +++
 include/efi_tcg2.h           |   2 -
 include/tpm-v2.h             |  53 ++++++++-
 lib/Kconfig                  |  12 ++
 lib/efi_loader/Kconfig       |   9 --
 lib/efi_loader/efi_tcg2.c    |  15 +--
 lib/tpm-v2.c                 | 259 ++++++++++++++++++++++++++++++++++++++++++-
 lib/tpm_api.c                |   4 +-
 lib/tpm_tcg2.c               | 111 ++++++++++---------
 test/common/bloblist.c       |   4 +
 15 files changed, 556 insertions(+), 87 deletions(-)

More information about the U-Boot mailing list