From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7AB9FC636D6 for ; Wed, 22 Feb 2023 17:47:44 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2259180BB0; Wed, 22 Feb 2023 18:47:42 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=linux.ibm.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.b="nEr/Q7BV"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id ADA6685959; Wed, 22 Feb 2023 18:47:40 +0100 (CET) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3B7BF80BAA for ; Wed, 22 Feb 2023 18:47:37 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=linux.ibm.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=eajames@linux.ibm.com Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31MHDrjE009383; Wed, 22 Feb 2023 17:47:31 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pp1; bh=s2A6/4K2laeeIISRPyRZ8ZQI3vmsZ9FC5mCCm3tUDuU=; b=nEr/Q7BVXlcqBuGKuG7Tl6EjcSWy/ndMg4+TYmH7OLJ7cVwlXvFp6zdI9gedlWn6tJo3 XZyXvca4GHkV29mZlc35MO0oxvGSZn9hB62vBhc1AS7ZFhgxJEIEeg/6nbaOQDaX4+mm pJlra/if7qoyxSkC1ThSHO9uNBGVJ1xNwLNq1fbr4U4aA6RBBNE7+sMm3z4XQxarHbaw /n9as+1N9X2hDEH6hA8E/brHZ+YN6c1YbWii/xOXZYsLE3RS96td541n+fntiAFrEM2+ j1hjEivxxSuAplsRTPnPX6ONjeAgN8PR0litElsWWBKii6TfUfqjypaXJsVKTtSftUZ6 Sg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3nwmt4wk9p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Feb 2023 17:47:31 +0000 Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31MHkCaP024132; Wed, 22 Feb 2023 17:47:30 GMT Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3nwmt4wk9b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Feb 2023 17:47:30 +0000 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31MFjb9b019811; Wed, 22 Feb 2023 17:47:30 GMT Received: from smtprelay03.dal12v.mail.ibm.com ([9.208.130.98]) by ppma02dal.us.ibm.com (PPS) with ESMTPS id 3ntpa7fv5e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 22 Feb 2023 17:47:30 +0000 Received: from smtpav03.dal12v.mail.ibm.com (smtpav03.dal12v.mail.ibm.com [10.241.53.102]) by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 31MHlTm88258144 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 22 Feb 2023 17:47:29 GMT Received: from smtpav03.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E90DE5803F; Wed, 22 Feb 2023 17:47:28 +0000 (GMT) Received: from smtpav03.dal12v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 529F658056; Wed, 22 Feb 2023 17:47:28 +0000 (GMT) Received: from [9.160.56.187] (unknown [9.160.56.187]) by smtpav03.dal12v.mail.ibm.com (Postfix) with ESMTP; Wed, 22 Feb 2023 17:47:28 +0000 (GMT) Message-ID: <03576833-e04b-cd84-27f5-cbca193d2b8e@linux.ibm.com> Date: Wed, 22 Feb 2023 11:47:27 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 Subject: Re: [PATCH v5 0/6] tpm: Support boot measurements Content-Language: en-US To: Joel Stanley Cc: u-boot@lists.denx.de, sjg@chromium.org, ilias.apalodimas@linaro.org, xypron.glpk@gmx.de References: <20230202170531.119796-1-eajames@linux.ibm.com> From: Eddie James In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed X-TM-AS-GCONF: 00 X-Proofpoint-GUID: MphKpF_orIoI9UzRuQrVCVE76n9CAJBv X-Proofpoint-ORIG-GUID: 7t_C3jBmex170-7BmZTLSaG3vewlE-09 Content-Transfer-Encoding: 7bit X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-22_06,2023-02-22_02,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 phishscore=0 mlxscore=0 impostorscore=0 adultscore=0 malwarescore=0 priorityscore=1501 suspectscore=0 spamscore=0 clxscore=1015 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302220154 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean On 2/21/23 23:36, Joel Stanley wrote: > On Thu, 2 Feb 2023 at 17:08, Eddie James wrote: >> This series adds support for measuring the boot images more generically >> than the existing EFI support. Several EFI functions have been moved to >> the TPM layer. The series includes optional measurement from the bootm >> command. >> A new test case has been added for the bootm measurement to test the new >> path, and the sandbox TPM2 driver has been updated to support this use >> case. >> This series is based on Ilias' auto-startup series: >> https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodimas@linaro.org/ > Nice work Eddie. It looks like you're closing in on the issues Ilias > and Simon have. > > I did some testing and found some missing dependencies from running > 'make check': > > sandbox_spl: +make O=/home/joel/dev/u-boot/upstream/build-sandbox_spl > -s sandbox_spl_defconfig > +make O=/home/joel/dev/u-boot/upstream/build-sandbox_spl -s -j8 > /usr/bin/ld: warning: test/overlay/test-fdt-overlay-stacked.dtb.o: > missing .note.GNU-stack section implies executable stack > /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in > a future version of the linker > /usr/bin/ld: /tmp/cc8cNroX.ltrans22.ltrans.o:(.data.rel+0x440): > undefined reference to `do_ut_measurement' > collect2: error: ld returned 1 exit status > make[2]: *** [/home/joel/dev/u-boot/upstream/Makefile:1752: u-boot] Error 1 > > There's a few variants of the sandbox defconfig. I'm not sure if we > want to exclude the measurement code from those configs, or add it to > the configs. Thanks Joel. I feel the right thing here would be to only build the measurement test when CONFIG_MEASURED_BOOT is enabled, so I'll make that change. > > When fixing them up to add CONFIG_MEASURED_BOOT=y we still fail to link: > > sandbox_spl: +make O=/home/joel/dev/u-boot/upstream/build-sandbox_spl > -s sandbox_spl_defconfig > +make O=/home/joel/dev/u-boot/upstream/build-sandbox_spl -s -j8 > /usr/bin/ld: warning: test/overlay/test-fdt-overlay-stacked.dtb.o: > missing .note.GNU-stack section implies executable stack > /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in > a future version of the linker > /usr/bin/ld: /tmp/ccRuOSFi.ltrans17.ltrans.o: in function `tcg2_create_digest': > /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:112: > undefined reference to `sha512_starts' > /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:113: > undefined reference to `sha512_update' > /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:114: > undefined reference to `sha512_finish' > /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:106: > undefined reference to `sha384_starts' > /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:107: > undefined reference to `sha384_update' > /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:108: > undefined reference to `sha384_finish' > collect2: error: ld returned 1 exit status > > This sorted that out for me: > > --- a/lib/Kconfig > +++ b/lib/Kconfig > @@ -411,6 +411,8 @@ config TPM > bool "Trusted Platform Module (TPM) Support" > depends on DM > imply DM_RNG > + select SHA512 > + select SHA384 > > The tree I tested with is here: > https://github.com/shenki/u-boot/commits/measured-boot Thanks, I'll select those. Eddie > > Cheers, > > Joel > >> Changes since v4: >> - Remove tcg2_measure_event function and check for NULL data in >> tcg2_measure_data >> - Use tpm_auto_startup >> - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function >> - Change PCR indexes for initrd and dtb >> - Drop u8 casting in measurement test >> - Use bullets in documentation >> >> Changes since v3: >> - Reordered headers >> - Refactored more of EFI code into common code >> Removed digest_info structure and instead used the common alg_to_mask >> and alg_to_len >> Improved event log parsing in common code to get it equivalent to EFI >> Common code now extends PCR if previous bootloader stage couldn't >> No need to allocate memory in the common code, so EFI copies the >> discovered buffer like it did before >> Rename efi measure_event function >> >> Changes since v2: >> - Add documentation. >> - Changed reserved memory address to the top of the RAM for sandbox dts. >> - Add measure state to booti and bootz. >> - Skip measurement for EFI images that should be measured >> >> Changes since v1: >> - Refactor TPM layer functions to allow EFI system to use them, and >> remove duplicate EFI functions. >> - Add test case >> - Drop #ifdefs for bootm >> - Add devicetree measurement config option >> - Update sandbox TPM driver >> >> Eddie James (6): >> tpm: Fix spelling for tpmu_ha union >> tpm: Support boot measurements >> bootm: Support boot measurement >> tpm: sandbox: Update for needed TPM2 capabilities >> test: Add sandbox TPM boot measurement >> doc: Add measured boot documentation >> >> arch/sandbox/dts/sandbox.dtsi | 14 + >> arch/sandbox/dts/test.dts | 13 + >> boot/Kconfig | 23 + >> boot/bootm.c | 70 +++ >> cmd/booti.c | 1 + >> cmd/bootm.c | 2 + >> cmd/bootz.c | 1 + >> configs/sandbox_defconfig | 1 + >> doc/usage/index.rst | 1 + >> doc/usage/measured_boot.rst | 23 + >> drivers/tpm/tpm2_tis_sandbox.c | 100 +++- >> include/bootm.h | 2 + >> include/efi_tcg2.h | 44 -- >> include/image.h | 1 + >> include/test/suites.h | 1 + >> include/tpm-v2.h | 246 +++++++- >> lib/efi_loader/efi_tcg2.c | 1010 +++----------------------------- >> lib/tpm-v2.c | 771 ++++++++++++++++++++++++ >> test/boot/Makefile | 1 + >> test/boot/measurement.c | 66 +++ >> test/cmd_ut.c | 2 + >> 21 files changed, 1383 insertions(+), 1010 deletions(-) >> create mode 100644 doc/usage/measured_boot.rst >> create mode 100644 test/boot/measurement.c >> >> -- >> 2.31.1 >>