From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id EDDA6C54EBD
	for <u-boot@archiver.kernel.org>; Thu, 12 Jan 2023 16:16:41 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 2566B852B6;
	Thu, 12 Jan 2023 17:16:25 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=linux.ibm.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.b="apvhtcdS";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 96C48853C6; Thu, 12 Jan 2023 17:16:19 +0100 (CET)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
 [148.163.158.5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 66BC58529D
 for <u-boot@lists.denx.de>; Thu, 12 Jan 2023 17:16:15 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=linux.ibm.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=eajames@linux.ibm.com
Received: from pps.filterd (m0098419.ppops.net [127.0.0.1])
 by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 30CG8WcP011306; Thu, 12 Jan 2023 16:16:11 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com;
 h=from : to : cc : subject
 : date : message-id : mime-version : content-transfer-encoding; s=pp1;
 bh=oBE1iLb2k6hcUOmjm0zHg8LgRqe61MXhb+37IXOOojY=;
 b=apvhtcdS6cM7GPqFm1wCUF3r49pYLvBk9y/4zLvQ0KebH1xQYfN/VULZqN92iJs/Mi4Q
 /+iXLqqPpMe55o8EJVt1RSXBzENFLPpa50PV9cEHa/zPHQNkqY0RDiGk6xx3jiO+QBgb
 Q/D6RfVmNu4bqe+YUr21jiCRPmggbwAwTw33fwlZAnhvMD9BbgzjH4q2CnO8MNFbXLbj
 U6Iouw98UCxePymFTrSS57SFr3vQ3xsX1VnR8+Dh+E0iXWiBNSbQokZCf2dhvJehyy6p
 9QbkqmHVq/FibTf4HZN93VcI02js79LOawtfMhhH4cud6+usZzWHrLpw3asVM9XgkV0g Ow== 
Received: from pps.reinject (localhost [127.0.0.1])
 by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n2mxwh2jd-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Thu, 12 Jan 2023 16:16:11 +0000
Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1])
 by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30CGDBqv031962;
 Thu, 12 Jan 2023 16:16:10 GMT
Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com
 [169.53.41.122])
 by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3n2mxwh2j3-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Thu, 12 Jan 2023 16:16:10 +0000
Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1])
 by ppma04dal.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30CFHGGv029141;
 Thu, 12 Jan 2023 16:16:09 GMT
Received: from smtprelay03.dal12v.mail.ibm.com ([9.208.130.98])
 by ppma04dal.us.ibm.com (PPS) with ESMTPS id 3n1m03cjww-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Thu, 12 Jan 2023 16:16:09 +0000
Received: from smtpav05.dal12v.mail.ibm.com (smtpav05.dal12v.mail.ibm.com
 [10.241.53.104])
 by smtprelay03.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 30CGG8BS44106024
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Thu, 12 Jan 2023 16:16:08 GMT
Received: from smtpav05.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id A777658052;
 Thu, 12 Jan 2023 16:16:08 +0000 (GMT)
Received: from smtpav05.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 041BD58065;
 Thu, 12 Jan 2023 16:16:08 +0000 (GMT)
Received: from slate16.aus.stglabs.ibm.com (unknown [9.77.137.189])
 by smtpav05.dal12v.mail.ibm.com (Postfix) with ESMTP;
 Thu, 12 Jan 2023 16:16:07 +0000 (GMT)
From: Eddie James <eajames@linux.ibm.com>
To: u-boot@lists.denx.de
Cc: ilias.apalodimas@linaro.org, sjg@chromium.org, xypron.glpk@gmx.de,
 eajames@linux.ibm.com
Subject: [PATCH v3 0/6] tpm: Support boot measurements
Date: Thu, 12 Jan 2023 10:16:01 -0600
Message-Id: <20230112161607.282165-1-eajames@linux.ibm.com>
X-Mailer: git-send-email 2.31.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: W9DJ97wmPIhWn0JSISqbxhbDJHBtLAUO
X-Proofpoint-ORIG-GUID: 9NyOmDpAgwuHe9tUjDIeC2-PMkAvZVIN
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.219,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2023-01-12_08,2023-01-12_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 mlxlogscore=954
 suspectscore=0 adultscore=0 lowpriorityscore=0 clxscore=1015 bulkscore=0
 spamscore=0 mlxscore=0 impostorscore=0 malwarescore=0 priorityscore=1501
 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2212070000 definitions=main-2301120116
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been moved to
the TPM layer. The series includes optional measurement from the bootm 
command.
A new test case has been added for the bootm measurement to test the new
path, and the sandbox TPM2 driver has been updated to support this use
case.

Changes since v2:
 - Add documentation.
 - Changed reserved memory address to the top of the RAM for sandbox dts.
 - Add measure state to booti and bootz.
 - Skip measurement for EFI images that should be measured

Changes since v1:
 - Refactor TPM layer functions to allow EFI system to use them, and
   remove duplicate EFI functions.
 - Add test case
 - Drop #ifdefs for bootm
 - Add devicetree measurement config option
 - Update sandbox TPM driver

Eddie James (6):
  tpm: Fix spelling for tpmu_ha union
  tpm: Support boot measurements
  bootm: Support boot measurement
  tpm: sandbox: Update for needed TPM2 capabilities
  test: Add sandbox TPM boot measurement
  doc: Add measured boot documentation

 arch/sandbox/dts/sandbox.dtsi  |  14 +
 arch/sandbox/dts/test.dts      |  13 +
 boot/Kconfig                   |  23 ++
 boot/bootm.c                   |  70 ++++
 cmd/booti.c                    |   1 +
 cmd/bootm.c                    |   2 +
 cmd/bootz.c                    |   1 +
 configs/sandbox_defconfig      |   1 +
 doc/usage/index.rst            |   1 +
 doc/usage/measured_boot.rst    |  23 ++
 drivers/tpm/tpm2_tis_sandbox.c | 100 +++--
 include/bootm.h                |   2 +
 include/efi_tcg2.h             |  44 --
 include/image.h                |   1 +
 include/test/suites.h          |   1 +
 include/tpm-v2.h               | 215 +++++++++-
 lib/efi_loader/efi_tcg2.c      | 362 +----------------
 lib/tpm-v2.c                   | 708 +++++++++++++++++++++++++++++++++
 test/boot/Makefile             |   1 +
 test/boot/measurement.c        |  66 +++
 test/cmd_ut.c                  |   2 +
 21 files changed, 1234 insertions(+), 417 deletions(-)
 create mode 100644 doc/usage/measured_boot.rst
 create mode 100644 test/boot/measurement.c

-- 
2.31.1