[PATCH v4 0/6] tpm: Support boot measurements

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Eddie James <eajames@linux.ibm.com>
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, ilias.apalodimas@linaro.org,
	xypron.glpk@gmx.de, eajames@linux.ibm.com
Subject: [PATCH v4 0/6] tpm: Support boot measurements
Date: Wed, 25 Jan 2023 11:18:04 -0600	[thread overview]
Message-ID: <20230125171810.3724530-1-eajames@linux.ibm.com> (raw)

This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been moved to
the TPM layer. The series includes optional measurement from the bootm 
command.
A new test case has been added for the bootm measurement to test the new
path, and the sandbox TPM2 driver has been updated to support this use
case.

Changes since v3:
 - Reordered headers
 - Refactored more of EFI code into common code
    Removed digest_info structure and instead used the common alg_to_mask
      and alg_to_len
    Improved event log parsing in common code to get it equivalent to EFI
      Common code now extends PCR if previous bootloader stage couldn't
      No need to allocate memory in the common code, so EFI copies the
      discovered buffer like it did before
    Rename efi measure_event function

Changes since v2:
 - Add documentation.
 - Changed reserved memory address to the top of the RAM for sandbox dts.
 - Add measure state to booti and bootz.
 - Skip measurement for EFI images that should be measured

Changes since v1:
 - Refactor TPM layer functions to allow EFI system to use them, and
   remove duplicate EFI functions.
 - Add test case
 - Drop #ifdefs for bootm
 - Add devicetree measurement config option
 - Update sandbox TPM driver

Eddie James (6):
  tpm: Fix spelling for tpmu_ha union
  tpm: Support boot measurements
  bootm: Support boot measurement
  tpm: sandbox: Update for needed TPM2 capabilities
  test: Add sandbox TPM boot measurement
  doc: Add measured boot documentation

 arch/sandbox/dts/sandbox.dtsi  |  14 +
 arch/sandbox/dts/test.dts      |  13 +
 boot/Kconfig                   |  23 +
 boot/bootm.c                   |  70 +++
 cmd/booti.c                    |   1 +
 cmd/bootm.c                    |   2 +
 cmd/bootz.c                    |   1 +
 configs/sandbox_defconfig      |   1 +
 doc/usage/index.rst            |   1 +
 doc/usage/measured_boot.rst    |  23 +
 drivers/tpm/tpm2_tis_sandbox.c | 100 +++-
 include/bootm.h                |   2 +
 include/efi_tcg2.h             |  44 --
 include/image.h                |   1 +
 include/test/suites.h          |   1 +
 include/tpm-v2.h               | 258 ++++++++-
 lib/efi_loader/efi_tcg2.c      | 975 +++------------------------------
 lib/tpm-v2.c                   | 799 +++++++++++++++++++++++++++
 test/boot/Makefile             |   1 +
 test/boot/measurement.c        |  66 +++
 test/cmd_ut.c                  |   2 +
 21 files changed, 1425 insertions(+), 973 deletions(-)
 create mode 100644 doc/usage/measured_boot.rst
 create mode 100644 test/boot/measurement.c

-- 
2.31.1

next             reply	other threads:[~2023-01-25 17:18 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-25 17:18 Eddie James [this message]
2023-01-25 17:18 ` [PATCH v4 1/6] tpm: Fix spelling for tpmu_ha union Eddie James
2023-01-25 17:18 ` [PATCH v4 2/6] tpm: Support boot measurements Eddie James
2023-01-26  7:51   ` Ilias Apalodimas
2023-02-02 16:24     ` Eddie James
2023-02-02 17:12       ` Simon Glass
2023-02-02 17:18         ` Eddie James
2023-02-07  0:20           ` Simon Glass
2023-01-25 17:18 ` [PATCH v4 3/6] bootm: Support boot measurement Eddie James
2023-01-26  1:41   ` Simon Glass
2023-01-26 14:41     ` Eddie James
2023-01-27  0:54       ` Simon Glass
2023-01-26  6:54   ` Ilias Apalodimas
2023-01-25 17:18 ` [PATCH v4 4/6] tpm: sandbox: Update for needed TPM2 capabilities Eddie James
2023-01-26  6:41   ` Ilias Apalodimas
2023-01-25 17:18 ` [PATCH v4 5/6] test: Add sandbox TPM boot measurement Eddie James
2023-01-26  1:41   ` Simon Glass
2023-01-25 17:18 ` [PATCH v4 6/6] doc: Add measured boot documentation Eddie James
2023-01-25 18:47   ` Heinrich Schuchardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230125171810.3724530-1-eajames@linux.ibm.com \
    --to=eajames@linux.ibm.com \
    --cc=ilias.apalodimas@linaro.org \
    --cc=sjg@chromium.org \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox