From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 59CADC54E94 for ; Wed, 25 Jan 2023 17:18:26 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2F44B856C4; Wed, 25 Jan 2023 18:18:24 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=linux.ibm.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.b="lkS+39P2"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 01213856A4; Wed, 25 Jan 2023 18:18:21 +0100 (CET) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 5970F85480 for ; Wed, 25 Jan 2023 18:18:17 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=linux.ibm.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=eajames@linux.ibm.com Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30PHGIWV023975; Wed, 25 Jan 2023 17:18:14 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=c+vscWQaz9tW2XymSC6yP9+8V0BhsXLXoX7ZHVJD25w=; b=lkS+39P20m15kiaqdeCSnXtJULK2hRgk+XjeTI80eGXR25cCbDF2Y4RvFJ+HJjQmaWI8 UZn5hwxejwrym56sJOOECAoIAi9hmaeYjnk8+FyvK/kIEF7GQkb+PKYtRLZAYCWQqoHy xYpp3F//TWy4E+aIOMTvoQFrQ9OMysLN9A9uM7cwRri6srAoaGh4B2BexljJqaPjwjqx ioqkZVdTXNjhQxiwYhUWV6U095DWUMP7s61tb9D/KxIuOmeGjTouSjLHs36uPzV3loaY rmzS2JiH7ofdH0dwAzgu6VngIxav1XJxNQV8FCddKcO7fTGbg9Ei0SwdbNtPChbgSCRc /A== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nb8p4r2g2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 25 Jan 2023 17:18:14 +0000 Received: from m0098421.ppops.net (m0098421.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 30PHGT0T025000; Wed, 25 Jan 2023 17:18:14 GMT Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nb8p4r2fk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 25 Jan 2023 17:18:14 +0000 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 30PGxjEC006960; Wed, 25 Jan 2023 17:18:13 GMT Received: from smtprelay03.wdc07v.mail.ibm.com ([9.208.129.113]) by ppma03dal.us.ibm.com (PPS) with ESMTPS id 3n87p7f7yc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 25 Jan 2023 17:18:13 +0000 Received: from smtpav03.wdc07v.mail.ibm.com (smtpav03.wdc07v.mail.ibm.com [10.39.53.230]) by smtprelay03.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 30PHIBYu61735342 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Jan 2023 17:18:12 GMT Received: from smtpav03.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EFD4C5805F; Wed, 25 Jan 2023 17:18:11 +0000 (GMT) Received: from smtpav03.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 04EAA5805A; Wed, 25 Jan 2023 17:18:11 +0000 (GMT) Received: from slate16.aus.stglabs.ibm.com (unknown [9.77.150.21]) by smtpav03.wdc07v.mail.ibm.com (Postfix) with ESMTP; Wed, 25 Jan 2023 17:18:10 +0000 (GMT) From: Eddie James To: u-boot@lists.denx.de Cc: sjg@chromium.org, ilias.apalodimas@linaro.org, xypron.glpk@gmx.de, eajames@linux.ibm.com Subject: [PATCH v4 0/6] tpm: Support boot measurements Date: Wed, 25 Jan 2023 11:18:04 -0600 Message-Id: <20230125171810.3724530-1-eajames@linux.ibm.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: c4CophL8CsvStUp9gZqJkxshpW3zcZy4 X-Proofpoint-GUID: ZIxq53EYSh3CIVdDEpv-mipwUV7eeX63 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-25_11,2023-01-25_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 phishscore=0 lowpriorityscore=0 mlxlogscore=999 clxscore=1011 spamscore=0 malwarescore=0 mlxscore=0 bulkscore=0 priorityscore=1501 impostorscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301250147 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean This series adds support for measuring the boot images more generically than the existing EFI support. Several EFI functions have been moved to the TPM layer. The series includes optional measurement from the bootm command. A new test case has been added for the bootm measurement to test the new path, and the sandbox TPM2 driver has been updated to support this use case. Changes since v3: - Reordered headers - Refactored more of EFI code into common code Removed digest_info structure and instead used the common alg_to_mask and alg_to_len Improved event log parsing in common code to get it equivalent to EFI Common code now extends PCR if previous bootloader stage couldn't No need to allocate memory in the common code, so EFI copies the discovered buffer like it did before Rename efi measure_event function Changes since v2: - Add documentation. - Changed reserved memory address to the top of the RAM for sandbox dts. - Add measure state to booti and bootz. - Skip measurement for EFI images that should be measured Changes since v1: - Refactor TPM layer functions to allow EFI system to use them, and remove duplicate EFI functions. - Add test case - Drop #ifdefs for bootm - Add devicetree measurement config option - Update sandbox TPM driver Eddie James (6): tpm: Fix spelling for tpmu_ha union tpm: Support boot measurements bootm: Support boot measurement tpm: sandbox: Update for needed TPM2 capabilities test: Add sandbox TPM boot measurement doc: Add measured boot documentation arch/sandbox/dts/sandbox.dtsi | 14 + arch/sandbox/dts/test.dts | 13 + boot/Kconfig | 23 + boot/bootm.c | 70 +++ cmd/booti.c | 1 + cmd/bootm.c | 2 + cmd/bootz.c | 1 + configs/sandbox_defconfig | 1 + doc/usage/index.rst | 1 + doc/usage/measured_boot.rst | 23 + drivers/tpm/tpm2_tis_sandbox.c | 100 +++- include/bootm.h | 2 + include/efi_tcg2.h | 44 -- include/image.h | 1 + include/test/suites.h | 1 + include/tpm-v2.h | 258 ++++++++- lib/efi_loader/efi_tcg2.c | 975 +++------------------------------ lib/tpm-v2.c | 799 +++++++++++++++++++++++++++ test/boot/Makefile | 1 + test/boot/measurement.c | 66 +++ test/cmd_ut.c | 2 + 21 files changed, 1425 insertions(+), 973 deletions(-) create mode 100644 doc/usage/measured_boot.rst create mode 100644 test/boot/measurement.c -- 2.31.1