From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 3C7ADC636D6
	for <u-boot@archiver.kernel.org>; Wed, 22 Feb 2023 18:03:18 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id B3D7185AC6;
	Wed, 22 Feb 2023 19:03:08 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=linux.ibm.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.b="h+MhgZtl";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 027FE85ADB; Wed, 22 Feb 2023 19:02:58 +0100 (CET)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id ED98B85A58
 for <u-boot@lists.denx.de>; Wed, 22 Feb 2023 19:02:53 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=linux.ibm.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=eajames@linux.ibm.com
Received: from pps.filterd (m0098409.ppops.net [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
 31MHDtGg026153; Wed, 22 Feb 2023 18:02:47 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com;
 h=from : to : cc : subject
 : date : message-id : mime-version : content-transfer-encoding; s=pp1;
 bh=NRFcBcw2aB26nR3PfXOdmhpo+TvYxeLa4cloWDo3O0E=;
 b=h+MhgZtlYnE4Ayn+TtpC/7vrZ7WE7jrkzHkDjngkjv20FvdaBospb6ebP3qkPf7FNDTY
 dv2Lytt36EobrjUyyxulU+TPUvdG80ECUh33zwSpAFzUpy86JfwpVwzVTZzR7qc8PFPX
 BEWTpco6s9yM90cjM7apL85WDPJwpz4YCmfswU2xE3h50om3hv8ItpGhjjvVbj9570lN
 C4YIf6R87EFq8fdSQCBvCOhA6e0LgRIUs9r/5/M48P5QDFifuUOZ32v9tPgsO1ByRJyR
 9hVmhh+mBucEg4ZbX18YYVJRIuH292gt57qbBizh/S27fl8OCxRb535eZUihOabAU5d7 Tw== 
Received: from pps.reinject (localhost [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nwq79hdut-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Wed, 22 Feb 2023 18:02:47 +0000
Received: from m0098409.ppops.net (m0098409.ppops.net [127.0.0.1])
 by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 31MHnOnK010998;
 Wed, 22 Feb 2023 18:02:47 GMT
Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com
 [169.62.189.11])
 by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3nwq79hduf-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Wed, 22 Feb 2023 18:02:46 +0000
Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1])
 by ppma03dal.us.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 31MGAuSx005297;
 Wed, 22 Feb 2023 18:02:46 GMT
Received: from smtprelay07.dal12v.mail.ibm.com ([9.208.130.99])
 by ppma03dal.us.ibm.com (PPS) with ESMTPS id 3ntpa77y5h-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Wed, 22 Feb 2023 18:02:46 +0000
Received: from smtpav06.wdc07v.mail.ibm.com (smtpav06.wdc07v.mail.ibm.com
 [10.39.53.233])
 by smtprelay07.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 31MI2is720972192
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Wed, 22 Feb 2023 18:02:44 GMT
Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 803AF58054;
 Wed, 22 Feb 2023 18:02:44 +0000 (GMT)
Received: from smtpav06.wdc07v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 7C0395804E;
 Wed, 22 Feb 2023 18:02:43 +0000 (GMT)
Received: from slate16.aus.stglabs.ibm.com (unknown [9.160.56.187])
 by smtpav06.wdc07v.mail.ibm.com (Postfix) with ESMTP;
 Wed, 22 Feb 2023 18:02:43 +0000 (GMT)
From: Eddie James <eajames@linux.ibm.com>
To: u-boot@lists.denx.de
Cc: eajames@linux.ibm.com, sjg@chromium.org, ilias.apalodimas@linaro.org,
 xypron.glpk@gmx.de, joel@jms.id.au
Subject: [PATCH v6 0/6] tpm: Support boot measurements
Date: Wed, 22 Feb 2023 12:02:36 -0600
Message-Id: <20230222180242.4040958-1-eajames@linux.ibm.com>
X-Mailer: git-send-email 2.31.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: Ax6wtRVI6rMBT-zp_gYv6XdLGfLCVhWT
X-Proofpoint-ORIG-GUID: Sx837AwHmHMGLmUT8qGD1MmuClrTb7eK
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22
 definitions=2023-02-22_06,2023-02-22_02,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 mlxscore=0 adultscore=0
 priorityscore=1501 impostorscore=0 malwarescore=0 suspectscore=0
 bulkscore=0 mlxlogscore=999 clxscore=1015 phishscore=0 spamscore=0
 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2212070000 definitions=main-2302220157
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been moved to
the TPM layer. The series includes optional measurement from the bootm 
command.
A new test case has been added for the bootm measurement to test the new
path, and the sandbox TPM2 driver has been updated to support this use
case.
This series is based on Ilias' auto-startup series and Simon's additions.

Changes since v5:
 - Re-ordered the patches to put the sandbox TPM driver patch second
 - Remove unused platform_get_eventlog in efi_tcg2.c
 - First look for tpm_event_log_* properties instead of linux,sml-*
 - Fix efi_tcg2.c compilation
 - Select SHA* configs
 - Remove the !SANDBOX dependency for EFI TCG2
 - Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
   is enabled

Changes since v4:
 - Remove tcg2_measure_event function and check for NULL data in
   tcg2_measure_data
 - Use tpm_auto_startup
 - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
 - Change PCR indexes for initrd and dtb
 - Drop u8 casting in measurement test
 - Use bullets in documentation

Changes since v3:
 - Reordered headers
 - Refactored more of EFI code into common code
    Removed digest_info structure and instead used the common alg_to_mask
      and alg_to_len
    Improved event log parsing in common code to get it equivalent to EFI
      Common code now extends PCR if previous bootloader stage couldn't
      No need to allocate memory in the common code, so EFI copies the
      discovered buffer like it did before
    Rename efi measure_event function

Changes since v2:
 - Add documentation.
 - Changed reserved memory address to the top of the RAM for sandbox dts.
 - Add measure state to booti and bootz.
 - Skip measurement for EFI images that should be measured

Changes since v1:
 - Refactor TPM layer functions to allow EFI system to use them, and
   remove duplicate EFI functions.
 - Add test case
 - Drop #ifdefs for bootm
 - Add devicetree measurement config option
 - Update sandbox TPM driver

Eddie James (6):
  tpm: Fix spelling for tpmu_ha union
  tpm: sandbox: Update for needed TPM2 capabilities
  tpm: Support boot measurements
  bootm: Support boot measurement
  test: Add sandbox TPM boot measurement
  doc: Add measured boot documentation

 arch/sandbox/dts/sandbox.dtsi  |   13 +
 arch/sandbox/dts/test.dts      |   13 +
 boot/Kconfig                   |   23 +
 boot/bootm.c                   |   70 +++
 cmd/booti.c                    |    1 +
 cmd/bootm.c                    |    2 +
 cmd/bootz.c                    |    1 +
 configs/sandbox_defconfig      |    1 +
 doc/usage/index.rst            |    1 +
 doc/usage/measured_boot.rst    |   23 +
 drivers/tpm/tpm2_tis_sandbox.c |  100 ++-
 include/bootm.h                |    2 +
 include/efi_tcg2.h             |   44 --
 include/image.h                |    1 +
 include/test/suites.h          |    1 +
 include/tpm-v2.h               |  246 +++++++-
 lib/Kconfig                    |    4 +
 lib/efi_loader/Kconfig         |    2 -
 lib/efi_loader/efi_tcg2.c      | 1053 +++-----------------------------
 lib/tpm-v2.c                   |  773 +++++++++++++++++++++++
 test/boot/Makefile             |    1 +
 test/boot/measurement.c        |   66 ++
 test/cmd_ut.c                  |    4 +
 23 files changed, 1392 insertions(+), 1053 deletions(-)
 create mode 100644 doc/usage/measured_boot.rst
 create mode 100644 test/boot/measurement.c

-- 
2.31.1