From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 906E0C61DA4 for ; Wed, 22 Feb 2023 11:34:13 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 335D185AA0; Wed, 22 Feb 2023 12:34:11 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="cJD54JR/"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8239685AA0; Wed, 22 Feb 2023 12:34:09 +0100 (CET) Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id DA2AD85A6C for ; Wed, 22 Feb 2023 12:34:04 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x535.google.com with SMTP id h16so29257668edz.10 for ; Wed, 22 Feb 2023 03:34:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=DZeRz4Nqw8nB+oEpFdqNY4Iizeh5d2K/WJAgcIMEI4c=; b=cJD54JR/nlxge7lgtm0NZRsjrgktPEXBHD/bVWW2yuhrHxDZ/m13aOxsJXJqsSmEt9 nbXPDL131r5aFPbwKt22Rhy1EklbkE5V7KSPDTWNlvfxwMho7y0ACWK0FcZFFTTn1wJY vMXjA/Gof8upgs0O+hHHsP7alhzaBrJHfU0QGRJXug59bnkw2ZZUzzLe2K/MpyVIrRLk 1z1X7XUIJgtUU555+IdKKxHKXkGiGDwLNpK/L9tllVfK04kyOBT9oW8s3KQzC9uKi+hI qP3HuAGyl3lAbJAnmyA6atzQMhKZKdBd2vSzOp4bEXqYl1n03rmfp/CWBkU4YVO3LqLS X+AA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=DZeRz4Nqw8nB+oEpFdqNY4Iizeh5d2K/WJAgcIMEI4c=; b=d080ucLdpV6suyYkJ7T4ByfyuiNZer9Ib4ZIbQeWsvLnktqVUVyeo2f6qqcrDxSZ6Y /vFzjQKLBUcX3tOHXqcBqTuR/sf3M6DZUvEa5BQGhOoN9XlF7PbAVhCXlKWqgl7PwnG8 wodku7Hf8AF+k16JbGuRhHY0w3P0jaEsk8FA4APoCLbgmerlskbdbD4M2zDmk8e/tHPw j+r787/VcarClM0PZIygrChWbSplgJSX6oRjvF4EatTGTqrrneE3jEkrQ1fb4C1IBXxf 1qxOBrK1XhsEMqgHP10Rpl/yWYnujrga6nMuNCOgsP9d+p3R9ne9Ko08kDmBnrwLll4b bnIQ== X-Gm-Message-State: AO0yUKXe95b0/+8C6W9xKazTrqWKh5xaHbaxJ3/ZZkjTZY69DVKDeYc7 CfjGr2ji6XLfOzYixlnPJ2v5gw== X-Google-Smtp-Source: AK7set+Py2OczGrNw1tSip3K2cm3gJDLWExFW5ZNsG48Ccwk6tolOdZDoO3hWhKf5JrEVxN+0rr4/A== X-Received: by 2002:a17:906:c309:b0:8aa:bea6:ce8b with SMTP id s9-20020a170906c30900b008aabea6ce8bmr13538286ejz.53.1677065644389; Wed, 22 Feb 2023 03:34:04 -0800 (PST) Received: from hera (ppp176092130041.access.hol.gr. [176.92.130.41]) by smtp.gmail.com with ESMTPSA id z7-20020a170906714700b008b17b0f5d07sm7473077ejj.217.2023.02.22.03.33.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Feb 2023 03:33:40 -0800 (PST) Date: Wed, 22 Feb 2023 13:33:38 +0200 From: Ilias Apalodimas To: Eddie James Cc: u-boot@lists.denx.de, sjg@chromium.org, xypron.glpk@gmx.de Subject: Re: [PATCH v5 0/6] tpm: Support boot measurements Message-ID: References: <20230202170531.119796-1-eajames@linux.ibm.com> <18e0f808-b250-28cf-08fd-ddf84d21ba6b@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <18e0f808-b250-28cf-08fd-ddf84d21ba6b@linux.ibm.com> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean Hi Eddie, On Tue, Feb 21, 2023 at 04:38:58PM -0600, Eddie James wrote: > > On 2/6/23 06:20, Ilias Apalodimas wrote: > > Thanks Eddie, > > > > I quickly tested this but the EFI subsystem fails to initialize the TCG > > protocol properly now. Unfortunately I am on a business trip and I won't > > be able to take a look into why till next week > > > Hi Ilias, > > > I haven't had the opportunity to test this, have you? > > > Thanks, > > Eddie > > > > > > Cheers > > /Ilias > > Still going through the code so bear with me. It seems that the EFI failure is coming from tcg2_platform_get_log() specifically if none of linux,sml-base nor tpm_event_log_addr if present in the dtb. One thing we should change here is look for tpm_event_log_addr first. The reason is that this is a very 'special' case in which TF-A fills in an eventlog for us, while linux,sml-base is more generic so I'd rather explicitly prefer TF-A id it prepared an eventlog for us. On the failure now, if none of the nodes is present we are looking for 'memory-region' within the TPM node? Looking at the DT specs the tpm should only support "compatible, label, linux,sml-base/size' am I missing something? I also had to apply [0] for this to compile. You can 'easily' test the EFI changes by doing a 'printenv -e'. This will at least initialize the efi subsystem and install the needed EFI tables (you need CMD_NVEDIT_EFI=y) [0] https://source.denx.de/u-boot/custodians/u-boot-tpm/-/commit/d473596cd6900117485014476c70c49f202bd8da Hope this helps a bit. Let me know if I can help in any other way. Don't bother *testing* the eventlog for EFI on a full linux boot. I'll run that on v6 /Ilias > > On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote: > > > This series adds support for measuring the boot images more generically > > > than the existing EFI support. Several EFI functions have been moved to > > > the TPM layer. The series includes optional measurement from the bootm > > > command. > > > A new test case has been added for the bootm measurement to test the new > > > path, and the sandbox TPM2 driver has been updated to support this use > > > case. > > > This series is based on Ilias' auto-startup series: > > > https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodimas@linaro.org/ > > > > > > Changes since v4: > > > - Remove tcg2_measure_event function and check for NULL data in > > > tcg2_measure_data > > > - Use tpm_auto_startup > > > - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function > > > - Change PCR indexes for initrd and dtb > > > - Drop u8 casting in measurement test > > > - Use bullets in documentation > > > > > > Changes since v3: > > > - Reordered headers > > > - Refactored more of EFI code into common code > > > Removed digest_info structure and instead used the common alg_to_mask > > > and alg_to_len > > > Improved event log parsing in common code to get it equivalent to EFI > > > Common code now extends PCR if previous bootloader stage couldn't > > > No need to allocate memory in the common code, so EFI copies the > > > discovered buffer like it did before > > > Rename efi measure_event function > > > > > > Changes since v2: > > > - Add documentation. > > > - Changed reserved memory address to the top of the RAM for sandbox dts. > > > - Add measure state to booti and bootz. > > > - Skip measurement for EFI images that should be measured > > > > > > Changes since v1: > > > - Refactor TPM layer functions to allow EFI system to use them, and > > > remove duplicate EFI functions. > > > - Add test case > > > - Drop #ifdefs for bootm > > > - Add devicetree measurement config option > > > - Update sandbox TPM driver > > > > > > Eddie James (6): > > > tpm: Fix spelling for tpmu_ha union > > > tpm: Support boot measurements > > > bootm: Support boot measurement > > > tpm: sandbox: Update for needed TPM2 capabilities > > > test: Add sandbox TPM boot measurement > > > doc: Add measured boot documentation > > > > > > arch/sandbox/dts/sandbox.dtsi | 14 + > > > arch/sandbox/dts/test.dts | 13 + > > > boot/Kconfig | 23 + > > > boot/bootm.c | 70 +++ > > > cmd/booti.c | 1 + > > > cmd/bootm.c | 2 + > > > cmd/bootz.c | 1 + > > > configs/sandbox_defconfig | 1 + > > > doc/usage/index.rst | 1 + > > > doc/usage/measured_boot.rst | 23 + > > > drivers/tpm/tpm2_tis_sandbox.c | 100 +++- > > > include/bootm.h | 2 + > > > include/efi_tcg2.h | 44 -- > > > include/image.h | 1 + > > > include/test/suites.h | 1 + > > > include/tpm-v2.h | 246 +++++++- > > > lib/efi_loader/efi_tcg2.c | 1010 +++----------------------------- > > > lib/tpm-v2.c | 771 ++++++++++++++++++++++++ > > > test/boot/Makefile | 1 + > > > test/boot/measurement.c | 66 +++ > > > test/cmd_ut.c | 2 + > > > 21 files changed, 1383 insertions(+), 1010 deletions(-) > > > create mode 100644 doc/usage/measured_boot.rst > > > create mode 100644 test/boot/measurement.c > > > > > > -- > > > 2.31.1 > > >