From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Eddie James <eajames@linux.ibm.com>
Cc: u-boot@lists.denx.de, sjg@chromium.org, xypron.glpk@gmx.de
Subject: Re: [PATCH v5 0/6] tpm: Support boot measurements
Date: Wed, 22 Feb 2023 12:22:44 +0200 [thread overview]
Message-ID: <Y/Xs9FroQt8Fuii7@hera> (raw)
In-Reply-To: <18e0f808-b250-28cf-08fd-ddf84d21ba6b@linux.ibm.com>
Hi Eddie,
On Tue, Feb 21, 2023 at 04:38:58PM -0600, Eddie James wrote:
>
> On 2/6/23 06:20, Ilias Apalodimas wrote:
> > Thanks Eddie,
> >
> > I quickly tested this but the EFI subsystem fails to initialize the TCG
> > protocol properly now. Unfortunately I am on a business trip and I won't
> > be able to take a look into why till next week
>
>
> Hi Ilias,
>
>
> I haven't had the opportunity to test this, have you?
Not yet, apologies. I'll try looking into it this week.
Thanks
/Ilias
>
>
> Thanks,
>
> Eddie
>
>
> >
> > Cheers
> > /Ilias
> >
> > On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote:
> > > This series adds support for measuring the boot images more generically
> > > than the existing EFI support. Several EFI functions have been moved to
> > > the TPM layer. The series includes optional measurement from the bootm
> > > command.
> > > A new test case has been added for the bootm measurement to test the new
> > > path, and the sandbox TPM2 driver has been updated to support this use
> > > case.
> > > This series is based on Ilias' auto-startup series:
> > > https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodimas@linaro.org/
> > >
> > > Changes since v4:
> > > - Remove tcg2_measure_event function and check for NULL data in
> > > tcg2_measure_data
> > > - Use tpm_auto_startup
> > > - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
> > > - Change PCR indexes for initrd and dtb
> > > - Drop u8 casting in measurement test
> > > - Use bullets in documentation
> > >
> > > Changes since v3:
> > > - Reordered headers
> > > - Refactored more of EFI code into common code
> > > Removed digest_info structure and instead used the common alg_to_mask
> > > and alg_to_len
> > > Improved event log parsing in common code to get it equivalent to EFI
> > > Common code now extends PCR if previous bootloader stage couldn't
> > > No need to allocate memory in the common code, so EFI copies the
> > > discovered buffer like it did before
> > > Rename efi measure_event function
> > >
> > > Changes since v2:
> > > - Add documentation.
> > > - Changed reserved memory address to the top of the RAM for sandbox dts.
> > > - Add measure state to booti and bootz.
> > > - Skip measurement for EFI images that should be measured
> > >
> > > Changes since v1:
> > > - Refactor TPM layer functions to allow EFI system to use them, and
> > > remove duplicate EFI functions.
> > > - Add test case
> > > - Drop #ifdefs for bootm
> > > - Add devicetree measurement config option
> > > - Update sandbox TPM driver
> > >
> > > Eddie James (6):
> > > tpm: Fix spelling for tpmu_ha union
> > > tpm: Support boot measurements
> > > bootm: Support boot measurement
> > > tpm: sandbox: Update for needed TPM2 capabilities
> > > test: Add sandbox TPM boot measurement
> > > doc: Add measured boot documentation
> > >
> > > arch/sandbox/dts/sandbox.dtsi | 14 +
> > > arch/sandbox/dts/test.dts | 13 +
> > > boot/Kconfig | 23 +
> > > boot/bootm.c | 70 +++
> > > cmd/booti.c | 1 +
> > > cmd/bootm.c | 2 +
> > > cmd/bootz.c | 1 +
> > > configs/sandbox_defconfig | 1 +
> > > doc/usage/index.rst | 1 +
> > > doc/usage/measured_boot.rst | 23 +
> > > drivers/tpm/tpm2_tis_sandbox.c | 100 +++-
> > > include/bootm.h | 2 +
> > > include/efi_tcg2.h | 44 --
> > > include/image.h | 1 +
> > > include/test/suites.h | 1 +
> > > include/tpm-v2.h | 246 +++++++-
> > > lib/efi_loader/efi_tcg2.c | 1010 +++-----------------------------
> > > lib/tpm-v2.c | 771 ++++++++++++++++++++++++
> > > test/boot/Makefile | 1 +
> > > test/boot/measurement.c | 66 +++
> > > test/cmd_ut.c | 2 +
> > > 21 files changed, 1383 insertions(+), 1010 deletions(-)
> > > create mode 100644 doc/usage/measured_boot.rst
> > > create mode 100644 test/boot/measurement.c
> > >
> > > --
> > > 2.31.1
> > >
next prev parent reply other threads:[~2023-02-22 10:22 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-02 17:05 [PATCH v5 0/6] tpm: Support boot measurements Eddie James
2023-02-02 17:05 ` [PATCH v5 1/6] tpm: Fix spelling for tpmu_ha union Eddie James
2023-02-02 17:05 ` [PATCH v5 2/6] tpm: Support boot measurements Eddie James
2023-02-02 17:05 ` [PATCH v5 3/6] bootm: Support boot measurement Eddie James
2023-02-02 17:05 ` [PATCH v5 4/6] tpm: sandbox: Update for needed TPM2 capabilities Eddie James
2023-02-02 17:05 ` [PATCH v5 5/6] test: Add sandbox TPM boot measurement Eddie James
2023-02-02 17:05 ` [PATCH v5 6/6] doc: Add measured boot documentation Eddie James
2023-02-06 12:20 ` [PATCH v5 0/6] tpm: Support boot measurements Ilias Apalodimas
2023-02-21 22:38 ` Eddie James
2023-02-22 10:22 ` Ilias Apalodimas [this message]
2023-02-22 11:33 ` Ilias Apalodimas
2023-02-22 14:59 ` Eddie James
2023-02-22 5:36 ` Joel Stanley
2023-02-22 17:47 ` Eddie James
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y/Xs9FroQt8Fuii7@hera \
--to=ilias.apalodimas@linaro.org \
--cc=eajames@linux.ibm.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox