From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6C8DFC6379F for ; Wed, 22 Feb 2023 10:22:56 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 6874C85A6E; Wed, 22 Feb 2023 11:22:53 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="YX/gotZC"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 9833185A6C; Wed, 22 Feb 2023 11:22:50 +0100 (CET) Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 98B9B85870 for ; Wed, 22 Feb 2023 11:22:47 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x529.google.com with SMTP id ee7so13186653edb.2 for ; Wed, 22 Feb 2023 02:22:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=JoS4xyQczQzPlzhfxvNEbgEhAIVAEIXpEdJBETQbN24=; b=YX/gotZCtOsEfIFLvMHu+Gpc0eZSdHuDGljM6Zw25nJsljvFKh75QakBOLBTnAQYJS AlH2+KLqCznWusXU5hPp7b5iCAOtgMu+zEBEd1FHOMafxSNfSZsOgdOf6FNDR9+LOWU9 w3aA78LA+pI7eJN0v8DeSpwkrJ3Ionw7FvNQqkPx9vD54wwRkU47FXochsHc7s2HYqeA +SYIHW2Zyx/PoZeF3yvtL9krIfJIAu3WyNc89BwdFrlYyXjm6u8bLruZ4mIHhX4h+yZ6 brbAexwltze05KxiY/9oVb0xI1TN7MPK35DwSuwAE/xhz3hSHK/c+K49pDi+90b5Bkqf QUKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=JoS4xyQczQzPlzhfxvNEbgEhAIVAEIXpEdJBETQbN24=; b=jV8f73wZtgIJAZHqhT6DQA7ZzDVs1csuDEIpLN0tBl9PhMFwUJyUQmwCyUAIU/uyMT yeneUbC6vacITEL3xoZxhrSvfNCJavZwZlsJ7GP3JG2KMih7BTNeUfpb0E687SfPiHmv sJyPqfuNY8xOCnfT1bFAyJy8hXV0Bc7Yvxxi9c+X90zNFsAOakIPrPZSw9L2J+8OO+u6 ikhZIzqM5C0lhnxu0sWqD5k567K/7s6kbJeJcu0TQSv3LWBQGpCpqdtGV8cpndqTfppC mXfOnl17VdhvfuXXHnqyrEUjdiy3zMJIrNt8gvtwMl/QTWa+FOlPHDyWgvA7ynCOw6r4 eATg== X-Gm-Message-State: AO0yUKWMMwFyHaIwFZ3UqOdmnxypJ/ksDAqlkaYH2VWyBUcHHxYrbFaI 9XW0nQC9qIeLvviZUj9yz2KPEA== X-Google-Smtp-Source: AK7set+u+2/zIFB5ov59bRp77Q82+G/AqigaM5Tk71vforNAZ80APqN5aJN241oqBdgHB5vqJBt3mg== X-Received: by 2002:a17:906:b05a:b0:8b1:300f:1bdc with SMTP id bj26-20020a170906b05a00b008b1300f1bdcmr17938716ejb.64.1677061367147; Wed, 22 Feb 2023 02:22:47 -0800 (PST) Received: from hera (ppp176092130041.access.hol.gr. [176.92.130.41]) by smtp.gmail.com with ESMTPSA id h21-20020a50cdd5000000b004af5968cb3bsm1537683edj.17.2023.02.22.02.22.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Feb 2023 02:22:46 -0800 (PST) Date: Wed, 22 Feb 2023 12:22:44 +0200 From: Ilias Apalodimas To: Eddie James Cc: u-boot@lists.denx.de, sjg@chromium.org, xypron.glpk@gmx.de Subject: Re: [PATCH v5 0/6] tpm: Support boot measurements Message-ID: References: <20230202170531.119796-1-eajames@linux.ibm.com> <18e0f808-b250-28cf-08fd-ddf84d21ba6b@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <18e0f808-b250-28cf-08fd-ddf84d21ba6b@linux.ibm.com> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean Hi Eddie, On Tue, Feb 21, 2023 at 04:38:58PM -0600, Eddie James wrote: > > On 2/6/23 06:20, Ilias Apalodimas wrote: > > Thanks Eddie, > > > > I quickly tested this but the EFI subsystem fails to initialize the TCG > > protocol properly now. Unfortunately I am on a business trip and I won't > > be able to take a look into why till next week > > > Hi Ilias, > > > I haven't had the opportunity to test this, have you? Not yet, apologies. I'll try looking into it this week. Thanks /Ilias > > > Thanks, > > Eddie > > > > > > Cheers > > /Ilias > > > > On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote: > > > This series adds support for measuring the boot images more generically > > > than the existing EFI support. Several EFI functions have been moved to > > > the TPM layer. The series includes optional measurement from the bootm > > > command. > > > A new test case has been added for the bootm measurement to test the new > > > path, and the sandbox TPM2 driver has been updated to support this use > > > case. > > > This series is based on Ilias' auto-startup series: > > > https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodimas@linaro.org/ > > > > > > Changes since v4: > > > - Remove tcg2_measure_event function and check for NULL data in > > > tcg2_measure_data > > > - Use tpm_auto_startup > > > - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function > > > - Change PCR indexes for initrd and dtb > > > - Drop u8 casting in measurement test > > > - Use bullets in documentation > > > > > > Changes since v3: > > > - Reordered headers > > > - Refactored more of EFI code into common code > > > Removed digest_info structure and instead used the common alg_to_mask > > > and alg_to_len > > > Improved event log parsing in common code to get it equivalent to EFI > > > Common code now extends PCR if previous bootloader stage couldn't > > > No need to allocate memory in the common code, so EFI copies the > > > discovered buffer like it did before > > > Rename efi measure_event function > > > > > > Changes since v2: > > > - Add documentation. > > > - Changed reserved memory address to the top of the RAM for sandbox dts. > > > - Add measure state to booti and bootz. > > > - Skip measurement for EFI images that should be measured > > > > > > Changes since v1: > > > - Refactor TPM layer functions to allow EFI system to use them, and > > > remove duplicate EFI functions. > > > - Add test case > > > - Drop #ifdefs for bootm > > > - Add devicetree measurement config option > > > - Update sandbox TPM driver > > > > > > Eddie James (6): > > > tpm: Fix spelling for tpmu_ha union > > > tpm: Support boot measurements > > > bootm: Support boot measurement > > > tpm: sandbox: Update for needed TPM2 capabilities > > > test: Add sandbox TPM boot measurement > > > doc: Add measured boot documentation > > > > > > arch/sandbox/dts/sandbox.dtsi | 14 + > > > arch/sandbox/dts/test.dts | 13 + > > > boot/Kconfig | 23 + > > > boot/bootm.c | 70 +++ > > > cmd/booti.c | 1 + > > > cmd/bootm.c | 2 + > > > cmd/bootz.c | 1 + > > > configs/sandbox_defconfig | 1 + > > > doc/usage/index.rst | 1 + > > > doc/usage/measured_boot.rst | 23 + > > > drivers/tpm/tpm2_tis_sandbox.c | 100 +++- > > > include/bootm.h | 2 + > > > include/efi_tcg2.h | 44 -- > > > include/image.h | 1 + > > > include/test/suites.h | 1 + > > > include/tpm-v2.h | 246 +++++++- > > > lib/efi_loader/efi_tcg2.c | 1010 +++----------------------------- > > > lib/tpm-v2.c | 771 ++++++++++++++++++++++++ > > > test/boot/Makefile | 1 + > > > test/boot/measurement.c | 66 +++ > > > test/cmd_ut.c | 2 + > > > 21 files changed, 1383 insertions(+), 1010 deletions(-) > > > create mode 100644 doc/usage/measured_boot.rst > > > create mode 100644 test/boot/measurement.c > > > > > > -- > > > 2.31.1 > > >