From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Eddie James <eajames@linux.ibm.com>
Cc: u-boot@lists.denx.de, sjg@chromium.org, xypron.glpk@gmx.de
Subject: Re: [PATCH v5 0/6] tpm: Support boot measurements
Date: Mon, 6 Feb 2023 14:20:07 +0200 [thread overview]
Message-ID: <Y+Dwd75i+FmeNmwk@hades> (raw)
In-Reply-To: <20230202170531.119796-1-eajames@linux.ibm.com>
Thanks Eddie,
I quickly tested this but the EFI subsystem fails to initialize the TCG
protocol properly now. Unfortunately I am on a business trip and I won't
be able to take a look into why till next week
Cheers
/Ilias
On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote:
> This series adds support for measuring the boot images more generically
> than the existing EFI support. Several EFI functions have been moved to
> the TPM layer. The series includes optional measurement from the bootm
> command.
> A new test case has been added for the bootm measurement to test the new
> path, and the sandbox TPM2 driver has been updated to support this use
> case.
> This series is based on Ilias' auto-startup series:
> https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodimas@linaro.org/
>
> Changes since v4:
> - Remove tcg2_measure_event function and check for NULL data in
> tcg2_measure_data
> - Use tpm_auto_startup
> - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
> - Change PCR indexes for initrd and dtb
> - Drop u8 casting in measurement test
> - Use bullets in documentation
>
> Changes since v3:
> - Reordered headers
> - Refactored more of EFI code into common code
> Removed digest_info structure and instead used the common alg_to_mask
> and alg_to_len
> Improved event log parsing in common code to get it equivalent to EFI
> Common code now extends PCR if previous bootloader stage couldn't
> No need to allocate memory in the common code, so EFI copies the
> discovered buffer like it did before
> Rename efi measure_event function
>
> Changes since v2:
> - Add documentation.
> - Changed reserved memory address to the top of the RAM for sandbox dts.
> - Add measure state to booti and bootz.
> - Skip measurement for EFI images that should be measured
>
> Changes since v1:
> - Refactor TPM layer functions to allow EFI system to use them, and
> remove duplicate EFI functions.
> - Add test case
> - Drop #ifdefs for bootm
> - Add devicetree measurement config option
> - Update sandbox TPM driver
>
> Eddie James (6):
> tpm: Fix spelling for tpmu_ha union
> tpm: Support boot measurements
> bootm: Support boot measurement
> tpm: sandbox: Update for needed TPM2 capabilities
> test: Add sandbox TPM boot measurement
> doc: Add measured boot documentation
>
> arch/sandbox/dts/sandbox.dtsi | 14 +
> arch/sandbox/dts/test.dts | 13 +
> boot/Kconfig | 23 +
> boot/bootm.c | 70 +++
> cmd/booti.c | 1 +
> cmd/bootm.c | 2 +
> cmd/bootz.c | 1 +
> configs/sandbox_defconfig | 1 +
> doc/usage/index.rst | 1 +
> doc/usage/measured_boot.rst | 23 +
> drivers/tpm/tpm2_tis_sandbox.c | 100 +++-
> include/bootm.h | 2 +
> include/efi_tcg2.h | 44 --
> include/image.h | 1 +
> include/test/suites.h | 1 +
> include/tpm-v2.h | 246 +++++++-
> lib/efi_loader/efi_tcg2.c | 1010 +++-----------------------------
> lib/tpm-v2.c | 771 ++++++++++++++++++++++++
> test/boot/Makefile | 1 +
> test/boot/measurement.c | 66 +++
> test/cmd_ut.c | 2 +
> 21 files changed, 1383 insertions(+), 1010 deletions(-)
> create mode 100644 doc/usage/measured_boot.rst
> create mode 100644 test/boot/measurement.c
>
> --
> 2.31.1
>
next prev parent reply other threads:[~2023-02-06 12:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-02 17:05 [PATCH v5 0/6] tpm: Support boot measurements Eddie James
2023-02-02 17:05 ` [PATCH v5 1/6] tpm: Fix spelling for tpmu_ha union Eddie James
2023-02-02 17:05 ` [PATCH v5 2/6] tpm: Support boot measurements Eddie James
2023-02-02 17:05 ` [PATCH v5 3/6] bootm: Support boot measurement Eddie James
2023-02-02 17:05 ` [PATCH v5 4/6] tpm: sandbox: Update for needed TPM2 capabilities Eddie James
2023-02-02 17:05 ` [PATCH v5 5/6] test: Add sandbox TPM boot measurement Eddie James
2023-02-02 17:05 ` [PATCH v5 6/6] doc: Add measured boot documentation Eddie James
2023-02-06 12:20 ` Ilias Apalodimas [this message]
2023-02-21 22:38 ` [PATCH v5 0/6] tpm: Support boot measurements Eddie James
2023-02-22 10:22 ` Ilias Apalodimas
2023-02-22 11:33 ` Ilias Apalodimas
2023-02-22 14:59 ` Eddie James
2023-02-22 5:36 ` Joel Stanley
2023-02-22 17:47 ` Eddie James
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y+Dwd75i+FmeNmwk@hades \
--to=ilias.apalodimas@linaro.org \
--cc=eajames@linux.ibm.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox