From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4C14AC6FA8E for ; Thu, 2 Mar 2023 10:29:29 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2642385B2A; Thu, 2 Mar 2023 11:29:27 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="ZjqWEFQl"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id BFC7A85C2F; Thu, 2 Mar 2023 11:29:25 +0100 (CET) Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 668F085B16 for ; Thu, 2 Mar 2023 11:29:23 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x529.google.com with SMTP id s11so1621816edy.8 for ; Thu, 02 Mar 2023 02:29:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=FxiVK18vwr/tNU6r6b75H08H3ZMnkeOQlrh4V3s6pmo=; b=ZjqWEFQlcSeQKobU5TumMn5zhHiCmXUfID/gkWsDLhJvBqXm4wgA8IYZxNgVBgQKTO 4G19W0w31d5tz1MpkHSNlJc9OMC80+YiaHBOSxYMOCgi7qPGJVQHKYwy+fEDjnhF/gMb SjrQgPdJPYv03wEw/Or48wWiMyZ99p04M1ADcroaFm2FGEUi1B70yGwGciMZ4CIyaGCv 7usF3OQ4Jxw4aPEUU90ZfpxI2H4fiDOf35deFlLxgoqFeY0yZxr8hxkEzmwoPFny3EAU 9gHoH7uKCFl68iB3Yhekkiz+Rdxe0fpQ3QwbcWC8406PaURtYShFBgG2vLKzVIRTmPk1 KyhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=FxiVK18vwr/tNU6r6b75H08H3ZMnkeOQlrh4V3s6pmo=; b=X9aiD7tqp7SIVqXYX1ssS4jq6qKs7tquGpFs+v6lCsc8Pq/jJWTXdKFohxEnxdYpEg vi8I+p7ZYUxVw4SB0Q+4GQkO/T+fX+lqhaOKTFxjP9WpEz/mxqdiHG5evMW4FWb6FqB9 JXQU7ondEw3dQJ7sqGP2DbX82TJs1/wcq4mV4geikeVyJWJ+o0j/PdQ9a2yaBfFe6QWX sjIeQteV5vBlp4ZOiMcbh6udu8JDcymCmoO0R26KMcgsdq5/EJw6fUrHys5UVT1Mn76Y BeUWecg7G+waGvX6IXVFIBwdAewX6vYKd1zlCiVOQv71c0QiwikBRjBTRBcu7hQyzafq TGDg== X-Gm-Message-State: AO0yUKUkVWyVL1+udDpUsjMIrC9dum/SAXo/DgmvWhGLfiX69yI8daOY d36wldr724fhA1Bsebntj1xjPA== X-Google-Smtp-Source: AK7set9/Uke9qoJjJBUvDnUmqFL1xMJXCTBaGObPGlZ2OJuJlyV/xraHOTj0pzmBLnM/1qUjf1UBug== X-Received: by 2002:aa7:c943:0:b0:4af:60c1:1961 with SMTP id h3-20020aa7c943000000b004af60c11961mr10762335edt.23.1677752963008; Thu, 02 Mar 2023 02:29:23 -0800 (PST) Received: from hades (ppp176092130041.access.hol.gr. [176.92.130.41]) by smtp.gmail.com with ESMTPSA id n15-20020a5099cf000000b004aef147add6sm6687379edb.47.2023.03.02.02.29.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Mar 2023 02:29:22 -0800 (PST) Date: Thu, 2 Mar 2023 12:29:20 +0200 From: Ilias Apalodimas To: Eddie James Cc: u-boot@lists.denx.de, sjg@chromium.org, xypron.glpk@gmx.de, joel@jms.id.au Subject: Re: [PATCH v7 6/6] doc: Add measured boot documentation Message-ID: References: <20230301225056.1402722-1-eajames@linux.ibm.com> <20230301225056.1402722-7-eajames@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230301225056.1402722-7-eajames@linux.ibm.com> X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean Hi Eddie, This is fine foe now. I'll add a similar description for EFI in the future. On Wed, Mar 01, 2023 at 04:50:56PM -0600, Eddie James wrote: > Briefly describe the feature and specify the requirements. > > Signed-off-by: Eddie James > Reviewed-by: Simon Glass > --- > doc/usage/index.rst | 1 + > doc/usage/measured_boot.rst | 23 +++++++++++++++++++++++ > 2 files changed, 24 insertions(+) > create mode 100644 doc/usage/measured_boot.rst > > diff --git a/doc/usage/index.rst b/doc/usage/index.rst > index cde7dcb14a..0cf78cb0e7 100644 > --- a/doc/usage/index.rst > +++ b/doc/usage/index.rst > @@ -12,6 +12,7 @@ Use U-Boot > partitions > cmdline > semihosting > + measured_boot > > Shell commands > -------------- > diff --git a/doc/usage/measured_boot.rst b/doc/usage/measured_boot.rst > new file mode 100644 > index 0000000000..8357b1f480 > --- /dev/null > +++ b/doc/usage/measured_boot.rst > @@ -0,0 +1,23 @@ > +.. SPDX-License-Identifier: GPL-2.0+ > + > +Measured Boot > +===================== > + > +U-Boot can perform a measured boot, the process of hashing various components > +of the boot process, extending the results in the TPM and logging the > +component's measurement in memory for the operating system to consume. > + > +Requirements > +--------------------- > + > +* A hardware TPM 2.0 supported by the U-Boot drivers > +* CONFIG_TPM=y > +* CONFIG_MEASURED_BOOT=y > +* Device-tree configuration of the TPM device to specify the memory area > + for event logging. The TPM device node must either contain a phandle to > + a reserved memory region or "linux,sml-base" and "linux,sml-size" > + indicating the address and size of the memory region. An example can be > + found in arch/sandbox/dts/test.dts > +* The operating system must also be configured to use the memory regions > + specified in the U-Boot device-tree in order to make use of the event > + log. > -- > 2.31.1 > Reviewed-by: Ilias Apalodimas