Re: [PATCH v8 0/6] tpm: Support boot measurements

[Ilias Apalodimas <ilias.apalodimas@linaro.org>]

Hi Eddie,

This has a few failures on the CI [0].
Please have a look and let me know if you can't understand the failures

[0] https://source.denx.de/u-boot/custodians/u-boot-tpm/-/pipelines/15471

Regards
/Ilias
On Fri, Mar 03, 2023 at 01:25:00PM -0600, Eddie James wrote:
> This series adds support for measuring the boot images more generically
> than the existing EFI support. Several EFI functions have been moved to
> the TPM layer. The series includes optional measurement from the bootm
> command.
> A new test case has been added for the bootm measurement to test the new
> path, and the sandbox TPM2 driver has been updated to support this use
> case.
> This series is based on Ilias' auto-startup series and Simon's additions.
>
> Changes since v7:
>  - Change name of tcg2_init_log and add more documentation
>  - Add a check, when parsing the event log header, to ensure that the
>    previous stage bootloader used all the active PCRs.
>  - Change name of tcg2_log_find_end
>  - Fix the greater than or equal to check to exit the log parsing
>  - Make sure log_position is 0 if there is any error discovering the log
>  - Return errors parsing the log if the data is corrupt so that we don't
>    end up with half a log
>
> Changes since v6:
>  - Added comment for bootm_measure
>  - Fixed line length in bootm_measure
>  - Added Linaro copyright for all the EFI moved code
>  - Changed tcg2_init_log (and by extension, tcg2_measurement_init) to
>    copy any discovered event log to the user's log if passed in.
>
> Changes since v5:
>  - Re-ordered the patches to put the sandbox TPM driver patch second
>  - Remove unused platform_get_eventlog in efi_tcg2.c
>  - First look for tpm_event_log_* properties instead of linux,sml-*
>  - Fix efi_tcg2.c compilation
>  - Select SHA* configs
>  - Remove the !SANDBOX dependency for EFI TCG2
>  - Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
>    is enabled
>
> Changes since v4:
>  - Remove tcg2_measure_event function and check for NULL data in
>    tcg2_measure_data
>  - Use tpm_auto_startup
>  - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
>  - Change PCR indexes for initrd and dtb
>  - Drop u8 casting in measurement test
>  - Use bullets in documentation
>
> Changes since v3:
>  - Reordered headers
>  - Refactored more of EFI code into common code
>     Removed digest_info structure and instead used the common alg_to_mask
>       and alg_to_len
>     Improved event log parsing in common code to get it equivalent to EFI
>       Common code now extends PCR if previous bootloader stage couldn't
>       No need to allocate memory in the common code, so EFI copies the
>       discovered buffer like it did before
>     Rename efi measure_event function
>
> Changes since v2:
>  - Add documentation.
>  - Changed reserved memory address to the top of the RAM for sandbox dts.
>  - Add measure state to booti and bootz.
>  - Skip measurement for EFI images that should be measured
>
> Changes since v1:
>  - Refactor TPM layer functions to allow EFI system to use them, and
>    remove duplicate EFI functions.
>  - Add test case
>  - Drop #ifdefs for bootm
>  - Add devicetree measurement config option
>  - Update sandbox TPM driver
>
> Eddie James (6):
>   tpm: Fix spelling for tpmu_ha union
>   tpm: sandbox: Update for needed TPM2 capabilities
>   tpm: Support boot measurements
>   bootm: Support boot measurement
>   test: Add sandbox TPM boot measurement
>   doc: Add measured boot documentation
>
>  arch/sandbox/dts/sandbox.dtsi  |   13 +
>  arch/sandbox/dts/test.dts      |   13 +
>  boot/Kconfig                   |   23 +
>  boot/bootm.c                   |   72 +++
>  cmd/booti.c                    |    1 +
>  cmd/bootm.c                    |    2 +
>  cmd/bootz.c                    |    1 +
>  configs/sandbox_defconfig      |    1 +
>  doc/usage/index.rst            |    1 +
>  doc/usage/measured_boot.rst    |   23 +
>  drivers/tpm/tpm2_tis_sandbox.c |  100 ++-
>  include/bootm.h                |   11 +
>  include/efi_tcg2.h             |   44 --
>  include/image.h                |    1 +
>  include/test/suites.h          |    1 +
>  include/tpm-v2.h               |  255 +++++++-
>  lib/Kconfig                    |    4 +
>  lib/efi_loader/Kconfig         |    2 -
>  lib/efi_loader/efi_tcg2.c      | 1054 +++-----------------------------
>  lib/tpm-v2.c                   |  815 ++++++++++++++++++++++++
>  test/boot/Makefile             |    1 +
>  test/boot/measurement.c        |   66 ++
>  test/cmd_ut.c                  |    4 +
>  23 files changed, 1455 insertions(+), 1053 deletions(-)
>  create mode 100644 doc/usage/measured_boot.rst
>  create mode 100644 test/boot/measurement.c
>
> --
> 2.31.1
>