From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 7834CC678D4
	for <u-boot@archiver.kernel.org>; Mon,  6 Mar 2023 06:58:17 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id CEDE185A11;
	Mon,  6 Mar 2023 07:58:13 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="NN86YfeP";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id AE53A85BBD; Mon,  6 Mar 2023 07:58:11 +0100 (CET)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com
 [IPv6:2a00:1450:4864:20::534])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id D74BC858A7
 for <u-boot@lists.denx.de>; Mon,  6 Mar 2023 07:58:07 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org
Received: by mail-ed1-x534.google.com with SMTP id cw28so34267707edb.5
 for <u-boot@lists.denx.de>; Sun, 05 Mar 2023 22:58:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=in-reply-to:content-disposition:mime-version:references:message-id
 :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
 bh=Urw/woNB6N+xQ3vHjvcwd8KgBIFbVXQg/4t1KfMFVLA=;
 b=NN86YfeP0ILAhzCLB6euLe4hWtXhRav9e/uLoaN5KnY6orwpk+lqRCHJstKijAIyZm
 lRRGyG6MY7FW0z1EmENx3MI5heDRr8WnBjkIZgkcv1p693SjAU+tILssVOBb1n4t97m3
 jmj6XrLZ3EvlAl1Sa2caux5dxCLOg0HQoalW10/H9O6LqKKbEPPcmOtedd8ZqdOukxAC
 +2bsa0hkvNAn26sx5DC/AVO0qTkxePzq08G86EI3EIZCqHOm1KzSyk+h2yPUSC/2lzCC
 EXhbeW01PstVYHRX7gpE2lg8aMQLl6e74J6LQSQPTtfBKgUfeoS1oJ9Kc4nkO1iucNoQ
 01Uw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=in-reply-to:content-disposition:mime-version:references:message-id
 :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=Urw/woNB6N+xQ3vHjvcwd8KgBIFbVXQg/4t1KfMFVLA=;
 b=C9xfX6l5SMxCe9Qhiz4NhkIvvpdqkmV0lpQQzNZoGouaj4yqk7V54RNZ54xvoMvkyE
 HsEZ6aQbnui+ApiClOsaMw0CG1LHW3wxmlOg8QeFwUY/xPxKg9doGnjPAv7YUWX/k8oq
 4Ut/ygA7+t4Dl3ukSnfjxlqMYQoUW9nf4BNyzfrzheBH/70T+1A/ToYx3Omau59terRh
 Iwy0UpouZlKsd+pc+eJvEXmjaaq1f3UnrL3ZksKAOQHWfycbrjdMEbbS5MOS3lzv1PzZ
 n/s4+MzkcI+U0VwvCPmwNxuKXm0mmri0vLF86iK44h7jM+v7Atlc30xyA9/wg6x2s6Oh
 j6og==
X-Gm-Message-State: AO0yUKVtWomMa7aTbe/cDlF2+a1ImOMfD31n+BxcQuUdqkQfQ97MBjmo
 6zq/wz4J1OkL0SZiDIAR0NaDZg==
X-Google-Smtp-Source: AK7set8zctn1/4AaDaucMQcsMh7GBR82ufJV65ggpdSYkfCJHoEbx7+jcj31m0E2oWmOI84+SBWxDg==
X-Received: by 2002:a17:907:7242:b0:8df:8381:52f7 with SMTP id
 ds2-20020a170907724200b008df838152f7mr13272823ejc.17.1678085887389; 
 Sun, 05 Mar 2023 22:58:07 -0800 (PST)
Received: from hera (ppp176092130041.access.hol.gr. [176.92.130.41])
 by smtp.gmail.com with ESMTPSA id
 v9-20020a17090651c900b008b2e4f88ed7sm4164308ejk.111.2023.03.05.22.58.06
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sun, 05 Mar 2023 22:58:07 -0800 (PST)
Date: Mon, 6 Mar 2023 08:58:04 +0200
From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Eddie James <eajames@linux.ibm.com>
Cc: u-boot@lists.denx.de, sjg@chromium.org, xypron.glpk@gmx.de, joel@jms.id.au
Subject: Re: [PATCH v8 0/6]  tpm: Support boot measurements
Message-ID: <ZAWO/F1iqUrZ1DGX@hera>
References: <20230303192506.1368538-1-eajames@linux.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230303192506.1368538-1-eajames@linux.ibm.com>
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

Hi Eddie,

This has a few failures on the CI [0].
Please have a look and let me know if you can't understand the failures

[0] https://source.denx.de/u-boot/custodians/u-boot-tpm/-/pipelines/15471

Regards
/Ilias
On Fri, Mar 03, 2023 at 01:25:00PM -0600, Eddie James wrote:
> This series adds support for measuring the boot images more generically
> than the existing EFI support. Several EFI functions have been moved to
> the TPM layer. The series includes optional measurement from the bootm
> command.
> A new test case has been added for the bootm measurement to test the new
> path, and the sandbox TPM2 driver has been updated to support this use
> case.
> This series is based on Ilias' auto-startup series and Simon's additions.
>
> Changes since v7:
>  - Change name of tcg2_init_log and add more documentation
>  - Add a check, when parsing the event log header, to ensure that the
>    previous stage bootloader used all the active PCRs.
>  - Change name of tcg2_log_find_end
>  - Fix the greater than or equal to check to exit the log parsing
>  - Make sure log_position is 0 if there is any error discovering the log
>  - Return errors parsing the log if the data is corrupt so that we don't
>    end up with half a log
>
> Changes since v6:
>  - Added comment for bootm_measure
>  - Fixed line length in bootm_measure
>  - Added Linaro copyright for all the EFI moved code
>  - Changed tcg2_init_log (and by extension, tcg2_measurement_init) to
>    copy any discovered event log to the user's log if passed in.
>
> Changes since v5:
>  - Re-ordered the patches to put the sandbox TPM driver patch second
>  - Remove unused platform_get_eventlog in efi_tcg2.c
>  - First look for tpm_event_log_* properties instead of linux,sml-*
>  - Fix efi_tcg2.c compilation
>  - Select SHA* configs
>  - Remove the !SANDBOX dependency for EFI TCG2
>  - Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
>    is enabled
>
> Changes since v4:
>  - Remove tcg2_measure_event function and check for NULL data in
>    tcg2_measure_data
>  - Use tpm_auto_startup
>  - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
>  - Change PCR indexes for initrd and dtb
>  - Drop u8 casting in measurement test
>  - Use bullets in documentation
>
> Changes since v3:
>  - Reordered headers
>  - Refactored more of EFI code into common code
>     Removed digest_info structure and instead used the common alg_to_mask
>       and alg_to_len
>     Improved event log parsing in common code to get it equivalent to EFI
>       Common code now extends PCR if previous bootloader stage couldn't
>       No need to allocate memory in the common code, so EFI copies the
>       discovered buffer like it did before
>     Rename efi measure_event function
>
> Changes since v2:
>  - Add documentation.
>  - Changed reserved memory address to the top of the RAM for sandbox dts.
>  - Add measure state to booti and bootz.
>  - Skip measurement for EFI images that should be measured
>
> Changes since v1:
>  - Refactor TPM layer functions to allow EFI system to use them, and
>    remove duplicate EFI functions.
>  - Add test case
>  - Drop #ifdefs for bootm
>  - Add devicetree measurement config option
>  - Update sandbox TPM driver
>
> Eddie James (6):
>   tpm: Fix spelling for tpmu_ha union
>   tpm: sandbox: Update for needed TPM2 capabilities
>   tpm: Support boot measurements
>   bootm: Support boot measurement
>   test: Add sandbox TPM boot measurement
>   doc: Add measured boot documentation
>
>  arch/sandbox/dts/sandbox.dtsi  |   13 +
>  arch/sandbox/dts/test.dts      |   13 +
>  boot/Kconfig                   |   23 +
>  boot/bootm.c                   |   72 +++
>  cmd/booti.c                    |    1 +
>  cmd/bootm.c                    |    2 +
>  cmd/bootz.c                    |    1 +
>  configs/sandbox_defconfig      |    1 +
>  doc/usage/index.rst            |    1 +
>  doc/usage/measured_boot.rst    |   23 +
>  drivers/tpm/tpm2_tis_sandbox.c |  100 ++-
>  include/bootm.h                |   11 +
>  include/efi_tcg2.h             |   44 --
>  include/image.h                |    1 +
>  include/test/suites.h          |    1 +
>  include/tpm-v2.h               |  255 +++++++-
>  lib/Kconfig                    |    4 +
>  lib/efi_loader/Kconfig         |    2 -
>  lib/efi_loader/efi_tcg2.c      | 1054 +++-----------------------------
>  lib/tpm-v2.c                   |  815 ++++++++++++++++++++++++
>  test/boot/Makefile             |    1 +
>  test/boot/measurement.c        |   66 ++
>  test/cmd_ut.c                  |    4 +
>  23 files changed, 1455 insertions(+), 1053 deletions(-)
>  create mode 100644 doc/usage/measured_boot.rst
>  create mode 100644 test/boot/measurement.c
>
> --
> 2.31.1
>