From: Eddie James <eajames@linux.ibm.com>
To: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Cc: u-boot@lists.denx.de, sjg@chromium.org, xypron.glpk@gmx.de
Subject: Re: [PATCH v14 4/8] bootm: Support boot measurement
Date: Wed, 25 Oct 2023 08:53:49 -0500 [thread overview]
Message-ID: <bb72d456-bcb7-10d5-5ba2-1d5e1acc26f3@linux.ibm.com> (raw)
In-Reply-To: <CAC_iWj+3ww08s=FnSFeAQW_tOFw3GL9pc_=MuvhrmDxDxGZe1Q@mail.gmail.com>
On 10/25/23 07:41, Ilias Apalodimas wrote:
> On Tue, 24 Oct 2023 at 18:44, Eddie James <eajames@linux.ibm.com> wrote:
>> Add a configuration option to measure the boot through the bootm
>> function. Add the measurement state to the booti and bootz paths
>> as well.
>>
>> Signed-off-by: Eddie James <eajames@linux.ibm.com>
>> Reviewed-by: Simon Glass <sjg@chromium.org>
>> ---
>> Changes since v8:
>> - Added a configuration option to select to ignore any existing
>> event log. This would only be selected for systems that know
>> that U-Boot is the first stage bootloader. This is necessary
>> because the reserved memory region may persist through resets
>> and so U-Boot attempts to append to the previous boot's log.
>>
>> Changes since v6:
>> - Added comment for bootm_measure
>> - Fixed line length in bootm_measure
>>
>> boot/Kconfig | 32 +++++++++++++++++++++
>> boot/bootm.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++
>> cmd/booti.c | 1 +
>> cmd/bootm.c | 2 ++
>> cmd/bootz.c | 1 +
>> include/bootm.h | 11 ++++++++
>> include/image.h | 1 +
>> 7 files changed, 122 insertions(+)
>>
>> diff --git a/boot/Kconfig b/boot/Kconfig
>> index a01e6cb8aa..abbc72f4cf 100644
>> --- a/boot/Kconfig
>> +++ b/boot/Kconfig
>> @@ -685,6 +685,38 @@ config LEGACY_IMAGE_FORMAT
>> loaded. If a board needs the legacy image format support in this
>> case, enable it here.
>>
>> +config MEASURED_BOOT
>> + bool "Measure boot images and configuration to TPM and event log"
>> + depends on HASH && TPM_V2
> I know Simon reviewed this already, but don't we need to add !EFI here?
> UEFI already supports measurements via the TCG protocol implementation.
> But since EFI is 'default y' nowadays anyone minds if I change the
> help & bool messages during merge?
> Something along the lines of
> bool "Measure boot images and configuration to TPM and event log when
> booting without EFI"
Oh right, yes, go ahead, that sounds good, thanks.
Eddie
>
> [...]
>
> Thanks
> /Ilias
next prev parent reply other threads:[~2023-10-25 13:54 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-24 15:43 [PATCH v14 0/8] tpm: Support boot measurements Eddie James
2023-10-24 15:43 ` [PATCH v14 1/8] tpm: Fix spelling for tpmu_ha union Eddie James
2023-10-24 15:43 ` [PATCH v14 2/8] tpm: sandbox: Update for needed TPM2 capabilities Eddie James
2023-10-24 15:43 ` [PATCH v14 3/8] tpm: Support boot measurements Eddie James
2023-10-24 15:43 ` [PATCH v14 4/8] bootm: Support boot measurement Eddie James
2023-10-25 12:41 ` Ilias Apalodimas
2023-10-25 13:53 ` Eddie James [this message]
2023-10-25 13:03 ` Heinrich Schuchardt
2023-10-25 13:21 ` Ilias Apalodimas
2023-10-25 13:58 ` Heinrich Schuchardt
2023-10-25 14:27 ` Ilias Apalodimas
2023-10-24 15:43 ` [PATCH v14 5/8] test: Add sandbox TPM " Eddie James
2023-10-24 15:43 ` [PATCH v14 6/8] doc: Add measured boot documentation Eddie James
2023-10-25 12:37 ` Ilias Apalodimas
2023-10-24 15:43 ` [PATCH v14 7/8] efi_loader: fix EFI_ENTRY point on get_active_pcr_banks Eddie James
2023-10-24 15:43 ` [PATCH v14 8/8] test: use a non system PCR for testing PCR extend Eddie James
2023-10-25 12:38 ` [PATCH v14 0/8] tpm: Support boot measurements Ilias Apalodimas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bb72d456-bcb7-10d5-5ba2-1d5e1acc26f3@linux.ibm.com \
--to=eajames@linux.ibm.com \
--cc=ilias.apalodimas@linaro.org \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox