Re: [PATCH v5 0/6] tpm: Support boot measurements
On 2/21/23 23:36, Joel Stanley wrote: On Thu, 2 Feb 2023 at 17:08, Eddie James wrote: This series adds support for measuring the boot images more generically than the existing EFI support. Several EFI functions have been moved to the TPM layer. The series includes optional measurement from the bootm command. A new test case has been added for the bootm measurement to test the new path, and the sandbox TPM2 driver has been updated to support this use case. This series is based on Ilias' auto-startup series: https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodi...@linaro.org/ Nice work Eddie. It looks like you're closing in on the issues Ilias and Simon have. I did some testing and found some missing dependencies from running 'make check': sandbox_spl: +make O=/home/joel/dev/u-boot/upstream/build-sandbox_spl -s sandbox_spl_defconfig +make O=/home/joel/dev/u-boot/upstream/build-sandbox_spl -s -j8 /usr/bin/ld: warning: test/overlay/test-fdt-overlay-stacked.dtb.o: missing .note.GNU-stack section implies executable stack /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker /usr/bin/ld: /tmp/cc8cNroX.ltrans22.ltrans.o:(.data.rel+0x440): undefined reference to `do_ut_measurement' collect2: error: ld returned 1 exit status make[2]: *** [/home/joel/dev/u-boot/upstream/Makefile:1752: u-boot] Error 1 There's a few variants of the sandbox defconfig. I'm not sure if we want to exclude the measurement code from those configs, or add it to the configs. Thanks Joel. I feel the right thing here would be to only build the measurement test when CONFIG_MEASURED_BOOT is enabled, so I'll make that change. When fixing them up to add CONFIG_MEASURED_BOOT=y we still fail to link: sandbox_spl: +make O=/home/joel/dev/u-boot/upstream/build-sandbox_spl -s sandbox_spl_defconfig +make O=/home/joel/dev/u-boot/upstream/build-sandbox_spl -s -j8 /usr/bin/ld: warning: test/overlay/test-fdt-overlay-stacked.dtb.o: missing .note.GNU-stack section implies executable stack /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker /usr/bin/ld: /tmp/ccRuOSFi.ltrans17.ltrans.o: in function `tcg2_create_digest': /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:112: undefined reference to `sha512_starts' /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:113: undefined reference to `sha512_update' /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:114: undefined reference to `sha512_finish' /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:106: undefined reference to `sha384_starts' /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:107: undefined reference to `sha384_update' /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:108: undefined reference to `sha384_finish' collect2: error: ld returned 1 exit status This sorted that out for me: --- a/lib/Kconfig +++ b/lib/Kconfig @@ -411,6 +411,8 @@ config TPM bool "Trusted Platform Module (TPM) Support" depends on DM imply DM_RNG + select SHA512 + select SHA384 The tree I tested with is here: https://github.com/shenki/u-boot/commits/measured-boot Thanks, I'll select those. Eddie Cheers, Joel Changes since v4: - Remove tcg2_measure_event function and check for NULL data in tcg2_measure_data - Use tpm_auto_startup - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function - Change PCR indexes for initrd and dtb - Drop u8 casting in measurement test - Use bullets in documentation Changes since v3: - Reordered headers - Refactored more of EFI code into common code Removed digest_info structure and instead used the common alg_to_mask and alg_to_len Improved event log parsing in common code to get it equivalent to EFI Common code now extends PCR if previous bootloader stage couldn't No need to allocate memory in the common code, so EFI copies the discovered buffer like it did before Rename efi measure_event function Changes since v2: - Add documentation. - Changed reserved memory address to the top of the RAM for sandbox dts. - Add measure state to booti and bootz. - Skip measurement for EFI images that should be measured Changes since v1: - Refactor TPM layer functions to allow EFI system to use them, and remove duplicate EFI functions. - Add test case - Drop #ifdefs for bootm - Add devicetree measurement config option - Update sandbox TPM driver Eddie James (6): tpm: Fix spelling for tpmu_ha union tpm: Support boot measurements bootm: Support boot measurement tpm: sandbox: Update for needed TPM2 capabilities test: Add sandbox TPM boot measurement doc: Add measured boot documentation arch/sandbox/dts/sandbox.dtsi | 14 + arch/sandbox/dts/test.dts | 13 +
Re: [PATCH v5 0/6] tpm: Support boot measurements
On 2/22/23 05:33, Ilias Apalodimas wrote: Hi Eddie, On Tue, Feb 21, 2023 at 04:38:58PM -0600, Eddie James wrote: On 2/6/23 06:20, Ilias Apalodimas wrote: Thanks Eddie, I quickly tested this but the EFI subsystem fails to initialize the TCG protocol properly now. Unfortunately I am on a business trip and I won't be able to take a look into why till next week Hi Ilias, I haven't had the opportunity to test this, have you? Thanks, Eddie Cheers /Ilias Still going through the code so bear with me. It seems that the EFI failure is coming from tcg2_platform_get_log() specifically if none of linux,sml-base nor tpm_event_log_addr if present in the dtb. One thing we should change here is look for tpm_event_log_addr first. The reason is that this is a very 'special' case in which TF-A fills in an eventlog for us, while linux,sml-base is more generic so I'd rather explicitly prefer TF-A id it prepared an eventlog for us. OK, thanks, this is helpful, I'll have a look. On the failure now, if none of the nodes is present we are looking for 'memory-region' within the TPM node? Looking at the DT specs the tpm should only support "compatible, label, linux,sml-base/size' am I missing something? I just had a commit merged for the reserved memory region: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/drivers/char/tpm/eventlog/of.c?id=1e2714bb83fc783d58701967391bea242c65eaff It isn't documented anywhere so far... Thanks, Eddie I also had to apply [0] for this to compile. You can 'easily' test the EFI changes by doing a 'printenv -e'. This will at least initialize the efi subsystem and install the needed EFI tables (you need CMD_NVEDIT_EFI=y) [0] https://source.denx.de/u-boot/custodians/u-boot-tpm/-/commit/d473596cd6900117485014476c70c49f202bd8da Hope this helps a bit. Let me know if I can help in any other way. Don't bother *testing* the eventlog for EFI on a full linux boot. I'll run that on v6 /Ilias On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote: This series adds support for measuring the boot images more generically than the existing EFI support. Several EFI functions have been moved to the TPM layer. The series includes optional measurement from the bootm command. A new test case has been added for the bootm measurement to test the new path, and the sandbox TPM2 driver has been updated to support this use case. This series is based on Ilias' auto-startup series: https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodi...@linaro.org/ Changes since v4: - Remove tcg2_measure_event function and check for NULL data in tcg2_measure_data - Use tpm_auto_startup - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function - Change PCR indexes for initrd and dtb - Drop u8 casting in measurement test - Use bullets in documentation Changes since v3: - Reordered headers - Refactored more of EFI code into common code Removed digest_info structure and instead used the common alg_to_mask and alg_to_len Improved event log parsing in common code to get it equivalent to EFI Common code now extends PCR if previous bootloader stage couldn't No need to allocate memory in the common code, so EFI copies the discovered buffer like it did before Rename efi measure_event function Changes since v2: - Add documentation. - Changed reserved memory address to the top of the RAM for sandbox dts. - Add measure state to booti and bootz. - Skip measurement for EFI images that should be measured Changes since v1: - Refactor TPM layer functions to allow EFI system to use them, and remove duplicate EFI functions. - Add test case - Drop #ifdefs for bootm - Add devicetree measurement config option - Update sandbox TPM driver Eddie James (6): tpm: Fix spelling for tpmu_ha union tpm: Support boot measurements bootm: Support boot measurement tpm: sandbox: Update for needed TPM2 capabilities test: Add sandbox TPM boot measurement doc: Add measured boot documentation arch/sandbox/dts/sandbox.dtsi | 14 + arch/sandbox/dts/test.dts | 13 + boot/Kconfig | 23 + boot/bootm.c | 70 +++ cmd/booti.c|1 + cmd/bootm.c|2 + cmd/bootz.c|1 + configs/sandbox_defconfig |1 + doc/usage/index.rst|1 + doc/usage/measured_boot.rst| 23 + drivers/tpm/tpm2_tis_sandbox.c | 100 +++- include/bootm.h|2 + include/efi_tcg2.h | 44 -- include/image.h|1 + include/test/suites.h |1 + include/tpm-v2.h | 246 +++- lib/efi_loader/efi_tcg2.c | 1010 +++- lib/tpm-v2.c | 771 test/boot/Makefile
Re: [PATCH v5 0/6] tpm: Support boot measurements
Hi Eddie, On Tue, Feb 21, 2023 at 04:38:58PM -0600, Eddie James wrote: > > On 2/6/23 06:20, Ilias Apalodimas wrote: > > Thanks Eddie, > > > > I quickly tested this but the EFI subsystem fails to initialize the TCG > > protocol properly now. Unfortunately I am on a business trip and I won't > > be able to take a look into why till next week > > > Hi Ilias, > > > I haven't had the opportunity to test this, have you? > > > Thanks, > > Eddie > > > > > > Cheers > > /Ilias > > Still going through the code so bear with me. It seems that the EFI failure is coming from tcg2_platform_get_log() specifically if none of linux,sml-base nor tpm_event_log_addr if present in the dtb. One thing we should change here is look for tpm_event_log_addr first. The reason is that this is a very 'special' case in which TF-A fills in an eventlog for us, while linux,sml-base is more generic so I'd rather explicitly prefer TF-A id it prepared an eventlog for us. On the failure now, if none of the nodes is present we are looking for 'memory-region' within the TPM node? Looking at the DT specs the tpm should only support "compatible, label, linux,sml-base/size' am I missing something? I also had to apply [0] for this to compile. You can 'easily' test the EFI changes by doing a 'printenv -e'. This will at least initialize the efi subsystem and install the needed EFI tables (you need CMD_NVEDIT_EFI=y) [0] https://source.denx.de/u-boot/custodians/u-boot-tpm/-/commit/d473596cd6900117485014476c70c49f202bd8da Hope this helps a bit. Let me know if I can help in any other way. Don't bother *testing* the eventlog for EFI on a full linux boot. I'll run that on v6 /Ilias > > On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote: > > > This series adds support for measuring the boot images more generically > > > than the existing EFI support. Several EFI functions have been moved to > > > the TPM layer. The series includes optional measurement from the bootm > > > command. > > > A new test case has been added for the bootm measurement to test the new > > > path, and the sandbox TPM2 driver has been updated to support this use > > > case. > > > This series is based on Ilias' auto-startup series: > > > https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodi...@linaro.org/ > > > > > > Changes since v4: > > > - Remove tcg2_measure_event function and check for NULL data in > > > tcg2_measure_data > > > - Use tpm_auto_startup > > > - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function > > > - Change PCR indexes for initrd and dtb > > > - Drop u8 casting in measurement test > > > - Use bullets in documentation > > > > > > Changes since v3: > > > - Reordered headers > > > - Refactored more of EFI code into common code > > > Removed digest_info structure and instead used the common alg_to_mask > > >and alg_to_len > > > Improved event log parsing in common code to get it equivalent to EFI > > >Common code now extends PCR if previous bootloader stage couldn't > > >No need to allocate memory in the common code, so EFI copies the > > >discovered buffer like it did before > > > Rename efi measure_event function > > > > > > Changes since v2: > > > - Add documentation. > > > - Changed reserved memory address to the top of the RAM for sandbox dts. > > > - Add measure state to booti and bootz. > > > - Skip measurement for EFI images that should be measured > > > > > > Changes since v1: > > > - Refactor TPM layer functions to allow EFI system to use them, and > > > remove duplicate EFI functions. > > > - Add test case > > > - Drop #ifdefs for bootm > > > - Add devicetree measurement config option > > > - Update sandbox TPM driver > > > > > > Eddie James (6): > > >tpm: Fix spelling for tpmu_ha union > > >tpm: Support boot measurements > > >bootm: Support boot measurement > > >tpm: sandbox: Update for needed TPM2 capabilities > > >test: Add sandbox TPM boot measurement > > >doc: Add measured boot documentation > > > > > > arch/sandbox/dts/sandbox.dtsi | 14 + > > > arch/sandbox/dts/test.dts | 13 + > > > boot/Kconfig | 23 + > > > boot/bootm.c | 70 +++ > > > cmd/booti.c|1 + > > > cmd/bootm.c|2 + > > > cmd/bootz.c|1 + > > > configs/sandbox_defconfig |1 + > > > doc/usage/index.rst|1 + > > > doc/usage/measured_boot.rst| 23 + > > > drivers/tpm/tpm2_tis_sandbox.c | 100 +++- > > > include/bootm.h|2 + > > > include/efi_tcg2.h | 44 -- > > > include/image.h|1 + > > > include/test/suites.h |1 + > > > include/tpm-v2.h | 246 +++- > > > lib/efi_loader/efi_tcg2.c | 1010 +++- > > > lib/tpm-v2.c | 771
Re: [PATCH v5 0/6] tpm: Support boot measurements
Hi Eddie, On Tue, Feb 21, 2023 at 04:38:58PM -0600, Eddie James wrote: > > On 2/6/23 06:20, Ilias Apalodimas wrote: > > Thanks Eddie, > > > > I quickly tested this but the EFI subsystem fails to initialize the TCG > > protocol properly now. Unfortunately I am on a business trip and I won't > > be able to take a look into why till next week > > > Hi Ilias, > > > I haven't had the opportunity to test this, have you? Not yet, apologies. I'll try looking into it this week. Thanks /Ilias > > > Thanks, > > Eddie > > > > > > Cheers > > /Ilias > > > > On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote: > > > This series adds support for measuring the boot images more generically > > > than the existing EFI support. Several EFI functions have been moved to > > > the TPM layer. The series includes optional measurement from the bootm > > > command. > > > A new test case has been added for the bootm measurement to test the new > > > path, and the sandbox TPM2 driver has been updated to support this use > > > case. > > > This series is based on Ilias' auto-startup series: > > > https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodi...@linaro.org/ > > > > > > Changes since v4: > > > - Remove tcg2_measure_event function and check for NULL data in > > > tcg2_measure_data > > > - Use tpm_auto_startup > > > - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function > > > - Change PCR indexes for initrd and dtb > > > - Drop u8 casting in measurement test > > > - Use bullets in documentation > > > > > > Changes since v3: > > > - Reordered headers > > > - Refactored more of EFI code into common code > > > Removed digest_info structure and instead used the common alg_to_mask > > >and alg_to_len > > > Improved event log parsing in common code to get it equivalent to EFI > > >Common code now extends PCR if previous bootloader stage couldn't > > >No need to allocate memory in the common code, so EFI copies the > > >discovered buffer like it did before > > > Rename efi measure_event function > > > > > > Changes since v2: > > > - Add documentation. > > > - Changed reserved memory address to the top of the RAM for sandbox dts. > > > - Add measure state to booti and bootz. > > > - Skip measurement for EFI images that should be measured > > > > > > Changes since v1: > > > - Refactor TPM layer functions to allow EFI system to use them, and > > > remove duplicate EFI functions. > > > - Add test case > > > - Drop #ifdefs for bootm > > > - Add devicetree measurement config option > > > - Update sandbox TPM driver > > > > > > Eddie James (6): > > >tpm: Fix spelling for tpmu_ha union > > >tpm: Support boot measurements > > >bootm: Support boot measurement > > >tpm: sandbox: Update for needed TPM2 capabilities > > >test: Add sandbox TPM boot measurement > > >doc: Add measured boot documentation > > > > > > arch/sandbox/dts/sandbox.dtsi | 14 + > > > arch/sandbox/dts/test.dts | 13 + > > > boot/Kconfig | 23 + > > > boot/bootm.c | 70 +++ > > > cmd/booti.c|1 + > > > cmd/bootm.c|2 + > > > cmd/bootz.c|1 + > > > configs/sandbox_defconfig |1 + > > > doc/usage/index.rst|1 + > > > doc/usage/measured_boot.rst| 23 + > > > drivers/tpm/tpm2_tis_sandbox.c | 100 +++- > > > include/bootm.h|2 + > > > include/efi_tcg2.h | 44 -- > > > include/image.h|1 + > > > include/test/suites.h |1 + > > > include/tpm-v2.h | 246 +++- > > > lib/efi_loader/efi_tcg2.c | 1010 +++- > > > lib/tpm-v2.c | 771 > > > test/boot/Makefile |1 + > > > test/boot/measurement.c| 66 +++ > > > test/cmd_ut.c |2 + > > > 21 files changed, 1383 insertions(+), 1010 deletions(-) > > > create mode 100644 doc/usage/measured_boot.rst > > > create mode 100644 test/boot/measurement.c > > > > > > -- > > > 2.31.1 > > >
Re: [PATCH v5 0/6] tpm: Support boot measurements
On Thu, 2 Feb 2023 at 17:08, Eddie James wrote: > > This series adds support for measuring the boot images more generically > than the existing EFI support. Several EFI functions have been moved to > the TPM layer. The series includes optional measurement from the bootm > command. > A new test case has been added for the bootm measurement to test the new > path, and the sandbox TPM2 driver has been updated to support this use > case. > This series is based on Ilias' auto-startup series: > https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodi...@linaro.org/ Nice work Eddie. It looks like you're closing in on the issues Ilias and Simon have. I did some testing and found some missing dependencies from running 'make check': sandbox_spl: +make O=/home/joel/dev/u-boot/upstream/build-sandbox_spl -s sandbox_spl_defconfig +make O=/home/joel/dev/u-boot/upstream/build-sandbox_spl -s -j8 /usr/bin/ld: warning: test/overlay/test-fdt-overlay-stacked.dtb.o: missing .note.GNU-stack section implies executable stack /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker /usr/bin/ld: /tmp/cc8cNroX.ltrans22.ltrans.o:(.data.rel+0x440): undefined reference to `do_ut_measurement' collect2: error: ld returned 1 exit status make[2]: *** [/home/joel/dev/u-boot/upstream/Makefile:1752: u-boot] Error 1 There's a few variants of the sandbox defconfig. I'm not sure if we want to exclude the measurement code from those configs, or add it to the configs. When fixing them up to add CONFIG_MEASURED_BOOT=y we still fail to link: sandbox_spl: +make O=/home/joel/dev/u-boot/upstream/build-sandbox_spl -s sandbox_spl_defconfig +make O=/home/joel/dev/u-boot/upstream/build-sandbox_spl -s -j8 /usr/bin/ld: warning: test/overlay/test-fdt-overlay-stacked.dtb.o: missing .note.GNU-stack section implies executable stack /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker /usr/bin/ld: /tmp/ccRuOSFi.ltrans17.ltrans.o: in function `tcg2_create_digest': /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:112: undefined reference to `sha512_starts' /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:113: undefined reference to `sha512_update' /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:114: undefined reference to `sha512_finish' /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:106: undefined reference to `sha384_starts' /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:107: undefined reference to `sha384_update' /usr/bin/ld: /home/joel/dev/u-boot/upstream/build-sandbox_spl/../lib/tpm-v2.c:108: undefined reference to `sha384_finish' collect2: error: ld returned 1 exit status This sorted that out for me: --- a/lib/Kconfig +++ b/lib/Kconfig @@ -411,6 +411,8 @@ config TPM bool "Trusted Platform Module (TPM) Support" depends on DM imply DM_RNG + select SHA512 + select SHA384 The tree I tested with is here: https://github.com/shenki/u-boot/commits/measured-boot Cheers, Joel > > Changes since v4: > - Remove tcg2_measure_event function and check for NULL data in >tcg2_measure_data > - Use tpm_auto_startup > - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function > - Change PCR indexes for initrd and dtb > - Drop u8 casting in measurement test > - Use bullets in documentation > > Changes since v3: > - Reordered headers > - Refactored more of EFI code into common code > Removed digest_info structure and instead used the common alg_to_mask > and alg_to_len > Improved event log parsing in common code to get it equivalent to EFI > Common code now extends PCR if previous bootloader stage couldn't > No need to allocate memory in the common code, so EFI copies the > discovered buffer like it did before > Rename efi measure_event function > > Changes since v2: > - Add documentation. > - Changed reserved memory address to the top of the RAM for sandbox dts. > - Add measure state to booti and bootz. > - Skip measurement for EFI images that should be measured > > Changes since v1: > - Refactor TPM layer functions to allow EFI system to use them, and >remove duplicate EFI functions. > - Add test case > - Drop #ifdefs for bootm > - Add devicetree measurement config option > - Update sandbox TPM driver > > Eddie James (6): > tpm: Fix spelling for tpmu_ha union > tpm: Support boot measurements > bootm: Support boot measurement > tpm: sandbox: Update for needed TPM2 capabilities > test: Add sandbox TPM boot measurement > doc: Add measured boot documentation > > arch/sandbox/dts/sandbox.dtsi | 14 + > arch/sandbox/dts/test.dts | 13 + > boot/Kconfig | 23 + > boot/bootm.c | 70 +++ > cmd/booti.c|1 + > cmd/bootm.c|2 +
Re: [PATCH v5 0/6] tpm: Support boot measurements
On 2/6/23 06:20, Ilias Apalodimas wrote: Thanks Eddie, I quickly tested this but the EFI subsystem fails to initialize the TCG protocol properly now. Unfortunately I am on a business trip and I won't be able to take a look into why till next week Hi Ilias, I haven't had the opportunity to test this, have you? Thanks, Eddie Cheers /Ilias On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote: This series adds support for measuring the boot images more generically than the existing EFI support. Several EFI functions have been moved to the TPM layer. The series includes optional measurement from the bootm command. A new test case has been added for the bootm measurement to test the new path, and the sandbox TPM2 driver has been updated to support this use case. This series is based on Ilias' auto-startup series: https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodi...@linaro.org/ Changes since v4: - Remove tcg2_measure_event function and check for NULL data in tcg2_measure_data - Use tpm_auto_startup - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function - Change PCR indexes for initrd and dtb - Drop u8 casting in measurement test - Use bullets in documentation Changes since v3: - Reordered headers - Refactored more of EFI code into common code Removed digest_info structure and instead used the common alg_to_mask and alg_to_len Improved event log parsing in common code to get it equivalent to EFI Common code now extends PCR if previous bootloader stage couldn't No need to allocate memory in the common code, so EFI copies the discovered buffer like it did before Rename efi measure_event function Changes since v2: - Add documentation. - Changed reserved memory address to the top of the RAM for sandbox dts. - Add measure state to booti and bootz. - Skip measurement for EFI images that should be measured Changes since v1: - Refactor TPM layer functions to allow EFI system to use them, and remove duplicate EFI functions. - Add test case - Drop #ifdefs for bootm - Add devicetree measurement config option - Update sandbox TPM driver Eddie James (6): tpm: Fix spelling for tpmu_ha union tpm: Support boot measurements bootm: Support boot measurement tpm: sandbox: Update for needed TPM2 capabilities test: Add sandbox TPM boot measurement doc: Add measured boot documentation arch/sandbox/dts/sandbox.dtsi | 14 + arch/sandbox/dts/test.dts | 13 + boot/Kconfig | 23 + boot/bootm.c | 70 +++ cmd/booti.c|1 + cmd/bootm.c|2 + cmd/bootz.c|1 + configs/sandbox_defconfig |1 + doc/usage/index.rst|1 + doc/usage/measured_boot.rst| 23 + drivers/tpm/tpm2_tis_sandbox.c | 100 +++- include/bootm.h|2 + include/efi_tcg2.h | 44 -- include/image.h|1 + include/test/suites.h |1 + include/tpm-v2.h | 246 +++- lib/efi_loader/efi_tcg2.c | 1010 +++- lib/tpm-v2.c | 771 test/boot/Makefile |1 + test/boot/measurement.c| 66 +++ test/cmd_ut.c |2 + 21 files changed, 1383 insertions(+), 1010 deletions(-) create mode 100644 doc/usage/measured_boot.rst create mode 100644 test/boot/measurement.c -- 2.31.1
Re: [PATCH v5 0/6] tpm: Support boot measurements
Thanks Eddie, I quickly tested this but the EFI subsystem fails to initialize the TCG protocol properly now. Unfortunately I am on a business trip and I won't be able to take a look into why till next week Cheers /Ilias On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote: > This series adds support for measuring the boot images more generically > than the existing EFI support. Several EFI functions have been moved to > the TPM layer. The series includes optional measurement from the bootm > command. > A new test case has been added for the bootm measurement to test the new > path, and the sandbox TPM2 driver has been updated to support this use > case. > This series is based on Ilias' auto-startup series: > https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodi...@linaro.org/ > > Changes since v4: > - Remove tcg2_measure_event function and check for NULL data in >tcg2_measure_data > - Use tpm_auto_startup > - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function > - Change PCR indexes for initrd and dtb > - Drop u8 casting in measurement test > - Use bullets in documentation > > Changes since v3: > - Reordered headers > - Refactored more of EFI code into common code > Removed digest_info structure and instead used the common alg_to_mask > and alg_to_len > Improved event log parsing in common code to get it equivalent to EFI > Common code now extends PCR if previous bootloader stage couldn't > No need to allocate memory in the common code, so EFI copies the > discovered buffer like it did before > Rename efi measure_event function > > Changes since v2: > - Add documentation. > - Changed reserved memory address to the top of the RAM for sandbox dts. > - Add measure state to booti and bootz. > - Skip measurement for EFI images that should be measured > > Changes since v1: > - Refactor TPM layer functions to allow EFI system to use them, and >remove duplicate EFI functions. > - Add test case > - Drop #ifdefs for bootm > - Add devicetree measurement config option > - Update sandbox TPM driver > > Eddie James (6): > tpm: Fix spelling for tpmu_ha union > tpm: Support boot measurements > bootm: Support boot measurement > tpm: sandbox: Update for needed TPM2 capabilities > test: Add sandbox TPM boot measurement > doc: Add measured boot documentation > > arch/sandbox/dts/sandbox.dtsi | 14 + > arch/sandbox/dts/test.dts | 13 + > boot/Kconfig | 23 + > boot/bootm.c | 70 +++ > cmd/booti.c|1 + > cmd/bootm.c|2 + > cmd/bootz.c|1 + > configs/sandbox_defconfig |1 + > doc/usage/index.rst|1 + > doc/usage/measured_boot.rst| 23 + > drivers/tpm/tpm2_tis_sandbox.c | 100 +++- > include/bootm.h|2 + > include/efi_tcg2.h | 44 -- > include/image.h|1 + > include/test/suites.h |1 + > include/tpm-v2.h | 246 +++- > lib/efi_loader/efi_tcg2.c | 1010 +++- > lib/tpm-v2.c | 771 > test/boot/Makefile |1 + > test/boot/measurement.c| 66 +++ > test/cmd_ut.c |2 + > 21 files changed, 1383 insertions(+), 1010 deletions(-) > create mode 100644 doc/usage/measured_boot.rst > create mode 100644 test/boot/measurement.c > > -- > 2.31.1 >
[PATCH v5 0/6] tpm: Support boot measurements
This series adds support for measuring the boot images more generically than the existing EFI support. Several EFI functions have been moved to the TPM layer. The series includes optional measurement from the bootm command. A new test case has been added for the bootm measurement to test the new path, and the sandbox TPM2 driver has been updated to support this use case. This series is based on Ilias' auto-startup series: https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodi...@linaro.org/ Changes since v4: - Remove tcg2_measure_event function and check for NULL data in tcg2_measure_data - Use tpm_auto_startup - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function - Change PCR indexes for initrd and dtb - Drop u8 casting in measurement test - Use bullets in documentation Changes since v3: - Reordered headers - Refactored more of EFI code into common code Removed digest_info structure and instead used the common alg_to_mask and alg_to_len Improved event log parsing in common code to get it equivalent to EFI Common code now extends PCR if previous bootloader stage couldn't No need to allocate memory in the common code, so EFI copies the discovered buffer like it did before Rename efi measure_event function Changes since v2: - Add documentation. - Changed reserved memory address to the top of the RAM for sandbox dts. - Add measure state to booti and bootz. - Skip measurement for EFI images that should be measured Changes since v1: - Refactor TPM layer functions to allow EFI system to use them, and remove duplicate EFI functions. - Add test case - Drop #ifdefs for bootm - Add devicetree measurement config option - Update sandbox TPM driver Eddie James (6): tpm: Fix spelling for tpmu_ha union tpm: Support boot measurements bootm: Support boot measurement tpm: sandbox: Update for needed TPM2 capabilities test: Add sandbox TPM boot measurement doc: Add measured boot documentation arch/sandbox/dts/sandbox.dtsi | 14 + arch/sandbox/dts/test.dts | 13 + boot/Kconfig | 23 + boot/bootm.c | 70 +++ cmd/booti.c|1 + cmd/bootm.c|2 + cmd/bootz.c|1 + configs/sandbox_defconfig |1 + doc/usage/index.rst|1 + doc/usage/measured_boot.rst| 23 + drivers/tpm/tpm2_tis_sandbox.c | 100 +++- include/bootm.h|2 + include/efi_tcg2.h | 44 -- include/image.h|1 + include/test/suites.h |1 + include/tpm-v2.h | 246 +++- lib/efi_loader/efi_tcg2.c | 1010 +++- lib/tpm-v2.c | 771 test/boot/Makefile |1 + test/boot/measurement.c| 66 +++ test/cmd_ut.c |2 + 21 files changed, 1383 insertions(+), 1010 deletions(-) create mode 100644 doc/usage/measured_boot.rst create mode 100644 test/boot/measurement.c -- 2.31.1
