pportunity to test this, have you?
Thanks,
Eddie
Cheers
/Ilias
On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been moved to
the TPM layer. The serie
On 2/22/23 05:33, Ilias Apalodimas wrote:
Hi Eddie,
On Tue, Feb 21, 2023 at 04:38:58PM -0600, Eddie James wrote:
On 2/6/23 06:20, Ilias Apalodimas wrote:
Thanks Eddie,
I quickly tested this but the EFI subsystem fails to initialize the TCG
protocol properly now. Unfortunately I am on a
On 2/21/23 23:36, Joel Stanley wrote:
On Thu, 2 Feb 2023 at 17:08, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been moved to
the TPM layer. The series includes optional measurement from
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
booti and bootz.
- Skip measurement for EFI images that should be measured
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TP
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
---
boot/Kconfig| 23
boot/bootm.c| 70 +
cmd/booti.c
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
diff --git a/doc/usage
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts/sandbox.dtsi | 13 +++
arch
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
On 2/23/23 03:47, Ilias Apalodimas wrote:
On Thu, 23 Feb 2023 at 11:30, Ilias Apalodimas
wrote:
On Thu, 23 Feb 2023 at 11:02, Ilias Apalodimas
wrote:
Hi Eddie,
final_event->number_of_events++;
@@ -350,66 +142,6 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index,
u32 even
On 2/22/23 14:26, Heinrich Schuchardt wrote:
Am 22. Februar 2023 19:02:42 MEZ schrieb Eddie James :
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files
Skip measurement for EFI images that should be measured
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie J
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v6:
- Added comment for bootm_measure
- Fixed line length in bootm_measure
boot
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
On 3/2/23 14:22, Ilias Apalodimas wrote:
Hi Eddie,
I found the issue. I still think we could squeeze things even more in our
abstraction. Specifically the measure_event() tcg2_agile_log_append()
contain some efi specific bits and I am trying to figure out if we can make
those more generic.
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
I system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v6:
- Added comment for bootm_measure
- Fixed line length in bootm_measure
boot
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts
ks,
Eddie
[0] https://source.denx.de/u-boot/custodians/u-boot-tpm/-/pipelines/15471
Regards
/Ilias
On Fri, Mar 03, 2023 at 01:25:00PM -0600, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have bee
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
tem to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot meas
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
t config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot measurements
bootm: Support boot measurement
test: Add sandbox TPM boot measurement
doc: Add measured boot documenta
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
On 10/13/23 12:22, Ilias Apalodimas wrote:
Hi Eddie,
This doesn't apply on -master, can you please rebase?
Ugh I thought you wanted -next... I can rebase again.
Thanks
/Ilias
On Thu, 12 Oct 2023 at 16:49, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images
On 10/12/23 10:29, Simon Glass wrote:
Hi Eddie,
On Thu, 12 Oct 2023 at 08:08, Eddie James wrote:
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
This could use a bit more detail. What pieces are measured? What DT
binding is
nctions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot measurements
bootm: Support boot measurement
t
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v12:
- Add a bit of detail about OS usage and what pieces are measured
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 31
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
but since this used to work on earlier
versions I suspect it's going to be trivial to fix
Cheers
/Ilias
On Thu, 19 Oct 2023 at 19:21, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been mo
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v12:
- Add a bit of detail about OS usage and what pieces are measured
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 31
er functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 ca
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
On 10/25/23 07:41, Ilias Apalodimas wrote:
On Tue, 24 Oct 2023 at 18:44, Eddie James wrote:
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
v9? I believed I had fixed at least
some of the failures with patch 2 to update the sandbox driver. I also
haven't figured out how to run the ci suite locally
Thanks,
Eddie
Thanks
/Ilias
On Wed, 8 Mar 2023 at 23:25, Eddie James wrote:
Add TPM2 functions to support boot measure
On 8/4/23 13:10, Sean Edmond wrote:
On 2023-03-08 1:25 p.m., Eddie James wrote:
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since
On 8/7/23 09:52, Ilias Apalodimas wrote:
Hi,
On Mon, 7 Aug 2023 at 17:43, Eddie James wrote:
On 8/4/23 13:10, Sean Edmond wrote:
On 2023-03-08 1:25 p.m., Eddie James wrote:
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
From: Ilias Apalodimas
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index 5f0f4b5dd2..829bae7436 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_lo
d
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot measurements
bootm:
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
From: Ilias Apalodimas
commit ("")
replaced the forced and sandbox tpm2 initialization running 'tpm2
autostart' instead of the startup tpm sequence. The difference is that
the new function handles the internal tpm_init state internally and
doesn't return an error when trying to initiali
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
From: Ilias Apalodimas
Signed-off-by: Ilias Apalodimas
---
lib/tpm-v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index d22e21985b..bd0fb078dc 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -671,7 +671,7 @@ __weak int tcg2_platform_get_log(
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
On 8/7/23 10:50, Ilias Apalodimas wrote:
Hi Eddie,
On Mon, 7 Aug 2023 at 18:18, Eddie James wrote:
From: Ilias Apalodimas
Signed-off-by: Ilias Apalodimas
---
lib/tpm-v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index d22e21985b
On 8/7/23 10:56, Ilias Apalodimas wrote:
Hi Eddie,
On Mon, 7 Aug 2023 at 18:17, Eddie James wrote:
From: Ilias Apalodimas
We need a commit message for that. Something along the lines of
efi_tcg2_get_active_pcr_banks() doesnt immediately call the
EFI_ENTRY() wrappers once it enters the
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
EFI images that should be measured
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix s
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
On 8/9/23 05:43, Ilias Apalodimas wrote:
On Wed, 9 Aug 2023 at 13:42, Heinrich Schuchardt wrote:
On 8/9/23 10:34, Ilias Apalodimas wrote:
Hi Eddie
On Mon, Aug 07, 2023 at 02:25:37PM -0500, Eddie James wrote:
Add TPM2 functions to support boot measurement. This includes
starting up the
On 8/10/23 02:44, Ilias Apalodimas wrote:
On Wed, Aug 09, 2023 at 09:01:40AM -0500, Eddie James wrote:
On 8/9/23 05:43, Ilias Apalodimas wrote:
On Wed, 9 Aug 2023 at 13:42, Heinrich Schuchardt wrote:
On 8/9/23 10:34, Ilias Apalodimas wrote:
Hi Eddie
On Mon, Aug 07, 2023 at 02:25:37PM
tmpu -> tpmu
Signed-off-by: Eddie James
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 737e57551d..85feda3e06 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -167,7 +167,7 @@ struct tcg_pcr_ev
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version.
Signed-off-by: Eddie James
---
include/efi_tcg2.h | 44 ---
include/tpm-v2.h | 135 +
lib/tpm-v2.c | 700
Add a configuration option to measure the boot through the bootm
function.
Signed-off-by: Eddie James
---
boot/bootm.c| 53 +
cmd/bootm.c | 2 ++
common/Kconfig | 6 ++
include/image.h | 1 +
4 files changed, 62 insertions(+)
diff
This series adds support for measuring the boot images more generically
than the existing EFI support. The series includes optional measurement
from the bootm command.
Eventually the EFI code could be refactored to use the generic functions.
Eddie James (3):
tpm: Fix spelling for tpmu_ha union
t
gotten to it.
Thanks,
Eddie
Regards
/Ilias
On Tue, 3 Jan 2023 at 22:42, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. The series includes optional measurement
from the bootm command.
Eventually the EFI code could
On 1/4/23 03:56, Etienne Carriere wrote:
Hello Eddie and all,
On Tue, 3 Jan 2023 at 21:42, Eddie James wrote:
Add a configuration option to measure the boot through the bootm
function.
Signed-off-by: Eddie James
---
boot/bootm.c| 53
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 737e57551d..85feda3e06 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
1 - 100 of 163 matches
Mail list logo