This patch series add the following measurement mandated in the
TCG PC Client PFP Specification.
- SMBIOS tables
- GPT disk partition topology
- AuditMode and Deployed mode
Masahisa Kojima (3):
efi_loader: add SMBIOS table measurement
efi_loader: add UEFI GPT measurement
efi_loader: add
On Thu, 16 Sept 2021 at 16:29, Heinrich Schuchardt wrote:
>
>
>
> On 9/15/21 7:15 AM, Masahisa Kojima wrote:
> > This commit adds the UEFI GPT disk partition topology
> > measurement required in TCG PC Client PFP Spec.
>
> Thanks for looking into the missing part
Hi Heinrich,
On Thu, 16 Sept 2021 at 16:02, Heinrich Schuchardt wrote:
>
>
>
> On 9/15/21 7:15 AM, Masahisa Kojima wrote:
> > This commit adds the DeployedMode and AuditMode variable
> > measurement required in TCG PC Client PFP Spec.
> >
> > Signed-off-by
Hi Ilias,
Thank you for the review.
On Wed, 15 Sept 2021 at 17:37, Ilias Apalodimas
wrote:
>
> Hi Kojima-san,
>
> On Wed, Sep 15, 2021 at 02:15:44PM +0900, Masahisa Kojima wrote:
> > TCG PC Client spec requires to measure the SMBIOS
> > table that contain static c
This commit adds the DeployedMode and AuditMode variable
measurement required in TCG PC Client PFP Spec.
Signed-off-by: Masahisa Kojima
---
lib/efi_loader/efi_tcg2.c | 47 +++
1 file changed, 47 insertions(+)
diff --git a/lib/efi_loader/efi_tcg2.c b/lib
*)entry->struct_table_address;
Signed-off-by: Masahisa Kojima
---
include/efi_loader.h | 2 +
include/efi_tcg2.h| 15
include/smbios.h | 13
lib/efi_loader/Kconfig| 1 +
lib/efi_loader/efi_boottime.c | 2 +
lib/efi_loader/efi_smbios.c |
This commit adds the UEFI GPT disk partition topology
measurement required in TCG PC Client PFP Spec.
Signed-off-by: Masahisa Kojima
---
include/blk.h | 3 +
include/efi_loader.h | 2 +-
include/efi_tcg2.h| 12 +++
lib/efi_loader/efi_boottime.c | 2
This patch series add the following measurement mandated in the
TCG PC Client PFP Specification.
- SMBIOS tables
- GPT disk partition topology
- AuditMode and Deployed mode
Masahisa Kojima (3):
efi_loader: add SMBIOS table measurement
efi_loader: add UEFI GPT measurement
efi_loader: add
boot_service_capability_min is constant, it should be capitalized.
Signed-off-by: Masahisa Kojima
---
include/efi_tcg2.h| 2 +-
lib/efi_loader/efi_tcg2.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h
index c99384fb00
On Fri, 3 Sept 2021 at 16:01, Heinrich Schuchardt wrote:
>
> On 9/3/21 3:55 AM, Masahisa Kojima wrote:
> > TCG EFI Protocol Specification requires to the input
> > ProtocolCapability.Size < size of the EFI_TCG2_BOOT_SERVICE_CAPABILITY
> > up to and including the ven
to
check the range of PCRIndex parameter.
Signed-off-by: Masahisa Kojima
---
include/efi_tcg2.h| 2 ++
lib/efi_loader/efi_tcg2.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/efi_tcg2.h b/include/efi_tcg2.h
index 45788d55d5..b647361d44 100644
--- a/include
TCG EFI Protocol Specification requires to the input
ProtocolCapability.Size < size of the EFI_TCG2_BOOT_SERVICE_CAPABILITY
up to and including the vendor ID field.
Current implementation does different calculation, let's fix it.
Signed-off-by: Masahisa Kojima
---
include/efi_tcg2.h | 2 +-
TCG EFI Protocol Specification defines the required parameter
checking and return value for each API.
This commit adds the missing parameter check and
fixes the wrong return value to comply the specification.
Signed-off-by: Masahisa Kojima
---
lib/efi_loader/efi_tcg2.c | 19
Arm is preparing the BBSR(Base Boot Security Requirement)
compiance test tool.
This tool covers Measured Boot, it checks TCG EFI Protocol compliance.
This patch series fix the failure items detected by this
BBSR compliance test tool.
Masahisa Kojima (3):
efi_loader: add missing parameter check
On Sat, 14 Aug 2021 at 18:06, Heinrich Schuchardt wrote:
>
> On 8/13/21 9:12 AM, Masahisa Kojima wrote:
> > TCG PC Client PFP spec requires to measure
> > "Exit Boot Services Invocation" if ExitBootServices() is invoked.
> > Depending upon the return cod
This commit adds the comment of the TCG Specification
efi_tcg2.h file refers, and comment for the structure.
Signed-off-by: Masahisa Kojima
---
(no change since v3)
Changes in v3:
- update comment format
Changes in v2:
- newly create commit from v2
include/efi_tcg2.h | 57
Refactor efi_append_scrtm_version() to use common
function for adding eventlog and extending PCR.
Signed-off-by: Masahisa Kojima
---
(no changes since v1)
lib/efi_loader/efi_tcg2.c | 14 +-
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/lib/efi_loader/efi_tcg2.c b
is also measured.
Signed-off-by: Masahisa Kojima
---
Changes in v4:
- remove unnecessary EFIAPI specifier
Changes in v2:
- use strlen instead of sizeof, event log for EV_EFI_ACTION string
shall not include NUL terminator
include/efi_loader.h | 1 +
lib/efi_loader/efi_boottime.c | 5
requires to measure "Calling EFI Application from
Boot Option" for each boot attempt, and "Returning from EFI
Application from Boot Option" if a boot device returns control
back to the Boot Manager.
Signed-off-by: Masahisa Kojima
---
Changes in v4:
- remove unnecessary EFIAPI speci
te that this implementation assumes that secure boot
variables are pre-configured and not be set/updated in runtime.
Signed-off-by: Masahisa Kojima
---
Changes in v4:
- remove unnecessary EFIAPI specifier
- modify wrong guid for dbt and dbr
Changes in v3:
- add "dbt" and "dbr" meas
easurement of U-boot itself. I assume U-boot measurement will be done
by the former firmware such as trusted firmware.
Masahisa Kojima (5):
efi_loader: add secure boot variable measurement
efi_loader: add boot variable measurement
efi_loader: add ExitBootServices() measurement
On Wed, 11 Aug 2021 at 15:50, AKASHI Takahiro
wrote:
>
> On Wed, Aug 11, 2021 at 12:05:39PM +0900, Masahisa Kojima wrote:
> > On Tue, 10 Aug 2021 at 11:19, AKASHI Takahiro
> > wrote:
> > >
> > > On Fri, Aug 06, 2021 at 04:02:12PM +0900, Masahisa Kojima w
On Tue, 10 Aug 2021 at 11:19, AKASHI Takahiro
wrote:
>
> On Fri, Aug 06, 2021 at 04:02:12PM +0900, Masahisa Kojima wrote:
> > TCG PC Client PFP spec requires to measure "Boot"
> > and "BootOrder" variables, EV_SEPARATOR event prior
> > to the Rea
Hi Akashi-san,
Thank you for your comment.
On Tue, 10 Aug 2021 at 10:44, AKASHI Takahiro
wrote:
>
> Kojima-san,
>
> On Fri, Aug 06, 2021 at 04:02:11PM +0900, Masahisa Kojima wrote:
> > TCG PC Client PFP spec requires to measure the secure
> > boot policy before v
This commit adds the comment of the TCG Specification
efi_tcg2.h file refers, and comment for the structure.
Signed-off-by: Masahisa Kojima
---
Changes in v3:
- update comment format
Changes in v2:
- newly create commit from v2
include/efi_tcg2.h | 57
Refactor efi_append_scrtm_version() to use common
function for adding eventlog and extending PCR.
Signed-off-by: Masahisa Kojima
---
(no changes since v1)
lib/efi_loader/efi_tcg2.c | 14 +-
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/lib/efi_loader/efi_tcg2.c b
requires to measure "Calling EFI Application from
Boot Option" for each boot attempt, and "Returning from EFI
Application from Boot Option" if a boot device returns control
back to the Boot Manager.
Signed-off-by: Masahisa Kojima
---
Changes in v3:
- modify log output
Chan
is also measured.
Signed-off-by: Masahisa Kojima
---
(no changes since v2)
Changes in v2:
- use strlen instead of sizeof, event log for EV_EFI_ACTION string
shall not include NUL terminator
include/efi_loader.h | 1 +
lib/efi_loader/efi_boottime.c | 5 +++
lib/
te that this implementation assumes that secure boot
variables are pre-configured and not be set/updated in runtime.
Signed-off-by: Masahisa Kojima
---
Changes in v3:
- add "dbt" and "dbr" measurement
- accept empty variable measurement for "SecureBoot", "PK",
&qu
easurement of U-boot itself. I assume U-boot measurement will be done
by the former firmware such as trusted firmware.
Masahisa Kojima (5):
efi_loader: add secure boot variable measurement
efi_loader: add boot variable measurement
efi_loader: add ExitBootServices() measurement
On Thu, 15 Jul 2021 at 15:44, Heinrich Schuchardt wrote:
>
>
>
> On 7/14/21 3:00 PM, Masahisa Kojima wrote:
> > TCG PC Client PFP spec requires to measure the secure
> > boot policy before validating the UEFI image.
> > This commit adds the secure boot variable
Hi Simon,
On Wed, 21 Jul 2021 at 03:34, Simon Glass wrote:
>
> Hi,
>
> On Wed, 14 Jul 2021 at 06:59, Masahisa Kojima
> wrote:
> >
> > TCG PC Client PFP spec requires to measure the secure
> > boot policy before validating the UEFI image.
> > This commit ad
On Thu, 15 Jul 2021 at 15:59, Heinrich Schuchardt wrote:
>
>
>
> On 7/14/21 3:00 PM, Masahisa Kojima wrote:
> > TCG PC Client PFP spec requires to measure "Boot"
> > and "BootOrder" variables, EV_SEPARATOR event prior
> > to the Ready to Bo
On Thu, 15 Jul 2021 at 15:46, Ilias Apalodimas
wrote:
>
>
> On Thu, Jul 15, 2021 at 02:09:57PM +0900, Masahisa Kojima wrote:
> > Hi Simon, Ilias,
> >
> > On Wed, 14 Jul 2021 at 23:50, Simon Glass wrote:
> > >
> > > Hi Masahisa,
> > &g
Hi Simon, Ilias,
On Wed, 14 Jul 2021 at 23:50, Simon Glass wrote:
>
> Hi Masahisa,
>
> On Mon, 12 Jul 2021 at 02:40, Masahisa Kojima
> wrote:
> >
> > Hi Simon,
> >
> > On Sun, 11 Jul 2021 at 09:01, Simon Glass wrote:
> > >
> > > Hi Ma
This commit adds the comment of the TCG Specification
efi_tcg2.h file refers, and comment for the structure.
Signed-off-by: Masahisa Kojima
---
Changes in v2:
- newly create commit from v2
include/efi_tcg2.h | 51 ++
1 file changed, 51 insertions
Refactor efi_append_scrtm_version() to use common
function for adding eventlog and extending PCR.
Signed-off-by: Masahisa Kojima
---
Changes in v2:
no update
lib/efi_loader/efi_tcg2.c | 14 +-
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/lib/efi_loader/efi_tcg2.c
is also measured.
Signed-off-by: Masahisa Kojima
---
Changes in v2:
- use strlen instead of sizeof, event log for EV_EFI_ACTION string
shall not include NUL terminator
include/efi_loader.h | 1 +
lib/efi_loader/efi_boottime.c | 5 +++
lib/efi_loader/efi_tcg2.c | 70 ++
requires to measure "Calling EFI Application from
Boot Option" for each boot attempt, and "Returning from EFI
Application from Boot Option" if a boot device returns control
back to the Boot Manager.
Signed-off-by: Masahisa Kojima
---
Changes in v2:
- use efi_create_indexed_
umes that secure boot
variables are pre-configured and not be set/updated in runtime.
Signed-off-by: Masahisa Kojima
---
Changes in v2:
- missing null check for getting variable data
- some minor fix for readability
include/efi_tcg2.h| 20 ++
lib/efi_loader/efi_tcg2.c | 139 +
TCG PC Client PFP spec says "The Log Area Minimum Length
for the TCG event log MUST be at least 64KB." in ACPI chapter.
This commit increase the buffer size to 64KB.
Signed-off-by: Masahisa Kojima
---
Changes in v2:
- increase buffer size to 64KB, it follows the minimum size
r
easurement of U-boot itself. I assume U-boot measurement will be done
by the former firmware such as trusted firmware.
Masahisa Kojima (6):
efi_loader: increase eventlog buffer size
efi_loader: add secure boot variable measurement
efi_loader: add boot variable measurement
efi_loader:
Hi Heinrich, Akashi-san,
Thank you for your comment.
I will keep current implementation.
Thanks,
Masahisa Kojima
On Wed, 14 Jul 2021 at 08:54, AKASHI Takahiro
wrote:
>
> On Tue, Jul 13, 2021 at 04:24:52PM +0200, Heinrich Schuchardt wrote:
> >
> >
> > On 13.07.21 10:3
oot event handler, ready_to_boot handler is called
upon the user selects the boot option in boot manager.
What do you think?
Thanks,
Masahisa Kojima
On Fri, 9 Jul 2021 at 11:44, Masahisa Kojima wrote:
>
> On Fri, 9 Jul 2021 at 02:46, Heinrich Schuchardt wrote:
&g
Hi Simon,
On Sun, 11 Jul 2021 at 09:01, Simon Glass wrote:
>
> Hi Masahisa,
>
> On Wed, 7 Jul 2021 at 20:21, Masahisa Kojima
> wrote:
> >
> > On Wed, 7 Jul 2021 at 22:47, Heinrich Schuchardt wrote:
> > >
> > >
> > >
> > > On 7/7/2
On Fri, 9 Jul 2021 at 02:40, Heinrich Schuchardt wrote:
>
> On 7/7/21 3:36 PM, Masahisa Kojima wrote:
> > TCG PC Client PFP spec requires to measure
> > "Exit Boot Services Invocation" if ExitBootServices() is invoked.
> > Depending upon the return code from the
On Fri, 9 Jul 2021 at 02:46, Heinrich Schuchardt wrote:
>
> On 7/7/21 3:36 PM, Masahisa Kojima wrote:
> > TCG PC Client PFP spec requires to measure "Boot"
> > and "BootOrder" variables, EV_SEPARATOR event prior
> > to the Ready to Boot invocatio
On Fri, 9 Jul 2021 at 02:46, Heinrich Schuchardt wrote:
>
> On 7/7/21 3:36 PM, Masahisa Kojima wrote:
> > TCG PC Client PFP spec requires to measure the secure
> > boot policy before validating the UEFI image.
> > This commit adds the secure boot variable measurement
On Fri, 9 Jul 2021 at 02:32, Heinrich Schuchardt wrote:
>
> On 7/7/21 3:36 PM, Masahisa Kojima wrote:
> > Refactor efi_append_scrtm_version() to use common
> > function for adding eventlog and extending PCR.
> >
> > Signed-off-by: Masahisa Kojima
> > ---
i_status_t ret;
> > + struct udevice *dev;
> > +
> > + ret = platform_get_tpm2_device();
> > + if (ret != EFI_SUCCESS)
> > + return ret;
> > +
> > + ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION,
> > + strlen(EFI_RETURNING_FROM_EFI_APPLICATION),
>
> Do we need a NUL terminator on this string or not?
No, TCG spec says
"the actual log entries SHALL NOT include the quote characters
or a NUL terminator."
Thanks,
Masahisa Kojima
>
>
> Regards
> /Ilias
On Wed, 7 Jul 2021 at 22:47, Heinrich Schuchardt wrote:
>
>
>
> On 7/7/21 3:36 PM, Masahisa Kojima wrote:
> > This is a preperation to add eventlog support
> > described in TCG PC Client PFP spec.
> >
> > Signed-off-by: Masahisa Kojima
> > ---
> &
Refactor efi_append_scrtm_version() to use common
function for adding eventlog and extending PCR.
Signed-off-by: Masahisa Kojima
---
lib/efi_loader/efi_tcg2.c | 14 +-
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
is also measured.
Signed-off-by: Masahisa Kojima
---
include/efi_loader.h | 1 +
lib/efi_loader/efi_boottime.c | 5 +++
lib/efi_loader/efi_tcg2.c | 70 +++
3 files changed, 76 insertions(+)
diff --git a/include/efi_loader.h b/include/efi_loader.h
index
umes that secure boot
variables are pre-configured and not be set/updated in runtime.
Signed-off-by: Masahisa Kojima
---
include/efi_tcg2.h| 20 ++
lib/efi_loader/efi_tcg2.c | 135 ++
2 files changed, 155 insertions(+)
diff --git a/include/efi_tcg2.h b/incl
requires to measure "Calling EFI Application from
Boot Option" for each boot attempt, and "Returning from EFI
Application from Boot Option" if a boot device returns control
back to the Boot Manager.
Signed-off-by: Masahisa Kojima
---
include/efi_loader.h | 4 ++
includ
This is a preperation to add eventlog support
described in TCG PC Client PFP spec.
Signed-off-by: Masahisa Kojima
---
lib/efi_loader/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index b2ab48a048..a87bf3cc98 100644
easurement of U-boot itself. I assume U-boot measurement will be done
by the former firmware such as trusted firmware.
Masahisa Kojima (5):
efi_loader: increase eventlog buffer size
efi_loader: add secure boot variable measurement
efi_loader: add boot variable measurement
efi_loader:
e one entry of region \[@start, @end\[ and insert it into the list.
> *
> * * If @nocheck is false, the list will be sorted ascending by address.
> * Overlapping entries will not be allowed.
> --
> 2.30.2
>
Reviewed-by: Masahisa Kojima
Thanks,
Masahisa Kojima
953 | ret = tcg2_hash_pe_image((void *)data_to_hash, data_to_hash_len,
|^
Signed-off-by: Masahisa Kojima
---
lib/efi_loader/efi_tcg2.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_t
On Thu, 27 May 2021 at 01:28, Alex G. wrote:
>
> On 5/25/21 10:09 PM, Masahisa Kojima wrote:
> > "TCG PC Client Platform Firmware Profile Specification"
> > requires to measure every attempt to load and execute
> > a OS Loader(a UEFI application) into PCR[4]
Hi Alexandru,
I agree with this series.
Use CONFIG_HASH is more general than adding new CONFIG_HASH_CALCULATE.
Thanks,
Masahisa Kojima
On Tue, 25 May 2021 at 04:28, Alexandru Gagniuc wrote:
>
> I had accidentally noticed commit 87316da05f2f ("lib: introduce
> HASH_CALCULATE
; > Why don't you unconditionally copy to a new buffer? Then the caller can
> > free the return value unconditionally.
I sent out v9 just now. I don't include unconditionally copy to a new buffer,
because new version increases the readability I think.
If you still prefer to copy, I will do so.
T
as
Tested-by: Ilias Apalodimas
Signed-off-by: Masahisa Kojima
---
Changes in v9:
- use original return code from __get_active_pcr_banks()
- return EFI_UNSUPPORTED instead of EFI_INVALID_PARAMETER
if efi_image_parse() fails, it complies with TCG spec
- remove **new_efi parameter from efi_prepare_ali
one remaining commit from v9.
Masahisa Kojima (1):
efi_loader: add PE/COFF image measurement
include/efi_loader.h | 6 +
include/efi_tcg2.h| 9 ++
include/tpm-v2.h | 18 +++
lib/efi_loader/Kconfig| 1 +
lib/efi_loader
On Tue, 25 May 2021 at 21:57, Heinrich Schuchardt wrote:
>
> On 14.05.21 02:53, Masahisa Kojima wrote:
> > "TCG PC Client Platform Firmware Profile Specification"
> > requires to measure every attempt to load and execute
> > a OS Loader(a UEFI application) into P
r will need new_efi
to free the newly allocated buffer.
>
> > +
>
> [...]
>
> > + ret = __get_active_pcr_banks();
> > + if (ret != EFI_SUCCESS) {
> > + ret = EFI_DEVICE_ERROR;
>
> __get_active_pcr_banks is supposed to return the correct efi_status_t code.
> I don't think we need EFI_DEVICE_ERROR here.
Thank you. I will just use return value of __get_active_pcr_banks().
> + if (!efi_image_parse(efi, efi_size, , ,
> +_len)) {
> + log_err("Parsing PE executable image failed\n");
> + ret = EFI_INVALID_PARAMETER;
> + goto out;
I re-checked TCG spec, if PE/COFF image is corrupted or not understood,
the function shall return EFI_UNSUPPORTED. I will also update.
Thanks,
Masahisa Kojima
>
>
> Thanks!
> /Ilias
as
Tested-by: Ilias Apalodimas
Signed-off-by: Masahisa Kojima
---
(no changes since v7)
Changes in v7:
- include hash-checksum.h instead of rsa.h
- select HASH_CALCULATE in Kconfig, not to update lib/Makefile
- rebased the base code
Changes in v6:
- update lib/Makefile to add hash-checksum.c as a c
.
This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.
Signed-off-by: Masahisa Kojima
---
Changes in v8:
- remove superfluous "depends on" in Kconfig
(no changes since v4)
Changes in v4:
- revert #ifdef instead of using "if (!IS_ENABLE
option to decide
if hash-checksum.c shall be compiled.
Signed-off-by: Masahisa Kojima
---
(no changes since v7)
Changes in v7:
- newly introduce HASH_CALCULATE option
Changes in v6:
- update lib/Makefile to compile hash-checksum.c, instead of
selecting FIT_SIGNATURE in secure boot and capsule
This patch series add the PE/COFF measurement support.
Extending PCR and Event Log is tested with fTPM
running as a OP-TEE TA.
Unit test will be added in the separate series.
Masahisa Kojima (3):
lib: introduce HASH_CALCULATE option
efi_loader: expose efi_image_parse() even if UEFI Secure
On Fri, 14 May 2021 at 00:33, Heinrich Schuchardt wrote:
>
> On 5/13/21 4:48 PM, Masahisa Kojima wrote:
> > This is preparation for PE/COFF measurement support.
> > PE/COFF image hash calculation is same in both
> > UEFI Secure Boot image verification and measurement in
&g
as
Tested-by: Ilias Apalodimas
Signed-off-by: Masahisa Kojima
---
Changes in v7:
- include hash-checksum.h instead of rsa.h
- select HASH_CALCULATE in Kconfig, not to update lib/Makefile
- rebased the base code
Changes in v6:
- update lib/Makefile to add hash-checksum.c as a compilation target
(
.
This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.
Signed-off-by: Masahisa Kojima
---
(no changes since v4)
Changes in v4:
- revert #ifdef instead of using "if (!IS_ENABLED())" statement,
not to rely on the compiler optimization.
Cha
option to decide
if hash-checksum.c shall be compiled.
Signed-off-by: Masahisa Kojima
---
Changes in v7:
- newly introduce HASH_CALCULATE option
Changes in v6:
- update lib/Makefile to compile hash-checksum.c, instead of
selecting FIT_SIGNATURE in secure boot and capsule authentication.
Changes
This patch series add the PE/COFF measurement support.
Extending PCR and Event Log is tested with fTPM
running as a OP-TEE TA.
Unit test will be added in the separate series.
Masahisa Kojima (3):
lib: introduce HASH_CALCULATE option
efi_loader: expose efi_image_parse() even if UEFI Secure
On Thu, 13 May 2021 at 16:52, Takahiro Akashi
wrote:
>
> On Thu, May 13, 2021 at 04:18:29PM +0900, Masahisa Kojima wrote:
> > Build error occurs when CONFIG_EFI_SECURE_BOOT or
> > CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
> > because hash-checksum.c is not compiled.
as
Tested-by: Ilias Apalodimas
Signed-off-by: Masahisa Kojima
---
Changes in v6:
- update lib/Makefile to add hash-checksum.c as a compilation target
(no changes since v2)
Changes in v2:
- Remove duplicate include
- Remove unnecessary __packed attribute
- Add all EV_EFI_* event definition
- Cre
.
This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.
Signed-off-by: Masahisa Kojima
---
(no changes since v4)
Changes in v4:
- revert #ifdef instead of using "if (!IS_ENABLED())" statement,
not to rely on the compiler optimization.
Cha
Build error occurs when CONFIG_EFI_SECURE_BOOT or
CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
because hash-checksum.c is not compiled.
This commit adds hash-checksum.c as a compilation target
if CONFIG_EFI_SECURE_BOOT or CONFIG_EFI_CAPSULE_AUTHENTICATE
is enabled.
Signed-off-by: Masahisa Kojima
This patch series add the PE/COFF measurement support.
Extending PCR and Event Log is tested with fTPM
running as a OP-TEE TA.
Unit test will be added in the separate series.
Masahisa Kojima (3):
lib: fix build error for secure boot and capsule authentication
efi_loader: expose
On Thu, 13 May 2021 at 13:35, Heinrich Schuchardt wrote:
>
> On 5/12/21 1:32 PM, Masahisa Kojima wrote:
> > This is preparation for PE/COFF measurement support.
> > PE/COFF image hash calculation is same in both
> > UEFI Secure Boot image verification and measurement in
&g
s required to use hash_calculate() function.
This commit selects FIT_SIGNATURE option in Kconfig.
Signed-off-by: Masahisa Kojima
---
Changes in v5:
- Missing option for EFI_TCG2_PROTOROL already added in different commit.
This commit adds FIT_SIGNATRE only.
Changes in v4:
- newly added in
as
Tested-by: Ilias Apalodimas
Signed-off-by: Masahisa Kojima
---
(no changes since v2)
Changes in v2:
- Remove duplicate include
- Remove unnecessary __packed attribute
- Add all EV_EFI_* event definition
- Create common function to prepare 8-byte aligned image
- Add m
.
This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.
Signed-off-by: Masahisa Kojima
---
(no changes since v4)
Changes in v4:
- revert #ifdef instead of using "if (!IS_ENABLED())" statement,
not to rely on the compiler optimization.
Cha
This patch series add the PE/COFF measurement support.
Extending PCR and Event Log is tested with fTPM
running as a OP-TEE TA.
Unit test will be added in the separate series.
Masahisa Kojima (3):
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is
disabled
efi_loader: add PE
On Wed, 12 May 2021 at 17:32, Ilias Apalodimas
wrote:
>
> On Wed, May 12, 2021 at 03:59:47PM +0900, Masahisa Kojima wrote:
> > Build error occurs when CONFIG_EFI_SECURE_BOOT/
> > CONFIG_EFI_CAPSULE_AUTHENTICATE/CONFIG_EFI_TCG2_PROTOCOL
> > is enabled, because hash-ch
s required to use hash_calculate() function.
This commit adds CONFIG_FIT_SIGNATURE option in Kconfig, and missing
required options for CONFIG_EFI_TCG2_PROTOCOL.
Signed-off-by: Masahisa Kojima
---
Changes in v4:
- newly added in this patch series, due to rebasing
the base code.
lib/efi_loader/K
"TCG PC Client Platform Firmware Profile Specification"
requires to measure every attempt to load and execute
a OS Loader(a UEFI application) into PCR[4].
This commit adds the PE/COFF image measurement, extends PCR,
and appends measurement into Event Log.
Signed-off-by: Masah
.
This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.
Signed-off-by: Masahisa Kojima
---
Changes in v4:
- revert #ifdef instead of using "if (!IS_ENABLED())" statement,
not to rely on the compiler optimization.
Changes in
This patch series add the PE/COFF measurement support.
Extending PCR and Event Log is tested with fTPM
running as a OP-TEE TA.
Unit test will be added in the separate series.
Masahisa Kojima (3):
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is
disabled
efi_loader: add PE
s,
Masahisa
On Tue, 11 May 2021 at 07:06, Masahisa Kojima
wrote:
>
> On Mon, 10 May 2021 at 11:07, Takahiro Akashi
> wrote:
> >
> > On Mon, May 10, 2021 at 09:49:03AM +0900, Masahisa Kojima wrote:
> > > Hi Heinrich,
> > >
> > > Sorry for the late
On Mon, 10 May 2021 at 11:07, Takahiro Akashi
wrote:
>
> On Mon, May 10, 2021 at 09:49:03AM +0900, Masahisa Kojima wrote:
> > Hi Heinrich,
> >
> > Sorry for the late reply.
> >
> > On Sat, 8 May 2021 at 23:08, Heinrich Schuchardt wrote:
> > >
> &
Hi Heinrich,
Sorry for the late reply.
On Sat, 8 May 2021 at 23:08, Heinrich Schuchardt wrote:
>
> On 4/28/21 3:16 PM, Heinrich Schuchardt wrote:
> > On 28.04.21 14:19, Masahisa Kojima wrote:
>
> >> /**
> >>* cmp_pe_section() - compare virtual a
"TCG PC Client Platform Firmware Profile Specification"
requires to measure every attempt to load and execute
a OS Loader(a UEFI application) into PCR[4].
This commit adds the PE/COFF image measurement, extends PCR,
and appends measurement into Event Log.
Signed-off-by: Masah
This patch series add the PE/COFF measurement support.
Extending PCR and Event Log is tested with fTPM
running as a OP-TEE TA.
Unit test will be added in the separate series.
Masahisa Kojima (2):
efi_loader: expose efi_image_parse() even if UEFI Secure Boot is
disabled
efi_loader: add PE
.
This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.
Signed-off-by: Masahisa Kojima
---
Changes in v3:
- hide EFI_SIGNATURE_SUPPORT option
Changes in v2:
- Remove all #ifdef from efi_image_loader.c and efi_signature.c
- Add EFI_SIGNATURE_SUPPORT
On Wed, 28 Apr 2021 at 11:35, Heinrich Schuchardt wrote:
>
> Am 28. April 2021 03:06:15 MESZ schrieb Masahisa Kojima
> :
> >On Tue, 27 Apr 2021 at 22:52, Heinrich Schuchardt
> >wrote:
> >>
> >> On 27.04.21 15:08, Masahisa Kojima wrote:
> >> >
On Tue, 27 Apr 2021 at 22:52, Heinrich Schuchardt wrote:
>
> On 27.04.21 15:08, Masahisa Kojima wrote:
> > This is preparation for PE/COFF measurement support.
> > PE/COFF image hash calculation is same in both
> > UEFI Secure Boot image verification and measurement in
&g
ashing algorithms of Masahisa's patch, see chapter 6.4.3, "Related
> Definitions".
>
> So let's support them.
>
> Best regards
>
> Heinrich
>
> >
> >> For other comments, I will modify the code and send v2 patch.
> >>
> >> Thanks,
&
"TCG PC Client Platform Firmware Profile Specification"
requires to measure every attempt to load and execute
a OS Loader(a UEFI application) into PCR[4].
This commit adds the PE/COFF image measurement, extends PCR,
and appends measurement into Event Log.
Signed-off-by: Masah
901 - 1000 of 1007 matches
Mail list logo
