Hi Eddie, Does the series compile for you against -master? For qemu_arm64_defonfig I am getting compilation errors both locally and on the CI https://source.denx.de/u-boot/custodians/u-boot-tpm/-/jobs/717362#L39
Thanks /Ilias On Thu, 19 Oct 2023 at 19:45, Ilias Apalodimas <ilias.apalodi...@linaro.org> wrote: > > Thanks Eddie > > I've queued this up on public CI. I also have an internal one, this > one failed to add the TF-A eventlog, but everything else looks fine. > I'll have a look tomorrow, but since this used to work on earlier > versions I suspect it's going to be trivial to fix > > Cheers > /Ilias > > On Thu, 19 Oct 2023 at 19:21, Eddie James <eaja...@linux.ibm.com> wrote: > > > > This series adds support for measuring the boot images more generically > > than the existing EFI support. Several EFI functions have been moved to > > the TPM layer. The series includes optional measurement from the bootm > > command. > > A new test case has been added for the bootm measurement to test the new > > path, and the sandbox TPM2 driver has been updated to support this use > > case. > > > > Changes since v12: > > - Rebase on master. > > - Add detail to documentation. > > > > Changes since v11: > > - Rebase on next. Sorry for the delay (been on leave). > > > > Changes since v10: > > - Fix commit message on efi_loader change > > - Drop python test change > > - Squash armv7 fix from Ilias > > > > Changes since v9: > > - Rebase and add Ilias' fixes (thanks!) > > > > Changes since v8: > > - Fix a sandbox driver off-by-one error in checking the property type. > > - Fix log parsing again - any data corruption seen while replaying the > > event log was failing the entire measurement. > > - Added an option to ignore the existing log and a configuration option > > for systems to select that for the bootm measurement. This would only > > be selected for systems that know that U-Boot is the first stage > > bootloader. This is necessary because the reserved memory region may > > persist through resets and so U-Boot attempts to append to the > > previous boot's log. > > > > Changes since v7: > > - Change name of tcg2_init_log and add more documentation > > - Add a check, when parsing the event log header, to ensure that the > > previous stage bootloader used all the active PCRs. > > - Change name of tcg2_log_find_end > > - Fix the greater than or equal to check to exit the log parsing > > - Make sure log_position is 0 if there is any error discovering the log > > - Return errors parsing the log if the data is corrupt so that we don't > > end up with half a log > > > > Changes since v6: > > - Added comment for bootm_measure > > - Fixed line length in bootm_measure > > - Added Linaro copyright for all the EFI moved code > > - Changed tcg2_init_log (and by extension, tcg2_measurement_init) to > > copy any discovered event log to the user's log if passed in. > > > > Changes since v5: > > - Re-ordered the patches to put the sandbox TPM driver patch second > > - Remove unused platform_get_eventlog in efi_tcg2.c > > - First look for tpm_event_log_* properties instead of linux,sml-* > > - Fix efi_tcg2.c compilation > > - Select SHA* configs > > - Remove the !SANDBOX dependency for EFI TCG2 > > - Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT > > is enabled > > > > Changes since v4: > > - Remove tcg2_measure_event function and check for NULL data in > > tcg2_measure_data > > - Use tpm_auto_startup > > - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function > > - Change PCR indexes for initrd and dtb > > - Drop u8 casting in measurement test > > - Use bullets in documentation > > > > Changes since v3: > > - Reordered headers > > - Refactored more of EFI code into common code > > Removed digest_info structure and instead used the common alg_to_mask > > and alg_to_len > > Improved event log parsing in common code to get it equivalent to EFI > > Common code now extends PCR if previous bootloader stage couldn't > > No need to allocate memory in the common code, so EFI copies the > > discovered buffer like it did before > > Rename efi measure_event function > > > > Changes since v2: > > - Add documentation. > > - Changed reserved memory address to the top of the RAM for sandbox dts. > > - Add measure state to booti and bootz. > > - Skip measurement for EFI images that should be measured > > > > Changes since v1: > > - Refactor TPM layer functions to allow EFI system to use them, and > > remove duplicate EFI functions. > > - Add test case > > - Drop #ifdefs for bootm > > - Add devicetree measurement config option > > - Update sandbox TPM driver > > > > Eddie James (6): > > tpm: Fix spelling for tpmu_ha union > > tpm: sandbox: Update for needed TPM2 capabilities > > tpm: Support boot measurements > > bootm: Support boot measurement > > test: Add sandbox TPM boot measurement > > doc: Add measured boot documentation > > > > Ilias Apalodimas (2): > > efi_loader: fix EFI_ENTRY point on get_active_pcr_banks > > test: use a non system PCR for testing PCR extend > > > > arch/sandbox/dts/sandbox.dtsi | 13 + > > arch/sandbox/dts/test.dts | 13 + > > boot/Kconfig | 32 ++ > > boot/bootm.c | 74 +++ > > cmd/booti.c | 1 + > > cmd/bootm.c | 2 + > > cmd/bootz.c | 1 + > > configs/sandbox_defconfig | 1 + > > doc/usage/index.rst | 1 + > > doc/usage/measured_boot.rst | 23 + > > drivers/tpm/tpm2_tis_sandbox.c | 100 ++-- > > include/bootm.h | 11 + > > include/efi_tcg2.h | 44 -- > > include/image.h | 1 + > > include/test/suites.h | 1 + > > include/tpm-v2.h | 263 ++++++++++- > > lib/Kconfig | 4 + > > lib/efi_loader/Kconfig | 2 - > > lib/efi_loader/efi_tcg2.c | 823 ++++----------------------------- > > lib/tpm-v2.c | 814 ++++++++++++++++++++++++++++++++ > > test/boot/Makefile | 1 + > > test/boot/measurement.c | 66 +++ > > test/cmd_ut.c | 4 + > > test/py/tests/test_tpm2.py | 16 +- > > 24 files changed, 1482 insertions(+), 829 deletions(-) > > create mode 100644 doc/usage/measured_boot.rst > > create mode 100644 test/boot/measurement.c > > > > -- > > 2.39.3 > >