On 10/25/23 07:41, Ilias Apalodimas wrote:
On Tue, 24 Oct 2023 at 18:44, Eddie James <eaja...@linux.ibm.com> wrote:Add a configuration option to measure the boot through the bootm function. Add the measurement state to the booti and bootz paths as well. Signed-off-by: Eddie James <eaja...@linux.ibm.com> Reviewed-by: Simon Glass <s...@chromium.org> --- Changes since v8: - Added a configuration option to select to ignore any existing event log. This would only be selected for systems that know that U-Boot is the first stage bootloader. This is necessary because the reserved memory region may persist through resets and so U-Boot attempts to append to the previous boot's log. Changes since v6: - Added comment for bootm_measure - Fixed line length in bootm_measure boot/Kconfig | 32 +++++++++++++++++++++ boot/bootm.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++++ cmd/booti.c | 1 + cmd/bootm.c | 2 ++ cmd/bootz.c | 1 + include/bootm.h | 11 ++++++++ include/image.h | 1 + 7 files changed, 122 insertions(+) diff --git a/boot/Kconfig b/boot/Kconfig index a01e6cb8aa..abbc72f4cf 100644 --- a/boot/Kconfig +++ b/boot/Kconfig @@ -685,6 +685,38 @@ config LEGACY_IMAGE_FORMAT loaded. If a board needs the legacy image format support in this case, enable it here. +config MEASURED_BOOT + bool "Measure boot images and configuration to TPM and event log" + depends on HASH && TPM_V2I know Simon reviewed this already, but don't we need to add !EFI here? UEFI already supports measurements via the TCG protocol implementation. But since EFI is 'default y' nowadays anyone minds if I change the help & bool messages during merge? Something along the lines of bool "Measure boot images and configuration to TPM and event log when booting without EFI"
Oh right, yes, go ahead, that sounds good, thanks. Eddie
[...] Thanks /Ilias
