there. There's
no mention of ACPI in 3.3.4.2 PCR[1] – Host Platform Configuration.
However, in Figure 6 -- PCR Mapping of UEFI Components ACPI is shown
in PCR1. The general description also mentions PCR0 is for code and PCR1
is for data such as ACPI and SMBIOS.
Thanks, looks correct.
Reviewed
On 3/26/24 11:15, Tim Harvey wrote:
On Tue, Mar 26, 2024 at 2:24 AM Ilias Apalodimas
wrote:
Hi Tim,
On Tue, 26 Mar 2024 at 03:15, Tim Harvey wrote:
Greetings,
I'm unable to understand why tcg2_platform_get_log is failing to read
a memory region.
For example the following diffs:
I am not
On 3/26/24 11:15, Tim Harvey wrote:
On Tue, Mar 26, 2024 at 2:24 AM Ilias Apalodimas
wrote:
Hi Tim,
On Tue, 26 Mar 2024 at 03:15, Tim Harvey wrote:
Greetings,
I'm unable to understand why tcg2_platform_get_log is failing to read
a memory region.
For example the following diffs:
I am not
On 10/25/23 07:41, Ilias Apalodimas wrote:
On Tue, 24 Oct 2023 at 18:44, Eddie James wrote:
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
er functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 ca
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v12:
- Add a bit of detail about OS usage and what pieces are measured
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 31
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
but since this used to work on earlier
versions I suspect it's going to be trivial to fix
Cheers
/Ilias
On Thu, 19 Oct 2023 at 19:21, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been mo
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v12:
- Add a bit of detail about OS usage and what pieces are measured
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 31
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
nctions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot measurements
bootm: Support boot measurement
t
On 10/12/23 10:29, Simon Glass wrote:
Hi Eddie,
On Thu, 12 Oct 2023 at 08:08, Eddie James wrote:
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
This could use a bit more detail. What pieces are measured? What DT
binding is
On 10/13/23 12:22, Ilias Apalodimas wrote:
Hi Eddie,
This doesn't apply on -master, can you please rebase?
Ugh I thought you wanted -next... I can rebase again.
Thanks
/Ilias
On Thu, 12 Oct 2023 at 16:49, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
t config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot measurements
bootm: Support boot measurement
test: Add sandbox TPM boot measurement
doc: Add measured boot documenta
On 8/10/23 02:44, Ilias Apalodimas wrote:
On Wed, Aug 09, 2023 at 09:01:40AM -0500, Eddie James wrote:
On 8/9/23 05:43, Ilias Apalodimas wrote:
On Wed, 9 Aug 2023 at 13:42, Heinrich Schuchardt wrote:
On 8/9/23 10:34, Ilias Apalodimas wrote:
Hi Eddie
On Mon, Aug 07, 2023 at 02:25:37PM
On 8/9/23 05:43, Ilias Apalodimas wrote:
On Wed, 9 Aug 2023 at 13:42, Heinrich Schuchardt wrote:
On 8/9/23 10:34, Ilias Apalodimas wrote:
Hi Eddie
On Mon, Aug 07, 2023 at 02:25:37PM -0500, Eddie James wrote:
Add TPM2 functions to support boot measurement. This includes
starting up the
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
EFI images that should be measured
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix s
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
On 8/7/23 10:56, Ilias Apalodimas wrote:
Hi Eddie,
On Mon, 7 Aug 2023 at 18:17, Eddie James wrote:
From: Ilias Apalodimas
We need a commit message for that. Something along the lines of
efi_tcg2_get_active_pcr_banks() doesnt immediately call the
EFI_ENTRY() wrappers once it enters the
On 8/7/23 10:50, Ilias Apalodimas wrote:
Hi Eddie,
On Mon, 7 Aug 2023 at 18:18, Eddie James wrote:
From: Ilias Apalodimas
Signed-off-by: Ilias Apalodimas
---
lib/tpm-v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index d22e21985b
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
From: Ilias Apalodimas
Signed-off-by: Ilias Apalodimas
---
lib/tpm-v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index d22e21985b..bd0fb078dc 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -671,7 +671,7 @@ __weak int tcg2_platform_get_log(
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
From: Ilias Apalodimas
commit ("")
replaced the forced and sandbox tpm2 initialization running 'tpm2
autostart' instead of the startup tpm sequence. The difference is that
the new function handles the internal tpm_init state internally and
doesn't return an error when trying to initiali
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
d
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot measurements
bootm:
From: Ilias Apalodimas
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index 5f0f4b5dd2..829bae7436 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_lo
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
On 8/7/23 09:52, Ilias Apalodimas wrote:
Hi,
On Mon, 7 Aug 2023 at 17:43, Eddie James wrote:
On 8/4/23 13:10, Sean Edmond wrote:
On 2023-03-08 1:25 p.m., Eddie James wrote:
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti
On 8/4/23 13:10, Sean Edmond wrote:
On 2023-03-08 1:25 p.m., Eddie James wrote:
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since
v9? I believed I had fixed at least
some of the failures with patch 2 to update the sandbox driver. I also
haven't figured out how to run the ci suite locally
Thanks,
Eddie
Thanks
/Ilias
On Wed, 8 Mar 2023 at 23:25, Eddie James wrote:
Add TPM2 functions to support boot measure
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
tem to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot meas
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
ks,
Eddie
[0] https://source.denx.de/u-boot/custodians/u-boot-tpm/-/pipelines/15471
Regards
/Ilias
On Fri, Mar 03, 2023 at 01:25:00PM -0600, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have bee
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v6:
- Added comment for bootm_measure
- Fixed line length in bootm_measure
boot
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
I system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
On 3/2/23 14:22, Ilias Apalodimas wrote:
Hi Eddie,
I found the issue. I still think we could squeeze things even more in our
abstraction. Specifically the measure_event() tcg2_agile_log_append()
contain some efi specific bits and I am trying to figure out if we can make
those more generic.
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v6:
- Added comment for bootm_measure
- Fixed line length in bootm_measure
boot
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
Skip measurement for EFI images that should be measured
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie J
On 2/22/23 14:26, Heinrich Schuchardt wrote:
Am 22. Februar 2023 19:02:42 MEZ schrieb Eddie James :
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files
On 2/23/23 03:47, Ilias Apalodimas wrote:
On Thu, 23 Feb 2023 at 11:30, Ilias Apalodimas
wrote:
On Thu, 23 Feb 2023 at 11:02, Ilias Apalodimas
wrote:
Hi Eddie,
final_event->number_of_events++;
@@ -350,66 +142,6 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index,
u32 even
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts/sandbox.dtsi | 13 +++
arch
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
diff --git a/doc/usage
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
---
boot/Kconfig| 23
boot/bootm.c| 70 +
cmd/booti.c
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
booti and bootz.
- Skip measurement for EFI images that should be measured
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TP
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
On 2/21/23 23:36, Joel Stanley wrote:
On Thu, 2 Feb 2023 at 17:08, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been moved to
the TPM layer. The series includes optional measurement from
On 2/22/23 05:33, Ilias Apalodimas wrote:
Hi Eddie,
On Tue, Feb 21, 2023 at 04:38:58PM -0600, Eddie James wrote:
On 2/6/23 06:20, Ilias Apalodimas wrote:
Thanks Eddie,
I quickly tested this but the EFI subsystem fails to initialize the TCG
protocol properly now. Unfortunately I am on a
pportunity to test this, have you?
Thanks,
Eddie
Cheers
/Ilias
On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been moved to
the TPM layer. The serie
On 2/2/23 11:12, Simon Glass wrote:
Hi Eddie / Ilias,
On Thu, 2 Feb 2023 at 09:24, Eddie James wrote:
On 1/26/23 01:51, Ilias Apalodimas wrote:
Hi Eddie,
Thanks for the cleanup! Unfortunately this doesn't compile with EFI
selected, but in general it looks pretty good.
Thanks,
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
---
Changes since v4:
- Use bullets for the requirements list
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v4:
- Drop u8 casting in measurement test
Changes since v2:
- Changed reserved memory address to the top of the RAM for sandbox dts.
arch
1 - 100 of 163 matches
Mail list logo
