On Fri, Apr 11, 2025 at 4:10 AM James Hilliard
wrote:
>
> Currently we pass this for u-boot-spl.kwb targets, however when
> building sunxi-spl.bin in the TOC0 format we may also need to
> specify a KEYDIR, as such we should also pass this when set
> to mkimage for the sunxi
Currently we pass this for u-boot-spl.kwb targets, however when
building sunxi-spl.bin in the TOC0 format we may also need to
specify a KEYDIR, as such we should also pass this when set
to mkimage for the sunxi-spl.bin target.
Signed-off-by: James Hilliard
---
scripts/Makefile.xpl | 3 ++-
1
-by: Eddie James
So let's switch over the DTB measurements to PCR1 which seems a better
fit.
[0]
https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification
Reported-by: Heinrich Schuchardt
Signed-off-by: Ilias Apalodimas
---
boot/bootm.c
On Tue, Apr 2, 2024 at 6:41 AM Michal Simek wrote:
>
>
>
> On 4/1/24 01:28, James Hilliard wrote:
> > There are situations where we may want to let U-Boot modify the FDT
> > nand partitions for the kernel, such as when supporting multiple
> > sizes of NAND chips
There are situations where we may want to let U-Boot modify the FDT
nand partitions for the kernel, such as when supporting multiple
sizes of NAND chips.
Signed-off-by: James Hilliard
---
Changes v1 -> v2:
- move partition fixups to board/xilinx/common/board.c
---
board/xilinx/common/boar
On 3/26/24 11:15, Tim Harvey wrote:
On Tue, Mar 26, 2024 at 2:24 AM Ilias Apalodimas
wrote:
Hi Tim,
On Tue, 26 Mar 2024 at 03:15, Tim Harvey wrote:
Greetings,
I'm unable to understand why tcg2_platform_get_log is failing to read
a memory region.
For example the following diffs:
I am not
On 3/26/24 11:15, Tim Harvey wrote:
On Tue, Mar 26, 2024 at 2:24 AM Ilias Apalodimas
wrote:
Hi Tim,
On Tue, 26 Mar 2024 at 03:15, Tim Harvey wrote:
Greetings,
I'm unable to understand why tcg2_platform_get_log is failing to read
a memory region.
For example the following diffs:
I am not
On Mon, Mar 18, 2024 at 5:07 AM Michal Simek wrote:
>
>
>
> On 3/18/24 09:48, James Hilliard wrote:
> > On Mon, Mar 18, 2024 at 2:26 AM Michal Simek wrote:
> >>
> >>
> >>
> >> On 3/15/24 20:25, James Hilliard wrote:
> >>> T
On Mon, Mar 18, 2024 at 2:26 AM Michal Simek wrote:
>
>
>
> On 3/15/24 20:25, James Hilliard wrote:
> > There are situations where we may want to let U-Boot modify the FDT
>
> please use imperative mood.
>
> > nand partitions for the kernel, such as when supp
so that we can add non-common functionality to each
ft_board_setup like FDT_FIXUP_PARTITIONS as needed.
This pattern is modeled after the one used by tdx-common.c.
Signed-off-by: James Hilliard
---
board/xilinx/common/board.c | 2 +-
board/xilinx/common/board.h | 2 ++
board/xilinx/mbv
On 10/25/23 07:41, Ilias Apalodimas wrote:
On Tue, 24 Oct 2023 at 18:44, Eddie James wrote:
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
er functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 ca
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v12:
- Add a bit of detail about OS usage and what pieces are measured
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 31
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
but since this used to work on earlier
versions I suspect it's going to be trivial to fix
Cheers
/Ilias
On Thu, 19 Oct 2023 at 19:21, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been mo
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v12:
- Add a bit of detail about OS usage and what pieces are measured
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 31
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
nctions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot measurements
bootm: Support boot measurement
t
On 10/12/23 10:29, Simon Glass wrote:
Hi Eddie,
On Thu, 12 Oct 2023 at 08:08, Eddie James wrote:
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
This could use a bit more detail. What pieces are measured? What DT
binding is
On 10/13/23 12:22, Ilias Apalodimas wrote:
Hi Eddie,
This doesn't apply on -master, can you please rebase?
Ugh I thought you wanted -next... I can rebase again.
Thanks
/Ilias
On Thu, 12 Oct 2023 at 16:49, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
t config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot measurements
bootm: Support boot measurement
test: Add sandbox TPM boot measurement
doc: Add measured boot documenta
On 8/10/23 02:44, Ilias Apalodimas wrote:
On Wed, Aug 09, 2023 at 09:01:40AM -0500, Eddie James wrote:
On 8/9/23 05:43, Ilias Apalodimas wrote:
On Wed, 9 Aug 2023 at 13:42, Heinrich Schuchardt wrote:
On 8/9/23 10:34, Ilias Apalodimas wrote:
Hi Eddie
On Mon, Aug 07, 2023 at 02:25:37PM
On 8/9/23 05:43, Ilias Apalodimas wrote:
On Wed, 9 Aug 2023 at 13:42, Heinrich Schuchardt wrote:
On 8/9/23 10:34, Ilias Apalodimas wrote:
Hi Eddie
On Mon, Aug 07, 2023 at 02:25:37PM -0500, Eddie James wrote:
Add TPM2 functions to support boot measurement. This includes
starting up the
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
EFI images that should be measured
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix s
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
On 8/7/23 10:56, Ilias Apalodimas wrote:
Hi Eddie,
On Mon, 7 Aug 2023 at 18:17, Eddie James wrote:
From: Ilias Apalodimas
We need a commit message for that. Something along the lines of
efi_tcg2_get_active_pcr_banks() doesnt immediately call the
EFI_ENTRY() wrappers once it enters the
On 8/7/23 10:50, Ilias Apalodimas wrote:
Hi Eddie,
On Mon, 7 Aug 2023 at 18:18, Eddie James wrote:
From: Ilias Apalodimas
Signed-off-by: Ilias Apalodimas
---
lib/tpm-v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index d22e21985b
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
From: Ilias Apalodimas
Signed-off-by: Ilias Apalodimas
---
lib/tpm-v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index d22e21985b..bd0fb078dc 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -671,7 +671,7 @@ __weak int tcg2_platform_get_log(
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false po
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
From: Ilias Apalodimas
commit ("")
replaced the forced and sandbox tpm2 initialization running 'tpm2
autostart' instead of the startup tpm sequence. The difference is that
the new function handles the internal tpm_init state internally and
doesn't return an error when trying to initiali
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
d
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot measurements
bootm:
From: Ilias Apalodimas
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index 5f0f4b5dd2..829bae7436 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_lo
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
On 8/7/23 09:52, Ilias Apalodimas wrote:
Hi,
On Mon, 7 Aug 2023 at 17:43, Eddie James wrote:
On 8/4/23 13:10, Sean Edmond wrote:
On 2023-03-08 1:25 p.m., Eddie James wrote:
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti
On 8/4/23 13:10, Sean Edmond wrote:
On 2023-03-08 1:25 p.m., Eddie James wrote:
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since
v9? I believed I had fixed at least
some of the failures with patch 2 to update the sandbox driver. I also
haven't figured out how to run the ci suite locally
Thanks,
Eddie
Thanks
/Ilias
On Wed, 8 Mar 2023 at 23:25, Eddie James wrote:
Add TPM2 functions to support boot measure
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
tem to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot meas
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
ks,
Eddie
[0] https://source.denx.de/u-boot/custodians/u-boot-tpm/-/pipelines/15471
Regards
/Ilias
On Fri, Mar 03, 2023 at 01:25:00PM -0600, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have bee
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v6:
- Added comment for bootm_measure
- Fixed line length in bootm_measure
boot
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
I system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
On 3/2/23 14:22, Ilias Apalodimas wrote:
Hi Eddie,
I found the issue. I still think we could squeeze things even more in our
abstraction. Specifically the measure_event() tcg2_agile_log_append()
contain some efi specific bits and I am trying to figure out if we can make
those more generic.
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v6:
- Added comment for bootm_measure
- Fixed line length in bootm_measure
boot
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
Skip measurement for EFI images that should be measured
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie J
On 2/22/23 14:26, Heinrich Schuchardt wrote:
Am 22. Februar 2023 19:02:42 MEZ schrieb Eddie James :
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files
On 2/23/23 03:47, Ilias Apalodimas wrote:
On Thu, 23 Feb 2023 at 11:30, Ilias Apalodimas
wrote:
On Thu, 23 Feb 2023 at 11:02, Ilias Apalodimas
wrote:
Hi Eddie,
final_event->number_of_events++;
@@ -350,66 +142,6 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index,
u32 even
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts/sandbox.dtsi | 13 +++
arch
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
diff --git a/doc/usage
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
---
boot/Kconfig| 23
boot/bootm.c| 70 +
cmd/booti.c
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
M driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot measurements
bootm: Support boot measurement
test: Add sandbox TPM boot measurement
doc: Add measured boot documentation
arch/sandbox/dts/sandbox.dtsi
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
1 - 100 of 297 matches
Mail list logo
