Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
the time the patches were sent -next got merged into -master,
so I tried master now to include them into the 2024.01 release.
Apologies, if you don't mind please rebase
Thanks
/Ilias
>
>
> >
> > Thanks
> > /Ilias
> >
> > On Thu, 12 Oct 2023 at 16:49, Eddie J
On 10/13/23 12:22, Ilias Apalodimas wrote:
Hi Eddie,
This doesn't apply on -master, can you please rebase?
Ugh I thought you wanted -next... I can rebase again.
Thanks
/Ilias
On Thu, 12 Oct 2023 at 16:49, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images
Hi Eddie,
This doesn't apply on -master, can you please rebase?
Thanks
/Ilias
On Thu, 12 Oct 2023 at 16:49, Eddie James wrote:
>
> Use the sandbox TPM driver to measure some boot images in a unit
> test case.
>
> Signed-off-by: Eddie James
> Reviewed-by: Simon G
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
From: Sean Edmond
The TPM 2.0 command reference shows "auth" (type TPM2B_AUTH) before
"publicInfo" (type TPM2B_NV_PUBLIC).
The TPM v2 driver was updated to add this field. The sandbox driver
needs to be updated to match the driver implementation.
Signed-off-by: Sean Edmond
---
drivers/tpm/tp
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
From: Eddie James
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
arch/sandbox/dts/sandbox.dtsi | 13 +++
arch/sandbox/dts/test.dts | 13 +++
configs/sandbox_defconfig
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts
On Wed, 22 Feb 2023 at 20:02, Eddie James wrote:
>
> Use the sandbox TPM driver to measure some boot images in a unit
> test case.
>
> Signed-off-by: Eddie James
> Reviewed-by: Simon Glass
> ---
> Changes since v5:
> - Only compile in the measurement u-boot comman
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts/sandbox.dtsi | 13 +++
arch
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v4:
- Drop u8 casting in measurement test
Changes since v2:
- Changed reserved memory address to the top of the RAM for sandbox dts.
arch
Hi Eddie,
On Wed, 25 Jan 2023 at 10:18, Eddie James wrote:
>
> Use the sandbox TPM driver to measure some boot images in a unit
> test case.
>
> Signed-off-by: Eddie James
> ---
> arch/sandbox/dts/sandbox.dtsi | 14
> arch/sandbox/dts/test.dts
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
---
arch/sandbox/dts/sandbox.dtsi | 14
arch/sandbox/dts/test.dts | 13 +++
configs/sandbox_defconfig | 1 +
include/test/suites.h | 1 +
test/boot/Makefile
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
---
arch/sandbox/dts/sandbox.dtsi | 14
arch/sandbox/dts/test.dts | 13 +++
configs/sandbox_defconfig | 1 +
include/test/suites.h | 1 +
test/boot/Makefile
On 1/10/23 16:37, Heinrich Schuchardt wrote:
On 1/10/23 23:32, Heinrich Schuchardt wrote:
On 1/9/23 22:55, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images in a unit
test case.
$ ./u-boot -T -c "ut measurement"
Running 1 measurement tests
Tes
On 1/10/23 23:32, Heinrich Schuchardt wrote:
On 1/9/23 22:55, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images in a unit
test case.
$ ./u-boot -T -c "ut measurement"
Running 1 measurement tests
Test: measure: measurement.c
Failures: 0
Signed-off-by: E
On 1/9/23 22:55, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images in a unit
test case.
$ ./u-boot -T -c "ut measurement"
Running 1 measurement tests
Test: measure: measurement.c
Failures: 0
Signed-off-by: Eddie James
---
arch/sandbox/dts/tes
On 1/10/23 16:02, Heinrich Schuchardt wrote:
On 1/10/23 17:38, Eddie James wrote:
On 1/9/23 17:26, Heinrich Schuchardt wrote:
On 1/10/23 00:13, Heinrich Schuchardt wrote:
On 1/9/23 22:55, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images in a unit
test case.
$ ./u
On 1/10/23 17:38, Eddie James wrote:
On 1/9/23 17:26, Heinrich Schuchardt wrote:
On 1/10/23 00:13, Heinrich Schuchardt wrote:
On 1/9/23 22:55, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images in a unit
test case.
$ ./u-boot -T -c "ut measurement"
On 1/9/23 17:26, Heinrich Schuchardt wrote:
On 1/10/23 00:13, Heinrich Schuchardt wrote:
On 1/9/23 22:55, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images in a unit
test case.
$ ./u-boot -T -c "ut measurement"
Running 1 measurement tests
Test: measure: mea
On 1/10/23 00:13, Heinrich Schuchardt wrote:
On 1/9/23 22:55, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images in a unit
test case.
$ ./u-boot -T -c "ut measurement"
Running 1 measurement tests
Test: measure: measurement.c
Failures: 0
Signed-off-by: E
On 1/9/23 22:55, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images in a unit
test case.
$ ./u-boot -T -c "ut measurement"
Running 1 measurement tests
Test: measure: measurement.c
Failures: 0
Signed-off-by: Eddie James
---
arch/sandbox/dts/tes
Use the sandbox TPM driver to measure some boot images in a unit
test case.
$ ./u-boot -T -c "ut measurement"
Running 1 measurement tests
Test: measure: measurement.c
Failures: 0
Signed-off-by: Eddie James
---
arch/sandbox/dts/test.dts | 12 +++
configs/sandbox_defconfig | 1
;
> "dfu_alt_info" env variable not defined!
> Probably dfu_alt_info not defined
> "dfu_alt_info" env variable not defined!
> Probably dfu_alt_info not defined
> Booting /EFI\grub\shimriscv64.efi
> PE image measurement failed <<<<<<<<<
as bugs? If it is incomplete,
what is needed by U-Boot?
A TPM emulation as UNIX socket exists with
https://github.com/stefanberger/swtpm.git. QEMU already uses this emulator.
Couldn't the sandbox do the same? I think this is the fastest way to get
a compliant sandbox TPM.
Well we could
s://github.com/stefanberger/swtpm.git. QEMU already uses this
> > > emulator.
> > >
> > > Couldn't the sandbox do the same? I think this is the fastest way to get
> > > a compliant sandbox TPM.
> >
> > Well we could if we need it. Are you sure it
mplete or that it has bugs? If it is incomplete,
> what is needed by U-Boot?
>
> >
> > A TPM emulation as UNIX socket exists with
> > https://github.com/stefanberger/swtpm.git. QEMU already uses this emulator.
> >
> > Couldn't the sandbox do the same? I think this i
as UNIX socket exists with
> https://github.com/stefanberger/swtpm.git. QEMU already uses this emulator.
>
> Couldn't the sandbox do the same? I think this is the fastest way to get
> a compliant sandbox TPM.
Well we could if we need it. Are you sure it is a good idea? There
liant sandbox TPM.
Best regards
Heinrich
This function current handles the kernel case incorrectly. Fix it, and
use the shorter TPM_HDR_LEN while we are here.
Signed-off-by: Simon Glass
---
(no changes since v1)
drivers/tpm/tpm_tis_sandbox.c | 14 --
1 file changed, 4 insertions(+), 10 deletions(-)
Applied to u-boot-dm,
At present this code assumes that the TPM data has been read but this may
not be the case. Refactor the code to use a separate pointer so we know
the current state of the data.
Add error checking for the data size.
Signed-off-by: Simon Glass
---
(no changes since v1)
drivers/tpm/tpm_tis_sandb
Add checking as to whether the current TPM state is valid, so we can
implement reading/writing the state.
Signed-off-by: Simon Glass
---
(no changes since v1)
drivers/tpm/tpm2_tis_sandbox.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
Applied to u-boot-dm, thanks!
We want to support nvdata in TPM2 as well. To avoid code duplicating the
associated code, move it into a common file.
Drop the special-case logic for the kernel space. This can be handled by
the higher-level code now, i.e. in vboot itself.
Signed-off-by: Simon Glass
---
(no changes since v1)
At present the tpm2 emulator does not support storing the device state.
Add this so we can handle the normal vboot flow through the sandbox
executables (VPL->SPL etc.) with the TPM contents staying in place.
Note: sandbox has not yet been converted to use livetree for the state
information, since
Add support for this command, moving away from the previous approach of
hard-coding the initial data in the driver, now that the kernel-space data
has to be set up by the higher-level vboot code.
Signed-off-by: Simon Glass
---
(no changes since v1)
drivers/tpm/sandbox_common.c | 11 ++
Add support for this feature in the TPM2 emulator, to support Chromium OS
vboot.
Signed-off-by: Simon Glass
---
(no changes since v1)
drivers/tpm/tpm2_tis_sandbox.c | 68 ++
include/tpm-v2.h | 2 +
2 files changed, 70 insertions(+)
Applied to u-b
Tidy up the missing comments for this struct.
Signed-off-by: Simon Glass
---
(no changes since v1)
drivers/tpm/tpm2_tis_sandbox.c | 20
1 file changed, 16 insertions(+), 4 deletions(-)
Applied to u-boot-dm, thanks!
It is fairly easy to handle this case and it makes the emulator more
useful, since PCRs are commonly extended several times.
Add support for this, using U-Boot's sha256 support.
For now sandbox only supports a single PCR, but that is enough for the
tests that currently exist.
Signed-off-by: Simo
This is the number of PCRs, so the current check is off by one. Also the
map itself should not be checked, just the resulting pcr_index, to avoid
confusing people who read the code.
Fix these problems.
Signed-off-by: Simon Glass
---
Changes in v2:
- Add new patch to correct handling of SANDBOX_
Hi Ilias,
On Thu, 15 Jul 2021 at 13:21, Ilias Apalodimas
wrote:
>
> On Thu, 15 Jul 2021 at 22:04, Ilias Apalodimas
> wrote:
> >
> > On Mon, Jul 05, 2021 at 09:48:49AM -0600, Simon Glass wrote:
> > > It is fairly easy to handle this case and it makes the emulator more
> > > useful, since PCRs are
It is fairly easy to handle this case and it makes the emulator more
useful, since PCRs are commonly extended several times.
Add support for this, using U-Boot's sha256 support.
For now sandbox only supports a single PCR, but that is enough for the
tests that currently exist.
Signed-off-by: Simo
DBOX_TPM_PCR_NB) {
- printf("Sandbox TPM handles up to %d PCR(s)\n",
- SANDBOX_TPM_PCR_NB);
- rc = TPM2_RC_VALUE;
- return sandbox_tpm2_fill_buf(recv, recv_len, tag, rc);
- }
-
if (!pcr_map) {
-
At present the tpm2 emulator does not support storing the device state.
Add this so we can handle the normal vboot flow through the sandbox
executables (VPL->SPL etc.) with the TPM contents staying in place.
Note: sandbox has not yet been converted to use livetree for the state
information, since
Add support for this feature in the TPM2 emulator, to support Chromium OS
vboot.
Signed-off-by: Simon Glass
---
(no changes since v1)
drivers/tpm/tpm2_tis_sandbox.c | 68 ++
include/tpm-v2.h | 2 +
2 files changed, 70 insertions(+)
diff --git a/d
Add checking as to whether the current TPM state is valid, so we can
implement reading/writing the state.
Signed-off-by: Simon Glass
---
(no changes since v1)
drivers/tpm/tpm2_tis_sandbox.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/tpm/tpm2_tis_sand
Tidy up the missing comments for this struct.
Signed-off-by: Simon Glass
---
(no changes since v1)
drivers/tpm/tpm2_tis_sandbox.c | 20
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c
index 24c8
This function current handles the kernel case incorrectly. Fix it, and
use the shorter TPM_HDR_LEN while we are here.
Signed-off-by: Simon Glass
---
(no changes since v1)
drivers/tpm/tpm_tis_sandbox.c | 14 --
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/drivers/t
At present this code assumes that the TPM data has been read but this may
not be the case. Refactor the code to use a separate pointer so we know
the current state of the data.
Add error checking for the data size.
Signed-off-by: Simon Glass
---
(no changes since v1)
drivers/tpm/tpm_tis_sandb
Add support for this command, moving away from the previous approach of
hard-coding the initial data in the driver, now that the kernel-space data
has to be set up by the higher-level vboot code.
Signed-off-by: Simon Glass
---
(no changes since v1)
drivers/tpm/sandbox_common.c | 11 ++
space */
-#define NV_DATA_SIZE 0x20
-
-struct nvdata_state {
- bool present;
- u8 data[NV_DATA_SIZE];
-};
-
/*
* Information about our TPM emulation. This is preserved in the sandbox
* state file if enabled.
@@ -140,27 +89,6 @@ static int sandbox_tpm_write_state(void *blob, int no
On Thu, 15 Jul 2021 at 22:04, Ilias Apalodimas
wrote:
>
> On Mon, Jul 05, 2021 at 09:48:49AM -0600, Simon Glass wrote:
> > It is fairly easy to handle this case and it makes the emulator more
> > useful, since PCRs are commonly extended several times.
> >
> > Add support for this, using U-Boot's s
On Mon, Jul 05, 2021 at 09:48:49AM -0600, Simon Glass wrote:
> It is fairly easy to handle this case and it makes the emulator more
> useful, since PCRs are commonly extended several times.
>
> Add support for this, using U-Boot's sha256 support.
>
> Signed-off-by: Simon Glass
> ---
>
> driver
On Mon, Jul 05, 2021 at 09:48:45AM -0600, Simon Glass wrote:
> Tidy up the missing comments for this struct.
>
> Signed-off-by: Simon Glass
> ---
>
> drivers/tpm/tpm2_tis_sandbox.c | 20
> 1 file changed, 16 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/tpm/tpm2_t
Hi Simon,
On Mon, Jul 05, 2021 at 09:48:44AM -0600, Simon Glass wrote:
> This function current handles the kernel case incorrectly. Fix it, and
> use the shorter TPM_HDR_LEN while we are here.
>
> Signed-off-by: Simon Glass
> ---
>
> drivers/tpm/tpm_tis_sandbox.c | 14 --
> 1 file
At present the tpm2 emulator does not support storing the device state.
Add this so we can handle the normal vboot flow through the sandbox
executables (VPL->SPL etc.) with the TPM contents staying in place.
Note: sandbox has not yet been converted to use livetree for the state
information, since
Add support for this feature in the TPM2 emulator, to support Chromium OS
vboot.
Signed-off-by: Simon Glass
---
drivers/tpm/tpm2_tis_sandbox.c | 68 ++
include/tpm-v2.h | 2 +
2 files changed, 70 insertions(+)
diff --git a/drivers/tpm/tpm2_tis_san
It is fairly easy to handle this case and it makes the emulator more
useful, since PCRs are commonly extended several times.
Add support for this, using U-Boot's sha256 support.
Signed-off-by: Simon Glass
---
drivers/tpm/tpm2_tis_sandbox.c | 19 ---
1 file changed, 12 insertion
Add checking as to whether the current TPM state is valid, so we can
implement reading/writing the state.
Signed-off-by: Simon Glass
---
drivers/tpm/tpm2_tis_sandbox.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm
This function current handles the kernel case incorrectly. Fix it, and
use the shorter TPM_HDR_LEN while we are here.
Signed-off-by: Simon Glass
---
drivers/tpm/tpm_tis_sandbox.c | 14 --
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/drivers/tpm/tpm_tis_sandbox.c b/
Tidy up the missing comments for this struct.
Signed-off-by: Simon Glass
---
drivers/tpm/tpm2_tis_sandbox.c | 20
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c
index 24c804a5645..5e0bd304699 10
At present this code assumes that the TPM data has been read but this may
not be the case. Refactor the code to use a separate pointer so we know
the current state of the data.
Add error checking for the data size.
Signed-off-by: Simon Glass
---
drivers/tpm/tpm_tis_sandbox.c | 35 +
Add support for this command, moving away from the previous approach of
hard-coding the initial data in the driver, now that the kernel-space data
has to be set up by the higher-level vboot code.
Signed-off-by: Simon Glass
---
drivers/tpm/sandbox_common.c | 11 +++
drivers/tpm/sandbox_
x20
-
-struct nvdata_state {
- bool present;
- u8 data[NV_DATA_SIZE];
-};
-
/*
* Information about our TPM emulation. This is preserved in the sandbox
* state file if enabled.
@@ -140,27 +89,6 @@ static int sandbox_tpm_write_state(void *blob, int node)
SANDBOX_STATE_IO(sandbox
This is not normally useful, so change the code to avoid writing out every
data package. This can be enabled with #define DEBUG.
Signed-off-by: Simon Glass
---
drivers/tpm/tpm_tis_sandbox.c | 6 ++
1 file changed, 6 insertions(+)
Applied to u-boot-dm/master, thanks!
___
This is not normally useful, so change the code to avoid writing out every
data package. This can be enabled with #define DEBUG.
Signed-off-by: Simon Glass
---
drivers/tpm/tpm_tis_sandbox.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/drivers/tpm/tpm_tis_sandbox.c b/drivers/tpm/tpm
This driver was originally written against Chromium OS circa 2012. A few
new features have been added. Enhance the TPM driver to match. This mostly
includes a few new messages and properly modelling whether a particular
'space' is present or not.
Signed-off-by: Simon Glass
---
drivers/tpm/tpm_t
Use an enum for command values instead of open-coding them. This removes
the need for comments. Also make sure the driver returns proper error
numbers instead of -1.
Signed-off-by: Simon Glass
---
drivers/tpm/tpm_tis_sandbox.c | 20 ++--
include/tpm-v1.h | 14 ++
This driver was originally written against Chromium OS circa 2012. A few
new features have been added. Enhance the TPM driver to match. This mostly
includes a few new messages and properly modelling whether a particular
'space' is present or not.
Signed-off-by: Simon Glass
---
drivers/tpm/tpm_t
Use an enum for command values instead of open-coding them. This removes
the need for comments. Also make sure the driver returns proper error
numbers instead of -1.
Signed-off-by: Simon Glass
---
drivers/tpm/tpm_tis_sandbox.c | 20 ++--
include/tpm-v1.h | 14 ++
From: Che-Liang Chiou
The original codes misused recvbuf in source buffer instead of sendbuf,
and read from incorrect offset 14 instead of 22.
Signed-off-by: Che-Liang Chiou
Signed-off-by: Simon Glass
Reviewed-by: Simon Glass
Tested-by: Che-Liang Chiou
---
drivers/tpm/tpm_tis_sandbox.c | 4
dt_setprop(blob, node, prop_name, state.nvdata[i],
+ NV_DATA_SIZE);
+ }
+
+ return 0;
+}
+
+SANDBOX_STATE_IO(sandbox_tpm, "google,sandbox-tpm", sandbox_tpm_read_state,
+sandbox_tpm_write_state);
+
+static int index_to_seq(uint32_t index)
+{
+ switch (index
76 matches
Mail list logo
