Hi Stuart,

On Mon, 28 Oct 2019 at 17:27, Stuart Yoder <b08...@gmail.com> wrote:
>
> I saw Simon's write-up here: https://lwn.net/Articles/571031/, which
> references TPM
> and trusted boot support using the TPM.
>
> I've started looking at the TPM support code in u-boot, and am trying
> to understand
> it.  Before getting too far I wanted to check if there were any
> pointers anyone might
> have around any documentation or material that provides more detail on what 
> the
> u-boot TPM support does and does not do.  I didn't see any .txt files in 
> u-boot.
>
> The supports seems oriented around using commands and scripts to
> measure images.  One
> specific thing I'm interested is how the u-boot script itself that takes the 
> TPM
> measurements is protected against tampering.

Actually verified boot does not use the TPM at all.

What do you want the TPM to do? If you want measured boot then you
would need to call measure / extend before/after loading each stage.

>
> Also, it doesn't look like TCG compliant event logs are supported.

OK, might need to be added.

Regards,
Simon
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot

Reply via email to