Hi Simon, On Wed, 21 Jul 2021 at 03:34, Simon Glass <s...@chromium.org> wrote: > > Hi, > > On Wed, 14 Jul 2021 at 06:59, Masahisa Kojima > <masahisa.koj...@linaro.org> wrote: > > > > TCG PC Client PFP spec requires to measure the secure > > boot policy before validating the UEFI image. > > This commit adds the secure boot variable measurement > > of "SecureBoot", "PK", "KEK", "db" and "dbx". > > > > Note that this implementation assumes that secure boot > > variables are pre-configured and not be set/updated in runtime. > > > > Signed-off-by: Masahisa Kojima <masahisa.koj...@linaro.org> > > --- > > > > Changes in v2: > > - missing null check for getting variable data > > - some minor fix for readability > > > > include/efi_tcg2.h | 20 ++++++ > > lib/efi_loader/efi_tcg2.c | 139 ++++++++++++++++++++++++++++++++++++++ > > 2 files changed, 159 insertions(+) > > It looks like this code should be in lib/tpm or similar as much of it > is not specific to EFI?
Yes, it is not directly related to EFI, but I think very small amount of code will be moved to lib/tpm or similar place. lib/efi_loader/efi_tcg2.c currently implement two specs, TCG EFI Protocol spec and TCG PC Client PFP spec. There are many duplication in these specs, I think it is difficult to split lib/efi_loader/efi_tcg2.c file into separate file. In addition, efi tcg2 eventlog is currently created and initialized during the efi init. The major purpose of my patch series is extending measurement support, I would like to implement these measurement in efi_tcg2.c for now. In near future, u-boot must consider to support eventlog handoff from former firmware such as trusted firmware, so current eventlog buffer preparation in efi init will be modified. Then I would like to discuss implementation of lib/efi_loader/efi_tcg2.c at that time. Thanks, Masahisa Kojima > > Regards, > Simon
