On 1/10/23 22:42, Eddie James wrote:
On 1/9/23 17:35, Heinrich Schuchardt wrote:
On 1/9/23 22:55, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been moved to
the TPM layer. The series includes optional measurement from the bootm
command.
A new test case has been added for the bootm measurement to test the new
path, and the sandbox TPM2 driver has been updated to support this use
case.
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
This looks like a useful feature to me. Some questions remain:
How about the booti and bootz commands. Are they covered by the change?
No, not yet.
Please, add the measurements in common code for all boot commands
(except bootefi).
What are the consequences of your changes for UEFI FIT images (cf.
CONFIG_BOOTM_EFI)?
I suppose the image would be measured twice, but only if the user
selected both of the relevant config options.
We should have a test case for this.
Best regards
Heinrich
