Hi Eddie, On Thu, 12 Oct 2023 at 08:08, Eddie James <eaja...@linux.ibm.com> wrote: > > Briefly describe the feature and specify the requirements. > > Signed-off-by: Eddie James <eaja...@linux.ibm.com> > Reviewed-by: Simon Glass <s...@chromium.org>
This could use a bit more detail. What pieces are measured? What DT binding is used for the TPM? How is the info checked by the OS or whatever? > --- > doc/usage/index.rst | 1 + > doc/usage/measured_boot.rst | 23 +++++++++++++++++++++++ > 2 files changed, 24 insertions(+) > create mode 100644 doc/usage/measured_boot.rst > > diff --git a/doc/usage/index.rst b/doc/usage/index.rst > index fa702920fa..fb043a8923 100644 > --- a/doc/usage/index.rst > +++ b/doc/usage/index.rst > @@ -14,6 +14,7 @@ Use U-Boot > partitions > cmdline > semihosting > + measured_boot > > Shell commands > -------------- > diff --git a/doc/usage/measured_boot.rst b/doc/usage/measured_boot.rst > new file mode 100644 > index 0000000000..8357b1f480 > --- /dev/null > +++ b/doc/usage/measured_boot.rst > @@ -0,0 +1,23 @@ > +.. SPDX-License-Identifier: GPL-2.0+ > + > +Measured Boot > +===================== > + > +U-Boot can perform a measured boot, the process of hashing various components > +of the boot process, extending the results in the TPM and logging the > +component's measurement in memory for the operating system to consume. > + > +Requirements > +--------------------- > + > +* A hardware TPM 2.0 supported by the U-Boot drivers > +* CONFIG_TPM=y > +* CONFIG_MEASURED_BOOT=y > +* Device-tree configuration of the TPM device to specify the memory area > + for event logging. The TPM device node must either contain a phandle to > + a reserved memory region or "linux,sml-base" and "linux,sml-size" > + indicating the address and size of the memory region. An example can be > + found in arch/sandbox/dts/test.dts > +* The operating system must also be configured to use the memory regions > + specified in the U-Boot device-tree in order to make use of the event > + log. Regards, Simon
