Re: [PATCH v12 5/8] test: Add sandbox TPM boot measurement
Hi Eddie,
On Thu, 19 Oct 2023 at 16:29, Eddie James wrote:
>
>
> On 10/13/23 12:22, Ilias Apalodimas wrote:
> > Hi Eddie,
> >
> > This doesn't apply on -master, can you please rebase?
>
>
> Ugh I thought you wanted -next... I can rebase again.
Yea by the time the patches were sent -next got merged into -master,
so I tried master now to include them into the 2024.01 release.
Apologies, if you don't mind please rebase
Thanks
/Ilias
>
>
> >
> > Thanks
> > /Ilias
> >
> > On Thu, 12 Oct 2023 at 16:49, Eddie James wrote:
> >> Use the sandbox TPM driver to measure some boot images in a unit
> >> test case.
> >>
> >> Signed-off-by: Eddie James
> >> Reviewed-by: Simon Glass
> >> Acked-by: Ilias Apalodimas
> >> ---
> >> Changes since v5:
> >> - Only compile in the measurement u-boot command when
> >> CONFIG_MEASURED_BOOT is enabled.
> >>
> >> arch/sandbox/dts/sandbox.dtsi | 13 +++
> >> arch/sandbox/dts/test.dts | 13 +++
> >> configs/sandbox_defconfig | 1 +
> >> include/test/suites.h | 1 +
> >> test/boot/Makefile| 1 +
> >> test/boot/measurement.c | 66 +++
> >> test/cmd_ut.c | 4 +++
> >> 7 files changed, 99 insertions(+)
> >> create mode 100644 test/boot/measurement.c
> >>
> >> diff --git a/arch/sandbox/dts/sandbox.dtsi b/arch/sandbox/dts/sandbox.dtsi
> >> index ff7e5584c5..241f397ba6 100644
> >> --- a/arch/sandbox/dts/sandbox.dtsi
> >> +++ b/arch/sandbox/dts/sandbox.dtsi
> >> @@ -4,11 +4,23 @@
> >>* and sandbox64 builds.
> >>*/
> >>
> >> +#include
> >> #include
> >>
> >> #define USB_CLASS_HUB 9
> >>
> >> / {
> >> + reserved-memory {
> >> + #address-cells = <1>;
> >> + #size-cells = <1>;
> >> + ranges;
> >> +
> >> + event_log: tcg_event_log {
> >> + no-map;
> >> + reg = <(CFG_SYS_SDRAM_SIZE - 0x2000) 0x2000>;
> >> + };
> >> + };
> >> +
> >> binman {
> >> };
> >>
> >> @@ -342,6 +354,7 @@
> >>
> >> tpm2 {
> >> compatible = "sandbox,tpm2";
> >> + memory-region = <_log>;
> >> };
> >>
> >> triangle {
> >> diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts
> >> index 9a863ea732..bb2ddd9bf2 100644
> >> --- a/arch/sandbox/dts/test.dts
> >> +++ b/arch/sandbox/dts/test.dts
> >> @@ -9,6 +9,7 @@
> >>
> >> /dts-v1/;
> >>
> >> +#include
> >> #include
> >> #include
> >> #include
> >> @@ -68,6 +69,17 @@
> >> osd0 = "/osd";
> >> };
> >>
> >> + reserved-memory {
> >> + #address-cells = <1>;
> >> + #size-cells = <1>;
> >> + ranges;
> >> +
> >> + event_log: tcg_event_log {
> >> + no-map;
> >> + reg = <(CFG_SYS_SDRAM_SIZE - 0x2000) 0x2000>;
> >> + };
> >> + };
> >> +
> >> binman: binman {
> >> };
> >>
> >> @@ -1422,6 +1434,7 @@
> >>
> >> tpm2 {
> >> compatible = "sandbox,tpm2";
> >> + memory-region = <_log>;
> >> };
> >>
> >> tpm {
> >> diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
> >> index d667cb9ae4..12c387a77e 100644
> >> --- a/configs/sandbox_defconfig
> >> +++ b/configs/sandbox_defconfig
> >> @@ -349,3 +349,4 @@ CONFIG_UNIT_TEST=y
> >> CONFIG_UT_TIME=y
> >> CONFIG_UT_DM=y
> >> CONFIG_ARM_FFA_TRANSPORT=y
> >> +CONFIG_MEASURED_BOOT=y
> >> diff --git a/include/test/suites.h b/include/test/suites.h
> >> index 1c7dc65966..48ed549c13 100644
> >> --- a/include/test/suites.h
> >> +++ b/include/test/suites.h
> >> @@ -45,6 +45,7 @@ int do_ut_font(struct cmd_tbl *cmdtp, int flag, int
> >> argc, char *const argv[]);
> >> int do_ut_lib(struct cmd_tbl *cmdtp, int flag, int argc, char *const
> >> argv[]);
> >> int do_ut_loadm(struct cmd_tbl *cmdtp, int flag, int argc, char *const
> >> argv[]);
> >> int do_ut_log(struct cmd_tbl *cmdtp, int flag, int argc, char * const
> >> argv[]);
> >> +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, char *
> >> const argv[]);
> >> int do_ut_mem(struct cmd_tbl *cmdtp, int flag, int argc, char *const
> >> argv[]);
> >> int do_ut_optee(struct cmd_tbl *cmdtp, int flag, int argc, char *const
> >> argv[]);
> >> int do_ut_overlay(struct cmd_tbl *cmdtp, int flag, int argc,
> >> diff --git a/test/boot/Makefile b/test/boot/Makefile
> >> index 52947580ae..068522cb9e 100644
> >> --- a/test/boot/Makefile
> >> +++ b/test/boot/Makefile
> >> @@ -4,6 +4,7 @@
> >>
> >> obj-$(CONFIG_BOOTSTD) += bootdev.o bootstd_common.o bootflow.o bootmeth.o
> >> obj-$(CONFIG_FIT) += image.o
> >> +obj-$(CONFIG_MEASURED_BOOT) += measurement.o
> >>
> >> obj-$(CONFIG_EXPO) += expo.o
> >> obj-$(CONFIG_CEDIT) += cedit.o
> >> diff --git a/test/boot/measurement.c
Re: [PATCH v12 5/8] test: Add sandbox TPM boot measurement
On 10/13/23 12:22, Ilias Apalodimas wrote:
Hi Eddie,
This doesn't apply on -master, can you please rebase?
Ugh I thought you wanted -next... I can rebase again.
Thanks
/Ilias
On Thu, 12 Oct 2023 at 16:49, Eddie James wrote:
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts/sandbox.dtsi | 13 +++
arch/sandbox/dts/test.dts | 13 +++
configs/sandbox_defconfig | 1 +
include/test/suites.h | 1 +
test/boot/Makefile| 1 +
test/boot/measurement.c | 66 +++
test/cmd_ut.c | 4 +++
7 files changed, 99 insertions(+)
create mode 100644 test/boot/measurement.c
diff --git a/arch/sandbox/dts/sandbox.dtsi b/arch/sandbox/dts/sandbox.dtsi
index ff7e5584c5..241f397ba6 100644
--- a/arch/sandbox/dts/sandbox.dtsi
+++ b/arch/sandbox/dts/sandbox.dtsi
@@ -4,11 +4,23 @@
* and sandbox64 builds.
*/
+#include
#include
#define USB_CLASS_HUB 9
/ {
+ reserved-memory {
+ #address-cells = <1>;
+ #size-cells = <1>;
+ ranges;
+
+ event_log: tcg_event_log {
+ no-map;
+ reg = <(CFG_SYS_SDRAM_SIZE - 0x2000) 0x2000>;
+ };
+ };
+
binman {
};
@@ -342,6 +354,7 @@
tpm2 {
compatible = "sandbox,tpm2";
+ memory-region = <_log>;
};
triangle {
diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts
index 9a863ea732..bb2ddd9bf2 100644
--- a/arch/sandbox/dts/test.dts
+++ b/arch/sandbox/dts/test.dts
@@ -9,6 +9,7 @@
/dts-v1/;
+#include
#include
#include
#include
@@ -68,6 +69,17 @@
osd0 = "/osd";
};
+ reserved-memory {
+ #address-cells = <1>;
+ #size-cells = <1>;
+ ranges;
+
+ event_log: tcg_event_log {
+ no-map;
+ reg = <(CFG_SYS_SDRAM_SIZE - 0x2000) 0x2000>;
+ };
+ };
+
binman: binman {
};
@@ -1422,6 +1434,7 @@
tpm2 {
compatible = "sandbox,tpm2";
+ memory-region = <_log>;
};
tpm {
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index d667cb9ae4..12c387a77e 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -349,3 +349,4 @@ CONFIG_UNIT_TEST=y
CONFIG_UT_TIME=y
CONFIG_UT_DM=y
CONFIG_ARM_FFA_TRANSPORT=y
+CONFIG_MEASURED_BOOT=y
diff --git a/include/test/suites.h b/include/test/suites.h
index 1c7dc65966..48ed549c13 100644
--- a/include/test/suites.h
+++ b/include/test/suites.h
@@ -45,6 +45,7 @@ int do_ut_font(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[]);
int do_ut_lib(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
int do_ut_loadm(struct cmd_tbl *cmdtp, int flag, int argc, char *const
argv[]);
int do_ut_log(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]);
+int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, char * const
argv[]);
int do_ut_mem(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
int do_ut_optee(struct cmd_tbl *cmdtp, int flag, int argc, char *const
argv[]);
int do_ut_overlay(struct cmd_tbl *cmdtp, int flag, int argc,
diff --git a/test/boot/Makefile b/test/boot/Makefile
index 52947580ae..068522cb9e 100644
--- a/test/boot/Makefile
+++ b/test/boot/Makefile
@@ -4,6 +4,7 @@
obj-$(CONFIG_BOOTSTD) += bootdev.o bootstd_common.o bootflow.o bootmeth.o
obj-$(CONFIG_FIT) += image.o
+obj-$(CONFIG_MEASURED_BOOT) += measurement.o
obj-$(CONFIG_EXPO) += expo.o
obj-$(CONFIG_CEDIT) += cedit.o
diff --git a/test/boot/measurement.c b/test/boot/measurement.c
new file mode 100644
index 00..9db2ed324c
--- /dev/null
+++ b/test/boot/measurement.c
@@ -0,0 +1,66 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Test for measured boot functions
+ *
+ * Copyright 2023 IBM Corp.
+ * Written by Eddie James
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#define MEASUREMENT_TEST(_name, _flags)\
+ UNIT_TEST(_name, _flags, measurement_test)
+
+static int measure(struct unit_test_state *uts)
+{
+ struct bootm_headers images;
+ const size_t size = 1024;
+ u8 *kernel;
+ u8 *initrd;
+ size_t i;
+
+ kernel = malloc(size);
+ initrd = malloc(size);
+
+ images.os.image_start = map_to_sysmem(kernel);
+ images.os.image_len = size;
+
+ images.rd_start = map_to_sysmem(initrd);
+ images.rd_end = images.rd_start + size;
+
+ images.ft_addr = malloc(size);
+ images.ft_len =
Re: [PATCH v12 5/8] test: Add sandbox TPM boot measurement
Hi Eddie,
This doesn't apply on -master, can you please rebase?
Thanks
/Ilias
On Thu, 12 Oct 2023 at 16:49, Eddie James wrote:
>
> Use the sandbox TPM driver to measure some boot images in a unit
> test case.
>
> Signed-off-by: Eddie James
> Reviewed-by: Simon Glass
> Acked-by: Ilias Apalodimas
> ---
> Changes since v5:
> - Only compile in the measurement u-boot command when
>CONFIG_MEASURED_BOOT is enabled.
>
> arch/sandbox/dts/sandbox.dtsi | 13 +++
> arch/sandbox/dts/test.dts | 13 +++
> configs/sandbox_defconfig | 1 +
> include/test/suites.h | 1 +
> test/boot/Makefile| 1 +
> test/boot/measurement.c | 66 +++
> test/cmd_ut.c | 4 +++
> 7 files changed, 99 insertions(+)
> create mode 100644 test/boot/measurement.c
>
> diff --git a/arch/sandbox/dts/sandbox.dtsi b/arch/sandbox/dts/sandbox.dtsi
> index ff7e5584c5..241f397ba6 100644
> --- a/arch/sandbox/dts/sandbox.dtsi
> +++ b/arch/sandbox/dts/sandbox.dtsi
> @@ -4,11 +4,23 @@
> * and sandbox64 builds.
> */
>
> +#include
> #include
>
> #define USB_CLASS_HUB 9
>
> / {
> + reserved-memory {
> + #address-cells = <1>;
> + #size-cells = <1>;
> + ranges;
> +
> + event_log: tcg_event_log {
> + no-map;
> + reg = <(CFG_SYS_SDRAM_SIZE - 0x2000) 0x2000>;
> + };
> + };
> +
> binman {
> };
>
> @@ -342,6 +354,7 @@
>
> tpm2 {
> compatible = "sandbox,tpm2";
> + memory-region = <_log>;
> };
>
> triangle {
> diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts
> index 9a863ea732..bb2ddd9bf2 100644
> --- a/arch/sandbox/dts/test.dts
> +++ b/arch/sandbox/dts/test.dts
> @@ -9,6 +9,7 @@
>
> /dts-v1/;
>
> +#include
> #include
> #include
> #include
> @@ -68,6 +69,17 @@
> osd0 = "/osd";
> };
>
> + reserved-memory {
> + #address-cells = <1>;
> + #size-cells = <1>;
> + ranges;
> +
> + event_log: tcg_event_log {
> + no-map;
> + reg = <(CFG_SYS_SDRAM_SIZE - 0x2000) 0x2000>;
> + };
> + };
> +
> binman: binman {
> };
>
> @@ -1422,6 +1434,7 @@
>
> tpm2 {
> compatible = "sandbox,tpm2";
> + memory-region = <_log>;
> };
>
> tpm {
> diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
> index d667cb9ae4..12c387a77e 100644
> --- a/configs/sandbox_defconfig
> +++ b/configs/sandbox_defconfig
> @@ -349,3 +349,4 @@ CONFIG_UNIT_TEST=y
> CONFIG_UT_TIME=y
> CONFIG_UT_DM=y
> CONFIG_ARM_FFA_TRANSPORT=y
> +CONFIG_MEASURED_BOOT=y
> diff --git a/include/test/suites.h b/include/test/suites.h
> index 1c7dc65966..48ed549c13 100644
> --- a/include/test/suites.h
> +++ b/include/test/suites.h
> @@ -45,6 +45,7 @@ int do_ut_font(struct cmd_tbl *cmdtp, int flag, int argc,
> char *const argv[]);
> int do_ut_lib(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
> int do_ut_loadm(struct cmd_tbl *cmdtp, int flag, int argc, char *const
> argv[]);
> int do_ut_log(struct cmd_tbl *cmdtp, int flag, int argc, char * const
> argv[]);
> +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, char *
> const argv[]);
> int do_ut_mem(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
> int do_ut_optee(struct cmd_tbl *cmdtp, int flag, int argc, char *const
> argv[]);
> int do_ut_overlay(struct cmd_tbl *cmdtp, int flag, int argc,
> diff --git a/test/boot/Makefile b/test/boot/Makefile
> index 52947580ae..068522cb9e 100644
> --- a/test/boot/Makefile
> +++ b/test/boot/Makefile
> @@ -4,6 +4,7 @@
>
> obj-$(CONFIG_BOOTSTD) += bootdev.o bootstd_common.o bootflow.o bootmeth.o
> obj-$(CONFIG_FIT) += image.o
> +obj-$(CONFIG_MEASURED_BOOT) += measurement.o
>
> obj-$(CONFIG_EXPO) += expo.o
> obj-$(CONFIG_CEDIT) += cedit.o
> diff --git a/test/boot/measurement.c b/test/boot/measurement.c
> new file mode 100644
> index 00..9db2ed324c
> --- /dev/null
> +++ b/test/boot/measurement.c
> @@ -0,0 +1,66 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Test for measured boot functions
> + *
> + * Copyright 2023 IBM Corp.
> + * Written by Eddie James
> + */
> +
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +
> +#define MEASUREMENT_TEST(_name, _flags)\
> + UNIT_TEST(_name, _flags, measurement_test)
> +
> +static int measure(struct unit_test_state *uts)
> +{
> + struct bootm_headers images;
> + const size_t size = 1024;
> + u8 *kernel;
> + u8 *initrd;
> + size_t i;
> +
> + kernel = malloc(size);
> + initrd = malloc(size);
> +
> + images.os.image_start = map_to_sysmem(kernel);
> +
[PATCH v12 5/8] test: Add sandbox TPM boot measurement
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts/sandbox.dtsi | 13 +++
arch/sandbox/dts/test.dts | 13 +++
configs/sandbox_defconfig | 1 +
include/test/suites.h | 1 +
test/boot/Makefile| 1 +
test/boot/measurement.c | 66 +++
test/cmd_ut.c | 4 +++
7 files changed, 99 insertions(+)
create mode 100644 test/boot/measurement.c
diff --git a/arch/sandbox/dts/sandbox.dtsi b/arch/sandbox/dts/sandbox.dtsi
index ff7e5584c5..241f397ba6 100644
--- a/arch/sandbox/dts/sandbox.dtsi
+++ b/arch/sandbox/dts/sandbox.dtsi
@@ -4,11 +4,23 @@
* and sandbox64 builds.
*/
+#include
#include
#define USB_CLASS_HUB 9
/ {
+ reserved-memory {
+ #address-cells = <1>;
+ #size-cells = <1>;
+ ranges;
+
+ event_log: tcg_event_log {
+ no-map;
+ reg = <(CFG_SYS_SDRAM_SIZE - 0x2000) 0x2000>;
+ };
+ };
+
binman {
};
@@ -342,6 +354,7 @@
tpm2 {
compatible = "sandbox,tpm2";
+ memory-region = <_log>;
};
triangle {
diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts
index 9a863ea732..bb2ddd9bf2 100644
--- a/arch/sandbox/dts/test.dts
+++ b/arch/sandbox/dts/test.dts
@@ -9,6 +9,7 @@
/dts-v1/;
+#include
#include
#include
#include
@@ -68,6 +69,17 @@
osd0 = "/osd";
};
+ reserved-memory {
+ #address-cells = <1>;
+ #size-cells = <1>;
+ ranges;
+
+ event_log: tcg_event_log {
+ no-map;
+ reg = <(CFG_SYS_SDRAM_SIZE - 0x2000) 0x2000>;
+ };
+ };
+
binman: binman {
};
@@ -1422,6 +1434,7 @@
tpm2 {
compatible = "sandbox,tpm2";
+ memory-region = <_log>;
};
tpm {
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index d667cb9ae4..12c387a77e 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -349,3 +349,4 @@ CONFIG_UNIT_TEST=y
CONFIG_UT_TIME=y
CONFIG_UT_DM=y
CONFIG_ARM_FFA_TRANSPORT=y
+CONFIG_MEASURED_BOOT=y
diff --git a/include/test/suites.h b/include/test/suites.h
index 1c7dc65966..48ed549c13 100644
--- a/include/test/suites.h
+++ b/include/test/suites.h
@@ -45,6 +45,7 @@ int do_ut_font(struct cmd_tbl *cmdtp, int flag, int argc,
char *const argv[]);
int do_ut_lib(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
int do_ut_loadm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
int do_ut_log(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]);
+int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, char * const
argv[]);
int do_ut_mem(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
int do_ut_optee(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]);
int do_ut_overlay(struct cmd_tbl *cmdtp, int flag, int argc,
diff --git a/test/boot/Makefile b/test/boot/Makefile
index 52947580ae..068522cb9e 100644
--- a/test/boot/Makefile
+++ b/test/boot/Makefile
@@ -4,6 +4,7 @@
obj-$(CONFIG_BOOTSTD) += bootdev.o bootstd_common.o bootflow.o bootmeth.o
obj-$(CONFIG_FIT) += image.o
+obj-$(CONFIG_MEASURED_BOOT) += measurement.o
obj-$(CONFIG_EXPO) += expo.o
obj-$(CONFIG_CEDIT) += cedit.o
diff --git a/test/boot/measurement.c b/test/boot/measurement.c
new file mode 100644
index 00..9db2ed324c
--- /dev/null
+++ b/test/boot/measurement.c
@@ -0,0 +1,66 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Test for measured boot functions
+ *
+ * Copyright 2023 IBM Corp.
+ * Written by Eddie James
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#define MEASUREMENT_TEST(_name, _flags)\
+ UNIT_TEST(_name, _flags, measurement_test)
+
+static int measure(struct unit_test_state *uts)
+{
+ struct bootm_headers images;
+ const size_t size = 1024;
+ u8 *kernel;
+ u8 *initrd;
+ size_t i;
+
+ kernel = malloc(size);
+ initrd = malloc(size);
+
+ images.os.image_start = map_to_sysmem(kernel);
+ images.os.image_len = size;
+
+ images.rd_start = map_to_sysmem(initrd);
+ images.rd_end = images.rd_start + size;
+
+ images.ft_addr = malloc(size);
+ images.ft_len = size;
+
+ env_set("bootargs", "measurement testing");
+
+ for (i = 0; i < size; ++i) {
+ kernel[i] = 0xf0 | (i & 0xf);
+ initrd[i] = (i & 0xf0) | 0xf;
+ images.ft_addr[i] = i & 0xff;
+ }
+
+
