Hi all, A while back some TPM measured boot code was moved out of EFI in order to support !EFI boot methods, e.g bootm, booti etc.
Back then we decided to move the code in the TPM subsystem directly. In hindsight, we should have created a different library file that hosts all the TCG specific bits, but better late than never! Since the algorithms that the TPM supports are only known at runtime, we unconditionally enabled all hashing algorithms. Simon reported some breakage lately due to size limitations and he wanted to remove some of the supported algorithms from those configs. But that's not always safe depending on what the user expects the TPM to do. If MEASURED_BOOT or EFI_TCG2_PROTOCOL is enabled our Kconfig will enable all supported hashing algorithms. Nothing changes there. This is an attempt to allow users to add a TPM and not enable measured boot via EFI or bootm and at the same time, control the compiled algorithms for size reasons, without shooting themselves in the foot. Functionality has been added that checks the TPM active PCRs banks against the one U-Boot was compiled with. If all the active PCRs banks are not enabled refuse to extend a PCR but otherwise leave the TPM functional. patches #1, #2 have been reposted and are fixes from the code moving patches #3, #5 get rid of duplicat header entries patch #4 moves the TCG code out of the TPM in its own file patch #6 refactors a function so we can use it in both TCG & TPM now and finally patch #7 adds the desired functionality The u-boot CI seems happy, my internal CI that tests EFI measured boot in various scenarios is happy and the EFI eventlog hasn't changed at all pre/post patches. I haven't manged to test bootm etc, but that code hasn't changed at all and the CI tests are passing. Eddie any chance you can test it? Ilias Apalodimas (7): tpm: fix the return code, if the eventlog buffer is full efi_loader: fix the return values on efi_tcg efi_loader: remove duplicate TCG algo definitions tpm: Move TCG into a separate library efi_loader: remove unneeded header files tpm: Untangle tpm2_get_pcr_info() tpm: allow the user to select the compiled algorithms boot/Kconfig | 4 + boot/bootm.c | 1 + include/efi_tcg2.h | 9 +- include/tpm-v2.h | 541 +++++++-------------------- include/tpm_tcg2.h | 349 +++++++++++++++++ lib/Kconfig | 6 +- lib/Makefile | 2 + lib/efi_loader/efi_tcg2.c | 124 +++--- lib/tpm-v2.c | 767 +++----------------------------------- lib/tpm_tcg2.c | 732 ++++++++++++++++++++++++++++++++++++ 10 files changed, 1335 insertions(+), 1200 deletions(-) create mode 100644 include/tpm_tcg2.h create mode 100644 lib/tpm_tcg2.c -- 2.45.2
