Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v6:
- Added comment for bootm_measure
- Fixed line length in bootm_measure
boot
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot measurements
bootm
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
On 3/2/23 14:22, Ilias Apalodimas wrote:
Hi Eddie,
I found the issue. I still think we could squeeze things even more in our
abstraction. Specifically the measure_event() tcg2_agile_log_append()
contain some efi specific bits and I am trying to figure out if we can make
those more generic.
On 2/21/23 23:36, Joel Stanley wrote:
On Thu, 2 Feb 2023 at 17:08, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been moved to
the TPM layer. The series includes optional measurement from
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
---
boot/Kconfig| 23
boot/bootm.c| 70 +
cmd/booti.c
.
- Skip measurement for EFI images that should be measured
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts/sandbox.dtsi | 13 +++
arch
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
diff --git a/doc/usage
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT
is enabled
arch/sandbox/dts
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
On 2/22/23 14:26, Heinrich Schuchardt wrote:
Am 22. Februar 2023 19:02:42 MEZ schrieb Eddie James :
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v6:
- Added comment for bootm_measure
- Fixed line length in bootm_measure
boot
for EFI images that should be measured
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
to test this, have you?
Thanks,
Eddie
Cheers
/Ilias
On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote:
This series adds support for measuring the boot images more generically
than the existing EFI support. Several EFI functions have been moved to
the TPM layer. The series includes
On 2/23/23 03:47, Ilias Apalodimas wrote:
On Thu, 23 Feb 2023 at 11:30, Ilias Apalodimas
wrote:
On Thu, 23 Feb 2023 at 11:02, Ilias Apalodimas
wrote:
Hi Eddie,
final_event->number_of_events++;
@@ -350,66 +142,6 @@ static efi_status_t tcg2_agile_log_append(u32 pcr_index,
u32
believed I had fixed at least
some of the failures with patch 2 to update the sandbox driver. I also
haven't figured out how to run the ci suite locally
Thanks,
Eddie
Thanks
/Ilias
On Wed, 8 Mar 2023 at 23:25, Eddie James wrote:
Add TPM2 functions to support boot measurement
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
---
Changes since v4:
- Use bullets for the requirements list
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v4:
- Drop u8 casting in measurement test
Changes since v2:
- Changed reserved memory address to the top of the RAM for sandbox dts.
arch
On 1/26/23 01:51, Ilias Apalodimas wrote:
Hi Eddie,
Thanks for the cleanup! Unfortunately this doesn't compile with EFI
selected, but in general it looks pretty good.
Thanks, yes I forgot to remove tcg2_pcr_read
On Wed, Jan 25, 2023 at 11:18:06AM -0600, Eddie James wrote:
Add TPM2
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
---
Changes since v4:
- Change PCR indexes for initrd and dtb
Changes since v2:
- Add measure state to booti and bootz.
- Skip
that should be measured
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
drivers/tpm/tpm2_tis_sandbox.c | 100
On 2/2/23 11:12, Simon Glass wrote:
Hi Eddie / Ilias,
On Thu, 2 Feb 2023 at 09:24, Eddie James wrote:
On 1/26/23 01:51, Ilias Apalodimas wrote:
Hi Eddie,
Thanks for the cleanup! Unfortunately this doesn't compile with EFI
selected, but in general it looks pretty good.
Thanks, yes I
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 1c644f0048..84034c1559 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
From: Ilias Apalodimas
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index 5f0f4b5dd2..829bae7436 100644
--- a/lib/efi_loader/efi_tcg2.c
+++
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
On 8/7/23 09:52, Ilias Apalodimas wrote:
Hi,
On Mon, 7 Aug 2023 at 17:43, Eddie James wrote:
On 8/4/23 13:10, Sean Edmond wrote:
On 2023-03-08 1:25 p.m., Eddie James wrote:
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false
From: Ilias Apalodimas
Signed-off-by: Ilias Apalodimas
---
lib/tpm-v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index d22e21985b..bd0fb078dc 100644
--- a/lib/tpm-v2.c
+++ b/lib/tpm-v2.c
@@ -671,7 +671,7 @@ __weak int
On 8/4/23 13:10, Sean Edmond wrote:
On 2023-03-08 1:25 p.m., Eddie James wrote:
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
tpm: sandbox: Update for needed TPM2 capabilities
tpm: Support boot measurements
bootm: Support boot measurement
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
From: Ilias Apalodimas
commit ("")
replaced the forced and sandbox tpm2 initialization running 'tpm2
autostart' instead of the startup tpm sequence. The difference is that
the new function handles the internal tpm_init state internally and
doesn't return an error when trying to
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
On 8/7/23 10:56, Ilias Apalodimas wrote:
Hi Eddie,
On Mon, 7 Aug 2023 at 18:17, Eddie James wrote:
From: Ilias Apalodimas
We need a commit message for that. Something along the lines of
efi_tcg2_get_active_pcr_banks() doesnt immediately call the
EFI_ENTRY() wrappers once it enters
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James
---
Changes since
The driver needs to support getting the PCRs in the capabilities
command. Fix various other things and support the max number
of PCRs for TPM2.
Remove the !SANDBOX dependency for EFI TCG2 as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since
Use the sandbox TPM driver to measure some boot images in a unit
test case.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
Acked-by: Ilias Apalodimas
---
Changes since v5:
- Only compile in the measurement u-boot command when
CONFIG_MEASURED_BOOT is enabled.
arch/sandbox/dts
From: Ilias Apalodimas
We currently use PCR 0 for testing the PCR read/extend functionality in
our selftests. How ever those PCRs are defined by the TCG spec for
platform use. For example if the tests run *after* the efi subsystem
initialization, which extends PCRs 0 & 7 it will give a false
tmpu -> tpmu
Signed-off-by: Eddie James
Reviewed-by: Ilias Apalodimas
---
include/tpm-v2.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/tpm-v2.h b/include/tpm-v2.h
index 2b6980e441..6684033deb 100644
--- a/include/tpm-v2.h
+++ b/include/tpm-v2.h
@@ -16
be measured
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and
remove duplicate EFI functions.
- Add test case
- Drop #ifdefs for bootm
- Add devicetree measurement config option
- Update sandbox TPM driver
Eddie James (6):
tpm: Fix spelling for tpmu_ha union
From: Ilias Apalodimas
efi_tcg2_get_active_pcr_banks doesn't immediately call the
EFI_ENTRY() wrapper once it enters the function. Move the call a
few lines above to cover the error cases properly as well.
Signed-off-by: Ilias Apalodimas
---
lib/efi_loader/efi_tcg2.c | 4 ++--
1 file changed,
Briefly describe the feature and specify the requirements.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
doc/usage/index.rst | 1 +
doc/usage/measured_boot.rst | 23 +++
2 files changed, 24 insertions(+)
create mode 100644 doc/usage/measured_boot.rst
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.
Signed-off-by: Eddie James
Reviewed-by: Simon Glass
---
Changes since v8:
- Added a configuration option to select to ignore any existing
event log
On 8/7/23 10:50, Ilias Apalodimas wrote:
Hi Eddie,
On Mon, 7 Aug 2023 at 18:18, Eddie James wrote:
From: Ilias Apalodimas
Signed-off-by: Ilias Apalodimas
---
lib/tpm-v2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c
index d22e21985b
On 8/9/23 05:43, Ilias Apalodimas wrote:
On Wed, 9 Aug 2023 at 13:42, Heinrich Schuchardt wrote:
On 8/9/23 10:34, Ilias Apalodimas wrote:
Hi Eddie
On Mon, Aug 07, 2023 at 02:25:37PM -0500, Eddie James wrote:
Add TPM2 functions to support boot measurement. This includes
starting up
On 8/10/23 02:44, Ilias Apalodimas wrote:
On Wed, Aug 09, 2023 at 09:01:40AM -0500, Eddie James wrote:
On 8/9/23 05:43, Ilias Apalodimas wrote:
On Wed, 9 Aug 2023 at 13:42, Heinrich Schuchardt wrote:
On 8/9/23 10:34, Ilias Apalodimas wrote:
Hi Eddie
On Mon, Aug 07, 2023 at 02:25:37PM
On 3/26/24 11:15, Tim Harvey wrote:
On Tue, Mar 26, 2024 at 2:24 AM Ilias Apalodimas
wrote:
Hi Tim,
On Tue, 26 Mar 2024 at 03:15, Tim Harvey wrote:
Greetings,
I'm unable to understand why tcg2_platform_get_log is failing to read
a memory region.
For example the following diffs:
I am
On 3/26/24 11:15, Tim Harvey wrote:
On Tue, Mar 26, 2024 at 2:24 AM Ilias Apalodimas
wrote:
Hi Tim,
On Tue, 26 Mar 2024 at 03:15, Tim Harvey wrote:
Greetings,
I'm unable to understand why tcg2_platform_get_log is failing to read
a memory region.
For example the following diffs:
I am
in there. There's
no mention of ACPI in 3.3.4.2 PCR[1] – Host Platform Configuration.
However, in Figure 6 -- PCR Mapping of UEFI Components ACPI is shown
in PCR1. The general description also mentions PCR0 is for code and PCR1
is for data such as ACPI and SMBIOS.
Thanks, looks correct.
Reviewed-by: Eddie
101 - 163 of 163 matches
Mail list logo
