Hi Simon, On Wed, Nov 04, 2020 at 11:08:42AM -0700, Simon Glass wrote: > Hi Ilias, > > On Wed, 4 Nov 2020 at 06:48, Ilias Apalodimas > <ilias.apalodi...@linaro.org> wrote: > > > > Since U-boot EFI implementation is getting richer it makes sense to > > add support for EFI_TCG2_PROTOCOL taking advantage of any hardware TPM > > available on the device. > > > > This is the initial implementation of the protocol which only adds > > support for GetCapability(). It's limited in the newer and safer > > TPMv2 devices. > > > > Signed-off-by: Ilias Apalodimas <ilias.apalodi...@linaro.org> > > --- > > The protocol requires mode that GetCapability to be usable. > > I intend to add support for GetEventLog() and HashLogExtendEvent() once > > this gets reviewed/merged > > include/efi_loader.h | 2 + > > include/efi_tcg2.h | 91 ++++++++ > > include/tpm-v2.h | 48 ++++ > > lib/efi_loader/Kconfig | 8 + > > lib/efi_loader/Makefile | 1 + > > lib/efi_loader/efi_setup.c | 7 + > > lib/efi_loader/efi_tcg2.c | 460 +++++++++++++++++++++++++++++++++++++ > > 7 files changed, 617 insertions(+) > > create mode 100644 include/efi_tcg2.h > > create mode 100644 lib/efi_loader/efi_tcg2.c > > How can we add tests for this? We have a basic TPM emulator available > so perhaps it could be used to create a sandbox test?
I assume you refer to drivers/tpm/tpm2_tis_sandbox.c right? I did check this before posting but it only supports TPM_CAP_TPM_PROPERTIES(0x6). The GetCapability() also uses TPM_CAP_PCRS(0x5). I don't really know if it's worth extending that, since the patches that will follow implementing GetEventLog() and HashLogExtendEvent() are a lot more demanding on the TPM. Maybe look into some software TPM? On my side I tested this on an armv8 with fTPM and and EFI application [1] [1] https://github.com/apalos/efi-tpm2-utils Regards /Ilias > > Regards, > Simon