Hi Eddie, On Tue, Feb 21, 2023 at 04:38:58PM -0600, Eddie James wrote: > > On 2/6/23 06:20, Ilias Apalodimas wrote: > > Thanks Eddie, > > > > I quickly tested this but the EFI subsystem fails to initialize the TCG > > protocol properly now. Unfortunately I am on a business trip and I won't > > be able to take a look into why till next week > > > Hi Ilias, > > > I haven't had the opportunity to test this, have you? > > > Thanks, > > Eddie > > > > > > Cheers > > /Ilias > >
Still going through the code so bear with me. It seems that the EFI failure is coming from tcg2_platform_get_log() specifically if none of linux,sml-base nor tpm_event_log_addr if present in the dtb. One thing we should change here is look for tpm_event_log_addr first. The reason is that this is a very 'special' case in which TF-A fills in an eventlog for us, while linux,sml-base is more generic so I'd rather explicitly prefer TF-A id it prepared an eventlog for us. On the failure now, if none of the nodes is present we are looking for 'memory-region' within the TPM node? Looking at the DT specs the tpm should only support "compatible, label, linux,sml-base/size' am I missing something? I also had to apply [0] for this to compile. You can 'easily' test the EFI changes by doing a 'printenv -e'. This will at least initialize the efi subsystem and install the needed EFI tables (you need CMD_NVEDIT_EFI=y) [0] https://source.denx.de/u-boot/custodians/u-boot-tpm/-/commit/d473596cd6900117485014476c70c49f202bd8da Hope this helps a bit. Let me know if I can help in any other way. Don't bother *testing* the eventlog for EFI on a full linux boot. I'll run that on v6 /Ilias > > On Thu, Feb 02, 2023 at 11:05:25AM -0600, Eddie James wrote: > > > This series adds support for measuring the boot images more generically > > > than the existing EFI support. Several EFI functions have been moved to > > > the TPM layer. The series includes optional measurement from the bootm > > > command. > > > A new test case has been added for the bootm measurement to test the new > > > path, and the sandbox TPM2 driver has been updated to support this use > > > case. > > > This series is based on Ilias' auto-startup series: > > > https://lore.kernel.org/u-boot/20230126081844.591148-1-ilias.apalodi...@linaro.org/ > > > > > > Changes since v4: > > > - Remove tcg2_measure_event function and check for NULL data in > > > tcg2_measure_data > > > - Use tpm_auto_startup > > > - Fix efi_tcg2.c compilation for removing tcg2_pcr_read function > > > - Change PCR indexes for initrd and dtb > > > - Drop u8 casting in measurement test > > > - Use bullets in documentation > > > > > > Changes since v3: > > > - Reordered headers > > > - Refactored more of EFI code into common code > > > Removed digest_info structure and instead used the common alg_to_mask > > > and alg_to_len > > > Improved event log parsing in common code to get it equivalent to EFI > > > Common code now extends PCR if previous bootloader stage couldn't > > > No need to allocate memory in the common code, so EFI copies the > > > discovered buffer like it did before > > > Rename efi measure_event function > > > > > > Changes since v2: > > > - Add documentation. > > > - Changed reserved memory address to the top of the RAM for sandbox dts. > > > - Add measure state to booti and bootz. > > > - Skip measurement for EFI images that should be measured > > > > > > Changes since v1: > > > - Refactor TPM layer functions to allow EFI system to use them, and > > > remove duplicate EFI functions. > > > - Add test case > > > - Drop #ifdefs for bootm > > > - Add devicetree measurement config option > > > - Update sandbox TPM driver > > > > > > Eddie James (6): > > > tpm: Fix spelling for tpmu_ha union > > > tpm: Support boot measurements > > > bootm: Support boot measurement > > > tpm: sandbox: Update for needed TPM2 capabilities > > > test: Add sandbox TPM boot measurement > > > doc: Add measured boot documentation > > > > > > arch/sandbox/dts/sandbox.dtsi | 14 + > > > arch/sandbox/dts/test.dts | 13 + > > > boot/Kconfig | 23 + > > > boot/bootm.c | 70 +++ > > > cmd/booti.c | 1 + > > > cmd/bootm.c | 2 + > > > cmd/bootz.c | 1 + > > > configs/sandbox_defconfig | 1 + > > > doc/usage/index.rst | 1 + > > > doc/usage/measured_boot.rst | 23 + > > > drivers/tpm/tpm2_tis_sandbox.c | 100 +++- > > > include/bootm.h | 2 + > > > include/efi_tcg2.h | 44 -- > > > include/image.h | 1 + > > > include/test/suites.h | 1 + > > > include/tpm-v2.h | 246 +++++++- > > > lib/efi_loader/efi_tcg2.c | 1010 +++----------------------------- > > > lib/tpm-v2.c | 771 ++++++++++++++++++++++++ > > > test/boot/Makefile | 1 + > > > test/boot/measurement.c | 66 +++ > > > test/cmd_ut.c | 2 + > > > 21 files changed, 1383 insertions(+), 1010 deletions(-) > > > create mode 100644 doc/usage/measured_boot.rst > > > create mode 100644 test/boot/measurement.c > > > > > > -- > > > 2.31.1 > > >