Re: [PATCH v12 5/8] test: Add sandbox TPM boot measurement

Hi Eddie,

On Thu, 19 Oct 2023 at 16:29, Eddie James eajames@linux.ibm.com wrote:

On 10/13/23 12:22, Ilias Apalodimas wrote:

...

Hi Eddie,

This doesn't apply on -master, can you please rebase?

Ugh I thought you wanted -next... I can rebase again.

Yea by the time the patches were sent -next got merged into -master, so I tried master now to include them into the 2024.01 release. Apologies, if you don't mind please rebase

Thanks /Ilias

...

Thanks /Ilias

On Thu, 12 Oct 2023 at 16:49, Eddie James eajames@linux.ibm.com wrote:

...

Use the sandbox TPM driver to measure some boot images in a unit test case.

Signed-off-by: Eddie James eajames@linux.ibm.com Reviewed-by: Simon Glass sjg@chromium.org Acked-by: Ilias Apalodimas ilias.apalodimas@linaro.org

---

Changes since v5:

• Only compile in the measurement u-boot command when CONFIG_MEASURED_BOOT is enabled.

arch/sandbox/dts/sandbox.dtsi | 13 +++++++ arch/sandbox/dts/test.dts | 13 +++++++ configs/sandbox_defconfig | 1 + include/test/suites.h | 1 + test/boot/Makefile | 1 + test/boot/measurement.c | 66 +++++++++++++++++++++++++++++++++++ test/cmd_ut.c | 4 +++ 7 files changed, 99 insertions(+) create mode 100644 test/boot/measurement.c

diff --git a/arch/sandbox/dts/sandbox.dtsi b/arch/sandbox/dts/sandbox.dtsi index ff7e5584c5..241f397ba6 100644 --- a/arch/sandbox/dts/sandbox.dtsi +++ b/arch/sandbox/dts/sandbox.dtsi @@ -4,11 +4,23 @@

• and sandbox64 builds.

*/

+#include <config.h> #include <dt-bindings/input/input.h>

#define USB_CLASS_HUB 9

/ {

•   reserved-memory {
  

•           #address-cells = <1>;
  

•           #size-cells = <1>;
  

•           ranges;
  

•           event_log: tcg_event_log {
  

•                   no-map;
  

•                   reg = <(CFG_SYS_SDRAM_SIZE - 0x2000) 0x2000>;
  

•           };
  

•   };
  

•    binman {
     };
  
  

@@ -342,6 +354,7 @@

     tpm2 {
             compatible = "sandbox,tpm2";

•           memory-region = <&event_log>;
     };
  
     triangle {
  

diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts index 9a863ea732..bb2ddd9bf2 100644 --- a/arch/sandbox/dts/test.dts +++ b/arch/sandbox/dts/test.dts @@ -9,6 +9,7 @@

/dts-v1/;

+#include <config.h> #include <dt-bindings/gpio/gpio.h> #include <dt-bindings/gpio/sandbox-gpio.h> #include <dt-bindings/input/input.h> @@ -68,6 +69,17 @@ osd0 = "/osd"; };

•   reserved-memory {
  

•           #address-cells = <1>;
  

•           #size-cells = <1>;
  

•           ranges;
  

•           event_log: tcg_event_log {
  

•                   no-map;
  

•                   reg = <(CFG_SYS_SDRAM_SIZE - 0x2000) 0x2000>;
  

•           };
  

•   };
  

•    binman: binman {
     };
  
  

@@ -1422,6 +1434,7 @@

     tpm2 {
             compatible = "sandbox,tpm2";

•           memory-region = <&event_log>;
     };
  
     tpm {
  

diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index d667cb9ae4..12c387a77e 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -349,3 +349,4 @@ CONFIG_UNIT_TEST=y CONFIG_UT_TIME=y CONFIG_UT_DM=y CONFIG_ARM_FFA_TRANSPORT=y +CONFIG_MEASURED_BOOT=y diff --git a/include/test/suites.h b/include/test/suites.h index 1c7dc65966..48ed549c13 100644 --- a/include/test/suites.h +++ b/include/test/suites.h @@ -45,6 +45,7 @@ int do_ut_font(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_lib(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_loadm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_log(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]); +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]); int do_ut_mem(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_optee(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_overlay(struct cmd_tbl *cmdtp, int flag, int argc, diff --git a/test/boot/Makefile b/test/boot/Makefile index 52947580ae..068522cb9e 100644 --- a/test/boot/Makefile +++ b/test/boot/Makefile @@ -4,6 +4,7 @@

obj-$(CONFIG_BOOTSTD) += bootdev.o bootstd_common.o bootflow.o bootmeth.o obj-$(CONFIG_FIT) += image.o +obj-$(CONFIG_MEASURED_BOOT) += measurement.o

obj-$(CONFIG_EXPO) += expo.o obj-$(CONFIG_CEDIT) += cedit.o diff --git a/test/boot/measurement.c b/test/boot/measurement.c new file mode 100644 index 0000000000..9db2ed324c --- /dev/null +++ b/test/boot/measurement.c @@ -0,0 +1,66 @@ +// SPDX-License-Identifier: GPL-2.0+ +/*

• • Test for measured boot functions
• • Copyright 2023 IBM Corp.
• • Written by Eddie James eajames@linux.ibm.com
• */

+#include <common.h> +#include <bootm.h> +#include <malloc.h> +#include <test/suites.h> +#include <test/test.h> +#include <test/ut.h> +#include <asm/io.h>

+#define MEASUREMENT_TEST(_name, _flags) \

•   UNIT_TEST(_name, _flags, measurement_test)
  

+static int measure(struct unit_test_state *uts) +{

•   struct bootm_headers images;
  

•   const size_t size = 1024;
  

•   u8 *kernel;
  

•   u8 *initrd;
  

•   size_t i;
  

•   kernel = malloc(size);
  

•   initrd = malloc(size);
  

•   images.os.image_start = map_to_sysmem(kernel);
  

•   images.os.image_len = size;
  

•   images.rd_start = map_to_sysmem(initrd);
  

•   images.rd_end = images.rd_start + size;
  

•   images.ft_addr = malloc(size);
  

•   images.ft_len = size;
  

•   env_set("bootargs", "measurement testing");
  

•   for (i = 0; i < size; ++i) {
  

•           kernel[i] = 0xf0 | (i & 0xf);
  

•           initrd[i] = (i & 0xf0) | 0xf;
  

•           images.ft_addr[i] = i & 0xff;
  

•   }
  

•   ut_assertok(bootm_measure(&images));
  

•   free(images.ft_addr);
  

•   free(initrd);
  

•   free(kernel);
  

•   return 0;
  

+} +MEASUREMENT_TEST(measure, 0);

+int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc,

•                 char *const argv[])
  

+{

•   struct unit_test *tests = UNIT_TEST_SUITE_START(measurement_test);
  

•   const int n_ents = UNIT_TEST_SUITE_COUNT(measurement_test);
  

•   return cmd_ut_category("measurement", "measurement_test_", tests,
  

•                          n_ents, argc, argv);
  

+} diff --git a/test/cmd_ut.c b/test/cmd_ut.c index 0f56409e80..e87adcb71e 100644 --- a/test/cmd_ut.c +++ b/test/cmd_ut.c @@ -99,6 +99,10 @@ static struct cmd_tbl cmd_ut_sub[] = { #if CONFIG_IS_ENABLED(UT_UNICODE) && !defined(API_BUILD) U_BOOT_CMD_MKENT(unicode, CONFIG_SYS_MAXARGS, 1, do_ut_unicode, "", ""), #endif +#ifdef CONFIG_MEASURED_BOOT

•   U_BOOT_CMD_MKENT(measurement, CONFIG_SYS_MAXARGS, 1, do_ut_measurement,
  

•                    "", ""),
  

+#endif #ifdef CONFIG_SANDBOX U_BOOT_CMD_MKENT(compression, CONFIG_SYS_MAXARGS, 1, do_ut_compression, "", ""), -- 2.39.3