Hi Eddie,
On Mon, 7 Aug 2023 at 09:17, Eddie James eajames@linux.ibm.com wrote:
Add TPM2 functions to support boot measurement. This includes starting up the TPM, initializing/appending the event log, and measuring the U-Boot version. Much of the code was used in the EFI subsystem, so remove it there and use the common functions.
Signed-off-by: Eddie James eajames@linux.ibm.com
Changes since v8:
- Fix log parsing again - any data corruption seen while replaying the event log was failing the entire measurement.
- Added an option to ignore the existing log. This should only be used for systems that know that U-Boot is the first stage bootloader. This is necessary because the reserved memory region may persist through resets and so U-Boot attempts to append to the previous boot's log.
Changes since v7:
- Change name of tcg2_init_log and add more documentation
- Add a check, when parsing the event log header, to ensure that the previous stage bootloader used all the active PCRs.
- Change name of tcg2_log_find_end
- Fix the greater than or equal to check to exit the log parsing
- Make sure log_position is 0 if there is any error discovering the log
- Return errors parsing the log if the data is corrupt so that we don't end up with half a log
Changes since v6:
- Added Linaro copyright for all the EFI moved code
- Changed tcg2_init_log (and by extension, tcg2_measurement_init) to copy any discovered event log to the user's log if passed in.
Changes since v5:
- Remove unused platform_get_eventlog in efi_tcg2.c
- First look for tpm_event_log_* properties instead of linux,sml-*
- Fix efi_tcg2.c compilation
- Select SHA* configs
Changes since v4:
- Remove tcg2_measure_event function and check for NULL data in tcg2_measure_data
- Use tpm_auto_startup
- Fix efi_tcg2.c compilation for removing tcg2_pcr_read function
Changes since v3:
- Reordered headers
- Refactored more of EFI code into common code Removed digest_info structure and instead used the common alg_to_mask and alg_to_len Improved event log parsing in common code to get it equivalent to EFI Common code now extends PCR if previous bootloader stage couldn't No need to allocate memory in the common code, so EFI copies the discovered buffer like it did before Rename efi measure_event function
Changes since v1:
- Refactor TPM layer functions to allow EFI system to use them, and remove duplicate EFI functions
include/efi_tcg2.h | 44 -- include/tpm-v2.h | 259 +++++++++ lib/Kconfig | 4 + lib/efi_loader/efi_tcg2.c | 1054 +++---------------------------------- lib/tpm-v2.c | 814 ++++++++++++++++++++++++++++ 5 files changed, 1154 insertions(+), 1021 deletions(-)
This is adding a lot more code to the TPM implementation and I see you have added more tests. But do we have enough unit testing in test/dm/tpm.c for these new functions?
Regards, Simon