mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-14 00:47:26 +00:00
d5d9770f58
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEgWII69YpahbL5iK5gS8AYozs+qIFAmU7j50ACgkQgS8AYozs +qIh8w/+O4UjT0sG1NLwmyV7U1Ypk+EyYaE6wmSWzpsJLfH/YvtObBJOYRuXxRVh J9lkgCsw8Ct1ZNCrp8iVO+Dz1DtV8+QvTecrUHZqcOhTYDaqxXnlvEH2/EUhgo5T 9a/ZaDtOP1mKz754C4G6G363+iRCvbcqDECeKg9VYxfWCo1cINOmqyQCqlGxFT+h PKiB5VzUpN/K/yiie+Hr42/+6XaykAUjUvEWeyKOsRmYY4lNiK22vG/puE42bFTh catXwTE2a7x+yzPKkdhR0UGvDUlIKET2kF6mi+pYN2h/cSUxWTzbP/OxcU9yJOnm qJiRZ+Woez1I7ul6ln4ci2kiWc3CTYFXfctwrBJPuJ/EO+2EEb3oHqG2S3Fc9VBZ N17flHW7XZHEQbNexlUhk9cRpCwRuSA5OJXwW+IZIuydgNeo3xF0iYvipbjkEGgW BBkt8PH+ivTLjEz6Gcmquvo1fHGJLHRIPg7DNb0phGHviuC0zlDJ7N5DZk0CpkiT 36siV9xK4X6qvWkOTa6Ldw60e4tN9nv3VG30uXtPHi3XdOkKfNkyIuqO/5BkkQPt 6yEc9IYXYoWNKDVUGme5+xszZp1sSvqltajG9VVNupt958dFyOSgS5aNa6B4UsWX 3XfndP1/s2bezUHoQx5zjraapKVrqBFLkGeTlCDUD+mEgP440G8= =gvDs -----END PGP SIGNATURE----- Merge tag 'tpm-next-27102023' of https://source.denx.de/u-boot/custodians/u-boot-tpm bootX measurements and measurement API moved to u-boot core: Up to now, U-Boot could perform measurements and EventLog creation as described by the TCG spec when booting via EFI. The EFI code was residing in lib/efi_loader/efi_tcg2.c and contained both EFI specific code + the API needed to access the TPM, extend PCRs and create an EventLog. The non-EFI part proved modular enough and moving it around to the TPM subsystem was straightforward. With that in place we can have a common API for measuring binaries regardless of the boot command, EFI or boot(m|i|z), and contructing an EventLog. I've tested all of the EFI cases -- booting with an empty EventLog and booting with a previous stage loader providing one and found no regressions. Eddie tested the bootX part. Eddie also fixed the sandbox TPM which couldn't be used for the EFI code and it now supports all the required capabilities. This had a slight sideeffect in our testing since the EFI subsystem initializes the TPM early and 'tpm2 init' failed during some python tests. That code only opens the device though, so we can replace it with 'tpm2 autostart' which doesn't error out and still allows you to perfom the rest of the tests but doesn't report an error if the device is already opened. There's a few minor issues with this PR as well but since testing and verifying the changes takes a considerable amount of time, I prefer merging it now. Heinrich has already sent a PR for -master containing "efi_loader: fix EFI_ENTRY point on get_active_pcr_banks" and I am not sure if that will cause any conflicts, but in any case they should be trivial to resolve. Both the EFI and non-EFI code have a Kconfig for measuring the loaded Device Tree. The reason this is optional is that we can't reason when/if devices add random info like kaslr-seed, mac addresses etc in the DT. In that case measurements are random, board specific and eventually useless. The reason it was difficult to fix it prior to this patchset is because the EFI subsystem and thus measurements was brought up late and DT fixups might have already been applied. With this patchset we can measure the DT really early in the future. Heinrich also pointed out that the two Kconfigs for the DTB measurements can be squashed in a single one and that the documentation only explains the non-EFI case. I agree on both but as I said this is a sane working version, so let's pull this first it's aleady big enough and painful to test. |
||
|---|---|---|
| .. | ||
| android_ab.c | ||
| boot_fit.c | ||
| bootdev-uclass.c | ||
| bootflow.c | ||
| bootflow_internal.h | ||
| bootflow_menu.c | ||
| bootm.c | ||
| bootm_os.c | ||
| bootmeth-uclass.c | ||
| bootmeth_cros.c | ||
| bootmeth_cros.h | ||
| bootmeth_efi.c | ||
| bootmeth_efi_mgr.c | ||
| bootmeth_extlinux.c | ||
| bootmeth_pxe.c | ||
| bootmeth_qfw.c | ||
| bootmeth_sandbox.c | ||
| bootmeth_script.c | ||
| bootretry.c | ||
| bootstd-uclass.c | ||
| cedit.c | ||
| common_fit.c | ||
| expo.c | ||
| expo_build.c | ||
| fdt_region.c | ||
| fdt_simplefb.c | ||
| fdt_support.c | ||
| image-android-dt.c | ||
| image-android.c | ||
| image-board.c | ||
| image-cipher.c | ||
| image-fdt.c | ||
| image-fit-sig.c | ||
| image-fit.c | ||
| image-host.c | ||
| image-pre-load.c | ||
| image-sig.c | ||
| image.c | ||
| Kconfig | ||
| Makefile | ||
| pxe_utils.c | ||
| scene.c | ||
| scene_internal.h | ||
| scene_menu.c | ||
| scene_textline.c | ||
| vbe.c | ||
| vbe_request.c | ||
| vbe_simple.c | ||
| vbe_simple.h | ||
| vbe_simple_fw.c | ||
| vbe_simple_os.c | ||