From patchwork Wed Jul 7 13:36:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 470802 Delivered-To: patch@linaro.org Received: by 2002:a02:c94a:0:0:0:0:0 with SMTP id u10csp6005658jao; Wed, 7 Jul 2021 06:36:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzK+hJSA8rRTv+pK5cW4eM76c4HrDrxTheZkDOMKpk/eJLfEQGRnYInY+l01dCJCzLgEmC4 X-Received: by 2002:a17:906:e099:: with SMTP id gh25mr6577425ejb.346.1625664997925; Wed, 07 Jul 2021 06:36:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625664997; cv=none; d=google.com; s=arc-20160816; b=bo5TWPuCWf8fxzPB5fyMfXyCwZ5Jo7nXY64P92wufKvD8s+GcBYVcU7CGWzXBTuczI K0Oe22UN2pxYSc/iVXz+wjFuK2j5nm3mDoeBi2iMYwl9aLV7r/lnjNtPTTwdgFKC1Ex+ YY9rwVgpkIA/h1grmiiLP4iSm4UVB8do+B1qjXwuBInEHA59Y0Z2B6NfjBxOsKtUzxRM 6bVMhx+gzU/Qoa96jz6Xj7Jqzr+fUNOdQpp/RaJRHXPNyw3cxtV8ySKhDVUaSsKEGkKJ H3I9bzBaN2vU2Md4LJW3I6g3Ln/Hj/uOoZDhynX3UJBE6RYGVhYFFJVv8DXgA5dqd/5r ifkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:message-id:date:subject:to:from :dkim-signature; bh=HIV7E0CRvDDSx2zgDkfnGOn0fmK9gnGe6E3Yb6cHYZY=; b=HnrMc56+dhphL99cCKdAuphMTMhIn7398xg2gDgskkGlW1TRLQEOdo3eXkM8offJ0F mJKOqjUKQwUQjkScT/HjfOorGpp8QalVIZviOdc+ZDTZXwMQItehVRiRtpomTex8vPXH 6YjYqxtCX385GXHQwGaIXRUBry05qzXhOd0nl0k6bS0/tSkE53UE3TaUVj3iZTMkDZPB cOe/HEFBFVvPmnmqRQIYtzyvVQYubYrLjc4VWnJfPK437G09bbMQL8kPVc0fW7Mij0Pv u1e8KQnR8Lmg3vMy51bnk5eahtfP2Pl8+amZVLYTvIX9NTR77EfU6wCEmYQQmAgKrUjv HqYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=crbxYYve; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id z16si22719097edm.47.2021.07.07.06.36.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jul 2021 06:36:37 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=crbxYYve; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8CC3582C35; Wed, 7 Jul 2021 15:36:35 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="crbxYYve"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E93D682E05; Wed, 7 Jul 2021 15:36:33 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A7DE982B30 for ; Wed, 7 Jul 2021 15:36:30 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x1034.google.com with SMTP id fs7so1566532pjb.2 for ; Wed, 07 Jul 2021 06:36:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id; bh=HIV7E0CRvDDSx2zgDkfnGOn0fmK9gnGe6E3Yb6cHYZY=; b=crbxYYveiGYz7mhdbb7MzyAnxPHp0azsB/Yhia6iHry7wZ6BEyk+0nf07WF1L1XC/e JGWbfp6/UG43dKRRbTjkhxJn0TE3hLUea9fiC1RO+8x3Yzh2fN2+pqmAxpV+WeQeGxqW RM8wAucEslF7JdbH/FIWMRpEoBxclaw8LVIAmLnp4LIzhkRlO8d+5WMBCsKMK4z0eU60 MKge6v1G9fDe+NeRQLaHW2FMygmzqJCfu7fHAbDGoHSdZawk1sRn8zBzYivzm/rONS92 w4DTv4feGr5Lky1y7Uh2s49pu3Kz01NkUz9PG6uXpltzIoEKdOcSXBUayeuA2Bmw4zzz mk5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=HIV7E0CRvDDSx2zgDkfnGOn0fmK9gnGe6E3Yb6cHYZY=; b=k+pGB8lSE6x6Wr64ZD/bRLQQA5zCHM35l0WJTUCpklXzmjBEetPBPfk1X/lxXfuolF K0zCnFKUDHpdAGoiOsuWxqn3pmrlL8LpCNqe8IpGf3nNT9B7VL/R+7FfKWEyZscHa0G6 S6dKcVlz6f/npyFJvIaWpMS6KZWOg7CkT34kSStExeSs1jssTOttoNCuVDR85LMHyEEi KtXd8QeHF3DpbLlPL/G9jCNfZEcB1wzWhrJmcpgUkxv60ngfUx4yLzYtHkf3bA7heQow y/iiHYZYvRgbFnmMlX+O17BjBOC/13zYUiV94fQQSuuVLPSMTIL8WpDp6SJG+IVYQPcc Nrbg== X-Gm-Message-State: AOAM531s50Z29Cu1u6rbYzWCEgnB+/tQUo+H8/0amI/oYXEI0jK6qIrv zL7dtE2e7hJAHCKJiS8/K5Xt4g== X-Received: by 2002:a17:90a:a6e:: with SMTP id o101mr6781431pjo.208.1625664989049; Wed, 07 Jul 2021 06:36:29 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id t9sm6438659pjs.50.2021.07.07.06.36.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jul 2021 06:36:28 -0700 (PDT) From: Masahisa Kojima To: Heinrich Schuchardt , Alexander Graf , Ilias Apalodimas , Simon Glass , Masahisa Kojima , Dhananjay Phadke , u-boot@lists.denx.de Subject: [PATCH 0/5] add measurement support Date: Wed, 7 Jul 2021 22:36:33 +0900 Message-Id: <20210707133638.12630-1-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This patch series add the support of measurement descibed in TCG PC Client PFP spec(Version 1.05 Revision 23). Eventlog generated with this patch series are tested on the aarch64 based machine(Socionext Developerbox) and fTPM running on OP-TEE. The eventlog result is almost same result as the one generated by edk2 running on the Devloperbox and Secure96. This patch series does not cover all measurement requirements described in TCG spec, the remaing items will be supported in the future. Major missing items in TCG PC Client PFP spec: 1) If the secure boot variables are updated after they are initially measured in PCR[7] and before ExitBootServices() has completed, the platform MAY be restarted OR the variables MUST be remeasured into PCR[7]. 2) SMBIOS structure measurement 3) "DeployedMode" and "AuditMode" measurement 4) EV_EFI_GPT_EVENT event 5) Measurement of U-boot itself. I assume U-boot measurement will be done by the former firmware such as trusted firmware. Masahisa Kojima (5): efi_loader: increase eventlog buffer size efi_loader: add secure boot variable measurement efi_loader: add boot variable measurement efi_loader: add ExitBootServices() measurement efi_loader: refactor efi_append_scrtm_version() include/efi_loader.h | 5 + include/efi_tcg2.h | 20 +++ include/tpm-v2.h | 18 +- lib/efi_loader/Kconfig | 2 +- lib/efi_loader/efi_boottime.c | 25 +++ lib/efi_loader/efi_tcg2.c | 328 +++++++++++++++++++++++++++++++++- 6 files changed, 390 insertions(+), 8 deletions(-) -- 2.17.1