From patchwork Wed Jul 14 13:00:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 476739 Delivered-To: patch@linaro.org Received: by 2002:a02:c94a:0:0:0:0:0 with SMTP id u10csp544748jao; Wed, 14 Jul 2021 05:59:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzPg5lyKz6uyeTq+vBMmAIWy/DFM+vCbKO7jR/4RigNhTaxX7J/hyqbAxI6L4R4sQdZMGSW X-Received: by 2002:a05:6402:487:: with SMTP id k7mr13373842edv.315.1626267569586; Wed, 14 Jul 2021 05:59:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626267569; cv=none; d=google.com; s=arc-20160816; b=PnbLqhafdbpSR92Hz7fux5c+HaGv6HXaDwBjfbxEirbySo+tg/V8iVumBcJY/k19FC k7TnIjT3k8d59diYUmwGq6Bu6lXXOLptCuup7XQRfOIEGmeo1RM+1q/llgzc+Qqz+wuh pdlIqYRT0u++IVz0ppHVHd4JnDkkOFUZuD3gD0/jF9iGtihs0NWTwLS7b75+TjUBNChb 5zk9HRJw84i6PHVXNCpAz8RtZyEFOQ1gRZt66KQcvhws8Kr1iLb2jRiJSDDQ1C819+h4 LE/xvES6i2+6AhphqRago5wFxIYd0RCiW34FVZX/9c354d4twEOywR9hAu+287HZyZBQ mFOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:message-id:date:subject:to:from :dkim-signature; bh=ytD55jpnJ1Ptp2wt2dUF5cEym1thUPTi7/lOEmTYgN0=; b=VgCmE8qiNRGjtOdsGNeOJS6BaQYEwjHZ4F0SJqhcdTAHynLAO6kH6GiCBHfs75uHMC gmIBSMiOUORYc5q5JZnRqAlPS2O5L1NhIyINRFrcJQ3g4sQPTjv7Nkn+6qcaZm1Mqg2n 5e3B9E2TJOLV1Y2H8pxFqpUdH/hMp174D/FKTqI8dxVqJvVHxCUryI+B6Dm8Gkb4fgJZ 1vPf2R9B4t1YMbaq1+SJuv540yaiYZMBKpyVprLDl3Sx/ponXXBXB9y2+1u+79FimzyV Y6PBMmV8XW69akCgMEZX33uXuWISG9pgHjMxR0CK1IkTgS/ppk7uUMi3iDZb18Bo8nWk xuZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=mJrunwX9; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id lw8si2535162ejb.409.2021.07.14.05.59.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Jul 2021 05:59:29 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=mJrunwX9; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id D13D180FBA; Wed, 14 Jul 2021 14:59:25 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="mJrunwX9"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 3CED981280; Wed, 14 Jul 2021 14:59:24 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 25F1680615 for ; Wed, 14 Jul 2021 14:59:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pg1-x534.google.com with SMTP id s18so2326758pgq.3 for ; Wed, 14 Jul 2021 05:59:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id; bh=ytD55jpnJ1Ptp2wt2dUF5cEym1thUPTi7/lOEmTYgN0=; b=mJrunwX9fTS8yrVtHNCRwPuXVpvDoSD4KpV43LGrG4t8ElZHqo0IOM7V0KX3mrS/yJ q816K22XCXhuv9icsYEyRpsXGUrTxPVB2kCJZxheT384zZxst4tzO55FG15RyP6SaBpv 0Sj0bY+18pNKwBM8MxJKOnJs9D82u4zZ4sFeGww0WF6DLVozh4YnVn+krIMDavGGKtUx vaAiE8/0IT53YGDBiW5g/r3KdkpXny3L+jv+4pnyRbIsHEe8uGZ8N92wPojRHtkxjhmZ N1Fag9n+p9EXfnpxSEsmpec+NT4YiZPSPkEjgNjlxR4RCruC35PjjICHg55iqXpUjaQB CeHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=ytD55jpnJ1Ptp2wt2dUF5cEym1thUPTi7/lOEmTYgN0=; b=m2Wt3F+14sKAOgPSwqXTyNv7VoI5+uvT7JbH6GkoRNaxj3qqhMqcNhu69ehMTenojW SdZnYkTbgaEtCW+6xdhjw07mjQzsEWJSEIgqMC66nfePn0Sm+iqmv6U73fWVj4uvRRzd WdQtTLg2iweJOhi0/v8Sq6KE3W0fbED35Xc1YC9cC6yXrdmJvrQMVCJ2YNb8NRFeBtYi MU99Fy4yYOHGsX+NgfjjAi8U8VyIbSgoNM2SH1cdxNYa9VeQf6aHGPDvQf7r7Weehosx OqEu4mjhgF+Mut3DsoK6axqb/hALq76ZPZyE+pQ7jOkh+sESqa7/C1KWBjGDdreOXYet 7/qQ== X-Gm-Message-State: AOAM533ND4snwnfmmeLlhlVg6oVFYMYkpk/NbYczqVrR9DqamMxhY684 aJzeACvq6TjL0dJ9onKqUm5C2g== X-Received: by 2002:a63:3d0:: with SMTP id 199mr9600559pgd.159.1626267559322; Wed, 14 Jul 2021 05:59:19 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id m21sm2787509pfo.159.2021.07.14.05.59.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Jul 2021 05:59:18 -0700 (PDT) From: Masahisa Kojima To: Heinrich Schuchardt , Alexander Graf , Ilias Apalodimas , Simon Glass , Masahisa Kojima , Dhananjay Phadke , u-boot@lists.denx.de Subject: [PATCH v2 0/6] add measurement support Date: Wed, 14 Jul 2021 22:00:00 +0900 Message-Id: <20210714130006.17837-1-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This patch series add the support of measurement descibed in TCG PC Client PFP spec(Version 1.05 Revision 23). Eventlog generated with this patch series are tested on the aarch64 based machine(Socionext Developerbox) and fTPM running on OP-TEE. The eventlog result is almost same result as the one generated by edk2 running on the Devloperbox and Secure96. This patch series does not cover all measurement requirements described in TCG spec, the remaining items will be supported in the future. Major missing items in TCG PC Client PFP spec: 1) If the secure boot variables are updated after they are initially measured in PCR[7] and before ExitBootServices() has completed, the platform MAY be restarted OR the variables MUST be remeasured into PCR[7]. 2) SMBIOS structure measurement 3) "DeployedMode" and "AuditMode" measurement 4) EV_EFI_GPT_EVENT event 5) Measurement of U-boot itself. I assume U-boot measurement will be done by the former firmware such as trusted firmware. Masahisa Kojima (6): efi_loader: increase eventlog buffer size efi_loader: add secure boot variable measurement efi_loader: add boot variable measurement efi_loader: add ExitBootServices() measurement efi_loader: refactor efi_append_scrtm_version() efi_loader: add comment for efi_tcg2.h include/efi_loader.h | 5 + include/efi_tcg2.h | 71 ++++++++ include/tpm-v2.h | 18 +- lib/efi_loader/Kconfig | 2 +- lib/efi_loader/efi_boottime.c | 25 +++ lib/efi_loader/efi_tcg2.c | 331 +++++++++++++++++++++++++++++++++- 6 files changed, 444 insertions(+), 8 deletions(-) -- 2.17.1