From patchwork Fri Aug 6 07:02:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 492805 Delivered-To: patch@linaro.org Received: by 2002:a05:6638:396:0:0:0:0 with SMTP id y22csp44962jap; Fri, 6 Aug 2021 00:03:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy40Ih4fwqPmGtPleXK2RtJi+7gaZf/U0Jf/RFr0cSZiSZ53phU/S6yXRJCgQAC0Dv2O5co X-Received: by 2002:a17:906:5aca:: with SMTP id x10mr8730253ejs.414.1628233384493; Fri, 06 Aug 2021 00:03:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628233384; cv=none; d=google.com; s=arc-20160816; b=F656vsAkjC7qUgSN2N5Wnt7gJP8KaDjCNEC7ytOwpAj4YKu1wk4ocaJbJwuDpskCRJ kXspDKitmLL4fho0al8+BZvVba6Pe990O2+8oka+YS4UwEWf4OMKP0kVD6HYoh8rPzcA lTfKOWwtUXuzjXt+1RRCcPwY1qUCqmuVPLzPqtEbssXHnkAGfOAmW8d5B7ViVITou1vv k+mbCzDQwfRHVdLbEeoX/aGVWqX+B+mvH1HWxwz/mw2XUdirlqMf7jzOHxwDKlKCUYGL ED9piH6mqMT6wqsA971W2dlGSKUpoEvVAZR7UPSl5dJpJncM+WzTBM2hCh9mhdR6SKYw 42pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:message-id:date:subject:to:from :dkim-signature; bh=DAQh3CZQCYVVFPkyob9FbHWzC94Qj2p9RF3ASQ8uOaI=; b=oROXorE0ZUcK4dUj092Zyp107b/stD2VpMCCUuNphW823HDs9SB3wTSaUFVETb6Yzv B7RM6/NJX8fAY6vVW+BH0Iz0S2VeHESxRk9VK6xyu9izQwzEnx/dwrnXCJyD+6CLKSki hmtHvA/K9v/cEmUtz0oIPa0/C74mL85psQeUUUvVO0xEmfIAgm3B/llM6NYmxqmjCDR5 vi1nO0CDgl86Zj6jHl5Ihj67548xWPLDZDap+Pig6sAvr4ajqrsMqiNmBj+NEhytySFg 87lfRXeVyHv6nsZB5NSpvQtmBe3fPIOEzXWntREQtr9rKAUoAj/Yu3cBL/vwlW1ATw6o 32iQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=WOAa5wCj; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id z69si8333826ede.301.2021.08.06.00.03.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Aug 2021 00:03:04 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=WOAa5wCj; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id CE87B82E2B; Fri, 6 Aug 2021 09:02:59 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="WOAa5wCj"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 3359582E48; Fri, 6 Aug 2021 09:02:58 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 4BC0282DC1 for ; Fri, 6 Aug 2021 09:02:54 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x1034.google.com with SMTP id mt6so15012688pjb.1 for ; Fri, 06 Aug 2021 00:02:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id; bh=DAQh3CZQCYVVFPkyob9FbHWzC94Qj2p9RF3ASQ8uOaI=; b=WOAa5wCjRFGbi1HAvAlJ7mcRzxR8D3QtH8/zYNVf9ODqb8CZaGQ+RSKSMizwtCPE/y wD04FnAeOEpXJOmlX7HYcDVwhS/DU71vc2grm9fa2Bjbb1EZIjdnB1nW7dHMhrwlw7hR VPfYlNQITXRPdYz8e074o2jVztdj5z9gQTvuGaX0zhmiykIVhMR9J85u4CMECdMQjPtS 5PuKzlYxq92OF8+J7N0cCDXVEV5DHZ1fcwZ7svEcouMVHzFhpiSexckftHIyPRxAHYUd IcGGOtEyJFnbX6cbgwFcWJeYOyavU9v709U9Bt6X8wSCdS7fzbtsuQAvZFuMsOsfwGKg U0ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=DAQh3CZQCYVVFPkyob9FbHWzC94Qj2p9RF3ASQ8uOaI=; b=mINvGs1DLxCaIjtSyevczf6qnF0a5agGm7DUrmFk3c2oOJxNTeRx2NC0CWq3VufcP7 4sWfRlKOgrWPeXvTo4oewNBFdMgL5epM5b4tdQMIfSg4kxfw84q69MgZZ4k9Vkr1ipy9 O2NHzPUPqRmFcrL9HQPmTsosNV4g6HvTyC3AGrftqEDq20ss1XimSiimgRY9sta4SQO8 upD0CbK/jhazC7Dp9bUj4PXNpymJo2jiCd02dLSLMeimEGh+ZtLV1UujbWeJDxbpgtTp wElw+GLFXK3ISFJtLpOOjxybfcAqPhkKUkoceZSRH38MnYNJkxD0/5FeufuceetRmfEl 7oBQ== X-Gm-Message-State: AOAM533UbgyBYmAtY/83YD+rNRlVcUOC6oMO/abBGhIrp8GzUY61hbvn tBF25ugKvQzjoxe5aVk1sSKMsA== X-Received: by 2002:a17:90a:716:: with SMTP id l22mr9028271pjl.128.1628233372495; Fri, 06 Aug 2021 00:02:52 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id u24sm5145304pfm.27.2021.08.06.00.02.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Aug 2021 00:02:51 -0700 (PDT) From: Masahisa Kojima To: Heinrich Schuchardt , Alexander Graf , Ilias Apalodimas , Simon Glass , Masahisa Kojima , Dhananjay Phadke , u-boot@lists.denx.de Subject: [PATCH v3 0/5] add measurement support Date: Fri, 6 Aug 2021 16:02:10 +0900 Message-Id: <20210806070215.19887-1-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This patch series add the support of measurement descibed in TCG PC Client PFP spec(Version 1.05 Revision 23). Eventlog generated with this patch series are tested on the aarch64 based machine(Socionext Developerbox) and fTPM running on OP-TEE. The eventlog result is almost same result as the one generated by edk2 running on the Devloperbox and Secure96. This patch series does not cover all measurement requirements described in TCG spec, the remaining items will be supported in the future. Major missing items in TCG PC Client PFP spec: 1) If the secure boot variables are updated after they are initially measured in PCR[7] and before ExitBootServices() has completed, the platform MAY be restarted OR the variables MUST be remeasured into PCR[7]. 2) SMBIOS structure measurement 3) "DeployedMode" and "AuditMode" measurement 4) EV_EFI_GPT_EVENT event 5) Measurement of U-boot itself. I assume U-boot measurement will be done by the former firmware such as trusted firmware. Masahisa Kojima (5): efi_loader: add secure boot variable measurement efi_loader: add boot variable measurement efi_loader: add ExitBootServices() measurement efi_loader: refactor efi_append_scrtm_version() efi_loader: add comment for efi_tcg2.h include/efi_loader.h | 5 + include/efi_tcg2.h | 77 +++++++- include/tpm-v2.h | 18 +- lib/efi_loader/efi_boottime.c | 25 +++ lib/efi_loader/efi_tcg2.c | 356 +++++++++++++++++++++++++++++++++- 5 files changed, 471 insertions(+), 10 deletions(-) -- 2.17.1