From patchwork Fri Aug 13 07:12:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahisa Kojima X-Patchwork-Id: 496548 Delivered-To: patch@linaro.org Received: by 2002:a02:cf8a:0:0:0:0:0 with SMTP id w10csp273466jar; Fri, 13 Aug 2021 00:12:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzF9EOgxhYa5hCu66iRRMAY7d61d0l/6aB048wBwmamqP08yzGoCiYl3ohfrMWFtjD7FsWR X-Received: by 2002:aa7:c815:: with SMTP id a21mr1322401edt.274.1628838752053; Fri, 13 Aug 2021 00:12:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628838752; cv=none; d=google.com; s=arc-20160816; b=TmeQsBZwT9YDUhp3RfjJQkfPS9/UQ7zIvAfGwyx6mC9CHXG7QuH38wojAWriIvyOR8 g5sfl0ERuamkek3z8/lnNt1MJLqknjV5NeJvHMXWS6fA8fGQyVNnDoQFlllnSkUKU5RO XSVNzIV2gnxhOaRthFEPkRaCpBH3S3eYcYH3C/zFlIIqJXjafnWuI+gB0vwM5RPP2esP dUQBxuQoI3jVwx+v22YRKqTdxzcDKSY++5pfp+cd73vZPAhYMgpeafYhsfOoJ8OJcGsq 9G1CxfhfbQphIeIuyjQkKJHTIicrWhueJQKNUQHn52ZooDRRUEOKXPAh2T83vEKqaq/P W19Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:message-id:date:subject:to:from :dkim-signature; bh=DAQh3CZQCYVVFPkyob9FbHWzC94Qj2p9RF3ASQ8uOaI=; b=hE1rEsaoRJDH922mZghBh6SBoO120oK7GJcoHBFDxkfTm/jvvs2n6iidiZAQ6o6+uU OZCAW8tPNVes3XfakUfOJpApPZcCCSDrsv/iCZ6NPOimzLs6WB4TjSv/9q5I7SRp5Yl6 55PxrxLxv6ZA0O8ffFU+G3YDIPA17eaEFa+hfK5nKT03c13TCmHx/g334s7Unc92GjKj NsKkF3FBUFKfftigfxkuYqev2/7/TMJgNO8CdPEGrWBDnSD3RmNEjgjiTNoa727nucBt qQ9O2LQs6zrSB+zBq4AAocolJAdgaGE8vfmab/nUMZOju9CAXhlMxxYXMoYIuOFDWwqZ ZcAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=QEm76aM9; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id m20si854911edd.383.2021.08.13.00.12.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Aug 2021 00:12:32 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=QEm76aM9; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C11BE82DC2; Fri, 13 Aug 2021 09:12:26 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="QEm76aM9"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 1974C82DA1; Fri, 13 Aug 2021 09:12:25 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C5A498296F for ; Fri, 13 Aug 2021 09:12:20 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=masahisa.kojima@linaro.org Received: by mail-pj1-x1032.google.com with SMTP id u13-20020a17090abb0db0290177e1d9b3f7so19422347pjr.1 for ; Fri, 13 Aug 2021 00:12:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id; bh=DAQh3CZQCYVVFPkyob9FbHWzC94Qj2p9RF3ASQ8uOaI=; b=QEm76aM9kSzGBu2mtCDZG2qFHSRhXHCGR0dyuM0IECRDsT1BzKxUCPTULeM6goJ4Mf g+9wj21uPOBAud5nqiwMpi4Q4chb0eG9Q7N1xzkoCDw8Se79u2mQjLghdN0PqoPNqGTt eSkbVOErMqpHHpG5BapvMDdN7sm7YMXfoLPaNCsIcErQ/dWOhOZkTXt+K1AndINyJF0x aypRYjBx+hT06Zy0fmixWUbmSk6p9oTSodCaOdEB8ZrwBhjYvBYe8IQbuFWLHov6GAU7 aDfq60Pg6yDnJV4Ae/T/iqYvNqllxsBMslGnwdSy2nEe+gjpUx9BTF2jI8T9MHnT7Tbj qHbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=DAQh3CZQCYVVFPkyob9FbHWzC94Qj2p9RF3ASQ8uOaI=; b=hM8H/V/pX68OD4V0lbdApC+3oSRj2FkOpvpQ+WlX+LCJ1ylqeBRTqglYjkTYmO5qxq NkRT0qzmiH17wLT7uKERm7IiQbVj7E+E6TCKBSR4kpBR+FuQYVBKmlPw1tyImCbOcUfV DAPtViv3UXqfb92wlzzdvnHpInGE/pHGUVnyx4lpnnpNzDkxgQoDhbHVACteBB8Adh7b EgFJz1botaQW2cjRs4Da5bvmOb7RJSs7OnnkgJtVLKGAbZDu6HqMxvwiI4ytcu098BmP 63qdSQm5be7fQva5s4CEMP52ytV4lZJ247g63hTkKkUXlcseS3OiX5dneh9gHdIhMiF2 y0Bw== X-Gm-Message-State: AOAM531BazTQOFTmAbKtNbpwkPnTQDie3VAp8gJ8Ts8OhK5wTge9wRuP tynIXGD/4oneK0Mb7YtkWuNSJw== X-Received: by 2002:aa7:9f82:0:b029:3e0:96a5:903f with SMTP id z2-20020aa79f820000b02903e096a5903fmr1158380pfr.37.1628838739062; Fri, 13 Aug 2021 00:12:19 -0700 (PDT) Received: from localhost.localdomain ([2400:2411:502:a100:82fa:5bff:fe4b:26b1]) by smtp.gmail.com with ESMTPSA id u21sm987078pfh.163.2021.08.13.00.12.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Aug 2021 00:12:18 -0700 (PDT) From: Masahisa Kojima To: Heinrich Schuchardt , Alexander Graf , Ilias Apalodimas , Simon Glass , Masahisa Kojima , Dhananjay Phadke , AKASHI Takahiro , u-boot@lists.denx.de Subject: [PATCH v4 0/5] add measurement support Date: Fri, 13 Aug 2021 16:12:38 +0900 Message-Id: <20210813071243.18885-1-masahisa.kojima@linaro.org> X-Mailer: git-send-email 2.17.1 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean This patch series add the support of measurement descibed in TCG PC Client PFP spec(Version 1.05 Revision 23). Eventlog generated with this patch series are tested on the aarch64 based machine(Socionext Developerbox) and fTPM running on OP-TEE. The eventlog result is almost same result as the one generated by edk2 running on the Devloperbox and Secure96. This patch series does not cover all measurement requirements described in TCG spec, the remaining items will be supported in the future. Major missing items in TCG PC Client PFP spec: 1) If the secure boot variables are updated after they are initially measured in PCR[7] and before ExitBootServices() has completed, the platform MAY be restarted OR the variables MUST be remeasured into PCR[7]. 2) SMBIOS structure measurement 3) "DeployedMode" and "AuditMode" measurement 4) EV_EFI_GPT_EVENT event 5) Measurement of U-boot itself. I assume U-boot measurement will be done by the former firmware such as trusted firmware. Masahisa Kojima (5): efi_loader: add secure boot variable measurement efi_loader: add boot variable measurement efi_loader: add ExitBootServices() measurement efi_loader: refactor efi_append_scrtm_version() efi_loader: add comment for efi_tcg2.h include/efi_loader.h | 5 + include/efi_tcg2.h | 77 +++++++- include/tpm-v2.h | 18 +- lib/efi_loader/efi_boottime.c | 25 +++ lib/efi_loader/efi_tcg2.c | 356 +++++++++++++++++++++++++++++++++- 5 files changed, 471 insertions(+), 10 deletions(-) -- 2.17.1