u-boot.git/cmd/bootz.c, branch v2024.01 Unnamed repository; edit this file 'description' to name the repository. Merge tag 'tpm-next-27102023' of https://source.denx.de/u-boot/custodians/u-boot-tpm 2023-10-27T23:27:29+00:00 Tom Rini trini@konsulko.com 2023-10-27T23:27:29+00:00 d5d9770f58ce0ba620e4d311bbd756b97839480a bootX measurements and measurement API moved to u-boot core: Up to now, U-Boot could perform measurements and EventLog creation as described by the TCG spec when booting via EFI. The EFI code was residing in lib/efi_loader/efi_tcg2.c and contained both EFI specific code + the API needed to access the TPM, extend PCRs and create an EventLog. The non-EFI part proved modular enough and moving it around to the TPM subsystem was straightforward. With that in place we can have a common API for measuring binaries regardless of the boot command, EFI or boot(m|i|z), and contructing an EventLog. I've tested all of the EFI cases -- booting with an empty EventLog and booting with a previous stage loader providing one and found no regressions. Eddie tested the bootX part. Eddie also fixed the sandbox TPM which couldn't be used for the EFI code and it now supports all the required capabilities. This had a slight sideeffect in our testing since the EFI subsystem initializes the TPM early and 'tpm2 init' failed during some python tests. That code only opens the device though, so we can replace it with 'tpm2 autostart' which doesn't error out and still allows you to perfom the rest of the tests but doesn't report an error if the device is already opened. There's a few minor issues with this PR as well but since testing and verifying the changes takes a considerable amount of time, I prefer merging it now. Heinrich has already sent a PR for -master containing "efi_loader: fix EFI_ENTRY point on get_active_pcr_banks" and I am not sure if that will cause any conflicts, but in any case they should be trivial to resolve. Both the EFI and non-EFI code have a Kconfig for measuring the loaded Device Tree. The reason this is optional is that we can't reason when/if devices add random info like kaslr-seed, mac addresses etc in the DT. In that case measurements are random, board specific and eventually useless. The reason it was difficult to fix it prior to this patchset is because the EFI subsystem and thus measurements was brought up late and DT fixups might have already been applied. With this patchset we can measure the DT really early in the future. Heinrich also pointed out that the two Kconfigs for the DTB measurements can be squashed in a single one and that the documentation only explains the non-EFI case. I agree on both but as I said this is a sane working version, so let's pull this first it's aleady big enough and painful to test. 
bootX measurements and measurement API moved to u-boot core:

Up to now, U-Boot could perform measurements and EventLog creation as
described by the TCG spec when booting via EFI.

The EFI code was residing in lib/efi_loader/efi_tcg2.c and contained
both EFI specific code + the API needed to access the TPM, extend PCRs
and create an EventLog. The non-EFI part proved modular enough and
moving it around to the TPM subsystem was straightforward.

With that in place we can have a common API for measuring binaries
regardless of the boot command, EFI or boot(m|i|z), and contructing an
EventLog.

I've tested all of the EFI cases -- booting with an empty EventLog and
booting with a previous stage loader providing one and found no
regressions.  Eddie tested the bootX part.

Eddie also fixed the sandbox TPM which couldn't be used for the EFI code
and it now supports all the required capabilities. This had a slight
sideeffect in our testing since the EFI subsystem initializes the TPM
early and 'tpm2 init' failed during some python tests. That code only
opens the device though, so we can replace it with 'tpm2 autostart'
which doesn't error out and still allows you to perfom the rest of the
tests but doesn't report an error if the device is already opened.

There's a few minor issues with this PR as well but since testing and
verifying the changes takes a considerable amount of time, I prefer
merging it now.

Heinrich has already sent a PR for -master containing "efi_loader: fix
EFI_ENTRY point on get_active_pcr_banks" and I am not sure if that will
cause any conflicts, but in any case they should be trivial to resolve.

Both the EFI and non-EFI code have a Kconfig for measuring the loaded
Device Tree.  The reason this is optional is that we can't reason
when/if devices add random info like kaslr-seed, mac addresses etc in
the DT. In that case measurements are random, board specific and
eventually useless.  The reason it was difficult to fix it prior to this
patchset is because the EFI subsystem and thus measurements was brought
up late and DT fixups might have already been applied. With this
patchset we can measure the DT really early in the future.

Heinrich also pointed out that the two Kconfigs for the DTB measurements
can be squashed in a single one and that the documentation only explains
the non-EFI case.  I agree on both but as I said this is a sane working
version, so let's pull this first it's aleady big enough and painful to
test.
bootm: Support boot measurement 2023-10-27T10:15:57+00:00 Eddie James eajames@linux.ibm.com 2023-10-24T15:43:50+00:00 dec166d6b2c28d971394ebe1bc0ac70b88b575c0 Add a configuration option to measure the boot through the bootm function. Add the measurement state to the booti and bootz paths as well. Signed-off-by: Eddie James <eajames@linux.ibm.com> Reviewed-by: Simon Glass <sjg@chromium.org> Ilias: Added some info on Kconfig explaining this is when booting !EFI Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add a configuration option to measure the boot through the bootm
function. Add the measurement state to the booti and bootz paths
as well.

Signed-off-by: Eddie James <eajames@linux.ibm.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Ilias: Added some info on Kconfig explaining this is when booting !EFI
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
cmd: Convert existing long help messages to the new macro 2023-10-16T14:24:58+00:00 Tom Rini trini@konsulko.com 2023-10-07T19:13:08+00:00 3616218b5acea74011aea2d14aa1f6366f242849 - Generally we just drop the #ifdef CONFIG_SYS_LONGHELP and endif lines and use U_BOOT_LONGHELP to declare the same variable name as before - In a few places, either rename the variable to follow convention or introduce the variable as it was being done inline before. Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
- Generally we just drop the #ifdef CONFIG_SYS_LONGHELP and endif lines
  and use U_BOOT_LONGHELP to declare the same variable name as before
- In a few places, either rename the variable to follow convention or
  introduce the variable as it was being done inline before.

Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
treewide: Drop bootm_headers_t typedef 2022-09-29T20:07:57+00:00 Simon Glass sjg@chromium.org 2022-09-07T02:26:50+00:00 d9d7c20b731788c5c8018ce8e5c6e86bb01413df This is not needed and we should avoid typedefs. Use the struct instead. Signed-off-by: Simon Glass <sjg@chromium.org> 
This is not needed and we should avoid typedefs. Use the struct instead.

Signed-off-by: Simon Glass <sjg@chromium.org>
global: Convert simple_strtoul() with hex to hextoul() 2021-08-02T17:32:14+00:00 Simon Glass sjg@chromium.org 2021-07-24T15:03:29+00:00 7e5f460ec457fe310156e399198a41eb0ce1e98c It is a pain to have to specify the value 16 in each call. Add a new hextoul() function and update the code to use it. Add a proper comment to simple_strtoul() while we are here. Signed-off-by: Simon Glass <sjg@chromium.org> 
It is a pain to have to specify the value 16 in each call. Add a new
hextoul() function and update the code to use it.

Add a proper comment to simple_strtoul() while we are here.

Signed-off-by: Simon Glass <sjg@chromium.org>
cmd: bootz: fix device-tree overlap test 2020-08-05T12:18:34+00:00 Baruch Siach baruch@tkos.co.il 2020-07-28T14:57:48+00:00 f2d58f3bdad30ac088f76cce38a2e64a6c640f19 The address of the kernel image is stored in images->ep. zi_start is the offset of execution entry in the image, which is usually 0 for ARM zImage. Fixes boot error when ftd is stored near RAM address 0x0: ERROR: FDT image overlaps OS image (OS=0x0..0x5fd608) Fixes: fbde7589ce30 ("common: bootm: add checks to verify if ramdisk / fdtimage overlaps OS image") Cc: Tero Kristo <t-kristo@ti.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> 
The address of the kernel image is stored in images->ep. zi_start is the
offset of execution entry in the image, which is usually 0 for ARM
zImage.

Fixes boot error when ftd is stored near RAM address 0x0:

ERROR: FDT image overlaps OS image (OS=0x0..0x5fd608)

Fixes: fbde7589ce30 ("common: bootm: add checks to verify if ramdisk / fdtimage overlaps OS image")
Cc: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
common: bootm: add checks to verify if ramdisk / fdtimage overlaps OS image 2020-07-17T12:51:01+00:00 Tero Kristo t-kristo@ti.com 2020-06-12T12:41:20+00:00 fbde7589ce3049318a0e9495db72472af03704af These cases are typically fatal and are difficult to debug for random users. Add checks for detecting overlapping images and abort if overlap is detected. Signed-off-by: Tero Kristo <t-kristo@ti.com> 
These cases are typically fatal and are difficult to debug for random
users. Add checks for detecting overlapping images and abort if overlap
is detected.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
common: Drop log.h from common header 2020-05-19T01:19:18+00:00 Simon Glass sjg@chromium.org 2020-05-10T17:40:05+00:00 f7ae49fc4f363a803dab3be078e93ead8e75a8e9 Move this header out of the common header. Signed-off-by: Simon Glass <sjg@chromium.org> 
Move this header out of the common header.

Signed-off-by: Simon Glass <sjg@chromium.org>
command: Remove the cmd_tbl_t typedef 2020-05-18T22:36:55+00:00 Simon Glass sjg@chromium.org 2020-05-10T17:40:03+00:00 09140113108541b95d340f3c7b6ee597d31ccc73 We should not use typedefs in U-Boot. They cannot be used as forward declarations which means that header files must include the full header to access them. Drop the typedef and rename the struct to remove the _s suffix which is now not useful. This requires quite a few header-file additions. Signed-off-by: Simon Glass <sjg@chromium.org> 
We should not use typedefs in U-Boot. They cannot be used as forward
declarations which means that header files must include the full header to
access them.

Drop the typedef and rename the struct to remove the _s suffix which is
now not useful.

This requires quite a few header-file additions.

Signed-off-by: Simon Glass <sjg@chromium.org>
common: Move the image globals into image.h 2020-01-17T19:02:35+00:00 Simon Glass sjg@chromium.org 2019-12-28T17:45:03+00:00 8e8ccfe1aa1a3ea0cb88b4438c7a687fcf8632a1 These three globals relate to image handling. Move them to the image header file. Signed-off-by: Simon Glass <sjg@chromium.org> 
These three globals relate to image handling. Move them to the image
header file.

Signed-off-by: Simon Glass <sjg@chromium.org>