u-boot.git/include/efi_tcg2.h, branch master Unnamed repository; edit this file 'description' to name the repository. include/efi_loader.h, include/efi_tcg2.h: Audit include list 2025-06-02T23:26:15+00:00 Tom Rini trini@konsulko.com 2025-05-21T22:51:17+00:00 40d5f553316eba90a893a58c12c098da74dca335 In include/efi_loader.h we do not directly need <log.h>, <part_efi.h>, <pe.h> nor <linux/oid_registry.h> so remove them. In include/efi_tcg2.h we make use of <part_efi.h> but did not include it, so add it directly. Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Tom Rini <trini@konsulko.com> 
In include/efi_loader.h we do not directly need <log.h>, <part_efi.h>,
<pe.h> nor <linux/oid_registry.h> so remove them. In include/efi_tcg2.h
we make use of <part_efi.h> but did not include it, so add it directly.

Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
tcg2: decouple eventlog size from efi 2025-01-28T06:59:23+00:00 Raymond Mao raymond.mao@linaro.org 2025-01-27T14:49:35+00:00 afe26a74ddfe183b7ea76d5b36d33d2318d02c28 Move default eventlog size from efi to tpm for using in both efi and measured boot. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Move default eventlog size from efi to tpm for using in both
efi and measured boot.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: Move TCG headers into a separate file 2024-06-30T11:58:31+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-06-23T11:48:14+00:00 27b462cec15c994f9490425094c7e405d539f3e7 commit 97707f12fdab ("tpm: Support boot measurements") moved out code from the EFI subsystem into the TPM one to support measurements when booting with !EFI. Those were moved directly into the TPM subsystem and in the tpm-v2.c library. In hindsight, it would have been better to move it in new files since the TCG2 is governed by its own spec, it's overeall cleaner and also easier to enable certain parts of the TPM functionality. So let's start moving the headers in a new file containing the TCG specific bits. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
commit 97707f12fdab ("tpm: Support boot measurements") moved out code
from the EFI subsystem into the TPM one to support measurements when
booting with !EFI.

Those were moved directly into the TPM subsystem and in the tpm-v2.c
library. In hindsight, it would have been better to move it in new
files since the TCG2 is governed by its own spec, it's overeall cleaner
and also easier to enable certain parts of the TPM functionality.

So let's start moving the headers in a new file containing the TCG
specific bits.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: remove unused TCG algo definitions 2024-06-30T11:58:31+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-06-23T11:48:13+00:00 6ea97fe44159dbbcb7bea914654da7f99dc348fa commit 97707f12fdab ("tpm: Support boot measurements") moved some of the EFI TCG code to the TPM subsystem. Those definitions are now in tpm-v2.h. Let's remove the stale entries Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
commit 97707f12fdab ("tpm: Support boot measurements") moved some of the
EFI TCG code to the TPM subsystem. Those definitions are now in tpm-v2.h.
Let's remove the stale entries

Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: sanitize efi_tcg2_final_events_table definition 2024-04-13T09:03:12+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2024-04-10T22:50:43+00:00 5884481e2a2613ae5f3b9c1dab0671acd88ca961 The length of the variable name typically is not 1. Neither the length of the variable name nor the size of the appended data is known in the include. * Define the size of element variable_name as variable. * Remove the unusable element variable_data. Addresses-Coverity-ID: 467400 Out-of-bounds read Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
The length of the variable name typically is not 1.
Neither the length of the variable name nor the size of the appended
data is known in the include.

* Define the size of element variable_name as variable.
* Remove the unusable element variable_data.

Addresses-Coverity-ID: 467400 Out-of-bounds read
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
tpm: Support boot measurements 2023-10-27T10:14:47+00:00 Eddie James eajames@linux.ibm.com 2023-10-24T15:43:49+00:00 97707f12fdabf5fab5942504dab711a665854942 Add TPM2 functions to support boot measurement. This includes starting up the TPM, initializing/appending the event log, and measuring the U-Boot version. Much of the code was used in the EFI subsystem, so remove it there and use the common functions. Signed-off-by: Eddie James <eajames@linux.ibm.com> For the API moving around from EFI -> u-boot core Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> For EFI testing Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add TPM2 functions to support boot measurement. This includes
starting up the TPM, initializing/appending the event log, and
measuring the U-Boot version. Much of the code was used in the
EFI subsystem, so remove it there and use the common functions.

Signed-off-by: Eddie James <eajames@linux.ibm.com>
For the API moving around from EFI -> u-boot core
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
For EFI testing
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: Measure the loaded DTB 2023-02-19T20:15:15+00:00 Etienne Carriere etienne.carriere@linaro.org 2023-02-16T16:29:48+00:00 aa2d3945ce6df43903d76cadde1c0669d6d5d43b Measures the DTB passed to the EFI application upon new boolean config switch CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB. For platforms where the content of the DTB passed to the OS can change across reboots, there is not point measuring it hence the config switch to allow platform to not embed this feature. Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Measures the DTB passed to the EFI application upon new boolean config
switch CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB. For platforms where the
content of the DTB passed to the OS can change across reboots, there is
not point measuring it hence the config switch to allow platform to not
embed this feature.

Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
efi_loader: printing TCG2 protocol GUID 2022-01-19T15:16:33+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2022-01-16T16:46:38+00:00 38040a63a3e838a1eeb56c7d18875be485b14f5c We support the TCG2 protocol. Allow command efidebug to print it. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
We support the TCG2 protocol. Allow command efidebug to print it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
efi_loader: add UEFI GPT measurement 2021-10-26T19:32:46+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-10-26T08:27:25+00:00 ce3dbc5d080de8045dd5e2b512cad75434ba4cf5 This commit adds the UEFI GPT disk partition topology measurement required in TCG PC Client Platform Firmware Profile Specification Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
This commit adds the UEFI GPT disk partition topology
measurement required in TCG PC Client Platform Firmware
Profile Specification

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
efi_loader: add SMBIOS table measurement 2021-10-26T15:58:14+00:00 Masahisa Kojima masahisa.kojima@linaro.org 2021-10-26T08:27:24+00:00 3d49ee8510d38e7fd087c7250a3f4392a38bf0dd TCG PC Client Platform Firmware Profile Specification requires to measure the SMBIOS table that contains static configuration information (e.g. Platform Manufacturer Enterprise Number assigned by IANA, platform model number, Vendor and Device IDs for each SMBIOS table). The device- and environment-dependent information such as serial number is cleared to zero or space character for the measurement. Existing smbios_string() function returns pointer to the string with const qualifier, but exisintg use case is updating version string and const qualifier must be removed. This commit removes const qualifier from smbios_string() return value and reuses to clear the strings for the measurement. This commit also fixes the following compiler warning: lib/smbios-parser.c:59:39: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address; Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> 
TCG PC Client Platform Firmware Profile Specification
requires to measure the SMBIOS table that contains static
configuration information (e.g. Platform Manufacturer
Enterprise Number assigned by IANA, platform model number,
Vendor and Device IDs for each SMBIOS table).

The device- and environment-dependent information such as
serial number is cleared to zero or space character for
the measurement.

Existing smbios_string() function returns pointer to the string
with const qualifier, but exisintg use case is updating version
string and const qualifier must be removed.
This commit removes const qualifier from smbios_string()
return value and reuses to clear the strings for the measurement.

This commit also fixes the following compiler warning:

lib/smbios-parser.c:59:39: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
  const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address;

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>