Unnamed repository; edit this file 'description' to name the repository. http://cgit.235523.xyz/u-boot.git/atom/lib/Kconfig?h=v2024.10 2024-07-05T19:57:02Z 2024-07-05T19:57:02Z Anand Moon linux.amoon@gmail.com 2024-06-23T17:40:21Z urn:sha1:608a88c2709cc46c3de0f0ecd9206866b58c256f Adjust indentation from spaces to tab (+optional two spaces) as in coding style with command like: $ sed -e 's/^ /\t/' -i */Kconfig Signed-off-by: Anand Moon <linux.amoon@gmail.com> 2024-06-30T11:58:31Z Ilias Apalodimas ilias.apalodimas@linaro.org 2024-06-23T11:48:18Z urn:sha1:e7505b3b8bcd1bca2d30291367713f442b453c41 Simon reports that after enabling all algorithms on the TPM some boards fail since they don't have enough storage to accommodate the ~5KB growth. The choice of hash algorithms is determined by the platform and the TPM configuration. Failing to cap a PCR in a bank which the platform left active is a security vulnerability. It might allow unsealing of secrets if an attacker can replay a good set of measurements into an unused bank. If MEASURED_BOOT or EFI_TCG2_PROTOCOL is enabled our Kconfig will enable all supported hashing algorithms. We still want to allow users to add a TPM and not enable measured boot via EFI or bootm though and at the same time, control the compiled algorithms for size reasons. So let's add a function tpm2_allow_extend() which checks the TPM active PCRs banks against the one U-Boot was compiled with. We only allow extending PCRs if the algorithms selected during build match the TPM configuration. It's worth noting that this is only added for TPM2.0, since TPM1.2 is lacking a lot of code at the moment to read the available PCR banks. We unconditionally enable SHA1 when a TPM is selected, which is the only hashing algorithm v1.2 supports. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Tested-by: Simon Glass <sjg@chromium.org> # chromebook-link 2024-04-22T17:01:48Z Michal Simek michal.simek@amd.com 2024-04-16T06:55:16Z urn:sha1:953d335d39c6a1ff6578ce43abd78b48e93a65e4 All errors are generated by ./tools/qconfig.py -b -j8 -i whatever. Error look like this: drivers/crypto/Kconfig:9: warning: style: quotes recommended around 'drivers/crypto/nuvoton/Kconfig' in 'source drivers/crypto/nuvoton/Kconfig' Signed-off-by: Michal Simek <michal.simek@amd.com> 2024-04-13T09:14:29Z Vincent Stehlé vincent.stehle@arm.com 2024-04-11T16:44:02Z urn:sha1:6d9a851e50b4cff59a5933d95a9241def08a4d0c The README.trace has been moved and converted to rst in commit dce26c7d56ed ("doc: move README.trace to HTML documentation"); fix all the remaining references to this file. Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com> Cc: Tom Rini <trini@konsulko.com> Cc: Simon Glass <sjg@chromium.org> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 2023-12-18T14:55:32Z Tom Rini trini@konsulko.com 2023-12-18T13:31:50Z urn:sha1:1373ffde52e16af83fb14a1d228508a8caaa9996 Prepare v2024.01-rc5 2023-12-13T14:57:02Z Tom Rini trini@konsulko.com 2023-11-20T20:17:23Z urn:sha1:253f939aa11cecde2aef632b528d550ca94630b4 The correct symbol to enable to have SMBIOS populate fields based on the device tree is SYSINFO_SMBIOS and not SMBIOS_SYSINFO. Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> 2023-11-10T17:52:33Z Sean Anderson sean.anderson@seco.com 2023-10-27T20:40:15Z urn:sha1:47cfdb2192b1f8cb5061bde53fcce562afaeadf2 Add support for a semihosting fallback on 32-bit ARM. The assembly is lightly adapted from the irq return code, except there is no offset since lr already points to the correct instruction. The C side is mostly like ARM64, except we have fewer cases to deal with. Signed-off-by: Sean Anderson <sean.anderson@seco.com> 2023-11-07T19:49:10Z AKASHI Takahiro takahiro.akashi@linaro.org 2023-10-26T18:31:31Z urn:sha1:a4dc3d569933e93e348f40dad802e2bed35f4de9 This option is independent from any commands and should be managed under lib. For instance, drivers/block/rkmtd.c is a user. It would be better to remove this configuration. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Tom Rini <trini@konsulko.com> 2023-10-27T23:27:29Z Tom Rini trini@konsulko.com 2023-10-27T23:27:29Z urn:sha1:d5d9770f58ce0ba620e4d311bbd756b97839480a bootX measurements and measurement API moved to u-boot core: Up to now, U-Boot could perform measurements and EventLog creation as described by the TCG spec when booting via EFI. The EFI code was residing in lib/efi_loader/efi_tcg2.c and contained both EFI specific code + the API needed to access the TPM, extend PCRs and create an EventLog. The non-EFI part proved modular enough and moving it around to the TPM subsystem was straightforward. With that in place we can have a common API for measuring binaries regardless of the boot command, EFI or boot(m|i|z), and contructing an EventLog. I've tested all of the EFI cases -- booting with an empty EventLog and booting with a previous stage loader providing one and found no regressions. Eddie tested the bootX part. Eddie also fixed the sandbox TPM which couldn't be used for the EFI code and it now supports all the required capabilities. This had a slight sideeffect in our testing since the EFI subsystem initializes the TPM early and 'tpm2 init' failed during some python tests. That code only opens the device though, so we can replace it with 'tpm2 autostart' which doesn't error out and still allows you to perfom the rest of the tests but doesn't report an error if the device is already opened. There's a few minor issues with this PR as well but since testing and verifying the changes takes a considerable amount of time, I prefer merging it now. Heinrich has already sent a PR for -master containing "efi_loader: fix EFI_ENTRY point on get_active_pcr_banks" and I am not sure if that will cause any conflicts, but in any case they should be trivial to resolve. Both the EFI and non-EFI code have a Kconfig for measuring the loaded Device Tree. The reason this is optional is that we can't reason when/if devices add random info like kaslr-seed, mac addresses etc in the DT. In that case measurements are random, board specific and eventually useless. The reason it was difficult to fix it prior to this patchset is because the EFI subsystem and thus measurements was brought up late and DT fixups might have already been applied. With this patchset we can measure the DT really early in the future. Heinrich also pointed out that the two Kconfigs for the DTB measurements can be squashed in a single one and that the documentation only explains the non-EFI case. I agree on both but as I said this is a sane working version, so let's pull this first it's aleady big enough and painful to test. 2023-10-27T10:14:47Z Eddie James eajames@linux.ibm.com 2023-10-24T15:43:49Z urn:sha1:97707f12fdabf5fab5942504dab711a665854942 Add TPM2 functions to support boot measurement. This includes starting up the TPM, initializing/appending the event log, and measuring the U-Boot version. Much of the code was used in the EFI subsystem, so remove it there and use the common functions. Signed-off-by: Eddie James <eajames@linux.ibm.com> For the API moving around from EFI -> u-boot core Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> For EFI testing Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>