Message ID | 20230109215525.79046-6-eajames@linux.ibm.com |
---|---|
State | Superseded |
Delegated to: | Ilias Apalodimas |
Headers | show |
Series | tpm: Support boot measurements | expand |
On 1/9/23 22:55, Eddie James wrote: > Use the sandbox TPM driver to measure some boot images in a unit > test case. > > $ ./u-boot -T -c "ut measurement" > Running 1 measurement tests > Test: measure: measurement.c > Failures: 0 > > Signed-off-by: Eddie James <eajames@linux.ibm.com> > --- > arch/sandbox/dts/test.dts | 12 +++++++ > configs/sandbox_defconfig | 1 + > include/test/suites.h | 1 + > test/boot/Makefile | 1 + > test/boot/measurement.c | 66 +++++++++++++++++++++++++++++++++++++++ > test/cmd_ut.c | 2 ++ > 6 files changed, 83 insertions(+) > create mode 100644 test/boot/measurement.c > > diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts > index dffe10adbf..ad90bf0541 100644 > --- a/arch/sandbox/dts/test.dts > +++ b/arch/sandbox/dts/test.dts > @@ -66,6 +66,17 @@ > osd0 = "/osd"; > }; > > + reserved-memory { > + #address-cells = <1>; > + #size-cells = <1>; > + ranges; > + > + event_log: tcg_event_log@d0e000 { > + no-map; > + reg = <0x00d0e000 0x2000>; This would limit the file loaded at $loadaddr = 0x0 to 13 MiB. Please, choose a much higher address. Or change $loadaddr, e.g. use loadaddr = kernel_addr_r = 0x1000000. I would prefer raising loadaddr. Best regards Heinrich > + }; > + }; > + > binman: binman { > }; > > @@ -1332,6 +1343,7 @@ > > tpm2 { > compatible = "sandbox,tpm2"; > + memory-region = <&event_log>; > }; > > uart0: serial { > diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig > index de799b5cea..5ac115f2d8 100644 > --- a/configs/sandbox_defconfig > +++ b/configs/sandbox_defconfig > @@ -335,3 +335,4 @@ CONFIG_TEST_FDTDEC=y > CONFIG_UNIT_TEST=y > CONFIG_UT_TIME=y > CONFIG_UT_DM=y > +CONFIG_MEASURED_BOOT=y > diff --git a/include/test/suites.h b/include/test/suites.h > index a01000e127..f9284871b0 100644 > --- a/include/test/suites.h > +++ b/include/test/suites.h > @@ -43,6 +43,7 @@ int do_ut_font(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); > int do_ut_lib(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); > int do_ut_loadm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); > int do_ut_log(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]); > +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]); > int do_ut_mem(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); > int do_ut_optee(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); > int do_ut_overlay(struct cmd_tbl *cmdtp, int flag, int argc, > diff --git a/test/boot/Makefile b/test/boot/Makefile > index d724629d3b..24cc20bdff 100644 > --- a/test/boot/Makefile > +++ b/test/boot/Makefile > @@ -4,6 +4,7 @@ > > obj-$(CONFIG_BOOTSTD) += bootdev.o bootstd_common.o bootflow.o bootmeth.o > obj-$(CONFIG_FIT) += image.o > +obj-$(CONFIG_MEASURED_BOOT) += measurement.o > > ifdef CONFIG_OF_LIVE > obj-$(CONFIG_BOOTMETH_VBE_SIMPLE) += vbe_simple.o > diff --git a/test/boot/measurement.c b/test/boot/measurement.c > new file mode 100644 > index 0000000000..2155208894 > --- /dev/null > +++ b/test/boot/measurement.c > @@ -0,0 +1,66 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Test for measured boot functions > + * > + * Copyright 2023 IBM Corp. > + * Written by Eddie James <eajames@linux.ibm.com> > + */ > + > +#include <common.h> > +#include <bootm.h> > +#include <malloc.h> > +#include <test/suites.h> > +#include <test/test.h> > +#include <test/ut.h> > +#include <asm/io.h> > + > +#define MEASUREMENT_TEST(_name, _flags) \ > + UNIT_TEST(_name, _flags, measurement_test) > + > +static int measure(struct unit_test_state *uts) > +{ > + struct bootm_headers images; > + const size_t size = 1024; > + u8 *kernel; > + u8 *initrd; > + size_t i; > + > + kernel = malloc(size); > + initrd = malloc(size); > + > + images.os.image_start = map_to_sysmem(kernel); > + images.os.image_len = size; > + > + images.rd_start = map_to_sysmem(initrd); > + images.rd_end = images.rd_start + size; > + > + images.ft_addr = malloc(size); > + images.ft_len = size; > + > + env_set("bootargs", "measurement testing"); > + > + for (i = 0; i < size; ++i) { > + kernel[i] = (u8)(0xf0 | (i & 0xf)); > + initrd[i] = (u8)((i & 0xf0) | 0xf); > + ((u8 *)images.ft_addr)[i] = (u8)(i & 0xff); > + } > + > + ut_assertok(bootm_measure(&images)); > + > + free(images.ft_addr); > + free(initrd); > + free(kernel); > + > + return 0; > +} > +MEASUREMENT_TEST(measure, 0); > + > +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, > + char *const argv[]) > +{ > + struct unit_test *tests = UNIT_TEST_SUITE_START(measurement_test); > + const int n_ents = UNIT_TEST_SUITE_COUNT(measurement_test); > + > + return cmd_ut_category("measurement", "measurement_test_", tests, > + n_ents, argc, argv); > +} > diff --git a/test/cmd_ut.c b/test/cmd_ut.c > index 2736582f11..819031c0f8 100644 > --- a/test/cmd_ut.c > +++ b/test/cmd_ut.c > @@ -100,6 +100,8 @@ static struct cmd_tbl cmd_ut_sub[] = { > "", ""), > U_BOOT_CMD_MKENT(bloblist, CONFIG_SYS_MAXARGS, 1, do_ut_bloblist, > "", ""), > + U_BOOT_CMD_MKENT(measurement, CONFIG_SYS_MAXARGS, 1, do_ut_measurement, > + "", ""), > U_BOOT_CMD_MKENT(bootm, CONFIG_SYS_MAXARGS, 1, do_ut_bootm, "", ""), > #endif > U_BOOT_CMD_MKENT(str, CONFIG_SYS_MAXARGS, 1, do_ut_str, "", ""),
On 1/10/23 00:13, Heinrich Schuchardt wrote: > On 1/9/23 22:55, Eddie James wrote: >> Use the sandbox TPM driver to measure some boot images in a unit >> test case. >> >> $ ./u-boot -T -c "ut measurement" >> Running 1 measurement tests >> Test: measure: measurement.c >> Failures: 0 >> >> Signed-off-by: Eddie James <eajames@linux.ibm.com> >> --- >> arch/sandbox/dts/test.dts | 12 +++++++ >> configs/sandbox_defconfig | 1 + >> include/test/suites.h | 1 + >> test/boot/Makefile | 1 + >> test/boot/measurement.c | 66 +++++++++++++++++++++++++++++++++++++++ >> test/cmd_ut.c | 2 ++ >> 6 files changed, 83 insertions(+) >> create mode 100644 test/boot/measurement.c >> >> diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts >> index dffe10adbf..ad90bf0541 100644 >> --- a/arch/sandbox/dts/test.dts >> +++ b/arch/sandbox/dts/test.dts >> @@ -66,6 +66,17 @@ >> osd0 = "/osd"; >> }; >> >> + reserved-memory { >> + #address-cells = <1>; >> + #size-cells = <1>; >> + ranges; >> + >> + event_log: tcg_event_log@d0e000 { >> + no-map; >> + reg = <0x00d0e000 0x2000>; How should this work if you don't define linux,sml-base and linux,sml-size? Best regards Heinrich > > This would limit the file loaded at $loadaddr = 0x0 to 13 MiB. Please, > choose a much higher address. Or change $loadaddr, e.g. use loadaddr = > kernel_addr_r = 0x1000000. I would prefer raising loadaddr. > > Best regards > > Heinrich > >> + }; >> + }; >> + >> binman: binman { >> }; >> >> @@ -1332,6 +1343,7 @@ >> >> tpm2 { >> compatible = "sandbox,tpm2"; >> + memory-region = <&event_log>; >> }; >> >> uart0: serial { >> diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig >> index de799b5cea..5ac115f2d8 100644 >> --- a/configs/sandbox_defconfig >> +++ b/configs/sandbox_defconfig >> @@ -335,3 +335,4 @@ CONFIG_TEST_FDTDEC=y >> CONFIG_UNIT_TEST=y >> CONFIG_UT_TIME=y >> CONFIG_UT_DM=y >> +CONFIG_MEASURED_BOOT=y >> diff --git a/include/test/suites.h b/include/test/suites.h >> index a01000e127..f9284871b0 100644 >> --- a/include/test/suites.h >> +++ b/include/test/suites.h >> @@ -43,6 +43,7 @@ int do_ut_font(struct cmd_tbl *cmdtp, int flag, int >> argc, char *const argv[]); >> int do_ut_lib(struct cmd_tbl *cmdtp, int flag, int argc, char *const >> argv[]); >> int do_ut_loadm(struct cmd_tbl *cmdtp, int flag, int argc, char >> *const argv[]); >> int do_ut_log(struct cmd_tbl *cmdtp, int flag, int argc, char * >> const argv[]); >> +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, char >> * const argv[]); >> int do_ut_mem(struct cmd_tbl *cmdtp, int flag, int argc, char *const >> argv[]); >> int do_ut_optee(struct cmd_tbl *cmdtp, int flag, int argc, char >> *const argv[]); >> int do_ut_overlay(struct cmd_tbl *cmdtp, int flag, int argc, >> diff --git a/test/boot/Makefile b/test/boot/Makefile >> index d724629d3b..24cc20bdff 100644 >> --- a/test/boot/Makefile >> +++ b/test/boot/Makefile >> @@ -4,6 +4,7 @@ >> >> obj-$(CONFIG_BOOTSTD) += bootdev.o bootstd_common.o bootflow.o >> bootmeth.o >> obj-$(CONFIG_FIT) += image.o >> +obj-$(CONFIG_MEASURED_BOOT) += measurement.o >> >> ifdef CONFIG_OF_LIVE >> obj-$(CONFIG_BOOTMETH_VBE_SIMPLE) += vbe_simple.o >> diff --git a/test/boot/measurement.c b/test/boot/measurement.c >> new file mode 100644 >> index 0000000000..2155208894 >> --- /dev/null >> +++ b/test/boot/measurement.c >> @@ -0,0 +1,66 @@ >> +// SPDX-License-Identifier: GPL-2.0+ >> +/* >> + * Test for measured boot functions >> + * >> + * Copyright 2023 IBM Corp. >> + * Written by Eddie James <eajames@linux.ibm.com> >> + */ >> + >> +#include <common.h> >> +#include <bootm.h> >> +#include <malloc.h> >> +#include <test/suites.h> >> +#include <test/test.h> >> +#include <test/ut.h> >> +#include <asm/io.h> >> + >> +#define MEASUREMENT_TEST(_name, _flags) \ >> + UNIT_TEST(_name, _flags, measurement_test) >> + >> +static int measure(struct unit_test_state *uts) >> +{ >> + struct bootm_headers images; >> + const size_t size = 1024; >> + u8 *kernel; >> + u8 *initrd; >> + size_t i; >> + >> + kernel = malloc(size); >> + initrd = malloc(size); >> + >> + images.os.image_start = map_to_sysmem(kernel); >> + images.os.image_len = size; >> + >> + images.rd_start = map_to_sysmem(initrd); >> + images.rd_end = images.rd_start + size; >> + >> + images.ft_addr = malloc(size); >> + images.ft_len = size; >> + >> + env_set("bootargs", "measurement testing"); >> + >> + for (i = 0; i < size; ++i) { >> + kernel[i] = (u8)(0xf0 | (i & 0xf)); >> + initrd[i] = (u8)((i & 0xf0) | 0xf); >> + ((u8 *)images.ft_addr)[i] = (u8)(i & 0xff); >> + } >> + >> + ut_assertok(bootm_measure(&images)); >> + >> + free(images.ft_addr); >> + free(initrd); >> + free(kernel); >> + >> + return 0; >> +} >> +MEASUREMENT_TEST(measure, 0); >> + >> +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, >> + char *const argv[]) >> +{ >> + struct unit_test *tests = UNIT_TEST_SUITE_START(measurement_test); >> + const int n_ents = UNIT_TEST_SUITE_COUNT(measurement_test); >> + >> + return cmd_ut_category("measurement", "measurement_test_", tests, >> + n_ents, argc, argv); >> +} >> diff --git a/test/cmd_ut.c b/test/cmd_ut.c >> index 2736582f11..819031c0f8 100644 >> --- a/test/cmd_ut.c >> +++ b/test/cmd_ut.c >> @@ -100,6 +100,8 @@ static struct cmd_tbl cmd_ut_sub[] = { >> "", ""), >> U_BOOT_CMD_MKENT(bloblist, CONFIG_SYS_MAXARGS, 1, do_ut_bloblist, >> "", ""), >> + U_BOOT_CMD_MKENT(measurement, CONFIG_SYS_MAXARGS, 1, >> do_ut_measurement, >> + "", ""), >> U_BOOT_CMD_MKENT(bootm, CONFIG_SYS_MAXARGS, 1, do_ut_bootm, "", >> ""), >> #endif >> U_BOOT_CMD_MKENT(str, CONFIG_SYS_MAXARGS, 1, do_ut_str, "", ""), >
On 1/9/23 17:26, Heinrich Schuchardt wrote: > On 1/10/23 00:13, Heinrich Schuchardt wrote: >> On 1/9/23 22:55, Eddie James wrote: >>> Use the sandbox TPM driver to measure some boot images in a unit >>> test case. >>> >>> $ ./u-boot -T -c "ut measurement" >>> Running 1 measurement tests >>> Test: measure: measurement.c >>> Failures: 0 >>> >>> Signed-off-by: Eddie James <eajames@linux.ibm.com> >>> --- >>> arch/sandbox/dts/test.dts | 12 +++++++ >>> configs/sandbox_defconfig | 1 + >>> include/test/suites.h | 1 + >>> test/boot/Makefile | 1 + >>> test/boot/measurement.c | 66 >>> +++++++++++++++++++++++++++++++++++++++ >>> test/cmd_ut.c | 2 ++ >>> 6 files changed, 83 insertions(+) >>> create mode 100644 test/boot/measurement.c >>> >>> diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts >>> index dffe10adbf..ad90bf0541 100644 >>> --- a/arch/sandbox/dts/test.dts >>> +++ b/arch/sandbox/dts/test.dts >>> @@ -66,6 +66,17 @@ >>> osd0 = "/osd"; >>> }; >>> >>> + reserved-memory { >>> + #address-cells = <1>; >>> + #size-cells = <1>; >>> + ranges; >>> + >>> + event_log: tcg_event_log@d0e000 { >>> + no-map; >>> + reg = <0x00d0e000 0x2000>; > > How should this work if you don't define linux,sml-base and > linux,sml-size? I have sent a patch to the linux list for using a reserved memory region, as I have also added in the u-boot TPM layer for the event log. https://patchwork.kernel.org/project/linux-integrity/patch/20230103162010.381214-1-eajames@linux.ibm.com/ Thanks, Eddie > > Best regards > > Heinrich > >> >> This would limit the file loaded at $loadaddr = 0x0 to 13 MiB. Please, >> choose a much higher address. Or change $loadaddr, e.g. use loadaddr = >> kernel_addr_r = 0x1000000. I would prefer raising loadaddr. >> >> Best regards >> >> Heinrich >> >>> + }; >>> + }; >>> + >>> binman: binman { >>> }; >>> >>> @@ -1332,6 +1343,7 @@ >>> >>> tpm2 { >>> compatible = "sandbox,tpm2"; >>> + memory-region = <&event_log>; >>> }; >>> >>> uart0: serial { >>> diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig >>> index de799b5cea..5ac115f2d8 100644 >>> --- a/configs/sandbox_defconfig >>> +++ b/configs/sandbox_defconfig >>> @@ -335,3 +335,4 @@ CONFIG_TEST_FDTDEC=y >>> CONFIG_UNIT_TEST=y >>> CONFIG_UT_TIME=y >>> CONFIG_UT_DM=y >>> +CONFIG_MEASURED_BOOT=y >>> diff --git a/include/test/suites.h b/include/test/suites.h >>> index a01000e127..f9284871b0 100644 >>> --- a/include/test/suites.h >>> +++ b/include/test/suites.h >>> @@ -43,6 +43,7 @@ int do_ut_font(struct cmd_tbl *cmdtp, int flag, int >>> argc, char *const argv[]); >>> int do_ut_lib(struct cmd_tbl *cmdtp, int flag, int argc, char *const >>> argv[]); >>> int do_ut_loadm(struct cmd_tbl *cmdtp, int flag, int argc, char >>> *const argv[]); >>> int do_ut_log(struct cmd_tbl *cmdtp, int flag, int argc, char * >>> const argv[]); >>> +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, char >>> * const argv[]); >>> int do_ut_mem(struct cmd_tbl *cmdtp, int flag, int argc, char *const >>> argv[]); >>> int do_ut_optee(struct cmd_tbl *cmdtp, int flag, int argc, char >>> *const argv[]); >>> int do_ut_overlay(struct cmd_tbl *cmdtp, int flag, int argc, >>> diff --git a/test/boot/Makefile b/test/boot/Makefile >>> index d724629d3b..24cc20bdff 100644 >>> --- a/test/boot/Makefile >>> +++ b/test/boot/Makefile >>> @@ -4,6 +4,7 @@ >>> >>> obj-$(CONFIG_BOOTSTD) += bootdev.o bootstd_common.o bootflow.o >>> bootmeth.o >>> obj-$(CONFIG_FIT) += image.o >>> +obj-$(CONFIG_MEASURED_BOOT) += measurement.o >>> >>> ifdef CONFIG_OF_LIVE >>> obj-$(CONFIG_BOOTMETH_VBE_SIMPLE) += vbe_simple.o >>> diff --git a/test/boot/measurement.c b/test/boot/measurement.c >>> new file mode 100644 >>> index 0000000000..2155208894 >>> --- /dev/null >>> +++ b/test/boot/measurement.c >>> @@ -0,0 +1,66 @@ >>> +// SPDX-License-Identifier: GPL-2.0+ >>> +/* >>> + * Test for measured boot functions >>> + * >>> + * Copyright 2023 IBM Corp. >>> + * Written by Eddie James <eajames@linux.ibm.com> >>> + */ >>> + >>> +#include <common.h> >>> +#include <bootm.h> >>> +#include <malloc.h> >>> +#include <test/suites.h> >>> +#include <test/test.h> >>> +#include <test/ut.h> >>> +#include <asm/io.h> >>> + >>> +#define MEASUREMENT_TEST(_name, _flags) \ >>> + UNIT_TEST(_name, _flags, measurement_test) >>> + >>> +static int measure(struct unit_test_state *uts) >>> +{ >>> + struct bootm_headers images; >>> + const size_t size = 1024; >>> + u8 *kernel; >>> + u8 *initrd; >>> + size_t i; >>> + >>> + kernel = malloc(size); >>> + initrd = malloc(size); >>> + >>> + images.os.image_start = map_to_sysmem(kernel); >>> + images.os.image_len = size; >>> + >>> + images.rd_start = map_to_sysmem(initrd); >>> + images.rd_end = images.rd_start + size; >>> + >>> + images.ft_addr = malloc(size); >>> + images.ft_len = size; >>> + >>> + env_set("bootargs", "measurement testing"); >>> + >>> + for (i = 0; i < size; ++i) { >>> + kernel[i] = (u8)(0xf0 | (i & 0xf)); >>> + initrd[i] = (u8)((i & 0xf0) | 0xf); >>> + ((u8 *)images.ft_addr)[i] = (u8)(i & 0xff); >>> + } >>> + >>> + ut_assertok(bootm_measure(&images)); >>> + >>> + free(images.ft_addr); >>> + free(initrd); >>> + free(kernel); >>> + >>> + return 0; >>> +} >>> +MEASUREMENT_TEST(measure, 0); >>> + >>> +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, >>> + char *const argv[]) >>> +{ >>> + struct unit_test *tests = UNIT_TEST_SUITE_START(measurement_test); >>> + const int n_ents = UNIT_TEST_SUITE_COUNT(measurement_test); >>> + >>> + return cmd_ut_category("measurement", "measurement_test_", tests, >>> + n_ents, argc, argv); >>> +} >>> diff --git a/test/cmd_ut.c b/test/cmd_ut.c >>> index 2736582f11..819031c0f8 100644 >>> --- a/test/cmd_ut.c >>> +++ b/test/cmd_ut.c >>> @@ -100,6 +100,8 @@ static struct cmd_tbl cmd_ut_sub[] = { >>> "", ""), >>> U_BOOT_CMD_MKENT(bloblist, CONFIG_SYS_MAXARGS, 1, do_ut_bloblist, >>> "", ""), >>> + U_BOOT_CMD_MKENT(measurement, CONFIG_SYS_MAXARGS, 1, >>> do_ut_measurement, >>> + "", ""), >>> U_BOOT_CMD_MKENT(bootm, CONFIG_SYS_MAXARGS, 1, do_ut_bootm, "", >>> ""), >>> #endif >>> U_BOOT_CMD_MKENT(str, CONFIG_SYS_MAXARGS, 1, do_ut_str, "", ""), >> > >
On 1/10/23 17:38, Eddie James wrote: > > On 1/9/23 17:26, Heinrich Schuchardt wrote: >> On 1/10/23 00:13, Heinrich Schuchardt wrote: >>> On 1/9/23 22:55, Eddie James wrote: >>>> Use the sandbox TPM driver to measure some boot images in a unit >>>> test case. >>>> >>>> $ ./u-boot -T -c "ut measurement" >>>> Running 1 measurement tests >>>> Test: measure: measurement.c >>>> Failures: 0 >>>> >>>> Signed-off-by: Eddie James <eajames@linux.ibm.com> >>>> --- >>>> arch/sandbox/dts/test.dts | 12 +++++++ >>>> configs/sandbox_defconfig | 1 + >>>> include/test/suites.h | 1 + >>>> test/boot/Makefile | 1 + >>>> test/boot/measurement.c | 66 >>>> +++++++++++++++++++++++++++++++++++++++ >>>> test/cmd_ut.c | 2 ++ >>>> 6 files changed, 83 insertions(+) >>>> create mode 100644 test/boot/measurement.c >>>> >>>> diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts >>>> index dffe10adbf..ad90bf0541 100644 >>>> --- a/arch/sandbox/dts/test.dts >>>> +++ b/arch/sandbox/dts/test.dts >>>> @@ -66,6 +66,17 @@ >>>> osd0 = "/osd"; >>>> }; >>>> >>>> + reserved-memory { >>>> + #address-cells = <1>; >>>> + #size-cells = <1>; >>>> + ranges; >>>> + >>>> + event_log: tcg_event_log@d0e000 { >>>> + no-map; >>>> + reg = <0x00d0e000 0x2000>; >> >> How should this work if you don't define linux,sml-base and >> linux,sml-size? > > > I have sent a patch to the linux list for using a reserved memory > region, as I have also added in the u-boot TPM layer for the event log. > > https://patchwork.kernel.org/project/linux-integrity/patch/20230103162010.381214-1-eajames@linux.ibm.com/ Thank you for the clarification. The kernel patch seems to need rework: https://lore.kernel.org/all/202301040834.YsMHDMpw-lkp@intel.com/ Shouldn't the sandbox device-tree support these properties? This will allow us to write a test application that the sandbox can run via booti/bootz (depending on bitness) and bootm. This test application can retrieve the event log and print it via Linux system calls. Best regards Heinrich
On 1/10/23 16:02, Heinrich Schuchardt wrote: > On 1/10/23 17:38, Eddie James wrote: >> >> On 1/9/23 17:26, Heinrich Schuchardt wrote: >>> On 1/10/23 00:13, Heinrich Schuchardt wrote: >>>> On 1/9/23 22:55, Eddie James wrote: >>>>> Use the sandbox TPM driver to measure some boot images in a unit >>>>> test case. >>>>> >>>>> $ ./u-boot -T -c "ut measurement" >>>>> Running 1 measurement tests >>>>> Test: measure: measurement.c >>>>> Failures: 0 >>>>> >>>>> Signed-off-by: Eddie James <eajames@linux.ibm.com> >>>>> --- >>>>> arch/sandbox/dts/test.dts | 12 +++++++ >>>>> configs/sandbox_defconfig | 1 + >>>>> include/test/suites.h | 1 + >>>>> test/boot/Makefile | 1 + >>>>> test/boot/measurement.c | 66 >>>>> +++++++++++++++++++++++++++++++++++++++ >>>>> test/cmd_ut.c | 2 ++ >>>>> 6 files changed, 83 insertions(+) >>>>> create mode 100644 test/boot/measurement.c >>>>> >>>>> diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts >>>>> index dffe10adbf..ad90bf0541 100644 >>>>> --- a/arch/sandbox/dts/test.dts >>>>> +++ b/arch/sandbox/dts/test.dts >>>>> @@ -66,6 +66,17 @@ >>>>> osd0 = "/osd"; >>>>> }; >>>>> >>>>> + reserved-memory { >>>>> + #address-cells = <1>; >>>>> + #size-cells = <1>; >>>>> + ranges; >>>>> + >>>>> + event_log: tcg_event_log@d0e000 { >>>>> + no-map; >>>>> + reg = <0x00d0e000 0x2000>; >>> >>> How should this work if you don't define linux,sml-base and >>> linux,sml-size? >> >> >> I have sent a patch to the linux list for using a reserved memory >> region, as I have also added in the u-boot TPM layer for the event log. >> >> https://patchwork.kernel.org/project/linux-integrity/patch/20230103162010.381214-1-eajames@linux.ibm.com/ >> > > Thank you for the clarification. > > The kernel patch seems to need rework: > https://lore.kernel.org/all/202301040834.YsMHDMpw-lkp@intel.com/ Yes I'll address that. > > Shouldn't the sandbox device-tree support these properties? This will > allow us to write a test application that the sandbox can run via > booti/bootz (depending on bitness) and bootm. This test application can > retrieve the event log and print it via Linux system calls. OK, I can add it to the main sandbox device-tree as well then. It is added to the sandbox test device-tree, used by the unit test case I added. Thanks, Eddie > > Best regards > > Heinrich
On 1/9/23 22:55, Eddie James wrote: > Use the sandbox TPM driver to measure some boot images in a unit > test case. > > $ ./u-boot -T -c "ut measurement" > Running 1 measurement tests > Test: measure: measurement.c > Failures: 0 > > Signed-off-by: Eddie James <eajames@linux.ibm.com> > --- > arch/sandbox/dts/test.dts | 12 +++++++ > configs/sandbox_defconfig | 1 + > include/test/suites.h | 1 + > test/boot/Makefile | 1 + > test/boot/measurement.c | 66 +++++++++++++++++++++++++++++++++++++++ > test/cmd_ut.c | 2 ++ > 6 files changed, 83 insertions(+) > create mode 100644 test/boot/measurement.c > > diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts > index dffe10adbf..ad90bf0541 100644 > --- a/arch/sandbox/dts/test.dts > +++ b/arch/sandbox/dts/test.dts > @@ -66,6 +66,17 @@ > osd0 = "/osd"; > }; > > + reserved-memory { > + #address-cells = <1>; > + #size-cells = <1>; > + ranges; > + > + event_log: tcg_event_log@d0e000 { > + no-map; Isn't no-map misplaced? Shouldn't it be a reserved-memory property? If the memory region is not mapped, Linux can never access it as described in Documentation/devicetree/bindings/reserved-memory/reserved-memory.yaml. Please, document all changes to the device-tree semantics via patches for the Linux kernels documentation and provide a full example. Best regards Heinrich
On 1/10/23 23:32, Heinrich Schuchardt wrote: > On 1/9/23 22:55, Eddie James wrote: >> Use the sandbox TPM driver to measure some boot images in a unit >> test case. >> >> $ ./u-boot -T -c "ut measurement" >> Running 1 measurement tests >> Test: measure: measurement.c >> Failures: 0 >> >> Signed-off-by: Eddie James <eajames@linux.ibm.com> >> --- >> arch/sandbox/dts/test.dts | 12 +++++++ >> configs/sandbox_defconfig | 1 + >> include/test/suites.h | 1 + >> test/boot/Makefile | 1 + >> test/boot/measurement.c | 66 +++++++++++++++++++++++++++++++++++++++ >> test/cmd_ut.c | 2 ++ >> 6 files changed, 83 insertions(+) >> create mode 100644 test/boot/measurement.c >> >> diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts >> index dffe10adbf..ad90bf0541 100644 >> --- a/arch/sandbox/dts/test.dts >> +++ b/arch/sandbox/dts/test.dts >> @@ -66,6 +66,17 @@ >> osd0 = "/osd"; >> }; >> >> + reserved-memory { >> + #address-cells = <1>; >> + #size-cells = <1>; >> + ranges; >> + >> + event_log: tcg_event_log@d0e000 { >> + no-map; > > Isn't no-map misplaced? Shouldn't it be a reserved-memory property? The placement is correct. But I still wonder why we should have this area as no-map. > > If the memory region is not mapped, Linux can never access it as > described in > Documentation/devicetree/bindings/reserved-memory/reserved-memory.yaml. > > Please, document all changes to the device-tree semantics via patches > for the Linux kernels documentation and provide a full example. > > Best regards > > Heinrich
On 1/10/23 16:37, Heinrich Schuchardt wrote: > On 1/10/23 23:32, Heinrich Schuchardt wrote: >> On 1/9/23 22:55, Eddie James wrote: >>> Use the sandbox TPM driver to measure some boot images in a unit >>> test case. >>> >>> $ ./u-boot -T -c "ut measurement" >>> Running 1 measurement tests >>> Test: measure: measurement.c >>> Failures: 0 >>> >>> Signed-off-by: Eddie James <eajames@linux.ibm.com> >>> --- >>> arch/sandbox/dts/test.dts | 12 +++++++ >>> configs/sandbox_defconfig | 1 + >>> include/test/suites.h | 1 + >>> test/boot/Makefile | 1 + >>> test/boot/measurement.c | 66 >>> +++++++++++++++++++++++++++++++++++++++ >>> test/cmd_ut.c | 2 ++ >>> 6 files changed, 83 insertions(+) >>> create mode 100644 test/boot/measurement.c >>> >>> diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts >>> index dffe10adbf..ad90bf0541 100644 >>> --- a/arch/sandbox/dts/test.dts >>> +++ b/arch/sandbox/dts/test.dts >>> @@ -66,6 +66,17 @@ >>> osd0 = "/osd"; >>> }; >>> >>> + reserved-memory { >>> + #address-cells = <1>; >>> + #size-cells = <1>; >>> + ranges; >>> + >>> + event_log: tcg_event_log@d0e000 { >>> + no-map; >> >> Isn't no-map misplaced? Shouldn't it be a reserved-memory property? > > The placement is correct. But I still wonder why we should have this > area as no-map. > >> >> If the memory region is not mapped, Linux can never access it as >> described in >> Documentation/devicetree/bindings/reserved-memory/reserved-memory.yaml. I read the documentation as meaning that Linux won't map it as part of it's standard mappings. It's still available for a device driver (TPM driver in this case). I believe no-map is appropriate here since we don't want anything except the TPM driver to access that memory. Thanks, Eddie >> >> Please, document all changes to the device-tree semantics via patches >> for the Linux kernels documentation and provide a full example. >> >> Best regards >> >> Heinrich >
diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts index dffe10adbf..ad90bf0541 100644 --- a/arch/sandbox/dts/test.dts +++ b/arch/sandbox/dts/test.dts @@ -66,6 +66,17 @@ osd0 = "/osd"; }; + reserved-memory { + #address-cells = <1>; + #size-cells = <1>; + ranges; + + event_log: tcg_event_log@d0e000 { + no-map; + reg = <0x00d0e000 0x2000>; + }; + }; + binman: binman { }; @@ -1332,6 +1343,7 @@ tpm2 { compatible = "sandbox,tpm2"; + memory-region = <&event_log>; }; uart0: serial { diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index de799b5cea..5ac115f2d8 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -335,3 +335,4 @@ CONFIG_TEST_FDTDEC=y CONFIG_UNIT_TEST=y CONFIG_UT_TIME=y CONFIG_UT_DM=y +CONFIG_MEASURED_BOOT=y diff --git a/include/test/suites.h b/include/test/suites.h index a01000e127..f9284871b0 100644 --- a/include/test/suites.h +++ b/include/test/suites.h @@ -43,6 +43,7 @@ int do_ut_font(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_lib(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_loadm(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_log(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]); +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[]); int do_ut_mem(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_optee(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]); int do_ut_overlay(struct cmd_tbl *cmdtp, int flag, int argc, diff --git a/test/boot/Makefile b/test/boot/Makefile index d724629d3b..24cc20bdff 100644 --- a/test/boot/Makefile +++ b/test/boot/Makefile @@ -4,6 +4,7 @@ obj-$(CONFIG_BOOTSTD) += bootdev.o bootstd_common.o bootflow.o bootmeth.o obj-$(CONFIG_FIT) += image.o +obj-$(CONFIG_MEASURED_BOOT) += measurement.o ifdef CONFIG_OF_LIVE obj-$(CONFIG_BOOTMETH_VBE_SIMPLE) += vbe_simple.o diff --git a/test/boot/measurement.c b/test/boot/measurement.c new file mode 100644 index 0000000000..2155208894 --- /dev/null +++ b/test/boot/measurement.c @@ -0,0 +1,66 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Test for measured boot functions + * + * Copyright 2023 IBM Corp. + * Written by Eddie James <eajames@linux.ibm.com> + */ + +#include <common.h> +#include <bootm.h> +#include <malloc.h> +#include <test/suites.h> +#include <test/test.h> +#include <test/ut.h> +#include <asm/io.h> + +#define MEASUREMENT_TEST(_name, _flags) \ + UNIT_TEST(_name, _flags, measurement_test) + +static int measure(struct unit_test_state *uts) +{ + struct bootm_headers images; + const size_t size = 1024; + u8 *kernel; + u8 *initrd; + size_t i; + + kernel = malloc(size); + initrd = malloc(size); + + images.os.image_start = map_to_sysmem(kernel); + images.os.image_len = size; + + images.rd_start = map_to_sysmem(initrd); + images.rd_end = images.rd_start + size; + + images.ft_addr = malloc(size); + images.ft_len = size; + + env_set("bootargs", "measurement testing"); + + for (i = 0; i < size; ++i) { + kernel[i] = (u8)(0xf0 | (i & 0xf)); + initrd[i] = (u8)((i & 0xf0) | 0xf); + ((u8 *)images.ft_addr)[i] = (u8)(i & 0xff); + } + + ut_assertok(bootm_measure(&images)); + + free(images.ft_addr); + free(initrd); + free(kernel); + + return 0; +} +MEASUREMENT_TEST(measure, 0); + +int do_ut_measurement(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ + struct unit_test *tests = UNIT_TEST_SUITE_START(measurement_test); + const int n_ents = UNIT_TEST_SUITE_COUNT(measurement_test); + + return cmd_ut_category("measurement", "measurement_test_", tests, + n_ents, argc, argv); +} diff --git a/test/cmd_ut.c b/test/cmd_ut.c index 2736582f11..819031c0f8 100644 --- a/test/cmd_ut.c +++ b/test/cmd_ut.c @@ -100,6 +100,8 @@ static struct cmd_tbl cmd_ut_sub[] = { "", ""), U_BOOT_CMD_MKENT(bloblist, CONFIG_SYS_MAXARGS, 1, do_ut_bloblist, "", ""), + U_BOOT_CMD_MKENT(measurement, CONFIG_SYS_MAXARGS, 1, do_ut_measurement, + "", ""), U_BOOT_CMD_MKENT(bootm, CONFIG_SYS_MAXARGS, 1, do_ut_bootm, "", ""), #endif U_BOOT_CMD_MKENT(str, CONFIG_SYS_MAXARGS, 1, do_ut_str, "", ""),
Use the sandbox TPM driver to measure some boot images in a unit test case. $ ./u-boot -T -c "ut measurement" Running 1 measurement tests Test: measure: measurement.c Failures: 0 Signed-off-by: Eddie James <eajames@linux.ibm.com> --- arch/sandbox/dts/test.dts | 12 +++++++ configs/sandbox_defconfig | 1 + include/test/suites.h | 1 + test/boot/Makefile | 1 + test/boot/measurement.c | 66 +++++++++++++++++++++++++++++++++++++++ test/cmd_ut.c | 2 ++ 6 files changed, 83 insertions(+) create mode 100644 test/boot/measurement.c