[PATCH 0/3] Trusted Boot: Boot Policy Measurement.

Samuel Mendoza-Jonas sam at mendozajonas.com
Fri Jun 3 15:39:13 AEST 2016


On Thu, Jun 02, 2016 at 05:56:55AM -0400, Nayna Jain wrote:
> Overview:
> ==========
> * Adds boot policy configuration measurement in bootloader
> to support Trusted Boot.
> * Trusted Boot is implemented in compliance with TCG Specification
> for TPM 2.0 family.
> * TCG Specification describes about which PCRs to be used
> for recording specific measurements.
> * As per the spec, PCR 5 is used for recording boot policies.
> * This patch measures all boot config parameters as consumed
> by petitboot.

Hi Nayna,

I've been hearing about work on Secure Boot recently, good to see it's
making progress!
I'm not completely across the full design or intent yet, can you please
link me to some documents or planning that go over it? (Internal or
External).

> 
> TBD:
> ====
> Following items are still TBD and will be submitted as different patch.
> 
> * Handling of error paths - Currently, it just logs the error paths
> and actual handling will be submitted as another patch.
> * Extend to TPM - The implementation of this function is experimental
> and is bound to change.

It sounds like this series is more of an RFC - at first look it seems to
lay some of the groundwork but doesn't actually go the whole way. I'll
especially be wanting to see real error handling before merging
anything. I'll add some comments in the following patches.

> 
> Nayna Jain (3):
>   lib/types : Adds function to return struct config as string
>   lib/security: New lib for security functions.
>   discover/pb-discover.c:Initialize security context.
> 
>  discover/Makefile.am         |  4 ++-
>  discover/pb-discover.c       |  9 ++++++
>  discover/pb-secure.c         | 69 ++++++++++++++++++++++++++++++++++++++++
>  discover/pb-secure.h         | 17 ++++++++++
>  lib/Makefile.am              |  6 +++-
>  lib/security/crypto.c        | 73 ++++++++++++++++++++++++++++++++++++++++++
>  lib/security/crypto.h        | 22 +++++++++++++
>  lib/security/tpmOperations.c | 72 ++++++++++++++++++++++++++++++++++++++++++
>  lib/security/tpmOperations.h | 18 +++++++++++
>  lib/types/types.c            | 75 ++++++++++++++++++++++++++++++++++++++++++++
>  lib/types/types.h            |  3 ++
>  11 files changed, 366 insertions(+), 2 deletions(-)
>  create mode 100644 discover/pb-secure.c
>  create mode 100644 discover/pb-secure.h
>  create mode 100644 lib/security/crypto.c
>  create mode 100644 lib/security/crypto.h
>  create mode 100644 lib/security/tpmOperations.c
>  create mode 100644 lib/security/tpmOperations.h
> 
> -- 
> 2.5.0
> 
> _______________________________________________
> Petitboot mailing list
> Petitboot at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/petitboot



More information about the Petitboot mailing list