[Skiboot] [PATCH 00/15] libstb: Advance TSS and mbedtls infrastructure.

Mauro S. M. Rodrigues maurosr at linux.vnet.ibm.com
Sat Jan 25 11:14:55 AEDT 2020

The previous TSS infrastructure code in skiboot, although correct, was only
enough for some fundamental TCG software stack operations, like PCR extend and
eventlog, and other TSB work like secvar requires broader infrastructure.

In patches 6 to 14 we introduced and switch to a complete TSS implementation,
supporting the previously existent operations, like PCR Extend, PCR Read and
EventLog for measurement, and including a new set of basic operations, until
we're able to remote the old implementation at patch 15.

For mbedtls it's a similar tale: additional support is necessary, like x509, and
such things are too tight to their original code base which makes too much
complicated to cherry-pick specific bits, and even harder to keep track on the
security aspects of it, like backporting security fixes, so it was decided to
bring the full implementation here.

This patch series introduces both TSS and mbedtls as subtrees, which diminishes
the maintenance burden at skiboot size since we can now rely on external
implementations of TSS and tls.

Note: Right now the following patch:

[PATCH 06/15] Squashed 'libstb/tss2/ibmtpm20tss/' content from commit

creates a subtree based on non-official tree (at
https://github.com/maurorodrigues/ibmtpm20tss branch maurosr/v4-tss-skiboot),
containing additional patches to support eventlog implementaion, which are
currently under review process to be merged in the official tree at
https://git.code.sf.net/p/ibmtpm20tss/tss, we plan to tie this subtree to the
official tree, but for review purposes we can use the temporary non-official
tree mentioned.

For mbedtls subtree it was used the follow git repository
https://github.com/ARMmbed/mbedtls tag: mbedtls-2.16.2

Eric Richter (2):
  crypto/mbedtls: disable unnecessary features to shrink size
  libstb: remove old mbedtls files

Mauro S. M. Rodrigues (12):
  Squashed 'libstb/crypto/mbedtls/' content from commit 7a03e1cbf
  crypto: add mbedtls build integration via git subtree
  Squashed 'libstb/tss2/ibmtpm20tss/' content from commit c0290205e
  DO NOT MERGE: Remove weror from compilation temporarily
  libstb/tss2: Add Build infrastructure for tss2
  TPM/TSS: Register TPM chip for further use within TSS
  libstb/tss2: Add multiple TSS wrapping functions
  libstb/trustedboot: Introduce new eventlog implementation
  mbedtls: Compile with MBEDTLS_AES_C and MBEDTLS_CIPHER_MODE_CFB
  Introduce tsscryptombed
  Switchover to new implementation of PCR Read/Extend and Eventlog
  TSS/Trustedboot: Remove old tss implementation

Nayna Jain (1):
  crypto: add out-of-tree mbedtls pkcs7 parser


More information about the Skiboot mailing list