[Skiboot] [PATCH 00/15] libstb: Advance TSS and mbedtls infrastructure.
stewart at flamingspork.com
Sun Jan 26 14:18:41 AEDT 2020
On Fri, Jan 24, 2020, at 4:14 PM, Mauro S. M. Rodrigues wrote:
> The previous TSS infrastructure code in skiboot, although correct, was only
> enough for some fundamental TCG software stack operations, like PCR extend and
> eventlog, and other TSB work like secvar requires broader infrastructure.
> In patches 6 to 14 we introduced and switch to a complete TSS implementation,
> supporting the previously existent operations, like PCR Extend, PCR Read and
> EventLog for measurement, and including a new set of basic operations, until
> we're able to remote the old implementation at patch 15.
> For mbedtls it's a similar tale: additional support is necessary, like x509, and
> such things are too tight to their original code base which makes too much
> complicated to cherry-pick specific bits, and even harder to keep track on the
> security aspects of it, like backporting security fixes, so it was decided to
> bring the full implementation here.
> This patch series introduces both TSS and mbedtls as subtrees, which diminishes
> the maintenance burden at skiboot size since we can now rely on external
> implementations of TSS and tls.
> Note: Right now the following patch:
> [PATCH 06/15] Squashed 'libstb/tss2/ibmtpm20tss/' content from commit
> creates a subtree based on non-official tree (at
> https://github.com/maurorodrigues/ibmtpm20tss branch maurosr/v4-tss-skiboot),
> containing additional patches to support eventlog implementaion, which are
> currently under review process to be merged in the official tree at
> https://git.code.sf.net/p/ibmtpm20tss/tss, we plan to tie this subtree to the
> official tree, but for review purposes we can use the temporary non-official
> tree mentioned.
SF is a bit of a red flag.
Possibly a good idea to mirror it at github.com/open-power/ so no matter what happens with upstream there's a copy.
> For mbedtls subtree it was used the follow git repository
> https://github.com/ARMmbed/mbedtls tag: mbedtls-2.16.2
Probably also a good idea to have an open-power mirror.
More information about the Skiboot