[Skiboot] [PATCH 00/15] libstb: Advance TSS and mbedtls infrastructure.
maurosr at linux.vnet.ibm.com
Tue Jan 28 05:18:43 AEDT 2020
On Sat, Jan 25, 2020 at 07:18:41PM -0800, Stewart Smith wrote:
> On Fri, Jan 24, 2020, at 4:14 PM, Mauro S. M. Rodrigues wrote:
> > The previous TSS infrastructure code in skiboot, although correct, was only
> > enough for some fundamental TCG software stack operations, like PCR extend and
> > eventlog, and other TSB work like secvar requires broader infrastructure.
> > In patches 6 to 14 we introduced and switch to a complete TSS implementation,
> > supporting the previously existent operations, like PCR Extend, PCR Read and
> > EventLog for measurement, and including a new set of basic operations, until
> > we're able to remote the old implementation at patch 15.
> > For mbedtls it's a similar tale: additional support is necessary, like x509, and
> > such things are too tight to their original code base which makes too much
> > complicated to cherry-pick specific bits, and even harder to keep track on the
> > security aspects of it, like backporting security fixes, so it was decided to
> > bring the full implementation here.
> > This patch series introduces both TSS and mbedtls as subtrees, which diminishes
> > the maintenance burden at skiboot size since we can now rely on external
> > implementations of TSS and tls.
> > Note: Right now the following patch:
> > [PATCH 06/15] Squashed 'libstb/tss2/ibmtpm20tss/' content from commit
> > creates a subtree based on non-official tree (at
> > https://github.com/maurorodrigues/ibmtpm20tss branch maurosr/v4-tss-skiboot),
> > containing additional patches to support eventlog implementaion, which are
> > currently under review process to be merged in the official tree at
> > https://git.code.sf.net/p/ibmtpm20tss/tss, we plan to tie this subtree to the
> > official tree, but for review purposes we can use the temporary non-official
> > tree mentioned.
> SF is a bit of a red flag.
> Possibly a good idea to mirror it at github.com/open-power/ so no matter what happens with upstream there's a copy.
Thanks for your review. Just out of curiosity, SF can be a red flag by
itself, perhaps because its availability, or we just don't want to rely
on external parties other than github?
Either way, mirroring the repositories is probably a last step before
this series gets merged, right? And it requires one of the open-power
organization's owners in github to perform it, right?
> > For mbedtls subtree it was used the follow git repository
> > https://github.com/ARMmbed/mbedtls tag: mbedtls-2.16.2
> Probably also a good idea to have an open-power mirror.
> Skiboot mailing list
> Skiboot at lists.ozlabs.org
More information about the Skiboot