From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CF63C432BE for ; Mon, 30 Aug 2021 07:34:21 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3D19660FA0 for ; Mon, 30 Aug 2021 07:34:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 3D19660FA0 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmx.de Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 4F7AC80612; Mon, 30 Aug 2021 09:34:17 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.b="c45v/6uW"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 35B0783349; Mon, 30 Aug 2021 09:34:15 +0200 (CEST) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id ACF0583349 for ; Mon, 30 Aug 2021 09:34:10 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=xypron.glpk@gmx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1630308849; bh=TurZh0FyKGIz/APFKROmwj8PvAmVBiNrtjbi+K4EWso=; h=X-UI-Sender-Class:Subject:To:Cc:References:From:Date:In-Reply-To; b=c45v/6uWk9/g/DDe3TSdMFhISOYj6V/WGqxQjxeGtXn2EkGGhHidcqOkUnAv6x0Cf QjyllhgvuOlpX1mTw61F/itxpj8tH6/aU4tqrCvxy7IrwYzmpdsi1q5PTaHpiG6IFq qr6WCA8dpG9CmjeQAqZjEGIF/u03yT/04QYbTKuo= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.123.55] ([88.152.144.157]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MulqN-1nCA660yWJ-00ro46; Mon, 30 Aug 2021 09:34:09 +0200 Subject: Re: sandbox TPM To: Ilias Apalodimas Cc: Simon Glass , U-Boot Mailing List , Peter Robinson References: From: Heinrich Schuchardt Message-ID: <094f53fa-b96c-0823-bcce-ddb1653a3ca2@gmx.de> Date: Mon, 30 Aug 2021 09:34:04 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:USfNzz5SvERgduC9vBMlcKpRIH0RuCzrl+LcHzLQQG8bDGtsj+A FBwjTWcUwWUZUxZQT0eqL/E3m3IxNp0Ch6VZLkpcdIZxefGjqa5MdMYgZsqh7bC3kaACRJw D0eXEtUCXgAV9zJa8HI5iT5f1K2M6d3yYTRpTCHhWVR40HFj2BwcOC6o6fkruTf49Jpf6fB 654UxgkfPpBv+xo9BgSww== X-UI-Out-Filterresults: notjunk:1;V03:K0:KQ8AyJH6HT8=:d3JErPX9J7gmB3THJ+3l5i hpzdyvh5Ri3BQpCxLWnvPtwfja/NdfSf0mn4+knPtFNZNe6WhCJRSXfK1y5Uj5b6Pk2JIuHv3 P+fjLBM2zcNyv1PkFDH0QouY+0AzehktemZ0cUIs+e7FdUp4YixTHYJzvrOahYQkxtlNURzgy GLbXQ/UTjngDd0lcIPHLZ1/x7+TdEZ4ZB5yMEgc/jEgVGA2RrORQv7ihwDfyuknErfhYQl9+3 7eHW67FAI3qbcXkNr1PgCB5ZniOwVpuk7s56sWp/CLlXoTkKNFmXTwZCuL+gyaO5Iax0IQsP9 0L+w1eumnquLD4Edh9jRU3yAA5ocPcyse86qWlUb5xZwX8mWw647MaCRWInAv5qZNk8HIHQoF IOW3HRAzeK5KcRKcCOi05Qa3DRU45SCWHvUcBj1ZaO01dUjs8clWjBhMkiqTo0Yb9mrlk0L4P 3SX308QWxHmjgPuSOvhCz8gS6N2oULj8VwPzwbGo1PzJZMBMBH7nJPbF/vXaIuPwZ0JyvWgIT VSPoDBf7Bws6F9iVPT1MgjHHlGtVe9qQxDTk3JjFKkFogj6xfSa2zrCzLxFMwEuYfw7PAPLFH 3kgXc51RH4CE6Fd3QJ+1WkRql+F/QI6VI27fQXdhC0lzrNVWsZuiyM1ViPooGHwQGm7/jAQud ZOkxtp5lt+yC14Dgr9Dezw5ameGskY+xTU5gGdY6Ta8Qooj90V3+uEezv4sIjJMcHaRue6iYf yu1EfCp5KLe6qg048pY9bglPh2ombTavCCf3ZL/7tGMspVODizoVO58P9wTVf0EQX1loebXmZ 5BhvjC6Rc5WdMd7PzdYfKBJmwi3Fm/41PsXsYR5VDk44xKCw+tnU2LR7ABr/dfkSiXvGV3Y9L uHCUx3EYklKs27OVKChRoxdt8o/2bTWla9WLMmzoGvDO645ZgEuEZc8c0UlyGf6O9Ftv9WEQp wMIYR8WV2JwrqfGl/kkF77yuZt7IcVBpI7ztxlBs/KWSn2CsMaVpuTKLnDDdPiYq0LdRjlJA1 u678tvjc+bR0noJY3K8R1lzB+BMiTiHZm33ej0V8T+0edegnvvkOOCNgXWKBuCuSHNc/YaLgx kWisUsc0Sqo7pD3DL2U2/oiimIBwkKBJG+VV0taGP19bB5VxcdIJUmG3g== X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On 8/30/21 8:10 AM, Ilias Apalodimas wrote: > On Sun, 29 Aug 2021 at 13:53, Peter Robinson wrot= e: >> >> On Sat, Aug 28, 2021 at 10:19 PM Simon Glass wrote: >>> >>> Hi Heinrich, >>> >>> On Sat, 28 Aug 2021 at 06:18, Heinrich Schuchardt = wrote: >>>> >>>> The current TPM emulation in drivers/tpm/tpm(2)_tis_sandbox.c is not >>>> spec compliant. @Simon Just have look at the bunch of TPM related error messages generated on the sandbox: =3D> host bind 0 ../sandbox.img =3D> load host 0:1 $kernel_addr_r EFI/grub/shimriscv64.efi 755200 bytes read in 5 ms (144 MiB/s) =3D> bootefi $kernel_addr_r Scanning disk mmc2.blk... No valid Btrfs found Bad magic number for SquashFS image. ** Unrecognized filesystem type ** Scanning disk mmc1.blk... No valid Btrfs found Bad magic number for SquashFS image. ** Unrecognized filesystem type ** Scanning disk mmc0.blk... No valid Btrfs found Bad magic number for SquashFS image. ** Unrecognized filesystem type ** Scanning disk host0... Found 5 disks Cannot install EFI_TCG2_PROTOCOL <<<<<<<<<<<<<<<<<<<<<<<<<<< "dfu_alt_info" env variable not defined! Probably dfu_alt_info not defined "dfu_alt_info" env variable not defined! Probably dfu_alt_info not defined Booting /EFI\grub\shimriscv64.efi PE image measurement failed <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< .sbat copied to 0x000000002ca7b000 .sbat =3D sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.m= d shim,1,UEFI shim,shim,1,https://github.com/rhboot/shim tcg2 measurement fails(0x8000000000000007) <<<<<<<<<<<<<<<< >>> >>> Do you mean it is incomplete or that it has bugs? If it is incomplete, >>> what is needed by U-Boot? > >>> >>>> >>>> A TPM emulation as UNIX socket exists with >>>> https://github.com/stefanberger/swtpm.git. QEMU already uses this emu= lator. >>>> >>>> Couldn't the sandbox do the same? I think this is the fastest way to = get >>>> a compliant sandbox TPM. >>> >>> Well we could if we need it. Are you sure it is a good idea? There is >>> a lot of code there. Are you thinking it would be copied into the >>> U-Boot tree and kept in sync with a script, perhaps? Presumably the >>> project would accept changes we need? >> >> qemu doesn't copy it in, why can't it just run independently as part >> of the CI process? The rust TPM2 bindings do that here: >> https://github.com/parallaxsecond/rust-tss-esapi/blob/main/tss-esapi/te= sts/all-fedora.sh#L13 > > Keep in mind this is exposed as an MMIIO device. I did send a driver > for it a while back [1]. In case we decide to use this, we can > probably re-use that > > [1] https://lore.kernel.org/u-boot/20210707162604.84196-1-ilias.apalodim= as@linaro.org/ > > Regards > /Ilias > Currently we don't test measured boot. I would prefer the tests to run on the sandbox and not in QEMU. This makes debugging much easier. Best regards Heinrich