Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secdev driver #2

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Secdev driver #2

wants to merge 10 commits into from

Conversation

dpsmith
Copy link
Contributor

@dpsmith dpsmith commented Jun 20, 2023

The secdev-driver branch is part upstreamable and part RFC. Opening PR to facilitate review. Biggest todo is the commit that adds measuring dom0. This needs to be rewritten to comply with the SLRT measurement policy.

dpsmith added 10 commits June 20, 2023 17:57
This commit adds a hash library containing support for sha1 and sha2.

Signed-off-by: Daniel P. Smith <[email protected]>
This commit adds the Kconfig for selecting the security hardware (secdev)
framework.

Signed-off-by: Daniel P. Smith <[email protected]>
This commit bring in the TPM driver code from tboot, commit 4a904a6, apply Xen
coding style, and integrates with Xen's build.

Signed-off-by: Daniel P. Smith <[email protected]>
Tboot, from which the code came, is only concerned for x86 systems. Typically
on x86 systems, the TPM is accessed using the MMIO hardware interface for
which there are two ABIs, FIFO and CRB.

This commit looks to refactor the hardware interface logic to enable the
ability to support other hardware interfaces, such as the Mobile TPM interface
typically used on Arm.

Signed-off-by: Daniel P. Smith <[email protected]>
The tboot environment did not have an accurate way of tracking time outs
on access to the TPM hardware. As such, it relied on counting loops and
using a multiplier factor to estimate amount of time a loop would take.
Now that the code is under Xen, it can use the time functions to
determine an accurate(ly) time out.

Signed-off-by: Daniel P. Smith <[email protected]>
Adds secdev headers.

Signed-off-by: Daniel P. Smith <[email protected]>
This commit adds a secdev interface callable by the secdev framework to detect
the tpm and extend a commandline selectable PCR with a domain's measurements.

Signed-off-by: Daniel P. Smith <[email protected]>
This commits move the initialization of a global primary into an commented out
function. This is to reserve the logic for later use to create per domain key
hierarchy.

Signed-off-by: Daniel P. Smith <[email protected]>
Introduces the secdev framework with TPM being the first supported device.

Signed-off-by: Daniel P. Smith <[email protected]>
This commit leverages the TPM driver to measure Dom0's kernel and initrd before
the domain is contstructed.

Signed-off-by: Daniel P. Smith <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant