[meta-security] tpm: Enable Measured Boot in U-Boot

Measured Boot is the term used to describe the process of securely
recording and computing hashes of code and critical data at each stage
in the boot chain prior to their use.

These measurements can be employed by other system components to
establish a comprehensive attestation system. For example, they could be
employed to enforce local attestation policies (such as the release of
specific platform keys) or to securely transmit them to a remote
challenger, also known as a verifier, post-boot to verify the condition
of the code and critical data.

Measured launch does not authenticate the code or critical data; rather,
it records the code or critical data that was present on the system
during boot.

Initially, the TPM measures the BIOS/EFI layer in the fundamental flow.
This measurement involves the generation of a cryptographic hash of the
binary image and the verification of the binary instructions that this
layer will execute. The TPM stores the generated hash in one of the
numerous "slots" in the Platform Configuration Register (PCR). The TPM
or entities external to the TPM can read these portions of memory at a
later time; however, they are unalterable once they have been written.
These memory pieces are protected by integrity protection from the
instant they are first written. This guarantees that the value written
to a PCR by the TPM will remain constant for the duration of the system,
unless the system is powered off or rebooted.

Signed-off-by: Javier Tia <javier.tia@linaro.org>
---
 meta-tpm/recipes-bsp/u-boot/u-boot/measured-boot.cfg | 6 ++++++
 meta-tpm/recipes-bsp/u-boot/u-boot_%.bbappend        | 3 +++
 2 files changed, 9 insertions(+)
 create mode 100644 meta-tpm/recipes-bsp/u-boot/u-boot/measured-boot.cfg
 create mode 100644 meta-tpm/recipes-bsp/u-boot/u-boot_%.bbappend

On Fri, 25 Oct 2024 at 00:23, Javier Tia <javier.tia@linaro.org> wrote:
>
> Measured Boot is the term used to describe the process of securely
> recording and computing hashes of code and critical data at each stage
> in the boot chain prior to their use.
>
> These measurements can be employed by other system components to
> establish a comprehensive attestation system. For example, they could be
> employed to enforce local attestation policies (such as the release of
> specific platform keys) or to securely transmit them to a remote
> challenger, also known as a verifier, post-boot to verify the condition
> of the code and critical data.
>
> Measured launch does not authenticate the code or critical data; rather,
> it records the code or critical data that was present on the system
> during boot.
>
> Initially, the TPM measures the BIOS/EFI layer in the fundamental flow.
> This measurement involves the generation of a cryptographic hash of the
> binary image and the verification of the binary instructions that this
> layer will execute. The TPM stores the generated hash in one of the
> numerous "slots" in the Platform Configuration Register (PCR). The TPM
> or entities external to the TPM can read these portions of memory at a
> later time; however, they are unalterable once they have been written.
> These memory pieces are protected by integrity protection from the
> instant they are first written. This guarantees that the value written
> to a PCR by the TPM will remain constant for the duration of the system,
> unless the system is powered off or rebooted.
>
> Signed-off-by: Javier Tia <javier.tia@linaro.org>
> ---
>  meta-tpm/recipes-bsp/u-boot/u-boot/measured-boot.cfg | 6 ++++++
>  meta-tpm/recipes-bsp/u-boot/u-boot_%.bbappend        | 3 +++
>  2 files changed, 9 insertions(+)
>  create mode 100644 meta-tpm/recipes-bsp/u-boot/u-boot/measured-boot.cfg
>  create mode 100644 meta-tpm/recipes-bsp/u-boot/u-boot_%.bbappend
>
> diff --git a/meta-tpm/recipes-bsp/u-boot/u-boot/measured-boot.cfg b/meta-tpm/recipes-bsp/u-boot/u-boot/measured-boot.cfg
> new file mode 100644
> index 0000000..76c51ea
> --- /dev/null
> +++ b/meta-tpm/recipes-bsp/u-boot/u-boot/measured-boot.cfg
> @@ -0,0 +1,6 @@
> +CONFIG_TPM=y
> +CONFIG_TPM_RNG=y
> +CONFIG_CMD_TPM=y
> +CONFIG_TPM2_MMIO=y
> +CONFIG_TPM2_TIS_SPI=y
> +CONFIG_TPM2_FTPM_TEE=y
> \ No newline at end of file
> diff --git a/meta-tpm/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-tpm/recipes-bsp/u-boot/u-boot_%.bbappend
> new file mode 100644
> index 0000000..c5d2923
> --- /dev/null
> +++ b/meta-tpm/recipes-bsp/u-boot/u-boot_%.bbappend
> @@ -0,0 +1,3 @@
> +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
> +
> +SRC_URI += "${@bb.utils.contains("MACHINE_FEATURES", "measured-boot", "file://measured-boot.cfg", "", d)}"
> \ No newline at end of file
> --
> 2.47.0
>

FWIW
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Hi,

On 10/25/24 4:12 AM, Ilias Apalodimas wrote:
> On Fri, 25 Oct 2024 at 00:23, Javier Tia <javier.tia@linaro.org> wrote:
>>
>> Measured Boot is the term used to describe the process of securely
>> recording and computing hashes of code and critical data at each stage
>> in the boot chain prior to their use.
>>
>> These measurements can be employed by other system components to
>> establish a comprehensive attestation system. For example, they could be
>> employed to enforce local attestation policies (such as the release of
>> specific platform keys) or to securely transmit them to a remote
>> challenger, also known as a verifier, post-boot to verify the condition
>> of the code and critical data.
>>
>> Measured launch does not authenticate the code or critical data; rather,
>> it records the code or critical data that was present on the system
>> during boot.
>>
>> Initially, the TPM measures the BIOS/EFI layer in the fundamental flow.
>> This measurement involves the generation of a cryptographic hash of the
>> binary image and the verification of the binary instructions that this
>> layer will execute. The TPM stores the generated hash in one of the
>> numerous "slots" in the Platform Configuration Register (PCR). The TPM
>> or entities external to the TPM can read these portions of memory at a
>> later time; however, they are unalterable once they have been written.
>> These memory pieces are protected by integrity protection from the
>> instant they are first written. This guarantees that the value written
>> to a PCR by the TPM will remain constant for the duration of the system,
>> unless the system is powered off or rebooted.
>>
>> Signed-off-by: Javier Tia <javier.tia@linaro.org>
>> ---
>>   meta-tpm/recipes-bsp/u-boot/u-boot/measured-boot.cfg | 6 ++++++
>>   meta-tpm/recipes-bsp/u-boot/u-boot_%.bbappend        | 3 +++
>>   2 files changed, 9 insertions(+)
>>   create mode 100644 meta-tpm/recipes-bsp/u-boot/u-boot/measured-boot.cfg
>>   create mode 100644 meta-tpm/recipes-bsp/u-boot/u-boot_%.bbappend
>>
>> diff --git a/meta-tpm/recipes-bsp/u-boot/u-boot/measured-boot.cfg b/meta-tpm/recipes-bsp/u-boot/u-boot/measured-boot.cfg
>> new file mode 100644
>> index 0000000..76c51ea
>> --- /dev/null
>> +++ b/meta-tpm/recipes-bsp/u-boot/u-boot/measured-boot.cfg
>> @@ -0,0 +1,6 @@
>> +CONFIG_TPM=y
>> +CONFIG_TPM_RNG=y
>> +CONFIG_CMD_TPM=y
>> +CONFIG_TPM2_MMIO=y
>> +CONFIG_TPM2_TIS_SPI=y
>> +CONFIG_TPM2_FTPM_TEE=y
>> \ No newline at end of file
>> diff --git a/meta-tpm/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-tpm/recipes-bsp/u-boot/u-boot_%.bbappend
>> new file mode 100644
>> index 0000000..c5d2923
>> --- /dev/null
>> +++ b/meta-tpm/recipes-bsp/u-boot/u-boot_%.bbappend
>> @@ -0,0 +1,3 @@
>> +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
>> +
>> +SRC_URI += "${@bb.utils.contains("MACHINE_FEATURES", "measured-boot", "file://measured-boot.cfg", "", d)}"
>> \ No newline at end of file
>> --
>> 2.47.0
>>
> 
> FWIW
> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Applied in patch series v1. Thanks,

» Javier Tia