Secdev driver #2
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit adds a hash library containing support for sha1 and sha2. Signed-off-by: Daniel P. Smith <[email protected]>
This commit adds the Kconfig for selecting the security hardware (secdev) framework. Signed-off-by: Daniel P. Smith <[email protected]>
This commit bring in the TPM driver code from tboot, commit 4a904a6, apply Xen coding style, and integrates with Xen's build. Signed-off-by: Daniel P. Smith <[email protected]>
Tboot, from which the code came, is only concerned for x86 systems. Typically on x86 systems, the TPM is accessed using the MMIO hardware interface for which there are two ABIs, FIFO and CRB. This commit looks to refactor the hardware interface logic to enable the ability to support other hardware interfaces, such as the Mobile TPM interface typically used on Arm. Signed-off-by: Daniel P. Smith <[email protected]>
The tboot environment did not have an accurate way of tracking time outs on access to the TPM hardware. As such, it relied on counting loops and using a multiplier factor to estimate amount of time a loop would take. Now that the code is under Xen, it can use the time functions to determine an accurate(ly) time out. Signed-off-by: Daniel P. Smith <[email protected]>
Adds secdev headers. Signed-off-by: Daniel P. Smith <[email protected]>
This commit adds a secdev interface callable by the secdev framework to detect the tpm and extend a commandline selectable PCR with a domain's measurements. Signed-off-by: Daniel P. Smith <[email protected]>
This commits move the initialization of a global primary into an commented out function. This is to reserve the logic for later use to create per domain key hierarchy. Signed-off-by: Daniel P. Smith <[email protected]>
Introduces the secdev framework with TPM being the first supported device. Signed-off-by: Daniel P. Smith <[email protected]>
This commit leverages the TPM driver to measure Dom0's kernel and initrd before the domain is contstructed. Signed-off-by: Daniel P. Smith <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The secdev-driver branch is part upstreamable and part RFC. Opening PR to facilitate review. Biggest todo is the commit that adds measuring dom0. This needs to be rewritten to comply with the SLRT measurement policy.