Tags

A few changes for the TPM subsystem wrt to EventLong creation and measurements.

Generally speaking it's insecure for a TPM to not cap all the active PCRs
when performing measurements.
Up to now we had code querying the active PCR banks on the fly and reason
whether it should perform a measurement or not. Since a TPM requires a reset
to change the active PCR banks, it's easier and faster to store them in an
array in the device private data and check against that.

This relates to an interesting feature some bootloaders have. For example
TF-A can't extend a PCR since it has no TPM drivers, but can produce an
EventLog that U-Boot can replay on the hardware once that comes up.
The supported hash algorithms of the TF-A generated Eventlog are generated
at compile time. When trying to replay an EventLog the TPM active PCR banks
and the created EventLog algorithms must agree. We used to report an error
but that changed in commit 97707f12fdab ("tpm: Support boot measurements").

This PR also brings up the old behavior and an error is reported now while
printing a human readable list of the mismatched algorithms.

Two fixes for the EFI subsystem coming via the TPM tree as agreed by Heinrich

The LMB patch fixes a failure in SystemReady testing. Nothing bad happens
without the patch in the device operation, but the return values are wrong
and SCT tests fail for MemoryAllocationServicesTest category.

The second is a shielding the device against mistakes in the definition of
struct fields needed by the capsule update mechanism. Instead of crashing,
print a humna readable message of what's wrong.

Two changes from Heinrich.
One is adding some missing TPM files for proper maintenance.
The second addresses Coverity-ID: 356664 replacing a mempcy()
which has undefined behavior with memmove()

This PR contains various improvements in the A/B update logic for EFI

- Read both copies of metadata, in case one of the is corrupted
- Check the metadata version against the running firmware to make sure it's
  allowed
- Limit the use of a revert capsule if the board is on a trial state and
  make sure it's not applied if the max counter has expired

Back when the TPM subsystem was refactored tpm_tis_wait_init() ended up
being called after tpm_tis_init() which initializes values the former needs.

Since we added more TPM chipsets since then sitting on an i2c bus, this patch
folds in tpm_tis_wait_init into tpm_tis_init and makes sure it's called in the
right order regardless of the bus the TPM sits on.

When the EFI TCG measurement code moved from EFI to the TPM subsystem for
general use some prototypes changed from returning efi_status_t to int,
which is more appropriate for the non-EFI APIs. However, some of the
EFI callsites never changed and we ended up assigning the int value to
efi_status_t.

This is unlikely to cause any problems, apart from returning invalid
values on failures and violating the EFI spec.

TPM fixes

Minor changes on this PR.
Igor added some orphaned OP-TEE related files on the proper section
of MAINTAINERS and fixed a potential buffer overflow in tee-sandbox

optee_fixes_cleanups

tpm_tis_send-cleanup

efi_http_boot

bootX measurements and measurement API moved to u-boot core

tpm autostart

adjust maintainers

TPM auto startup and testing

TPM auto startup and testing

TPM fixes and state reporting

OP-TEE autodiscovery

fTPM privileged login

TPM fixes and state reporting