Tartarus changed the topic of #u-boot to: SOURCE MOVED TO https://source.denx.de/u-boot/u-boot.git / U-Boot v2024.04, v2024.07-rc4 are OUT / Merge Window is CLOSED, next branch is OPEN / Release v2024.07 is scheduled for 01 July 2024 / Channel archives at https://libera.irclog.whitequark.org/u-boot
goliath has quit [Quit: SIGSEGV]
zibolo has quit [Ping timeout: 246 seconds]
zibolo has joined #u-boot
mmu_man has quit [Ping timeout: 252 seconds]
rvalue has quit [Ping timeout: 255 seconds]
Jones42_ has joined #u-boot
Jones42 has quit [Ping timeout: 240 seconds]
jclsn has quit [Ping timeout: 256 seconds]
jclsn has joined #u-boot
naoki has quit [Quit: naoki]
rvalue has joined #u-boot
Clamor has joined #u-boot
Clamor has quit [Read error: Connection reset by peer]
Clamor has joined #u-boot
stefanro has joined #u-boot
stefanro has quit [Quit: Leaving.]
enok has joined #u-boot
monstr has joined #u-boot
enok has quit [Quit: enok]
enok has joined #u-boot
monstr has quit [Ping timeout: 252 seconds]
naoki has joined #u-boot
mmu_man has joined #u-boot
mckoan|away is now known as mckoan
mmu_man has quit [Ping timeout: 252 seconds]
sszy has joined #u-boot
naoki has quit [Quit: naoki]
enok has quit [Ping timeout: 252 seconds]
prabhakalad has quit [Quit: Konversation terminated!]
prabhakalad has joined #u-boot
mmu_man has joined #u-boot
mmu_man has quit [Ping timeout: 264 seconds]
Clamor has quit [Ping timeout: 252 seconds]
Clamor has joined #u-boot
slobodan has joined #u-boot
goliath has joined #u-boot
mckoan is now known as mckoan|away
slobodan has quit [Ping timeout: 268 seconds]
030AAAAAD has quit [Ping timeout: 264 seconds]
mmu_man has joined #u-boot
dawids has joined #u-boot
Clamor has quit [Ping timeout: 256 seconds]
Clamor has joined #u-boot
FergusL has left #u-boot [#u-boot]
dawids has quit [Quit: Leaving]
rvalue has quit [Read error: Connection reset by peer]
rvalue has joined #u-boot
mmu_man has quit [Ping timeout: 272 seconds]
ldevulder has joined #u-boot
dsimic has quit [Ping timeout: 272 seconds]
dsimic has joined #u-boot
matthias_bgg has quit [Quit: Leaving]
wooosaiiii has quit [Quit: wooosaiiii]
ldevulder has quit [Quit: Leaving]
jfsimon1981 has joined #u-boot
naoki has joined #u-boot
persmule_ has joined #u-boot
persmule_ has quit [Remote host closed the connection]
wooosaiiii has joined #u-boot
grs has joined #u-boot
Jones42__ has joined #u-boot
Jones42_ has quit [Ping timeout: 252 seconds]
naoki has quit [Quit: naoki]
dsimic has quit [Ping timeout: 252 seconds]
grs has quit [Quit: grs]
dsimic has joined #u-boot
dsimic has quit [Ping timeout: 260 seconds]
jfsimon1981_b has joined #u-boot
jfsimon1981 has quit [Read error: Connection reset by peer]
Stat_headcrabed has joined #u-boot
jfsimon1981_b has quit [Remote host closed the connection]
jfsimon1981_b has joined #u-boot
dsimic has joined #u-boot
thopiekar has quit [Ping timeout: 255 seconds]
thopiekar has joined #u-boot
Stat_headcrabed has quit [Quit: Stat_headcrabed]
crb_ has joined #u-boot
lixkel has quit [Quit: WeeChat 4.3.2]
crb__ has joined #u-boot
crb_ has quit [Read error: Connection reset by peer]
crb__ has quit [Ping timeout: 264 seconds]
crb_ has joined #u-boot
mmu_man has joined #u-boot
mmu_man has quit [Ping timeout: 252 seconds]
pgreco_ has joined #u-boot
umbramalison has quit [Quit: %So long and thanks for all the fish%]
pgreco has quit [Ping timeout: 264 seconds]
Jones42__ is now known as Jones42
<apalos> sjg1: on the tpm stuff
<apalos> You are basically telling us
<apalos> "hey instead of disabling 1 command from the Kconfig command line for the boards that the size grew"
<apalos> "lets add config options that can make the TPM completely broken and exploitable"
<apalos> "because we always allow configuration in u-boot"
<apalos> 1 command == any other random command
<apalos> and as i said on my email, it's a far more difficult problem to solve elegantly if you factor in a first stage loader
persmule has quit [Remote host closed the connection]
persmule has joined #u-boot
Stat_headcrabed has joined #u-boot
Stat_headcrabed has quit [Client Quit]
alexxy has quit [Quit: No Ping reply in 180 seconds.]
alexxy has joined #u-boot
sszy has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
slobodan has joined #u-boot
umbramalison has joined #u-boot
umbramalison has quit [Client Quit]
umbramalison has joined #u-boot
Danct12 has quit [Quit: ZNC 1.9.0 - https://znc.in]
Danct12 has joined #u-boot
<sjg1> apalos: I am not trying to break anything. Why would I want to do that?
<apalos> sjg1: we mentioned it a few times
<apalos> If the tpm tries to extend stuff and the algos are not there you are creating potential holes
<apalos> Anyway I am on the road, I'll have a look next wekk probably
<apalos> It's only the chromebook you mention that breaks?
<apalos> (and I am obviously not suggesting you are trying to break stuff on purpose if thats not already clear)
<sjg1> Yes just that Chromebook, but I'm not keen on the idea that enabling the tpm unconditionally adds these algos. I spent ages getting the hash stuff down to a reasonable and configurable size...now we just ignore it. If the tpm tries to extend and the algo is not available, it should fail, not blinding continue
<sjg1> apalos: *blindly
<apalos> but the tpm knows nothing about it
slobodan has quit [Read error: Connection reset by peer]
<apalos> *you* calculate the checksum you extend
<apalos> the tpmn only writes the results in some registers
<apalos> So if you dont have support for the algorithms it's configured those banks will probably end up with ll 0s
<apalos> all 0s*
slobodan has joined #u-boot
<apalos> so in order to do what you want, we need to check what the tpm has configured and try to figure out what we gave available....
<apalos> and then faiul *what*?
<apalos> the command? Booting?
<sjg1> Yes, fail booting. Otherwise it would create a security hole. The case is already covered by the 'select's in Kconfig, for the measured boot, etc. We are only talking about the case where that is not enabled, but we want to have a tpm command that works
Clamor has quit [Ping timeout: 260 seconds]
eballetbo has quit [Quit: Connection closed for inactivity]
Clamor has joined #u-boot
<apalos> ok,
<apalos> I think I can fix that
Clamor has quit [Read error: Connection reset by peer]
<apalos> sjg1: kind of unrelated to the above but
<apalos> I have a cleanup series for efi measured boot. When the code was moved out of EFI to the tpm some things got duplicated
<apalos> I have internal tests that run on buildbot & qemu to test the changes
<apalos> but we should those tests to QEMU and the u-boot CI
<apalos> I'll ping on how to do that
<apalos> I'll send the series next week probably
<apalos> also moving all to common/hash.c isnt too realistic
<apalos> but we define the shaX lengths in 3-4 diferent places,
<apalos> that *can* be cleaned up, I'll see what I can do about that
<sjg1> apalos: OK SGTM
pbsds34 has joined #u-boot
pbsds3 has quit [Ping timeout: 268 seconds]
pbsds34 is now known as pbsds3
naoki has joined #u-boot
tec has quit [Quit: bye!]
tec has joined #u-boot
slobodan has quit [Read error: Connection reset by peer]
slobodan_ has joined #u-boot
polprog has quit [Remote host closed the connection]
<apalos> sjg1: its a bit messy...
<apalos> Not the idea the idea doanle, but look at cmd/tpm-v1.c
<apalos> It sometime calls tpm1_xxx functions from the API
<apalos> while other times it calles the tpm_xxx wrappers from the API...
<apalos> so for example the tpm command instead of doing tpm1.x right now randnly workss on tpmv2s as well
<apalos> the tpm-v2 seems more consistent
<apalos> we got 2 options here
<apalos> we either unify the tpm command and always call the API
<apalos> or we split them and always call tpm1_xx and tpm2_xx explicitly
polprog has joined #u-boot
logicalerzor has joined #u-boot
slobodan_ has quit [Ping timeout: 264 seconds]
<logicalerzor> i find it quite strange that ‘# CONFIG_DISPLAY_CPUINFO is not set’ is needed in order to compile qcom_defconfig. didnt expect a comment to be neccessary tbh :P