Skip to content

v4.2.0
Compare
Choose a tag to compare
@github-actions github-actions released this 29 Aug 14:05
· 319 commits to refs/heads/main since this release
v4.2.0
0ff6479
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

🚀 Features & ✨ Enhancements

  • QemuQ35Pkg: Integrate TPM Replay feature @makubacki (#678)
    Change Details
      Closes #677

    Description

    This feature enables experimentation with controlling the TPM
    measurements made by firmware. It allows a developer to craft
    a TPM event log and have the replayed during boot. It is disabled
    by default.

    General feature information is available in its readme:

    https://github.com/microsoft/mu_plus/blob/HEAD/TpmTestingPkg/TpmReplayPei/Readme.md

    It is currently only planned to be used QemuQ35Pkg. It could be
    enabled in QemuSbsaPkg in the future if there is interest.

    Details about the feature in the context of QEMU, are described in
    Platforms/Docs/Q35/Features/feature_tpm_replay.md in this change.

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    • Input YAML to binary
    • Input JSON to binary
    • Input binary to YAML
    • Replay events on QEMU Q35 to PCRs
    • Verify event log in OS against the input file

    Integration Instructions

    See feature_tpm_replay.md.

    Enable the feature in QemuQ35Pkg in the DSC file:

      DEFINE TPM_REPLAY_ENABLED = TRUE

    Or, as a stuart_build argument:

    > stuart_build -c Platforms/QemuQ35Pkg/PlatformBuild.py --flashrom TOOL_CHAIN_TAG=GCC5 BLD_*_TPM_ENABLE=TRUE \
               BLD_*_TPM_ENABLE=TRUE TPM_DEV=/tmp/mytpm1/swtpm-sock

    Then, follow instructions to create the TPM Replay
    event log and load it.



📖 Documentation Updates

  • QemuQ35Pkg: Integrate TPM Replay feature @makubacki (#678)
    Change Details
      Closes #677

    Description

    This feature enables experimentation with controlling the TPM
    measurements made by firmware. It allows a developer to craft
    a TPM event log and have the replayed during boot. It is disabled
    by default.

    General feature information is available in its readme:

    https://github.com/microsoft/mu_plus/blob/HEAD/TpmTestingPkg/TpmReplayPei/Readme.md

    It is currently only planned to be used QemuQ35Pkg. It could be
    enabled in QemuSbsaPkg in the future if there is interest.

    Details about the feature in the context of QEMU, are described in
    Platforms/Docs/Q35/Features/feature_tpm_replay.md in this change.

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    • Input YAML to binary
    • Input JSON to binary
    • Input binary to YAML
    • Replay events on QEMU Q35 to PCRs
    • Verify event log in OS against the input file

    Integration Instructions

    See feature_tpm_replay.md.

    Enable the feature in QemuQ35Pkg in the DSC file:

      DEFINE TPM_REPLAY_ENABLED = TRUE

    Or, as a stuart_build argument:

    > stuart_build -c Platforms/QemuQ35Pkg/PlatformBuild.py --flashrom TOOL_CHAIN_TAG=GCC5 BLD_*_TPM_ENABLE=TRUE \
               BLD_*_TPM_ENABLE=TRUE TPM_DEV=/tmp/mytpm1/swtpm-sock

    Then, follow instructions to create the TPM Replay
    event log and load it.



🛠️ Submodule Updates

  • Bump MU\_BASECORE from 2023020003.0.0 to 2023020003.0.1 @ProjectMuBot (#680)
    Change Details
      Bumps MU_BASECORE from `2023020003.0.0` to `2023020003.0.1`

    Introduces 1 new commits in MU_BASECORE.

    Commits
    • e8f85c Fix Python logging.warn() deprecation warnings (#537)

    Signed-off-by: Project Mu Bot [email protected]



Full Changelog: v4.1.3...v4.2.0

Contributors

makubacki and ProjectMuBot
Assets 7
Loading