From patchwork Mon Dec  8 02:32:03 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@u-boot.org>
X-Patchwork-Id: 57
Return-Path: <concept-bounces+u-boot-concept=u-boot.org@u-boot.org>
X-Original-To: u-boot-concept@u-boot.org
Delivered-To: u-boot-concept@u-boot.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1765161165;
	bh=1W+vOEa+H6moOcwtfHaGrQ9RqRlqLhztNQej5QGKaNg=;
	h=From:To:Date:CC:Subject:List-Id:List-Archive:List-Help:List-Owner:
	 List-Post:List-Subscribe:List-Unsubscribe:From;
	b=mSGl784kNlVGnhW0R1+2wM/Ih8kL3iRcsoIdzhLhHTSaWnEK+JR4nDweSxDY3I1bT
	 z2KvtpeO5wc4gdKJoDeFYx9zPA7l+eUL9J5GbYrUp5RWU9d0QJQFoItubC2D4l6JU9
	 yIhT9Xv1urSZS9SqtRA3/mf0lJUS5lbrpn/lsg5XXKyJ7UMxmi8shNebZQZRaMr5r6
	 iucQY0T0npTDVfVak52QeRUsa6vVVglxKVdDy4WEHVaOVPAzxyk2yiY17tY7jMBWf2
	 XfDHnfVBisbhq0aIuj8E1Fz+vEYMbuhb3uz8IJUWgc8Ln3qf0N4sLAGzQzwZ1wXg5k
	 eYtNspm87jpyQ==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 8B2AE689C1
	for <u-boot-concept@u-boot.org>; Sun,  7 Dec 2025 19:32:45 -0700 (MST)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id lO8pr75Bj5nB for <u-boot-concept@u-boot.org>;
 Sun,  7 Dec 2025 19:32:45 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1765161165;
	bh=1W+vOEa+H6moOcwtfHaGrQ9RqRlqLhztNQej5QGKaNg=;
	h=From:To:Date:CC:Subject:List-Id:List-Archive:List-Help:List-Owner:
	 List-Post:List-Subscribe:List-Unsubscribe:From;
	b=mSGl784kNlVGnhW0R1+2wM/Ih8kL3iRcsoIdzhLhHTSaWnEK+JR4nDweSxDY3I1bT
	 z2KvtpeO5wc4gdKJoDeFYx9zPA7l+eUL9J5GbYrUp5RWU9d0QJQFoItubC2D4l6JU9
	 yIhT9Xv1urSZS9SqtRA3/mf0lJUS5lbrpn/lsg5XXKyJ7UMxmi8shNebZQZRaMr5r6
	 iucQY0T0npTDVfVak52QeRUsa6vVVglxKVdDy4WEHVaOVPAzxyk2yiY17tY7jMBWf2
	 XfDHnfVBisbhq0aIuj8E1Fz+vEYMbuhb3uz8IJUWgc8Ln3qf0N4sLAGzQzwZ1wXg5k
	 eYtNspm87jpyQ==
Received: from mail.u-boot.org (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 51B0B68930
	for <u-boot-concept@u-boot.org>; Sun,  7 Dec 2025 19:32:45 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1765161162;
	bh=sPAE+PSM/vH9RKl+KnsPxNZd/zGs678qNEO/uitzcfc=;
	h=From:To:Cc:Subject:Date:From;
	b=YteNZOs7hzYf+vfg1YfcMsUw3hvi/QUczIOTIzghwf6UeAJC35/HAW5dd9pf6FJnZ
	 /EWudwRMwNnEy8njVrzAoR7h7WpilxnxeYE6vx+abxJpy4VzryrApysb2NVEyI4ak6
	 uOruxjrqD9hJaRasdTDYf76NatwHLYzA5o8sO1SmMhwO1rr4cYoAebJP6JtQ4CmbW3
	 hj7neuagMsNZypTVifHjyaGB5BDLBfHyPlU7FIXznfh6eygFAyu+u47OTl3BaLalEM
	 YV+vV+vrOw2LPPpZALQeDoJSZol+QQupftoeHtt9HjcouiDj5rE7ZLpPwCs1NAP0SO
	 +vggZBBOZCt5w==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 3CA2768862;
	Sun,  7 Dec 2025 19:32:42 -0700 (MST)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP
 id eqKWMMrakBgG; Sun,  7 Dec 2025 19:32:42 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1765161158;
	bh=XQlLQzJ3ZHnyIodyvIrtzWpmcmu4cXYCErxQ2HojV2s=;
	h=From:To:Cc:Subject:Date:From;
	b=B99HF8TAwcJd97aYmN9Bv/o8b3jz9vyUF0qspvttzodCsyBfvetaFR4A7f6tVGhwB
	 L2UUXLqRhMK5haCXGxb2ssRizmPS4QMAzhHnqstvI/Qk50CITT9VO/z68W+wc6ujC1
	 P6GgRX30bj/n6fpUTmoli9VWhkHosMJysomCrCWPUCm5FIr8dLguM2o29454Fi0fIi
	 lsO1P5ailyMXVO4F8ijxrvD2dNDiWuMP7qNdeJpcwNaUFxkOGskjhhVai4DkHnR+yK
	 8VLYMz6PkdEgSdBCBHYAssNiLDcaNzuvODsGXZDtcPvZ83RmSgS7m2+XOPnWTHLE1s
	 fTN4vX3XSs5FQ==
Received: from u-boot.org (unknown [73.34.74.121])
	by mail.u-boot.org (Postfix) with ESMTPSA id EE2B56883E;
	Sun,  7 Dec 2025 19:32:37 -0700 (MST)
From: Simon Glass <sjg@u-boot.org>
To: U-Boot Concept <concept@u-boot.org>
Date: Sun,  7 Dec 2025 19:32:03 -0700
Message-ID: <20251208023229.3929910-1-sjg@u-boot.org>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
Message-ID-Hash: EELG66XR7OZP3I2BJQKUUNBFOVVMFNIX
X-Message-ID-Hash: EELG66XR7OZP3I2BJQKUUNBFOVVMFNIX
X-MailFrom: sjg@u-boot.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
CC: Simon Glass <simon.glass@canonical.com>
X-Mailman-Version: 3.3.10
Precedence: list
Subject: [Concept] [PATCH 00/19] bootctl: Continue development with TKey
 functionality
List-Id: Discussion and patches related to U-Boot Concept <concept.u-boot.org>
Archived-At: 
 <https://lists.u-boot.org/archives/list/concept@u-boot.org/message/EELG66XR7OZP3I2BJQKUUNBFOVVMFNIX/>
List-Archive: <https://lists.u-boot.org/archives/list/concept@u-boot.org/>
List-Help: <mailto:concept-request@u-boot.org?subject=help>
List-Owner: <mailto:concept-owner@u-boot.org>
List-Post: <mailto:concept@u-boot.org>
List-Subscribe: <mailto:concept-join@u-boot.org>
List-Unsubscribe: <mailto:concept-leave@u-boot.org>

From: Simon Glass <simon.glass@canonical.com>

This series integrates the TKey disk-unlock features into the bootctl
UI, as a demonstration of how this might work. The user is prompted for
a passphrase, which is then used as a user-supplied secret (USS) for the
TKey.

This series includes support for using a pre-derived master key, so that
the TKey emulator can be used in tests.

Future work will continue this effort.


Simon Glass (19):
  tpm: Fix missing log size when using bloblist
  bootctl: Drop unnecessary calls to calculate dimensions
  bootctl: Set the password flag on the passphrase edit text
  video: Add a lock image
  bootctl: Bring in another image
  bootctl: Allow switching between logos
  bootctl: Show a lock symbol for locked disks
  bootctl: Provide passphrase and message objects in the expo
  bootctl: Enhance the UI to support a TKey
  bootctl: Provide an extra poll between select and booting
  bootctl: Clean up some unwanted debugging in the logic
  bootctl: Add the logic for disk unlock using a TKey
  bootctl: Fix up the header-inclusion order in the test
  tkey: Correct handling of the USS
  tkey: Allow using the selected TKey from luks
  luks: Add -p flag for pre-derived master key
  bootctl: Allow unlocking LUKS2 partitions
  bootctl: Add a TKey for testing
  bootctl: Enable the tests

 boot/bootctl/canonical.bmp    | Bin 0 -> 41634 bytes
 boot/bootctl/logic.c          | 695 +++++++++++++++++++++++++++++++++-
 boot/bootctl/multi_ui.c       | 118 +++++-
 boot/bootctl/simple_ui.c      |  11 +-
 boot/bootctl/util.c           |  60 +++
 boot/bootflow_menu.c          |  16 +-
 cmd/luks.c                    |  42 +-
 cmd/tkey.c                    |   2 +-
 configs/sandbox_defconfig     |   1 +
 doc/usage/cmd/luks.rst        |  18 +-
 drivers/misc/tkey-uclass.c    |  16 +-
 drivers/misc/tkey_emul.c      |   9 +-
 drivers/video/images/Makefile |   1 +
 drivers/video/images/lock.bmp | Bin 0 -> 2454 bytes
 include/bootctl.dtsi          |   8 +
 include/bootctl/logic.h       |  58 ++-
 include/bootctl/ui.h          |  80 ++++
 include/tkey.h                |   7 +
 lib/tpm_tcg2.c                |   1 +
 test/Kconfig                  |   1 -
 test/boot/Makefile            |   1 +
 test/boot/bootctl/bootctl.c   |   8 +-
 test/dm/video.c               |   3 +-
 23 files changed, 1097 insertions(+), 59 deletions(-)
 create mode 100644 boot/bootctl/canonical.bmp
 create mode 100644 drivers/video/images/lock.bmp