[PATCH 2/5] efi_loader: add secure boot variable measurement
Ilias Apalodimas
ilias.apalodimas at linaro.org
Wed Jul 7 19:40:18 CEST 2021
Hi Simon,
On Wed, Jul 07, 2021 at 11:37:01AM -0600, Simon Glass wrote:
> Hi Masahisa,
>
> On Wed, 7 Jul 2021 at 07:36, Masahisa Kojima <masahisa.kojima at linaro.org> wrote:
> >
> > TCG PC Client PFP spec requires to measure the secure
> > boot policy before validating the UEFI image.
> > This commit adds the secure boot variable measurement
> > of "SecureBoot", "PK", "KEK", "db" and "dbx".
> >
> > Note that this implementation assumes that secure boot
> > variables are pre-configured and not be set/updated in runtime.
> >
> > Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> > ---
> > include/efi_tcg2.h | 20 ++++++
> > lib/efi_loader/efi_tcg2.c | 135 ++++++++++++++++++++++++++++++++++++++
> > 2 files changed, 155 insertions(+)
>
> Where are the tests for this code, please?
As we discussed in the past, the EFI TCG code can't be tested with the
asndbox as-is. I'll have a look on your sandbox patches in case we can now
use those, but in any case, I've sent a TPM mmio based driver. Even if the
sandbox is still not enough we can add tests once the mmio TPM driver gets
merged
Cheers
/Ilias
>
> Regards,
> Simon
More information about the U-Boot
mailing list