[PATCH 2/5] efi_loader: add secure boot variable measurement
Simon Glass
sjg at chromium.org
Wed Jul 7 19:49:33 CEST 2021
Hi Ilias,
On Wed, 7 Jul 2021 at 11:40, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
> Hi Simon,
>
> On Wed, Jul 07, 2021 at 11:37:01AM -0600, Simon Glass wrote:
> > Hi Masahisa,
> >
> > On Wed, 7 Jul 2021 at 07:36, Masahisa Kojima <masahisa.kojima at linaro.org> wrote:
> > >
> > > TCG PC Client PFP spec requires to measure the secure
> > > boot policy before validating the UEFI image.
> > > This commit adds the secure boot variable measurement
> > > of "SecureBoot", "PK", "KEK", "db" and "dbx".
> > >
> > > Note that this implementation assumes that secure boot
> > > variables are pre-configured and not be set/updated in runtime.
> > >
> > > Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> > > ---
> > > include/efi_tcg2.h | 20 ++++++
> > > lib/efi_loader/efi_tcg2.c | 135 ++++++++++++++++++++++++++++++++++++++
> > > 2 files changed, 155 insertions(+)
> >
> > Where are the tests for this code, please?
>
> As we discussed in the past, the EFI TCG code can't be tested with the
> asndbox as-is. I'll have a look on your sandbox patches in case we can now
> use those, but in any case, I've sent a TPM mmio based driver. Even if the
> sandbox is still not enough we can add tests once the mmio TPM driver gets
> merged
Can you add features to the sandbox driver? I just sent a series that
added nvdata, for example.
Regards,
Simon
More information about the U-Boot
mailing list