[PATCH v2 0/1] add selftest for EFI_TCG2_PROTOCOL and Measured Boot

Masahisa Kojima masahisa.kojima at linaro.org
Thu Nov 4 11:45:45 CET 2021


This patch adds the selftest for the EFI_TCG2_PROTOCOL and
Measured Boot flow.
This selftest is verified on qemu with swtpm on both 32-bit arm
and arm64.

This commit adds the pre-build binary for the PE/COFF image
measurement test for each architecture. I have tested only
on 32-bit arm and arm64.
For ia32, x86_64, riscv32 and riscv64, actual selftest behavior
is not yet tested, but the expected PCR values are calculated
on arm64 environment.

This commit covers most of the functionalities, but there are some
limitations and TODO items.

[Limitation]
- Verified actual selftest behavior only on arm and arm64.
- Tcg2 selftest must run at the beginning of the efi_selftest because
  some measurement occurs in efi_tcg2_register() and boottime->image_load().
  Need to configure the efi_selftest with "setenv efi_selftest tcg2; bootefi selftest"
- Skip ExitBootService measurement test
   - EFI application can not read PCR after calling ExitBootService
- Skip EventLog Validation
   - Measured Boot measures U-Boot version, so EventLog varies every build having
     different commit hash.
- Skip PCR[0] validation
   - PCR[0] include U-Boot version measurement, this value varies every build
     having different commit hash.
- Skip PCR[7] validation
   - Secure Boot Variables can not be updated through efi_selftest.
- The initial PCR value of PCR[17 - 22] is all 0xff. I'm not sure
  it is expected or not, but at least Secure96 and swtpm has the same initial value.

[TODO]
- GPT measurement test
- Secure Boot Variable test
- Eventlog validation

Masahisa Kojima (1):
  efi_selftest: add selftest for EFI_TCG2_PROTOCOL and Measured Boot

 lib/efi_selftest/efi_miniapp_tcg2_arm.h     | 152 ++++
 lib/efi_selftest/efi_miniapp_tcg2_arm64.h   | 207 +++++
 lib/efi_selftest/efi_miniapp_tcg2_ia32.h    | 177 ++++
 lib/efi_selftest/efi_miniapp_tcg2_riscv32.h | 173 ++++
 lib/efi_selftest/efi_miniapp_tcg2_riscv64.h | 189 ++++
 lib/efi_selftest/efi_miniapp_tcg2_x86_64.h  | 178 ++++
 lib/efi_selftest/efi_selftest_tcg2.c        | 941 +++++++++++++++++++-
 7 files changed, 2016 insertions(+), 1 deletion(-)
 create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_arm.h
 create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_arm64.h
 create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_ia32.h
 create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_riscv32.h
 create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_riscv64.h
 create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_x86_64.h

-- 
2.17.1



More information about the U-Boot mailing list