[PATCH v2 0/1] add selftest for EFI_TCG2_PROTOCOL and Measured Boot

Heinrich Schuchardt xypron.glpk at gmx.de
Sun Nov 7 09:30:18 CET 2021 

On 11/4/21 11:45, Masahisa Kojima wrote:
> This patch adds the selftest for the EFI_TCG2_PROTOCOL and
> Measured Boot flow.
> This selftest is verified on qemu with swtpm on both 32-bit arm
> and arm64.
>
> This commit adds the pre-build binary for the PE/COFF image

It seems that you have been compiling
lib/efi_selftest/efi_selftest_miniapp_exit.c
and using tools/file2include.c for converting to an include.

The information in this header mail should be in the patch itself.

Best regards

Heinrich

> measurement test for each architecture. I have tested only
> on 32-bit arm and arm64.
> For ia32, x86_64, riscv32 and riscv64, actual selftest behavior
> is not yet tested, but the expected PCR values are calculated
> on arm64 environment.
>
> This commit covers most of the functionalities, but there are some
> limitations and TODO items.
>
> [Limitation]
> - Verified actual selftest behavior only on arm and arm64.
> - Tcg2 selftest must run at the beginning of the efi_selftest because
>    some measurement occurs in efi_tcg2_register() and boottime->image_load().
>    Need to configure the efi_selftest with "setenv efi_selftest tcg2; bootefi selftest"
> - Skip ExitBootService measurement test
>     - EFI application can not read PCR after calling ExitBootService
> - Skip EventLog Validation
>     - Measured Boot measures U-Boot version, so EventLog varies every build having
>       different commit hash.
> - Skip PCR[0] validation
>     - PCR[0] include U-Boot version measurement, this value varies every build
>       having different commit hash.
> - Skip PCR[7] validation
>     - Secure Boot Variables can not be updated through efi_selftest.
> - The initial PCR value of PCR[17 - 22] is all 0xff. I'm not sure
>    it is expected or not, but at least Secure96 and swtpm has the same initial value.
>
> [TODO]
> - GPT measurement test
> - Secure Boot Variable test
> - Eventlog validation
>
> Masahisa Kojima (1):
>    efi_selftest: add selftest for EFI_TCG2_PROTOCOL and Measured Boot
>
>   lib/efi_selftest/efi_miniapp_tcg2_arm.h     | 152 ++++
>   lib/efi_selftest/efi_miniapp_tcg2_arm64.h   | 207 +++++
>   lib/efi_selftest/efi_miniapp_tcg2_ia32.h    | 177 ++++
>   lib/efi_selftest/efi_miniapp_tcg2_riscv32.h | 173 ++++
>   lib/efi_selftest/efi_miniapp_tcg2_riscv64.h | 189 ++++
>   lib/efi_selftest/efi_miniapp_tcg2_x86_64.h  | 178 ++++
>   lib/efi_selftest/efi_selftest_tcg2.c        | 941 +++++++++++++++++++-
>   7 files changed, 2016 insertions(+), 1 deletion(-)
>   create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_arm.h
>   create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_arm64.h
>   create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_ia32.h
>   create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_riscv32.h
>   create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_riscv64.h
>   create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_x86_64.h
>

More information about the U-Boot mailing list