[PATCH v2 0/1] add selftest for EFI_TCG2_PROTOCOL and Measured Boot

Masahisa Kojima masahisa.kojima at linaro.org
Mon Nov 8 01:37:35 CET 2021 

Hi Heinrich,

On Sun, 7 Nov 2021 at 17:30, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>
> On 11/4/21 11:45, Masahisa Kojima wrote:
> > This patch adds the selftest for the EFI_TCG2_PROTOCOL and
> > Measured Boot flow.
> > This selftest is verified on qemu with swtpm on both 32-bit arm
> > and arm64.
> >
> > This commit adds the pre-build binary for the PE/COFF image
>
> It seems that you have been compiling
> lib/efi_selftest/efi_selftest_miniapp_exit.c
> and using tools/file2include.c for converting to an include.

Yes, you are correct.

>
> The information in this header mail should be in the patch itself.

Thank you for updating the commit message in efi-2022-01 tree.

Thanks,
Masahisa Kojima

>
> Best regards
>
> Heinrich
>
> > measurement test for each architecture. I have tested only
> > on 32-bit arm and arm64.
> > For ia32, x86_64, riscv32 and riscv64, actual selftest behavior
> > is not yet tested, but the expected PCR values are calculated
> > on arm64 environment.
> >
> > This commit covers most of the functionalities, but there are some
> > limitations and TODO items.
> >
> > [Limitation]
> > - Verified actual selftest behavior only on arm and arm64.
> > - Tcg2 selftest must run at the beginning of the efi_selftest because
> >    some measurement occurs in efi_tcg2_register() and boottime->image_load().
> >    Need to configure the efi_selftest with "setenv efi_selftest tcg2; bootefi selftest"
> > - Skip ExitBootService measurement test
> >     - EFI application can not read PCR after calling ExitBootService
> > - Skip EventLog Validation
> >     - Measured Boot measures U-Boot version, so EventLog varies every build having
> >       different commit hash.
> > - Skip PCR[0] validation
> >     - PCR[0] include U-Boot version measurement, this value varies every build
> >       having different commit hash.
> > - Skip PCR[7] validation
> >     - Secure Boot Variables can not be updated through efi_selftest.
> > - The initial PCR value of PCR[17 - 22] is all 0xff. I'm not sure
> >    it is expected or not, but at least Secure96 and swtpm has the same initial value.
> >
> > [TODO]
> > - GPT measurement test
> > - Secure Boot Variable test
> > - Eventlog validation
> >
> > Masahisa Kojima (1):
> >    efi_selftest: add selftest for EFI_TCG2_PROTOCOL and Measured Boot
> >
> >   lib/efi_selftest/efi_miniapp_tcg2_arm.h     | 152 ++++
> >   lib/efi_selftest/efi_miniapp_tcg2_arm64.h   | 207 +++++
> >   lib/efi_selftest/efi_miniapp_tcg2_ia32.h    | 177 ++++
> >   lib/efi_selftest/efi_miniapp_tcg2_riscv32.h | 173 ++++
> >   lib/efi_selftest/efi_miniapp_tcg2_riscv64.h | 189 ++++
> >   lib/efi_selftest/efi_miniapp_tcg2_x86_64.h  | 178 ++++
> >   lib/efi_selftest/efi_selftest_tcg2.c        | 941 +++++++++++++++++++-
> >   7 files changed, 2016 insertions(+), 1 deletion(-)
> >   create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_arm.h
> >   create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_arm64.h
> >   create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_ia32.h
> >   create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_riscv32.h
> >   create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_riscv64.h
> >   create mode 100644 lib/efi_selftest/efi_miniapp_tcg2_x86_64.h
> >

More information about the U-Boot mailing list