[PATCH 0/2] add selftest for EFI_TCG2_PROTOCOL and Measured Boot

Simon Glass sjg at chromium.org
Sun Oct 24 21:54:04 CEST 2021 

Hi Masahisa,

On Fri, 22 Oct 2021 at 05:23, Masahisa Kojima
<masahisa.kojima at linaro.org> wrote:
>
> This patch series adds the selftest for the EFI_TCG2_PROTOCOL and
> Measured Boot flow.
> This selftest is verified on qemu with swtpm.

Is this in CI? Where are the instructions for doing this?

I have expressed my preference for expanding the in-tree emulator to
handle this.

Regards,
Simon


>
> This covers most of the functionalities, but there are some
> limitations and TODO items.
>
> [Limitation]
> - tcg2 selftest must run at the beginning of the efi_selftest because
>   some measurement occurs in efi_tcg2_register() and boottime->image_load().
>   Need to configure the efi_selftest with "setenv efi_selftest tcg2; bootefi selftest"
> - Skip ExitBootService measurement test
>    - EFI application can not read PCR after calling ExitBootService
> - Skip EventLog Validation
>    - Measured Boot measures U-Boot version, so EventLog varies every build having
>      different commit hash.
> - Skip PCR[0] validation
>    - PCR[0] include U-Boot version measurement, this value varies every build
>      having different commit hash.
> - Skip PCR[7] validation
>    - Secure Boot Variables can not be updated through efi_selftest.
> - The initial PCR value of PCR[17 - 22] is all 0xff, I'm not sure
>   it is expected or not.
>
> [TODO]
> - GPT measurement test
> - Secure Boot Variable test
> - Eventlog validation
>
> Masahisa Kojima (2):
>   efi_loader: add missing const qualifier
>   efi_selftest: add selftest for EFI_TCG2_PROTOCOL and Measured Boot
>
>  include/efi_api.h                             |   2 +-
>  lib/efi_loader/efi_boottime.c                 |   5 +-
>  lib/efi_selftest/Makefile                     |  10 +
>  .../efi_selftest_miniapp_measuredboot.c       |  93 ++
>  lib/efi_selftest/efi_selftest_tcg2.c          | 804 +++++++++++++++++-
>  5 files changed, 910 insertions(+), 4 deletions(-)
>  create mode 100644 lib/efi_selftest/efi_selftest_miniapp_measuredboot.c
>
> --
> 2.17.1
>

More information about the U-Boot mailing list