[PATCH 1/1] efi_selftest: can't have measured device-tree with kaslr-seed
Heinrich Schuchardt
heinrich.schuchardt at canonical.com
Sat Jun 22 16:58:19 CEST 2024
On 18.06.24 17:54, Ilias Apalodimas wrote:
> On Tue, 18 Jun 2024 at 15:24, Heinrich Schuchardt
> <heinrich.schuchardt at canonical.com> wrote:
>>
>> Test that we don't have a /chosen/kaslr-seed property if we measure the
>> device-tree.
>>
>> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
>> ---
>> lib/efi_selftest/efi_selftest_fdt.c | 7 +++++++
>> 1 file changed, 7 insertions(+)
>>
>> diff --git a/lib/efi_selftest/efi_selftest_fdt.c b/lib/efi_selftest/efi_selftest_fdt.c
>> index aa3b13ae3ab..066d9581432 100644
>> --- a/lib/efi_selftest/efi_selftest_fdt.c
>> +++ b/lib/efi_selftest/efi_selftest_fdt.c
>> @@ -227,6 +227,13 @@ static int execute(void)
>> return EFI_ST_FAILURE;
>> }
>> }
>> + if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB)) {
>> + str = get_property(u"kaslr-seed", u"chosen");
>> + if (str) {
>> + efi_st_error("kaslr-seed with measured fdt\n");
>> + return EFI_ST_FAILURE;
>
> When does this run? efi_try_purge_kaslr_seed() tries to remove the
> kaslr-seed before measuring a DT. Are we safe enavbling the check
> here?
do_efi_selftest() is called after efi_install_fdt(). efi_install_fdt()
invokes efi_try_purge_kaslr_seed().
We would get an error here if efi_try_purge_kaslr_seed() were removed
and measuring the DTB enabled.
Best regards
Heinrich
>
> Thanks
> /Ilias
>> + }
>> + }
>> if (IS_ENABLED(CONFIG_RISCV)) {
>> u32 fdt_hartid;
>>
>> --
>> 2.45.1
>>
More information about the U-Boot
mailing list