From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 296D2C433F5 for ; Sat, 30 Oct 2021 06:13:28 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 14044610EA for ; Sat, 30 Oct 2021 06:13:27 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 14044610EA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmx.de Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id ED33982D95; Sat, 30 Oct 2021 08:13:24 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.b="X8MdSZhV"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id BDDDE82EBB; Sat, 30 Oct 2021 08:13:22 +0200 (CEST) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 563268291E for ; Sat, 30 Oct 2021 08:13:19 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=xypron.glpk@gmx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1635574398; bh=ppxH+UXCE2oeAfBclELGH5eB0q3XyKEEbrs28F2wylA=; h=X-UI-Sender-Class:Date:From:To:CC:Subject:In-Reply-To:References; b=X8MdSZhV75G5phFTxRf4ZKBWf5J0lL/mSnH+cvgf7wo4d9AYzMP1v70Ql/l/sHuwk K0UmpcRgtWe7Li20M5T7C93opgcQrxH0g7B1zatObNOuVCCrs38069B4AHGL6McP+s SMsAp9PWOjurGyEtZYfC2oUA19Xf6k4LEWZuwWOk= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [127.0.0.1] ([217.91.148.127]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MtfNl-1mvdGU3UQZ-00v7m0; Sat, 30 Oct 2021 08:13:17 +0200 Date: Sat, 30 Oct 2021 08:13:15 +0200 From: Heinrich Schuchardt To: Ilias Apalodimas CC: Masahisa Kojima , Simon Glass , Alexander Graf , U-Boot Mailing List Subject: =?US-ASCII?Q?Re=3A_=5BPATCH_2/2=5D_efi=5Fselftest=3A_add_selftes?= =?US-ASCII?Q?t_for_EFI=5FTCG2=5FPROTOCOL_and_Measured_Boot?= User-Agent: K-9 Mail for Android In-Reply-To: References: <20211022112426.25009-1-masahisa.kojima@linaro.org> <20211022112426.25009-3-masahisa.kojima@linaro.org> <529ad108-bdea-e901-9e08-1a587b443b1b@gmx.de> Message-ID: <05F9BC2B-085D-4E01-B81E-7764DBB3041C@gmx.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:1pwI5RlVZY+a4JQCfjq4+b1YX0U8L3C24nnWEXA9wm6NiuAcaQ+ uM1NbHCKfOomt2bn1crrBdZb88gpjqdqztL/BLxm5wdjzRKuuhm5K6BwfDC7GPyFbk6LEoG 7bzc6YTi57ofOIi5O6hdjgZiXvpdJVQTON2ZB0+9pc0rpsLoEu1UAPJq73W2oiOFldoE8cD aZYZckRAD4saAzKEUvHUQ== X-UI-Out-Filterresults: notjunk:1;V03:K0:lkoSxYToAM0=:1Ye7dXnoHFftOcRIzK4G4t jqsuYQLNhhBoULEvkmuCchCSAnHqru0kY/2/N5yx71kLQerDDmHMbekLceC2aTjMLNzXe5GDj TeZOuAevre6aAiRJAlJ97RAxmz2iQ4Ab7l3T5QolMTRwekLp6J2CKsrEnK2mhz5JE39LKqupL LkXiz6Q/KwqwH4aSsnUiHe/HUbDAdoSiqSs2TulZfA8DFKvicXWh3YtiyjbsmDqAM7LZAMnxu tgmRCNtpg3fVlCKBvMSj6EBzyZDS2rdREF2RBoi+DnMLBIL9hQJTLfM5ymcK+W8OK8zo3Yl2X xmD+M5tgJVjFXVq2tP3NMsCTk3v6CuHOTHqIvXhZNuGo/rRWOXjg4agoUsBsou+6TcTb1irVI wBh/dSiJENOHwVehzVSJBu1OO1ye0+3NTzYHNBufDPIx3i5G2aGmZo0zjLsuHtYXuXdbFb2Sj z+/26BTR9w/0PjJqU7qOuLzUP0riQFDZeB40mfLGXVw37g3I0IMsLG4sf2dOzIpvQ4O81BU5S L41NeFLUkp8gqJ5L6iB58BJV99Gk2FxoANKbFiS9IWERebG8oUtPcq/cp6ZoO8Z07RQPpQgRp Xyx37+o+0k4QQMsfw7qSD0hd2iH9s7T9ih45LHIYs3ouI+pSiYsRCwCSKdz0AaIuy3lI1/ejl kvuxFrWdj9c4dAgAQRRlte8HbMEU07PqjBACQKrp2ljCpL+ttK0eLeiYL4mrcWCSos3lA0oCm w74QzFkuPiP+0Pk6j4BXf+8qzl+XJLBcANEVJ0VkdLdAjfzTD7nSFkYqXNVXwh9RCNJ1hx+bL KDFG02ikQTHlPQNA6I5HnNcctsmSZKPzhlmV4ALS7XDF+w1hOpACOMggnawiYT0MKUIhutJmr gKlCaoHac7SwHp5YHoU0tSPhGzKYTaMEUe312GLCyVyyVEmxZKUZ/Ql79D6fbZ6qUpIeK3xkc OGwwh1sWlMjl9mdmXWwS0+Z19cqjeq8+iWRO8+mLwkE0qfW9PDWl8C7sAgNCKuNPr0Xj/gpfV b2yr1Gg81v193sxVHF94+iISMHrvutOii5VAXZc+XW86RfMGdXkkOT+6NlnN9F6WXpSyA7epc 9fU79jRVpEwi3k= X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Am 30=2E Oktober 2021 08:02:02 MESZ schrieb Ilias Apalodimas : >Hi Heinrich > >[=2E=2E=2E] > >> >>> +$(obj)/efi_selftest_tcg2=2Eo: $(obj)/efi_miniapp_file_image_measur= edboot=2Eh >> >>> diff --git a/lib/efi_selftest/efi_selftest_miniapp_measuredboot=2Ec= b/lib/efi_selftest/efi_selftest_miniapp_measuredboot=2Ec >> >> >> >> Thank you for going the extra mile and adding the test=2E >> >> >> >> Which image is actually loaded seems to be irrelevant for the test= =2E Can >> >> we reuse an existing one, e=2Eg=2E efi_miniapp_file_image_return=2Eh= ? >> >> >> >> I guess the PCR related to the loaded image is not checked as it wil= l >> >> depend on the build tools and date=2E >> > >> > Sorry, I'm doing wrong=2E >> > Actually this selftest verifies the PE/COFF image measurement, so mea= suremt >> > will be different depending on the build tools and date=2E >> > # In my build environment, timestamp is set to all zero=2E >> > >> > To test the PE/COFF image measurement, I must prepare the >> > static PE/COFF image=2E I plan to add efi_miniapp_file_image_measured= boot=2Eh >> > as a pre-compiled small static PE/COFF image for the measurement test= , >> > instead of adding efi_selftest_miniapp_measuredboot=2Ec or reusing ex= isting one=2E >> >> You will need one image per UEFI architecture (ia32, x64, arm, aa64, >> riscv32, riscv64)=2E You could present the image via the >> EFI_LOAD_FILE2_PROTOCOL, see lib/efi_selftest/efi_selftest_load_file=2E= c=2E > >The EFI TCG2 is governed by a spec=2E What it basically does is extend >a number of hardware PCRs with a sha1/256/384/512 for a given image=2E >Wouldn't performing the selftest for arm/arm64 be enough? What am I >missing? People on other architectures should be able to run the selftest on a real= device (not QEMU)=2E If you have trouble building for RISC-V, I can help= =2E Regards Heinrich=20 > >[=2E=2E=2E] > >Regards >/Ilias