All of lore.kernel.org
 help / color / mirror / Atom feed
From: Simon Glass <sjg@chromium.org>
To: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: U-Boot Mailing List <u-boot@lists.denx.de>,
	Heinrich Schuchardt <xypron.glpk@gmx.de>,
	 Ilias Apalodimas <ilias.apalodimas@linaro.org>
Subject: Re: [PATCH 0/2] add selftest for EFI_TCG2_PROTOCOL and Measured Boot
Date: Sun, 24 Oct 2021 13:54:04 -0600	[thread overview]
Message-ID: <CAPnjgZ2mmcUKz0v=ysSvf17c6ab++-hEpO4rc0OeeAEz7pFA2g@mail.gmail.com> (raw)
In-Reply-To: <20211022112426.25009-1-masahisa.kojima@linaro.org>

Hi Masahisa,

On Fri, 22 Oct 2021 at 05:23, Masahisa Kojima
<masahisa.kojima@linaro.org> wrote:
>
> This patch series adds the selftest for the EFI_TCG2_PROTOCOL and
> Measured Boot flow.
> This selftest is verified on qemu with swtpm.

Is this in CI? Where are the instructions for doing this?

I have expressed my preference for expanding the in-tree emulator to
handle this.

Regards,
Simon


>
> This covers most of the functionalities, but there are some
> limitations and TODO items.
>
> [Limitation]
> - tcg2 selftest must run at the beginning of the efi_selftest because
>   some measurement occurs in efi_tcg2_register() and boottime->image_load().
>   Need to configure the efi_selftest with "setenv efi_selftest tcg2; bootefi selftest"
> - Skip ExitBootService measurement test
>    - EFI application can not read PCR after calling ExitBootService
> - Skip EventLog Validation
>    - Measured Boot measures U-Boot version, so EventLog varies every build having
>      different commit hash.
> - Skip PCR[0] validation
>    - PCR[0] include U-Boot version measurement, this value varies every build
>      having different commit hash.
> - Skip PCR[7] validation
>    - Secure Boot Variables can not be updated through efi_selftest.
> - The initial PCR value of PCR[17 - 22] is all 0xff, I'm not sure
>   it is expected or not.
>
> [TODO]
> - GPT measurement test
> - Secure Boot Variable test
> - Eventlog validation
>
> Masahisa Kojima (2):
>   efi_loader: add missing const qualifier
>   efi_selftest: add selftest for EFI_TCG2_PROTOCOL and Measured Boot
>
>  include/efi_api.h                             |   2 +-
>  lib/efi_loader/efi_boottime.c                 |   5 +-
>  lib/efi_selftest/Makefile                     |  10 +
>  .../efi_selftest_miniapp_measuredboot.c       |  93 ++
>  lib/efi_selftest/efi_selftest_tcg2.c          | 804 +++++++++++++++++-
>  5 files changed, 910 insertions(+), 4 deletions(-)
>  create mode 100644 lib/efi_selftest/efi_selftest_miniapp_measuredboot.c
>
> --
> 2.17.1
>

  parent reply	other threads:[~2021-10-24 19:58 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-22 11:24 [PATCH 0/2] add selftest for EFI_TCG2_PROTOCOL and Measured Boot Masahisa Kojima
2021-10-22 11:24 ` [PATCH 1/2] efi_loader: add missing const qualifier Masahisa Kojima
2021-10-23  8:40   ` Heinrich Schuchardt
2021-10-23 17:21     ` Ilias Apalodimas
2021-10-22 11:24 ` [PATCH 2/2] efi_selftest: add selftest for EFI_TCG2_PROTOCOL and Measured Boot Masahisa Kojima
2021-10-23  9:42   ` Heinrich Schuchardt
2021-10-25  7:59     ` Masahisa Kojima
2021-10-25  9:43       ` Heinrich Schuchardt
2021-10-30  6:02         ` Ilias Apalodimas
2021-10-30  6:13           ` Heinrich Schuchardt
2021-11-01  9:38             ` Masahisa Kojima
2021-10-24 19:54 ` Simon Glass [this message]
2021-11-02  8:03   ` [PATCH 0/2] " Masahisa Kojima
2021-11-02 14:55     ` Simon Glass
2021-11-02 16:27       ` Ilias Apalodimas
2021-11-05  2:02         ` Simon Glass

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAPnjgZ2mmcUKz0v=ysSvf17c6ab++-hEpO4rc0OeeAEz7pFA2g@mail.gmail.com' \
    --to=sjg@chromium.org \
    --cc=ilias.apalodimas@linaro.org \
    --cc=masahisa.kojima@linaro.org \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.