From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED184C433EF for ; Sun, 24 Oct 2021 19:58:09 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6DA8160EE3 for ; Sun, 24 Oct 2021 19:58:09 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 6DA8160EE3 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0246E835A1; Sun, 24 Oct 2021 21:56:23 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="QSLmCvgC"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 2D9508350D; Sun, 24 Oct 2021 21:54:26 +0200 (CEST) Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B8D8A82EBB for ; Sun, 24 Oct 2021 21:54:18 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@google.com Received: by mail-oi1-x22c.google.com with SMTP id o83so12692544oif.4 for ; Sun, 24 Oct 2021 12:54:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=V1UBQxPs4A3cjjv7wrHLuMsIJnpPCI1uc0WlTtVcy9g=; b=QSLmCvgCBnHqgiLBEzZ0X4PtbzxAAGhHyQZEyZHEj3aUEJF/JTHqqwr6tgT0L5rjz1 gBsUr+/pMRPcXJq2hoIHCR7sKFYC64LC+WVC/4OrsFmThe0sS4aMK3nmv7ThZW5hd7QJ iV7Jpb5xdrnkYx+VdjUupEEniiYK5iVSFUlFw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=V1UBQxPs4A3cjjv7wrHLuMsIJnpPCI1uc0WlTtVcy9g=; b=goM8vJUInWci3BJyYG4yvSfDXtqiswN9Z45DT7kEnsVjBP63ZEc3pG0xiF02RLlUUc PKJSmuyRTQ2LFMmjcLexRfCo1RmoE9zMyTlqqaMCzd0i74lQUNad6uz5J0H6tEJ5w3QT 7nvDWRk6RA2jdfcCKmLOHGWhfmXtE3TQbWNzg4etzHcoVr/DRYNdm2lAbc/Weq9Xouwb C9HKm2I6h16TJR8ENCAGvz7iyXMBtjq0vzi/C9N5VeRgTlmI3mPaMzaQe5AnTHNV3hMr JPXBaSAxvsWene2HWKw5LN6CeAX1oiTFaD6LzjMcS8kLod08KT/oaiAuvG9nxvCh68t2 FecA== X-Gm-Message-State: AOAM530gv37icFi2mxAIBhUZXHw43DIuUx9N8QFhw5MCGXIbULiayl3U QHKNwTBoCPJwz/gHVhDM+P55oRZ5mWLqqnmB0Si9Hw== X-Google-Smtp-Source: ABdhPJxWybIVIOAb7sNaveTCsl/sWECZvo42KAW5zTwQJsmeMoyNWcyx+BBARNI/hBp6lSDcf65fNWgIpvkqhuzzpRc= X-Received: by 2002:aca:4283:: with SMTP id p125mr19057135oia.81.1635105256927; Sun, 24 Oct 2021 12:54:16 -0700 (PDT) MIME-Version: 1.0 References: <20211022112426.25009-1-masahisa.kojima@linaro.org> In-Reply-To: <20211022112426.25009-1-masahisa.kojima@linaro.org> From: Simon Glass Date: Sun, 24 Oct 2021 13:54:04 -0600 Message-ID: Subject: Re: [PATCH 0/2] add selftest for EFI_TCG2_PROTOCOL and Measured Boot To: Masahisa Kojima Cc: U-Boot Mailing List , Heinrich Schuchardt , Ilias Apalodimas Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean Hi Masahisa, On Fri, 22 Oct 2021 at 05:23, Masahisa Kojima wrote: > > This patch series adds the selftest for the EFI_TCG2_PROTOCOL and > Measured Boot flow. > This selftest is verified on qemu with swtpm. Is this in CI? Where are the instructions for doing this? I have expressed my preference for expanding the in-tree emulator to handle this. Regards, Simon > > This covers most of the functionalities, but there are some > limitations and TODO items. > > [Limitation] > - tcg2 selftest must run at the beginning of the efi_selftest because > some measurement occurs in efi_tcg2_register() and boottime->image_load(). > Need to configure the efi_selftest with "setenv efi_selftest tcg2; bootefi selftest" > - Skip ExitBootService measurement test > - EFI application can not read PCR after calling ExitBootService > - Skip EventLog Validation > - Measured Boot measures U-Boot version, so EventLog varies every build having > different commit hash. > - Skip PCR[0] validation > - PCR[0] include U-Boot version measurement, this value varies every build > having different commit hash. > - Skip PCR[7] validation > - Secure Boot Variables can not be updated through efi_selftest. > - The initial PCR value of PCR[17 - 22] is all 0xff, I'm not sure > it is expected or not. > > [TODO] > - GPT measurement test > - Secure Boot Variable test > - Eventlog validation > > Masahisa Kojima (2): > efi_loader: add missing const qualifier > efi_selftest: add selftest for EFI_TCG2_PROTOCOL and Measured Boot > > include/efi_api.h | 2 +- > lib/efi_loader/efi_boottime.c | 5 +- > lib/efi_selftest/Makefile | 10 + > .../efi_selftest_miniapp_measuredboot.c | 93 ++ > lib/efi_selftest/efi_selftest_tcg2.c | 804 +++++++++++++++++- > 5 files changed, 910 insertions(+), 4 deletions(-) > create mode 100644 lib/efi_selftest/efi_selftest_miniapp_measuredboot.c > > -- > 2.17.1 >