On 4/16/21 10:42 PM, Ilias Apalodimas wrote:
Hi Heinrich,
On Thu, Apr 15, 2021 at 04:08:55PM +0200, Heinrich Schuchardt wrote:
On 15.04.21 15:30, Masahisa Kojima wrote:
"TCG PC Client Platform Firmware Profile Specification" requires to measure every attempt to load and execute a OS Loader(a UEFI application) into PCR[4]. This commit adds the PE/COFF image measurement, extends PCR, and appends measurement into Event Log.
Signed-off-by: Masahisa Kojima masahisa.kojima@linaro.org
Please, provide a unit test that we can run in Gitlab CI on either the sandbox or QEMU.
The additions to the EFI TCG2 fall under the same category as the initial patchset and unfortunately suffer from the same problems wrt to using the sandbox TPM2. The sandbox capabilities are limited for testing this, starting from the fact that that we can't even get the tpm2 capabilities we need to start the protocol correctly. ./drivers/tpm/tpm2_tis_sandbox.c only supports TPM_CAP_TPM_PROPERTIES which is limited compared to what the TCG code in EFI expects. Similar functionality is missing from extending and checking PCRs properly etc.
QEMU allows to use a TPM emulation, cf. https://qemu-project.gitlab.io/qemu/specs/tpm.html#the-qemu-tpm-emulator-dev... https://github.com/stefanberger/swtpm
Kojima and I will have a look since this is the only viable option in order to get useful selftests. Imho we should review and maybe accept this patch in parallel though, since it's adding more bits of the TCG PC client specification.
Thanks! /Ilias
Hello Masahisa,
I am done with my review of the series and waiting for your v2.
Ilias suggested to implement tests in a separate series. I am fine with this if Ilias supplies a tested-by sign-off for this series.
Best regards
Heinrich