This patch series adds the selftest for the EFI_TCG2_PROTOCOL and Measured Boot flow. This selftest is verified on qemu with swtpm.
This covers most of the functionalities, but there are some limitations and TODO items.
[Limitation] - tcg2 selftest must run at the beginning of the efi_selftest because some measurement occurs in efi_tcg2_register() and boottime->image_load(). Need to configure the efi_selftest with "setenv efi_selftest tcg2; bootefi selftest" - Skip ExitBootService measurement test - EFI application can not read PCR after calling ExitBootService - Skip EventLog Validation - Measured Boot measures U-Boot version, so EventLog varies every build having different commit hash. - Skip PCR[0] validation - PCR[0] include U-Boot version measurement, this value varies every build having different commit hash. - Skip PCR[7] validation - Secure Boot Variables can not be updated through efi_selftest. - The initial PCR value of PCR[17 - 22] is all 0xff, I'm not sure it is expected or not.
[TODO] - GPT measurement test - Secure Boot Variable test - Eventlog validation
Masahisa Kojima (2): efi_loader: add missing const qualifier efi_selftest: add selftest for EFI_TCG2_PROTOCOL and Measured Boot
include/efi_api.h | 2 +- lib/efi_loader/efi_boottime.c | 5 +- lib/efi_selftest/Makefile | 10 + .../efi_selftest_miniapp_measuredboot.c | 93 ++ lib/efi_selftest/efi_selftest_tcg2.c | 804 +++++++++++++++++- 5 files changed, 910 insertions(+), 4 deletions(-) create mode 100644 lib/efi_selftest/efi_selftest_miniapp_measuredboot.c