Am 18. Juni 2024 18:45:53 MESZ schrieb Tim Harvey tharvey@gateworks.com:
On Tue, Jun 18, 2024 at 8:48 AM Tim Harvey tharvey@gateworks.com wrote:
On Tue, Jun 18, 2024 at 4:51 AM Heinrich Schuchardt xypron.glpk@gmx.de wrote:
On 17.06.24 21:14, Tim Harvey wrote:
Now that kaslr-seed is automatically added to the chosen node if DM_RNG is enabled, adjust the test to expect this.
We need to check that if CONFIG_EFI_TCG2_PROTOCOL=y no kaslr-seed node is passed to EFI binaries.
The right location for such a test is lib/efi_selftest/efi_selftest_tcg2.c.
Hi Heinrich,
I see you sent a patch for that but I'm not understanding how that fits into the ut framework.
We need as similar check for CONFIG_MEASURED_BOOT=y.
Can you explain more please?
The idea of measured boot is that you check if the hash has the same value every time you boot. If you measure the device-tree and it contains a random value, you get a random hash.
Best regards
Heinrich
Does this explain the CI failures I see here: https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8721&view=log... https://dev.azure.com/u-boot/u-boot/_build/results?buildId=8721&view=log...
I'm still trying to make sense of those.
In order to test this locally I built for sandbox64_defconfig and ran "./u-boot -Dc 'ut fdt'" but it seems that doesn't cover enough cases.
I believe I understand the Azure pipeline failures now. I don't see exactly where they pick a defconfig but the failed test cases are under 'test.py for sandbox sandbox' and 'test.py for sandbox sandbox_clang' which I've come to understand means they use 'sandbox_defconfig' which defines CONFIG_MEASURED_BOOT where sandbox64_defconfig which I tested does not.
So I need to update the test to:
if (IS_ENABLED(CONFIG_DM_RNG) &&!IS_ENABLED(CONFIG_MEASURED_BOOT) &&!IS_ENABLED(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT))ut_assert_nextlinen("\tkaslr-seed = ");I've issued a PR for v7 to test via CI and will submit if all is well.
Best Regards,
Tim
Best regards,
Tim
Best regards
Heinrich
Signed-off-by: Tim Harvey tharvey@gateworks.com Cc: Michal Simek michal.simek@amd.com Cc: Andy Yan andy.yan@rock-chips.com Cc: Akash Gajjar gajjar04akash@gmail.com Cc: Ilias Apalodimas ilias.apalodimas@linaro.org Cc: Simon Glass sjg@chromium.org Cc: Patrick Delaunay patrick.delaunay@foss.st.com Cc: Patrice Chotard patrice.chotard@foss.st.com Cc: Devarsh Thakkar devarsht@ti.com Cc: Heinrich Schuchardt xypron.glpk@gmx.de Cc: Hugo Villeneuve hvilleneuve@dimonoff.com Cc: Marek Vasut marex@denx.de Cc: Tom Rini trini@konsulko.com Cc: Chris Morgan macromorgan@hotmail.com
v6: new patch
test/cmd/fdt.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/test/cmd/fdt.c b/test/cmd/fdt.c index 547085521758..537d8a338bbf 100644 --- a/test/cmd/fdt.c +++ b/test/cmd/fdt.c @@ -1347,6 +1347,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs);
if (CONFIG_IS_ENABLED(DM_RNG))ut_assert_nextlinen("\tkaslr-seed = "); ut_assert_nextline("};"); ut_assertok(ut_check_console_end(uts));@@ -1363,6 +1365,8 @@ static int fdt_test_chosen(struct unit_test_state *uts) ut_assert_nextlinen("\tu-boot,version = "); /* Ignore the version string */ if (env_bootargs) ut_assert_nextline("\tbootargs = "%s";", env_bootargs);
if (CONFIG_IS_ENABLED(DM_RNG))ut_assert_nextlinen("\tkaslr-seed = "); ut_assert_nextline("};"); ut_assertok(ut_check_console_end(uts));