On Sat, 22 Jun 2024 at 17:58, Heinrich Schuchardt heinrich.schuchardt@canonical.com wrote:

On 18.06.24 17:54, Ilias Apalodimas wrote:

...

On Tue, 18 Jun 2024 at 15:24, Heinrich Schuchardt heinrich.schuchardt@canonical.com wrote:

...

Test that we don't have a /chosen/kaslr-seed property if we measure the device-tree.

Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com

lib/efi_selftest/efi_selftest_fdt.c | 7 +++++++ 1 file changed, 7 insertions(+)

diff --git a/lib/efi_selftest/efi_selftest_fdt.c b/lib/efi_selftest/efi_selftest_fdt.c index aa3b13ae3ab..066d9581432 100644 --- a/lib/efi_selftest/efi_selftest_fdt.c +++ b/lib/efi_selftest/efi_selftest_fdt.c @@ -227,6 +227,13 @@ static int execute(void) return EFI_ST_FAILURE; } }

•   if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB)) {
  

•           str = get_property(u"kaslr-seed", u"chosen");
  

•           if (str) {
  

•                   efi_st_error("kaslr-seed with measured fdt\n");
  

•                   return EFI_ST_FAILURE;
  

When does this run? efi_try_purge_kaslr_seed() tries to remove the kaslr-seed before measuring a DT. Are we safe enavbling the check here?

do_efi_selftest() is called after efi_install_fdt(). efi_install_fdt() invokes efi_try_purge_kaslr_seed().

We would get an error here if efi_try_purge_kaslr_seed() were removed and measuring the DTB enabled.

Best regards

Thanks! That's what I was wondering

Reviewed-by: Ilias Apalodimas ilias.apalodimas@linaro.org

Heinrich

...

Thanks /Ilias

...

•           }
  

•   }
     if (IS_ENABLED(CONFIG_RISCV)) {
             u32 fdt_hartid;
  
  

-- 2.45.1