From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: Simon Glass <sjg@chromium.org>
Cc: Masahisa Kojima <masahisa.kojima@linaro.org>,
Heinrich Schuchardt <xypron.glpk@gmx.de>,
Alexander Graf <agraf@csgraf.de>,
Dhananjay Phadke <dphadke@linux.microsoft.com>,
U-Boot Mailing List <u-boot@lists.denx.de>
Subject: Re: [PATCH 2/5] efi_loader: add secure boot variable measurement
Date: Wed, 7 Jul 2021 21:44:37 +0300 [thread overview]
Message-ID: <YOX2FTyobkLW6yTt@enceladus> (raw)
In-Reply-To: <CAPnjgZ0FGaEykBEoPD7pTRtd-ez8E_Sqs7TMHEpRyqPf7Fh4fQ@mail.gmail.com>
On Wed, Jul 07, 2021 at 11:49:33AM -0600, Simon Glass wrote:
> Hi Ilias,
>
> On Wed, 7 Jul 2021 at 11:40, Ilias Apalodimas
> <ilias.apalodimas@linaro.org> wrote:
> >
> > Hi Simon,
> >
> > On Wed, Jul 07, 2021 at 11:37:01AM -0600, Simon Glass wrote:
> > > Hi Masahisa,
> > >
> > > On Wed, 7 Jul 2021 at 07:36, Masahisa Kojima <masahisa.kojima@linaro.org> wrote:
> > > >
> > > > TCG PC Client PFP spec requires to measure the secure
> > > > boot policy before validating the UEFI image.
> > > > This commit adds the secure boot variable measurement
> > > > of "SecureBoot", "PK", "KEK", "db" and "dbx".
> > > >
> > > > Note that this implementation assumes that secure boot
> > > > variables are pre-configured and not be set/updated in runtime.
> > > >
> > > > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
> > > > ---
> > > > include/efi_tcg2.h | 20 ++++++
> > > > lib/efi_loader/efi_tcg2.c | 135 ++++++++++++++++++++++++++++++++++++++
> > > > 2 files changed, 155 insertions(+)
> > >
> > > Where are the tests for this code, please?
> >
> > As we discussed in the past, the EFI TCG code can't be tested with the
> > asndbox as-is. I'll have a look on your sandbox patches in case we can now
> > use those, but in any case, I've sent a TPM mmio based driver. Even if the
> > sandbox is still not enough we can add tests once the mmio TPM driver gets
> > merged
>
> Can you add features to the sandbox driver? I just sent a series that
> added nvdata, for example.
Yea I've seen that, I was going to have a look. I'll try but my schedule
is pretty tight atm.
Thanks
/Ilias
>
> Regards,
> Simon
next prev parent reply other threads:[~2021-07-07 18:44 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-07 13:36 [PATCH 0/5] add measurement support Masahisa Kojima
2021-07-07 13:36 ` [PATCH 1/5] efi_loader: increase eventlog buffer size Masahisa Kojima
2021-07-07 13:47 ` Heinrich Schuchardt
2021-07-08 2:21 ` Masahisa Kojima
2021-07-11 0:01 ` Simon Glass
2021-07-12 8:40 ` Masahisa Kojima
2021-07-12 9:27 ` Ilias Apalodimas
2021-07-14 14:52 ` Simon Glass
2021-07-15 6:20 ` Ilias Apalodimas
2021-07-15 12:57 ` Simon Glass
2021-07-15 14:33 ` Heinrich Schuchardt
2021-07-15 15:18 ` Simon Glass
2021-07-15 15:29 ` Heinrich Schuchardt
2021-07-15 16:09 ` Simon Glass
2021-07-14 14:50 ` Simon Glass
2021-07-15 5:09 ` Masahisa Kojima
2021-07-15 6:46 ` Ilias Apalodimas
2021-07-15 7:50 ` Masahisa Kojima
2021-07-07 13:36 ` [PATCH 2/5] efi_loader: add secure boot variable measurement Masahisa Kojima
2021-07-07 17:37 ` Simon Glass
2021-07-07 17:40 ` Ilias Apalodimas
2021-07-07 17:49 ` Simon Glass
2021-07-07 18:44 ` Ilias Apalodimas [this message]
2021-07-08 17:46 ` Heinrich Schuchardt
2021-07-09 2:34 ` Masahisa Kojima
2021-07-07 13:36 ` [PATCH 3/5] efi_loader: add " Masahisa Kojima
2021-07-07 18:56 ` Ilias Apalodimas
2021-07-08 2:44 ` Masahisa Kojima
2021-07-08 17:46 ` Heinrich Schuchardt
2021-07-09 2:44 ` Masahisa Kojima
2021-07-13 8:31 ` Masahisa Kojima
2021-07-13 14:24 ` Heinrich Schuchardt
2021-07-13 23:54 ` AKASHI Takahiro
2021-07-14 0:40 ` Masahisa Kojima
2021-07-07 13:36 ` [PATCH 4/5] efi_loader: add ExitBootServices() measurement Masahisa Kojima
2021-07-08 17:40 ` Heinrich Schuchardt
2021-07-09 3:05 ` Masahisa Kojima
2021-07-07 13:36 ` [PATCH 5/5] efi_loader: refactor efi_append_scrtm_version() Masahisa Kojima
2021-07-08 17:31 ` Heinrich Schuchardt
2021-07-09 2:05 ` Masahisa Kojima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YOX2FTyobkLW6yTt@enceladus \
--to=ilias.apalodimas@linaro.org \
--cc=agraf@csgraf.de \
--cc=dphadke@linux.microsoft.com \
--cc=masahisa.kojima@linaro.org \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox