On 4/16/21 10:42 PM, Ilias Apalodimas wrote:
Hi Heinrich,
On Thu, Apr 15, 2021 at 04:08:55PM +0200, Heinrich Schuchardt wrote:
On 15.04.21 15:30, Masahisa Kojima wrote:
"TCG PC Client Platform Firmware Profile Specification"
requires to measure every attempt to load and execute
a OS Loader(a UEFI application) into PCR[4].
This commit adds the PE/COFF image measurement, extends PCR,
and appends measurement into Event Log.
Signed-off-by: Masahisa Kojima <masahisa.koj...@linaro.org>
Please, provide a unit test that we can run in Gitlab CI on either the
sandbox or QEMU.
The additions to the EFI TCG2 fall under the same category as the initial
patchset and unfortunately suffer from the same problems wrt to using the
sandbox TPM2.
The sandbox capabilities are limited for testing this, starting from the fact
that that we can't even get the tpm2 capabilities we need to start the
protocol correctly.
./drivers/tpm/tpm2_tis_sandbox.c only supports TPM_CAP_TPM_PROPERTIES which is
limited compared to what the TCG code in EFI expects. Similar functionality
is missing from extending and checking PCRs properly etc.
QEMU allows to use a TPM emulation, cf.
https://qemu-project.gitlab.io/qemu/specs/tpm.html#the-qemu-tpm-emulator-device
https://github.com/stefanberger/swtpm
Kojima and I will have a look since this is the only viable option in order to
get useful selftests.
Imho we should review and maybe accept this patch in parallel though, since
it's adding more bits of the TCG PC client specification.
Thanks!
/Ilias
Hello Masahisa,
I am done with my review of the series and waiting for your v2.
Ilias suggested to implement tests in a separate series. I am fine with
this if Ilias supplies a tested-by sign-off for this series.
Best regards
Heinrich
