Hi Heinrich [...]
> >>> +$(obj)/efi_selftest_tcg2.o: $(obj)/efi_miniapp_file_image_measuredboot.h > >>> diff --git a/lib/efi_selftest/efi_selftest_miniapp_measuredboot.c > >>> b/lib/efi_selftest/efi_selftest_miniapp_measuredboot.c > >> > >> Thank you for going the extra mile and adding the test. > >> > >> Which image is actually loaded seems to be irrelevant for the test. Can > >> we reuse an existing one, e.g. efi_miniapp_file_image_return.h? > >> > >> I guess the PCR related to the loaded image is not checked as it will > >> depend on the build tools and date. > > > > Sorry, I'm doing wrong. > > Actually this selftest verifies the PE/COFF image measurement, so measuremt > > will be different depending on the build tools and date. > > # In my build environment, timestamp is set to all zero. > > > > To test the PE/COFF image measurement, I must prepare the > > static PE/COFF image. I plan to add efi_miniapp_file_image_measuredboot.h > > as a pre-compiled small static PE/COFF image for the measurement test, > > instead of adding efi_selftest_miniapp_measuredboot.c or reusing existing > > one. > > You will need one image per UEFI architecture (ia32, x64, arm, aa64, > riscv32, riscv64). You could present the image via the > EFI_LOAD_FILE2_PROTOCOL, see lib/efi_selftest/efi_selftest_load_file.c. The EFI TCG2 is governed by a spec. What it basically does is extend a number of hardware PCRs with a sha1/256/384/512 for a given image. Wouldn't performing the selftest for arm/arm64 be enough? What am I missing? [...] Regards /Ilias
