On Sat, 22 Jun 2024 at 17:58, Heinrich Schuchardt
<heinrich.schucha...@canonical.com> wrote:
>
> On 18.06.24 17:54, Ilias Apalodimas wrote:
> > On Tue, 18 Jun 2024 at 15:24, Heinrich Schuchardt
> > <heinrich.schucha...@canonical.com> wrote:
> >>
> >> Test that we don't have a /chosen/kaslr-seed property if we measure the
> >> device-tree.
> >>
> >> Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
> >> ---
> >> lib/efi_selftest/efi_selftest_fdt.c | 7 +++++++
> >> 1 file changed, 7 insertions(+)
> >>
> >> diff --git a/lib/efi_selftest/efi_selftest_fdt.c
> >> b/lib/efi_selftest/efi_selftest_fdt.c
> >> index aa3b13ae3ab..066d9581432 100644
> >> --- a/lib/efi_selftest/efi_selftest_fdt.c
> >> +++ b/lib/efi_selftest/efi_selftest_fdt.c
> >> @@ -227,6 +227,13 @@ static int execute(void)
> >> return EFI_ST_FAILURE;
> >> }
> >> }
> >> + if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB)) {
> >> + str = get_property(u"kaslr-seed", u"chosen");
> >> + if (str) {
> >> + efi_st_error("kaslr-seed with measured fdt\n");
> >> + return EFI_ST_FAILURE;
> >
> > When does this run? efi_try_purge_kaslr_seed() tries to remove the
> > kaslr-seed before measuring a DT. Are we safe enavbling the check
> > here?
>
> do_efi_selftest() is called after efi_install_fdt(). efi_install_fdt()
> invokes efi_try_purge_kaslr_seed().
>
> We would get an error here if efi_try_purge_kaslr_seed() were removed
> and measuring the DTB enabled.
>
> Best regards
Thanks! That's what I was wondering
Reviewed-by: Ilias Apalodimas <ilias.apalodi...@linaro.org>
>
> Heinrich
>
> >
> > Thanks
> > /Ilias
> >> + }
> >> + }
> >> if (IS_ENABLED(CONFIG_RISCV)) {
> >> u32 fdt_hartid;
> >>
> >> --
> >> 2.45.1
> >>
>
