On Tue, 18 Jun 2024 at 15:24, Heinrich Schuchardt
<heinrich.schucha...@canonical.com> wrote:
>
> Test that we don't have a /chosen/kaslr-seed property if we measure the
> device-tree.
>
> Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
> ---
> lib/efi_selftest/efi_selftest_fdt.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/lib/efi_selftest/efi_selftest_fdt.c
> b/lib/efi_selftest/efi_selftest_fdt.c
> index aa3b13ae3ab..066d9581432 100644
> --- a/lib/efi_selftest/efi_selftest_fdt.c
> +++ b/lib/efi_selftest/efi_selftest_fdt.c
> @@ -227,6 +227,13 @@ static int execute(void)
> return EFI_ST_FAILURE;
> }
> }
> + if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB)) {
> + str = get_property(u"kaslr-seed", u"chosen");
> + if (str) {
> + efi_st_error("kaslr-seed with measured fdt\n");
> + return EFI_ST_FAILURE;
When does this run? efi_try_purge_kaslr_seed() tries to remove the
kaslr-seed before measuring a DT. Are we safe enavbling the check
here?
Thanks
/Ilias
> + }
> + }
> if (IS_ENABLED(CONFIG_RISCV)) {
> u32 fdt_hartid;
>
> --
> 2.45.1
>
