On 18.06.24 17:54, Ilias Apalodimas wrote:
On Tue, 18 Jun 2024 at 15:24, Heinrich Schuchardt <heinrich.schucha...@canonical.com> wrote:Test that we don't have a /chosen/kaslr-seed property if we measure the device-tree. Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com> --- lib/efi_selftest/efi_selftest_fdt.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/efi_selftest/efi_selftest_fdt.c b/lib/efi_selftest/efi_selftest_fdt.c index aa3b13ae3ab..066d9581432 100644 --- a/lib/efi_selftest/efi_selftest_fdt.c +++ b/lib/efi_selftest/efi_selftest_fdt.c @@ -227,6 +227,13 @@ static int execute(void) return EFI_ST_FAILURE; } } + if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB)) { + str = get_property(u"kaslr-seed", u"chosen"); + if (str) { + efi_st_error("kaslr-seed with measured fdt\n"); + return EFI_ST_FAILURE;When does this run? efi_try_purge_kaslr_seed() tries to remove the kaslr-seed before measuring a DT. Are we safe enavbling the check here?
do_efi_selftest() is called after efi_install_fdt(). efi_install_fdt() invokes efi_try_purge_kaslr_seed().
We would get an error here if efi_try_purge_kaslr_seed() were removed and measuring the DTB enabled.
Best regards Heinrich
Thanks /Ilias+ } + } if (IS_ENABLED(CONFIG_RISCV)) { u32 fdt_hartid; -- 2.45.1
