diff options
Diffstat (limited to '0005-elchecking-example-add-ignores-for-EV_PLATFORM_CONFI.patch')
| -rw-r--r-- | 0005-elchecking-example-add-ignores-for-EV_PLATFORM_CONFI.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/0005-elchecking-example-add-ignores-for-EV_PLATFORM_CONFI.patch b/0005-elchecking-example-add-ignores-for-EV_PLATFORM_CONFI.patch new file mode 100644 index 0000000..18a242d --- /dev/null +++ b/0005-elchecking-example-add-ignores-for-EV_PLATFORM_CONFI.patch @@ -0,0 +1,50 @@ +From f2432efbeb7b6305067111bb3a77ef5d7da4eb5b Mon Sep 17 00:00:00 2001 +From: Thore Sommer <mail@thson.de> +Date: Thu, 10 Aug 2023 16:15:57 +0300 +Subject: [PATCH 5/6] elchecking/example: add ignores for + EV_PLATFORM_CONFIG_FLAGS + +These are generated by edk2 when used with QEMU, but we do not have a +reference for them. + +Signed-off-by: Thore Sommer <mail@thson.de> +--- + keylime/mba/elchecking/example.py | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/keylime/mba/elchecking/example.py b/keylime/mba/elchecking/example.py +index 8885227..921db4e 100644 +--- a/keylime/mba/elchecking/example.py ++++ b/keylime/mba/elchecking/example.py +@@ -75,7 +75,6 @@ shim_authcode_sha256_no_secureboot = tests.obj_test( + kernel_cmdline=tests.type_test(str), + ) + +- + allowed_kernel_list_test_no_secureboot = tests.list_test(shim_authcode_sha256_no_secureboot) + + +@@ -303,6 +302,20 @@ class Example(policies.Policy): + ), + ), + ) ++ # edk2 measures up to 4 of those events, where we do not have a good way to get a reference ++ # See: ++ # - https://github.com/keylime/keylime/issues/1393 ++ # - https://github.com/tianocore/edk2/commit/935343cf1639a28530904a1e8d73d6517a07cbff ++ dispatcher.set( ++ (1, "EV_PLATFORM_CONFIG_FLAGS"), ++ tests.Or( ++ tests.OnceTest(tests.AcceptAll()), ++ tests.OnceTest(tests.AcceptAll()), ++ tests.OnceTest(tests.AcceptAll()), ++ tests.OnceTest(tests.AcceptAll()), ++ ), ++ ) ++ + dispatcher.set((4, "EV_EFI_ACTION"), tests.EvEfiActionTest(4)) + for pcr in range(8): + dispatcher.set((pcr, "EV_SEPARATOR"), tests.EvSeperatorTest()) +-- +2.39.3 + |