From 35db127c4920388f07b1c109a88e6845d80ec827 Mon Sep 17 00:00:00 2001
From: CoprDistGit <infra@openeuler.org>
Date: Tue, 6 Aug 2024 02:17:30 +0000
Subject: automatic import of keylime

---
 ...example-add-ignores-for-EV_PLATFORM_CONFI.patch | 50 ++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 0005-elchecking-example-add-ignores-for-EV_PLATFORM_CONFI.patch

(limited to '0005-elchecking-example-add-ignores-for-EV_PLATFORM_CONFI.patch')

diff --git a/0005-elchecking-example-add-ignores-for-EV_PLATFORM_CONFI.patch b/0005-elchecking-example-add-ignores-for-EV_PLATFORM_CONFI.patch
new file mode 100644
index 0000000..18a242d
--- /dev/null
+++ b/0005-elchecking-example-add-ignores-for-EV_PLATFORM_CONFI.patch
@@ -0,0 +1,50 @@
+From f2432efbeb7b6305067111bb3a77ef5d7da4eb5b Mon Sep 17 00:00:00 2001
+From: Thore Sommer <mail@thson.de>
+Date: Thu, 10 Aug 2023 16:15:57 +0300
+Subject: [PATCH 5/6] elchecking/example: add ignores for
+ EV_PLATFORM_CONFIG_FLAGS
+
+These are generated by edk2 when used with QEMU, but we do not have a
+reference for them.
+
+Signed-off-by: Thore Sommer <mail@thson.de>
+---
+ keylime/mba/elchecking/example.py | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/keylime/mba/elchecking/example.py b/keylime/mba/elchecking/example.py
+index 8885227..921db4e 100644
+--- a/keylime/mba/elchecking/example.py
++++ b/keylime/mba/elchecking/example.py
+@@ -75,7 +75,6 @@ shim_authcode_sha256_no_secureboot = tests.obj_test(
+     kernel_cmdline=tests.type_test(str),
+ )
+ 
+-
+ allowed_kernel_list_test_no_secureboot = tests.list_test(shim_authcode_sha256_no_secureboot)
+ 
+ 
+@@ -303,6 +302,20 @@ class Example(policies.Policy):
+                 ),
+             ),
+         )
++        # edk2 measures up to 4 of those events, where we do not have a good way to get a reference
++        # See:
++        # - https://github.com/keylime/keylime/issues/1393
++        # - https://github.com/tianocore/edk2/commit/935343cf1639a28530904a1e8d73d6517a07cbff
++        dispatcher.set(
++            (1, "EV_PLATFORM_CONFIG_FLAGS"),
++            tests.Or(
++                tests.OnceTest(tests.AcceptAll()),
++                tests.OnceTest(tests.AcceptAll()),
++                tests.OnceTest(tests.AcceptAll()),
++                tests.OnceTest(tests.AcceptAll()),
++            ),
++        )
++
+         dispatcher.set((4, "EV_EFI_ACTION"), tests.EvEfiActionTest(4))
+         for pcr in range(8):
+             dispatcher.set((pcr, "EV_SEPARATOR"), tests.EvSeperatorTest())
+-- 
+2.39.3
+
-- 
cgit v1.2.3