51 lines
1.7 KiB
Diff
51 lines
1.7 KiB
Diff
|
From f2432efbeb7b6305067111bb3a77ef5d7da4eb5b Mon Sep 17 00:00:00 2001
|
||
|
From: Thore Sommer <mail@thson.de>
|
||
|
Date: Thu, 10 Aug 2023 16:15:57 +0300
|
||
|
Subject: [PATCH 5/6] elchecking/example: add ignores for
|
||
|
EV_PLATFORM_CONFIG_FLAGS
|
||
|
|
||
|
These are generated by edk2 when used with QEMU, but we do not have a
|
||
|
reference for them.
|
||
|
|
||
|
Signed-off-by: Thore Sommer <mail@thson.de>
|
||
|
---
|
||
|
keylime/mba/elchecking/example.py | 15 ++++++++++++++-
|
||
|
1 file changed, 14 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/keylime/mba/elchecking/example.py b/keylime/mba/elchecking/example.py
|
||
|
index 8885227..921db4e 100644
|
||
|
--- a/keylime/mba/elchecking/example.py
|
||
|
+++ b/keylime/mba/elchecking/example.py
|
||
|
@@ -75,7 +75,6 @@ shim_authcode_sha256_no_secureboot = tests.obj_test(
|
||
|
kernel_cmdline=tests.type_test(str),
|
||
|
)
|
||
|
|
||
|
-
|
||
|
allowed_kernel_list_test_no_secureboot = tests.list_test(shim_authcode_sha256_no_secureboot)
|
||
|
|
||
|
|
||
|
@@ -303,6 +302,20 @@ class Example(policies.Policy):
|
||
|
),
|
||
|
),
|
||
|
)
|
||
|
+ # edk2 measures up to 4 of those events, where we do not have a good way to get a reference
|
||
|
+ # See:
|
||
|
+ # - https://github.com/keylime/keylime/issues/1393
|
||
|
+ # - https://github.com/tianocore/edk2/commit/935343cf1639a28530904a1e8d73d6517a07cbff
|
||
|
+ dispatcher.set(
|
||
|
+ (1, "EV_PLATFORM_CONFIG_FLAGS"),
|
||
|
+ tests.Or(
|
||
|
+ tests.OnceTest(tests.AcceptAll()),
|
||
|
+ tests.OnceTest(tests.AcceptAll()),
|
||
|
+ tests.OnceTest(tests.AcceptAll()),
|
||
|
+ tests.OnceTest(tests.AcceptAll()),
|
||
|
+ ),
|
||
|
+ )
|
||
|
+
|
||
|
dispatcher.set((4, "EV_EFI_ACTION"), tests.EvEfiActionTest(4))
|
||
|
for pcr in range(8):
|
||
|
dispatcher.set((pcr, "EV_SEPARATOR"), tests.EvSeperatorTest())
|
||
|
--
|
||
|
2.39.3
|
||
|
|