tpm2-tools
tpm2-tools copied to clipboard
tpm2_eventlog; Handle EV_IPL event in PLCR 12 for sd-boot >= 251
When using sd-boot, tpm2-eventlog throws warnings:
WARN: Event 23 is unexpectedly not extending either PCR 8, 9, or 14 WARN: Event 24 is unexpectedly not extending either PCR 8, 9, or 14
Not only is the data put in PCR 12, but sd-boot doesn't add an unhashed prefix to the data, it hashes the entire event contents.
This pairs of commits addresses that problem
Codecov Report
Merging #3093 (775ea6e) into master (92f3bfd) will decrease coverage by
0.05%
. The diff coverage is66.96%
.
@@ Coverage Diff @@
## master #3093 +/- ##
==========================================
- Coverage 76.68% 76.62% -0.06%
==========================================
Files 172 172
Lines 23117 23202 +85
==========================================
+ Hits 17727 17779 +52
- Misses 5390 5423 +33
Impacted Files | Coverage Δ | |
---|---|---|
lib/tpm2_eventlog_yaml.c | 80.10% <61.64%> (-3.02%) |
:arrow_down: |
lib/tpm2_eventlog.c | 86.42% <76.92%> (-0.95%) |
:arrow_down: |
:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more
@berrange can you please add the eventlog binary here and or add a test.
@berrange can you please add the eventlog binary here and or add a test.
New version
- adds an example eventlog binary, and al
- extends the eventlog.sh test to compare against desired expected YAML output and stderr warnings
- fixes the eventlog YAML generator to emit more spec compliant string data
@berrange, is there a test that uses the yaml files included in the PR?
@berrange, is there a test that uses the yaml files included in the PR?
Yes, look at the test/integration/tests/eventlog.sh
changes in the commit test: track expected YAML output for eventlog For each sample eventlog bin file, it generates YAML output and compares to the expected YAML stored in git.