From: "Stuart Yoder" <stuart.yoder@arm.com>
To: devel@edk2.groups.io, joseph.hemann@arm.com
Cc: G Edhaya Chandran <Edhaya.Chandran@arm.com>,
Barton Gao <gaojie@byosoft.com.cn>,
Carolyn Gjertsen <Carolyn.Gjertsen@amd.com>,
Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>,
Eric Jin <eric.jin@intel.com>, Arvin Chen <arvinx.chen@intel.com>,
Supreeth Venkatesh <Supreeth.Venkatesh@amd.com>,
Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Subject: Re: [edk2-devel] [PATCH 2/6] uefi-sct/SctPkg: TCG2 Protocol: add GetCapability Test
Date: Tue, 1 Feb 2022 12:32:55 -0600 [thread overview]
Message-ID: <b7e40226-4949-5d69-bea6-8960f02019b7@arm.com> (raw)
In-Reply-To: <20220109205827.3608758-3-Joseph.hemann@arm.com>
See inline comments...
> +EFI_STATUS
> +BBTestGetCapabilityConformanceTestCheckpoint2 (
> + IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL *StandardLib,
> + IN EFI_TCG2_PROTOCOL *TCG2
> + )
> +{
> + EFI_TEST_ASSERTION AssertionType;
> + EFI_STATUS Status;
> + char StructureVersionMajor;
> + char StructureVersionMinor;
> + char ProtocolVersionMajor;
> + char ProtocolVersionMinor;
> +
> + EFI_TCG2_BOOT_SERVICE_CAPABILITY BootServiceCap;
> + BootServiceCap.Size = sizeof(UINT8) + (sizeof(EFI_TCG2_VERSION) * 2);
> +
> + Status = TCG2->GetCapability (
> + TCG2,
> + &BootServiceCap);
> +
> + AssertionType = EFI_TEST_ASSERTION_PASSED;
> +
> + // If the input ProtocolCapability.Size < sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY) the function should return EFI_BUFFER_TOO_SMALL
> + if (Status != EFI_BUFFER_TOO_SMALL) {
> + StandardLib->RecordMessage (
>
> + StandardLib,
>
> + EFI_VERBOSE_LEVEL_DEFAULT,
>
> + L"\r\nTCG2 Protocol GetCapablity Test: Did not return Status == EFI_BUFFER_TOO_SMALL with input ProtocolCapability.Size < sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY)"
> + );
> +
> + AssertionType = EFI_TEST_ASSERTION_FAILED;
> + }
> +
> + StructureVersionMajor = BootServiceCap.StructureVersion.Major;
> + StructureVersionMinor = BootServiceCap.StructureVersion.Minor;
> +
> + // If the input ProtocolCapability.Size < sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY) the function will initialize the fields included in ProtocolCapability.Size.
> + if ((StructureVersionMajor != 1) | (StructureVersionMinor != 1)) {
> + StandardLib->RecordMessage (
>
> + StandardLib,
>
> + EFI_VERBOSE_LEVEL_DEFAULT,
>
> + L"\r\nTCG2 Protocol GetCapablity Test: Unexpected struct version numbers returned"
> + );
> +
> + AssertionType = EFI_TEST_ASSERTION_FAILED;
> + }
> +
> + ProtocolVersionMajor = BootServiceCap.ProtocolVersion.Major;
> + ProtocolVersionMinor = BootServiceCap.ProtocolVersion.Minor;
> +
> + if ((ProtocolVersionMajor != 1) | (ProtocolVersionMinor != 1)) {
> + StandardLib->RecordMessage (
>
> + StandardLib,
>
> + EFI_VERBOSE_LEVEL_DEFAULT,
>
> + L"\r\nTCG2 Protocol GetCapablity Test: Unexpected protocol version numbers returned."
> + );
> +
> + AssertionType = EFI_TEST_ASSERTION_FAILED;
> + }
> +
> + StandardLib->RecordAssertion (
> + StandardLib,
> + AssertionType,
> + gTcg2ConformanceTestAssertionGuid002,
> + L"TCG2_PROTOCOL.GetCapability() - GetCapability() shall populate the included structure elements and return with a Status of EFI_BUFFER_TOO_SMALL when structure size is set to less than the size of EFI_TCG_BOOT_SERVICE_CAPABILITY.",
> + L"%a:%d: Status - %r",
> + __FILE__,
> + (UINTN)__LINE__,
> + Status
> + );
In the SCT spec draft there is a test:
f. Verify returned Size equal to size of the
EFI_TCG2_BOOT_SERVICE_CAPABILITY up to and including the vendor ID
field.
...but I don't see that test covered in the code.
> + return EFI_SUCCESS;
> +}
> +
> +EFI_STATUS
> +BBTestGetCapabilityConformanceTestCheckpoint3 (
> + IN EFI_STANDARD_TEST_LIBRARY_PROTOCOL *StandardLib,
> + IN EFI_TCG2_PROTOCOL *TCG2
> + )
> +{
> + EFI_TEST_ASSERTION AssertionType;
> + EFI_STATUS Status;
> + char StructureVersionMajor;
> + char StructureVersionMinor;
> + char ProtocolVersionMajor;
> + char ProtocolVersionMinor;
> + EFI_TCG2_BOOT_SERVICE_CAPABILITY BootServiceCap;
> +
> + BootServiceCap.Size = sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY);
BootServiceCap.Size is not used in this test, so should be able to
delete the above line.
> + Status = TCG2->GetCapability (
> + TCG2,
> + &BootServiceCap);
> +
> + AssertionType = EFI_TEST_ASSERTION_PASSED;
> +
> + if (Status != EFI_SUCCESS) {
> + StandardLib->RecordMessage (
>
> + StandardLib,
>
> + EFI_VERBOSE_LEVEL_DEFAULT,
>
> + L"\r\nTCG2 Protocol GetCapablity Test: GetCapabilty should return EFI_SUCCESS"
> + );
> +
> + AssertionType = EFI_TEST_ASSERTION_FAILED;
> + }
> +
> + StructureVersionMajor = BootServiceCap.StructureVersion.Major;
> + StructureVersionMinor = BootServiceCap.StructureVersion.Minor;
> +
> + // TCG EFI Protocol spec 6.4.4 #4
> + if ((StructureVersionMajor != 1) | (StructureVersionMinor != 1)) {
> + StandardLib->RecordMessage (
>
> + StandardLib,
>
> + EFI_VERBOSE_LEVEL_DEFAULT,
>
> + L"\r\nTCG2 Protocol GetCapablity Test: GetCapabilty should have StructureVersion 1.1"
> + );
> +
> + AssertionType = EFI_TEST_ASSERTION_FAILED;
> + }
> +
> + ProtocolVersionMajor = BootServiceCap.ProtocolVersion.Major;
> + ProtocolVersionMinor = BootServiceCap.ProtocolVersion.Minor;
> +
> + // TCG EFI Protocol spec 6.4.4 #4
> + if ((ProtocolVersionMajor != 1) | (ProtocolVersionMinor != 1)) {
> + StandardLib->RecordMessage (
>
> + StandardLib,
>
> + EFI_VERBOSE_LEVEL_DEFAULT,
>
> + L"\r\nTCG2 Protocol GetCapablity Test: protocol version must be 1.1"
> + );
> +
> + AssertionType = EFI_TEST_ASSERTION_FAILED;
> + }
> +
> + if (!(BootServiceCap.SupportedEventLogs & EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)) {
> + StandardLib->RecordMessage (
>
> + StandardLib,
>
> + EFI_VERBOSE_LEVEL_DEFAULT,
>
> + L"\r\nTCG2 Protocol GetCapablity Test: GetCapabilty must support TCG2 event log format"
> + );
> +
> + AssertionType = EFI_TEST_ASSERTION_FAILED;
> + }
> +
> + if (BootServiceCap.NumberOfPcrBanks < 1 ) {
> + StandardLib->RecordMessage (
>
> + StandardLib,
>
> + EFI_VERBOSE_LEVEL_DEFAULT,
>
> + L"\r\nTCG2 Protocol GetCapablity Test: expect at least 1 PCR bank"
> + );
> +
> + AssertionType = EFI_TEST_ASSERTION_FAILED;
> + }
> +
> + if (!(BootServiceCap.HashAlgorithmBitmap & EFI_TCG2_BOOT_HASH_ALG_SHA256)) {
> + StandardLib->RecordMessage (
>
> + StandardLib,
>
> + EFI_VERBOSE_LEVEL_DEFAULT,
>
> + L"\r\nTCG2 Protocol GetCapablity Test: unexpected hash algorithms reported = %x",
> + BootServiceCap.HashAlgorithmBitmap
> + );
> +
> + AssertionType = EFI_TEST_ASSERTION_FAILED;
> + }
> +
> + if (!(~BootServiceCap.ActivePcrBanks & BootServiceCap.HashAlgorithmBitmap) == 0) {
The above test doesn't look correct to me. Need to sanity check that.
> + StandardLib->RecordMessage (
>
> + StandardLib,
>
> + EFI_VERBOSE_LEVEL_DEFAULT,
>
> + L"\r\nTCG2 Protocol GetCapablity Test: ActivePcrBanks is not a subset of HashAlgorithmBitmap"
> + );
> +
> + AssertionType = EFI_TEST_ASSERTION_FAILED;
> + }
> +
> + if (!(BootServiceCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256)) {
In the SCT spec the test says to verify that ActivePcrBanks includes
SHA256, SHA384, or SHA512. As written the test would fail if active pcr
banks was SHA384.
Thanks,
Stuart
next prev parent reply other threads:[~2022-02-01 18:33 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-09 20:58 [PATCH V2 0/6] Implementation of TCG2 Protocol test Joseph Hemann
2022-01-09 20:58 ` [PATCH 1/6] uefi-sct/SctPkg: TCG2 Protocol: add header with TCG2 protocol definitions Joseph Hemann
2022-01-09 20:58 ` [PATCH 2/6] uefi-sct/SctPkg: TCG2 Protocol: add GetCapability Test Joseph Hemann
2022-02-01 18:32 ` Stuart Yoder [this message]
2022-02-07 17:59 ` [edk2-devel] " Joseph Hemann
2022-01-09 20:58 ` [PATCH 3/6] uefi-sct/SctPkg: TCG2 Protocol: add GetActivePcrBanks test Joseph Hemann
2022-01-09 20:58 ` [PATCH 4/6] uefi-sct/SctPkg: TCG2 Protocol: add HashLogExtendEvent test Joseph Hemann
2022-01-09 20:58 ` [PATCH 5/6] uefi-sct/SctPkg: TCG2 Protocol: add GetEventLog test Joseph Hemann
2022-01-09 20:58 ` [PATCH 6/6] uefi-sct/SctPkg: TCG2 Protocol: add SubmitCommand test Joseph Hemann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b7e40226-4949-5d69-bea6-8960f02019b7@arm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox