Skip to content

v2023020001.2.0
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Aug 15:52
· 148 commits to refs/heads/release/202302 since this release
v2023020001.2.0
0a6bebd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

🚀 Features & ✨ Enhancements

  • Add TpmTestingPkg and TPM Replay feature [Rebase \& FF] @makubacki (#287)
    Change Details
      ## Description

    Contains four commits:

    TpmTestingPkg: Add initial package

    Adds a new package that holds TPM testing functionality.

    Currently, a feature is present called "TPM Replay" that provides
    the ability to replay TPM measurements from a custom-made event log.

    The primary purpose is for testing operating system features
    dependent on TPM measurements. More details about this feature are
    available in TpmTestingPkg/TpmReplayPeiDxe/Readme.md.

    This feature is designed to ease platform integration and can be
    applied to physical and virtual systems.

    TpmTestingPkg: Remove DXE functionality

    Removes DXE placeholders since they are currently not used. This
    commit is left in source history to show where DXE functionality
    would hook into the code flows if added in the future.

    TpmTestingPkg: Add TPM Replay tool

    Adds a new tool that allows a user to specify a TPM Event Log in
    JSON or YAML (validated against a supplied schema) that is transformed
    into a binary that can be used by the TPM Replay feature.

    A binary can also be transformed back to a YAML file.

    This is an initial draft of the tool. Some files or code will likely
    move to other more generic repos, the schema to a public schema
    store, and new features are planned to be added as well. For example,
    some PCR7 events will allow individual UEFI variable details to be
    specified in the input JSON/YAML file to make their creation more
    clear.

    While this is planned, the initial draft provides sufficient
    functionality to use with the feature and share with others now.

    .azurepipelines: Add TpmTestingPkg

    Includes the package in the pipeline build.

    Rebalances the build matrix taking the new package into account.

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    • Input YAML to binary
    • Input JSON to binary
    • Input binary to YAML
    • Replay events on QEMU Q35 to PCRs
    • Verify event log in OS against the input file

    Example: YAML to Binary and Binary Back to YAML

    tpm_replay_script_example
    (click the image to enlarge it)

    Example: Viewing the Replayed Log in Windows

    tpm_replay_event_log_in_os

    Integration Instructions

    N/A



Full Changelog: v2023020001.1.2...v2023020001.2.0

Contributors

makubacki
Assets 2
Loading