mbox series

[v6a,0/4] Initial secure variable drivers addendum

Message ID 20200928220609.10479-1-erichte@linux.ibm.com
Headers show
Series Initial secure variable drivers addendum | expand


Eric Richter Sept. 28, 2020, 10:06 p.m. UTC
This is a small set of patches meant to be applied on top of the
previous set, "Add initial secure variable storage and backend
drivers"[1]. This set contains some fixes and adjustments as found from
continued testing.

These patches can be either applied on top of the v6 set, or can be
merged into their respective patches. These patches were sent standalone
to avoid excess mail clutter.

Changes include:
 - chunking tss nv reads/writes to allow for larger indices
 - increase the NV vars index size, to allow for larger PK certs.
 - improvements to the edk2 driver unit test case
 - improvements to logging in the edk2 driver
 - edk2 driver bug fixes
   - fix memory leak in validate_esl_list()
   - fixed resetting global setup_mode variable after processing failure
   - fixes regarding hardware key hash handling

[1] https://lists.ozlabs.org/pipermail/skiboot/2020-September/017242.html

Eric Richter (2):
  tssskiboot.c: chunk reads/writes in 1024-sized buffers to support
    larger nv indices
  secboot_tpm.c: increase tpmnv vars index size

Nayna Jain (2):
  secvar/backend: Bugfixes in edk2 driver
  secvar/backend: improve edk2 driver unit testcases

 libstb/secvar/backend/edk2-compat-process.c   |  24 +-
 libstb/secvar/backend/edk2-compat-reset.c     |   7 +-
 libstb/secvar/backend/edk2-compat.c           |  20 +-
 libstb/secvar/storage/fakenv_ops.c            |   2 +-
 libstb/secvar/storage/gen_tpmnv_public_name.c |   2 +-
 libstb/secvar/storage/secboot_tpm.c           |   8 +-
 libstb/secvar/test/data/dbxcert.h             | 161 +++++++++++
 libstb/secvar/test/secvar-test-edk2-compat.c  | 263 +++++++++++++++---
 libstb/tss2/tssskiboot.c                      |  82 ++++--
 9 files changed, 484 insertions(+), 85 deletions(-)
 create mode 100644 libstb/secvar/test/data/dbxcert.h