Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[DO NOT MERGE] [PROTOTYPE] Stabilizing PCR4 Measurements #1271

Draft
wants to merge 1 commit into
base: dev/202405
Choose a base branch
from
Draft

[DO NOT MERGE] [PROTOTYPE] Stabilizing PCR4 Measurements #1271

wants to merge 1 commit into from
+28 −1

Conversation

Flickdm
Copy link
Member

@Flickdm Flickdm commented Feb 4, 2025
edited
Loading

Description

This is an effort to stabilize PCR4 measurements.

There are a few known issues with PCR4 measurements that need to be addressed.

  1. Applications that originate from a measured FV and are an extension of the BDS environment should not signal ready to boot nor be measured into PCR4.
  2. File paths that do not exist should not be loaded thus should not signal ready to boot nor should they be measured into PCR4.
  3. Applications that originate from a measured FV should not be measured into PCR4 ([DO NOT MERGE] [PROTOTYPE] Stabilizing PCR4 Measurements  mu_tiano_plus#330)

For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

Related Pull Requests

microsoft/mu_plus#637
microsoft/mu_tiano_plus#330

How This Was Tested

Various Boot Paths

Integration Instructions

N/A (TODO)

@github-actions github-actions bot added impact:breaking-change Requires integration attention impact:security Has a security impact labels Feb 4, 2025
@Flickdm Flickdm changed the title [DRAFT] Stabilizing PCR4 Measurements [DO NOT MERGE] [PROTOTYPE] Stabilizing PCR4 Measurements Feb 4, 2025
@codecov-commenter
Copy link

codecov-commenter commented Feb 4, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 1.60%. Comparing base (76f3943) to head (dea47ed).

Additional details and impacted files 
@@              Coverage Diff               @@
##           dev/202405    #1271      +/-   ##
==============================================
- Coverage        1.60%    1.60%   -0.01%     
==============================================
  Files            1379     1379              
  Lines          359694   359702       +8     
  Branches         5524     5524              
==============================================
  Hits             5760     5760              
- Misses         353827   353835       +8     
  Partials          107      107
Flag Coverage Δ
MdeModulePkg 0.67% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Flickdm
Flickdm commented Feb 19, 2025
View reviewed changes
Copy link
Member Author

@Flickdm Flickdm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SQUASH Remove Locate file

MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c
} else {
}
// MU_CHANGE [BEGIN]
else if (BmIsFvFilePath (BootOption->FilePath)) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do not measure valid FV files into ReadyToBoot

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
impact:breaking-change Requires integration attention impact:security Has a security impact
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Flickdm @codecov-commenter