From 56f8c83501aadc2c727da38c13a05d10a865a6e5 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Wed, 16 Apr 2025 21:22:57 +0100 Subject: [PATCH] preinstall: Return warnings as errors if RunChecks is already going to return an error If RunChecks returns one or more errors, any warnings that have been collected and which would normally be returned via the CheckResults structure will be discarded. In the case where RunChecks is already going to return one or more errors, it should also return any warnings that occurred as errors as well. --- efi/preinstall/checks.go | 3 + efi/preinstall/checks_context_test.go | 533 ++++++++++++++++---------- efi/preinstall/checks_test.go | 305 +++++++++++++-- 3 files changed, 604 insertions(+), 237 deletions(-) diff --git a/efi/preinstall/checks.go b/efi/preinstall/checks.go index 6cc24665..bc27a8f4 100644 --- a/efi/preinstall/checks.go +++ b/efi/preinstall/checks.go @@ -489,6 +489,9 @@ func RunChecks(ctx context.Context, flags CheckFlags, loadedImages []secboot_efi } if len(deferredErrs) > 0 { + // If we are returning one or more error, then append any warnings + // to the returned errors as well. + deferredErrs = append(deferredErrs, warnings...) return nil, joinErrors(deferredErrs...) } diff --git a/efi/preinstall/checks_context_test.go b/efi/preinstall/checks_context_test.go index 922a25b7..31bda63d 100644 --- a/efi/preinstall/checks_context_test.go +++ b/efi/preinstall/checks_context_test.go @@ -22,7 +22,6 @@ package preinstall_test import ( "context" "crypto" - "encoding/json" "io" "time" @@ -1732,14 +1731,26 @@ C7E003CB tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), }, enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, - profileOpts: PCRProfileOptionsDefault, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + profileOpts: PCRProfileOptionsDefault, prepare: func(_ int) { s.HierarchyChangeAuth(c, tpm2.HandleLockout, []byte("1234")) c.Check(s.TPM.SetPrimaryPolicy(s.TPM.OwnerHandleContext(), make([]byte, 32), tpm2.HashAlgorithmSHA256, nil), IsNil) }, - actions: []actionAndArgs{{action: ActionNone}}, + actions: []actionAndArgs{{action: ActionNone}}, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `error with TPM2 device: one or more of the TPM hierarchies is already owned: - TPM_RH_LOCKOUT has an authorization value - TPM_RH_OWNER has an authorization policy @@ -1800,7 +1811,18 @@ C7E003CB tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), }, enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, - profileOpts: PCRProfileOptionsDefault, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + profileOpts: PCRProfileOptionsDefault, prepare: func(_ int) { c.Assert(s.TPM.DictionaryAttackParameters(s.TPM.LockoutHandleContext(), 32, 7200, 86400, nil), IsNil) // Authorize the lockout hierarchy enough times with a bogus value to trip it @@ -1829,9 +1851,10 @@ C7E003CB c.Errorf("unexpected error: %v", err) } }, - actions: []actionAndArgs{{action: ActionNone}}, + actions: []actionAndArgs{{action: ActionNone}}, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `error with TPM2 device: TPM is in DA lockout mode`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindTPMDeviceLockout, &TPMDeviceLockoutArgs{IntervalDuration: 2 * time.Hour, TotalDuration: 64 * time.Hour}, []Action{ActionRebootToFWSettings}, errs[0].Unwrap())) } @@ -1884,10 +1907,22 @@ C7E003CB tpm2.PropertyPSFamilyIndicator: 1, }, enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, - profileOpts: PCRProfileOptionsDefault, - actions: []actionAndArgs{{action: ActionNone}}, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + profileOpts: PCRProfileOptionsDefault, + actions: []actionAndArgs{{action: ActionNone}}, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `error with TPM2 device: insufficient NV counters available`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindInsufficientTPMStorage, nil, []Action{ActionRebootToFWSettings}, errs[0].Unwrap())) } @@ -1972,9 +2007,21 @@ C7E003CB s.HierarchyChangeAuth(c, tpm2.HandleLockout, []byte("1234")) }, - actions: []actionAndArgs{{action: ActionNone}}, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + actions: []actionAndArgs{{action: ActionNone}}, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 2) + c.Assert(errs, HasLen, 5) c.Check(errs[0], ErrorMatches, `error with TPM2 device: one or more of the TPM hierarchies is already owned: - TPM_RH_LOCKOUT has an authorization value @@ -2361,6 +2408,14 @@ C7E003CB })), efitest.WithAMD64Environment("GenuineIntel", []uint64{cpuid.SDBG, cpuid.SMX}, 4, map[uint32]uint64{0x13a: (3 << 1), 0xc80: 0x40000000}), efitest.WithSysfsDevices(devices), + efitest.WithMockVars(efitest.MockVars{ + {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, + {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, + {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x1}}, + {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), ), tpmPropertyModifiers: map[tpm2.Property]uint32{ tpm2.PropertyNVCountersMax: 0, @@ -2368,9 +2423,21 @@ C7E003CB tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), }, enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, - actions: []actionAndArgs{{action: ActionNone}}, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + actions: []actionAndArgs{{action: ActionNone}}, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 5) c.Check(errs[0], ErrorMatches, `error with system security: the platform firmware contains a debugging endpoint enabled`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindUEFIDebuggingEnabled, nil, []Action{ActionContactOEM}, errs[0].Unwrap())) } @@ -2410,6 +2477,14 @@ C7E003CB })), efitest.WithAMD64Environment("GenuineIntel", []uint64{cpuid.SDBG, cpuid.SMX}, 4, map[uint32]uint64{0x13a: (3 << 1), 0xc80: 0x40000000}), efitest.WithSysfsDevices(devices), + efitest.WithMockVars(efitest.MockVars{ + {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, + {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, + {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x1}}, + {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), ), tpmPropertyModifiers: map[tpm2.Property]uint32{ tpm2.PropertyNVCountersMax: 0, @@ -2417,9 +2492,21 @@ C7E003CB tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), }, enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, - actions: []actionAndArgs{{action: ActionNone}}, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + actions: []actionAndArgs{{action: ActionNone}}, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 5) c.Check(errs[0], ErrorMatches, `error with system security: the platform firmware indicates that DMA protections are insufficient`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindInsufficientDMAProtection, nil, []Action{ActionRebootToFWSettings}, errs[0].Unwrap())) } @@ -2452,6 +2539,14 @@ C7E003CB efitest.WithLog(efitest.NewLog(c, &efitest.LogOptions{Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}})), efitest.WithAMD64Environment("GenuineIntel", []uint64{cpuid.SDBG, cpuid.SMX}, 4, map[uint32]uint64{0x13a: (3 << 1), 0xc80: 0x40000000}), efitest.WithSysfsDevices(devices), + efitest.WithMockVars(efitest.MockVars{ + {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, + {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, + {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x1}}, + {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), ), tpmPropertyModifiers: map[tpm2.Property]uint32{ tpm2.PropertyNVCountersMax: 0, @@ -2459,9 +2554,21 @@ C7E003CB tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), }, enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, - actions: []actionAndArgs{{action: ActionNone}}, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + actions: []actionAndArgs{{action: ActionNone}}, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `error with system security: no kernel IOMMU support was detected`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindNoKernelIOMMU, nil, []Action{ActionContactOSVendor}, errs[0].Unwrap())) } @@ -2499,6 +2606,14 @@ C7E003CB efitest.WithLog(efitest.NewLog(c, &efitest.LogOptions{Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}})), efitest.WithAMD64Environment("GenuineIntel", []uint64{cpuid.SDBG, cpuid.SMX}, 4, map[uint32]uint64{0x13a: (2 << 1), 0xc80: 0x40000000}), efitest.WithSysfsDevices(devices), + efitest.WithMockVars(efitest.MockVars{ + {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, + {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, + {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x1}}, + {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), ), tpmPropertyModifiers: map[tpm2.Property]uint32{ tpm2.PropertyNVCountersMax: 0, @@ -2506,9 +2621,21 @@ C7E003CB tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), }, enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, - actions: []actionAndArgs{{action: ActionNone}}, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + actions: []actionAndArgs{{action: ActionNone}}, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `error with system security: access to the discrete TPM's startup locality is available to platform firmware and privileged OS code, preventing any mitigation against reset attacks`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindTPMStartupLocalityNotProtected, nil, nil, errs[0].Unwrap())) } @@ -2545,6 +2672,14 @@ C7E003CB })), efitest.WithAMD64Environment("GenuineIntel", []uint64{cpuid.SDBG, cpuid.SMX}, 4, map[uint32]uint64{0x13a: (2 << 1), 0xc80: 0x40000000}), efitest.WithSysfsDevices(devices), + efitest.WithMockVars(efitest.MockVars{ + {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, + {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, + {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x1}}, + {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), ), tpmPropertyModifiers: map[tpm2.Property]uint32{ tpm2.PropertyNVCountersMax: 0, @@ -2552,10 +2687,21 @@ C7E003CB tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), }, enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, - actions: []actionAndArgs{{action: ActionNone}}, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + actions: []actionAndArgs{{action: ActionNone}}, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Logf("%v", errs) - c.Assert(errs, HasLen, 2) + c.Assert(errs, HasLen, 6) c.Check(errs[0], ErrorMatches, `error with system security: the platform firmware contains a debugging endpoint enabled`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindUEFIDebuggingEnabled, nil, []Action{ActionContactOEM}, errs[0].Unwrap())) @@ -2826,7 +2972,7 @@ C7E003CB actions: []actionAndArgs{{action: ActionNone}}, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 3) + c.Assert(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindPCRUnsupported, &PCRUnsupportedArgs{PCR: 1, URL: "https://github.com/canonical/secboot/issues/322"}, nil, errs[0].Unwrap())) @@ -2902,11 +3048,11 @@ C7E003CB actions: []actionAndArgs{{action: ActionNone}}, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `the PCR bank for TPM_ALG_SHA384 is missing from the TCG log but active and with one or more empty PCRs on the TPM`) - c.Check(errs[0], DeepEquals, NewWithKindAndActionsErrorForTest( + c.Check(errs[0], DeepEquals, NewWithKindAndActionsError( ErrorKindEmptyPCRBanks, - map[string]json.RawMessage{"algs": []byte("[12]")}, + &EmptyPCRBanksError{Algs: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA384}}, []Action{ActionRebootToFWSettings, ActionContactOEM}, &EmptyPCRBanksError{Algs: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA384}}, )) @@ -2978,7 +3124,7 @@ C7E003CB actions: []actionAndArgs{{action: ActionNone}}, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `value added retailer supplied drivers were detected to be running`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindVARSuppliedDriversPresent, nil, nil, ErrVARSuppliedDriversPresent)) } @@ -3049,7 +3195,7 @@ C7E003CB actions: []actionAndArgs{{action: ActionNone}}, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `system preparation applications were detected to be running`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindSysPrepApplicationsPresent, nil, nil, ErrSysPrepApplicationsPresent)) } @@ -3120,7 +3266,7 @@ C7E003CB actions: []actionAndArgs{{action: ActionNone}}, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(errs, HasLen, 1) + c.Check(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `Absolute was detected to be active and it is advised that this is disabled`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindAbsolutePresent, nil, []Action{ActionContactOEM, ActionRebootToFWSettings}, ErrAbsoluteComputraceActive)) } @@ -3192,7 +3338,7 @@ C7E003CB profileOpts: PCRProfileOptionsDefault, actions: []actionAndArgs{{action: ActionNone}}, }) - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `error with boot manager code \(PCR4\) measurements: not all EV_EFI_BOOT_SERVICES_APPLICATION boot manager launch digests could be verified`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindPCRUnusable, PCRUnusableArg(4), []Action{ActionContactOEM}, errs[0].Unwrap())) } @@ -3263,7 +3409,7 @@ C7E003CB actions: []actionAndArgs{{action: ActionNone}}, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(errs, HasLen, 1) + c.Check(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `error with secure boot policy \(PCR7\) measurements: deployed mode should be enabled in order to generate secure boot profiles`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindInvalidSecureBootMode, nil, []Action{ActionRebootToFWSettings}, errs[0].Unwrap())) } @@ -3351,7 +3497,7 @@ C7E003CB actions: []actionAndArgs{{action: ActionNone}}, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(errs, HasLen, 1) + c.Check(errs, HasLen, 4) c.Check(errs[0], ErrorMatches, `error with secure boot policy \(PCR7\) measurements: unexpected EV_EFI_VARIABLE_DRIVER_CONFIG event: all expected secure boot variable have been measured`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindPCRUnusable, PCRUnusableArg(7), []Action{ActionContactOEM}, errs[0].Unwrap())) } @@ -3424,7 +3570,7 @@ C7E003CB actions: []actionAndArgs{{action: ActionNone}}, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(errs, HasLen, 3) + c.Check(errs, HasLen, 6) c.Check(errs[0], ErrorMatches, `value added retailer supplied drivers were detected to be running`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindVARSuppliedDriversPresent, nil, nil, ErrVARSuppliedDriversPresent)) @@ -3435,165 +3581,162 @@ C7E003CB c.Check(errs[2], DeepEquals, NewWithKindAndActionsError(ErrorKindPreOSDigestVerificationDetected, nil, nil, ErrPreOSVerificationUsingDigests)) } -// TODO: This is disabled temporarily until a follow-up PR which adds warnings to the returned errors -// if RunChecks is going to return one or more errors anyway. -//func (s *runChecksContextSuite) TestRunChecksBadTPMHierarchiesOwnedAndNoSecureBootPolicySupport(c *C) { -// // Test case with more than one error. -// meiAttrs := map[string][]byte{ -// "fw_ver": []byte(`0:16.1.27.2176 -//0:16.1.27.2176 -//0:16.0.15.1624 -//`), -// "fw_status": []byte(`94000245 -//09F10506 -//00000020 -//00004000 -//00041F03 -//C7E003CB -//`), -// } -// devices := map[string][]internal_efi.SysfsDevice{ -// "iommu": []internal_efi.SysfsDevice{ -// efitest.NewMockSysfsDevice("dmar0", "/sys/devices/virtual/iommu/dmar0", "iommu", nil), -// efitest.NewMockSysfsDevice("dmar1", "/sys/devices/virtual/iommu/dmar1", "iommu", nil), -// }, -// "mei": []internal_efi.SysfsDevice{ -// efitest.NewMockSysfsDevice("mei0", "/sys/devices/pci0000:00/0000:00:16.0/mei/mei0", "mei", meiAttrs), -// }, -// } -// -// errs := s.testRun(c, &testRunChecksContextRunParams{ -// env: efitest.NewMockHostEnvironmentWithOpts( -// efitest.WithVirtMode(internal_efi.VirtModeNone, internal_efi.DetectVirtModeAll), -// efitest.WithTPMDevice(tpm2_testutil.NewTransportBackedDevice(s.Transport, false, 1)), -// efitest.WithLog(efitest.NewLog(c, &efitest.LogOptions{ -// Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, -// })), -// efitest.WithAMD64Environment("GenuineIntel", []uint64{cpuid.SDBG, cpuid.SMX}, 4, map[uint32]uint64{0x13a: (3 << 1), 0xc80: 0x40000000}), -// efitest.WithSysfsDevices(devices), -// efitest.WithMockVars(efitest.MockVars{ -// {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, -// {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, -// {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, -// {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, -// {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, -// {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, -// }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), -// ), -// tpmPropertyModifiers: map[tpm2.Property]uint32{ -// tpm2.PropertyNVCountersMax: 0, -// tpm2.PropertyPSFamilyIndicator: 1, -// tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), -// }, -// enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, -// prepare: func(_ int) { -// c.Assert(s.TPM.HierarchyChangeAuth(s.TPM.LockoutHandleContext(), []byte{1, 2, 3, 4}, nil), IsNil) -// }, -// loadedImages: []secboot_efi.Image{ -// &mockImage{ -// contents: []byte("mock shim executable"), -// digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), -// signatures: []*efi.WinCertificateAuthenticode{ -// efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), -// }, -// }, -// &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, -// &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, -// }, -// profileOpts: PCRProfileOptionsDefault, -// actions: []actionAndArgs{{action: ActionNone}}, -// expectedPcrAlg: tpm2.HashAlgorithmSHA256, -// }) -// c.Assert(errs, HasLen, 2) -// -// c.Check(errs[0], ErrorMatches, `error with TPM2 device: one or more of the TPM hierarchies is already owned: -//- TPM_RH_LOCKOUT has an authorization value -//`) -// c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindTPMHierarchiesOwned, &TPM2OwnedHierarchiesError{WithAuthValue: tpm2.HandleList{tpm2.HandleLockout}}, []Action{ActionRebootToFWSettings}, errs[0].Unwrap())) -// -// c.Check(errs[1], ErrorMatches, `error with secure boot policy \(PCR7\) measurements: deployed mode should be enabled in order to generate secure boot profiles`) -// c.Check(errs[1], DeepEquals, NewWithKindAndActionsError(ErrorKindInvalidSecureBootMode, nil, []Action{ActionRebootToFWSettings}, errs[1].Unwrap())) -//} - -// TODO: This is disabled temporarily until a follow-up PR which adds warnings to the returned errors -// if RunChecks is going to return one or more errors anyway. -//func (s *runChecksContextSuite) TestRunChecksBadEmptyPCRBankAndNoBootManagerCodeProfileSupport(c *C) { -// s.RequireAlgorithm(c, tpm2.AlgorithmSHA384) -// -// meiAttrs := map[string][]byte{ -// "fw_ver": []byte(`0:16.1.27.2176 -//0:16.1.27.2176 -//0:16.0.15.1624 -//`), -// "fw_status": []byte(`94000245 -//09F10506 -//00000020 -//00004000 -//00041F03 -//C7E003CB -//`), -// } -// devices := map[string][]internal_efi.SysfsDevice{ -// "iommu": []internal_efi.SysfsDevice{ -// efitest.NewMockSysfsDevice("dmar0", "/sys/devices/virtual/iommu/dmar0", "iommu", nil), -// efitest.NewMockSysfsDevice("dmar1", "/sys/devices/virtual/iommu/dmar1", "iommu", nil), -// }, -// "mei": []internal_efi.SysfsDevice{ -// efitest.NewMockSysfsDevice("mei0", "/sys/devices/pci0000:00/0000:00:16.0/mei/mei0", "mei", meiAttrs), -// }, -// } -// -// errs := s.testRun(c, &testRunChecksContextRunParams{ -// env: efitest.NewMockHostEnvironmentWithOpts( -// efitest.WithVirtMode(internal_efi.VirtModeNone, internal_efi.DetectVirtModeAll), -// efitest.WithTPMDevice(tpm2_testutil.NewTransportBackedDevice(s.Transport, false, 1)), -// efitest.WithLog(efitest.NewLog(c, &efitest.LogOptions{ -// Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, -// })), -// efitest.WithAMD64Environment("GenuineIntel", []uint64{cpuid.SDBG, cpuid.SMX}, 4, map[uint32]uint64{0x13a: (3 << 1), 0xc80: 0x40000000}), -// efitest.WithSysfsDevices(devices), -// efitest.WithMockVars(efitest.MockVars{ -// {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, -// {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, -// {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, -// {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, -// {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, -// {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, -// }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), -// ), -// tpmPropertyModifiers: map[tpm2.Property]uint32{ -// tpm2.PropertyNVCountersMax: 0, -// tpm2.PropertyPSFamilyIndicator: 1, -// tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), -// }, -// enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256, tpm2.HashAlgorithmSHA384}, -// loadedImages: []secboot_efi.Image{ -// &mockImage{ -// contents: []byte("mock shim executable"), -// digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), -// signatures: []*efi.WinCertificateAuthenticode{ -// efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), -// }, -// }, -// &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, -// }, -// profileOpts: PCRProfileOptionsDefault, -// actions: []actionAndArgs{{action: ActionNone}}, -// expectedPcrAlg: tpm2.HashAlgorithmSHA256, -// }) -// c.Assert(errs, HasLen, 2) -// -// c.Check(errs[0], ErrorMatches, `the PCR bank for TPM_ALG_SHA384 is missing from the TCG log but active and with one or more empty PCRs on the TPM`) -// c.Check(errs[0], DeepEquals, NewWithKindAndActionsError( -// ErrorKindEmptyPCRBanks, -// &EmptyPCRBanksError{Algs: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA384}}, -// []Action{ActionRebootToFWSettings, ActionContactOEM}, -// errs[0].Unwrap(), -// )) -// -// c.Check(errs[1], ErrorMatches, `error with boot manager code \(PCR4\) measurements: not all EV_EFI_BOOT_SERVICES_APPLICATION boot manager launch digests could be verified`) -// c.Check(errs[1], DeepEquals, NewWithKindAndActionsError(ErrorKindPCRUnusable, PCRUnusableArg(4), []Action{ActionContactOEM}, errs[1].Unwrap())) -//} +func (s *runChecksContextSuite) TestRunChecksBadTPMHierarchiesOwnedAndNoSecureBootPolicySupport(c *C) { + // Test case with more than one error. + meiAttrs := map[string][]byte{ + "fw_ver": []byte(`0:16.1.27.2176 +0:16.1.27.2176 +0:16.0.15.1624 +`), + "fw_status": []byte(`94000245 +09F10506 +00000020 +00004000 +00041F03 +C7E003CB +`), + } + devices := map[string][]internal_efi.SysfsDevice{ + "iommu": []internal_efi.SysfsDevice{ + efitest.NewMockSysfsDevice("dmar0", "/sys/devices/virtual/iommu/dmar0", "iommu", nil), + efitest.NewMockSysfsDevice("dmar1", "/sys/devices/virtual/iommu/dmar1", "iommu", nil), + }, + "mei": []internal_efi.SysfsDevice{ + efitest.NewMockSysfsDevice("mei0", "/sys/devices/pci0000:00/0000:00:16.0/mei/mei0", "mei", meiAttrs), + }, + } + + errs := s.testRun(c, &testRunChecksContextRunParams{ + env: efitest.NewMockHostEnvironmentWithOpts( + efitest.WithVirtMode(internal_efi.VirtModeNone, internal_efi.DetectVirtModeAll), + efitest.WithTPMDevice(tpm2_testutil.NewTransportBackedDevice(s.Transport, false, 1)), + efitest.WithLog(efitest.NewLog(c, &efitest.LogOptions{ + Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, + })), + efitest.WithAMD64Environment("GenuineIntel", []uint64{cpuid.SDBG, cpuid.SMX}, 4, map[uint32]uint64{0x13a: (3 << 1), 0xc80: 0x40000000}), + efitest.WithSysfsDevices(devices), + efitest.WithMockVars(efitest.MockVars{ + {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, + {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, + {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), + ), + tpmPropertyModifiers: map[tpm2.Property]uint32{ + tpm2.PropertyNVCountersMax: 0, + tpm2.PropertyPSFamilyIndicator: 1, + tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), + }, + enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, + prepare: func(_ int) { + c.Assert(s.TPM.HierarchyChangeAuth(s.TPM.LockoutHandleContext(), []byte{1, 2, 3, 4}, nil), IsNil) + }, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + profileOpts: PCRProfileOptionsDefault, + actions: []actionAndArgs{{action: ActionNone}}, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, + }) + c.Logf("%v", errs) + c.Assert(errs, HasLen, 5) + + c.Check(errs[0], ErrorMatches, `error with TPM2 device: one or more of the TPM hierarchies is already owned: +- TPM_RH_LOCKOUT has an authorization value +`) + c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindTPMHierarchiesOwned, &TPM2OwnedHierarchiesError{WithAuthValue: tpm2.HandleList{tpm2.HandleLockout}}, []Action{ActionRebootToFWSettings}, errs[0].Unwrap())) + + c.Check(errs[4], ErrorMatches, `error with secure boot policy \(PCR7\) measurements: deployed mode should be enabled in order to generate secure boot profiles`) + c.Check(errs[4], DeepEquals, NewWithKindAndActionsError(ErrorKindInvalidSecureBootMode, nil, []Action{ActionRebootToFWSettings}, errs[4].Unwrap())) +} + +func (s *runChecksContextSuite) TestRunChecksBadEmptyPCRBankAndNoBootManagerCodeProfileSupport(c *C) { + s.RequireAlgorithm(c, tpm2.AlgorithmSHA384) + + meiAttrs := map[string][]byte{ + "fw_ver": []byte(`0:16.1.27.2176 +0:16.1.27.2176 +0:16.0.15.1624 +`), + "fw_status": []byte(`94000245 +09F10506 +00000020 +00004000 +00041F03 +C7E003CB +`), + } + devices := map[string][]internal_efi.SysfsDevice{ + "iommu": []internal_efi.SysfsDevice{ + efitest.NewMockSysfsDevice("dmar0", "/sys/devices/virtual/iommu/dmar0", "iommu", nil), + efitest.NewMockSysfsDevice("dmar1", "/sys/devices/virtual/iommu/dmar1", "iommu", nil), + }, + "mei": []internal_efi.SysfsDevice{ + efitest.NewMockSysfsDevice("mei0", "/sys/devices/pci0000:00/0000:00:16.0/mei/mei0", "mei", meiAttrs), + }, + } + + errs := s.testRun(c, &testRunChecksContextRunParams{ + env: efitest.NewMockHostEnvironmentWithOpts( + efitest.WithVirtMode(internal_efi.VirtModeNone, internal_efi.DetectVirtModeAll), + efitest.WithTPMDevice(tpm2_testutil.NewTransportBackedDevice(s.Transport, false, 1)), + efitest.WithLog(efitest.NewLog(c, &efitest.LogOptions{ + Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, + })), + efitest.WithAMD64Environment("GenuineIntel", []uint64{cpuid.SDBG, cpuid.SMX}, 4, map[uint32]uint64{0x13a: (3 << 1), 0xc80: 0x40000000}), + efitest.WithSysfsDevices(devices), + efitest.WithMockVars(efitest.MockVars{ + {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, + {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, + {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), + ), + tpmPropertyModifiers: map[tpm2.Property]uint32{ + tpm2.PropertyNVCountersMax: 0, + tpm2.PropertyPSFamilyIndicator: 1, + tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), + }, + enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256, tpm2.HashAlgorithmSHA384}, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + }, + profileOpts: PCRProfileOptionsDefault, + actions: []actionAndArgs{{action: ActionNone}}, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, + }) + c.Assert(errs, HasLen, 6) + + c.Check(errs[0], ErrorMatches, `the PCR bank for TPM_ALG_SHA384 is missing from the TCG log but active and with one or more empty PCRs on the TPM`) + c.Check(errs[0], DeepEquals, NewWithKindAndActionsError( + ErrorKindEmptyPCRBanks, + &EmptyPCRBanksError{Algs: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA384}}, + []Action{ActionRebootToFWSettings, ActionContactOEM}, + errs[0].Unwrap(), + )) + + c.Check(errs[1], ErrorMatches, `error with boot manager code \(PCR4\) measurements: not all EV_EFI_BOOT_SERVICES_APPLICATION boot manager launch digests could be verified`) + c.Check(errs[1], DeepEquals, NewWithKindAndActionsError(ErrorKindPCRUnusable, PCRUnusableArg(4), []Action{ActionContactOEM}, errs[1].Unwrap())) +} func (s *runChecksContextSuite) TestRunChecksBadEmptyPCRBankAndNoKernelIOMMU(c *C) { s.RequireAlgorithm(c, tpm2.AlgorithmSHA384) @@ -3629,7 +3772,7 @@ C7E003CB {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, - {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x1}}, {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), @@ -3655,7 +3798,7 @@ C7E003CB actions: []actionAndArgs{{action: ActionNone}}, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Assert(errs, HasLen, 2) + c.Assert(errs, HasLen, 5) c.Check(errs[0], ErrorMatches, `the PCR bank for TPM_ALG_SHA384 is missing from the TCG log but active and with one or more empty PCRs on the TPM`) c.Check(errs[0], DeepEquals, NewWithKindAndActionsError(ErrorKindEmptyPCRBanks, &EmptyPCRBanksError{Algs: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA384}}, []Action{ActionRebootToFWSettings, ActionContactOEM}, errs[0].Unwrap())) diff --git a/efi/preinstall/checks_test.go b/efi/preinstall/checks_test.go index c126289a..24050fbe 100644 --- a/efi/preinstall/checks_test.go +++ b/efi/preinstall/checks_test.go @@ -2154,6 +2154,101 @@ func (s *runChecksSuite) TestRunChecksBadTPM2DeviceDisabled(c *C) { c.Check(errors.As(err, &te), testutil.IsTrue) } +func (s *runChecksSuite) TestRunChecksBadErrorsIncludeWarnings(c *C) { + // Have an explicit test case that demonstrate we return any warnings as + // errors in the case where we are returning errors anyway. + meiAttrs := map[string][]byte{ + "fw_ver": []byte(`0:16.1.27.2176 +0:16.1.27.2176 +0:16.0.15.1624 +`), + "fw_status": []byte(`94000245 +09F10506 +00000020 +00004000 +00041F03 +C7E003CB +`), + } + devices := map[string][]internal_efi.SysfsDevice{ + "iommu": []internal_efi.SysfsDevice{ + efitest.NewMockSysfsDevice("dmar0", "/sys/devices/virtual/iommu/dmar0", "iommu", nil), + efitest.NewMockSysfsDevice("dmar1", "/sys/devices/virtual/iommu/dmar1", "iommu", nil), + }, + "mei": []internal_efi.SysfsDevice{ + efitest.NewMockSysfsDevice("mei0", "/sys/devices/pci0000:00/0000:00:16.0/mei/mei0", "mei", meiAttrs), + }, + } + + _, err := s.testRunChecks(c, &testRunChecksParams{ + env: efitest.NewMockHostEnvironmentWithOpts( + efitest.WithVirtMode(internal_efi.VirtModeNone, internal_efi.DetectVirtModeAll), + efitest.WithTPMDevice(tpm2_testutil.NewTransportBackedDevice(s.Transport, false, 1)), + efitest.WithLog(efitest.NewLog(c, &efitest.LogOptions{Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}})), + efitest.WithAMD64Environment("GenuineIntel", []uint64{cpuid.SDBG, cpuid.SMX}, 4, map[uint32]uint64{0xc80: 0x40000000, 0x13a: (3 << 1)}), + efitest.WithSysfsDevices(devices), + efitest.WithMockVars(efitest.MockVars{ + {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, + {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, + {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x1}}, + {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), + ), + tpmPropertyModifiers: map[tpm2.Property]uint32{ + tpm2.PropertyNVCountersMax: 0, + tpm2.PropertyPSFamilyIndicator: 1, + tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), + }, + enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, + prepare: func() { + // Trip the DA logic by setting newMaxTries to 0 in order to generate an error + c.Assert(s.TPM.DictionaryAttackParameters(s.TPM.LockoutHandleContext(), 0, 10000, 10000, nil), IsNil) + + // Invalidate PCR0 in order to generate a warning because of the presence of + // PermitNoPlatformFirmwareProfileSupport. + _, err := s.TPM.PCREvent(s.TPM.PCRHandleContext(0), []byte("foo"), nil) + c.Check(err, IsNil) + }, + flags: PermitNoPlatformFirmwareProfileSupport | PermitNoPlatformConfigProfileSupport | PermitNoDriversAndAppsConfigProfileSupport | PermitNoBootManagerCodeProfileSupport | PermitNoBootManagerConfigProfileSupport | PermitNoSecureBootPolicyProfileSupport, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, + }) + c.Check(err, ErrorMatches, `5 errors detected: +- error with TPM2 device: TPM is in DA lockout mode +- error with platform firmware \(PCR0\) measurements: PCR value mismatch \(actual from TPM 0xe9995745ca25279ec699688b70488116fe4d9f053cb0991dd71e82e7edfa66b5, reconstructed from log 0xa6602a7a403068b5556e78cc3f5b00c9c76d33d514093ca9b584dce7590e6c69\) +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) + + var ce CompoundError + c.Assert(err, Implements, &ce) + ce = err.(CompoundError) + errs := ce.Unwrap() + c.Assert(errs, HasLen, 5) + + var te *TPM2DeviceError + c.Assert(errors.As(errs[0], &te), testutil.IsTrue) + c.Check(errors.Is(te, ErrTPMLockout), testutil.IsTrue) + + var pfe *PlatformFirmwarePCRError + c.Assert(errors.As(errs[1], &pfe), testutil.IsTrue) + var pme *PCRValueMismatchError + c.Check(errors.As(pfe, &pme), testutil.IsTrue) +} + func (s *runChecksSuite) TestRunChecksBadTPMOwnedHierarchiesAndLockedOut(c *C) { // Test case with more than TPM error. meiAttrs := map[string][]byte{ @@ -2186,6 +2281,14 @@ C7E003CB efitest.WithLog(efitest.NewLog(c, &efitest.LogOptions{Algorithms: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}})), efitest.WithAMD64Environment("GenuineIntel", []uint64{cpuid.SDBG, cpuid.SMX}, 4, map[uint32]uint64{0xc80: 0x40000000, 0x13a: (3 << 1)}), efitest.WithSysfsDevices(devices), + efitest.WithMockVars(efitest.MockVars{ + {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, + {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, + {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x1}}, + {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), ), tpmPropertyModifiers: map[tpm2.Property]uint32{ tpm2.PropertyNVCountersMax: 0, @@ -2200,19 +2303,34 @@ C7E003CB // Take ownership of the storage hierarchy s.HierarchyChangeAuth(c, tpm2.HandleOwner, []byte("1234")) }, - flags: PermitNoPlatformConfigProfileSupport | PermitNoDriversAndAppsConfigProfileSupport | PermitNoBootManagerCodeProfileSupport | PermitNoBootManagerConfigProfileSupport | PermitNoSecureBootPolicyProfileSupport, + flags: PermitNoPlatformConfigProfileSupport | PermitNoDriversAndAppsConfigProfileSupport | PermitNoBootManagerConfigProfileSupport, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `2 errors detected: + c.Check(err, ErrorMatches, `5 errors detected: - error with TPM2 device: one or more of the TPM hierarchies is already owned: - TPM_RH_OWNER has an authorization value - error with TPM2 device: TPM is in DA lockout mode +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet `) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 2) + c.Assert(errs, HasLen, 5) var te *TPM2DeviceError c.Assert(errors.As(errs[0], &te), testutil.IsTrue) @@ -2427,6 +2545,14 @@ C7E003CB })), efitest.WithAMD64Environment("GenuineIntel", []uint64{cpuid.SDBG, cpuid.SMX}, 4, map[uint32]uint64{0xc80: 0x40000000, 0x13a: (3 << 1)}), efitest.WithSysfsDevices(devices), + efitest.WithMockVars(efitest.MockVars{ + {Name: "AuditMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "BootCurrent", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x3, 0x0}}, + {Name: "BootOptionSupport", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x13, 0x03, 0x00, 0x00}}, + {Name: "DeployedMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeNonVolatile | efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x1}}, + {Name: "SetupMode", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x0}}, + {Name: "OsIndicationsSupported", GUID: efi.GlobalVariable}: &efitest.VarEntry{Attrs: efi.AttributeBootserviceAccess | efi.AttributeRuntimeAccess, Payload: []byte{0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, + }.SetSecureBoot(true).SetPK(c, efitest.NewSignatureListX509(c, snakeoilCert, efi.MakeGUID(0x03f66fa4, 0x5eee, 0x479c, 0xa408, [...]uint8{0xc4, 0xdc, 0x0a, 0x33, 0xfc, 0xde})))), ), tpmPropertyModifiers: map[tpm2.Property]uint32{ tpm2.PropertyNVCountersMax: 0, @@ -2434,18 +2560,34 @@ C7E003CB tpm2.PropertyManufacturer: uint32(tpm2.TPMManufacturerINTC), }, enabledBanks: []tpm2.HashAlgorithmId{tpm2.HashAlgorithmSHA256}, - flags: PermitNoPlatformConfigProfileSupport | PermitNoDriversAndAppsConfigProfileSupport | PermitNoBootManagerCodeProfileSupport | PermitNoBootManagerConfigProfileSupport | PermitNoSecureBootPolicyProfileSupport, + flags: PermitNoPlatformConfigProfileSupport | PermitNoDriversAndAppsConfigProfileSupport | PermitNoBootManagerConfigProfileSupport, + loadedImages: []secboot_efi.Image{ + &mockImage{ + contents: []byte("mock shim executable"), + digest: testutil.DecodeHexString(c, "25e1b08db2f31ff5f5d2ea53e1a1e8fda6e1d81af4f26a7908071f1dec8611b7"), + signatures: []*efi.WinCertificateAuthenticode{ + efitest.ReadWinCertificateAuthenticodeDetached(c, shimUbuntuSig4), + }, + }, + &mockImage{contents: []byte("mock grub executable"), digest: testutil.DecodeHexString(c, "d5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0")}, + &mockImage{contents: []byte("mock kernel executable"), digest: testutil.DecodeHexString(c, "2ddfbd91fa1698b0d133c38ba90dbba76c9e08371ff83d03b5fb4c2e56d7e81f")}, + }, + expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `2 errors detected: + c.Check(err, ErrorMatches, `6 errors detected: - error with system security: the platform firmware contains a debugging endpoint enabled - error with system security: no kernel IOMMU support was detected +- error with secure boot policy \(PCR7\) measurements: unexpected EV_EFI_ACTION event "UEFI Debug Mode" whilst measuring config +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet `) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 2) + c.Assert(errs, HasLen, 6) var hse *HostSecurityError c.Assert(errors.As(errs[0], &hse), testutil.IsTrue) @@ -2588,13 +2730,17 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet`) + c.Check(err, ErrorMatches, `3 errors detected: +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 3) var pce *PlatformConfigPCRError c.Check(errors.As(errs[0], &pce), testutil.IsTrue) @@ -2660,13 +2806,17 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet`) + c.Check(err, ErrorMatches, `3 errors detected: +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 3) var dce *DriversAndAppsConfigPCRError c.Check(errors.As(errs[0], &dce), testutil.IsTrue) @@ -2732,13 +2882,17 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet`) + c.Check(err, ErrorMatches, `3 errors detected: +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 3) var bmce *BootManagerConfigPCRError c.Check(errors.As(errs[0], &bmce), testutil.IsTrue) @@ -2807,13 +2961,18 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `value added retailer supplied drivers were detected to be running`) + c.Check(err, ErrorMatches, `4 errors detected: +- value added retailer supplied drivers were detected to be running +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errors.Is(errs[0], ErrVARSuppliedDriversPresent), testutil.IsTrue) } @@ -2881,13 +3040,18 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `system preparation applications were detected to be running`) + c.Check(err, ErrorMatches, `4 errors detected: +- system preparation applications were detected to be running +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errors.Is(errs[0], ErrSysPrepApplicationsPresent), testutil.IsTrue) } @@ -2955,13 +3119,18 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `Absolute was detected to be active and it is advised that this is disabled`) + c.Check(err, ErrorMatches, `4 errors detected: +- Absolute was detected to be active and it is advised that this is disabled +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errors.Is(errs[0], ErrAbsoluteComputraceActive), testutil.IsTrue) } @@ -3027,13 +3196,18 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `error with boot manager code \(PCR4\) measurements: not all EV_EFI_BOOT_SERVICES_APPLICATION boot manager launch digests could be verified`) + c.Check(err, ErrorMatches, `4 errors detected: +- error with boot manager code \(PCR4\) measurements: not all EV_EFI_BOOT_SERVICES_APPLICATION boot manager launch digests could be verified +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) var bme *BootManagerCodePCRError c.Assert(errors.As(errs[0], &bme), testutil.IsTrue) @@ -3104,16 +3278,19 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `2 errors detected: + c.Check(err, ErrorMatches, `5 errors detected: - a weak cryptographic algorithm was detected during secure boot verification - some pre-OS components were authenticated from the authorized signature database using an Authenticode digest +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet `) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 2) + c.Assert(errs, HasLen, 5) c.Check(errors.Is(errs[0], ErrWeakSecureBootAlgorithmDetected), testutil.IsTrue) c.Check(errors.Is(errs[1], ErrPreOSVerificationUsingDigests), testutil.IsTrue) @@ -3183,13 +3360,18 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `some pre-OS components were authenticated from the authorized signature database using an Authenticode digest`) + c.Check(err, ErrorMatches, `4 errors detected: +- some pre-OS components were authenticated from the authorized signature database using an Authenticode digest +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) c.Check(errors.Is(errs[0], ErrPreOSVerificationUsingDigests), testutil.IsTrue) } @@ -3259,13 +3441,18 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `error with boot manager code \(PCR4\) measurements: log contains unexpected EV_EFI_BOOT_SERVICES_APPLICATION digest for OS-present application mock image: log digest matches flat file digest \(0xd5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0\) which suggests an image loaded outside of the LoadImage API and firmware lacking support for the EFI_TCG2_PROTOCOL and\/or the PE_COFF_IMAGE flag`) + c.Check(err, ErrorMatches, `4 errors detected: +- error with boot manager code \(PCR4\) measurements: log contains unexpected EV_EFI_BOOT_SERVICES_APPLICATION digest for OS-present application mock image: log digest matches flat file digest \(0xd5a9780e9f6a43c2e53fe9fda547be77f7783f31aea8013783242b040ff21dc0\) which suggests an image loaded outside of the LoadImage API and firmware lacking support for the EFI_TCG2_PROTOCOL and\/or the PE_COFF_IMAGE flag +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) var bce *BootManagerCodePCRError c.Check(errors.As(errs[0], &bce), testutil.IsTrue) @@ -3331,13 +3518,18 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `error with secure boot policy \(PCR7\) measurements: deployed mode should be enabled in order to generate secure boot profiles`) + c.Check(err, ErrorMatches, `4 errors detected: +- error with secure boot policy \(PCR7\) measurements: deployed mode should be enabled in order to generate secure boot profiles +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) var sbe *SecureBootPolicyPCRError c.Assert(errors.As(errs[0], &sbe), testutil.IsTrue) @@ -3404,13 +3596,18 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `error with system security: access to the discrete TPM's startup locality is available to platform firmware and privileged OS code, preventing any mitigation against reset attacks`) + c.Check(err, ErrorMatches, `4 errors detected: +- error with system security: access to the discrete TPM's startup locality is available to platform firmware and privileged OS code, preventing any mitigation against reset attacks +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) var hse *HostSecurityError c.Assert(errors.As(errs[0], &hse), testutil.IsTrue) @@ -3480,13 +3677,18 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `error with system security: access to the discrete TPM's startup locality is available to platform firmware and privileged OS code, preventing any mitigation against reset attacks`) + c.Check(err, ErrorMatches, `4 errors detected: +- error with system security: access to the discrete TPM's startup locality is available to platform firmware and privileged OS code, preventing any mitigation against reset attacks +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) var hse *HostSecurityError c.Assert(errors.As(errs[0], &hse), testutil.IsTrue) @@ -3556,13 +3758,18 @@ C7E003CB }, expectedPcrAlg: tpm2.HashAlgorithmSHA256, }) - c.Check(err, ErrorMatches, `error with system security: access to the discrete TPM's startup locality is available to platform firmware and privileged OS code, preventing any mitigation against reset attacks`) + c.Check(err, ErrorMatches, `4 errors detected: +- error with system security: access to the discrete TPM's startup locality is available to platform firmware and privileged OS code, preventing any mitigation against reset attacks +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) var hse *HostSecurityError c.Assert(errors.As(errs[0], &hse), testutil.IsTrue) @@ -3631,13 +3838,18 @@ C7E003CB expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))}, expectedFlags: NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport, }) - c.Assert(err, ErrorMatches, `the PCR bank for TPM_ALG_SHA384 is missing from the TCG log but active and with one or more empty PCRs on the TPM`) + c.Assert(err, ErrorMatches, `4 errors detected: +- the PCR bank for TPM_ALG_SHA384 is missing from the TCG log but active and with one or more empty PCRs on the TPM +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet +`) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 1) + c.Assert(errs, HasLen, 4) var be *EmptyPCRBanksError c.Check(errors.As(errs[0], &be), testutil.IsTrue) @@ -3708,17 +3920,20 @@ C7E003CB expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))}, expectedFlags: NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport, }) - c.Assert(err, ErrorMatches, `2 errors detected: + c.Assert(err, ErrorMatches, `5 errors detected: - error with TPM2 device: one or more of the TPM hierarchies is already owned: - TPM_RH_LOCKOUT has an authorization value - error with secure boot policy \(PCR7\) measurements: deployed mode should be enabled in order to generate secure boot profiles +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet `) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 2) + c.Assert(errs, HasLen, 5) var te *TPM2DeviceError c.Assert(errors.As(errs[0], &te), testutil.IsTrue) @@ -3792,16 +4007,19 @@ C7E003CB expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))}, expectedFlags: NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport, }) - c.Assert(err, ErrorMatches, `2 errors detected: + c.Assert(err, ErrorMatches, `5 errors detected: - the PCR bank for TPM_ALG_SHA384 is missing from the TCG log but active and with one or more empty PCRs on the TPM - error with boot manager code \(PCR4\) measurements: not all EV_EFI_BOOT_SERVICES_APPLICATION boot manager launch digests could be verified +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet `) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 2) + c.Assert(errs, HasLen, 5) var be *EmptyPCRBanksError c.Check(errors.As(errs[0], &be), testutil.IsTrue) @@ -3871,16 +4089,19 @@ C7E003CB expectedUsedSecureBootCAs: []*X509CertificateID{NewX509CertificateID(testutil.ParseCertificate(c, msUefiCACert))}, expectedFlags: NoPlatformConfigProfileSupport | NoDriversAndAppsConfigProfileSupport | NoBootManagerConfigProfileSupport, }) - c.Assert(err, ErrorMatches, `2 errors detected: + c.Assert(err, ErrorMatches, `5 errors detected: - the PCR bank for TPM_ALG_SHA384 is missing from the TCG log but active and with one or more empty PCRs on the TPM - error with system security: no kernel IOMMU support was detected +- error with platform config \(PCR1\) measurements: generating profiles for PCR 1 is not supported yet +- error with drivers and apps config \(PCR3\) measurements: generating profiles for PCR 3 is not supported yet +- error with boot manager config \(PCR5\) measurements: generating profiles for PCR 5 is not supported yet `) var ce CompoundError c.Assert(err, Implements, &ce) ce = err.(CompoundError) errs := ce.Unwrap() - c.Assert(errs, HasLen, 2) + c.Assert(errs, HasLen, 5) var be *EmptyPCRBanksError c.Check(errors.As(errs[0], &be), testutil.IsTrue)