On 5/31/21 7:51 PM, Vincent Stehlé wrote:
On Thu, May 20, 2021 at 03:55:21PM +0100, Grant Likely wrote: ..
And I have a question about SCT's EBBR result (according to the EBBR-Testing-Guide). Recently my team ran the SCT on our board and got some failures. One of them was related to the Auth variable,
/opt/sct/SctPkg/TestCase/UEFI/EFI/RuntimeServices/VariableServices/BlackBoxTest/AuthVariableServicesBBTestFunction.c 635 Status - Invalid Parameter RT.SetVariable - Create one Time Base Auth Variable, the expect return status should be EFI_SUCCESS FAILURE
But I think U-Boot Auth Variable is not enabled unless UEFI secure boot is enabled. So other test cases are waived. But this specific test case failed.
guid: 008E18A5-C345-48AE-9134-61A692E30B87 set guid: 9338D0EC-807B-4750-986A-8F2A91BB3616
Easy answer here is to enable secure boot in U-Boot to get rid of these failures. I've added that option to the wiki
CONFIG_EFI_SECURE_BOOT=y
Vincent, this is something to discuss. Secure Boot is supported, but not required by SystemReady IR. Should we ignore failures when secure boot is disabled in the parsing script?
Hi Grant and Masami-san,
I think we should ignore all authenticated EFI variables related failures, as those are not required by EBBR.
See this sct parser EBBR.yaml config file[1], where I have added some rules to ignore authenticated EFI variables related failures.
We have in the EBBR a chapter "UEFI Secure Boot (Optional)". If we have bugs in authenticated EFI variables, we may not have secure boot.
What does the SystemReady IR certification require concerning secure boot?
Best regards
Heinrich
Masami-san, could you please try to re-parse your tests results with the updated config file? If the specific test you mentioned still results in FAILURE, would you please send us your tests results Summary.ekl? This would allow us to add the proper rule to the parser config file.
Thanks!
Best regards,
Vincent Stehlé System Architect - Arm