A LuvOS package delivered by Arm via this repo https://github.com/ARM-software/arm-enterprise-acs is run by Arm partners on their platforms to claim ServerReady (https://community.arm.com/developer/ip-products/processors/b/processors-ip-b...) compliance. I am not sure specifically what you want to assess using LuvOS, but if it is about checking SBBR compliance for UEFI FW or SBSA compliance for SoC hardware then you can use the guide in the repo that I shared to run LuvOS on your AArch64 platform. You'll find more info in the documentation.
Regards, Sakar -----Original Message----- From: Linaro-uefi linaro-uefi-bounces@lists.linaro.org On Behalf Of Graeme Gregory Sent: Saturday, July 4, 2020 6:54 PM To: Blibbet blibbet@gmail.com Cc: Narendra Jayram naren.jayram@gmail.com; linaro-uefi@lists.linaro.org Subject: Re: [Linaro-uefi] Enquiry: LuvOS
On Fri, Jul 03, 2020 at 02:10:36PM -0700, Blibbet wrote:
Can I use LuvOS to assess AARCH64 (ARM v8, Cortex A72) devices?
It appears Intel is no longer involved with their LUV project:
https://github.com/intel/luv-yocto/commit/10bda4cf7d64cd36cd282463a5e2 b5a536139fe9
The ARM port has not been active for a while, AFAICT.
Current AArch64 port of LUV does not include an ARM port of CHIPSEC, one of the main components needed to "asses" a system.
You might get some coverage on ARM using Microsoft Windows, their Defender AV product just got some UEFI support, presuming that code runs on Intel and AArch64, hoping the latter given that Windows now runs on AArch64. But this is no help for Linux community.
Regardless of LUV status, ask your AArch64 vendor what tool they use instead of CHIPSEC to asses the firmware security of that system. Note the blank state they give you in response, then consider if you should invest in a platform which does not provide adequate security tools.
Linaro: please consider porting CHIPSEC to AArch64. Fork it, if you don't want to deal with an Intel project, it is GPL-licensed. A few of the Intel-centric security tests should apply to UEFI security on ARM64. You don't need all of LUV, just CHIPSEC. Just focus on UEFI-centric CHIPSEC, not the Linux OS-present version, that adds a kernel driver to situation.
CHIPSEC and security automation aside, is there even a list of ARM-based platform security tests, for manual assessment (and to aid in ARM port of CHIPSEC) of AArch64 platform firmware?
ARM Vendors use this test suite based on luvOS.
https://github.com/ARM-software/sbsa-acs
Graeme
_______________________________________________ Linaro-uefi mailing list Linaro-uefi@lists.linaro.org https://lists.linaro.org/mailman/listinfo/linaro-uefi IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.