On Fri, Jul 03, 2020 at 02:10:36PM -0700, Blibbet wrote:
Can I use LuvOS to assess AARCH64 (ARM v8, Cortex A72) devices?
It appears Intel is no longer involved with their LUV project:
https://github.com/intel/luv-yocto/commit/10bda4cf7d64cd36cd282463a5e2b5a536...
The ARM port has not been active for a while, AFAICT.
Current AArch64 port of LUV does not include an ARM port of CHIPSEC, one of the main components needed to "asses" a system.
You might get some coverage on ARM using Microsoft Windows, their Defender AV product just got some UEFI support, presuming that code runs on Intel and AArch64, hoping the latter given that Windows now runs on AArch64. But this is no help for Linux community.
Regardless of LUV status, ask your AArch64 vendor what tool they use instead of CHIPSEC to asses the firmware security of that system. Note the blank state they give you in response, then consider if you should invest in a platform which does not provide adequate security tools.
Linaro: please consider porting CHIPSEC to AArch64. Fork it, if you don't want to deal with an Intel project, it is GPL-licensed. A few of the Intel-centric security tests should apply to UEFI security on ARM64. You don't need all of LUV, just CHIPSEC. Just focus on UEFI-centric CHIPSEC, not the Linux OS-present version, that adds a kernel driver to situation.
CHIPSEC and security automation aside, is there even a list of ARM-based platform security tests, for manual assessment (and to aid in ARM port of CHIPSEC) of AArch64 platform firmware?
ARM Vendors use this test suite based on luvOS.
https://github.com/ARM-software/sbsa-acs
Graeme