Sb key protection test

[miczyg1]

Addresses issue: Dasharo/dasharo-issues#1478

[miczyg1]

secure-boot.zip

Successfully run the tests on ODROID-H4. The protections work as expected.

[miczyg1]

It seems like the MSI platform doesn't want to work... Flashing failed.

[Ingo-Albrecht]

It seems like the MSI platform doesn't want to work... Flashing failed.

I get the following error on MSI 690 (just reporting, SPI write lock still enabled):

$ fwupdmgr get-devices
...
UEFI dbx:
Device ID:
Summary: UEFI revocation database
Current version: 20241101
Minimum Version: 20241101
Vendor: UEFI:Microsoft
Install Duration: 1 second
Update Error: Not enough efivarfs space, requested 30.7 kB and got 29.7 kB

Can it be linked?

[miczyg1]

It seems like the MSI platform doesn't want to work... Flashing failed.

I get the following error on MSI 690 (just reporting, SPI write lock still enabled):

$ fwupdmgr get-devices ... UEFI dbx: Device ID: Summary: UEFI revocation database Current version: 20241101 Minimum Version: 20241101 Vendor: UEFI:Microsoft Install Duration: 1 second Update Error: Not enough efivarfs space, requested 30.7 kB and got 29.7 kB

Can it be linked?

Your error seem to be related to overloaded UEFI variables region space. We use 64KB only, but for some reason you are attempting to write half of the space with some operation.

The error I am getting is from our infrastructre in laboratory which failed to flash the board remotely with external programmer.

[Ingo-Albrecht]

Your error seem to be related to overloaded UEFI variables region space. We use 64KB only, but for some reason you are attempting to write half of the space with some operation.

Ok, yes. It may have been borked due to an old fwupd, similar to fwupd/fwupd#8702. I tried to append the same Howyar's SysReturn dbx a while back.

[BeataZdunczyk]

@miczyg1 New tests also need to be added to the JSON file in the same PR. Please follow the OSFV test naming convention and update the IDs accordingly: https://github.com/Dasharo/open-source-firmware-validation/blob/develop/docs/adding-and-naming-test-cases.md

[miczyg1]

@miczyg1 New tests also need to be added to the JSON file in the same PR. Please follow the OSFV test naming convention and update the IDs accordingly: https://github.com/Dasharo/open-source-firmware-validation/blob/develop/docs/adding-and-naming-test-cases.md

Should be fixed now.

[miczyg1]

Scope regression fails because:

1. MSI seem to be bricked? Can't find prompt on serial it seems.
2. Basic platform setup failed on APU3 (at least the test with ansible). So the OS did not have efitools installed when my new tests were run, thus they failed. Also most of the SB tets fail, because the SB test data cannot be used on platform without PIKVM, or a plugged USB stick with the SB test data.